It seems that let's encrypt is not working with the default configuration provided here. I only changed some fields in the inventory file according to my domain and needed configuration and I cannot get certificates. In the logs is written that let's encrypt always gets a 400 error because it cannot access the .well-known site. When I wget the site it takes a long time and finally I get a 404. It seems that traefik is blocking too much but with my limited traefik and docker knowledge I could not reconfigure traefik.

My configuration: Ubuntu 18.04.3 with a freenom domain which has only an A record which points to my static ip.

Another issue I found which might be related to the to strong blocking of traefik it that as soon as I change my dns from freenom to cloudflare I cannot access my site anymore. I always get a 512 error at a cloudflare site when I try to access my domain. This may also comes from a too strict traefik blocking?

Here is the my inventory file (with my personal data changed):

[nextcloud]
localhost ansible_connection=local

[nextcloud:vars]

### Preliminary variables ###

# The domain name for your Nextcloud instance. You'll get a Let's Encrypt certificate for this domain.
nextcloud_server_fqdn       = mydomain.tk

# Your email address (for Let's Encrypt).
ssl_cert_email              = [email protected]

### Nextcloud variables ###

# Choose a directory for your Nextcloud data.
nextcloud_base_dir          = /opt/nextcloud

# Choose a username and password for your Nextcloud admin user.
nextcloud_admin             = 'user'
nextcloud_passwd            = 'userpwd'              # If empty the playbook will generate a random password.

# You must choose one database management system.
# Choose between 'pgsql' (PostgreSQL), 'mysql' (MariaDB) and 'sqlite' (SQLite).
nextcloud_db_type           = 'pgsql'

# Options for Mariadb and PostgreSQL.
nextcloud_db_host           = 'localhost'
nextcloud_db_name           = 'nextcloud'
nextcloud_db_user           = 'nextcloud'
nextcloud_db_passwd         = ''              # If empty the playbook will generate a random password (stored in {{ nextcloud_base_dir }}/secrets ).
nextcloud_db_prefix         = 'oc_'

### Optional variables ###

# Setup the Nextcloud mail server.
nextcloud_configure_mail    = false
nextcloud_mail_from         = 
nextcloud_mail_smtpmode     = smtp
nextcloud_mail_smtpauthtype = LOGIN
nextcloud_mail_domain       =
nextcloud_mail_smtpname     =
nextcloud_mail_smtpsecure   = tls
nextcloud_mail_smtpauth     = 1
nextcloud_mail_smtphost     =
nextcloud_mail_smtpport     = 587
nextcloud_mail_smtpname     =
nextcloud_mail_smtppwd      = 

# Use S3 Bucket as primary storage
aws_s3_key            = ''
aws_s3_secret         = ''
# aws_s3_bucket_name    = ''
# aws_s3_hostname       = 's3.amazonaws.com'
# aws_s3_port           = '443'
# aws_s3_use_ssl        = 'true'
# aws_s3_region         = 'us-east-1'
# aws_s3_use_path_style = 'true'

# Install restic backup tool if backup_folder is not empty
restic_repo                 = ''              # e.g. /var/nc-backup
# crontab settings restic for restic
backup_day                  = *
backup_hour                 = 12
backup_minute               = 0

# Choose an online office suite to integrate with your Nextcloud. Your options are (without quotation marks): 'none', 'collabora' and 'onlyoffice'.
online_office               = onlyoffice
# When using Collabora, you're able to install dictionaries alongside with it. Collabora's default is German (de).
collabora_dictionaries      = 'en'            # Separate ISO 639-1 codes with a space.

# Set to true to install TURN server for Nextcloud Talk.
talk_install                = true

# Set to true to enable access to your database with Adminer at https://nextcloud_server_fqdn/adminer . The password will be stored in {{ nextcloud_base_dir }}/secrets .
adminer_enabled             = true

# Set to true to install Portainer webgui for Docker.
portainer_enabled           = true
portainer_passwd            = ''              # If empty the playbook will generate a random password.

# Uncomment 'traefik_api_user' to get access to your Traefik dashboard at https://nextcloud_server_fqdn/traefik .
traefik_api_user          = traefik

Here the error which comes from the logs of the traefik container (also changed my personal data):

time="2020-01-22T10:35:43Z" level=error msg="Unable to obtain ACME certificate for domains \"mydomain.tk\" detected thanks to rule \"Host:mydomain.tk; PathPrefixStrip:/portainer\" : unable to generate a certificate for the domains [mydomain.tk]: acme: Error -> One or more domains had a problem:\n[mydomain.tk] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://mydomain.tk/.well-known/acme-challenge/LzGbdsFsKcsJZdfsHVvds75dsdhds9m4PpEHtH7l533c: Connection refused, url: \n"

I wanted to configure the SMTP server. But this didn't work. The problem is not with the credentials I used, because I used the same with Firefox.

When I fill in the credential is the Nextxloud GUI I get the following error:

Connection could not be established with host smtp.domain.tld [Operation timed out #110])

After prepare_system.sh and ansible-playbook nextdocker.yml I get the following message:

TASK [prep_os : selinux targets] *********************************************************************************************************************
Wednesday 10 October 2018 16:03:39 -0400 (0:00:00.631) 0:01:35.899 *****
failed: [localhost] (item=/opt/nextcloud(/.)?) => {"changed": false, "item": "/opt/nextcloud(/.)?", "msg": "This module requires policycoreutils-python"}
After

yum install policycoreutils-python

everything worked quite well.

Hello,

Does this container need to stay running once the setup is complete?

I think it may be causing issues as I keep having to accept the self-signed certificate in my browser, indicating that it is dumping a new cert?

Thanks.

