search

nextcloud / docker

⛴ Docker image of Nextcloud
https://hub.docker.com/_/nextcloud/
GNU Affero General Public License v3.0
6.05k stars 1.83k forks source link

503 Service Temporarily Unavailable after update (fpm nginx proxy) #1473

Closed Mailblocker closed 4 months ago

Mailblocker commented 3 years ago

Hi, I'm using the example docker/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml as a basis for my setup. I upgraded yesterday as usual and ended up in getting a 503 from my server.

For me it seems the nginx-proxy doesn't really work but I don't know how to fix this. I'm especially sceptical about this warning/error:

proxy_nginx              | nginx: [emerg] no servers are inside upstream in /etc/nginx/conf.d/default.conf:68

Below the log of the docker startup, can someone help? Thanks!

    docker-compose up      
    Creating network "docker_default" with the default driver
    Creating network "docker_proxy-tier" with the default driver
    Creating proxy_nginx    ... done
Creating redis       ... done
Creating mariadb     ... done
Creating nextcloud      ... done
Creating cron_nextcloud ... done
Creating letsencrypt    ... done
Creating nginx          ... done
Attaching to mariadb, redis, proxy_nginx, cron_nextcloud, nextcloud, letsencrypt, nginx
cron_nextcloud           | crond: crond (busybox 1.32.1) started, log level 0
cron_nextcloud           | crond: user:www-data entry:*/5 * * * * php -f /var/www/html/cron.php
cron_nextcloud           | 100001000010000100001000010000100001000010000100001000010000
cron_nextcloud           | 111111111111111111111111
cron_nextcloud           | 11111111111111111111111111111111
cron_nextcloud           | 111111111111
cron_nextcloud           | 1111111
mariadb                  | 2021-04-12 11:12:28+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.5.9+maria~focal started.
mariadb                  | 2021-04-12 11:12:28+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
mariadb                  | 2021-04-12 11:12:28+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.5.9+maria~focal started.
mariadb                  | 2021-04-12 11:12:29 0 [Note] mysqld (mysqld 10.5.9-MariaDB-1:10.5.9+maria~focal) starting as process 1 ...
mariadb                  | 2021-04-12 11:12:29 0 [Warning] You need to use --log-bin to make --binlog-format work.
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: Uses event mutexes
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: Number of pools: 1
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
mariadb                  | 2021-04-12 11:12:29 0 [Note] mysqld: O_TMPFILE is not supported on /tmp (disabling future attempts)
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: Using Linux native AIO
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: Initializing buffer pool, total size = 134217728, chunk size = 134217728
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: Completed initialization of buffer pool
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: 128 rollback segments are active.
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: Creating shared tablespace for temporary tables
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: 10.5.9 started; log sequence number 63579510598; transaction id 55481974
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
mariadb                  | 2021-04-12 11:12:29 0 [Note] Plugin 'FEEDBACK' is disabled.
mariadb                  | 2021-04-12 11:12:29 0 [Note] Server socket created on IP: '::'.
mariadb                  | 2021-04-12 11:12:29 0 [Note] InnoDB: Buffer pool(s) load completed at 210412 11:12:29
mariadb                  | 2021-04-12 11:12:29 0 [Warning] 'proxies_priv' entry '@% root@482a9b02f4e9' ignored in --skip-name-resolve mode.
mariadb                  | 2021-04-12 11:12:29 0 [Note] Reading of all Master_info entries succeeded
mariadb                  | 2021-04-12 11:12:29 0 [Note] Added new Master_info '' to hash table
mariadb                  | 2021-04-12 11:12:29 0 [Note] mysqld: ready for connections.
mariadb                  | Version: '10.5.9-MariaDB-1:10.5.9+maria~focal'  socket: '/run/mysqld/mysqld.sock'  port: 3306  mariadb.org binary distribution
letsencrypt              | Info: running acme-companion version v2.1.0-1-gd56d1aa
letsencrypt              | Warning: '/etc/acme.sh' does not appear to be a mounted volume.
letsencrypt              | Info: Custom Diffie-Hellman group found, generation skipped.
nextcloud                | [12-Apr-2021 11:12:29] NOTICE: fpm is running, pid 1
nextcloud                | [12-Apr-2021 11:12:29] NOTICE: ready to handle connections
letsencrypt              | Reloading nginx proxy (a77...)...
proxy_nginx              | WARNING: /etc/nginx/dhparam/dhparam.pem was not found. A pre-generated dhparam.pem will be used for now while a new one
proxy_nginx              | is being generated in the background.  Once the new dhparam.pem is in place, nginx will be reloaded.
proxy_nginx              | forego     | starting dockergen.1 on port 5000
proxy_nginx              | Generating DSA parameters, 4096 bit long prime
proxy_nginx              | forego     | starting nginx.1 on port 5100
proxy_nginx              | dockergen.1 | 2021/04/12 11:12:29 Generated '/etc/nginx/conf.d/default.conf' from 3 containers
proxy_nginx              | dockergen.1 | 2021/04/12 11:12:29 Watching docker events
proxy_nginx              | dockergen.1 | 2021/04/12 11:12:29 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
proxy_nginx              | dockergen.1 | 2021/04/12 11:12:29 Received event start for container a4c7945f6fec
proxy_nginx              | dockergen.1 | 2021/04/12 11:12:29 Received event start for container 38e5fad2e302
proxy_nginx              | dockergen.1 | 2021/04/12 11:12:30 Received event start for container 2f48c3fed9f6
