this post was submitted on 29 Sep 2024
8 points (100.0% liked)

nextcloud

715 readers
5 users here now

Nextcloud is a suite of client-server software for creating and using file hosting services.

https://nextcloud.com

https://github.com/nextcloud

IRC: #nextcloud on libera.chat
Matrix: #nextcloud:matrix.org

Other Nextcloud communities on Lemmy

founded 4 years ago
MODERATORS
[email protected]
8
Nextcloud AIO + Traefik (feddit.it)
submitted 1 month ago by [email protected] to c/[email protected]
7 comments fedilink hide all child comments
 

I'm currently running a Nextcloud instance in docker, using the "multiple containers" method, but I recently discovered that the reccomended method to run it is using this "All In One" image I previously didn't know about, and so I wanted to try to migrate to that setup (also in order to have easily also the office and whiteboard features that atm I don't have on my instance + have easier Backup-restore process)

The problem is that on my server I'm using traefik as a reverse proxy to expose services to the internet, and it is working on a specific docker network (called traefik_net) where also every container that should be exposed is connected, and from the official documentation of Nextcloud AIO I really don't understand how am I supposed to configure it to work in a setup like mine (mainly because the mastercontainer creates all the containers it needs on a network called nextcloud_aio and I didn't find a way to change that and where to set the proper traefik lables)

Anyone that is running AIO behind a traefik reverse proxy maybe can help me to understand?

top 7 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 1 month ago (1 children)

I've used a AIO + traefik docker setup once, but I might be a little bit rusty, it's been some time. Docs state that labels do not work with the AIO, due to the fact that mastercontainer manages the containers. With the AIO it is better to not get in the way of the mastercontainer - if any issues occur you have a non-standard deployment and need to consider that while troubleshooting. Not the most elegant solution, but you could run vanilla AIO with traefik external routing via exposed apache port on the node IP using the file provider. If you don't have one you'll need to adjust the traefik config file to include:

providers:
  file:
    filename: #dynamic config file path goes here, example: /etc/traefik/fileConfig.yml
    watch: true

Create such file and restart traefik container.

You can use this file to provide all sorts of configs, traefik constantly checks it and makes adjustments. Here's an example:

http:
  ## EXTERNAL ROUTING ##
  routers:
    nextcloud:
      rule: "Host(`nextcloud.example.com`)"
      entrypoints:
        - "https"
      service: nextcloud
      middlewares:
      tls:
        certresolver: "letsencrypt"
  ## SERVICES ##
  services:
    nextcloud:
      loadBalancer:
        servers:
          - url: "http://IP:PORT of the apache container"

You may route internally if traefik runs on the host network. Check the link to the github documentation above for more info. Consider adjusting for a trusted proxy by limiting access to the apache container as described there.

[–] [email protected] 2 points 1 month ago (1 children)

Thank you! Idk how but I didn't noticed the paragraph in the docs saying that labels condition is not supported. I'll try with the file config and see if this way I can make it work. The only thing I'm still missing is the IP of the Apache container: shouldn't it be an IP on the traefik_net network where also the traefik container runs? And if so how can I specify to the mastercontainer to create the Apache container on that network with a specific IP address?

[–] [email protected] 2 points 1 month ago (1 children)

The cleanest way would be to do something described here, in the expanded section "On the same server in a Docker container". I don't know your docker setup though. You can however port forward the apache port and expose it on the machine IP, that way you can point the file config to the machine IP. This is the setup you would use if traefik was on a different machine than nextcloud (or any other service), but it will also work in your case. It has a big upside, if you decide to migrate your setup you can just spin up traefik on another machine and copy-paste the dynamic config file with minimal downtime (you would only need to adjust trusted proxy on the nextcloud side, if it's in use).

[–] [email protected] 2 points 1 month ago (1 children)

thank you! so, wanting to follow your tip and exposing the 11000 port from the apache container to the host (in order to have a setup that is valid even if I move the service to another machine), how should I do that? because the apache container is also created by AIO’s mastercontainer and so I don’t have a place where to specify its port mapping (while usually I would do it adding 11000:11000 to the ports section of the docker compose)…

[–] [email protected] 2 points 1 month ago (1 children)

If I remember correctly setting APACHE_PORT env variable in the mastercontainer section in your compose file should be enough to expose apache port on the node IP, mastercontainer should handle the process. These are the defaults from their compose example.

services:
  nextcloud-aio-mastercontainer:
    environment:
      APACHE_PORT: 11000

As you've noticed, forwarding things that way seems counterintuitive, because mastercontainer handles the managed containers and accepts limited config options as variables. Check the example compose file for common config options, like the upload limits. This is a major tradeoff of the AIO, by design, it is a standardised deployment, easy to troubleshoot and hadles a lot of things automatically, but it's inflexible. Once you get it running though it rarely causes problems.

[–] [email protected] 1 points 1 month ago

ok I checked and you are right, the apache container actually exposes the 11000 port on the host. so i tried following the instructions for “traefik in a docker container on the same machine” and… it still didn’t work (now I was getting a Bad Gateway error)

at this point I think I’ll just stick with my old setup with docker compose. I was interested in AIO because I thought it could have been an easier to maintain way to host NC (also considering it’s official, while the docker compose method is not) but apparently it’s not meant to be inserted in an already existing setup like mine so I’ll stick with what I currently have.

it would be nice though if the NC devs also publish a “recommended docker-compose.yaml file” (in a similar way of what Immich does) so that more advanced users still can have an easy way to set everything up without having to look for the correct containers and settings required all over the internet

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago)
EDIT

Never mind, my reading skills... I never used the AIO image... Sorry :/.