Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

You can solve that by adding https://192.168.0.72:444/nextcloud/ to your trusted domains to the nextcloud config.php file.

Sorry for replying late, but i wasnt here for quite a while.

Zitat von monsen

Sorry for replying late, but i wasnt here for quite a while.

No problem, it's a forum after all

Zitat von monsen

You can solve that by adding https://192.168.0.72:444/nextcloud/ to your trusted domains to the nextcloud config.php file.

Thanks! I allready tried it. I also added '192.168.0.*' to the trusted domains. Now I don't get the "Access throug untrusted domain" message any more. But the page doesn't load either.

But obviously something happens because the adress bar changes to https://192.168.0.72/nextcloud/login.

I guess the problem has something to do with the swag container or witch the config.php. Maybe I'll try to reup the container without den swag part.

Hello team I followed the tutorial to install nextcloud. I have access to the first nextcloud configuration page But I still get this error :

"Error while trying to create admin user: Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [1045] Access denied for user 'root'@'nextcloud.nextcloudapp_default' (using password: YES) "

I tried to do @gett's solution:

sudo docker exec -it nextclouddb bash

mysql -u root -p

MariaDB [(none)]> CREATE USER 'user' IDENTIFIED BY 'password';

CREATE DATABASE IF NOT EXISTS nextcloud;

GRANT ALL PRIVILEGES ON nextcloud.* TO 'user' IDENTIFIED BY 'password';

FLUSH PRIVILEGES;

exit

But I'm stuck after line 2 which asks me for the password of "root". Would someone be kind enough to tell me how to do it?

Hello.

I didn't experience such an issue...

But, to be sure, in the How-To is write:

Zitat von macom

Database password --> password which has been specified in the docker-compose file with MYSQL_ROOT_PASSWORD

so I think the password is the one you set in the docker-compose file.

Zitat von jobal

so I think the password is the one you set in the docker-compose file.

It is but you can't use special character's like @% and sort. They won't be parsed properly.

By following the solution to bash the mariaDb and set the password there, you can use whatever character's you want.

Zitat von Jweb60

But I'm stuck after line 2 which asks me for the password of "root". Would someone be kind enough to tell me how to do it?

As mentioned above, the root password needed when bashed to the mysql, is the one used on the YML but you can't have it with special characters.

Simplest way is to use a alpha-numeric password on the YML (aka, no special character's).

For eg:

- MYSQL_ROOT_PASSWORD=4lph4num3r1c

DO NOT USE:

- MYSQL_ROOT_PASSWORD=@£?pa$$w0r*

I am not using Nextcloud very often, but today it shows "This Nextcloud instance is currently in maintenance mode"  

Zitat von Nefertiti

I am not using Nextcloud very often, but today it shows "This Nextcloud instance is currently in maintenance mode"  

Maybe a bad update?!?

How are you running NC? Linuxserver container?

If yes, you can either bash to it and run a occ command to set it to off.

occ maintenance:mode --off

Using the occ command — Nextcloud latest Administration Manual latest documentation

Or, edit the config.php since it's a line there.

maintenance=true or similar.

If NC is AIO or any other different install method, then I don't know the proper steps.

You will also need to figure out why it stayed on maintenance mode.

Zitat von Soma

Or, edit the config.php since it's a line there.

maintenance=true or similar.

This worked perfect now how to update Nextcloud itself, I did update the app it also the log says?

───────────────────────────────────────

using keys found in /config/keys

**** The following active confs have different version dates than the samples that are shipped. ****

**** This may be due to user customization or an update to the samples. ****

**** You should compare the following files to the samples in the same folder and update them. ****

**** Use the link at the top of the file to view the changelog. ****

┌────────────┬────────────┬────────────────────────────────────────────────────────────────────────┐

│  old date  │  new date  │ path                                                                   │

├────────────┼────────────┼────────────────────────────────────────────────────────────────────────┤

│ 2021-10-24 │ 2023-04-13 │ /config/nginx/nginx.conf                                               │

│            │ 2024-01-03 │ /config/nginx/site-confs/default.conf                                  │

│ 2022-08-20 │ 2023-08-13 │ /config/nginx/ssl.conf                                                 │

└────────────┴────────────┴────────────────────────────────────────────────────────────────────────┘

[custom-init] No custom files found, skipping...

[ls.io-init] done.

I'll try my luck and add my issue here too...

I lately deployed Nextcloud based on the guide found here(on that forum), using the SWAG container.

When I deploy the nextcloud instance it get's a wrong certificate.
To deploy Nextcloud, I used the following config.

version: "2"
services:
  nextcloud:
    image: ghcr.io/linuxserver/nextcloud
    container_name: nextcloud2
    environment:
      - PUID=1000 #change PUID if needed
      - PGID=100  #change PGID if needed
      - TZ=Europe/Berlin #change Time Zone if needed
    volumes:
      - /srv/dev-disk-by-uuid-d64bb55b-f232-4780-b261-77311ca2d8e3/DMS/next/config:/config 
      - /srv/dev-disk-by-uuid-d64bb55b-f232-4780-b261-77311ca2d8e3/DMS/next/data:/data     
    depends_on:
      - mariadb
    ports: # uncomment this and the next line if you want to bypass the proxy
      - 8143:443
    restart: unless-stopped
  mariadb:
    image: ghcr.io/linuxserver/mariadb
    container_name: nextclouddb2
    environment:
      - PUID=1000 #change PUID if needed
      - PGID=100  #change PGID if needed
      - MYSQL_ROOT_PASSWORD=#password  #change password
      - TZ=Europe/Berlin #Change Time Zone if needed
    volumes:
      - /srv/dev-disk-by-uuid-d64bb55b-f232-4780-b261-77311ca2d8e3/DMS/next/db:/config   
    restart: unless-stopped
  swag:
    image: linuxserver/swag         #swag is the replacement for letsencrypt (see link below)
    container_name: swag2
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000 #change PUID if needed
      - PGID=100  #change PGID if needed
      - TZ=Europe/Berlin # change Time Zone if needed
      - URL=dms.thbcloud.de #insert your domain name - yourdomain.url
      - SUBDOMAINS=www,
      - VALIDATION=http
      - EMAIL=xxx.yyy@provider.com # define email; required to renew certificate
    volumes:
      - /srv/dev-disk-by-uuid-d64bb55b-f232-4780-b261-77311ca2d8e3/DMS/next/swag:/config  
    ports:
      - 447:443
      - 82:80
    restart: unless-stopped

