New nextcloud installation, need help


I am slowly converting my services on server to docker containers. I have already converted unifi controller and home assistant. I did used LSIO images in both cases. So I deceded to used nextcloud LSIO image too.

here is my compose file

version: "2.1"
    container_name: nextcloud
      - PUID=1000
      - PGID=984
      - TZ=Europe/Bratislava
      - /docker_volumes/nextcloud/config:/config
      - /docker_volumes/nextcloud/data:/data
      - 8043:443
    restart: unless-stopped

As you can see I want open 8043 port on my server because 443 is occupaid by another service
I was able to start service for first time. But I did update compose file and now I am not able to restart. I did delete all related files and start from scratch. But still getting following error when starting service:

# for first time
sudo docker-compose up -d
#or after stop
sudo docker-compose start

and output is:

Starting nextcloud ... 
Starting nextcloud ... error

ERROR: for nextcloud  Cannot start service nextcloud: 
               driver failed programming external connectivity on endpoint nextcloud 
               (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 8043 -j DNAT 
                 --to-destination ! -i br-816d03fea7e9: iptables: 
                    No chain/target/match by that name.
 (exit status 1))
ERROR: No containers to start

here is output of ip ad command:

5: br-bef332d3e5fe: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:ef:c0:1f:af brd ff:ff:ff:ff:ff:ff
    inet brd scope global br-bef332d3e5fe
       valid_lft forever preferred_lft forever
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:c1:d1:17:d4 brd ff:ff:ff:ff:ff:ff
    inet brd scope global docker0
       valid_lft forever preferred_lft forever
7: br-816d03fea7e9: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:8a:9d:91:1d brd ff:ff:ff:ff:ff:ff
    inet brd scope global br-816d03fea7e9
       valid_lft forever preferred_lft forever
    inet6 fe80::42:8aff:fe9d:911d/64 scope link 
       valid_lft forever preferred_lft forever

My another two docker services (unifi controller and home assistant) are configured network_mode: host because I want expose all ports to my server IP / link. So there should not be br-* network devices. I have not seen those before.

I do not understant where br-* devices come from.

thank you very much for help


  • I did stop and remove nextcloud container.
  • remove nextcloud_default network.
  • remove volume data and config
  • docker network prune
  • docker system prune
  • restart server

then I did start nextcloud container:
sudo docker-compose up -d

I get nextcloud page when browsing https://server_ip:8043 , super.
I did also check what curl is getting, and looks OK:

curl -kI https://server_ip:8043
HTTP/2 200 
server: nginx/1.18.0

but I have nginx running on that server as reverse proxy and I want to forward all trafic from nextcloud.mydomain to localhost:8043 and block port 8043 by firewall.

here is my nginx reverse proxt config for nextcloud.mydomain

cat /etc/nginx/sites-enabled/nextcloud.conf

server {
        listen 80;
        listen [::]:80;
        server_name nextcloud.mydomain;
        return 301 https://$host:443$request_uri;
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name nextcloud.mydomain;

    ssl_certificate /docker_volumes/nextcloud/config/keys/cert.crt;
    ssl_certificate_key /docker_volumes/nextcloud/config/keys/cert.key;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass https://localhost:8043;
        proxy_read_timeout 90;
        proxy_redirect https://localhost:8043 https://nextcloud.skriatok.doma;

by browsig http://nextcloud.mydomain I am getting 502 Bad Gateway error message.
also curl is saying that.

thanks very much for help or tip

I did find out the problem. It was firewall on server who was blocking trafic from br-* device / docker network. So I did create new zone in shorewall, add br-xxx interface into that zone and allow trafic between $FW and new zone.

If I understand that correctly, updating container will not change network name and its device name, so I should be OK with shorewall config.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.