redis                    | 1:C 12 Apr 2021 11:12:29.087 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
redis                    | 1:C 12 Apr 2021 11:12:29.087 # Redis version=6.2.1, bits=64, commit=00000000, modified=0, pid=1, just started
redis                    | 1:C 12 Apr 2021 11:12:29.087 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
redis                    | 1:M 12 Apr 2021 11:12:29.088 * monotonic clock: POSIX clock_gettime
redis                    | 1:M 12 Apr 2021 11:12:29.088 * Running mode=standalone, port=6379.
redis                    | 1:M 12 Apr 2021 11:12:29.088 # Server initialized
redis                    | 1:M 12 Apr 2021 11:12:29.088 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
redis                    | 1:M 12 Apr 2021 11:12:29.088 * Ready to accept connections
nginx                    | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
nginx                    | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
nginx                    | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
nginx                    | 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
proxy_nginx              | dockergen.1 | 2021/04/12 11:12:30 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
proxy_nginx              | dockergen.1 | 2021/04/12 11:12:30 Received event start for container d5ce61d13e5a
proxy_nginx              | dockergen.1 | 2021/04/12 11:12:30 Generated '/etc/nginx/conf.d/default.conf' from 7 containers
proxy_nginx              | dockergen.1 | 2021/04/12 11:12:30 Error running notify command: nginx -s reload, exit status 1
nginx                    | 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
nginx                    | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
proxy_nginx              | dockergen.1 | 2021/04/12 11:12:30 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx                    | /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
nginx                    | /docker-entrypoint.sh: Configuration complete; ready for start up
proxy_nginx              | dockergen.1 | 2021/04/12 11:12:30 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
letsencrypt              | 2021/04/12 11:12:30 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
letsencrypt              | 2021/04/12 11:12:30 Generated '/app/letsencrypt_service_data' from 7 containers
letsencrypt              | 2021/04/12 11:12:30 Running '/app/signal_le_service'
letsencrypt              | 2021/04/12 11:12:30 Watching docker events
letsencrypt              | 2021/04/12 11:12:30 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
letsencrypt              | [Mon Apr 12 11:12:31 UTC 2021] Create account key ok.
letsencrypt              | [Mon Apr 12 11:12:31 UTC 2021] Registering account: https://acme-v02.api.letsencrypt.org/directory
letsencrypt              | [Mon Apr 12 11:12:33 UTC 2021] Registered
letsencrypt              | [Mon Apr 12 11:12:33 UTC 2021] ACCOUNT_THUMBPRINT='O...'
letsencrypt              | Reloading nginx proxy (a77f753aafa7aa385dbae456811d5e943c4eeb09b4f3b29968f80f370ddec02c)...
letsencrypt              | 2021/04/12 11:12:33 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
letsencrypt              | Creating/renewal MY_DOMAIN certificates... (MY_DOMAIN)
letsencrypt              | [Mon Apr 12 11:12:34 UTC 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
letsencrypt              | [Mon Apr 12 11:12:34 UTC 2021] Creating domain key
letsencrypt              | [Mon Apr 12 11:12:35 UTC 2021] The domain key is here: /etc/acme.sh/fullacount_and_path.key
letsencrypt              | [Mon Apr 12 11:12:35 UTC 2021] Single domain='MY_DOMAIN'
letsencrypt              | [Mon Apr 12 11:12:35 UTC 2021] Getting domain auth token for each domain
proxy_nginx              | 2021/04/12 11:12:35 [emerg] 98#98: no servers are inside upstream in /etc/nginx/conf.d/default.conf:68
proxy_nginx              | nginx: [emerg] no servers are inside upstream in /etc/nginx/conf.d/default.conf:68
proxy_nginx              | dhparam generation complete, reloading nginx
letsencrypt              | [Mon Apr 12 11:12:37 UTC 2021] Getting webroot for domain='MY_DOMAIN'
letsencrypt              | [Mon Apr 12 11:12:37 UTC 2021] Verifying: MY_DOMAIN
proxy_nginx              | nginx.1    | MY_DOMAIN 52.28.236.88 - - [12/Apr/2021:11:12:39 +0000] "GET /.well-known/acme-challenge/T2N-... HTTP/1.1" 503 197 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
proxy_nginx              | nginx.1    | MY_DOMAIN 34.211.6.84 - - [12/Apr/2021:11:12:39 +0000] "GET /.well-known/acme-challenge/T2N-... HTTP/1.1" 503 197 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
proxy_nginx              | nginx.1    | MY_DOMAIN 3.22.70.135 - - [12/Apr/2021:11:12:39 +0000] "GET /.well-known/acme-challenge/T2N-... HTTP/1.1" 503 197 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
proxy_nginx              | nginx.1    | MY_DOMAIN 64.78.149.164 - - [12/Apr/2021:11:12:39 +0000] "GET  @/.well-known/acme-challenge/T2N-... HTTP/1.1" 503 197 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
letsencrypt              | [Mon Apr 12 11:12:41 UTC 2021] MY_DOMAIN:Verify error:Invalid response from http://MY_DOMAIN/.well-known/acme-challenge/T2N-... [MY_IP]: 
letsencrypt              | [Mon Apr 12 11:12:41 UTC 2021] Please check log file for more details: /dev/null
letsencrypt              | Sleep for 3600s
cron_nextcloud           | crond: user:www-data entry:*/5 * * * * php -f /var/www/html/cron.php
cron_nextcloud           | 100001000010000100001000010000100001000010000100001000010000
cron_nextcloud           | 111111111111111111111111
cron_nextcloud           | 11111111111111111111111111111111
cron_nextcloud           | 111111111111
cron_nextcloud           | 1111111
snkaupe commented 3 years ago

