Problem with Letsencrypt and Nextcloud Configuration on Docker.

sbasstbone · Mar 21st 2020

Hello

I'm having troubles with Letsencrypt, Nextcloud and I receive this message.

Welcome to our server

The website is currently being setup under this address.

For help and support, please contact: me@example.com

I have read some posts in this and other forums, trying to change pieces of code, reinstall Nextcloud, permissions on the folders but nothing is working for me.

The domain is basscloud.duckdns.org. nextcloud is the name of the container and 444 the internal port of this container.

Nextcloud.subdomain from letsencrypt (I have some thinkings about upstream_nextcloud and ports

Code

server {
    listen 443 ssl;
    listen [::]:443 ssl;


    server_name basscloud.*;


    include /config/nginx/ssl.conf;


    client_max_body_size 0;


    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_nextcloud nextcloud;
        set $upstream_port 444;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_nextcloud:$upstream_port;


        proxy_max_temp_file_size 2048m;
    }

}

Display More

Display Less

config from nextcloud docker: The trusted domain number 2 is to access via 444 port without https and ssl certificate while it doesn't work.

PHP

<?php

$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'xxxxxxxxxxxxxx',
  'passwordsalt' => 'xxxxxxxxxxxxxxxxX',
  'secret' => 'xxxxxxxxxxxxx',
  'trusted_domains' =>   array (
    0 => '192.168.1.5:444',
    1 => 'basscloud.duckdns.org',
    2 => 'sbasstbone.ddns.net',
  ),
  'trusted_proxies' => ['letsencrypt'],
  'dbtype' => 'mysql',
  'version' => '18.0.2.2',
  'overwrite.cli.url' => 'https://basscloud.duckdns.org',

# 'overwritehost' => 'basscloud.duckdns.org',
  'overwriteprotocol' => 'https',
  'dbname' => 'xxxxxxx',
  'dbhost' => '192.168.1.5:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'xxxxxxx',
  'dbpassword' => 'xxxxxxxxxx',
  'installed' => true,

);

Display More

Some ideas to try?? Tell me please!

Sorry about me putting this information on another Thread.

VMax · Mar 22nd 2020

Try to change proxy_pass $upstream_proto://$upstream_nextcloud:$upstream_port; with proxy_pass https://yourhostIP:444;

Wher yourhostIP is your real host IP address, for instance 192.168.1.5:444

If your Letsencrypt configuration is correct and your opened ports into your router too then it should work

Morlan · Mar 22nd 2020

I would not recommend the advice by VMax (sorry!).

Are the nextcloud container and letsencrypt container connected in a docker network. When this is the case, no need to change any ip or ports (much more failsafe this way).

What is the output of docker logs -f letsencrypt ? Any errors after Server ready. (exectt LuaJIT)?

sbasstbone · Mar 22nd 2020

Quote from Morlan

I would not recommend the advice by VMax (sorry!).
Are the nextcloud container and letsencrypt container connected in a docker network. When this is the case, no need to change any ip or ports (much more failsafe this way).

What is the output of docker logs -f letsencrypt ? Any errors after Server ready. (exectt LuaJIT)?

That is bottom of the log. The two containers are in the same network, called basscloud. I have also both in bridge network. It is necessary to delete from that network?

Code

[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
Server ready
run-parts: /etc/periodic/weekly/libmaxminddb: exit status 6

Morlan · Mar 22nd 2020

run-parts: /etc/periodic/weekly/libmaxminddb: exit status 6 I unfortunately dont know what this error means.

On my server it helped changing proxy_max_temp_file_size 2048m; to proxy_max_temp_file_size 1024m;

VMax · Mar 22nd 2020

Quote from Morlan

I would not recommend the advice by VMax (sorry!).

Could you explain why please? In my configuration i t work...

Morlan · Mar 22nd 2020

Its not that is doesnt work. But it is not necessary to change this config, because as long as the containers are connected in a docker network they can find each other through the docker dns service.

The reason not to recommend it is that it adds another point of failure (typos, wrong ip, wrong port, etc).

VMax · Mar 22nd 2020

I understand what you mean, what i wrote is the translation of all those code lines, just i give the result directly as i know which is it...

I don't see any problem with doing this, also , if it don't work then he is sure that his trouble is somewhere else, probably in the configuration of nextcloud container.

What i see reading his post again is that he set 444 as internal port of nextcloud container, instead, it should be the external one (host side to be clear) and the internal one (container side) 443... and maybe he made the same mistake with the 80 port, i don't know, he didn't post both the entire containers configuration....

Morlan · Mar 22nd 2020

Quote from VMax

what i wrote is the translation of all those code lines,

that is not entirely correct. the advantage is that you dont have to expose nextcloud at all to your local network. This is also why it should not matter if he exposed the wrong port. Because port 443 will be automatically exposed (through the dockerfile config).

sbasstbone · Mar 22nd 2020

Could be the PUID and PGID configuration? Letsencrypt has PUID 998 and Nextcloud 911 (docker default).

