Replies: 33 comments 103 replies
-
In order to do a first start here, you can find a working caddy with docker-compose example here: |
Beta Was this translation helpful? Give feedback.
This comment has been hidden.
This comment has been hidden.
-
Hi guys, So on my host machine, which for me is Ubuntu 20.04 and with Docker installed, I set up the following docker compose file in my home folder:
Now I need to draw your attention to the two volumes I've set up there. The first one is the nginx configuration folder, and it's commented out. Because unless you just so happen to have an nginx folder sitting on your host machine in the same folder as this file, nginx is just going to get upset by the lack of, well, anything to work with. We'll sort that in a second though, don't worry :) The second one is the let's encrypt folder. This is where I have my SSL certificates that we absolutely need because reverse proxy mode requires a working SSL connection as it uses the address _So if you're like me, and you don't have your own certificates (don't rely on cloudflare's ones!), let's get some installed. On your hostmachine, install the "certbot" to get yourself a letsencrypt certificate. To do that, follow the instructions for your setup here: https://certbot.eff.org/instructions Once installed, just go ahead and run it, but let it know we're not actually all set up yet, so it doesn't need to try and install things for us, only give us our shiny new certificate :) Okay, so let's run it! Leave the nginx volume commented out, don't worry about that yet. Now then, we want to get that nginx folder out of the running container and onto our host machine. Let's do that!
Excellent! Now you can uncomment that volume line: And recreate the container by just running Right then, now we can just configure nginx. Open up your newly copied You can go ahead and edit this file into a reliable state, or if you prefer, just use what I've ended up on (for the time being):
Note here that I've kept the default landing page on port 80, I just figured I wanted something there so I could check if the proxy was running etc. I've also set the IP address for my host machine. For some reason I couldn't just use the host machine's host name, I'm not sure why. But make sure you change my Note you'll also need to change Now if you try to run the above, it'll fail with a message saying the variable named connection_upgrade does not exist. So let's fix that by now editing the nginx.conf file that you will have copied as part of the rest of the folder.
The only thing I've changed here is to add the block near the end, the bit that says
Now if you run Hopefully that should be you all sorted :) I hope to tidy this up a bit so that less editing is involved as an out of the box solution would be nicer. I'm thinking I'll try and put the certbot part into a docker container of its own for instance as I do like the portability of docker. I also think there's probably a way to avoid using the IP address of the host machine. |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
Beta Was this translation helpful? Give feedback.
This comment has been hidden.
This comment has been hidden.
This comment has been hidden.
This comment has been hidden.
-
Hello everyone, after many hours of trial and error i managed to get my own reverse proxy running. Reverse Proxy: Caddy Heres my own step by step guide: 1. Set up DDNS (Dynamic DNS)Check if your router itself has a DDNS setting and set it through that. Otherwise there are other ways to do the same thing, that I will not cover here. I suggest referring to the Arch wiki 2. NameCheap
3. FORWARD PORTS!!Man I'm kind of embarrassed of how long this took me. Needless to say, make sure to forward ports 80 and 443 that point to your local servers respective 80 and 443 ports 4. Set up Caddy
5. Install the nextcloud docker
6. Nextcloud AIO setupAfter the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server. 7. Docker-compose...I havent actually implemented it yet but will update this section if i eventually do (although everything is working flawlessly on my system as of now) Questions
Final wordsThis sure was a journey! I learned an incredible amount about networking, DNS, ports and so much more stuff that will no doubt be handy at some point in the future. Thank you so much for making all of this possible <3 |
Beta Was this translation helpful? Give feedback.
-
How to setup Nextcloud AIO Dockerimage with self signed certificates and Caddy for LAN onlyBefore you follow this setup, be aware that self signed certificates are not supported and it will probably cause problems for certain components. As I didn't know this, when setting it up myself I tried it out anyway and got it to work. For now most things seem to work, but I also didn't properly test it out. 1. Setup a DNSI used Dnsmasq for it, but it shouldn't make a difference. The only important thing is, that you set a domain that is resolved to the host, the reverseproxy is running on. Make also sure that your machines are using then this dns server throughout the network for resolving the domain, by setting the ip of the nameserver per machine or in your router settings. 2. Install Caddy and set it up as reverseproxyI installed it directly on my machine, because in the readme this was recommended, otherwise you needed some extra steps. Look here for further info: https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md (you can edit the Caddyfile then in /etc/caddy/Caddyfile and reload caddy)
Enable it and start it and then it should be ready to go. 3. Install the Nextcloud AIO ImageThen you can install the Nextcloud AIO Image with the following command: Hope this helped and have fun! |
Beta Was this translation helpful? Give feedback.
