Caddy + Nextcloud (fpm) + Collabora - individual containers and docker-compose

peracchi · May 5, 2022, 12:22pm

I was working on this when I saw that “Nextcloud All In One”.

Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.

Included are:

Nextcloud

Nextcloud Office

High performance backend for Nextcloud Files

High performance backend for Nextcloud Talk

Backup solution (based on BorgBackup)

OnlyOffice

ClamAV

Nextcloud All In One

Are reverse proxies supported?

Yes. Please refer to the following documentation on this: reverse-proxy.md

I tried to use it behind Caddy but had no success.

Take a look here:

Reverse-proxy (Caddy) already in place. How install/configure NC AIO?

9peppe · May 5, 2022, 1:25pm

Nextcloud AIO is still experimental.

Go for nextcloudpi-x86.

peracchi · May 8, 2022, 1:57am

@francislavoie , finally I got a docker-compose.yml file that runs perfectly latest version of Nextcloud with Collabora.

Can you help me to put this “stack” behind Caddy?

This is the docker-compose.yml to start Nextcloud + Collabora (note that at bottom I leave the “caddy_net” network ready).

version: '2'
services:

  nextcloud-db:
    image: postgres:14.2-alpine
    container_name: nextcloud-db
    restart: unless-stopped
    environment:
      POSTGRES_USER: nextcloud
      POSTGRES_PASSWORD: password
    volumes:
      - nextcloud-db:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro

  nextcloud-cache:
    image: redis:7.0.0-alpine
    container_name: nextcloud-cache
    restart: unless-stopped
    mem_limit: 2048m
    mem_reservation: 512m
    command: redis-server --requirepass password

  nextcloud-app:
    image: nextcloud:24.0.0-fpm-alpine
    container_name: nextcloud-app
    restart: unless-stopped
    depends_on:
      - nextcloud-db
      - nextcloud-cache
    environment:
      POSTGRES_DB: nextcloud
      POSTGRES_USER: nextcloud
      POSTGRES_PASSWORD: password
      POSTGRES_HOST: nextcloud-db
      NEXTCLOUD_ADMIN_USER: admin
      NEXTCLOUD_ADMIN_PASSWORD: password
      NEXTCLOUD_TRUSTED_DOMAINS: nextcloud.local.cites.aop
      REDIS_HOST: nextcloud-cache
      REDIS_HOST_PASSWORD: password
      SMTP_HOST: mail.local.cites.aop
      SMTP_SECURE: tls
      SMTP_PORT: 587
      SMTP_AUTHTYPE: LOGIN
      SMTP_NAME: mailer@local.cites.aop
      SMTP_PASSWORD: password
      MAIL_FROM_ADDRESS: no-reply
      MAIL_DOMAIN: local.cites.aop
    volumes:
      - nextcloud-app:/var/www/html

  nextcloud-web:
    image: nginx:1.21.6-alpine
    container_name: nextcloud-web
    restart: unless-stopped
    ports:
      - 80:80
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
    volumes_from:
      - nextcloud-app

  nextcloud-collabora:
    image: collabora/code:21.11.4.2.1
    container_name: nextcloud-collabora
    restart: unless-stopped
    ports:
      - 9980:9980
    depends_on:
      - nextcloud-web
    environment:
      - username=admin
      - password=password
      - dictionaries=en_US es_ES pt_BR
      - extra_params=--o:ssl.enable=false
    volumes:
      - /etc/localtime:/etc/localtime:ro

volumes:
  nextcloud-app:
  nextcloud-db:

#networks:
#  default:
#    name: caddy_net
#    external: true

The companion nginx.conf is

worker_processes auto;

error_log  /var/log/nginx/error.log warn;

pid        /var/run/nginx.pid;

events {

    worker_connections  1024;

}

http {

    include       /etc/nginx/mime.types;

    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;

    #tcp_nopush     on;

    # Prevent nginx HTTP Server Detection

    server_tokens   off;

    keepalive_timeout  65;

    #gzip  on;

    upstream php-handler {

        server nextcloud-app:9000;

    }

    server {

        listen 80;

        # HSTS settings

        # WARNING: Only add the preload option once you read about

        # the consequences in https://hstspreload.org/. This option

        # will add the domain to a hardcoded list that is shipped

        # in all major browsers and getting removed from this list

        # could take several months.

        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;

        # set max upload size

        client_max_body_size 512M;

        fastcgi_buffers 64 4K;

        # Enable gzip but do not remove ETag headers

        gzip on;

        gzip_vary on;

        gzip_comp_level 4;

        gzip_min_length 256;

        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;

        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

        # Pagespeed is not supported by Nextcloud, so if your server is built

        # with the `ngx_pagespeed` module, uncomment this line to disable it.

        #pagespeed off;

        # HTTP response headers borrowed from Nextcloud `.htaccess`

        add_header Referrer-Policy                      "no-referrer"   always;

        add_header X-Content-Type-Options               "nosniff"       always;

        add_header X-Download-Options                   "noopen"        always;

        add_header X-Frame-Options                      "SAMEORIGIN"    always;

        add_header X-Permitted-Cross-Domain-Policies    "none"          always;

        add_header X-Robots-Tag                         "none"          always;

        add_header X-XSS-Protection                     "1; mode=block" always;

