-
Reverse-proxy (Caddy) already in place. How do I install/configure NC AIO in this scenario? Caddy is running inside his own container and uses "caddy_net" as his network. All other containers attach to "caddy_net" so no ports conflict and Caddy can reference each host/service by name.
And how about docker-compose.yml for Nextcloud AIO?
|
Beta Was this translation helpful? Give feedback.
Replies: 24 comments 119 replies
-
Hello, you should follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md |
Beta Was this translation helpful? Give feedback.
-
Already tried, do not worked... As I use a VPS and have the domain configured, I need to do the initial setup "from home". Tried using docker-compose and several different configurations on Caddyfile. Will try again now, using only command line. Thanks for the fast response and by this amazing piece of software! |
Beta Was this translation helpful? Give feedback.
-
Before run the command...
Executed command:
Output of above command:
New situation:
Caddy container can identify "nextcloud-aio-mastercontainer" by name and resolv his IP address:
Now, to Caddyfile!
This...
Turns this:
Then, One eye on Caddy log and other on nextcloud-aio-mastercontainer... Bang! First attempt gives me "SSL_ERROR_INTERNAL_ERROR_ALERT" on Firefox and nothing. On second try, added my certificate and Caddyfile now is:
Still do not works. On Caddy logs (with debug on):
So, any ideas? |
Beta Was this translation helpful? Give feedback.
-
Thanks for the write up! I’m stuck at to same point. With caddy-file
I’m getting the following error in caddy:
although "resume normal operations" doesn’t sound too bad, I’m not able the get though with :443, :8080, :844r or anything.
|
Beta Was this translation helpful? Give feedback.
-
Hello, I see we have to drastically improve the reverse proxy documentation. I already have some ideas but will probably not come to it before this afternoon. |
Beta Was this translation helpful? Give feedback.
-
For anyone reading this, please follow the reworked reverse proxy documentation: https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md |
Beta Was this translation helpful? Give feedback.
-
I even used netshoot on nextcloud-aio-mastercontainer to confirm open ports, see output bellow:
I will shutdown every other container and let only Caddy and Nextcloud-AIO running to see better... |
Beta Was this translation helpful? Give feedback.
-
@szaimen "Stubborn" might not be the right word. "Determined", "persevering" I think is more appropriate. Maybe I found the root cause of the problem. The file docker-compose.yml contains an assumption that is probably what prevents nextcloud-aio-mastercontainer from opening nextcloud-aio-domaincheck, this one will run Apache on port 11000.
In my case (and will be the case of others):
After change from
Now I can proceed with the investigation/configuration of Caddy. If/when I make it work, I will share my findings/configuration. |
Beta Was this translation helpful? Give feedback.
-
A little progress but still not there... I got to initial setup, browser opens a new tab but when I enter the domain to be used by the new AIO instance I got "Domain does not point to this server or reverse proxy not configured correctly.". At this moment, only two Nextcloud containers running, Info from both containers (I used
Caddy container:
Caddy
from Caddyfile, configuration relative to Nextcloud
Nextcloud-AIO
Log on Caddy (with debug enabled) right after click "Submit" button)
Log on
|
Beta Was this translation helpful? Give feedback.
-
I repeated the test now with more one tab watching the logs of This is the only thing that appeared on the log: @szaimen will repeat tests with your suggestion. The strange part is that I do not have a "private" IP on this VPS, only a valid IP address. Private addresses, only the ones automatically created by Docker for his network things. So, will try with the <external.ip.address.of.the.host> instead of the <private.ip.address.of.the.host>. I also do a lot of documentation. We need to choose the words used carefully because otherwise we can mislead our "users". Clear enough? :/ |
Beta Was this translation helpful? Give feedback.
-
Private IPs are that which cannot be routed through Internet. |
Beta Was this translation helpful? Give feedback.
-
@peracchi does |
Beta Was this translation helpful? Give feedback.
-
Created normal user and installed Docker. Nothing more. Output of
And some more info...
|
Beta Was this translation helpful? Give feedback.
-
Ok, Caddy running with this docker-compose.yml and Caddyfile (Nextcloud not yet)
|
Beta Was this translation helpful? Give feedback.
-
Will test (before run Nextcloud AIO) try to open the URLs from Firefox (just to confirm Caddy is ok and certificate was issued without problems). |
Beta Was this translation helpful? Give feedback.
-
I enter only As expected, all ok with certificate (thanks, Caddy!) but nobody is listening on IP address 209.145.62.xxx port 11000 to receive data from Caddy. Same thing with https://nextcloud.cites.aop:8443 - nobody listening on IP address 209.145.62.xxx port 8080 to receive data from Caddy. Just this tests made me see that things will not work this way, do you see? IP 209.145.62.xxx is of the HOST of the Docker's containers... Caddy itself is a container! And his job is to intermediate communication for other containers. So, Caddyfile must be contructed to "reverse-proxy" to CONTAINER'S NAMES and this is the "beauty" of Docker (containers) system. You do not need to worry about IP addresses, you just use the container's names and voilá! You have security, you have isolation (between cointainers AND networks), etc. |
Beta Was this translation helpful? Give feedback.
-
The closest I came to a solution was with: Nextcloud
Caddy
and
Absolutely nothing on
Error on Caddy's log:
Error code = "status":422 |
Beta Was this translation helpful? Give feedback.
This comment has been hidden.
This comment has been hidden.
-
For us to think together...
What I see now on my VPS while trying to setup Nextcloud AIO:
I can start Nextcloud AIO setup if I use only
on Caddyfile. I can login into "Nextcloud AIO Login", The problem is that this container creates a new network "nextcloud-aio" = 172.19.0.0/16, gets IP 172.19.0.3 there and exposes port 11000 on "nextcloud-aio" and on Docker's default bridge, 172.17.0.0/16 as if it was the host... I am still thinking about it but it seems a network engineering design flaw somewhere. Docker/containers are meant to make things easy and "portable". I think if your solution only works if Docker is used/configured a certain way then your solution is not a good Docker solution. My two cents... If someone else wants to give a try, below some copy/paste commands to quickly test this out. You only need to change domain names, credential and api token (if using Cloudflare DNS).
Nextcloud AIO seems to be a great idea/piece of software. Who do not wants a simple and easy Docker solution to an optimized version of Nextcloud? I was making my own version of "Docker solution to an optimized version of Nextcloud". Everything wents very well until add Collabora/Code to the equation. Then I saw some news about Nextcloud AIO and here I am... :) |
Beta Was this translation helpful? Give feedback.
-
Here:
See? No open port 11000 on the host as you described above... |
Beta Was this translation helpful? Give feedback.
-
No problem @szaimen , just documents that Nextcloud AIO only works using the "network = host" parameter. And do not post wrong affirmatives. |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
Now I give up... Using Ubuntu 22.04, Docker installed using the script, port 11000 open on localhost, Caddyfile as in documentation.
And nothing appears on In Caddy log, the last line, that presents an error, is this:
By the way, the same error presented when I was using Arch. :/ |
Beta Was this translation helpful? Give feedback.
-
Since it somehow does not seem to work for you, I guess it makes sense for you to be able to modify all details yourself. See #557 |
Beta Was this translation helpful? Give feedback.
Since it somehow does not seem to work for you, I guess it makes sense for you to be able to modify all details yourself. See #557
I'll probably work on that soon.