I am trying to set up nextcloud with letsencrypt on a raspberry pi 4 with openmediavault 5 installed. I’m following the " Nextcloud with Letsencrypt using OMV and docker-compose" guide on the openmediavault forum, and the guide on your blog.
I forwarded ports 444 to 443 and 81 to 80. I’ve installed your nextcloud, letsencrypt, and duckdns container using portainer. The docker-compose.yml file is here. My config.php file is here. The last entry to the letsencrypt log is here (let me know if I did not copy enough of the log file, there are many more entries above this one).
If I run this setup, and then go to https://nextcloud.my.duckdns.org/, or within the LAN to port 444 on my raspberry pi, I get a “welcome to our server” message (as in the attached screenshot). I’m a beginner at all of this. Can you help me figure out where my mistake is?
what does your nextcloud.subdomain.conf file look like? did you modify it at all? is nextcloud in the same docker network as letsencrypt?
also, your docker-compose.yml and config.php links are the same config.php file.
Hi driz,
well I have exactly the same problem as matthijs; my config.php has the same structure, nextcloud.subdomain.conf not modified as written in the blog guide, all containers are on the same network (processed on the same stack with portainer)
and my docker yml is here:
version: “2”
services:
nextcloud:
image: linuxserver/nextcloud
container_name: nextcloud
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Rome
volumes:
- /path-to/nextcloud/config:/config
- /path-to/nextcloud/data:/data
depends_on:
- mariadb
restart: unless-stopped
mariadb:
image: linuxserver/mariadb
container_name: mariadb
environment:
- PUID=1000
- PGID=100
- MYSQL_ROOT_PASSWORD=password
- TZ=Europe/Rome
volumes:
- /path-to/config/mariadb:/config
restart: unless-stopped
letsencrypt:
image: linuxserver/letsencrypt
container_name: letsencrypt
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Rome
-
URL=xxxx.duckdns.org
- EMAIL=my-email
- SUBDOMAINS=wildcard
- VALIDATION=duckdns
- DUCKDNSTOKEN=my-token
volumes:
- /path-to/config/letsencrypt:/config
ports:
- 444:443
- 81:80
restart: unless-stopped
letsencrypt certificate created without issue
i will start off by telling you that portainer causes a ton of issues (while also creating a bunch of extra work for you) hopefully you deployed your containers via compose and only use portainer to monitor.
next: please provide your nextcloud.subdomain.conf and your config.php
here the config.php:
<?php
$CONFIG = array (
'memcache.local' => '\OC\Memcache\APCu',
'datadirectory' => '/data',
'trusted_proxies' => ['letsencrypt'],
'overwrite.cli.url' => 'https://nextcloud.xxxx.duckdns.org/',
'overwritehost' => 'nextcloud.xxxx.duckdns.org',
'overwriteprotocol' => 'https',
'trusted_domains' =>
array (
0 => '192.168.0.25:444',
1 => 'nextcloud.xxxx.duckdns.org',
),
);
here the nextcloud.subdomain.conf:
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "letsencrypt", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
# 'trusted_proxies' => ['letsencrypt'],
# 'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
# 'overwritehost' => 'nextcloud.your-domain.com',
# 'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
# array (
# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
# 1 => 'nextcloud.your-domain.com',
# ),
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name nextcloud.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app nextcloud;
set $upstream_port 443;
set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_max_temp_file_size 2048m;
}
}
i’m sure you can see this is unreadable, please use backticks (can click the code button too) or pastebin/gist.
can you do tail -f /path-to/config/letsencrypt/log/nginx/error.log
then try to access your nextcloud.yourdomain.duckdns.org
you should see some data populate in the tail session, please put that into gist for us. thanks!
2020/05/11 00:11:25 [error] 403#403: *4 FastCGI sent in stderr: “Primary script unknown” while reading response header from upstream, client: 195.54.160.121, server: _, request: “GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.1”, upstream: “fastcgi://127.0.0.1:9000”, host: “188.218.29.1:443”
2020/05/11 00:11:54 [error] 402#402: *9 FastCGI sent in stderr: “Primary script unknown” while reading response header from upstream, client: 195.54.160.121, server: _, request: “GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1”, upstream: “fastcgi://127.0.0.1:9000”, host: “188.218.29.1:443”
2020/05/11 00:12:00 [error] 402#402: *11 FastCGI sent in stderr: “Primary script unknown” while reading response header from upstream, client: 195.54.160.121, server: _, request: “POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1”, upstream: “fastcgi://127.0.0.1:9000”, host: “188.218.29.1:443”
sorry but trying to link the github/gist now tells me I’m not allowed 
nothing happened in the log tail trying to access the nextcloud address and the browser gave generic connection error
accessing 192.168.0.25:444 redirect to the “welcome to our server” nginx page
Very sorry, I forgot to copy the conf.sample file. Once I did, I had to set proxy_max_temp_file_size 1024m; (in the default, it is 2048m). Now, things are working fine. Thanks a lot for writing the guide in your blog.
There were some errors in my original post. For completeness sake and possible support to others, I’m posting the corrected links below.
docker-compose.yml
/config/www/nextcloud/config/config.php
letsencrypt/nginx/proxy-confs/nextcloud.subdomain.conf
What kind of issues does portainer cause? It seems to be working for me, but I’m not an advanced user.