        # Remove X-Powered-By, which is an information leak

        fastcgi_hide_header X-Powered-By;

        # Path to the root of your installation

        root /var/www/html;

        # Specify how to handle directories -- specifying `/index.php$request_uri`

        # here as the fallback means that Nginx always exhibits the desired behaviour

        # when a client requests a path that corresponds to a directory that exists

        # on the server. In particular, if that directory contains an index.php file,

        # that file is correctly served; if it doesn't, then the request is passed to

        # the front-end controller. This consistent behaviour means that we don't need

        # to specify custom rules for certain paths (e.g. images and other assets,

        # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus

        # `try_files $uri $uri/ /index.php$request_uri`

        # always provides the desired behaviour.

        index index.php index.html /index.php$request_uri;

        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients

        location = / {

            if ( $http_user_agent ~ ^DavClnt ) {

                return 302 /remote.php/webdav/$is_args$args;

            }

        }

        location = /robots.txt {

            allow all;

            log_not_found off;

            access_log off;

        }

        # Make a regex exception for `/.well-known` so that clients can still

        # access it despite the existence of the regex rule

        # `location ~ /(\.|autotest|...)` which would otherwise handle requests

        # for `/.well-known`.

        location ^~ /.well-known {

            # The rules in this block are an adaptation of the rules

            # in `.htaccess` that concern `/.well-known`.

            location = /.well-known/carddav { return 301 /remote.php/dav/; }

            location = /.well-known/caldav  { return 301 /remote.php/dav/; }

            location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }

            location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

            # Let Nextcloud's API for `/.well-known` URIs handle all other

            # requests by passing them to the front-end controller.

            return 301 /index.php$request_uri;

        }

        # Rules borrowed from `.htaccess` to hide certain paths from clients

        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }

        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

        # Ensure this block, which passes PHP files to the PHP process, is above the blocks

        # which handle static assets (as seen below). If this block is not declared first,

        # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`

        # to the URI, resulting in a HTTP 500 error response.

        location ~ \.php(?:$|/) {

            # Required for legacy support

            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

            fastcgi_split_path_info ^(.+?\.php)(/.*)$;

            set $path_info $fastcgi_path_info;

            try_files $fastcgi_script_name =404;

            include fastcgi_params;

            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

            fastcgi_param PATH_INFO $path_info;

            #fastcgi_param HTTPS on;

            fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice

            fastcgi_param front_controller_active true;     # Enable pretty urls

            fastcgi_pass php-handler;

            fastcgi_intercept_errors on;

            fastcgi_request_buffering off;

        }

        location ~ \.(?:css|js|svg|gif)$ {

            try_files $uri /index.php$request_uri;

            expires 6M;         # Cache-Control policy borrowed from `.htaccess`

            access_log off;     # Optional: Don't log access to assets

        }

        location ~ \.woff2?$ {

            try_files $uri /index.php$request_uri;

            expires 7d;         # Cache-Control policy borrowed from `.htaccess`

            access_log off;     # Optional: Don't log access to assets

        }

        # Rule borrowed from `.htaccess`

        location /remote {

            return 301 /remote.php$request_uri;

        }

        location / {

            try_files $uri $uri/ /index.php$request_uri;

        }

    }

}

My actual docker-compose.yml for Caddy is

version: "3.7"
services:

  caddy:
    image: caddy:2.5.1-alpine
    hostname: caddy
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./sites:/srv
      - app_data:/data
      - app_config:/config

volumes:
  app_data:
  app_config:

networks:
  default:
    name: caddy_net
    external: true

And the Caddyfile is

{
        debug
}

nextcloud.local.cites.aop {
        acme_server
        tls internal
        reverse_proxy nextcloud-web

Nextcloud works fine through Caddy but when I try to create a document in Nextcloud that will use Collabora I always get an error.

francislavoie · May 8, 2022, 2:13am

That doesn’t really give me much to go on here. I don’t have a good picture of the flow. What’s in your logs? Please be specific about any errors you’re seeing. Saying “I always get an error” doesn’t tell me what the error is; it could be anything.

Why are you using nginx in this setup? You can use Caddy’s php_fastcgi to serve nextcloud instead.

peracchi · May 8, 2022, 2:18am

If you please show me how to make this change I will be glad to use Caddy instead Nginx.

Now I am really exausted, too much hours (and days) on this. Need to sleep, tomorrow I will try to collect logs info and explain better the flow.

francislavoie · May 8, 2022, 2:22am

Did you read this wiki?

peracchi · May 8, 2022, 1:55pm

Yes, several times. The scenario is different in many ways. Two Caddy instances running, frontend directly on frontend host, backend running inside container. I am using only one Caddy instance, running inside container with one Docker external network named “caddy_net”.

