Did you make a change to your config or docker-compose? I thought you were able to access your login page earlier.
Nextcloud Bad Gateway
-
-
and my config.php :
PHP
Alles anzeigen<?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oczc9zwun5q1', 'passwordsalt' => 'lPbzJeWpOLD9AiNGlTaalbMaW9WVuw', 'secret' => 'dnUkbUEr3CPIAY+YCQAg12siS9C6YRRIDqxO9sfJeHdj+/3a', 'trusted_domains' => array ( 0 => '192.168.1.23:450', 1 => 'nextcloud.xxxxxx.duckdns.org', ), 'dbtype' => 'mysql', 'version' => '24.0.3.2', 'overwrite.cli.url' => 'https://192.168.1.23:450', 'dbname' => 'nextcloud', 'dbhost' => 'nextclouddb', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'oc_admin', 'dbpassword' => '6QDuG48jyJ68mhLxXWZJw1wKNDCZuZ', 'installed' => true, 'overwrite.cli.url' => 'https://nextcloud.xxxxxx.duckdns.org', 'overwriteprotocol' => 'https', 'default_phone_region' => 'FR', );
I don't use KM0201 procedure but, what I can see is you have a line that doesn't belong there.
Delete itIt's overlapping with another:
And post the YMLs (SWAG and Nextcloud) you used to see what is the real problem with SWAG.
Hide your domain, email and DuckDNS Token.Also, is your domain on DuckDNS still pointing to your WAN IP?
-
I don't use KM0201 procedure but, what I can see is you have a line that doesn't belong there.
Delete itIt's overlapping with another:
And post the YMLs (SWAG and Nextcloud) you used to see what is the real problem with SWAG.
Hide your domain, email and DuckDNS Token.Also, is your domain on DuckDNS still pointing to your WAN IP?
I missed that, but you're right (on the config.php). He needs to delete one or the other.
-
Hi Soma,
Thank you for your help.
I completely rebuild my nas and will take into account your recommandation.
-
T
1. Create your directories and make adjustments to the stack below (you might want to delete old directories from previous attempts if you've been at this several times). Start with only the nextcloud and nextclouddb sections and don't worry about swag for now. When done, deploy the stack.. It takes this container a minute to setup, so watch the logs (docker logs -f nextcloud) and also watch the database container (docker logs -f nextclouddb) and wait for both to indicate they are done. Use Cntrl +C to exit the logs. DO NOT ADJUST THE ##network_mode at this time. That will come later when we set up the reverse proxy
2. When done, go to nextcloud UI (https://your.omv.ip:450 , must use https and accept security risk)
3. Enter an admin user/password
4. Click setup database then mysql/mariadb database
user: root
password (see stack, line 26 above)
database name is nextcloud
localhost is nextclouddb
5. Click Finish (this will take a few minutes as it downloads apps and sets up the database, be patient). Note: IF it 504's after it sets up, this is very likely due to Nextcloud's App Store being down, as it frequently is. Give the containers a couple minutes to finish setting up, then simply use the back button on your browser and you should be logged in to the Nextcloud interface
I'm getting the following error when I try to create an admin account on my first login to Nextcloud:
Error while trying to create admin user: Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [1045] Access denied for user 'root'@'nextcloud.nextcloud_default' (using password: YES)
I've double and triple checked the code for the stack, making all the adjustments you specified. And I've ensured that the db password in the stack matches what I enter in Nextcloud. Still no dice. Any guidance, please? FWIW, this is on a raspberry pi 4, if that makes any difference...
Many thanks!
Here's the stack as I've edited, in case it's helpful:
Code
Alles anzeigenversion: "2.1" services: nextcloud: image: ghcr.io/linuxserver/nextcloud:latest container_name: nextcloud ##network_mode: swag_default environment: - PUID=1001 - PGID=100 volumes: - /srv/dev-disk-by-uuid-a6d347b3-334d-4835-9f22-60ebebcf46dc/docker/appdata/nextcloud/config:/config - /srv/dev-disk-by-uuid-a6d347b3-334d-4835-9f22-60ebebcf46dc/docker/appdata/nextcloud/data:/data - /etc/localtime:/etc/localtime:ro depends_on: - mariadb ports: - 450:443 restart: unless-stopped mariadb: image: ghcr.io/linuxserver/mariadb:latest container_name: nextclouddb ##network_mode: swag_default environment: - PUID=1001 - PGID=100 - MYSQL_ROOT_PASSWORD=[copy-&-pasted from my pw manager] volumes: - /srv/dev-disk-by-uuid-a6d347b3-334d-4835-9f22-60ebebcf46dc/docker/appdata/mariadb/config:/config - /etc/localtime:/etc/localtime:ro restart: unless-stopped
-
I'm getting the following error when I try to create an admin account on my first login to Nextcloud:
Error while trying to create admin user: Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [1045] Access denied for user 'root'@'nextcloud.nextcloud_default' (using password: YES)
I've double and triple checked the code for the stack, making all the adjustments you specified. And I've ensured that the db password in the stack matches what I enter in Nextcloud. Still no dice. Any guidance, please? FWIW, this is on a raspberry pi 4, if that makes any difference...
