Nextcloud with Letsencrypt using OMV and docker-compose - Q&A
-
- OMV 5.x
- WastlJ
-
-
Hi,
Not sure why this keeps happening but my SWAG docker has been getting this error
i am in he folder but im not sue what im looking for?
Edit the file to comment the "proxy-redirect" part:
nano nextcloud.subfolder.conf and then put a # in front of that line.
Codeproxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; # proxy_redirect off; <<<--- Commented or DELETE it completly proxy_ssl_session_reuse off; }
Then docker restart swag
-
Hello:
I have been following this thread for about a month in an attempt to get nextcloud up and running using duckdns.
At this point I can get to the nextcloud screen only if I enter: https://myomvip:443/nextcloud..
However, I receive a forbidden message blocking me from accessing nextcloud when I enter: https://mydomain.duckdns.org/nextcloud.
I suspect there is something in my php file that needs to be changed:
PHP
Alles anzeigen<?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'trusted_proxies' => array ( 0 => 'swag', ), 'overwritewebroot' => '/nextcloud', 'overwrite.cli.url' => 'https://mydomain.duckdns.org/nextcloud', 'trusted_domains' => array ( 0 => 'https://myomvip:443', 1 => 'mydomain.duckdns.org', ), 'instanceid' => 'ocpaczb7npq1', );
Any suggestions? thanks.
-
Small NOTICE for those running Nextcloud with "subfolder" (NOT subdomain) access:
linuxserver made some changes to the "nextcloud.subfolder.conf.sample".
If no edits were done to the original, to update the the file, you'll need to delete your conf and restart SWAG and then rename the new sample.
rm -f ...swag/config/nginx/proxy-confs/nextcloud.subfolder.conf
docker restart swag (you'll lose access to NC but SWAG will download the new sample)
cp ...swag/config/nginx/proxy-confs/nextcloud.subfolder.conf.sample ...swag/config/nginx/proxy-confs/nextcloud.subfolder.conf
docker restart swag
docker logs -f swag (check that no errors occur and see if you regain access to NC)
Done
If you previously edited the file, you'll need to redo those edits (take notes of them before deleting the file).
Apply those edits the the new file after doing the above update.
-
Hi,
Very random question, whilst doing a few things i noticed my SWAG container had these lives in it
CodeStarting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,, and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key.
Do i need to do this?
-
Hi,
Very random question, whilst doing a few things i noticed my SWAG container had these lives in it
CodeStarting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,, and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key.
Do i need to do this?
I personally never have.
-
-
I personally never have.
In that case I will leave it as it is
-
In that case I will leave it as it is
There may be a reason that I'm not aware of, but from reading that link, it didn't seem like something I needed or was interested in
-
Hello:
I have been following this thread for about a month in an attempt to get nextcloud up and running using duckdns.
At this point I can get to the nextcloud screen only if I enter: https://myomvip:443/nextcloud..
However, I receive a forbidden message blocking me from accessing nextcloud when I enter: https://mydomain.duckdns.org/nextcloud.
I suspect there is something in my php file that needs to be changed:
PHP
Alles anzeigen<?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'trusted_proxies' => array ( 0 => 'swag', ), 'overwritewebroot' => '/nextcloud', 'overwrite.cli.url' => 'https://mydomain.duckdns.org/nextcloud', 'trusted_domains' => array ( 0 => 'https://myomvip:443', 1 => 'mydomain.duckdns.org', ), 'instanceid' => 'ocpaczb7npq1', );
Any suggestions? thanks.
If you followed the guide from macom , the port that you use on the #13 is 450 (https://LANomvIP:450)
Beeing blocked by external access means your SWAG/duckDNS config is not OK.
Post your YML here, hiding sensible data, so to have a better idea of where it's failing.
Also the output of the logs can help:
docker logs -f swag
docker logs -f nextcloud
hello everyone !
i have been using nextcloud for a couple of years with no problems until i updated not knowing that you can't jump versions...
so i had to reinstall everything, unfortunately my previous method explained by DBtech is no longer working, so i have been following this guide.
the only problem is that i would like to access my nextcloud directly without a subdomain or a subfolder, as in directly go to https://example.duckdns.org instead of something like https://nextcloud.example.duckdns.org.
that's how it was working before but it was using letsencrypt instead of swag i don't know if that makes a difference.
this is my what i tried but unfortunately i still have the welcome to your swag site page instead of nextcloud
PHP
Alles anzeigen<?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'trusted_proxies' => array ( 0 => 'swag', ), 'overwritehost' => 'vexample.duckdns.org', 'overwrite.cli.url' => 'https://example.duckdns.org', 'overwriteprotocol' => 'https', 'trusted_domains' => array ( 0 => 'example.duckdns.org:443', ), 'instanceid' => 'example', 'passwordsalt' => 'example', 'secret' => 'example', 'dbtype' => 'mysql', 'version' => '22.0.0.11', 'dbname' => 'nd', 'dbhost' => 'db', 'dbport' => '', 'dbtableprefix' => 'oc_', );
The same as above, your YML will help.