Also involves a manual copy of certificate file from one Caddy to the other.

That wiki may be outdated in several points. One of them is to use “- domain=${NEXTCLOUD_FQDN}”.

On docker log of the nextcloud-collabora container:

-e ERR: Use of domain variable is not supported. First host/domain who tries to connect to COOL is always allowed.
To allow multiple host and its aliases use something like this and pass it as env variable:
aliasgroup1=https://domain1:443,https://its-alias|its-second-alias:443
aliasgroup2=https://domain2:443,https://its-alias:443
For more info: https://sdk.collaboraonline.com/docs/installation/CODE_Docker_image.html

francislavoie · May 8, 2022, 2:11pm

Why nginx though? You can serve the PHP app with Caddy instead; it’ll be simpler. The wiki shows you how to do that; look at the config for the backend Caddy.

peracchi · May 8, 2022, 2:20pm

Will try again, in this scenario: Nextcloud + Collabora substituting Nginx by Caddy and exposing necessary ports direct on host (ports 80, 443 and 9980). No “caddy_net”.

The wiki shows you how to do that

Several points do not work/changed. Some things I know what to change, for example:

        @collabora {
                path /loleaflet/* # Loleaflet is the client part of LibreOffice Online
                path /hosting/discovery # WOPI discovery URL
                path /hosting/capabilities # Show capabilities as json
                path /lool/* # Main websocket, uploads/downloads, presentations
        }

to

        @collabora {
                path /browser/* # Loleaflet is the client part of LibreOffice Online
                path /hosting/discovery # WOPI discovery URL
                path /hosting/capabilities # Show capabilities as json
                path /cool/* # Main websocket, uploads/downloads, presentations
        }

If I manage to put the “Nextcloud stack” to work with Caddy replacing Nginx maybe you could assist me later on put another Caddy in front of this stack, to be the reverse proxy for it and other services.

francislavoie · May 8, 2022, 2:27pm

The key is that php_fastcgi communicates with the nextcloud php-fpm container, and the Caddy container also needs the nextcloud PHP code mounted at the same filesystem location – Caddy needs to see the files to know how to perform the rewrites, and to serve static files.

Like I said though, I don’t understand what isn’t working so I can’t really give you much other than vague suggestions.

peracchi · May 8, 2022, 2:30pm

Look, this will be the docker-compose.yml that I will use:

version: '2'
services:

  nextcloud-db:
    image: postgres:14.2-alpine
    container_name: nextcloud-db
    restart: unless-stopped
    volumes:
      - nextcloud-db:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro
    environment:
      POSTGRES_USER: nextcloud
      POSTGRES_PASSWORD: password

  nextcloud-cache:
    image: redis:7.0.0-alpine
    container_name: nextcloud-cache
    restart: unless-stopped
    mem_limit: 2048m
    mem_reservation: 512m
    command: redis-server --requirepass password

  nextcloud-app:
    image: nextcloud:24.0.0-fpm-alpine
    container_name: nextcloud-app
    restart: unless-stopped
    ports:
      - 9000:9000
    volumes:
      - nextcloud-app:/var/www/html
    depends_on:
      - nextcloud-db
      - nextcloud-cache
    environment:
      POSTGRES_DB: nextcloud
      POSTGRES_USER: nextcloud
      POSTGRES_PASSWORD: password
      POSTGRES_HOST: nextcloud-db
      NEXTCLOUD_ADMIN_USER: admin
      NEXTCLOUD_ADMIN_PASSWORD: password
      NEXTCLOUD_TRUSTED_DOMAINS: nextcloud.local.cites.aop
      REDIS_HOST: nextcloud-cache
      REDIS_HOST_PASSWORD: password
      SMTP_HOST: mail.local.cites.aop
      SMTP_SECURE: tls
      SMTP_PORT: 587
      SMTP_AUTHTYPE: LOGIN
      SMTP_NAME: mailer@local.cites.aop
      SMTP_PASSWORD: password
      MAIL_FROM_ADDRESS: no-reply
      MAIL_DOMAIN: local.cites.aop

  nextcloud-web:
    image: caddy:2.5.1-alpine
    container_name: nextcloud-web
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - nextcloud-caddy-data:/data
      - nextcloud-caddy-config:/config
    volumes_from:
      - nextcloud-app

  nextcloud-collabora:
    image: collabora/code:21.11.4.2.1
    container_name: nextcloud-collabora
    restart: unless-stopped
    ports:
      - 9980:9980
    volumes:
      - /etc/localtime:/etc/localtime:ro
    depends_on:
      - nextcloud-web
    environment:
      - username=admin
      - password=password
      - dictionaries=en_US es_ES pt_BR
      - extra_params=--o:ssl.enable=false

volumes:
  nextcloud-app:
  nextcloud-db:
  nextcloud-caddy-data:
  nextcloud-caddy-config:

Ports exposed on localhost: 80, 443, 9000 and 9980.

