SWAG+Nextcloud: ERR_CONNECTION_CLOSED

General Docker
1

Hi

So I have been struggling for a few days now getting swag+nextcloud to work through docker on my Pi4 on my own domain. I wan’t to have nextcloud on a subdomain like nextcloud.domain.com but I keep getting ERR_CONNECTION_CLOSED no matter what settings I try in the different files and my router+DNS settings. I can do it just fine with letsencrypt+nginx-proxy using the official nextcloud docker container, but I want to use SWAG to be able to combine more easily with other linuxserver docker images, and, because it’s swag. I have been following the guide here SWAG setup - LinuxServer.io
and used a very similar docker-compose.yml file (through portainer, but probably irrelevant), but just with cloudflare dns verification and everything adjusted to my own domain like this:

  - URL=mydomain.com
  - SUBDOMAINS=wildcard
  - ONLY_SUBDOMAINS=false
  - VALIDATION=dns
  - DNSPLUGIN=cloudflare
  - EMAIL=my@email.com

My DNS settings on cloudflare only has two entries, an A entry with mydomain.com as name and my server IP as content, the other one a CNAME with * as name and mydomain.com as content. Both as DNS ONLY.
Looking at the logs for all 3 containers it looks fine after the small configurations mentioned in the docs. After the first run I enter my cloudflare email and key in the cloudflare.ini file, and then rename the /config/nginx/proxy-confs/nextcloud.subdomain.conf.sample file by removing the suffix .sample, and then restart swag. I can then access the swag intro page on the local network by going to its IP in the browser, but heading to nextcloud.mydomain.com I get ERR_CONNECTION_CLOSED. I then try to fiddle with the settings in the /config/www/nextcloud/config/config.php file adding the lines indicated:

    'trusted_proxies' => ['swag'],
      'overwrite.cli.url' => 'https://nextcloud.mydomain.com/',
      'overwritehost' => 'nextcloud.mydomain.com',
      'overwriteprotocol' => 'https',

and also add to the array ‘trusted_domains’:

array (
    0 => '192.168.0.4',
    1 => 'nextcloud.mydomain.com',
    2 => 'mydomain.com'
  ),

Restart swag, results the same. I even tried adding *.* to the trusted_domains array, no difference. I have forwarded port 443 and 80 to the server IP on the router, but I don’t suspect the router is where the issues are since I obtain a certificate. But I tried setting a DMZ to the server to expose it completely and see if that made a difference. My ISP router is in bridge mode to a better ASUS router, but again, I think the problems are in the configuration of swag+nextcloud.

What am I doing wrong? Let me know if you need more information, I can send the contents of the conf files etc. This text will be hidden

2

Checked the nginx logs in the running SWAG container and it’s full of lines like these:

# tail -F /var/log/nginx/error.log 
2021/04/16 13:27:07 [error] 467#467: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53
2021/04/16 13:27:12 [error] 467#467: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53
2021/04/16 13:27:17 [error] 467#467: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53
2021/04/16 13:27:22 [error] 467#467: r3.o.lencr.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: r3.o.lencr.org, certificate: "/config/keys/letsencrypt/fullchain.pem"
2021/04/16 13:42:43 [error] 468#468: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53
2021/04/16 13:42:43 [error] 468#468: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53
2021/04/16 13:42:48 [error] 468#468: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53
2021/04/16 13:42:53 [error] 468#468: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53
2021/04/16 13:42:58 [error] 468#468: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53
2021/04/16 13:43:03 [error] 468#468: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53
2021/04/16 13:43:08 [error] 468#468: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53
2021/04/16 13:43:13 [error] 468#468: r3.o.lencr.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: r3.o.lencr.org, certificate: "/config/keys/letsencrypt/fullchain.pem"
3

Could you post your docker-compose file + any of the configs you’ve setup please? I’ll look over them.

4

Thanks for taking the time, trying to post, but it won’t let me due to max 2 links for a new user.

5

Try again :slight_smile:

6

Here they are, as images then. I have replaced anything sensitive with , and used mydomain.com, other than that they are exact. I also just tested running the plex docker through swag from a subfolder, just as it’s described in the docs. Same result. Running the plex docker alone without using swag works fine when I forward port 32400 on the router and access it on mydomain.com:32400

docker-compose.yml 

---
version: "2.1"
services:
  nextcloud:
    image: ghcr.io/linuxserver/nextcloud:version-21.0.1
    container_name: nextcloud
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/copenhagen
    volumes:
      - /media/4TBsvin/docker/nextcloud/nextcloud/config:/config
      - /media/4TBsvin/nextcloud:/data
    depends_on:
      - mariadb
    restart: unless-stopped
  mariadb:
    image: ghcr.io/linuxserver/mariadb:alpine-version-10.5.9-r0
    container_name: mariadb
    environment:
      - PUID=1000
      - PGID=1000
      - MYSQL_ROOT_PASSWORD=<removed>
      - TZ=Europe/Copenhagen
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=<removed>
    volumes:
      - /media/4TBsvin/docker/nextcloud/mariadb:/config
    restart: unless-stopped
  swag:
    image: ghcr.io/linuxserver/swag:version-1.14.0
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Copenhagen
      - URL=mydomain.com
      - SUBDOMAINS=wildcard
      - ONLY_SUBDOMAINS=false
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
      - EMAIL=<removed>
    volumes:
      - /media/4TBsvin/docker/nextcloud/swag:/config
    ports:
      - 443:443
      - 80:80
    restart: unless-stopped

nextcloud config.php 

<?php
$CONFIG = array (
  'memcache.local' => '\OC\Memcache\APCu',
  'datadirectory' => '/data',
  'trusted_proxies' => ['swag'],
  'overwrite.cli.url' => 'https://nextcloud.mydomain.com/',
  'overwritehost' => 'nextcloud.mydomain.com',
  'overwriteprotocol' => 'https',
  'trusted_domains' => 
  array (
    0 => 'nextcloud.mydomain.com',
    1 => '10.0.0.4',
  ),
  );

nextcloud.subdomain.conf

This is untouched, just removed the .sample suffix

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app nextcloud;
        set $upstream_port 443;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
}
7

Thanks, you set my status to member at the same time I posted :slight_smile: I see now I forgot to remove - VIRTUAL_HOST from the nextcloud part. I have removed that again. It was some of the things I tried, but that’s an apache2 setting it seems. Removed it again, no difference

8

Just replaced the images again, and corrected

9

I think the problems I have is regardless of nextcloud and is about establishing a secure connection, validation of the certificate and
the reverse proxy when using SWAG. I should also mention that the error is from Chrome, if I access with firefox I get a “secure connection failed” and PR_END_OF_FILE_ERROR instead. So this means I cannot establish a secure connection. What am I doing wrong in that regard? I use cloudflare and tried different settings there too, fx setting SSL/TLS encryption mode off, flexible, full, or full (strict) all the same result. Also tried setting CERTPROVIDER=zerossl and set up an account there. I do get a valid certificate according to the logs when starting the container, can also be seen on zerossl.com. I can access the site by using the local IP on the network and see the “Welcome to your SWAG instance” page, but it shows next to the address bar that the site is insecure and the certificate is invalid.

10

Went through EVERY damn setting on my router and noticed that the VPN service was also listening on port 443. Set it to something else and now it all works like a charm! Sorry for the spam and thank you for damn nice containers!

11

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.