When executing:
curl -s https://raw.githubusercontent.com/ReinerNippes/nextcloud_on_docker/master/prepare_system.sh | /bin/bash

ERROR: Command errored out with exit status 1:
 command: /usr/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-B4srK6/python-apt/setup.py'"'"'; __file__='"'"'/tmp/pip-install-B4srK6/python-apt/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-install-B4srK6/python-apt/pip-egg-info
     cwd: /tmp/pip-install-B4srK6/python-apt/
Complete output (5 lines):
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/tmp/pip-install-B4srK6/python-apt/setup.py", line 6, in <module>
    from DistUtilsExtra.command import *
ImportError: No module named DistUtilsExtra.command
----------------------------------------

ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.

When using the latest apache image for nextcloud, the following error occurs ONLYOFFICE cannot be reached. Please contact admin.

How would I go about solving this?

where can I modify or change this? There is no place to do this in the inventory file.

Hi @ReinerNippes

What is the best approach to updating my Nextcloud container in this setup?

Thanks.

What's currently blocking support of Talk on arm(64) architectures? Is the current TURN server incompatible?

Hey
Having run the playbook... which I thank you for! A lot of work done there!

At the end, I get this error

TASK [docker_container : Create the traefik container] ******************************************************************************************************
Thursday 28 May 2020  07:52:22 +0000 (0:00:04.250)       0:01:50.347 **********
fatal: [localhost]: FAILED! => changed=false
  msg: 'Error starting container 2693b444d151a93b08409f5983ce1e0dd1e1ca2abc64941c6d45f05f89dd6757: 400 Client Error: Bad Request ("OCI runtime create failed:49: starting container process caused "process_linux.go:449: container init caused \"rootfs_linux.go:58: mounting \\\"/media/storage/nextcloud/traefik/acme.j"/var/lib/docker/overlay2/737b1fce39f9d534ace825cb4f066549f53594c3d816c08add6b241b09f00365/merged\\\" at \\\"/var/lib/docker/overlay2/737b1fce39f9d534ace825cc08add6b241b09f00365/merged/acme.json\\\" caused \\\"not a directory\\\"\"": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check  path exists and is the expected type")'

PLAY RECAP **************************************************************************************************************************************************
localhost                  : ok=38   changed=3    unreachable=0    failed=1    skipped=3    rescued=0    ignored=0

Thursday 28 May 2020  07:52:25 +0000 (0:00:03.351)       0:01:53.699 **********
===============================================================================
Gathering Facts ---------------------------------------------------------------------------------------------------------------------------------------------
prep_ufw : Configuring port/protocol/network rules ----------------------------------------------------------------------------------------------------------
prep_ufw : Installing ufw package ---------------------------------------------------------------------------------------------------------------------------
prep_docker : add docker key --------------------------------------------------------------------------------------------------------------------------------
prep_os : apt dist-upgrade ----------------------------------------------------------------------------------------------------------------------------------
prep_docker : install needed packages -----------------------------------------------------------------------------------------------------------------------
prep_os : install additional packages -----------------------------------------------------------------------------------------------------------------------
prep_docker : install docker --------------------------------------------------------------------------------------------------------------------------------
docker_container : adding traefik.toml file -----------------------------------------------------------------------------------------------------------------
prep_ufw : Configuring service ------------------------------------------------------------------------------------------------------------------------------
docker_container : Create watchtower container for auto update ----------------------------------------------------------------------------------------------
prep_ufw : Configuring firewall -----------------------------------------------------------------------------------------------------------------------------
prep_docker : add additional docker repo --------------------------------------------------------------------------------------------------------------------
prep_docker : remove ubuntu repo docker ---------------------------------------------------------------------------------------------------------------------
prep_ufw : start ufw ----------------------------------------------------------------------------------------------------------------------------------------
docker_container : Create the traefik container -------------------------------------------------------------------------------------------------------------
prep_os : make sure nextcloud directoies are present --------------------------------------------------------------------------------------------------------
prep_ufw : Enabling firewall --------------------------------------------------------------------------------------------------------------------------------
docker_container : Create frontend network ------------------------------------------------------------------------------------------------------------------
prep_docker : enable docker --

Anyone know how I fix this.. there is a folder in that location with that name but I cannot see whats inside it

This may be of use:

TASK [docker_container : docker watchtower] *****************************************************************************************************************
Thursday 28 May 2020  07:52:11 +0000 (0:00:02.129)       0:01:39.297 **********
included: /home/konradwalsh/nextcloud_on_docker/roles/docker_container/tasks/watchtower.yml for localhost

TASK [docker_container : Create watchtower container for auto update] ***************************************************************************************
Thursday 28 May 2020  07:52:11 +0000 (0:00:00.459)       0:01:39.757 **********
ok: [localhost]

TASK [docker_container : docker traefik] ********************************************************************************************************************
Thursday 28 May 2020  07:52:15 +0000 (0:00:03.502)       0:01:43.260 **********
included: /home/konradwalsh/nextcloud_on_docker/roles/docker_container/tasks/traefik.yml for localhost

TASK [docker_container : ensures traefik dir exists] ********************************************************************************************************
Thursday 28 May 2020  07:52:15 +0000 (0:00:00.505)       0:01:43.766 **********
ok: [localhost]

TASK [docker_container : ensures acme.json file exists] *****************************************************************************************************
Thursday 28 May 2020  07:52:16 +0000 (0:00:01.162)       0:01:44.929 **********
changed: [localhost]

TASK [docker_container : adding traefik.toml file] **********************************************************************************************************
Thursday 28 May 2020  07:52:18 +0000 (0:00:01.168)       0:01:46.097 **********
/usr/lib/python3/dist-packages/passlib/handlers/bcrypt.py:237: PasslibHashWarning: encountered a bcrypt salt with incorrectly set padding bits; you may want h() to fix this; this will be an error under Passlib 2.0
  PasslibHashWarning)
changed: [localhost]

