search

zilexa / Homeserver

Lightweight home server based on microservices, usable as desktop workstation
877 stars 52 forks source link

Nextcloud questions #10

Closed ramolec closed 1 year ago

ramolec commented 1 year ago

@zilexa Thanks for sharing this, I know you haven't been using nextcloud. But I'd really like to test the architecture the way you've built it, but I've had no success for a week.I'm wanting to test nextcloud accessing locally on my private network and also externally.

My DockerCompose

version: "2.0"
services:
##_____________________ Caddy [CLOUD/web-proxy]
  caddy:
    container_name: caddy-proxy
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    restart: always
    networks: 
      - web-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - $DOCKERDIR/caddy/caddy_data:/data
      - $DOCKERDIR/caddy/config:/config
    volumes_from: 
      - nextcloud 
    ports:
      - 80:80
      - 443:443
    labels:
      caddy_0: http://adguard.server
      caddy_0.reverse_proxy: host.docker.internal:3000

##
##____________________ NextCloud 
  nextcloud:
    image: nextcloud:fpm-alpine
    container_name: nextcloud
    restart: always
    mem_limit: 2048m
    mem_reservation: 512m
    networks:
      - web-proxy
      - nextcloud
    depends_on:
      - nextcloud-db
      - nextcloud-cache
    environment:
      NEXTCLOUD_DATA_DIR: /var/nextdata
      NEXTCLOUD_TRUSTED_DOMAINS: next.$DOMAIN
      NEXTCLOUD_ADMIN_USER: $ADMIN
      NEXTCLOUD_ADMIN_PASSWORD: $ADMINPW
      POSTGRES_HOST: nextcloud-db
      POSTGRES_DB: nextcloud
      POSTGRES_USER: $USER_INT
      POSTGRES_PASSWORD: $PW_INT
      REDIS_HOST: nextcloud-cache
      #SMTP_HOST: $SMTPHOST
      #SMTP_SECURE: tls
      #SMTP_NAME: $SMTPUSER
      #SMTP_PASSWORD: $SMTPPASS
      #SMTP_FROM_ADDRESS: $EMAIL
      #SMTP_PORT: 587
    volumes:
      - $DOCKERDIR/nextcloud/var/nextdata:/var/nextdata
      - $DOCKERDIR/nextcloud/var/www/html:/var/www/html
      - $DOCKERDIR/nextcloud/var/www/html/config:/var/www/html/config
    labels:
      caddy: next.$DOMAIN
      caddy.tls: $EMAIL
      caddy.file_server: "" 
      caddy.root: "* /var/www/html"
      caddy.php_fastcgi: "{{upstreams 9000}}"
      caddy.php_fastcgi.root: "/var/www/html"
      caddy.php_fastcgi.env: "front_controller_active true"
      caddy.encode: gzip
      caddy.redir_0: "/.well-known/carddav /remote.php/dav 301"
      caddy.redir_1: "/.well-known/caldav /remote.php/dav 301"
      caddy.header.Strict-Transport-Security: '"max-age=15768000;includeSubDomains;preload"' 

##____________________ NextCloud Database
  nextcloud-db:
    container_name: nextcloud-db
    image: postgres:12-alpine
    restart: always
    networks:
      - nextcloud
    environment:
      POSTGRES_USER: $USER_INT
      POSTGRES_PASSWORD: $PW_INT
    volumes:
      - $DOCKERDIR/nextcloud/db:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro
##____________________ NextCloud Cache
  nextcloud-cache:
    container_name: nextcloud-cache
    image: redis:alpine
    restart: always
    mem_limit: 2048m
    mem_reservation: 512m
    networks:
      - nextcloud
    command: redis-server --requirepass $PW_INT

  ##______________________ AdGuard Home [PRIVACY/Blocker]
  adguard:
    container_name: adguard
    image: adguard/adguardhome
    restart: always
    network_mode: host
    volumes:
       - $DOCKERDIR/adguardhome/work:/opt/adguardhome/work
       - $DOCKERDIR/adguardhome//conf:/opt/adguardhome/conf
    #labels:
      # plugsy.name: AdGuard
      # plugsy.link: http://adguard.o/
      # plugsy.category: Network
##____________________ Portainer [SYSTEM/Docker]
  portainer:
    container_name: portainer
    image: portainer/portainer-ce
    restart: always
    networks: 
      - web-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - $DOCKERDIR/portainer/data:/data
    ports:
      - 9000:9000
    labels:
      caddy: http://docker.server
      caddy.reverse_proxy: "{{upstreams 9000}}"
     # plugsy.name: Docker
     # plugsy.link: http://docker.o/
     # plugsy.category: System
networks:
  web-proxy:
    driver: bridge
  nextcloud:
    driver: bridge

My Problems / My Doubts

Trying to access through my domain I have the following error in the browser SSL_ERROR_INTERNAL_ERROR_ALERT I created a ddnds through "noip.com", I configured my rooter, I unlocked ports 443 and 80, but I believe that the unlocking of the ports is not working I opened a ticket with my internet provider to understand the problem.

To test again using my domain I will wait for this port problem to be resolved.

But I would like to have nextcloud syncing and working also on my local private network, using only my LAN, either through an access "http://nextcloud.o/" or the ip of my server only within my lan.

And this I'm not getting. How can I make it work locally on the private network and on the external network? It is possible?

zilexa commented 1 year ago

Since you are using NOIP, you have to figure out how you can get a TLS certificate for it. This is far beyond the scope of this guide. If you want to use Caddy, better first check the Caddy documentation, then ask in their forum (https://caddy.community) if and how Caddy can work with NOIP. Caddy-docker-proxy might not be able to work with NOIP at all, as it doesn't include any optional Caddy plugins.

Regarding local LAN access, get that working without a local domain first, before trying to get the domain to work.

Also realize my NextCloud example is very outdated.

You are better off using official NextCloud documentation and their forum to find the minimum compose you need to get NextCloud to work by going to your LAN IP, without local domain.

Furthermore, I don't fully understand your end goal. If you want access to a service via internet, you need HTTPS (requires a reverse proxy and your own domain). You can will then always access the service via https and your domain, regardless whether you are on LAN or not.

If you only want access within LAN, you don't need NOIP or your own domain.

You cannot use a local domain and https domain for the same service, that does not make sense. The reverse proxy needs to have an endpoint. Not 2. That cannot work. And also does not serve any use case I can imagine.

zilexa commented 1 year ago

I have updated the Nextcloud example: https://github.com/zilexa/Homeserver/blob/8dbd5dbae68e0fe72a239ccab62a2b4a5b5f02d1/docker/Extras/nextcloud.yml#L1

Do not use it as your starting point, its too outdated. Nextcloud is not covered by this guide. There is enough documentation from NextCloud and from Caddy to use NC with Caddy as reverse proxy.