Nextcloud Bad Gateway

  • I setup Nextcloud using the docker compose file from this tutorial: https://youtu.be/aemqzgNbMPg And I followed the steps from Techno Dad Life here: https://youtu.be/4HPXGKfFibc Both tutorials are very similar. I've tried to setup Nextcloud twice now and both times, upon completing the tutorial I get "502 Bad Gateway" when I attempt to go to my DuckDNS url. I've searched around for other solutions but I haven't found one yet. Thanks in advance for any help.

  • Agricola

    Approved the thread.
  • I setup Nextcloud using the docker compose file from this tutorial: https://youtu.be/aemqzgNbMPg And I followed the steps from Techno Dad Life here: https://youtu.be/4HPXGKfFibc Both tutorials are very similar. I've tried to setup Nextcloud twice now and both times, upon completing the tutorial I get "502 Bad Gateway" when I attempt to go to my DuckDNS url. I've searched around for other solutions but I haven't found one yet. Thanks in advance for any help.

    Funny you bring this up, I just rewrote my compose file for nextcloud and duckdns yesterday and tested it.


    If you don't get an answer tonight, I'll post it in the morning (working tonight)

    Air Conditioners are a lot like PC's... They work great until you open Windows.


  • I setup Nextcloud using the docker compose file from this tutorial: https://youtu.be/aemqzgNbMPg And I followed the steps from Techno Dad Life here: https://youtu.be/4HPXGKfFibc Both tutorials are very similar. I've tried to setup Nextcloud twice now and both times, upon completing the tutorial I get "502 Bad Gateway" when I attempt to go to my DuckDNS url. I've searched around for other solutions but I haven't found one yet. Thanks in advance for any help.

    OK, here's how I do it. not saying it's the only way, it's just simple and should have you up and running in about 15min. Everything that starts with a # needs to be adjusted for your system and then the # erased. Nothing other than those lines need to be changed despite what you've seen in other tutorials. DO NOT ADJUST THE ##network_mode at this time. That will come later when we set up the proxy. Again, do not mix this with other tutorials, you'll just fail and be frustrated. All of the below assumes you have a basic understanding of containers and command line (config paths, data paths, PUID/PGID, changing directories, nano, etc.)


    You can use this in docker-compose or in a stack in portainer (I'd recommend using a stack as it will show if you have formatting errors. As I proceed I will assume you're using this in a stack.):


    1. Create your directories and make adjustments to the stack below (you might want to delete old directories from previous attempts if you've been at this several times). Start with only the nextcloud and nextclouddb sections and don't worry about swag for now. When done, deploy the stack.. It takes this container a minute to setup, so watch the logs (docker logs -f nextcloud) and also watch the database container (docker logs -f nextclouddb) and wait for both to indicate they are done. Use Cntrl +C to exit the logs.



    2. When done, go to nextcloud UI (https://your.omv.ip:450 , must use https and accept security risk)

    3. Enter an admin user/password

    4. Click setup database then mysql/mariadb database

    user: root

    password (see stack, line 24 above)

    database name: nextcloud

    localhost: nextclouddb

    5. Click Finish (this will take a few minutes as it downloads apps and sets up the database, be patient). Note: IF it 504's after it sets up, this is very likely due to Nextcloud's App Store being down, as it frequently is. Give the containers a couple minutes to finish setting up, then simply use the back button on your browser and you should be logged in to the Nextcloud interface


    Once you're logged in you can complete a basic setup of Nextcloud, or move on to set it up the reverse proxy with swag and a free duckdns subdomain. Proceeding assumes you have set up a free duckdns account, have setup your free subdomain on this account, and have access to your duckdns token. If you don't understand this, stop, post and ask or Google it till you do. It's also recommended at this time, if you don't have an SSH session at this time, start one.


    If you use this set up exactly, in your router you'll need to make sure port 444 is forwarded to 443 and port 81 is forwarded to 80 (note: 444/81 are internal ports, 443/80 are external)


    6. In Portainer, Add a new stack.

    7. Name the stack swag

    8. Copy/paste the swag compose file below and make necessary adjustments. Remember, only the # lines need adjusted


    9. Deploy the swag stack.

    10. Use your SSH session to watch your swag log and make sure you get a Congratulations message that a key was received. Use Cntrl + c to exit the log.

    Code
    docker logs -f swag


    11. When your key is successfully received, you can navigate to https://www.YOUR-SUBDOMAIN.duckdns.org and you should see the swag park page secured with SSL (padlock by the URL). This tells you the reverse proxy is set up properly. Now, we simply need to route nextcloud through the swag container. Note: If you have made several failed attempts to get a key, and the log throws an error that it could not retrieve a key due to to many attempts, see this post for a simple fix, then redeploy the stack.