Caddy (here named “nextcloud-web”) will have access to static files using:

    volumes_from:
      - nextcloud-app

peracchi · May 8, 2022, 2:41pm

First attempt will be with this Caddyfile (copied from Wiki and with little adjustments):

{
        debug

        acme_server
        tls internal
}

nextcloud.local.cites.aop {

        encode gzip

        @collabora {
                path /browser/*
                path /hosting/discovery
                path /hosting/capabilities
                path /cool/*
        }

        reverse_proxy @collabora https://127.0.0.1:9980 {
                header_up Host "nextcloud.local.cites.aop"
                transport http {
                        tls_insecure_skip_verify
                }
        }

        root * /var/www/html
        file_server

        php_fastcgi 127.0.0.1:9000 {
                env front_controller_active true # Remove index.php form url
        }

        header {
                Strict-Transport-Security max-age=31536000; # enable HSTS
        }

        # .htaccess / data / config / ... shouldn't be accessible from outside
        @forbidden {
                path /.htaccess
                path /data/*
                path /config/*
                path /db_structure
                path /.xml
                path /README
                path /3rdparty/*
                path /lib/*
                path /templates/*
                path /occ
                path /console.php
        }

        respond @forbidden 404
}

peracchi · May 8, 2022, 2:57pm

What I did with above configuration and results below:

(1) $ docker-compose up -d ; docker logs -f nextcloud-web

[+] Running 10/10
 ⠿ Network nextcloud_default                  Created                                                                                              0.0s
 ⠿ Volume "nextcloud_nextcloud-caddy-config"  Created                                                                                              0.0s
 ⠿ Volume "nextcloud_nextcloud-db"            Created                                                                                              0.0s
 ⠿ Volume "nextcloud_nextcloud-app"           Created                                                                                              0.0s
 ⠿ Volume "nextcloud_nextcloud-caddy-data"    Created                                                                                              0.0s
 ⠿ Container nextcloud-db                     Started                                                                                              0.7s
 ⠿ Container nextcloud-cache                  Started                                                                                              0.7s
 ⠿ Container nextcloud-app                    Started                                                                                              1.0s
 ⠿ Container nextcloud-web                    Started                                                                                              1.4s
 ⠿ Container nextcloud-collabora              Started                                                                                              1.7s
{"level":"info","ts":1652021188.814965,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1652021188.8267128,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":6}
{"level":"info","ts":1652021188.8305697,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
{"level":"info","ts":1652021188.8317742,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0004a1960"}
{"level":"info","ts":1652021188.8329644,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1652021188.833018,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"warn","ts":1652021188.9328918,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
{"level":"info","ts":1652021188.9334302,"msg":"define JAVA_HOME environment variable to use the Java trust"}
{"level":"info","ts":1652021188.933445,"msg":"Warning: \"certutil\" is not available, install \"certutil\" with \"apt install libnss3-tools\" or \"yum install nss-tools\" and try again"}
{"level":"info","ts":1652021188.9717364,"msg":"certificate installed properly in linux trusts"}
{"level":"debug","ts":1652021188.9720566,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
{"level":"debug","ts":1652021188.9722614,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
{"level":"info","ts":1652021188.972274,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["nextcloud.local.cites.aop"]}
{"level":"info","ts":1652021188.9724083,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1652021188.9724183,"msg":"serving initial configuration"}
{"level":"info","ts":1652021188.9725761,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1652021188.9726126,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1652021188.9727461,"logger":"tls.obtain","msg":"acquiring lock","identifier":"nextcloud.local.cites.aop"}
{"level":"info","ts":1652021188.9816194,"logger":"tls.obtain","msg":"lock acquired","identifier":"nextcloud.local.cites.aop"}
{"level":"debug","ts":1652021188.9822605,"logger":"tls.obtain","msg":"trying issuer 1/1","issuer":"local"}
{"level":"debug","ts":1652021188.982567,"logger":"pki.ca.local","msg":"using intermediate signer","serial":"233056590805575220374369468503360849510","not_before":"2022-05-08 14:46:28 +0000 UTC","not_after":"2022-05-15 14:46:28 +0000 UTC"}
{"level":"info","ts":1652021188.9843614,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"nextcloud.local.cites.aop"}
{"level":"info","ts":1652021188.9843857,"logger":"tls.obtain","msg":"releasing lock","identifier":"nextcloud.local.cites.aop"}
{"level":"warn","ts":1652021188.9850678,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [nextcloud.local.cites.aop]: no OCSP server specified in certificate","identifiers":["nextcloud.local.cites.aop"]}
{"level":"debug","ts":1652021188.9851015,"logger":"tls.cache","msg":"added certificate to cache","subjects":["nextcloud.local.cites.aop"],"expiration":1652064388,"managed":true,"issuer_key":"local","hash":"6488d7afb204c6003da625da76becf2ab8d49f1c440e397be777122e494d1aa7","cache_size":1,"cache_capacity":10000}

(2) open http://nextcloud.local.cites.aop in Firefox, warning about certificate

{"level":"debug","ts":1652021429.1985624,"logger":"tls.handshake","msg":"choosing certificate","identifier":"nextcloud.local.cites.aop","num_choices":1}
{"level":"debug","ts":1652021429.198604,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"nextcloud.local.cites.aop","subjects":["nextcloud.local.cites.aop"],"managed":true,"issuer_key":"local","hash":"6488d7afb204c6003da625da76becf2ab8d49f1c440e397be777122e494d1aa7"}
{"level":"debug","ts":1652021429.1986113,"logger":"tls.handshake","msg":"matched certificate in cache","subjects":["nextcloud.local.cites.aop"],"managed":true,"expiration":1652064388,"hash":"6488d7afb204c6003da625da76becf2ab8d49f1c440e397be777122e494d1aa7"}
{"level":"debug","ts":1652021429.2143114,"logger":"http.stdlib","msg":"http: TLS handshake error from 10.22.22.33:60770: remote error: tls: unknown certificate authority"}

(3) accepted certificate in Firefox = blank page on Firefox, logs bellow

{"level":"debug","ts":1652021509.9429865,"logger":"tls.handshake","msg":"choosing certificate","identifier":"nextcloud.local.cites.aop","num_choices":1}
{"level":"debug","ts":1652021509.9430203,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"nextcloud.local.cites.aop","subjects":["nextcloud.local.cites.aop"],"managed":true,"issuer_key":"local","hash":"6488d7afb204c6003da625da76becf2ab8d49f1c440e397be777122e494d1aa7"}
{"level":"debug","ts":1652021509.943027,"logger":"tls.handshake","msg":"matched certificate in cache","subjects":["nextcloud.local.cites.aop"],"managed":true,"expiration":1652064388,"hash":"6488d7afb204c6003da625da76becf2ab8d49f1c440e397be777122e494d1aa7"}
{"level":"debug","ts":1652021509.960171,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_ip":"10.22.22.33","remote_port":"60779","proto":"HTTP/2.0","method":"GET","host":"nextcloud.local.cites.aop","uri":"/","headers":{"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0"],"Accept-Language":["pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Mode":["navigate"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"nextcloud.local.cites.aop"}},"method":"GET","uri":"/index.php"}
{"level":"debug","ts":1652021509.9602332,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"127.0.0.1:9000","total_upstreams":1}
{"level":"debug","ts":1652021509.960351,"logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_ip":"10.22.22.33","remote_port":"60779","proto":"HTTP/2.0","method":"GET","host":"nextcloud.local.cites.aop","uri":"/index.php","headers":{"X-Forwarded-For":["10.22.22.33"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0"],"Accept-Language":["pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3"],"Sec-Fetch-User":["?1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-Host":["nextcloud.local.cites.aop"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Te":["trailers"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"nextcloud.local.cites.aop"}},"dial":"127.0.0.1:9000","env":{"PATH_INFO":"","SERVER_PROTOCOL":"HTTP/2.0","HTTP_SEC_FETCH_SITE":"none","REMOTE_IDENT":"","QUERY_STRING":"","REMOTE_USER":"","SERVER_PORT":"443","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","GATEWAY_INTERFACE":"CGI/1.1","front_controller_active":"true","HTTP_X_FORWARDED_FOR":"10.22.22.33","SSL_PROTOCOL":"TLSv1.3","REMOTE_HOST":"10.22.22.33","DOCUMENT_ROOT":"/var/www/html","DOCUMENT_URI":"/index.php","SCRIPT_FILENAME":"/var/www/html/index.php","HTTPS":"on","AUTH_TYPE":"","CONTENT_TYPE":"","REMOTE_ADDR":"10.22.22.33","HTTP_ACCEPT_LANGUAGE":"pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3","CONTENT_LENGTH":"","REQUEST_METHOD":"GET","REQUEST_SCHEME":"https","SERVER_SOFTWARE":"Caddy/v2.5.1","SCRIPT_NAME":"/index.php","HTTP_SEC_FETCH_MODE":"navigate","HTTP_X_FORWARDED_PROTO":"https","HTTP_USER_AGENT":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0","REMOTE_PORT":"60779","HTTP_X_FORWARDED_HOST":"nextcloud.local.cites.aop","HTTP_SEC_FETCH_DEST":"document","HTTP_ACCEPT_ENCODING":"gzip, deflate, br","HTTP_HOST":"nextcloud.local.cites.aop","HTTP_ACCEPT":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8","HTTP_SEC_FETCH_USER":"?1","HTTP_TE":"trailers","SERVER_NAME":"nextcloud.local.cites.aop","HTTP_UPGRADE_INSECURE_REQUESTS":"1","REQUEST_URI":"/"}}
{"level":"debug","ts":1652021509.9605653,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","duration":0.000310771,"request":{"remote_ip":"10.22.22.33","remote_port":"60779","proto":"HTTP/2.0","method":"GET","host":"nextcloud.local.cites.aop","uri":"/index.php","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-For":["10.22.22.33"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0"],"Accept-Language":["pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-Host":["nextcloud.local.cites.aop"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"nextcloud.local.cites.aop"}},"error":"dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused"}
