Closed Dustin1358 closed 4 years ago
I just realized that I cannot connect to my nextcloud from outside of the network at all. But I'm not sure where this behavior could come from the nginx.conf, traefik.toml, config.php or acme.json.
Hi Dustin,
traefik handles web traffic and letsencrypt certificates stand-alone. Your setting in the inventory are OK.
If you see a "Connection Refused" and you can't reach your nextcloud from the internet normally you should look at your firewall and/or router.
To check trafik/nextcloud/docker you have to put the internal ip address of your nextcloud machine as xx.xx.xx.xx mydomain.tk
in your /etc/hosts
. Trying to access trafik/nextcloud via curl xx.xx.xx.xx
won't work. But curl -vk mydomain.tk
should output some info about a self signed cert plus some "nextcloud html". If you try this an a separate server you know that the internal firewall of your nextcloud machine is OK.
You can run also run a sudo docker ps
that should output a line like
b73538a0b025 traefik:alpine "/entrypoint.sh trae…" 4 months ago Up 5 weeks 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp traefik
which tells you that trafik is up&running and exposes port 80/443 to the world.
According to "cloudflare" there are issues with nextcloud. You can't run nextcloud behind cloudflare.
Thanks for your information it helped me to understand traefik and let's encrypt better. And you are right there was an additional firewall which I did not know about.
It seems that let's encrypt is not working with the default configuration provided here. I only changed some fields in the inventory file according to my domain and needed configuration and I cannot get certificates. In the logs is written that let's encrypt always gets a 400 error because it cannot access the .well-known site. When I wget the site it takes a long time and finally I get a 404. It seems that traefik is blocking too much but with my limited traefik and docker knowledge I could not reconfigure traefik.
My configuration: Ubuntu 18.04.3 with a freenom domain which has only an A record which points to my static ip.
Another issue I found which might be related to the to strong blocking of traefik it that as soon as I change my dns from freenom to cloudflare I cannot access my site anymore. I always get a 512 error at a cloudflare site when I try to access my domain. This may also comes from a too strict traefik blocking?
Here is the my inventory file (with my personal data changed):
Here the error which comes from the logs of the traefik container (also changed my personal data):
time="2020-01-22T10:35:43Z" level=error msg="Unable to obtain ACME certificate for domains \"mydomain.tk\" detected thanks to rule \"Host:mydomain.tk; PathPrefixStrip:/portainer\" : unable to generate a certificate for the domains [mydomain.tk]: acme: Error -> One or more domains had a problem:\n[mydomain.tk] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://mydomain.tk/.well-known/acme-challenge/LzGbdsFsKcsJZdfsHVvds75dsdhds9m4PpEHtH7l533c: Connection refused, url: \n"