Upfront thanks to anyone for helping in advance!
I have the linuxserver solution nextcloud behind reverse proxy + swag installed and it generally work fine.
My setup:
Fritzbox (ports: 443:444, 80:81) → MiniAir11 with Openmediavault (IP: 192.168.178.59) uses ports 443/80) → Docker with Portainer (Containers: Mariadb + Nextcloud + swag (444:443 / 81:80))
Network created by portainer:
nextcloud_default: IP4 IPAM Subnet: 172.19.0.0/16, IP4 IPAM Gateway: 172.19.0.1
Container nextcloud ip adress: 172.19.0.4
Container swag ip adress: 172.19.0.3, published ports 444:443 / 81:80
My problems:
- In the nc administration settings the system/security checks take an awful long time and I got a timeout error. As a workaround I added /docker-appdata/nextcloud/config/nginx/ the 2 lines:
fastcgi_send_timeout 300s;
fastcgi_read_timeout 300s;
and now I only get the timeout once in a while
-
I get the „Welcome to swag“ swag.index page when trying to access nextcloud using the https://192.168.178.59:444. Is this related to 1. since it always takes the external route?
-
Security/System error: Your webserver does not serve
.mjsfiles using the JavaScript MIME type. This will break some apps by preventing browsers from executing the JavaScript files. You should configure your webserver to serve.mjsfiles with either thetext/javascriptorapplication/javascriptMIME type.
My mime.types files look like this:
container swag /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js mjs;
...
container nextcloud /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
text/javascript js mjs;
...
My docker yaml (using Portainer):
version: "2" # I think I can remove this?
services:
nextcloud:
image: ghcr.io/linuxserver/nextcloud
container_name: nextcloud
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Berlin
volumes:
- /docker-appdata/nextcloud/config:/config
- /docker-appdata/nextcloud/data:/data
depends_on:
- mariadb
restart: unless-stopped
mariadb:
image: ghcr.io/linuxserver/mariadb
container_name: mariadbdb
environment:
- PUID=1000
- PGID=100
- MYSQL_ROOT_PASSWORD=********
- TZ=Europe/Berlin
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=*****
- MYSQL_PASSWORD=********
volumes:
- /docker-appdata/mariadb:/config
restart: unless-stopped
swag:
image: linuxserver/swag
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Berlin
- URL=******.duckdns.org
- SUBDOMAINS=wildcard
- VALIDATION=duckdns
- DUCKDNSTOKEN=*****************
- EMAIL=*******@****.de
volumes:
- /docker-appdata/swag:/config
ports:
- 444:443
- 81:80
restart: unless-stopped
ha: #this is a homeassistant plugin for nc talk. Depends on nextcloud, that’s why I put it here
image: homeassistant/home-assistant
volumes:
- /docker-appdata/homeassistant:/config
- ./:/config/custom_components/nextcloud_talk/
depends_on:
- nextcloud
ports:
- 8124:8123
restart: unless-stopped
volumes:
homeassistant:
My docker-appdata/nextcloud/config/www/nextcloud/config/config.php
<?php
$CONFIG = array (
'datadirectory' => '/data',
'instanceid' => 'xxx',
'passwordsalt' => 'xxx',
'secret' => 'xxx',
'trusted_proxies' =>
array (
0 => '172.19.0.3', #the gethostbyname is overwritten after some container restarts
),
'overwrite.cli.url' => 'https://nextcloud.xxx.duckdns.org/',
'overwritehost' => 'nextcloud.xxx.duckdns.org',
'overwriteprotocol' => 'https',
'trusted_domains' =>
array (
0 => 'nextcloud.xxx.duckdns.org',
1 => '192.168.178.59',
),
'dbtype' => 'mysql',
'version' => '30.0.3.2',
'dbname' => 'nextcloud',
'dbhost' => 'mariadbdb',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'xxx',
'dbpassword' => 'xxx',
'installed' => true,
'memcache.local' => '\\OC\\Memcache\\APCu',
'filelocking.enabled' => true,
'memcache.locking' => '\\OC\\Memcache\\APCu',
'upgrade.disable-web' => true,
'app_install_overwrite' =>
array (
0 => 'ssepush',
),
'loglevel' => 2,
'auth.bruteforce.protection.enabled' => true,
'ratelimit.protection.enabled' => true,
'forwarded_for_headers' =>
array (
0 => 'HTTP_X_FORWARDED',
1 => 'HTTP_FORWARDED_FOR',
),
'maintenance' => false,
);