{"level":"error","ts":1652021509.96104,"logger":"http.log.error","msg":"dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused","request":{"remote_ip":"10.22.22.33","remote_port":"60779","proto":"HTTP/2.0","method":"GET","host":"nextcloud.local.cites.aop","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0"],"Accept-Language":["pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3"],"Sec-Fetch-Mode":["navigate"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"nextcloud.local.cites.aop"}},"duration":0.001083144,"status":502,"err_id":"d0akjm4w6","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"debug","ts":1652021509.9853601,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_ip":"10.22.22.33","remote_port":"60779","proto":"HTTP/2.0","method":"GET","host":"nextcloud.local.cites.aop","uri":"/favicon.ico","headers":{"Sec-Fetch-Mode":["no-cors"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0"],"Accept":["image/avif,image/webp,*/*"],"Accept-Language":["pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://nextcloud.local.cites.aop/"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Site":["same-origin"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"nextcloud.local.cites.aop"}},"method":"GET","uri":"index.php"}
{"level":"debug","ts":1652021509.9854026,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"127.0.0.1:9000","total_upstreams":1}
{"level":"debug","ts":1652021509.9854846,"logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_ip":"10.22.22.33","remote_port":"60779","proto":"HTTP/2.0","method":"GET","host":"nextcloud.local.cites.aop","uri":"index.php","headers":{"Accept-Language":["pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["nextcloud.local.cites.aop"],"Sec-Fetch-Mode":["no-cors"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"Referer":["https://nextcloud.local.cites.aop/"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0"],"Accept":["image/avif,image/webp,*/*"],"X-Forwarded-For":["10.22.22.33"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"nextcloud.local.cites.aop"}},"dial":"127.0.0.1:9000","env":{"GATEWAY_INTERFACE":"CGI/1.1","REMOTE_USER":"","SERVER_PROTOCOL":"HTTP/2.0","DOCUMENT_URI":"index.php","SCRIPT_FILENAME":"/var/www/html/index.php","HTTP_ACCEPT":"image/avif,image/webp,*/*","QUERY_STRING":"","REQUEST_URI":"/favicon.ico","SSL_PROTOCOL":"TLSv1.3","HTTP_REFERER":"https://nextcloud.local.cites.aop/","HTTP_SEC_FETCH_DEST":"image","HTTP_SEC_FETCH_MODE":"no-cors","REMOTE_IDENT":"","HTTP_HOST":"nextcloud.local.cites.aop","HTTPS":"on","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","HTTP_X_FORWARDED_HOST":"nextcloud.local.cites.aop","CONTENT_TYPE":"","REMOTE_ADDR":"10.22.22.33","SCRIPT_NAME":"/index.php","HTTP_X_FORWARDED_PROTO":"https","HTTP_ACCEPT_ENCODING":"gzip, deflate, br","CONTENT_LENGTH":"","SERVER_PORT":"443","HTTP_ACCEPT_LANGUAGE":"pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3","PATH_INFO":"","SERVER_NAME":"nextcloud.local.cites.aop","DOCUMENT_ROOT":"/var/www/html","HTTP_SEC_FETCH_SITE":"same-origin","HTTP_TE":"trailers","REQUEST_METHOD":"GET","REQUEST_SCHEME":"https","SERVER_SOFTWARE":"Caddy/v2.5.1","front_controller_active":"true","AUTH_TYPE":"","REMOTE_HOST":"10.22.22.33","REMOTE_PORT":"60779","HTTP_X_FORWARDED_FOR":"10.22.22.33","HTTP_USER_AGENT":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0"}}
{"level":"debug","ts":1652021509.9856958,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","duration":0.000265649,"request":{"remote_ip":"10.22.22.33","remote_port":"60779","proto":"HTTP/2.0","method":"GET","host":"nextcloud.local.cites.aop","uri":"index.php","headers":{"Referer":["https://nextcloud.local.cites.aop/"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0"],"Accept":["image/avif,image/webp,*/*"],"X-Forwarded-For":["10.22.22.33"],"X-Forwarded-Host":["nextcloud.local.cites.aop"],"Sec-Fetch-Mode":["no-cors"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"Accept-Language":["pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"nextcloud.local.cites.aop"}},"error":"dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused"}
{"level":"error","ts":1652021509.9857433,"logger":"http.log.error","msg":"dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused","request":{"remote_ip":"10.22.22.33","remote_port":"60779","proto":"HTTP/2.0","method":"GET","host":"nextcloud.local.cites.aop","uri":"/favicon.ico","headers":{"Sec-Fetch-Mode":["no-cors"],"Referer":["https://nextcloud.local.cites.aop/"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0"],"Accept":["image/avif,image/webp,*/*"],"Accept-Language":["pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"nextcloud.local.cites.aop"}},"duration":0.000493696,"status":502,"err_id":"ki5ye89vh","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

francislavoie · May 8, 2022, 3:02pm

You need to also mount /var/www/html from nextcloud into the Caddy container

This should point to the nextcloud container, not 127.0.0.1.

peracchi · May 8, 2022, 3:45pm

I do not find an example in that article from Wiki on how to do this.

