It will apply to anything that nginxproxy manager logs as a failure to login, as it is the nginx proxy manager logs that it is watching
Hi. Im not sure i get this right
If im using NPM with all my services, nextcloud, calibre, etc. Traffic will go through proxy, but it will not log login attempts on, for example, nextcloud?
I had ACL active before this try with user group.
I thought that after creating the user group, I wouldn't need ACL anymore, so I deleted it. After that it didn't work properly again so I just created acl again.
I guess all this with user www-data and new group need to be done before installing Nextcloud
I managed to set it up this way:
in compose file mount location of user home dir
NEXTCLOUD_MOUNT=/srv/dev-xxxxx/your_home_dir_from_omv/your_home_dir_from_omv is dir you set on OMV>users>settings
In NextCloud need to enable external storage and after that in Administration settings >External storage add location of your user dir
Folder name: for example MyOMVHome, name that will appear in NextCloud
external storage: local
Configuration: location of your username dir, like
/srv/dev-xxxxx/your_home_dir_from_omv/usernameavailable for: pick nextcloud user
your user home dir is owner by username and nextcloud user www-data will not have permissions.
First i tried with ACL, but with that new files created with NextCloud are owned by www-data and your username will not be able to change that file
So i created new user group, for example group_name used in the code below , add my username and www-data to that group and change owner of my username dir
You can create group using OMV web and add your username into that group. But you need to add www-data with:
sudo usermod -a -G group_name www-dataafter that fix permissions
sudo chown -R username:group_name /srv/dev-diskxxx/your_home_dir_from_omv/username/All new files need to inherit the parent dir group ownership
sudo chmod g+s /srv/dev-diskxxx/your_home_dir_from_omv/username/The group must have write permissions
sudo chmod -R 775 /srv/dev-diskxxxx/your_home_dir_from_omv/username/After that you can force nextcloud to scan files in external storage with
docker exec --user www-data nextcloud-aio-nextcloud php occ files:scan --allHope I did not forget something 
About the domain you are using. I guess you're using subdomain
In DNS records, in my case, i have A record for main domain pointing to my public ip and i have CNAME records for subdomain
What about you? Do you have maybe A record for subdomain? I see that I have different response if I use proxy or DNS only in dns record configuration
Not sure is there a right way for this, or it doesn't metter
Thanks
In omv users settings I have enabled home dir
If I want to Nextcloud access this location, do I need to add this location in volumes or environment part of compose file?
In environment have "NEXTCLOUD_MOUNT" settings, but what if I want more than one mount location?
Hi
I found your post searching nextcloud access to user home dir
Nextcloud is for external access, and i want to use it with omv user home dir. There is no point to have separate locations for nextcloud users to store data.
Did you find some conf guide for this? Did you solve your problem and how?
I just started to look for details about the best way how to handle this.
Display MoreIn my case, for example, in the compose I set:
8484:80
8443:443
So on the router it will be:
PUBLIC 80 -> LOCAL 8484
PUBLIC 443 -> LOCAL 8443
You have custom. How did you handle this, to access your web from LAN?
I use a DNS server on my router for local domains.
Did u use custom port for NPM or
I use a DNS server on my router for local domains.
ok. now i can ping with nextcloud.domainname and to get response from locap ip.
But browser does not open the page
After replacing localhost from nginx proxy config and loopback ip from compose file my logs looked ok. Tried curl from outside and it connects. But in AIO submitting domain does not work so I put
SKIP_DOMAIN_VALIDATION:trueand I was able to continue AIO setup. Now I can access from outside using my domain. But from inside its not working
localip:11000 redirect to https:domainname and ... cant reach this page
adding records in hosts file on my local pc not working
NAT loopback config on my old cisco router have some issues
To try pihole dns maybe...
What is your choice?