Out put of docker -ps and ps -a

`konradwalsh@nextcloud-server:/media/storage/nextcloud/traefik$ docker ps
CONTAINER ID        IMAGE                                    COMMAND                  CREATED             STATUS                              PORTS               NAMES
5adea4b396e3        collabora/code:latest                    "/bin/sh -c 'bash st…"   8 hours ago         Up 29 minutes                       9980/tcp            collabora_online
19f150790691        adminer:latest                           "entrypoint.sh docke…"   8 hours ago         Up 29 minutes                       8080/tcp            adminer
c35f70bc89a4        redis:4-alpine                           "docker-entrypoint.s…"   8 hours ago         Up 29 minutes                       6379/tcp            redis
9b634a85333c        postgres:10-alpine                       "docker-entrypoint.s…"   8 hours ago         Up 29 minutes                       5432/tcp            nextcloud-db
056c990a40fd        portainer/portainer:latest               "/portainer --host u…"   8 hours ago         Up 29 minutes                       9000/tcp            portainer
40b7c98a5986        svendowideit/traefik-certdumper:latest   "/run.sh"                8 hours ago         Restarting (2) About a minute ago                       certdumper
54ec3efdde90        containrrr/watchtower:latest             "/watchtower --clean…"   8 hours ago         Up 29 minutes                       8080/tcp            watchtower
konradwalsh@nextcloud-server:/media/storage/nextcloud/traefik$ docker ps -a
CONTAINER ID        IMAGE                                    COMMAND                  CREATED             STATUS                           PORTS                                      NAMES
5adea4b396e3        collabora/code:latest                    "/bin/sh -c 'bash st…"   8 hours ago         Up 30 minutes                    9980/tcp                                   collabora_online
db65380d898d        nginx:alpine                             "nginx -g 'daemon of…"   8 hours ago         Exited (127) About an hour ago   80/tcp                                     nginx
979866488fe4        nextcloud:fpm-alpine                     "/entrypoint.sh php-…"   8 hours ago         Exited (127) About an hour ago   9000/tcp                                   nextcloud
19f150790691        adminer:latest                           "entrypoint.sh docke…"   8 hours ago         Up 30 minutes                    8080/tcp                                   adminer
c35f70bc89a4        redis:4-alpine                           "docker-entrypoint.s…"   8 hours ago         Up 30 minutes                    6379/tcp                                   redis
9b634a85333c        postgres:10-alpine                       "docker-entrypoint.s…"   8 hours ago         Up 30 minutes                    5432/tcp                                   nextcloud-db
056c990a40fd        portainer/portainer:latest               "/portainer --host u…"   8 hours ago         Up 30 minutes                    9000/tcp                                   portainer
40b7c98a5986        svendowideit/traefik-certdumper:latest   "/run.sh"                8 hours ago         Restarting (2) 42 seconds ago                                               certdumper
2693b444d151        traefik:1.7-alpine                       "/entrypoint.sh trae…"   8 hours ago         Exited (127) About an hour ago   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   traefik
54ec3efdde90        containrrr/watchtower:latest             "/watchtower --clean…"   8 hours ago         Up 30 minutes                    8080/tcp                                   watchtower
`

When I run the playbook as shown in the README I get a network.yml error:

included: /root/nextcloud_on_docker/roles/docker_container/tasks/network.yml for localhost

TASK [docker_container : Create frontend network] ************************************************************************************************
Thursday 09 January 2020 13:30:54 +0000 (0:00:00.063) 0:01:05.746 ******
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AttributeError: 'module' object has no attribute 'SSL_ST_INIT'
fatal: [localhost]: FAILED! => changed=false
module_stderr: |-
Traceback (most recent call last):
File "/root/.ansible/tmp/ansible-tmp-1578576654.19-46880396426708/AnsiballZ_docker_network.py", line 102, in
_ansiballz_main()
File "/root/.ansible/tmp/ansible-tmp-1578576654.19-46880396426708/AnsiballZ_docker_network.py", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/root/.ansible/tmp/ansible-tmp-1578576654.19-46880396426708/AnsiballZ_docker_network.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible.modules.cloud.docker.docker_network', init_globals=None, run_name='main', alter_sys=True)
File "/usr/lib/python2.7/runpy.py", line 188, in run_module
fname, loader, pkg_name)
File "/usr/lib/python2.7/runpy.py", line 82, in _run_module_code
mod_name, mod_fname, mod_loader, pkg_name)
File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/tmp/ansible_docker_network_payload_oS5W1p/ansible_docker_network_payload.zip/ansible/modules/cloud/docker/docker_network.py", line 285, in
File "/tmp/ansible_docker_network_payload_oS5W1p/ansible_docker_network_payload.zip/ansible/module_utils/docker/common.py", line 43, in
File "/usr/lib/python2.7/dist-packages/requests/init.py", line 53, in
from .packages.urllib3.contrib import pyopenssl
File "/usr/lib/python2.7/dist-packages/urllib3/contrib/pyopenssl.py", line 54, in
import OpenSSL.SSL
File "/usr/lib/python2.7/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import rand, crypto, SSL
File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 118, in
SSL_ST_INIT = _lib.SSL_ST_INIT
AttributeError: 'module' object has no attribute 'SSL_ST_INIT'
module_stdout: ''
msg: |-
MODULE FAILURE
See stdout/stderr for the exact error
rc: 1

Newbie here so excuse the question if it's obvious.
If docker is installed (via ansible playbook etc.) this could be mentioned in the Readme.
If docker is not installed but is a prerequisite this could be mentioned in the Readme - and a pointer to installation given (would be useful)

Where to execute e.g.:

Install Ansible and some needed tools by running the following command with a user that can sudo or is root.

curl -s https://raw.githubusercontent.com/ReinerNippes/nextcloud_on_docker/master/prepare_system.sh | /bin/bash

in the docker instance(?) or on the "containing" physical machine...