-
Docker in Docker Setup for nextcloud AIOHi everyone, I build a setup to run nextcloud AIO in a docker in docker setup (dind). This has some benefits, but also drawbacks. Please familiarize yourself with docker in docker first. This is not a complete reverse proxy guide. Instead I want to provide a different way besides the official. Use it and experiment yourself with it. Please share your own changes, thoughts, improvments below this tweet. I would like to hear about them and improve this setup. 1 Advantages and disadvantagesAdvantages
Disadvantages
-> If there is another way for you to run nextcloud, use the other way instead and use dind only if you have to. 2 HOW TOThe goal is to run a docker daemon in a docker container on the host and use another container to start a docker compose specifing docker-aio-mastercontainer on this dockerized daemon. So we need two docker-compose files.
docker-compose.yml version: '3.9'
services:
docker:
image: docker:dind # Using daemon version
restart: unless-stopped
privileged: true # Necessary to run docker in docker THIS CONTAINER HAS HOST ROOT PRIVILAGES
ports:
- 8080:8080 # Nextcloud AIO admin panel
# Uncommend to expose ports on host instead of using an external network for reverse proxy
# - 11000:11000 # Web port
# - 3478:3478 # Nextcloud Talk port
environment:
- DOCKER_TLS_CERTDIR=/certs
volumes:
- certs-client:/certs/client
- certs:/certs
- docker-data:/var/lib/docker
# - /mnt/backup:/mnt/backup # Mount backup to where you want
networks:
- default
- net
aiorunner:
image: docker:latest # Using cli version
restart: unless-stopped
depends_on:
- docker
volumes:
- certs-client:/certs/client:ro
- ./docker-compose.inside.yml:/compose/docker-compose.yml:ro
networks:
- default
environment:
- DOCKER_HOST=tcp://docker:2376
- DOCKER_TLS_CERTDIR=/certs
command: [
"docker", "compose", "-f", "/compose/docker-compose.yml", "up",
"--exit-code-from", "nextcloud",
"--quiet-pull",
"--no-log-prefix",
"--no-recreate",
]
volumes:
certs-client: # Volume to mount docker daemon tls certificates into aiorunner
certs: # Persist privat keys
docker-data: # Persist all data
networks:
net:
# In this network the services for the reverse proxy are exposed.
external: true docker-compose.inside.yml version: "3.9"
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed
services:
nextcloud:
image: nextcloud/all-in-one:latest
restart: "no"
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 8080:8080 # admin web interface
environment:
- APACHE_PORT=11000
- TALK_PORT=3478
# - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
# - DISABLE_BACKUP_SECTION=true # Setting this to true allows to hide the backup section in the AIO interface.
# - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
# - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
# - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
# - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
# - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
# - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
# - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
# - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
Please note that Im using a reverse proxy configured in another docker compose file and an "global" network 3 TestingI tested basic things. If you find something that is not working, let me know. |
Beta Was this translation helpful? Give feedback.
-
OK, This is a really nice project - after running nextcloud in different VMs and lxc and several problems with nextcloud talk (high performance backend is not the best experience when we talk about installation. however - here a liite walkthrough - maybe some things are missing. The whole installation is running on an oracle free tier - config: 4 arm64 cores, 24GB, 200GB Next steps are installing portainer and nginx proxy manager Important on the Oracle Cloud: you need to add ingress rules for your virtual network - as a minimal config I think 11000,80,81,443,3478,8000,8080,9000,9443 could be enough - I´m not shure, but these ports should be enough. And the docker-compose.yml files: NGINX proxy Manager
Nextcloud AIO
|
Beta Was this translation helpful? Give feedback.