-
Soma:
I started over using the two part method in this post by KM0201. I am using Duckdns. I can log into Nextcloud after deploying the Nextcloud portion of KM0201's guide.
However, when I proceed to the second portion to set up swag, I cannot reach the swag park page when I navigate to https://www,mysubdomain.duckdns.org. When I navigate to that page I receive the following message:
Forbidden
Your client does not have permission to get this page from this server.
I can reach the swag park page when I navigate to https://myomvip:444.
For this go round, I have stopped at this point and not moved on to the other steps to configure the reverse proxy given that I should be able to reach swag from https://www,mysubdomain.duckdns.org first.
My ymls and log files are below. What does the following language mean in the swag log?:
Codethe resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org
Thanks for responding.
Nextcloud yml:
Code
Alles anzeigenversion: "2" services: nextcloud: image: ghcr.io/linuxserver/nextcloud:latest container_name: nextcloud ##network_mode: swag_default environment: - PUID=1000 - PGID=100 - TZ=America/New_York volumes: - /srv/dev-disk-by-uuid-657a3aee-bb5a-409e-9013-32767927c626/appdata/nextcloud/config:/config - /srv/dev-disk-by-uuid-657a3aee-bb5a-409e-9013-32767927c626/appdata/nextcloud/data:/data depends_on: - mariadb ports: - 450:443 restart: unless-stopped mariadb: image: ghcr.io/linuxserver/mariadb:latest container_name: mariadb ##network_mode: swag_default environment: - PUID=1000 - PGID=100 - MYSQL_ROOT_PASSWORD=PRIVATE - TZ=America/New_York volumes: - /srv/dev-disk-by-uuid-657a3aee-bb5a-409e-9013-32767927c626/appdata/mariadb/config:/config restart: unless-stopped
Swag yml:
Code
Alles anzeigenversion: "2.2" services: swag: image: ghcr.io/linuxserver/swag container_name: swag cap_add: - NET_ADMIN environment: - PUID=1000 - PGID=100 - TZ=America/New_York - URL=PRIVATE.duckdns.org - DUCKDNSTOKEN=PRIVATE - SUBDOMAINS=wildcard - VALIDATION=duckdns - EMAIL=PRIVATE - CERTPROVIDER=zerossl volumes: - /srv/dev-disk-by-uuid-657a3aee-bb5a-409e-9013-32767927c626/appdata/swag:/config ports: - 444:443 - 81:80 restart: unless-stopped
Nextcloud log:
Code
Alles anzeigen[cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 40-config: executing... [cont-init.d] 40-config: exited 0. [cont-init.d] 50-install: executing... [cont-init.d] 50-install: exited 0. [cont-init.d] 60-memcache: executing... [cont-init.d] 60-memcache: exited 0. [cont-init.d] 70-aliases: executing... [cont-init.d] 70-aliases: exited 0. [cont-init.d] 90-custom-folders: executing... [cont-init.d] 90-custom-folders: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. running maintenance(1) running maintenance(2) running maintenance(1) running maintenance(1) running maintenance(2) running maintenance(1) running maintenance(1) running maintenance(2) running maintenance(1) running maintenance(1) running maintenance(2) running maintenance(1) running maintenance(1) running maintenance(2) running maintenance(1) running maintenance(1) running maintenance(2) running maintenance(1) [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] waiting for services. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io ------------------------------------- To support LSIO projects visit: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 1000 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 40-config: executing... [cont-init.d] 40-config: exited 0. [cont-init.d] 50-install: executing... [cont-init.d] 50-install: exited 0. [cont-init.d] 60-memcache: executing... [cont-init.d] 60-memcache: exited 0. [cont-init.d] 70-aliases: executing... [cont-init.d] 70-aliases: exited 0. [cont-init.d] 90-custom-folders: executing... [cont-init.d] 90-custom-folders: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. running maintenance(3) running maintenance(1)
swag log:
Code
Alles anzeigenand add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key. [cont-init.d] 50-config: exited 0. [cont-init.d] 60-renew: executing... The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [cont-init.d] 60-renew: exited 0. [cont-init.d] 70-templates: executing... [cont-init.d] 70-templates: exited 0. [cont-init.d] 90-custom-folders: executing... [cont-init.d] 90-custom-folders: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] waiting for services. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io ------------------------------------- To support the app dev(s) visit: Certbot: https://supporters.eff.org/donate/support-work-on-certbot To support LSIO projects visit: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 1000 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: 0 PGID=100 TZ=America/New_York URL=xxxxx.duckdns.org SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=false VALIDATION=duckdns CERTPROVIDER=zerossl DNSPLUGIN= EMAIL=xxxxx@verizon.net STAGING= ZeroSSL is selected as the cert provider, registering cert with xxxxxx@verizon.net SUBDOMAINS entered, processing Wildcard cert for xxxxx.duckdns.org will be requested E-mail address entered: xxxx@verizon.net duckdns validation is selected the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org Certificate exists; parameters unchanged; starting nginx Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind, and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key. [cont-init.d] 50-config: exited 0. [cont-init.d] 60-renew: executing... The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [cont-init.d] 60-renew: exited 0. [cont-init.d] 70-templates: executing... [cont-init.d] 70-templates: exited 0. [cont-init.d] 90-custom-folders: executing... [cont-init.d] 90-custom-folders: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready
-
Edit: Nevermind... I misread the prolem.