Context: I came here from https://help.nextcloud.com/t/how-to-migrate-from-existing-ubuntu-16-04-installation-to-docker/46664
My situation is "similar" I am trying to move a "traditional" non-container installation from ubuntu 16.04 to be "contained" (in this case on the same physical machine). Other existing software/services on the ubuntu machine should continue to function - e.g. there is an old Drupal installation on the machine etc. I am a docker newbie. I will not be using S3 or any other external storage.

System: Debian 9 linode vm
Description:
I tried to remove and reinstall with this playbook when I was debugging an issue that I was seeing with certbot docker.

Note: The certbot issue is unrelated to this current issue, and was in my DNS configuration, as I forgot to add www A record.

When I fixed that DNS issue, I tried reinstalling from scratch, I ran into some issues with the database.

Steps:

1. I followed the uninstall steps

• This didn't get rid of the containers on Debian: ansible-playbook nextdocker.yml -e state=absent
  So I run docker stop $(docker ps -a -q) && docker rm $(docker ps -a -q) && rm -rf /opt/nextcloud/

2. I did find and grep searches to make sure I removed files related to "nextcloud". I noticed I still had users and groups, which I thought is fine as I'll need them again.
3. I reinstalled, only changing the ssl_cert_email and nextcloud_server_fqdn and all the passwords were blank because I wanted random generated.
   Observed:
   During install I get the error:

fatal: [localhost]: FAILED! => changed=true 
  cmd: |-
    docker exec --user www-data nextcloud php occ  maintenance:install  --database pgsql --database-host nextcloud-db --database-name nextcloud  --database-table-prefix oc_ --database-user nextcloud --database-pass xxx  --admin-user admin --admin-pass xxx --data-dir /var/nc-data
  delta: '0:00:00.345130'
  end: '2019-12-25 10:02:10.559402'
  msg: non-zero return code
  rc: 1
  start: '2019-12-25 10:02:10.214272'
  stderr: ''
  stderr_lines: <omitted>
  stdout: |-
    Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[08006] [7] FATAL:  password authentication failed for user "nextcloud"
     ->
  stdout_lines: <omitted>

Also the web interface at https://nextcloud.<my-domain.tld> is up but tells me:

Error
It looks like you are trying to reinstall your Nextcloud. However the file CAN_INSTALL is missing from your config directory. Please create the file CAN_INSTALL in your config folder to continue.

I think the root cause is that I needed to remove the users and passwords before installing again as when I rebuilt my vm and installed with same settings it works perfectly and the only things left on the previous debian9 vm relating to nextcloud config were the username and passwords.
I didn't look too far into where the playbook was getting the passwords or if it was overwriting them.

Hi, nice playbook, it's easy to use and understand for someone new-ish to ansible, I noticed a small issue for debian 9 install:

./nextcloud.yml
First install on debian 9:
fatal: [localhost]: FAILED! => changed=false 
  msg: 'Error: Docker SDK for Python version is 1.9.0 (localhost''s Python /usr/bin/python). Minimum version required is 1.10.0.Use `pip install --upgrade docker-py` to upgrade. Hint: if you do not need Python 2.6 support, try `pip uninstall docker-py` instead, followed by `pip install docker`.'

Run:
pip install --upgrade docker-py && ./nextcloud.yml
It works.

Hallo Reiner,
I have everything up and running on a test droplet - and had great fun on the way. I even have traefik passing certain other fqdns to the host to be served there. Full imagemagick and facerecognition is compiled in too.

A "set" of containers are all working together to provide "nextcloud" (nginx,redis,nextcloud, nextcloud-db...).

My next question is - based on using your setup - how would you recommend hosting multiple nextclouds? (each reached by different sub-domains: nc1.example.com, nc2.example.com etc. ).
BTW I am just hoping for some tips and pointers here and not a full blown solution(!)

It looks (from a docker newbie point of view) that docker-compose would be useful here(?)
To reuse the containers I'd need to ensure state is made extrinsic in Volumes.

My goal is on the one hand to get going quite quickly in production.
On the other hand I'd like in an ideal world to be able e.g. to vary the nextcloud version from
nc1.example.com to nc2.example.com etc. and also be free to add/not add additional compiled in "abilities" such as full imagemagick, facerecognition (pdlib,dlib) (i.e. some nextcloud containers would have less reuse)
On the other hand still(!) I have no idea about the memory/resource implications of this approach.

Hi,

It seems that videos and PDFs are not producing preview thumbnails.

Any idea how to solve this?

Thanks.

Some problem here:
https://github.com/ReinerNippes/nextcloud_on_docker/blob/master/roles/prep_backup/tasks/main.yml

TASK [prep_backup : install restic] *********************************************************************
Friday 03 May 2019  03:38:55 +0200 (0:00:00.442)       0:00:19.230 ************ 
fatal: [localhost]: FAILED! => {"msg": "The conditional check 'restic_repo != ''' failed. The error was: error while evaluating conditional (restic_repo != ''): 'restic_repo' is undefined\n\nThe error appears to have been in '/home/amarinde/nextcloud_on_docker/roles/prep_backup/tasks/main.yml': line 4, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: install restic\n  ^ here\n"}

I did not choose to use rclone. Filed in backup_folder = /var/nc-backup in inventory.

I might be missing something but please help me understand this. I am trying to use this script to install nextcloud and it works just fine for the first time. Now, I want to use the same script, on the same VM and install another docker for nextcloud. My questions -

1. What all values should I change in what all files to make this happen?
2. Where is it defined that the port number for nextcloud is 80 and that of ssl is 443. Can I change this and have multiple containers running on the same machine?

Please help me here!