Many thanks!
Here's the stack as I've edited, in case it's helpful:
Code
Alles anzeigenversion: "2.1" services: nextcloud: image: ghcr.io/linuxserver/nextcloud:latest container_name: nextcloud ##network_mode: swag_default environment: - PUID=1001 - PGID=100 volumes: - /srv/dev-disk-by-uuid-a6d347b3-334d-4835-9f22-60ebebcf46dc/docker/appdata/nextcloud/config:/config - /srv/dev-disk-by-uuid-a6d347b3-334d-4835-9f22-60ebebcf46dc/docker/appdata/nextcloud/data:/data - /etc/localtime:/etc/localtime:ro depends_on: - mariadb ports: - 450:443 restart: unless-stopped mariadb: image: ghcr.io/linuxserver/mariadb:latest container_name: nextclouddb ##network_mode: swag_default environment: - PUID=1001 - PGID=100 - MYSQL_ROOT_PASSWORD=[copy-&-pasted from my pw manager] volumes: - /srv/dev-disk-by-uuid-a6d347b3-334d-4835-9f22-60ebebcf46dc/docker/appdata/mariadb/config:/config - /etc/localtime:/etc/localtime:ro restart: unless-stopped
I just installed NC three times in a virtual machine exactly how I did in that tutorial, deleting all directories each try to start with a clean slate, and it installed without a hitch
The only way I can duplicate the error you're getting, is if my db password is wrong.
So I can only assume either you're copying it wrong from your password manager, maybe you're copying extra spaces on it, etc. You're never going to use this password again (for NC), so I can't see any need to have this password in a password manager or to really even be overly complex.
-
An exception occurred in the driver: SQLSTATE[HY000] [1045] Access denied for user 'root'@'nextc
The only way I can duplicate the error you're getting, is if my db password is wrong.
I can vouche for this:
YMLs password fields don't do well, especially if the password has special characters. They have to be escaped.
Even if they're encapsulated in "", the password isn't properly passed.
Better to use a simple alphanumeric password, for eg:
7h3paS5W0rD
Or scroll down on macom guide to see how to fix the error by bashing into mariadb and create the user by hand
-
Better to use a simple alphanumeric password, for eg:
7h3paS5W0rD
This is a really good point.. I rarely put much effort into this password, (it's not quite "password".. but it's not far off..lol).
I figure in order to really do any damage to my database, they're going to have to have gained access to my machine over the network (ssh, broke into my house and hooked a display and keyboard up to my server..).
Your mileage may vary, but for me.. If it's at that point I've probably got way bigger problems than my Nextcloud database.
-
I figure in order to really do any damage to my database, they're going to have to have gained access to my machine over the network (ssh, broke into my house and hooked a display and keyboard up to my server..).
And I can add another one to this:
MariaDB ports are only exposed to the STACK, not to the host.
No way to hack it unless NC is hacked already.
But if it is, then it's already to late, 🫣
-
No way to hack it unless NC is hacked already.
But if it is, then it's already to late, 🫣
Yup.
I've tried to envision a scenario where burglars break in, and their first thought is, "Grab that computer with no keyboard, mouse or display that is running in that bedroom closet. Find an hdmi cable and a keyboard and bring it out here so I can hook it up to this TV".Then they'd still have to figure out root passwords or know how to reset root, etc.
-
YMLs password fields don't do well, especially if the password has special characters. They have to be escaped.
Even if they're encapsulated in "", the password isn't properly passed.
That fixed it! Out of habit, I'd been using a strong password on my previous attempt. When I changed it to something that had no special characters ("the kind of password an idiot would have on his luggage!"), it all worked out.
I've tried to envision a scenario where burglars break in, and their first thought is, "Grab that computer with no keyboard, mouse or display that is running in that bedroom closet. Find an hdmi cable and a keyboard and bring it out here so I can hook it up to this TV".
I mean, to be fair, my raspberry pi case is a piggy bank that I've bedazzled with glitter and fake gemstones. And it's labelled "Supersecret, don't look at me!"
-
Working through your awesome guide, I found what might be a typo in the code for the swag stack..
