Comments (6)
Several things i see wrong with this setup, i will try to address them as much as i can.
Proxy:
This is sort of trimmed version of my nginx config on the proxy, but keep in mind it's not a working example, because my proxy is using a dedicated docker container, and it's autogenerated for it's most part. I tried to cut it out so you can compare it with yours, and add whatever is missing / different. I would suggest you use a container for your proxy as well.
Nginx configuration , click to expand
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
server_names_hash_bucket_size 128;
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
map $proxy_x_forwarded_proto $proxy_x_forwarded_ssl {
default off;
https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$upstream_addr"';
access_log off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
error_log /dev/stderr;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Proxy "";
upstream <domain> {
server <ip>:80;
}
server {
server_name <domain>;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/<domain>.crt;
ssl_certificate_key /etc/nginx/certs/<domain>.key;
ssl_dhparam /etc/nginx/certs/<domain>.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/<domain>.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
location / {
proxy_pass http://<domain>;
}
Nextcloud setup:
You are using a very very old compose file and that is also a very bad idea.Keep in mind, the example below is a generic working example, you need to edit it to match your configuration (in particular - your volume paths) and it is using a more recent version of Docker, so you should check what version of docker your RaspberryPi is using.
Also, I would suggest not opening the database port.
Click to expand this example
services:
db:
image: mariadb:10.6
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
- MARIADB_AUTO_UPGRADE=1
- MARIADB_DISABLE_UPGRADE_BACKUP=1
redis:
image: redis:alpine
restart: always
app:
image: nextcloud:apache
restart: always
ports:
- 127.0.0.1:8080:80
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_HOST=db
- REDIS_HOST=redis
depends_on:
- db
- redis
cron:
image: nextcloud:apache
restart: always
volumes:
- nextcloud:/var/www/html
entrypoint: /cron.sh
depends_on:
- db
- redis
volumes:
db:
nextcloud:
I would get rid of watchtower container if you don't know what exactly is doing and what problems it can create. It's good to have, but only in specific scenarios.
Also, I am assuming you are using valid certificates. Invalid such will cause problems with most browsers, unless you explicitly allow them / add them to the certificate stores of said browsers.
from docker.
Thank you so much for the reply. I will try out the NGINX Proxy Manager that I have been hearing about. It is a container as well. Thank you for the updated docker-compose file. I try your suggestions and try this again. LEARNING IS HARD :-(
ROFL
from docker.
also, yes the certificates are valid and from LetsEncrypt
from docker.
As a guide ( Iwrote this a while ago, and I'm unsure on how accurate it is) you can use this https://github.com/tzerber/docker_nc_psql_nginx_ssl
Screenshots there will help with nginx-proxy-manager for sure.
from docker.
Hi @TacitTactics!
Can you post your query on the Help Forum (https://help.nextcloud.com)? This channel is for bug reporting in the image itself and this seems to be a general troubleshooting matter.
Then all clients are redirected to "https://localhost:8080/" but this is just wrong because the docker is only listening on 80 http.
Well, it's closer because you'd like clients to be directed to your external https:// proxy, correct? :)
What are your other overwrite*
parameters set to? You can set a port for overwritehost
.
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#proxy-configurations
https://github.com/nextcloud/docker?tab=readme-ov-file#using-the-apache-image-behind-a-reverse-proxy-and-auto-configure-server-host-and-protocol
from docker.
Then all clients are redirected to "https://localhost:8080" but this is just wrong because the docker is only listening on 80 http
Your container is actually listening on 8080 per your config so it's accurate based on what you've told Nextcloud so far.
Keep in mind there are additional overwrite* parameters you will likely need to set, such as the external hostname and port. The overwrite* parameters are all about telling Nextcloud what your externally visible HTTPS host is reachable at. That is presumably, in your case, your outermost reverse proxy that you labeled Reverse Proxy (NGINX) in VPS.
Use the hostname of the Nextcloud vhost on it, its associated port, protocol, etc.
See the Reverse Proxy section of the Nextcloud Admin Manual (https://docs.nextcloud.com) as well as the Docker specific notes here in this repository's README.
I'm going to close this since there isn't anything actionable here for us to do in the image itself. But do feel free to follow-up at the [Community Help Forum]
(https://help.nextcloud.com).
Hope that helps.
from docker.
Related Issues (20)
- PHP-FPM UID + GID incompatible with Nginx UID + GID HOT 3
- Failed upgrade from 28.0.3.2 to 29.0.0.19, stuck in restart loop. HOT 2
- arm64/v8 non-existant? HOT 4
- trusted_proxies setting fails because of reverse-proxy.config.php HOT 7
- nextcloud:28.0.5-fpm-alpine image for arm64 has wrong architecture inside HOT 1
- Infinite loading Nextcloud iOS app HOT 1
- Infinite loading with iOS Nextcloud App HOT 1
- Checksetup request timed out - increase timeout fix it HOT 3
- 28.0.3.2 → 29.0.0.19: issues about .htaccess and .well-known HOT 19
- Cron runs for a time then stops (kuma docker with nextcloud docker) HOT 3
- Nextcloud 28 alpine image - permission denied when post-installation hook is invoked HOT 6
- `TRUSTED_PROXIES` doesn't evaluate `gethostbyname` HOT 5
- Error about docker-compose deploying Redis services HOT 1
- Replication Mariadb HOT 1
- Inventory and clarify how each auto-config value is handled [WIP]
- Document how to use `NC_*` environment variables with Nextcloud Server via the image HOT 1
- upgrade: oc_migrations already exists HOT 1
- Image for version 28.0.6 not available on Dockerhub HOT 15
- Add some auto config via hooks examples (e.g. setting arbitrary `config.php` values via `occ config:system:set`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker.