Nextcloud questions
ramolec opened this issue · 2 comments
@zilexa Thanks for sharing this, I know you haven't been using nextcloud. But I'd really like to test the architecture the way you've built it, but I've had no success for a week.I'm wanting to test nextcloud accessing locally on my private network and also externally.
My DockerCompose
version: "2.0"
services:
##_____________________ Caddy [CLOUD/web-proxy]
caddy:
container_name: caddy-proxy
image: lucaslorentz/caddy-docker-proxy:ci-alpine
restart: always
networks:
- web-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- $DOCKERDIR/caddy/caddy_data:/data
- $DOCKERDIR/caddy/config:/config
volumes_from:
- nextcloud
ports:
- 80:80
- 443:443
labels:
caddy_0: http://adguard.server
caddy_0.reverse_proxy: host.docker.internal:3000
##
##____________________ NextCloud
nextcloud:
image: nextcloud:fpm-alpine
container_name: nextcloud
restart: always
mem_limit: 2048m
mem_reservation: 512m
networks:
- web-proxy
- nextcloud
depends_on:
- nextcloud-db
- nextcloud-cache
environment:
NEXTCLOUD_DATA_DIR: /var/nextdata
NEXTCLOUD_TRUSTED_DOMAINS: next.$DOMAIN
NEXTCLOUD_ADMIN_USER: $ADMIN
NEXTCLOUD_ADMIN_PASSWORD: $ADMINPW
POSTGRES_HOST: nextcloud-db
POSTGRES_DB: nextcloud
POSTGRES_USER: $USER_INT
POSTGRES_PASSWORD: $PW_INT
REDIS_HOST: nextcloud-cache
#SMTP_HOST: $SMTPHOST
#SMTP_SECURE: tls
#SMTP_NAME: $SMTPUSER
#SMTP_PASSWORD: $SMTPPASS
#SMTP_FROM_ADDRESS: $EMAIL
#SMTP_PORT: 587
volumes:
- $DOCKERDIR/nextcloud/var/nextdata:/var/nextdata
- $DOCKERDIR/nextcloud/var/www/html:/var/www/html
- $DOCKERDIR/nextcloud/var/www/html/config:/var/www/html/config
labels:
caddy: next.$DOMAIN
caddy.tls: $EMAIL
caddy.file_server: ""
caddy.root: "* /var/www/html"
caddy.php_fastcgi: "{{upstreams 9000}}"
caddy.php_fastcgi.root: "/var/www/html"
caddy.php_fastcgi.env: "front_controller_active true"
caddy.encode: gzip
caddy.redir_0: "/.well-known/carddav /remote.php/dav 301"
caddy.redir_1: "/.well-known/caldav /remote.php/dav 301"
caddy.header.Strict-Transport-Security: '"max-age=15768000;includeSubDomains;preload"'
##____________________ NextCloud Database
nextcloud-db:
container_name: nextcloud-db
image: postgres:12-alpine
restart: always
networks:
- nextcloud
environment:
POSTGRES_USER: $USER_INT
POSTGRES_PASSWORD: $PW_INT
volumes:
- $DOCKERDIR/nextcloud/db:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
##____________________ NextCloud Cache
nextcloud-cache:
container_name: nextcloud-cache
image: redis:alpine
restart: always
mem_limit: 2048m
mem_reservation: 512m
networks:
- nextcloud
command: redis-server --requirepass $PW_INT
##______________________ AdGuard Home [PRIVACY/Blocker]
adguard:
container_name: adguard
image: adguard/adguardhome
restart: always
network_mode: host
volumes:
- $DOCKERDIR/adguardhome/work:/opt/adguardhome/work
- $DOCKERDIR/adguardhome//conf:/opt/adguardhome/conf
#labels:
# plugsy.name: AdGuard
# plugsy.link: http://adguard.o/
# plugsy.category: Network
##____________________ Portainer [SYSTEM/Docker]
portainer:
container_name: portainer
image: portainer/portainer-ce
restart: always
networks:
- web-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- $DOCKERDIR/portainer/data:/data
ports:
- 9000:9000
labels:
caddy: http://docker.server
caddy.reverse_proxy: "{{upstreams 9000}}"
# plugsy.name: Docker
# plugsy.link: http://docker.o/
# plugsy.category: System
networks:
web-proxy:
driver: bridge
nextcloud:
driver: bridge
My Problems / My Doubts
Trying to access through my domain I have the following error in the browser SSL_ERROR_INTERNAL_ERROR_ALERT
I created a ddnds through "noip.com", I configured my rooter, I unlocked ports 443 and 80, but I believe that the unlocking of the ports is not working I opened a ticket with my internet provider to understand the problem.
To test again using my domain I will wait for this port problem to be resolved.
But I would like to have nextcloud syncing and working also on my local private network, using only my LAN, either through an access "http://nextcloud.o/" or the ip of my server only within my lan.
And this I'm not getting. How can I make it work locally on the private network and on the external network? It is possible?
Since you are using NOIP, you have to figure out how you can get a TLS certificate for it. This is far beyond the scope of this guide.
If you want to use Caddy, better first check the Caddy documentation, then ask in their forum (https://caddy.community) if and how Caddy can work with NOIP.
Caddy-docker-proxy might not be able to work with NOIP at all, as it doesn't include any optional Caddy plugins.
Regarding local LAN access, get that working without a local domain first, before trying to get the domain to work.
Also realize my NextCloud example is very outdated.
You are better off using official NextCloud documentation and their forum to find the minimum compose you need to get NextCloud to work by going to your LAN IP, without local domain.
Furthermore, I don't fully understand your end goal. If you want access to a service via internet, you need HTTPS (requires a reverse proxy and your own domain).
You can will then always access the service via https and your domain, regardless whether you are on LAN or not.
If you only want access within LAN, you don't need NOIP or your own domain.
You cannot use a local domain and https domain for the same service, that does not make sense. The reverse proxy needs to have an endpoint. Not 2. That cannot work. And also does not serve any use case I can imagine.
I have updated the Nextcloud example:
Do not use it as your starting point, its too outdated. Nextcloud is not covered by this guide. There is enough documentation from NextCloud and from Caddy to use NC with Caddy as reverse proxy.