    12. In the command line, Navigate to /config/swag/nginx/proxy-confs

    13. Copy swags sample nextcloud.subdomain.conf, and drop the .sample extension

    Code
    cp nextcloud.subdomain.conf.sample nextcloud.subdomain.conf

    14. docker restart swag

    15. In Portainer, go to your nextcloud stack

    16. Uncomment the ##network modes in the stack. If you've followed this exactly, your swag network is going to be named swag_default. If you're unsure or maybe you've taken multiple cracks at this, simply click Networks on the left, and see what network name is assigned to the swag stack and if it is different, then make the appropriate change.

    17. Deploy the nextcloud stack.

    18. Navigate to: /config/nextcloud/www/nextcloud/config

    19. nano config.php

    20. Under trusted domains array add your domain (you should see your local IP address there as 0), be sure to add it before the ),

    Code
    1 => 'nextcloud.yoursubdomain.duckdns.org',


    21. Add or edit the lines below, after the ), and before the );


    Code
    'overwrite.cli.url' => 'https://nextcloud.yoursubdomain.duckdns.org',
    'overwritehost' => 'nextcloud.yoursubdomain.duckdns.org',
    'overwriteprotocol' => 'https',

    When you're done, your config.php will look something like this (11, 23, 24, 25 are the lines I added in. A couple of those lines will already be there.. so you can either edit them as appropriate or delete them and add them in at the end like I did, either way just make sure there are no duplicates and it looks similar to the below


    14. Save and close (Cntrl x then Y to save)

    15. Restart the Nextcloud container: docker restart nextcloud

    16. Navigate to https://nextcloud.yoursubdomain.duckdns.org and log in.


    This is optional, but once you're done and you can log in to your subdomain properly and securely... If you want to disable insecure access from your local network, go back to your stack and make this adjustment under the "nextcloud" portion


    Code
    ports:
    - 450:443
    to this
    #ports:
    #- 450:443

    Then redeploy the stack and you'll no longer have local access.


    You're done.


    A few solutions to some common "issues"..


    Log in as Admin, Go to Settings/Overview. You'll likely notice that there are some "warnings" regarding your setup...


    Code
    There are some warnings regarding your setup.
    The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.
    Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add "default_phone_region" with the respective ISO 3166-1 code ↗ of the region to your config file.

    Thanks to oopenmediavault for pointing these out. There were a few typos in his instructions that caused an error when the containers were redeployed, so they are restated here...


    These two are very simple fixes...

    1.) Navigate to /config/swag/nginx/

    2.) nano ssl.conf

    3.) Remove hashtag from from the front following line.

    #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

    4.) docker restart swag


    Country codes are defined in following norm:

    ISO 3166-1 alpha-2 - Wikipedia

    1.) Navigate to /config/nextcloud/www/nextcloud/config/

    2.) nano config.php

    3.) Add the following to the end, before the );

    Code
    'default_phone_region' => 'COUNTRY_CODE',
    ##(note: do not miss the comma on the end of this line)

    4.) docker restart nextcloud


    Refresh your nextcloud admin page, and those two errors should be gone.


    Some users may also get this error.


    Code
    There are some warnings regarding your setup.
    The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If not, this is a security issue and can allow an attacker to spoof their IP address as visible to the Nextcloud. Further information can be found in the documentation.

    If you read it, this isn't an error at all and simply confirms you're accessing nextcloud from a trusted proxy. However, to clear this, is very simple.


    1. navigate to /config/nextcloud/www/nextcloud/config

    2. nano config.php

    3. Add the following at the end, before the );

    Code
    'trusted_proxies' =>
    array (
    0 => 'your.ip:450',
    1 => 'nextcloud.YOUR_SUBDOMAIN.duckdns.org',
    ),

    4. docker restart nextcloud

    5. When done, refresh your nextcloud settings page and all errors should be clear.


    If you complete a Nextcloud security scan, its very likely you're going to get an A+, or occasionally an A if Linuxserver hasn't pushed an update for the nextcloud container yet.

    Air Conditioners are a lot like PC's... They work great until you open Windows.


    Edited 40 times, last by KM0201: clarity. This post has underwent a lot of editing to bring it more in line with macoms tutorial. ().

  • KM0201 I’m curious. You don’t have a duckdns section in your stack. I’ve always wondered why it was there since the pertinent information is repeated under swag. Is the duckdns container not necessary?


    Also, you used port 457 in a couple of places and then 450 later on. Is that a typo?

