Problems using SWAG with Nextcloud

I am attempting to use SWAG to get valid certs for my Nextcloud installation. I am using docker containers provided by Linuxserver (frankly, they are so far better than most others for many reasons!) using a docker-compose.yaml file that is based on examples provided at

The docker-compose.yml I am using (with redactions of sensitive information) is listed below:

version: ‘3’

services:

swag:
image: Package swag · GitHub
container_name: certget
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- URL=soliannet.net
- VALIDATION=http
volumes:
- ./data/nextcloud/appdata:/config
ports:
- 443:443
- 80:80
restart: unless-stopped

db:
image: ghcr.io/linuxserver/mariadb
container_name: mariadb
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- MYSQL_ROOT_PASSWORD=REDACTED
- MYSQL_PASSWORD=REDACTED
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=REDACTED
volumes:
- ./data/mariadb/:/config
- ./data/mariadb/conf.d:/etc/mysql/conf.d
ports:
- 3306:3306
restart: unless-stopped

nextcloud:
image: ghcr.io/linuxserver/nextcloud
container_name: nextcloud-app
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
volumes:
- ./data/nextcloud/appdata:/config
- ./data/nextcloud/data:/data
external_links:
- mariadb:mariadb
depends_on:
- swag
- db
restart: unless-stopped

Note that in a departure from the example, I am using http as my validation. The example uses duckdns,but I have no key for that and according to the documentation I can use http to get regular certs through certbot. Also: I own the domain.

When I do a docker-compose up, everything starts smoothly. SWAG successfully gets its cert from LetsEncrypt, the database starts up without problems, and Nextcloud starts up. The startup log I have is somewhat long, so I will include it in a seperate post if someone thinks they need to see it.

I am encountering two problems:

  1. Despite the successful acquisition of the valid cert and key from LetsEncrypt, when I access my system I get the “invalid cert” warning. It is as if the installed valid cert is invisible to the system.

  2. When I click on “advanced” and select "continue to page (unsafe), the front page I get is not Nextcloud! I get a page that says “Welcone to SWAG”. My Nextcloud container is running but is invisible.

Aside from the use of http as my validator, I am following the example provided for the SWAG setup. Am I missing something? Is there a typo somewhere in my docker-compose.yml file? Or is there something else I need todothat is not covered in the examples?

Someone lease advise.

If you are using http validation, I think you need to be directly connected to the outside internet. As such, please close that 3306:3306 port forward, unless you have a firewall that can block that. It’s not need anyway.

Also please format your compose file so it is readable. We also need the proxy config you have for nextcloud to assist.

Glitch:

Thanks for your fast reply.

  1. Everything I offer from my servers is behind a firewall, including the mariadb database, my swag instance, and my nextcloud instance.

  2. Actually, I had originally formatted my compose file as a code block in proper YAML format. I guess as part of the approval process for my post, my formatting was removed. I will attempt to reformat.

  3. Which “proxy config” are you asking for? There appear to be several of them in the Nextcloud data configuration, including some PHP files. Please specify the path to the config file you are asking for.

The proxy-conf in the swag container.

Why is this present in your compose for swag? This is all kinds of wrong.

volumes:
- ./data/nextcloud/appdata:/config

I think you might need to re-read the piece written on swag and try some other simpler examples.