Does not create a config.php file when you change the all.yml from nextcloud:fpm-alpine to nextcloud-18.0.3-fpm. I believe it maybe a permission issue in the script. Alpine linux does not support the smbclient files that need to loaded for external storage capabilities.

fatal: [localhost]: FAILED! => changed=false
  elapsed: 31
  msg: Timeout when waiting for 172.21.0.3:3306

I just tried switching to mysql. Now having another issue... Looks like the DB doesn't come up quick enough?

Issue

• docker network ls -q would print only network ID's so all the greps won't work;
• grep -v bridge won't work in some docker environments, you can see that 'aaa' also an 'bridge'

docker network create aaa 
d18883a4353849ab35f188d20953d1e00a9cd103c506570871a26d0648af21c1

unic at staging-control in ~
$ docker network ls                                                                                                             
NETWORK ID          NAME                DRIVER              SCOPE
d18883a43538        aaa                 bridge              local
6937dd8b8e29        bridge              bridge              local
741825a49226        docker_gwbridge     bridge              local
168818ce6586        host                host                local
qz5shud88elk        ingress             overlay             swarm
977a250b23bb        none                null                local

Fix

docker network rm $(docker network ls | awk '{print $2}' | grep -v "ID" |  grep -v ingress | grep -v bridge | grep -v host | grep -v none)

The following command:

sudo docker exec nextcloud-db mysqldump --single-transaction -h localhost -u root -p password_here nextcloud > {{nextcloud_dir}}database-dump/db_dump_mysql_nextcloud.sql

within /usr/local/bin/backup_nextcloud.sh doesn't seem to be working. Neither the secret generated /nextcloudir/secrets in mysql_root_secret or database_user_secret work.

Installing Onlyoffice causes the following error. All group_vars are default.

  cmd: docker exec --user www-data nextcloud php occ app:install onlyoffice
  delta: '0:00:00.624761'
  end: '2020-02-03 18:44:54.904508'
  msg: non-zero return code
  rc: 1
  start: '2020-02-03 18:44:54.279747'
  stderr: |2-


      Command "app:install" is not defined.

      Did you mean one of these?
          app:check-code
          maintenance:install
  stderr_lines: <omitted>
  stdout: Nextcloud is not installed - only a limited number of commands are available
  stdout_lines: <omitted>

Hi Reiner,

In the past day something auto-updated and it stopped my nextcloud from being accessible. Looking into it it seemed to have to with and certdumper. Regardless, it had been a while since I synced to the current version of this repository. In doing so I get an error about "nextcloud, The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.8.". I see it was updated in the group vars. Upgrading from v10 to v11 seems convoluted to say the least.

Did I miss something?

Trying to roll back the docker image to v10.13 causes more problems. I have a year of restic backups if that's of any help.

How to you recommend I best proceed?

Hi,

Maybe I don't understand it correctly, but it looks like Traefik and Nginx are both deployed in the default configuration.

Here contains the include_tasks for Traefik and then here in the groups_vars the image is set to fpm-alpine and the when statement checks if fpm is present which it always will be (unless changed)

This confuses me because I thought Traefik and Nginx are both reverse proxies. So why are they both deployed if they perform the same task?

Thanks.

As of Traefik 2.0, the script used as the basis for the certdumper is no longer supported/maintained as per traefik/traefik#4783. This playbook should be modified to use an alternative such as the mentioned ldez/traefik-certs-dumper

Hello, and thanks for your amazing work.

In the README and in the inventory file, you write :

# The restic backup tool will be installed when 'backup_folder' is not empty.
restic_repo                 = ''              # e.g. '/var/nc-backup' .

Is it in fact the restic_repo property ?

I can see in the nextdocker.yml file your following condition :

    - { role: prep_backup,       when: restic_repo != '' }

So I presume backup_folder is in fact restic_repo ?

If it's the case, I can make a PR if needed.

I left the passwords to be generated for me (ie blank), all defaults in group_vars/all.yml and now having the following error:

fatal: [localhost]: FAILED! => changed=true
  cmd: |-
    docker exec --user www-data nextcloud php occ  maintenance:install  --database pgsql --database-host nextcloud-db --database-name nextcloud  --database-table-prefix oc_ --database-user nextcloud --database-pass somepassword  --admin-user some-user --admin-pass someotherpassword --data-dir /var/nc-data
  delta: '0:00:00.505204'
  end: '2020-02-03 18:54:33.770242'
  msg: non-zero return code
  rc: 1
  start: '2020-02-03 18:54:33.265038'
  stderr: ''
  stderr_lines: <omitted>
  stdout: |-
    Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[08006] [7] FATAL:  password authentication failed for user "nextcloud"
     ->
  stdout_lines: <omitted>

Looks like this might be related to #15 which was resolved?

Hi, how can I change the "Header X-Frame-Options" from SAMEORIGIN to ALLOW-FROM? I have installed Traefik, but it's not possible change anything on it.

I tried adding the line add_header X-Frame-Options "allow-from https://*.domain.tld" always; in /opt/nextcloud/config/nginx.conf and change settings in /opt/nextcloud/www/lib/public/AppFramework/Http/ContentSecurityPolicy.php but the changes are not reflected in the Traefik dashboard, so I guess I have to configure something related to Traefik.

[modified] guide: https://help.nextcloud.com/t/solved-nextcloud-16-how-to-allow-iframe-usage/52278/5

Thanks in advance!

Hi,

great script, took a lot of work off me, so this is great. Recently I run into the ERR_TOO_MANY_REDIRECTS error.

This happens on a fresh Ubuntu 18.04 as well as Debian 10 install, and is the message I am greeted with right after the playbook finishes. I was able to recreate this behaviour with Traefik v2 and a current git pull from 6. June 2020.