    Simple and sure backup and restore: In a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-SOURCE/ /srv/dev-disk-by-label-DESTINATION/ (HT: Getting Started with OMV5)
    Server Software: OMV 5 (current) - My Main Server: Thinkserver TS140, Nextcloud, Plex, Airsonic, Navidrome, Ubooquity, Digikam, & Heimdall - My Backup Machine: NanoPi M4 (v.1), Pi-Hole - Odroid XU4 (Using DietPi) - Testing/Playing: hc2, xu4, Pi 3B+, Odroid H2. Mac user converting to Linux, Debian 10 KDE.

  • KM0201 I’m curious. You don’t have a duckdns section in your stack. I’ve always wondered why it was there since the pertinent information is repeated under swag. Is the duckdns container not necessary?


    Also, you used port 457 in a couple of places and then 450 later on. Is that a typo?

    the duckdns container is not required now as best I can tell... the swag container essentially has a duckdns "plugin", and will basically handle what the old duckdns docker used to handle (in the older how to)


    The 450/457... 450, is local only since it is not forwarded in my router (since nextcloud seems to require https even for insecure local connections). I used this just for a basic set up, then set up my subdomain after I basically had my database and admin user logged in. 457 is what actually gets forwarded in your router to allow duckdns, letsencrypt, etc. to all work together. Obviously you can choose any port you want... I chose 457 years ago so I ride or die with it. :)


    At the very end I mentioned if you didn't need local access, once the subdomain is setup and working properly, you can comment out the ports under the nextcloud portion of the container.

    Air Conditioners are a lot like PC's... They work great until you open Windows.


  • The last part, that is what confused me. Thanks for the info on duckdns. Nice to know and really makes more sense.

    Simple and sure backup and restore: In a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-SOURCE/ /srv/dev-disk-by-label-DESTINATION/ (HT: Getting Started with OMV5)
    Server Software: OMV 5 (current) - My Main Server: Thinkserver TS140, Nextcloud, Plex, Airsonic, Navidrome, Ubooquity, Digikam, & Heimdall - My Backup Machine: NanoPi M4 (v.1), Pi-Hole - Odroid XU4 (Using DietPi) - Testing/Playing: hc2, xu4, Pi 3B+, Odroid H2. Mac user converting to Linux, Debian 10 KDE.

  • The last part, that is what confused me. Thanks for the info on duckdns. Nice to know and really makes more sense.

    I think w/ the old letsencrypt container, it was required (as technodad and some of the others used the duckdns container)... when the new "swag" container (I swear I loathe that name)... it apparently has plugins available to it if you read the container details (duckdns, cloudflare, etc..).. so in this instance it basically makes the duckdns container no longer necessary.


    https://hub.docker.com/r/linuxserver/swag

    Air Conditioners are a lot like PC's... They work great until you open Windows.


  • I don’t much care for the name either, and I really don’t like the Linuxserver blogpost that introduced it. In that blogpost they say “At this point, the SWAG and letsencrypt images are 100% compatible and we plan to keep SWAG backwards compatible as long as we can.” I wonder if that is still the case. At what point will it be necessary to advise switching to swag, especially if it is a brand new install that is having trouble getting started? Surely Linuxserver will let us know.

    Simple and sure backup and restore: In a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-SOURCE/ /srv/dev-disk-by-label-DESTINATION/ (HT: Getting Started with OMV5)
    Server Software: OMV 5 (current) - My Main Server: Thinkserver TS140, Nextcloud, Plex, Airsonic, Navidrome, Ubooquity, Digikam, & Heimdall - My Backup Machine: NanoPi M4 (v.1), Pi-Hole - Odroid XU4 (Using DietPi) - Testing/Playing: hc2, xu4, Pi 3B+, Odroid H2. Mac user converting to Linux, Debian 10 KDE.

  • I don’t much care for the name either, and I really don’t like the Linuxserver blogpost that introduced it. In that blogpost they say “At this point, the SWAG and letsencrypt images are 100% compatible and we plan to keep SWAG backwards compatible as long as we can.” I wonder if that is still the case. At what point will it be necessary to advise switching to swag, especially if it is a brand new install that is having trouble getting started? Surely Linuxserver will let us know.

    If the name wasn't a common acronym for "some wild ass guess".. it wouldn't bother me so much. As it stands it looks like some 13yr old came up with it.


    As for the compatibility... I'm assuming it is still compatible... the only reason I switched in my new compose, is because when I looked at linuxserver/letsencrypt, it hadn't been updated in almost a month and there was a clear notice it was deprecated. I didn't really see any reason to put off getting current since I was redoing my compose files anyway. Love it or hate it, swag was updated 2 days ago.

    Air Conditioners are a lot like PC's... They work great until you open Windows.


  • When you say forward ports 457 to 443 and 91 to 80, you mean that 457 and 91 are the internal ports and 443 and 80 are the external ports correct?

    Edited 2 times, last by KM0201: Fixed typo in config,php that you quoted ().