I've got the same problem using the same example files, including not getting a Let's Encrypt certificate (probably) due to the verification error seen in the log file posted by @Mailblocker . I tried setting an explicit hostname on the nextcloud app docker container, as suggested in #1455 , but that didn't help either.

Mailblocker commented 3 years ago

Can anyone give an advice how to debug/investigate this problem?

I now ran into the problem that letsencrypt wont verify my certs anymore since I've sent too many requests. But at least I want to reach my nextcloud again even if it's only locally.

snkaupe commented 3 years ago

@Mailblocker You can set LETSENCRYPT_TESTto trueon (if I read the docs correctly) the nextcloud_web container to switch over to a Let's Encrypt service that allows you more tries. See also https://github.com/nginx-proxy/acme-companion/blob/main/docs/Let's-Encrypt-and-ACME.md Otherwise, I think the number of allowed requests is 5 per hour and account, so you can wait for a bit.

Mailblocker commented 3 years ago

The allowed number of requests is 50 per week, so I have to wait for at least a week.

The thing is I have to fix the problem proxy(?) problem, otherwise I will run into this cert problem again in one week.

Mailblocker commented 3 years ago

@snkaupe I'm one step further, this link https://github.com/nginx-proxy/nginx-proxy/issues/1586#issuecomment-818238078 describes my problem and at least the proxy is now running again. Now I get the error 500 which indicates something between nextcloud and or the web server. Could be that I changes too much and wrecked my setup. Currently I'm skipping the certs by accepting the non verified cert, at least until I can access the login screen to my nextcloud.