I have this info and error repeating in Nginx app log
app-1 | [9/23/2025] [1:31:17 AM] [SSL ] › ℹ info Renewing SSL certs expiring within 30 days ...
app-1 | Connection Error: Error: read ECONNRESET
app-1 | [9/23/2025] [1:31:17 AM] [SSL ] › ℹ info Completed SSL cert renew process
app-1 | [9/23/2025] [2:31:17 AM] [SSL ] › ℹ info Renewing SSL certs expiring within 30 days ...
app-1 | Connection Error: Error: read ECONNRESET
app-1 | [9/23/2025] [2:31:17 AM] [SSL ] › ℹ info Completed SSL cert renew process
app-1 | [9/23/2025] [3:31:17 AM] [SSL ] › ℹ info Renewing SSL certs expiring within 30 days ...
app-1 | Connection Error: Error: read ECONNRESET
app-1 | [9/23/2025] [3:31:17 AM] [SSL ] › ℹ info Completed SSL cert renew process
app-1 | [9/23/2025] [4:31:17 AM] [SSL ] › ℹ info Renewing SSL certs expiring within 30 days ...
app-1 | Connection Error: Error: read ECONNRESET
app-1 | [9/23/2025] [4:31:17 AM] [SSL ] › ℹ info Completed SSL cert renew process
app-1 | [9/23/2025] [5:31:17 AM] [SSL ] › ℹ info Renewing SSL certs expiring within 30 days ...
app-1 | Connection Error: Error: read ECONNRESET
app-1 | [9/23/2025] [5:31:17 AM] [SSL ] › ℹ info Completed SSL cert renew process
app-1 | [9/23/2025] [6:31:17 AM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...
app-1 | [9/23/2025] [6:31:17 AM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
app-1 | [9/23/2025] [6:31:17 AM] [SSL ] › ℹ info Renewing SSL certs expiring within 30 days ...
app-1 | Connection Error: Error: read ECONNRESET
app-1 | [9/23/2025] [6:31:17 AM] [SSL ] › ℹ info Completed SSL cert renew process
app-1 | [9/23/2025] [6:31:17 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
app-1 | [9/23/2025] [6:31:18 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
app-1 | [9/23/2025] [6:31:18 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;"
app-1 | [9/23/2025] [6:31:18 AM] [Nginx ] › ℹ info Reloading Nginx
app-1 | [9/23/2025] [6:31:18 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -s reload
app-1 | [9/23/2025] [7:31:17 AM] [SSL ] › ℹ info Renewing SSL certs expiring within 30 days ...
app-1 | Connection Error: Error: read ECONNRESET
app-1 | [9/23/2025] [7:31:17 AM] [SSL ] › ℹ info Completed SSL cert renew process
app-1 | [9/23/2025] [8:31:17 AM] [SSL ] › ℹ info Renewing SSL certs expiring within 30 days ...
app-1 | Connection Error: Error: read ECONNRESET
app-1 | [9/23/2025] [8:31:17 AM] [SSL ] › ℹ info Completed SSL cert renew process
app-1 | Connection Error: Error: read ECONNRESETI did not see this before. Guess there is no need for such frequent renew?
If you have registered domainname.net, and have A record for nextcloud.domainname.net that you want to use for Nextcloud
When you want to configure Nginx proxy, in domain name you add only nextcloud.domainname.net, right?
After installing AIO, and you want to continue setup on
Quote
Page should open normally with https, or you get like this? (first you get info that its not secured and if you want to continue unsecured)
As for NGINX, port 11000 is correct, but you need to use http and not https.
For example, you will have:
Thats correct, and Its like that because you dont have ssl cert on your nextcloud destination. Thats why you use proxy, to communicate between https and http
I will try now to set server ip in nginx proxy settings, instead of loopback
Does anyone have settings
network_mode: host
or any of 3 solution described in "On the same server in a Docker container", here Configure the reverse proxy
If you have, which option did you use?
APACHE_IP_BINDING: HOST_IP
If you have problems with 127.0.0.1 or 0.0.0.0, use the host's IP; for example, if the server running Docker is 192.168.10.33, then this is the IP you need to enter.
I tried that settings, as I wrote.
There is no reason to have problem with loopback address or localhost,,, i guess you need to set server ip if proxy is not one same server.
But I can try...
All ports forwarded
To perform the domain certificate verification, you must forward ports 80 and 443 to the proxy. If you're using either of these ports in the OMV GUI, change them to different ports, or the verification will fail.