Quote from Morlan

Its not that is doesnt work. But it is not necessary to change this config, because as long as the containers are connected in a docker network they can find each other through the docker dns service.
The reason not to recommend it is that it adds another point of failure (typos, wrong ip, wrong port, etc).

I will try to put all the information. (I pasted it from portainer)

NEXTCLOUD

Code

    linuxserver/nextcloud:latest@sha256:2f5017e0905277d8c028e75003bcd9c57c71cd66883663ea855d985be5c6dec1
Port configuration    
0.0.0.0:444  443/tcp
0.0.0.0:8989  80/tcp
CMD    
ENTRYPOINT    /init
ENV    
NEXTCLOUD_PATH    /config/www/nextcloud
PATH    /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PS1    root@BassNas:/$
HOME    /root
TERM    xterm
Labels    
build_version    Linuxserver.io version:- 18.0.2-ls69 Build-date:- 2020-03-18T12:33:38+00:00
maintainer    aptalca
Restart policies    
Name        
 Volumes
Host/volume                                    Path in container
/sharedfolders/UnidadeS1/Nextcloudstorage    /data
/etc/localtime    /etc/localtime
/sharedfolders/MULTIMEDIA/AppData/Nextcloud    /config
 Connected networks

Join a network
Network    IP Address    Gateway    MAC Address    Actions
bassnet    172.18.0.3    172.18.0.1    02:42:ac:12:00:03    
bridge    172.17.0.6    172.17.0.1    02:42:ac:11:00:06

Display More

Code

LETSENCRYPT

Image    linuxserver/letsencrypt:latest@sha256:9239f808aac4f46ed41a4cbb27a464c170b426076c11f0d38236eb857cb8c7ee
Port configuration    
0.0.0.0:450  443/tcp
0.0.0.0:90  80/tcp
CMD    

ENTRYPOINT    /init

ENV    
TZ    Europe/Madrid
PATH    /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PGID    100
EMAIL    sbasstbone@gmail.com
PUID    998
ONLY_SUBDOMAINS    true
S6_BEHAVIOUR_IF_STAGE2_FAILS    2
URL    duckdns.org
PS1    root@BassNas:/$

HOME    /root
SUBDOMAINS    basscloud,sbasstbone
VALIDATION    http
TERM    xterm
DHLEVEL    2048
AWS_CONFIG_FILE    /config/dns-conf/route53.ini
Labels    
build_version    Linuxserver.io version:- 1.3.0-ls103 Build-date:- 2020-03-14T17:27:57+01:00
maintainer    aptalca
omv_docker_extra_args    --cap-add=NET_ADMIN

Restart policies    
Name        
 Volumes
Host/volume    Path in container
/etc/localtime    /etc/localtime
38c179eef9bfc935adf2ab73efaec7ef30b574fec245b1b107b95ce18fee9c3b    /config
 Connected networks
Join a network
Network    IP Address    Gateway    MAC Address    Actions
bassnet    172.18.0.2    172.18.0.1    02:42:ac:12:00:02    
bridge    172.17.0.8    172.17.0.1    02:42:ac:11:00:08

Display More

sbasstbone · Mar 22nd 2020

Hello. When I copy the information to you, I realise that the /config folder was wrong. I delete the container and made it another time, putting thecontainers in the same network and now it work like a charm!

maybe it helps people in the same case. Finally de Nextcloud.subdoimain.conf is:

Code

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name basscloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app nextcloud;
        set $upstream_port 443;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_max_temp_file_size 2048m;
    }
}

Display More

VMax · Mar 22nd 2020

Quote from Morlan

that is not entirely correct. the advantage is that you dont have to expose nextcloud at all to your local network. This is also why it should not matter if he exposed the wrong port. Because port 443 will be automatically exposed (through the dockerfile config).

Maybe i didn't explane myself well enough, i never ment to expose nextcloud to the local network, the ip address i wrote is intended to be the host ip and the port the same; anyway, he found the mistake so that's the important thing.

Morlan · Mar 23rd 2020

sbasstbone please Change the path to your folders to the actual folder paths (e.g. /srv/dev-disk-by-label-.../appdata/...) instead of the sharedfolders paths.

There have been reported issues with that.

sbasstbone · Mar 23rd 2020

Quote from Morlan

sbasstbone please Change the path to your folders to the actual folder paths (e.g. /srv/dev-disk-by-label-.../appdata/...) instead of the sharedfolders paths.
There have been reported issues with that.

Thanks Morlan. Is it recommended on all containers? Or it only have been reported in Nextcloud?

Morlan · Mar 23rd 2020

All containers

sbasstbone · Mar 23rd 2020

Quote from Morlan

All containers

ok, I just did it on the letsencrypt container.

ATENTION! I only changed the folder from docker GUI and the container lost the network "basscloud" (the one nextcloud and letsencrypt share) , with 502 Bad Gateway message after it. I put Letsencrypt restored in "basscloud" network and now works fine.

We need to keep our view on details, since it could be a little error the cause of problem. (and waste of time).

Welcome to our server

Participate now!