Problems installing Nextcloud + Let's Encrypt

  • Alright. Here we are again. It's been such a hassle to install Nextcloud together with Let's Encrypt...


    I successfully installed Nextcloud and MariaDB using the TDL video instruction.
    I got DuckDNS running successfully. (For instance, I made a Port Forwarding for my Jellyfin on 8096.)
    I managed to create the Let's Encrypt Certificates.


    But I am stuck from there. When I visit my [domain1].duckdns.org, Chromium errors: ERR_CONNECTION_REFUSED.


    I will show all the steps I proceeded and hope someone can help me.


    I run OMV on a RockPro64 (4GB RAM).
    OMV version 4.1.25-1 (Arrakis)
    Kernel: Linux 4.4.167-1213-rockchip-ayufan-g34ae07687fce
    Processor: ARMv8 Processor rev 2 (v8l)


    -- installing DuckDNS --
    linuxserver/duckdns


    # Container name
    duckdns


    # Restart Policy
    always


    # Environment variables
    PUID = 1000
    PGID = 100
    TZ = Europe/Amsterdam
    SUBDOMAINS = [domain1],[domain2],[domain3],[domain4],[domain5]
    TOKEN = [duckdnstoken]


    -- Setting Port Forwarding on the router --
    TCP/UDP
    80 -> 90
    [local_server_ip]


    TCP/UDP
    443 -> 450
    [local_server_ip]


    -- Add '#' in front of bind-address=0.0.0.0 at /sharedfolders/AppData/Nextclouddb/custom.cnf --


    -- Creating lets-net docker network in ssh --
    ~# docker network create lets-net


    -- Making changes to Nextcloud container --
    ~# docker network connect lets-net nextcloud


    -- installing Let's Encrypt docker image --
    # Container name
    letsencrypt


    # Restart Policy
    always


    # Port forwarding
    Host Port
    450
    Exposed Port
    443/tcp


    Host Port
    90
    Exposed Port
    80


    # Environment variables
    PUID = 1000
    PGID = 100
    EMAIL = [mailaddress]
    URL = duckdns.org
    SUBDOMAINS = [domain1],[domain2],[domain3],[domain4],[domain5]
    VALIDATION = http
    TZ = [my_TZ]
    ONLY_SUBDOMAINS = true


    # Volumes and Bind mounts
    Host path
    /sharedfolders/AppData/Letsencrypt
    Container path
    /config


    # Extra arguments
    --cap-add=NET_ADMIN


    -- Connect letsencrypt to lets-net network --
    docker network connect lets-net letsencrypt


    -- Change /sharedfolders/AppData/Letsencrypt/nginx/proxy-confs/nextcloud.-subdomain.conf --


    -- restart Nextcloud container --


    -- Change /sharedfolders/AppData/Nextcloud/www/nextcloud/config/config.php --


    -- restart letsencrypt container



    So, my simple question is: where did I go wrong? What am I missing out on?

    I run OMV on a RockPro64 (4GB RAM).
    OMV version 4.1.23-1 (Arrakis)
    Kernel: Linux 4.4.167-1213-rockchip-ayufan-g34ae07687fce
    Processor: ARMv8 Processor rev 2 (v8l)

  • Zitat

    /sharedfolders/AppData/Letsencrypt/nginx/proxy-confs/nextcloud.-subdomain.conf

    is the"-" in "-subdomain" a typo? Otherwise delete it and restart the letsencrypt container. Also try changing proxy_max_temp_file_size 2048m; to proxy_max_temp_file_size 1024m;

  • Thanks for the reply!


    For some reason my filebrowser showed me the '-'. But it is not there.


    Also, when I change the file size to 1024 I get an error in the docker log.

    Code
    nginx: [emerg] PEM_read_bio_DHparams("/config/nginx/dhparams.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: DH PARAMETERS)

    After changing it back to 2048 I still get errors :) . (Line 29 is as you can see the line whereon the filesize is set)

    Code
    nginx: [emerg] "proxy_max_temp_file_size" directive invalid value in /config/nginx/proxy-confs/nextcloud.subdomain.conf:29


    So... This did not change much.

    I run OMV on a RockPro64 (4GB RAM).
    OMV version 4.1.23-1 (Arrakis)
    Kernel: Linux 4.4.167-1213-rockchip-ayufan-g34ae07687fce
    Processor: ARMv8 Processor rev 2 (v8l)

  • My thoughts on your post:


    -After changing things in AppData/Letsencrypt/ you should restart letsencrypt, not nextcloud and vice versa.


    - Try removing all the subdomains and test it with only one. I dont know why yet, but I also ran into such confusing errors using 5 subdomains. As soon as I am using only 1 it works. Coulld not point out the reason so far.