Thats what I meant here:
"Im using different ports on Nginx but all are forwarded on my router to the server. For example -12345:81, and my nginx is available outside with mypublicip:81 or localip:12345"
Like that i have other ports for 80 and 443
I followed instructions, but that is older. Has anyone done installation lately according to the?:
- Nextcloud AIO with proxy
- nginx as proxy
- both on same server
- custom ports
Hi
For last couple days I tried to submit domain with Nextcloud AIO
I have domain nextcloud.domainname.net pointing to my public ip
Nginx configured with proxy host with my domain as source and localhost:11000 as destination, and other parameters from guide
Im using different ports on Nginx but all are forwarded on my router to the server. For example -12345:81, and my nginx is available outside with mypublicip:81 or localip:12345
I tried lof of examples, from quick guide, docker in omv and GitHub-All-in-one , adding some parameres like
# APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy
Basically, I always have similar problems
QuoteThe domain is not reachable on Port 443 from within this container. Have you opened port 443/tcp in your router/firewall? If yes is the problem most likely that the router or firewall forbids local access to your domain. You can work around that by setting up a local DNS-server.
If I put in hosts inside the container line
localip domainname
then i have
QuoteNOTICE: PHP message: Info: It seems like the ip-address of domanname is set to an internal or reserved ip-address. (It was found to be set to '192.168.0.19')
NOTICE: PHP message: The response of the connection attempt to "https://domainname:443" was:
NOTICE: PHP message: Expected was: 1f1903faa166299a209d73xxxxxx
NOTICE: PHP message: The error message was: SSL: no alternative certificate subject name matches target hostname 'nextcloud.irfilius.net'
This test "https://domainname:443" does not make sense. There is no need for port after https???
I read somewhere that need to make changes in Nextcloud config.php
There is no file like that, but there is ConfigurationManager.php where i can see that nextcloud expects 443 ports. Tried to play with that file and changes, but nothing
I also tried different configuration of my cisco router, becase the NAT loopback / hairpin NAT
Anyone knows what happening?
solution for me was uninstalling docker, deleting all shared folders for docker and doing it from the beginning using OMV Conf guide , just in case I missed something. And it sesms I missed, cause I dont have this error now. But I have another 
Hi
Just one simple/quick question
What is better/ you use? OMV plugin or compose?
Maybe to separate it from omv with docker? And from usb stick like in my case where the omv is installed.
First installation was from this guide Nextcloud AIO (All In One)
In the last attempt my docker-compose file looks like from NEXTCLOUD AIO WITH PROXY
But I have same error after i login with passphrase.
here is my last log:
root@xxx:~# docker logs -f nextcloud-aio-mastercontainer
Trying to fix docker.sock permissions internally...
Creating docker group internally with id 990
........+.+...+......+...+.....+.+..+.......+............+.....+.+++++++++++++++++++++++++++++++++++++++++++++*.+....+..+............+.+.........+..+....+..............+.+.....+.+........+............+...+...+...+.+...+...........+.+......+............+..+.+..+...+....+...+........+.......+...+++++++++++++++++++++++++++++++++++++++++++++*...........+.....+....+...+.......................+...+.......+........................+.....+.+..+.......+..............+...................+..+...+.......+...+...+.........+........+.......+...........+..........+.....+....+......+..............+.............+...........+.+......+...+..............+.+.....+.+...............+.....+......+.......+...............+....................+...+..........+........+.........+.+.....+...............+.......+..+.......+.........+..+.......+...+..................+..+...............+.......+..+.+..+.......+......+..+.+..+.......+..+.........+......+.........+.......+.....+............+......................+.....+.+...+............+..+..........+..+...+...+...+.......+............+..+..........+...+.....+.+.........+......+.........+...+..............+......+.......+...+............+........+.........+.+..+..................+..................+.....................+......+...+...................+..+.............+..+..........+.....+...+.+.....+......................+..+......+......+...+.+..............+...+.......+...............+.....+.+....................+.+...+.....+.+..+...................+.....+....+.....+.......+.....+++++
..+++++++++++++++++++++++++++++++++++++++++++++*....+.+..+.+++++++++++++++++++++++++++++++++++++++++++++*...+...+.........................+.....+....+...+++++
-----
Initial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080
⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!