Code
Alles anzeigenversion: "2.2" services: swag: image: ghcr.io/linuxserver/swag container_name: swag cap_add: - NET_ADMIN environment: #- PUID=1000 #- PGID=100 #- URL=YOUR_SUBDOMAIN.duckdns.org #- DUCKDNSTOKEN=YOUR_TOKEN - SUBDOMAINS=wildcard - VALIDATION=duckdns #- EMAIL=YOUREMAIL - DOCKER_MODS=linuxserver/mods:swag-dashboard volumes: #- /path/to/config:/config - /etc/localtime:/etc/localtime:ro ports: - 444:443 - 82:80 - 81:81 restart: unless-stopped
In the line for DOCKER_MODS (line 16), there's an extra space before the dash. When it was there, I wasn't getting a cert, but after deleting that one extra space, it worked fine.
Thanks again for your hard work with all this!
-
Working through your awesome guide, I found what might be a typo in the code for the swag stack..
Fixed.
Thank you. Surprised nobody's ever caught that before... or they did and didn't bother telling me.
-
Good evening, is it possible to use the stacks found in the thread to run nextcloud only in the local network and without opening ports and fix warnings such as “You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead.” and "Strict Transport-Security.
The stack I'm using is this:
Code
Alles anzeigenversion: "2.1" services: nextcloud: image: ghcr.io/linuxserver/nextcloud:latest container_name: nextcloud ##network_mode: swag_default environment: - PUID=1000 - PGID=100 volumes: - /path/to/nextcloud/config:/config - /path/to/nextcloud-data:/data - /etc/localtime:/etc/localtime:ro depends_on: - mariadb ports: - 450:443 restart: unless-stopped mariadb: image: ghcr.io/linuxserver/mariadb:latest container_name: nextclouddb ##network_mode: swag_default environment: - PUID=1000 - PGID=100 - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_PASSWORD volumes: - /path/to/mariadb/config:/config - /etc/localtime:/etc/localtime:ro restart: unless-stopped
I can access to nextcloud UI and finish the configuration, but then those warnings remain even if i remove the
"#" in front of
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
and restart the nextcloud docker.
I would just like to use nextcloud in my lan network and access it from outside via wireguard. -
I would just like to use nextcloud in my lan network and access it from outside via wireguard.
I guess the easiest solution in your case would be to create a self-signed certificate that expires in 10 years and configure it in nextcloud.
You can do what you want, access locally through Wireguard, but Nextcloud wasn't designed for that. It is normal for him to complain.
-
Good evening, is it possible to use the stacks found in the thread to run nextcloud only in the local network and without opening ports and fix warnings such as “You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead.” and "Strict Transport-Security.
The stack I'm using is this:
Code
Alles anzeigenversion: "2.1" services: nextcloud: image: ghcr.io/linuxserver/nextcloud:latest container_name: nextcloud ##network_mode: swag_default environment: - PUID=1000 - PGID=100 volumes: - /path/to/nextcloud/config:/config - /path/to/nextcloud-data:/data - /etc/localtime:/etc/localtime:ro depends_on: - mariadb ports: - 450:443 restart: unless-stopped mariadb: image: ghcr.io/linuxserver/mariadb:latest container_name: nextclouddb ##network_mode: swag_default environment: - PUID=1000 - PGID=100 - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_PASSWORD volumes: - /path/to/mariadb/config:/config - /etc/localtime:/etc/localtime:ro restart: unless-stopped
I can access to nextcloud UI and finish the configuration, but then those warnings remain even if i remove the
"#" in front of
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
and restart the nextcloud docker.
I would just like to use nextcloud in my lan network and access it from outside via wireguard.You may need an open port for retrieving the cert. But that does not mean nextcloud must be accessible from outside your lan. You could add sth like the following statements to your nextcloud proxy conf file
Your clients also need a DNS entry that points your domain cloud.example.org to the local ip eg 192.168…. or they would be blocked too. Could be done via pihole if you use it.
-
Hello, out of necessity I would like to continue this thread. The tutorial from #2 @KM0202 helped me to finally get rid of the "502 Bad Gateway" error and at least to connect to my Nextcloud via Lan Ip.
I have now configured everything according to the instructions of #2 and get when logging in via https still the SWAG message when connecting. The Configs I have checked but unfortunately no errors found. Can someone help me to go this last step?
lg.
-
-
If you use this Ports on your SWAG Container:
ports:
- 444:443
- 82:80
- 81:81Than your Fritz!Box configuration is wrong. You are mapping:
- 444:443
444 is your Host port that will mapped to the 443 port of your Container
at the Fritz!Box you have to you use only 444
Same think for 82:80
okay, unfortunately I am quite unsure here. Are these settings correct? The ports for SWAG are set as you described.
Somehow SWAG and I are not friends. I changed the ports as I thought and now I can't get an internal or external connection (port 450 internal ip) via the browser https://nextcloud.....
lg.
-
"Port extern gewünscht" / "Port extern vergeben" müssen 80 und 443 sein
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!