    - You could try out this docker compose way from macoms tutorial. Just to try out different ways as long as yours dont work.
    https://forum.openmediavault.o…g-OMV-and-docker-compose/



    - By the way you should remove the port forwarding for nextcloud. That is simply not needed (Containers talk via your custom net) and it breaks the isolation of nextcloud container. So anyone who made it to get into your lan can bypass the reverse proxy. It is a security issue and I am actually wondering why people do that. (You have to put mariadb in to the same custom network and remove its port forwarding as well. In the nextcloud config the db host name is then the container name e.g. 'mariadb')

  • - You could try out this docker compose way from macoms tutorial. Just to try out different ways as long as yours dont work.
    forum.openmediavault.org/index…g-OMV-and-docker-compose/

    Hi, I am trying to get things going with the Docker compose file. I do have to say that I've never been closer to a successful set up then at the moment. But I still am not able to get it running as expected. In docker logs -f letsencrypt I get the following error:


    This is really strange... Now when I visit http://[domain.tld] or http://[public_ip] the address in the browser is changed to https://_ . When I go to https://[domain.tld] or https://[public_ip] I get an certification warning, when I choose to go on I enter Nextcloud. This is the situation wherein i have enabled port forwarding on my router.


    When I disable port forwarding on my router both the http and the https of my domain and public_ip send me to the login page of my router. When I try to run the docker-compose again, docker logs -f letsencrypt returns another error:



    This is the docker-compose that I use:


    The A-type column of the DNS is referring to the public IP of my server.


    The port forwarding is (when on) set up like this:


    Code
    Trigger Start Port : 80 [/ 443]
    End Port : 80 [/ 443]
    Translation Start Port : 90 [/ 450]
    Translation End Port : 90 [/ 450]
    Server IP Address : 192.168.1.2
    Protocol : TCP/UDP



    BTW I did not make a docker1 user, just using the standard user.



    Does this make any sense?

    I run OMV on a RockPro64 (4GB RAM).
    OMV version 4.1.23-1 (Arrakis)
    Kernel: Linux 4.4.167-1213-rockchip-ayufan-g34ae07687fce
    Processor: ARMv8 Processor rev 2 (v8l)

    Einmal editiert, zuletzt von kromsam ()

  • You redirected the ports to your nextcloud container and not the letsencrypt container change the ports (@macoms guide does it in reverse to tdl guide).
    In summary your router ports need to be redirected 80 -> 81 / 443 -> 444

  • Thanks for the hint! Now I got it running. For anyone that has been bumping their head to the wall for some time trying to get this running, maybe try this approach!


    (One more question: should I worry about the alerts and error messages about LuaJIT?)



    I changed the router ports to what you have proposed. Now when I rerun the docker-compose, this is what docker logs -f letsencrypt returns:


    Now when I visit https://www.[domain.tld], it gives me the 'Welcome to our server' notice.


    This is the docker-compose file I use. (Removed the NC port forwarding).

    docker-compose up -d && docker logs -f letsencrypt
    cd /sharedfolders/AppData/Letsencrypt/nginx/proxy-confs
    cp nextcloud.subdomain.conf.sample nextcloud.subdomain.conf
    nano nextcloud.subdomain.conf
    I changed line 19 into:
      server_name cloud.*;
    cd /sharedfolders/AppData/Nextcloud/www/nextcloud/config
    nano config.php


    I found it like this:


    PHP
    <?php
    $CONFIG = array (
      'memcache.local' => '\OC\Memcache\APCu',
      'datadirectory' => '/data',
      );

    And left it like this:


    docker restart letsencrypt && docker logs -f letsencrypt




    and then the nginx: [emerg] "proxy_max_temp_file_size" directive invalid value in /config/nginx/proxy-confs/nextcloud.subdomain.conf:29 error just endlessy repeats.


    ^ C


    docker restart nextcloud


    When I visit https://domain.tld now I get an error: ERR_CONNECTION_REFUSED.


    Now I try to get rid of the max file size error.
    nano /sharedfolders/AppData/Letsencrypt/nginx/proxy-confs/nextcloud.subdomain.conf


    Change line 29 to
      proxy_max_temp_file_size 1024m;


    docker restart letsencrypt && docker logs -f letsencrypt returns:



    I run OMV on a RockPro64 (4GB RAM).
    OMV version 4.1.23-1 (Arrakis)
    Kernel: Linux 4.4.167-1213-rockchip-ayufan-g34ae07687fce
    Processor: ARMv8 Processor rev 2 (v8l)

    3 Mal editiert, zuletzt von kromsam ()

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!