If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443
/usr/lib/python3.12/site-packages/supervisor/options.py:13: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
import pkg_resources
[Sun Sep 14 20:45:35.453845 2025] [mpm_event:notice] [pid 170:tid 170] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.5.2 configured -- resuming normal operations
[Sun Sep 14 20:45:35.453884 2025] [core:notice] [pid 170:tid 170] AH00094: Command line: 'httpd -D FOREGROUND'
{"level":"info","ts":1757882735.459552,"msg":"maxprocs: Leaving GOMAXPROCS=8: CPU quota undefined"}
{"level":"info","ts":1757882735.459727,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":29622741811,"previous":9223372036854775807}
{"level":"info","ts":1757882735.4597719,"msg":"using config from file","file":"/Caddyfile"}
{"level":"info","ts":1757882735.4606667,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"info","ts":1757882735.4615312,"msg":"maxprocs: No GOMAXPROCS change to reset"}
Error: loading initial config: loading new config: starting caddy administration endpoint: listen tcp: lookup localhost on [::1]:53: read udp [::1]:56226->[::1]:53: read: connection refused
[14-Sep-2025 20:45:35] NOTICE: fpm is running, pid 176
[14-Sep-2025 20:45:35] NOTICE: ready to handle connections
{"level":"info","ts":1757882736.500307,"msg":"maxprocs: Leaving GOMAXPROCS=8: CPU quota undefined"}
{"level":"info","ts":1757882736.500477,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":29622741811,"previous":9223372036854775807}
{"level":"info","ts":1757882736.5005088,"msg":"using config from file","file":"/Caddyfile"}
{"level":"info","ts":1757882736.5013516,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"info","ts":1757882736.502202,"msg":"maxprocs: No GOMAXPROCS change to reset"}
Error: loading initial config: loading new config: starting caddy administration endpoint: listen tcp: lookup localhost on [::1]:53: read udp [::1]:55261->[::1]:53: read: connection refused
{"level":"info","ts":1757882738.543149,"msg":"maxprocs: Leaving GOMAXPROCS=8: CPU quota undefined"}
{"level":"info","ts":1757882738.5433266,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":29622741811,"previous":9223372036854775807}
{"level":"info","ts":1757882738.543356,"msg":"using config from file","file":"/Caddyfile"}
{"level":"info","ts":1757882738.5442467,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"info","ts":1757882738.5451095,"msg":"maxprocs: No GOMAXPROCS change to reset"}
Error: loading initial config: loading new config: starting caddy administration endpoint: listen tcp: lookup localhost on [::1]:53: read udp [::1]:53929->[::1]:53: read: connection refused
{"level":"info","ts":1757882741.587492,"msg":"maxprocs: Leaving GOMAXPROCS=8: CPU quota undefined"}
{"level":"info","ts":1757882741.587667,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":29622741811,"previous":9223372036854775807}
{"level":"info","ts":1757882741.587698,"msg":"using config from file","file":"/Caddyfile"}
{"level":"info","ts":1757882741.5886083,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"info","ts":1757882741.5894864,"msg":"maxprocs: No GOMAXPROCS change to reset"}
Error: loading initial config: loading new config: starting caddy administration endpoint: listen tcp: lookup localhost on [::1]:53: read udp [::1]:36945->[::1]:53: read: connection refused
NOTICE: PHP message: Could not get digest of container nextcloud-releases/aio-domaincheck:latest cURL error 6: Could not resolve host: ghcr.io (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://ghcr.io/token?scope=repository:nextcloud-releases/aio-domaincheck:pull
NOTICE: PHP message: Not pulling the ghcr.io/nextcloud-releases/aio-domaincheck image for the nextcloud-aio-domaincheck container because the registry does not seem to be reachable.
NOTICE: PHP message: Could not start domaincheck container: Could not create container nextcloud-aio-domaincheck: {"message":"No such image: ghcr.io/nextcloud-releases/aio-domaincheck:latest"}
NOTICE: PHP message: Could not get digest of container nextcloud/all-in-one:latest cURL error 6: Could not resolve host: auth.docker.io (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://auth.docker.io/token?service=registry.docker.io&scope=repository:nextcloud/all-in-one:pullWhat confuses me is do I need this nextcloud-aio-domaincheck? If I use reverse proxy i dont need it, right?
Then this "could not resolve host" ....
Before this log it was: "cURL error 6: Could not resolve host: ghcr.io" (when was different image used in yml)
But i can ping ghcr.io even when I get into container
Has anyone had anything similar?
just go with the root
I know it could be interesting, but how much is needed for it. Im currently dealing with nginx and nextcloud. For that are special instructions not to set another user or to set puid=0