Choosing a self signed certificate doesn't make a difference. The error remains in all major browsers with current updates. Deleting cookies desn't help.

All containers are up and running, even after reboot. Since the structure with Traefik and let's encrypt is a bit complicated, any ideas where I can narrow the error down?

Thanks for any help and kind regards

Is it possible to offer/integrate ZeroTier into the docker build as an alternative to Let's Encrypt Certificate or Self-Signed? This a P2PVPN that might be a great secure alternative.

ZeroTier Docker GitHub Link

Hi 👋🏻
Thanks for the awesome playbook.
I have some questions.

• If I supply my servers internal IP address (192.168.1.x) and not a FQDN it should generate self-signed certs correct?
• I see Traefik is used to expose nextcloud as a service which is awesome! What networks (internal and external) would I need to supply in a docker-compose.yml to this traefik configuration in order to expose another service which has an internal dB and an external app.

Many thanks!

Were you ever able to get a TURN server talking to Nextcloud for Talk?

This post from October 19th highlights a security vulnerability in Nginx

Looking at the NGINX config here I am not sure this has been mitigated?

Can you confirm @ReinerNippes?

Hi,

How come some of the containers such as adminer contain traefik labels and the Nextcloud container does not?

Hi Reiner,
thanks for this nice setup and the efforts on your work.
Unfortunately I don't get it to work, so I kindly ask for some assistance.

After struggling with of problems on the python setup, I finally managed to get 'ansible' working.
It reports:

ansible --version
ansible 2.8.6
  config file = /home/xxx/programs/nextcloud_on_docker/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.15+ (default, Oct  7 2019, 17:39:04) [GCC 7.4.0]

Is that correct ?

When running ansible playbook '/nextdocker.yml', it fails with error messages:

PLAY [install nextcloud] ... 
TASK [Gathering Facts] *... 
Sunday 20 October 2019  16:06:25 +0200 (0:00:00.604)       0:00:00.604 ********
ok: [localhost]

TASK [prep_ufw : include os specific tasks] ***...
Sunday 20 October 2019  16:06:30 +0200 (0:00:04.453)       0:00:05.058 ********
included: /home/gsi/programs/nextcloud_on_docker/roles/prep_ufw/tasks/Ubuntu.yml for localhost

TASK [prep_ufw : Installing ufw package] 
*
Sunday 20 October 2019  16:06:30 +0200 (0:00:00.403)       0:00:05.462 ********
ok: [localhost]

TASK [prep_ufw : Configuring port/protocol/network rules] 
Sunday 20 October 2019  16:06:37 +0200 (0:00:06.287)       0:00:11.750 ********
failed: [localhost] (item={u'port': 22, u'rule': u'allow'}) => changed=false
  ansible_loop_var: item
  commands:
  - /usr/sbin/ufw status verbose
  item:
    port: 22
    rule: allow
  msg: |-
    ERROR: problem running iptables: iptables v1.6.1: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
failed: [localhost] (item={u'port': 80, u'rule': u'allow'}) => changed=false
  ansible_loop_var: item
  commands:
  - /usr/sbin/ufw status verbose
  item:
    port: 80
    rule: allow
  msg: |-
    ERROR: problem running iptables: iptables v1.6.1: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
failed: [localhost] (item={u'port': 443, u'rule': u'allow'}) => changed=false
  ansible_loop_var: item
  commands:
  - /usr/sbin/ufw status verbose
  item:
    port: 443
    rule: allow
  msg: |-
    ERROR: problem running iptables: iptables v1.6.1: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.

I do not have iptables installed. I'm running a bare blank server edition of:

NAME=Ubuntu
	++ VERSION='18.04.3 LTS (Bionic Beaver)'
	++ ID=ubuntu
	++ ID_LIKE=debian
	++ PRETTY_NAME='Ubuntu 18.04.3 LTS'
	++ VERSION_ID=18.04

on an ODROID C2 which reports its hardware
Linux server 3.16.72-46 #1 SMP PREEMPT Tue Aug 13 18:09:58 -03 2019 aarch64 aarch64 aarch64

BTW, does your setup need 'docker-compose' as an executable as this is not present in the official docker repositories for arm64/aarch64 ?

Thanks for any help !
Gerd

Under Background Jobs, the message in the title is displayed. Nothing in the admin panel for the nextcloud instance show any errors are produced. Do you know how I should begin troubleshooting this?

Hello

First i want to congratulate you on this project.

When i try to execute the ./nextdocker.yml i got:
<<<<<<<<<<<<<<<<<<
TASK [nextcloud_config : first setup nextcloud] **********************************************************************************************
Saturday 28 September 2019 09:09:34 -0400 (0:00:01.487) 0:02:13.144 ****
fatal: [localhost]: FAILED! => changed=true
cmd: |-
docker exec --user www-data nextcloud php occ maintenance:install --database mysql --database-host nextcloud-db --database-name nextcloud --database-table-prefix oc_ --database-user nextcloud --database-pass FvIYw4cQaaMJ1aDqTlBKuuhZEMKbYbbe --admin-user admin --admin-pass lgMFOVcKMzbZx7fedDMLD8jOl8DxA1R6 --data-dir /var/nc-data
delta: '0:00:00.421351'
end: '2019-09-28 09:09:34.756379'
msg: non-zero return code
rc: 1
start: '2019-09-28 09:09:34.335028'
stderr: ''
stderr_lines:
stdout: |-
Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [2002] Connection refused
->
stdout_lines:
PLAY RECAP ***********************************************************************************************************************************
localhost : ok=63 changed=22 unreachable=0 failed=1 skipped=20 rescued=0 ignored=0