I'm getting ready for work.. I"ll try to take a look at this in a bit.
-
It'll be a bit before I can look at it, but can you post your nextcloud config.php file.
I suspect it is not set up properly. I haven't tested those instructions in a while but they should still 100% work, as it's a pretty basic setup. It also sounds likely that swag is not getting a key, so check your port forwarding is right as well
-
-
Thanks KM0201. I have been able to access Nextcloud outside of my lan, using a subfolder configuration so I believe my port forwarding is correct: 443 to 444 and 80 to 81.
config .php:
PHP
Alles anzeigen<?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oc79s3lo5lkb', 'passwordsalt' => 'lW72x9Q+/s7T2n5B5j9XSo0iwAHnaD', 'secret' => 'YXNLzZ8GRYu3yN/JL3kZ1jhSpM+j1ysNW3L4tKcld4BLyiDw', 'trusted_domains' => array ( 0 => '192.168.1.196:450', ), 'dbtype' => 'mysql', 'version' => '22.0.0.11', 'overwrite.cli.url' => 'https://192.168.1.196:450', 'dbname' => 'nextcloud', 'dbhost' => 'mariadb', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'oc_admin', 'dbpassword' => 'xJVd694XF9d0XfNtUF9NJKwLcqECv4', 'installed' => true, );
-
Thanks KM0201. I have been able to access Nextcloud outside of my lan, using a subfolder configuration so I believe my port forwarding is correct: 443 to 444 and 80 to 81.
config .php:
PHP
Alles anzeigen<?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oc79s3lo5lkb', 'passwordsalt' => 'lW72x9Q+/s7T2n5B5j9XSo0iwAHnaD', 'secret' => 'YXNLzZ8GRYu3yN/JL3kZ1jhSpM+j1ysNW3L4tKcld4BLyiDw', 'trusted_domains' => array ( 0 => '192.168.1.196:450', ), 'dbtype' => 'mysql', 'version' => '22.0.0.11', 'overwrite.cli.url' => 'https://192.168.1.196:450', 'dbname' => 'nextcloud', 'dbhost' => 'mariadb', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'oc_admin', 'dbpassword' => 'xJVd694XF9d0XfNtUF9NJKwLcqECv4', 'installed' => true, );
If that is your nextcloud config.php.... No it's not even close to right. I went over this in pretty detailed fashion in that write up and even posted an example of one that is right.. You need to read it again
And as said above, your network isn't right if that is your nextcloud stack.
-
KM0201, I stopped at step 11 in the instructions where it says:
11. When your key is successfully received, you can navigate to https://www.YOUR-SUBDOMAIN.duckdns.org and you should see the swag park page secured with SSL (padlock by the URL). This tells you the reverse proxy is set up properly. Now, we simply need to route nextcloud through the swag container. Note: If you have made several failed attempts to get a key, and the log throws an error that it could not retrieve a key due to to many attempts, see this post for a simple fix, then redeploy the stack.
I get a "Forbidden" message when I navigate to https://www.mysubdomain.duckdns.org, I do not see the swag park page. I did not go further than step 11. In other words, I did not remove the ".sample" from the .conf file in the swag nginx folder or edit the nextcloud .php file.
From the logs, it appears that a certificate was issued. How can you tell whether swag is getting a key?
-
Ah ok. Gimme a bit.
-
This shouldn't be an issue... but what happens if you go to https://YOUR-SUBDOMAIN.duckdns.org
Do you get the park page?
-
I have at this point removed the .conf and edited the .php.file, but when I enter mysubdomain.duckdns.org I reach the OMV admin login page. I reach the swag park page only when I got to https://myomvip:444.
My edited .php:
PHP
Alles anzeigen<?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oc79s3lo5lkb', 'passwordsalt' => 'lW72x9Q+/s7T2n5B5j9XSo0iwAHnaD', 'secret' => 'YXNLzZ8GRYu3yN/JL3kZ1jhSpM+j1ysNW3L4tKcld4BLyiDw', 'trusted_domains' => array ( 0 => '192.168.1.196:450', 1 => 'nextcloud.xxxx.duckdns.org', ), 'dbtype' => 'mysql', 'version' => '22.0.0.11', 'overwrite.cli.url' => 'https://nextcloud.xxxx.duckdns.org', 'overwritehost' => 'nextcloud.xxxx.duckdns.org', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => 'mariadb', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'oc_admin', 'dbpassword' => 'xJVd694XF9d0XfNtUF9NJKwLcqECv4', 'installed' => true, );
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!