Hints to error 500 are welcome.

edit: Still don't know what the problem is. My nginx server is returning error code 500. When accessing the containers (nginx or nextcloud:fpm via docker exec -it nginx bash) I can see the files (like index.html or .php) within the path /var/www/html. The owner is set to www-data within the nginx and nextcloud container.

Executing docker exec -u www-data nextcloud php occ status returns:

 - installed: true
  - version: 21.0.1.1
  - versionstring: 21.0.1
  - edition:

I'm running out of ideas why I should get an error 500.

0x47 commented 3 years ago

I was about to create a new issue and found this one. This also happens to a fresh setup for me. Nothing was changed from the example (.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/) except this diff:

diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml
index d576362..f629df1 100644
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml
@@ -8,7 +8,7 @@ services:
     volumes:
       - db:/var/lib/mysql
     environment:
-      - MYSQL_ROOT_PASSWORD=
+      - MYSQL_ROOT_PASSWORD=asdasdasd213123
     env_file:
       - db.env

@@ -37,8 +37,8 @@ services:
       - nextcloud:/var/www/html:ro
     environment:
       - VIRTUAL_HOST=
-      - LETSENCRYPT_HOST=
-      - LETSENCRYPT_EMAIL=
+      - LETSENCRYPT_HOST=my.domain.tld
+      - LETSENCRYPT_EMAIL=myname@example.com
     depends_on:
       - app
     networks:
@@ -59,8 +59,8 @@ services:
     build: ./proxy
     restart: always
     ports:
-      - 80:80
-      - 443:443
+      - 1180:80
+      - 11443:443
     labels:
       com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
     volumes:

One line from the nginx-proxy log (browser shows 503 error):

nginx.1    | my.domain.tld 172.21.0.1 - - [14/Apr/2021:23:40:37 +0000] "GET / HTTP/1.1" 503 197 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
Mailblocker commented 3 years ago

@0x47 have you read my comment here (https://github.com/nextcloud/docker/issues/1473#issuecomment-819772206) using a defined version for the nginx-proxy, does this solve the problem for you?

unix0r commented 3 years ago

I have a similar problem. After an update to nextcloud:latest 21.0.1, my nginx reverse proxy throws a 405 error for login into nextcloud.

First investigations show me, that the nextcloud docker instance takes too long for the login and the nginx goes into the timeout. Access (Login) directly to the exposed docker port takes about 3 minutes...

I'm also seeing that the mariadb database is working hard after the login try. Have to take a closer look, whats happening with the login and why it takes so long...

Maybe there is also a timing problem with your issue?

Running nextcloud docker on synology nas and configured the reverse proxy using the builtin frontend.

Mailblocker commented 3 years ago

@unix0r can you elaborate how to see this behaviour? What are you looking at, docker-compose logs?

Edit: note to myself, I need a test setup for checking updates before doing them on my real system.

zaciam commented 3 years ago

I have the same issue!

0x47 commented 3 years ago

@0x47 have you read my comment here (#1473 (comment)) using a defined version for the nginx-proxy, does this solve the problem for you?

@Mailblocker Yes I tried it and it did not work. Here is the diff from what I tried: https://github.com/0x47/docker/commit/f2e8eacd947ec1d91d48b3ccf9fb94f334170ea0 Can you confirm that this does what you expect?

I am in the process of migrating from a manual setup to a dockerized one to reduce maintenance effort. It seems like I am on the wrong path...

Mailblocker commented 3 years ago

@0x47 I don't know if your changes result in the same thing. The only line I changed was in the Dockerfile of the proxy changing this FROM jwilder/nginx-proxy:alpine to FROM jwilder/nginx-proxy:1586

0x47 commented 3 years ago

I have no idea what it means but https://github.com/nginx-proxy/nginx-proxy/issues/1586#issuecomment-818238078 refers to nginxproxy/nginx-proxy:1586, not jwilder/nginx-proxy:1586. Is that just an alias? Anyway, I think my changes do the same thing, I just changed the Dockerfile to make it configurable from the compose file instead of directly changing the Dockerfile.