This comment has been hidden.
This comment has been hidden.
This comment has been hidden.
This comment has been hidden.
-
Here is a working version for docker-desktop on Windows with caddy as reverse proxy: |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
Hi there! When I first encountered Nextcloud a couple of months ago, I found that it required a lot of manual configuration to get it up and running (I'm using Mac). Additionally, my current ISP setup(no NAT-loopback) and lack of a static public IP make it quite challenging to use, especially inside my local network with mobile app. After checking of AIO configuration options and failed to find one which will solve my case I decided to write my own solution. So, in the following config I'm using Nginx-Reversy-Proxy (NRP) with automatic server configuration and a lot of other features. AIO config pretty simple and follows official documentation: version: '3.8'
services:
nrp:
env_file:
- project.env
environment:
- TZ=Europe/Madrid
image: tuiteraz/nginx-reverse-proxy:0.5.0
restart: unless-stopped
container_name: nrp
ports:
- 80:80
- 443:443
- 3128:3128
volumes:
- ./nrp.yaml:/etc/nrp.yaml
- letsencrypt:/etc/letsencrypt
- /etc/localtime:/etc/localtime:ro
networks:
nextcloud:
cap_add:
- NET_ADMIN
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "5"
nextcloud-aio-mastercontainer:
env_file:
- project.env
image: nextcloud/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 8080:8080
environment:
- APACHE_PORT=${NEXTCLOUD_PORT}
- APACHE_IP_BINDING=0.0.0.0
- SKIP_DOMAIN_VALIDATION=true
networks:
nextcloud:
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "5"
networks:
nextcloud:
driver: bridge
volumes:
letsencrypt:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer In addition, simple public-ip:
checkAndUpdate: yes
schedule: 1h
dryRun: no
letsencrypt:
email: $CERTBOT_CONTACT_EMAIL
services:
- name: nextcloud
serviceIp: $NEXTCLOUD_IP
servicePort: $NEXTCLOUD_PORT
domainName: $NEXTCLOUD_DOMAIN
domainRegistrant: route53 Working example can be found here |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
I wrestled with this for a long time. Full details are on my github repo, but here's the short version. Setup
docker-compose
Caddyfile
Caddy container w/ Cloudflare DNS
I hope this helps someone. Someday, I'll reimage this thing to Ubuntu and that should significantly reduce the pain in my life. |
Beta Was this translation helpful? Give feedback.
-
I was basically trying to follow the instructions by Tom61 above, but failed so many times until I finally got it working with help of few other resources on the web that I found after digging around long enough. My setup is the following:
So what I had to do were pretty much like this:
example.duckdns.org
and that's it. I'll be using it locally only so I guess I'll remove the port forwarding completely. Just though I'd post this here for a "review" if what I have done is more or less okay and hopefully it could be help full for others too. |
Beta Was this translation helpful? Give feedback.
This comment has been hidden.
This comment has been hidden.
This comment has been hidden.
This comment has been hidden.
-
I think I have come across few, while looking other problems. Quickly googling found this :
https://pakstech.com/blog/nextcloud-cloudflare-tunnel/ <https://pakstech.com/blog/nextcloud-cloudflare-tunnel/>
… On 1. Feb 2024, at 4.18, MrTargaryen ***@***.***> wrote:
Are there any examples using Cloudflare Tunnel?
—
Reply to this email directly, view it on GitHub <#588 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AW3OHFZDXTD5FNP4Q2UZHYDYRLUNHAVCNFSM5VHXZS72U5DIOJSWCZC7NNSXTOKENFZWG5LTONUW63SDN5WW2ZLOOQ5TQMZSHE2DAMA>.
You are receiving this because you commented.
|
Beta Was this translation helpful? Give feedback.
-
Here's my working config for nginx-proxy-manager, after struggling for a bit: services:
nextcloud-aio-mastercontainer:
image: nextcloud/all-in-one:latest
init: true
restart: always
depends_on:
- nginx_proxy_manager
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
ports:
- 8080:8080
environment: # Is needed when using any of the options below
- APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- NEXTCLOUD_DATADIR=/mnt/nextclouddata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
- NEXTCLOUD_ADDITIONAL_APKS=imagemagick exiftool # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
nginx_proxy_manager:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
network_mode: host
volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
|
Beta Was this translation helpful? Give feedback.
