Nextcloud / Traefik uncooperative (redirecting to https://_/)

I’m running a whole suite of linuxserver containers using docker-compose and Ironic Badger’s awesome Debian server guide. While I began using dynamic DNS (ddns.info) in the first instance, I’ve since gotten a proper domain name and a static IP address and have begun migrating all my services to sit behid a reverse proxy and use lets-encrypt. For reasons I won’t go into here, the lsio lets encrypt image didn’t work for me, so I’m using traefik with a wildcard subdomain which works quite well for nearly everything, except Nextcloud. Nextcloud hums along just fine, and then when I enable traefik (config samples beow), it becomes suddenly inaccessible, that is, the server redirects me to https://_/ with a 301. I’ve been through quite a lot of scenarios, and I think I’ve isolated the issue to the configuration of the lsio nextcloud container, but am struggling to identify the next steps for troubleshooting (in part because I’m not an nginx expert - but rather an old apache hand).

Relevant docker-compose.yml samples:

  traefik:
    # Note: upgrade to traefik 2 requires major migration, so holding at 1.7 for now
    image: traefik:v1.7.19 # The official Traefik docker image
    container_name: traefik
    restart: always
    command: --api --docker --configFile=/traefik.toml # Enables the web UI and tells Traefik to listen to docker
    restart: unless-stopped
    networks:
      traefik_proxy:
    ports:
      - "80:80"     # The HTTP port
      - "443:443"   # HTTPS
    labels:
      - "traefik.enable=true"
      - "traefik.backend=traefik"
      - "traefik.frontend.rule=Host:traefik.my.dns"
      - "traefik.port=8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
      - /opt/appdata/traefik/traefik.toml:/traefik.toml
      - /opt/appdata/traefik/acme.json:/acme.json
      - /opt/appdata/traefik/log:/log
    env_file:
      - /opt/traefik.env
nextcloud-mariadb:
    image: linuxserver/mariadb
    container_name: nextcloud-mariadb
    labels:
      - "traefik.enable=false"
    networks:
      nextcloud:
    volumes:
      - /opt/appdata/mariadb:/config
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=blahblahblah
  nextcloud:
    image: linuxserver/nextcloud
    container_name: nextcloud
    networks:
      traefik_proxy:
      nextcloud:
    labels:
#     disable traefik:
      - "traefik.enable=false"
#     basic options
#      - "traefik.backend=nextcloud"
#      - "traefik.docker.network=traefik_proxy"
#      - "traefik.enable=true"
#      - "traefik.frontend.rule=Host:nextcloud.my.dns"
#      - "traefik.port=80"
#      - "traefik.protocol=http"
    volumes:
      - /opt/appdata/nextcloud:/config
      - /mnt/disk1/nextcloud:/data
    ports:
      - "4003:443"
    restart: always
    depends_on:
      - nextcloud-mariadb
    links:
      - nextcloud-mariadb:mariadb
    environment:
      - PUID=${PUID}
      - PGID=${PGID}

Simply invert comments on relevant lines under nextcloud container config to see how I’m trying to get it working under traefik.

What I’ve done:

  • Edited /opt/appdata/nextcloud/www/nextcloud/config/config.php, 'trusted_domains' => array () to include new domain.
  • Deleted /config/nginx/site-confs/default (was hoping this would resolve issue, but no effect)
  • DNS zone file changes unnecessary as the wildcard config I have set up with traefik is working fine already.

Any ideas? Happy to provide more information if there’s anything relevant I’m leaving out here. Thanks in advance for the help!

I’m using traefik V2 and facing the same issue. I have an airsonic container and whoami container that both work correctly but I also get this weird redirect with the Nextcloud container.

@kidwellj @brakedust Did you found solution? I have the same issue with Nextcloud and Traefik

you guys are better off asking the traefik people about this. The LSIO team all uses the letsencrypt container, which works fine with nextcloud.

I’ve posted to traefik discourse in case anyone wants to keep an eye on the discussion: https://community.containo.us/t/nextcloud-traefik-uncooperative-redirecting-to-https/5340

Radio silence on traefik forums. However, I’m starting to think this is an issue with nginx in the container. Will repost as another entry…

Just FYI, in case anyone else wanders over here and wonders. I’ve resolved the issue, thanks to a tip by a user on the nextcloud forum. You can read it here: https://help.nextcloud.com/t/nextcloud-migration-to-traefik-failing-looking-for-help-troubleshooting/79129/2. Essentially, I needed to modify the listen directive in nginx/site-confs/default to be sure that it wasn’t redirecting port 80 traffic to 443 (which I believe is, or at least was, default behaviour for this container at some point in the past). Working like a charm with traefik on my homeserver now.

2 Likes

So the actual issue is that the image uses port 80 and 443. Traefik by default chooses port 80 which is just a redirect to port 443. Following that redirect causes Traefik to again use port 80, hence the loop. The fix is to tell Traefik to use https over port 443. So Add to your labels something like:
traefik.http.services.nextcloud.loadbalancer.server.scheme: https
traefik.http.services.nextcloud.loadbalancer.server.port: 443
Assuming you’re on Traefik 2.0. If you’re on something lower you’ll need to look up the syntax.

1 Like

I tried those lines but then ended up with: “Internal Server Error”. Here’s my labels:
labels:
- traefik.enable=true
- traefik.http.routers.nextcloud.rule=Host(nextcloud.domain.tld)
- traefik.http.routers.nextcloud.tls.certresolver=letsencrypt
- traefik.http.services.nextcloud.loadbalancer.server.port=443
- traefik.http.services.nextcloud.loadbalancer.server.scheme=https