Nextcloud

[RottenKid]

Hello,

Thanks for the amazing help with your repo! I'm trying to migrate from Traefik 1.7 to 2.2 (fresh install server) and one of the migration steps is nextcloud. After using the YML from your repo for nextcloud I'm not able to get the container to use the SSL certificate from Traefik instead of the one from Linuxserver.io. Do you have any pointers? Thanks a lot!

[PutteVelo]

Hi, I have exactly the same issue. I've experimented a bit with trusted proxies but without success so far.

[daenny]

I have the same problem, but then with my unifi controller. That uses it's own certificate, even with the TLS passthrough.

[JustEnoughDucks]

I was under the impression that nextcloud behaves erratically if passed through an additional authentication layer besides its own? Could this be why it is not passed through traefik on purpose?

[ikbenfrank]

I have the same problem as stated above. I get the original linuxserver certificate (from nginx in the nextcloud image) and not the certificate from traefik/letsencrypt.

[RottenKid]

I've managed to fix this by using traefik-cert-dumper to export the certificate from traefik and then I have copied it to Nextcloud.

[aleprovencio]

Guys, if this is of any help, nextcloud runs fine for me with a config very close to the yml on this repo.

I just don't have certresolver because I already have it defined on traefik's section and my guess is that you should follow this guide: https://www.smarthomebeginner.com/cloudflare-settings-for-traefik-docker

[ikbenfrank]

Fixed it just now as well. I'm using linuxserver/nextcloud. Make cloudflare origin certificate through this tutorial: https://support.cloudflare.com/hc/en-us/articles/115000479507-Managing-Cloudflare-Origin-CA-certificates. Make a certificate for 15 years. Replace the pem key and certificate in the /keys folder of your nextcloud. Now it loads fine with the cloudflare certificate. Alternative is the method from RottenKid with the letsencrypt certificate.

[undaunt]

You could also manually edit the nginx conf file (in LSIO's image, at nginx/site-confs/default) and comment out a bunch of lines, effectively turning the Nextcloud container's nginx into http only, then put it behind a normal https Traefik reverse proxy instead of replacing the certs.

Snippet of mine below:

server {
    listen 80;
    listen [::]:80;
    server_name _;
#    return 301 https://$host$request_uri;
#}
#server {
#    listen 443 ssl http2;
#    listen [::]:443 ssl http2;
#    server_name _;
#    ssl_certificate /config/keys/cert.crt;
#    ssl_certificate_key /config/keys/cert.key;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.

#    add_header X-Content-Type-Options nosniff;
#    add_header X-XSS-Protection "1; mode=block";
#    add_header X-Robots-Tag none;
#    add_header X-Download-Options noopen;
#    add_header X-Frame-Options "SAMEORIGIN";
#    add_header X-Permitted-Cross-Domain-Policies none;
#    add_header Referrer-Policy no-referrer;
    fastcgi_hide_header X-Powered-By;
    root /config/www/nextcloud/;