All docker containers are up and running.
<<<<<<<<<<<<<<<<<<
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8f9bb1bb35b9 nginx:alpine "nginx -g 'daemon of…" 6 minutes ago Up 6 minutes 80/tcp nginx
348f7054226f nextcloud:fpm-alpine "/entrypoint.sh php-…" 6 minutes ago Up 6 minutes 9000/tcp nextcloud
6c1013357082 redis:4-alpine "docker-entrypoint.s…" 7 minutes ago Up 6 minutes 6379/tcp redis
b67a68befd22 mariadb:latest "docker-entrypoint.s…" 7 minutes ago Up 7 minutes 3306/tcp nextcloud-db
52fbe6e598ef portainer/portainer:latest "/portainer --host u…" 7 minutes ago Up 7 minutes 9000/tcp portainer
4fd889644f29 svendowideit/traefik-certdumper:latest "/run.sh" 7 minutes ago Up 7 minutes certdumper
aee0a6fa352c traefik:1.7-alpine "/entrypoint.sh trae…" 7 minutes ago Up 7 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp traefik
4681983967bd containrrr/watchtower:latest "/watchtower --clean…" 7 minutes ago Up 7 minutes watchtower

So , i tried to run manually that docker command:
<<<<<<<<<<<<<<<<<<
root@debian:~/nextcloud_on_docker# docker exec -ti --user www-data nextcloud /bin/sh
/var/www/html $ php occ status
Nextcloud is not installed - only a limited number of commands are available

• installed: false
• version: 17.0.0.9
• versionstring: 17.0.0
• edition:
  /var/www/html $ php occ maintenance:install --database mysql --database-host nextcloud-db --database-name nextcloud --database-table-prefix
  oc_ --database-user nextcloud --database-pass FvIYw4cQaaMJ1aDqTlBKuuhZEMKbYbbe --admin-user admin --admin-pass lgMFOVcKMzbZx7fedDMLD8jOl8DxA
  1R6 --data-dir /var/nc-data
  Nextcloud was successfully installed
  /var/www/html $

Running again the ./nextdocker.yml :
<<<<<<<<<<<<<<<<<<

PLAY RECAP ***********************************************************************************************************************************
localhost : ok=68 changed=7 unreachable=0 failed=0 skipped=30 rescued=0 ignored=0

:D success.

But, i don't know why it didn't succeed in the first run.

Please help me understand this .

Thank you

Hello! Could You add supporting of extract app by default?
https://apps.nextcloud.com/apps/extract

Hello @ReinerNippes

What steps would I need to take in order to enable Nextcloud talk for my instance where I originally didn't deploy Nextcloud talk and it's dependencies.

I realise the easiest thing to do would be to re-deploy but that's not an option for me currently.

Any steps/advice would be greatly appriciated. 😄

Thanks to you Reiner I now have a working Nextcloud + Collabora instance.
After almost a week of failed attempts.
Even not knowing anything about Docker I'm very grateful for that 🙏🏼
Just one question: Is it possible to update to latest 19.x ?
If yes, how to proceed ?
Thanks again!
Gonzo

Check: https://docs.nextcloud.com/server/16/admin_manual/configuration_database/mysql_4byte_support.html

Note
Also make sure your backup strategy still work. If you use mysqldump make sure to add the --default-character-set=utf8mb4 option. Otherwise your backups are broken and restoring them will result in ? instead of the emojis, making files inaccessible.

So, if the generated nextcloud config.php file contains:
'mysql.utf8mb4' => true,

then the mysqldump command should contain the additional flag:
--default-character-set=utf8mb4

See: \roles\prep_backup\templates\backup_nextcloud.sh.j2

hi,
is it correct that the install script ignore settings like data path, it still be as default /opt/nextcloud instead of /media/1TB/nextcloud. if i choose sqlite i get nextcloud-db doesn't exist i need to choose pgsql then it will install fine.
also traefik ist installed (which i didn't enabled).
what i also don't understand it doesn't use nginx as proxy

pi@docker:~ $ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e6402851e4dd containrrr/watchtower:latest "/watchtower --clean…" 38 hours ago Up 38 hours watchtower
6dab02efcdbf nginx:alpine "nginx -g 'daemon of…" 2 days ago Up 2 days 80/tcp nginx
ab6c7790eebf nextcloud:fpm-alpine "/entrypoint.sh php-…" 2 days ago Up 2 days 9000/tcp nextcloud
2a8a450f629d redis:4-alpine "docker-entrypoint.s…" 2 days ago Up 2 days 6379/tcp redis
d708f9c8cfe9 postgres:10-alpine "docker-entrypoint.s…" 2 days ago Up 2 days 5432/tcp nextcloud-db
831001df43c9 portainer/portainer:latest "/portainer --host u…" 2 days ago Up 2 days 9000/tcp portainer
5248a92f55b2 traefik:alpine "/entrypoint.sh trae…" 2 days ago Up 2 days 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp traefik

my system i try to install on is raspbian on raspberry pi 3 b+

thank you for your support

Hi Reiner,
What is your recommended way to install ImageMagick when using this playbook?
Thanks

Description of Ansible playbook error:

TASK [docker_container : Create mysql container] *********************************************************************************************************************************************
Monday 29 April 2019 02:55:57 +0100 (0:00:00.906) 0:04:21.140 **********
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error pulling mariadb - code: None message: no matching manifest for unknown in the manifest list entries"}

Hi 😄

Recently, Onlyoffice disabled mobile editing in the document server. In light of this. I am investigating how I can switch my existing installation from Onlyoffice to Collabora.