You could try to deploy / create a new stack with the changed image and see if you get anything at all with this 1586 tag. For me, after starting the stack, the default Nginx welcome page shows for two seconds and then, after refreshing the page, it switches to the 503 error.

Mailblocker commented 3 years ago

For me the change worked so far that the warning/error:

proxy_nginx | nginx: [emerg] no servers are inside upstream in /etc/nginx/conf.d/default.conf:68 is no more present and the 503 error is gone.

So at least I now get directly the nginx default page giving me the error 500 instead of a broswer connection error 503 and no access at all to the nginx instance at all.

Did you rebuild the containers after the change to the defined tag and before restarting them?

0x47 commented 3 years ago

Yes, I just did it again to be sure. I remove all volumes manually as well. After re-creating the stack the proxy container shows the following log:

WARNING: /etc/nginx/dhparam/dhparam.pem was not found. A pre-generated dhparam.pem will be used for now while a new one,
is being generated in the background.  Once the new dhparam.pem is in place, nginx will be reloaded.,
forego     | starting dockergen.1 on port 5000,
forego     | starting nginx.1 on port 5100,
dockergen.1 | 2021/04/16 10:59:27 Generated '/etc/nginx/conf.d/default.conf' from 4 containers,
dockergen.1 | 2021/04/16 10:59:27 Watching docker events,
dockergen.1 | 2021/04/16 10:59:27 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload',
dockergen.1 | 2021/04/16 10:59:32 Received event start for container b5513dc8ca72,
2021/04/16 10:59:32 [notice] 53#53: signal process started,
Generating DSA parameters, 4096 bit long prime,
dhparam generation complete, reloading nginx,
dockergen.1 | 2021/04/16 10:59:33 Received event start for container 82e1634d2e09,
dockergen.1 | 2021/04/16 10:59:33 Received event start for container 9ac4b2a4c6ba,
dockergen.1 | 2021/04/16 10:59:33 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload',
dockergen.1 | 2021/04/16 10:59:33 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload',
dockergen.1 | 2021/04/16 10:59:33 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload',
dockergen.1 | 2021/04/16 10:59:36 Received event start for container 564cb6aa8791,
dockergen.1 | 2021/04/16 10:59:36 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload',
nginx.1    | srv.lan 172.19.0.1 - - [16/Apr/2021:10:59:41 +0000] "GET / HTTP/1.1" 503 197 "http://srv.lan:9000/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0",
nginx.1    | srv.lan 172.19.0.1 - - [16/Apr/2021:10:59:41 +0000] "GET /favicon.ico HTTP/1.1" 503 197 "http://srv.lan/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0",
snkaupe commented 3 years ago

I managed to get my cloud working again by using the 1586 tag on the proxy container and setting the correct UIDs and GIDs on the db and html files. Apparently, these changed and I first got a Nextcloud error screen (Nextcloud unable to access config files, fixed by chowning the /var/www/html dir inside the Nextcloud app container to its www-data). That brought me to the 500 error without helpful log entries. I ended up re-chowning the database directory to the mysql user from inside the db container and that brought the system back online.

Mailblocker commented 3 years ago

@snkaupe Holy f***, I need to try this. Hopefully it will bring my cloud up again. In the last week I realized that I grew pretty dependend on the thing (calendar sync with my family, file shares, etc).

Thank you for the feedback, I will post if it worked for me!

@0x47 From your logfiles I would say the proxy problem is fixed. Maybe you now got the second/follow up problem regarding the file access snkaupe explained.

0x47 commented 3 years ago

I checked the files:

root@3dc16af668e2:/# ls -lah /var/lib/mysql/
total 121M
drwxr-xr-x 5 mysql mysql 4.0K Apr 16 10:59 .
drwxr-xr-x 1 root  root  4.0K Apr  3 02:11 ..
-rw-rw---- 1 mysql mysql  32K Apr 16 10:59 aria_log.00000001
-rw-rw---- 1 mysql mysql   52 Apr 16 10:59 aria_log_control
-rw-rw---- 1 mysql mysql  976 Apr 16 10:59 ib_buffer_pool
-rw-rw---- 1 mysql mysql  96M Apr 16 10:59 ib_logfile0
-rw-rw---- 1 mysql mysql  12M Apr 16 10:59 ibdata1
-rw-rw---- 1 mysql mysql  12M Apr 16 10:59 ibtmp1
-rw-rw---- 1 mysql mysql    0 Apr 16 10:59 multi-master.info
drwx------ 2 mysql mysql 4.0K Apr 16 10:59 mysql
drwx------ 2 mysql mysql 4.0K Apr 16 10:59 nextcloud
drwx------ 2 mysql mysql 4.0K Apr 16 10:59 performance_schema
root@3dc16af668e2:/# ls -lah /var/lib/mysql/nextcloud/
total 12K
drwx------ 2 mysql mysql 4.0K Apr 16 10:59 .
drwxr-xr-x 5 mysql mysql 4.0K Apr 16 10:59 ..
-rw-rw---- 1 mysql mysql   67 Apr 16 10:59 db.opt
root@3dc16af668e2:/#

I can't check the permissions of /var/www/html because all three containers (web, app, cron) that have it mapped are non-interactive.

The interactive-flag is not set. You might not be able to use the console properly. 
The TTY-flag is not set. You might not be able to use the console properly.

Not sure what is happening on my end. Any chance you could try a clean, fresh stack and see if https://github.com/0x47/docker/tree/master/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm works for you without changing anything?

Mailblocker commented 3 years ago

Resetting the owner of the files/directories doesn't fix my problem.

Every access to my nextcloud instance results in this:

proxy_nginx              | nginx.1    | MY_DOMAIN MY_IP - - [16/Apr/2021:20:08:11 +0000] "GET /apps/photos/service-worker.js HTTP/2.0" 500 579 "https://MY_URL/apps/photos/service-worker.js" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
proxy_nginx              | nginx.1    | MY_DOMAIN MY_IP - - [16/Apr/2021:20:11:37 +0000] "GET / HTTP/2.0" 500 579 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
proxy_nginx              | nginx.1    | MY_DOMAIN MY_IP - - [16/Apr/2021:20:11:37 +0000] "GET /favicon.ico HTTP/2.0" 500 579 "https://MY_DOMAIN/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
proxy_nginx              | nginx.1    | MY_DOMAIN MY_IP - - [16/Apr/2021:20:11:38 +0000] "GET /apps/photos/service-worker.js HTTP/2.0" 500 579 "https://MY_URL/apps/photos/service-worker.js" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"

What is error 500 579 ?

Mailblocker commented 3 years ago

When opening with firefox I get the message that HSTS (HTTP strict transport security) is turned on and since my letsencrypt certs are not valid currently this is not working. Chromium just shows the nginx standard page prompting 500.

Is not fulfilling HSTS error "500 579"? Where can I turn this off? My nginx config does not enforce strict transport security, I did not uncomment those lines. I don't understand.

0x47 commented 3 years ago

I could fix the issue for the 503 error in my case. Nextcloud only works with the 1586 tag of nginx-proxy and setting

proxy:
  environment:
    - DEFAULT_HOST=nextcloud.local
web:
  environment:
    - VIRTUAL_HOST=nextcloud.local

in the compose file.

Mailblocker commented 3 years ago

Found the problem of my cert issue, created another issue for it here (maybe someone can link it? Not sure if it is really related, one led to another...).

Still have to wait until letsencrypt resets my rate limit :cry:.

Mailblocker commented 3 years ago

After the waiting time, I could renew my certs and everything is now up and running again.

F1iX commented 2 years ago

I could not get nginx-proxy back to work in my former setup with Nextcloud after hours of trying with both, RaspberrypiOS bullseye and Arch Linux ARM, so I decided to switch to Nginx Proxy Manager which works like a charm now, see https://github.com/F1iX/rpi-nextcloud-docker-compose

notcat commented 2 years ago

For anyone that sees this in the future, what fixed it for me was setting the enviornment variables for the nginx proxy.

web:
    environment:
      - VIRTUAL_HOST=yourdomain.com
      - LETSENCRYPT_HOST=yourdomain.com
      - LETSENCRYPT_EMAIL=youremail@gmail.com

Also, make sure you are connecting to the correct url. (yourdomain.com, NOT www.yourdomain.com (unless you have it setup to be www.yourdomain.com))