Now I like to replace that certificate(see attached pictures) against a one with the correct public dns name.
I tried look into the swag container and trying to change the certificate there but using "CERTBOT" does seem to know that certificate that has been enrolled...

I already tried reading through all the existing articles... for now couldn't really find a proper solution...

So I hope somebody can help me on that.

Thanks!

Thanks macom.

that helped somewhat already.

I also found that letsencrypt looks for the DNS A entry for that domain... so I had to solve that issue too

Account registered.
Requesting a certificate for thbcloud.de and dms.thbcloud.de
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/thbcloud.de/fullchain.pem
Key is saved at: /etc/letsencrypt/live/thbcloud.de/privkey.pem
This certificate expires on 2024-04-15.
These files will be updated when the certificate renews.

So that now looks good.
But if I now access my Nextcloud server(and I really connect to the nextcloud container) it still has the wrong certificate.

I read somewhere that there is an reverse proxy on that SWAG container that I maybe would have to use to connect to nextcloud... but do I still have to configure that or does it work out of the box...?

Thanks!

Zitat von Chavell3

But if I now access my Nextcloud server(and I really connect to the nextcloud container) it still has the wrong certificate.

I read somewhere that there is an reverse proxy on that SWAG container that I maybe would have to use to connect to nextcloud... but do I still have to configure that or does it work out of the box...?

Add nextcloud to the SUBDOMAINS

- SUBDOMAINS=www,dms,nextcloud 

Make sure you create an DNS A entry on your domain for nextcloud.

Hi Soma,

okay, but container do I need to access the swag container or the nextcloud?

And are "www" and "nextcloud" mandatory subdomains to make it work?

Thanks.

Zitat von Chavell3

but container do I need to access the swag container

It's explained on the guide: SWAG part.

Zitat von Chavell3

And are "www" and "nextcloud" mandatory subdomains to make it work?

Nextcloud, yes

www no

Not sure if I'm right here, please just move this post if it doesn't belong.

I've Nextcloud + Swag set up and so far I was on NC 25.0.13. Since it's officially unsupported (and I was maybe too update-eager) I wanted to upgrade to NC 28.

I followed this approach, i.e. I pulled the latest NC image and re-deployed the container with it. Obviously I forgot that NC cannot skip major versions

So the new container was not working and my idea was now to go back to the old version and then go through the major releases iteratively. However, after deploying the copy of my backup image and overwriting the config folder with my backup config folder, I receive the following backend error:

nginx: [emerg] duplicate upstream "php-handler" in /config/nginx/site-confs/default.conf:1

On the front end this is a "502 bad gateway". When I comment out the respective lines in default.conf, the container starts, gives me some warnings ("nginx: [warn] conflicting server name "_" on 0.0.0.0:80, ignored"), but the front end shows 404.

The question is now: How to proceed? Does it make sense to fix the container at all and if yes, how can it be fixed? Or would it be simpler to switch to NC AIO?

Looking forward to your ideas and opinions, thanks

Ok since I need to find a solution rather quickly I went ahead with trying to install NC AIO by following this, deciding for the "with proxy" variant and ultimately using that.

What a mess....! If I had realized that installing the docker-compose plugin would destroy Portainer, I would've never done it. So Portainer is gone and it seems I can't bring it back (this does not work, there is no Portainer container running anymore and I don't have a directory with the Portainer data).

Anyway, also going ahead does not work, because NPM just gives me an "internal error" without any explanation when I try to create a proxy host:

Container log:

[1/22/2024] [12:01:44 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -t -g "error_log off;"
[1/22/2024] [12:01:44 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[1/22/2024] [12:01:44 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -s reload
[1/22/2024] [12:01:50 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #4: <DOMAIN_ANONYMIZED>
[1/22/2024] [12:01:50 PM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-4" --agree-tos --authenticator webroot --email "<MAIL_ANONYMIZED>" --preferred-challenges "dns,http" --domains "<DOMAIN_ANONYMIZED>" 
[1/22/2024] [12:01:50 PM] [Global   ] › ⬤  debug     CMD: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-4" --agree-tos --authenticator webroot --email "<MAIL_ANONYMIZED>" --preferred-challenges "dns,http" --domains "<DOMAIN_ANONYMIZED>" 
[1/22/2024] [12:01:54 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/temp/letsencrypt_4.conf
[1/22/2024] [12:01:54 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -t -g "error_log off;"
[1/22/2024] [12:01:54 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[1/22/2024] [12:01:54 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -s reload
[1/22/2024] [12:01:54 PM] [Express  ] › ⚠  warning   Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

And the letsencrypt.log:

I'm getting desperate. Could someone please help?