Letsencrypt + nextcloud: 504 Gateway Time-out

I recently ran into this error without changing anything in my setup. I get the error “504 Gateway Time-out” when trying to access my nextcloud instance at sub.domain.com, both from local network and from outside. I can access https pages in domain.com (apache running on host without docker) and ssh into the server. I have rebooted both the server and the router. My DDNS is up to date.

The nextcloud and letsencrypt logs are here and here.

Where to go from here?

EDITED TO ADD: I tried switching to swag, but the situation is the same. Swag log is here.

it sounds like you’re already forwarding 443 to your apache instance, it would need to goto swag for it to work.

https://docs.linuxserver.io/general/swag

also, if you have followed this and done the port forwarding, please share your compose for swag and nextcloud as well as the contents of /config/www/nextcloud/config/config.php

My apache gets domain.com, sub.domain.conf goes to nextcloud.
Here is my docker-compose for swag.
This is config.php.

For reasons unknown to me, the problem comes and goes now. I’m beginning to suspect something weird happening in my network.

I switched everything off in the network, but still run into this problem. When it works, it’s extremely slow. I can’t find anything hogging server resources in htop or nethogs.

a couple things

  1. it looks like you removed the original entry from the trusted domains array which you should not have done, you should have a minimum of the original + your added domain.
  2. that’s fine that thing1 gets domain.com and thing2 gets sub.domain.com where are the ports on your router going? if https://domain.com works and goes to apache, how is https://sub.domain.com able to use 443 and go to nginx? one port, one thing
  3. swag’s nginx has logging in /home/docker/appdata/letsencrypt/logs/nginx/ you should see access.log and error.log (amongst others) you can tail -f these and then try to access and see what’s going on. however, 504 means the traffic isn’t reaching swag at all, which makes sense since it sounds like you’re sending port 443 to your apache instance.

can you describe how you’re testing? external from a mobile connected cell phone or internal? if internal, do you have split dns or are you relying on hairpin nat? You could take a look at our troubleshooting guide: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ and see if this all works for you… I have a feeling it will not which should help diagnose further.

Sorry, I forgot to answer here.

I had a forgotten http server in addition to the apache running on the host. I removed that and now it works.