-
As I had quite a struggle with NPM forwarding and Nextcloud AIO - I eventually extended my question post with the experience I made and made a guide with a breakdown of the steps necessary to the get NPM forwarding the right ports at the right time to the containers that are created during the setup of Nextcloud AIO. The breakdown includes a working compose file. Here is the link to the post on Github.
|
Beta Was this translation helpful? Give feedback.
-
For https://github.com/linuxserver/docker-swag, I was not happy to use the host IP as it should use docker internal networking. However, swag does not support Instead. to make swag work, do the following:
for
|
Beta Was this translation helpful? Give feedback.
-
apologies if i am bringing something that is already answered, but i spent the last 11 hrs till i got AIO to work with cloudflare zero trust and the whole thing was just to set the port in cloudflare to 11000, i will do some write ups which could be used. my question is: i tried to the ip address with port 8080 but i get the following:
my docker run is as follows:
|
Beta Was this translation helpful? Give feedback.
-
My Config and SetupI got Nextcloud running on an Ubuntu 22.04 Oracle Cloud Free instance behind Cloudflare (with HSTS enabled), using their SSL certificates generated with
My docker install script is pretty standard with the only addition being the sudo docker run --init --sig-proxy=false --name nextcloud-aio-mastercontainer --restart always --publish 8080:8080 --env APACHE_PORT=11000 --env APACHE_IP_BINDING=0.0.0.0 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config --volume /var/run/docker.sock:/var/run/docker.sock:ro --env SKIP_DOMAIN_VALIDATION=true nextcloud/all-in-one:latest A SuggestionI'd like to address something that could be improved on the docs. The section "get a valid certificate for the AIO interface" only has an example config for Caddy, and although I'm sure someone decently proficient with Nginx or their reverse proxy could write an equivalent configuration, but it would be nice to have it organized something like the section "Configure the reverse proxy" with dropdowns and such.
I think an encouragement on the page for others to post their configurations to add to the list would be a good addition as well. What do you all think? |
Beta Was this translation helpful? Give feedback.
-
Okay, I have a noob question. I have a server at home, that I use to run plex, and some of my web applications on different ports that are available through an asuscomm dynamic domain that my router sets up. It can use no certificate, or imported one, or letsencrypt certificate. So far I had no issue accessing my services from outside my local network, using the domain, asus sets up. However since I installed the nextcloud aio dockeriyed service, it completely sat onto the whole domain I use for everything else, and nothing gets through anymore on the ports that has nothing to do with nextcloud. lets say I used my plex on port 23456, a webapplication on 42515 another one on 21124, working fine, until nextcloud came and claimed everything on the domain I use. Where is the setting, that can tell the mastercontainer or the apache docker image or whatever it needs, to keep itself to the ports it claims that its using like 8080, 80 and 443 or whatever? I never used those for my own services, however they seem to get blocked whenever nextcloud is running. |
Beta Was this translation helpful? Give feedback.
-
For anyone using Nginx or alternatives that are configuration compatible. This may save some people from headaches. I wanted to have custom error pages served but for Nextcloud some locations need some extra configuration or you will get warning messages in the admin user panel. The easy solution is to not use custom error pages for 404 errors. Because the code in Nextcloud is looking for Nextcloud itself to return what is available and it seems "webfinger" and "nodeinfo" are not present if you don't use the "social app". The slightly more complex workaround I found was to pass the two directly as separate proxy_pass locations with new settings that specifically exclude 'error_page' for those two locations. These turn off error handling so for those two locations it gets passed directly to the Nextcloud backend, no custom error pages.
Full example:
|
Beta Was this translation helpful? Give feedback.
-
Since the configuration of AIO when using with a reverse proxy seems to be pretty complicated to understand, this thread is created to allow everyone to post their working docker-compose together with their reverse proxy configs. The general reverse proxy documentation is here: https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
Feel free to add your own working example to the thread!
Thanks everyone!
Beta Was this translation helpful? Give feedback.
All reactions