I presumed, from the docker-compose.yml part of Nginx, that was sufficient to use “volumes_from”. There is no mount of /var/www/html in that part of the file. By analogy I made the same for Caddy.

francislavoie · May 8, 2022, 3:54pm

Yeah, that might do.

But still, 127.0.0.1 will not work because that tells Caddy to try to connect to something inside the Caddy container itself, but there’s nothing there.

Use nextcloud-app:9000 instead

peracchi · May 8, 2022, 3:55pm

After change 127.0.0.1:9000 to nextcloud-app:9000 the error message seems the same, only changing 127.0.0.1 by 172.20.0.4 (the IP autoassigned by Docker).

{"level":"debug","ts":1652024826.3810058,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"nextcloud-app:9000","duration":0.000762927,"request":{"remote_ip":"10.22.22.33","remote_port":"60882","proto":"HTTP/2.0","method":"GET","host":"nextcloud.local.cites.aop","uri":"index.php","headers":{"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"Sec-Fetch-Dest":["image"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-For":["10.22.22.33"],"Sec-Fetch-Mode":["no-cors"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0"],"Accept-Language":["pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3"],"Accept":["image/avif,image/webp,*/*"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["nextcloud.local.cites.aop"],"Referer":["https://nextcloud.local.cites.aop/"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"nextcloud.local.cites.aop"}},"error":"dialing backend: dial tcp 172.20.0.4:9000: connect: connection refused"}
{"level":"error","ts":1652024826.3810594,"logger":"http.log.error","msg":"dialing backend: dial tcp 172.20.0.4:9000: connect: connection refused","request":{"remote_ip":"10.22.22.33","remote_port":"60882","proto":"HTTP/2.0","method":"GET","host":"nextcloud.local.cites.aop","uri":"/favicon.ico","headers":{"Sec-Fetch-Dest":["image"],"Accept":["image/avif,image/webp,*/*"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://nextcloud.local.cites.aop/"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0"],"Accept-Language":["pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"nextcloud.local.cites.aop"}},"duration":0.000966479,"status":502,"err_id":"yd1wkd6t0","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

Some info from ctop:

 ctop - 12:53:49 -03   5 containers

     NAME                           CID          CPU                MEM                NET RX/TX          IO R/W             PIDS UPTIME

   ⏵ nextcloud-app                  31eb0de23767          0%             472M / 4G     9M / 15M           0B / 0B            3    6m50s
   ⏵ nextcloud-cache                aba0c5337117          0%              2M / 2G      3K / 319B          0B / 0B            5    6m51s
   ⏵ nextcloud-collabora            c817318ef0b7          0%             775M / 4G     2K / 0B            0B / 0B            10   6m49s
   ⏵ nextcloud-db                   b8e4325296bc          0%              80M / 4G     15M / 9M           0B / 0B            7    6m51s
   ⏵ nextcloud-web                  c7342f51e57b          0%              11M / 4G     7K / 6K            0B / 0B            9    6m50s

┌───────────────────────────────────────────────────────────────┐
│  id      | 31eb0de23767                                       │
│  name    | nextcloud-app                                      │
│  image   | nextcloud:24.0.0-fpm-alpine                        │
│  ports   | 0.0.0.0:9000 -> 9000/tcp                           │
│          | :::9000 -> 9000/tcp                                │
│  IPs     | nextcloud_default:172.20.0.4                       │
│  state   | running                                            │
│  created | Sun May 8 15:46:51 2022                            │
│  uptime  | 6m50s                                              │
│  health  |                                                    │
└───────────────────────────────────────────────────────────────┘

┌───────────────────────────────────────────────────────────────┐
│  id      | c7342f51e57b                                       │
│  name    | nextcloud-web                                      │
│  image   | caddy:2.5.1-alpine                                 │
│  ports   | 2019/tcp                                           │
│          | 0.0.0.0:443 -> 443/tcp                             │
│          | :::443 -> 443/tcp                                  │
│          | 0.0.0.0:80 -> 80/tcp                               │
│          | :::80 -> 80/tcp                                    │
│  IPs     | nextcloud_default:172.20.0.5                       │
│  state   | running                                            │
│  created | Sun May 8 15:46:51 2022                            │
│  uptime  | 6m50s                                              │
│  health  |                                                    │
└───────────────────────────────────────────────────────────────┘

francislavoie · May 8, 2022, 4:26pm

Strange. Are you sure php-fpm is actually listening on port 9000? It might be configured to do something else what’s in the app container’s logs?

peracchi · May 8, 2022, 4:43pm

Yesterday I had a very, very bad trip with the distro I usually use, that is Arch. If you want to know I can tell you.

I just installed a new Ubuntu Server 22.04 in my Proxmox, copy docker-compose.yml and Caddyfile from previous interaction and will try it now.