  • When you say forward ports 457 to 443 and 91 to 80, you mean that 457 and 91 are the internal ports and 443 and 80 are the external ports correct?

    Should have clarified that...


    That is correct, 457 and 91 are internal, 443 and 80 are external.

    Air Conditioners are a lot like PC's... They work great until you open Windows.


  • KM0201 You have helped me get further into getting Nextcloud up and running than anyone else. I have so much gratitude for your help. I have a question related to this portion of your phenomenal guide:

    Once that is done, you can complete a basic setup of Nextcloud, or move on to set it up with duckdns subdomains.

    6. Navigate to /config/swag/nginx/prox-confs

    7. nano nextcloud.subdomain.conf.sample

    8. Change subdomain to duckdns subdomain name (ie.. yoursubdomain.* )

    When I navigate to /config/swag/nginx/prox-confs my nextcloud.subdomain.conf.sample file looks like this:



    Could you show me exactly where I should input my duckdns subdomain into the file?

  • That is how mine currently looks.


    Edit: in cae it isn't clear, 192.168.1.166:450 is my local IP address... Yours will be different there.

    Air Conditioners are a lot like PC's... They work great until you open Windows.


    Edited once, last by KM0201 ().

  • seekr the file above that KM0201 has listed is his config.php file. Pattern yours after his. The file you showed is your nextcloud.subdomain.conf file. The only thing you need to do with it is replace server_name nextcloud.*; with server_name yoursubdomain.*; That is assuming you are attempting to have an address like this: yoursubdomain.duckdns.org That is how I have mine set up. That is how KM0201 has his php.config set up. See his lines 11, 16, 20, and 21.

    Simple and sure backup and restore: In a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-SOURCE/ /srv/dev-disk-by-label-DESTINATION/ (HT: Getting Started with OMV5)
    Server Software: OMV 5 (current) - My Main Server: Thinkserver TS140, Nextcloud, Plex, Airsonic, Navidrome, Ubooquity, Digikam, & Heimdall - My Backup Machine: NanoPi M4 (v.1), Pi-Hole - Odroid XU4 (Using DietPi) - Testing/Playing: hc2, xu4, Pi 3B+, Odroid H2. Mac user converting to Linux, Debian 10 KDE.

  • seekr the file above that KM0201 has listed is his config.php file. Pattern yours after his. The file you showed is your nextcloud.subdomain.conf file. The only thing you need to do with it is replace server_name nextcloud.*; with server_name yoursubdomain.*;

    Damn you're right... I showed him the wrong file.


    All you need to change is nextcloud.* (but that was in 6, 7 and 8 I put above..)

    Air Conditioners are a lot like PC's... They work great until you open Windows.


  • All of those comments in the first 14 lines confused me the first time I saw it. But I figured you were distracted or something. I wasn't trying to school you. Just a friendly nudge. Kind of like when my wife puts an elbow to my ribs when I doze off in church.

    Simple and sure backup and restore: In a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-SOURCE/ /srv/dev-disk-by-label-DESTINATION/ (HT: Getting Started with OMV5)
    Server Software: OMV 5 (current) - My Main Server: Thinkserver TS140, Nextcloud, Plex, Airsonic, Navidrome, Ubooquity, Digikam, & Heimdall - My Backup Machine: NanoPi M4 (v.1), Pi-Hole - Odroid XU4 (Using DietPi) - Testing/Playing: hc2, xu4, Pi 3B+, Odroid H2. Mac user converting to Linux, Debian 10 KDE.

  • All of those comments in the first 14 lines confused me the first time I saw it. But I figured you were distracted or something. I wasn't trying to school you. Just a friendly nudge. Kind of like when my wife puts an elbow to my ribs when I doze off in church.

    I was actually sitting in stalled traffic when I copied it from another post..lol

    Air Conditioners are a lot like PC's... They work great until you open Windows.


  • seekr the file above that KM0201 has listed is his config.php file. Pattern yours after his. The file you showed is your nextcloud.subdomain.conf file. The only thing you need to do with it is replace server_name nextcloud.*; with server_name yoursubdomain.*; That is assuming you are attempting to have an address like this: yoursubdomain.duckdns.org That is how I have mine set up. That is how KM0201 has his php.config set up. See his lines 11, 16, 20, and 21.

    Thanks Agricola! You have been extremely helpful for a noob like me. Sorry to keep peppering you with questions but when it comes to replacing server_name nextcloud.*; with server_name yoursubdomain.*; my subdomain indeed is something like yoursubdomain.duckdns.org. This means that what I insert will look something like my_server_name yoursubdomain.duckdns.org.*; correct? My second question feels really dumb to ask but where can I look to find my server name?


    Again, thank you for the remedial training. Also, as a preacher myself, I am grateful for your wife's jabs to keep you awake.8o

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!