So far I have worked out:

1. Run docker exec --user www-data nextcloud php occ app:disable onlyoffice
2. I need to edit the nginx.conf. Remove the 2 aspects related to onlyoffice and add the 1 addition for collabora. Then restart the nginx container or reboot from within the container for the new config to take effect.
3. Remove {{ nextcloud_www_dir }}/apps/onlyoffice directory.
4. Remove the onlyoffice document server container.
5. Create the directory: {{ nextcloud_www_dir }}/apps/richdocuments.
6. Create the Collabora container as here: https://github.com/ReinerNippes/nextcloud_on_docker/blob/master/roles/docker_container/tasks/collabora.yml
7. Run docker exec --user www-data nextcloud php occ app:install/enable richdocuments
8. Run docker exec --user www-data nextcloud php occ config:app:set richdocuments wopi_url --value https://{{ nextcloud_server_fqdn }}:443

Have I missed anything? 😄

Thanks!

I succesfully installed Nextcloud using this playbook. But somehow Collabora still doesn't work. When I try to op en a document I get a notification. In the logs the following errors appear:

There is an error with the rich documents app:

GuzzleHttp\Exception\ServerException: Server error: `GET https://nextcloud.domain.tld/hosting/discovery` resulted in a `502 Bad Gateway` response: <html> <head><title>502 Bad Gateway</title></head> <body> <center><h1>502 Bad Gateway</h1></center> <hr><center>ngin (truncated...)

    /var/www/html/3rdparty/guzzlehttp/guzzle/src/Middleware.php - line 66:

    GuzzleHttp\Exception\RequestException::create(GuzzleHttp\Psr7\Request {}, "*** sensiti ... *")

    /var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php - line 203:

    GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensiti ... *")

    /var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php - line 156:

    GuzzleHttp\Promise\Promise::callHandler(1, "*** sensiti ... *", [ GuzzleHttp ... l])

    /var/www/html/3rdparty/guzzlehttp/promises/src/TaskQueue.php - line 47:

    GuzzleHttp\Promise\Promise::GuzzleHttp\Promise\{closure}("*** sensiti ... *")

    /var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php - line 246:

    GuzzleHttp\Promise\TaskQueue->run(true)

    /var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php - line 223:

    GuzzleHttp\Promise\Promise->invokeWaitFn()

    /var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php - line 267:

    GuzzleHttp\Promise\Promise->waitIfPending()

    /var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php - line 225:

    GuzzleHttp\Promise\Promise->invokeWaitList()

    /var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php - line 62:

    GuzzleHttp\Promise\Promise->waitIfPending()

    /var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php - line 131:

    GuzzleHttp\Promise\Promise->wait()

    /var/www/html/lib/private/Http/Client/Client.php - line 161:

    GuzzleHttp\Client->request("get", "https://lie ... y", { verify: "/ ... e})

    /var/www/html/apps/richdocuments/lib/WOPI/DiscoveryManager.php - line 106:

    OC\Http\Client\Client->get("https://lie ... y", { timeout: 5})

    /var/www/html/apps/richdocuments/lib/WOPI/DiscoveryManager.php - line 78:

    OCA\Richdocuments\WOPI\DiscoveryManager->fetchFromRemote()

    /var/www/html/apps/richdocuments/lib/WOPI/Parser.php - line 41:

    OCA\Richdocuments\WOPI\DiscoveryManager->get()

    /var/www/html/apps/richdocuments/lib/TokenManager.php - line 155:

    OCA\Richdocuments\WOPI\Parser->getUrlSrc("application ... t")

    /var/www/html/apps/richdocuments/lib/Controller/DocumentController.php - line 184:

    OCA\Richdocuments\TokenManager->getToken("*** sensiti ... *")

    /var/www/html/lib/private/AppFramework/Http/Dispatcher.php - line 166:

    OCA\Richdocuments\Controller\DocumentController->index("*** sensiti ... *")

    /var/www/html/lib/private/AppFramework/Http/Dispatcher.php - line 99:

    OC\AppFramework\Http\Dispatcher->executeController(OCA\Richdocu ... {}, "index")

    /var/www/html/lib/private/AppFramework/App.php - line 118:

    OC\AppFramework\Http\Dispatcher->dispatch(OCA\Richdocu ... {}, "index")

    /var/www/html/lib/private/AppFramework/Routing/RouteActionHandler.php - line 47:

    OC\AppFramework\App::main("OCA\\Richdo ... r", "index", OC\AppFramew ... {}, { _route: "r ... "})

    <<closure>>

    OC\AppFramework\Routing\RouteActionHandler->__invoke({ _route: "r ... "})

    /var/www/html/lib/private/Route/Router.php - line 297:

    call_user_func(OC\AppFramew ... {}, { _route: "r ... "})

    /var/www/html/lib/base.php - line 987:

    OC\Route\Router->match("/apps/richdocuments/index")

    /var/www/html/index.php - line 42:

    OC::handleRequest()

And there also is an error with 'PHP':

Cannot declare class GuzzleHttp\Exception\RequestException, because the name is already in use at /var/www/html/3rdparty/guzzlehttp/guzzle/src/Exception/RequestException.php#0

Maybe this is not a problem of this playbook, maybe it is a problem with one of its components. But I hope there are some thoughts on this!

Due to some DNS mismatch i had to get a new certificate.
This was easily fixed by running the playbook again. Although the playbook did not finish, duo to onlyoffice_documentserver already existing, i got my certificate.

I suggest either skipping the onlyoffice_documentserver or redeploy it if it exist.

See Line 4 at: https://github.com/ReinerNippes/nextcloud_on_docker/blob/8baf39bf8a25e6707273bfa1ad6e7a40e7c9afd9/roles/docker_container/tasks/onlyoffice.yml

System Debian 9

# Uncomment 'traefik_api_user' to get access to your Traefik dashboard at https://nextcloud_server_fqdn/traefik .
# traefik_api_user          = traefik

I have traefik_api_user commented out but unfortunately the dashboard is visible.

First of all. Congrats on this amazing installer.

One thing that I would like to know is how I restore a backup from restic if I need to rebuild my OS (or move to a different server)?

It would be great to have this instruction on README.

Cheers,