Initial logs from nextcloud-web container (Caddy) and nextcloud-app (nextcloud:24.0.0-fpm-alpine):

[+] Running 10/10
 ⠿ Network nextcloud_default                  Created                                                                                              0.1s
 ⠿ Volume "nextcloud_nextcloud-app"           Created                                                                                              0.0s
 ⠿ Volume "nextcloud_nextcloud-caddy-data"    Created                                                                                              0.0s
 ⠿ Volume "nextcloud_nextcloud-caddy-config"  Created                                                                                              0.0s
 ⠿ Volume "nextcloud_nextcloud-db"            Created                                                                                              0.0s
 ⠿ Container nextcloud-db                     Started                                                                                              1.1s
 ⠿ Container nextcloud-cache                  Started                                                                                              1.1s
 ⠿ Container nextcloud-app                    Started                                                                                              1.1s
 ⠿ Container nextcloud-web                    Started                                                                                              1.5s
 ⠿ Container nextcloud-collabora              Started                                                                                              1.9s
{"level":"info","ts":1652027854.8559625,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1652027854.8588479,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":6}
{"level":"info","ts":1652027854.8607287,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1652027854.862389,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002bcd20"}
{"level":"info","ts":1652027854.8627794,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1652027854.8628585,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1652027854.969344,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1652027854.969385,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"debug","ts":1652027854.9694366,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
{"level":"debug","ts":1652027854.9694731,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
{"level":"info","ts":1652027854.9694836,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["nextcloud.local.cites.aop"]}
{"level":"info","ts":1652027854.9700236,"logger":"tls.obtain","msg":"acquiring lock","identifier":"nextcloud.local.cites.aop"}
{"level":"info","ts":1652027854.975505,"logger":"tls.obtain","msg":"lock acquired","identifier":"nextcloud.local.cites.aop"}
{"level":"debug","ts":1652027854.9760013,"logger":"tls.obtain","msg":"trying issuer 1/1","issuer":"local"}
{"level":"debug","ts":1652027854.9763114,"logger":"pki.ca.local","msg":"using intermediate signer","serial":"80750900309849878634907328897871464525","not_before":"2022-05-08 16:37:34 +0000 UTC","not_after":"2022-05-15 16:37:34 +0000 UTC"}
{"level":"info","ts":1652027854.9768746,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"nextcloud.local.cites.aop"}
{"level":"info","ts":1652027854.9768827,"logger":"tls.obtain","msg":"releasing lock","identifier":"nextcloud.local.cites.aop"}
{"level":"warn","ts":1652027854.9772692,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [nextcloud.local.cites.aop]: no OCSP server specified in certificate","identifiers":["nextcloud.local.cites.aop"]}
{"level":"debug","ts":1652027854.9772918,"logger":"tls.cache","msg":"added certificate to cache","subjects":["nextcloud.local.cites.aop"],"expiration":1652071054,"managed":true,"issuer_key":"local","hash":"1c9f1cc62eab0af440a7b814e00182acd4018fcf8cd9a77e8c7ea316df580374","cache_size":1,"cache_capacity":10000}
{"level":"warn","ts":1652027855.0150423,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
{"level":"info","ts":1652027855.0152857,"msg":"Warning: \"certutil\" is not available, install \"certutil\" with \"apt install libnss3-tools\" or \"yum install nss-tools\" and try again"}
{"level":"info","ts":1652027855.0152943,"msg":"define JAVA_HOME environment variable to use the Java trust"}
{"level":"info","ts":1652027855.0543723,"msg":"certificate installed properly in linux trusts"}
{"level":"info","ts":1652027855.0545018,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1652027855.0545113,"msg":"serving initial configuration"}

Configuring Redis as session handler
Initializing nextcloud 24.0.0.12 ...
New nextcloud instance
Installing with PostgreSQL database
Starting nextcloud installation
Nextcloud was successfully installed
Setting trusted domains…
System config value trusted_domains => 1 set to string nextcloud.local.cites.aop
Initializing finished
[08-May-2022 16:38:00] NOTICE: fpm is running, pid 1
[08-May-2022 16:38:00] NOTICE: ready to handle connections

I will update this post in a few minutes…

peracchi · May 8, 2022, 5:05pm

Holy shit! It happened again!!!

Now Nextcloud login screen appeared (with exact the same files).

This is really frustrating…

Because of the pandemic and the home office I provided a second, faster internet link.

A few weeks ago, after a lot of searching for a problem in my configuration and not finding it, I found that it was something in the new “faster” provider. When switching to the old, “slower” link, everything worked normally.

I forgot about it and yesterday it happened again: during tests with Nextcloud, I couldn’t install apps on it. Then I remembered the problem with the new link and switched to the old one. It worked right away!

Yesterday, after a lot of talking with another developer, I found that part of the problem was only in Arch Linux, using Ubuntu 22.04 the problem didn’t occur.

Some configurations are a little more complex, involve a lot of different programs, different versions and we still have this kind of crazy stuff between different distributions.

I think I’m getting too old for this… When we used to program on coding sheets and then send them to punch cards it was easier! I was happy with COBOL and didn’t know it!