I’m currently running a Nextcloud instance in docker, using the “multiple containers” method, but I recently discovered that the reccomended method to run it is using this “All In One” image I previously didn’t know about, and so I wanted to try to migrate to that setup (also in order to have easily also the office and whiteboard features that atm I don’t have on my instance + have easier Backup-restore process)
The problem is that on my server I’m using traefik as a reverse proxy to expose services to the internet, and it is working on a specific docker network (called traefik_net
) where also every container that should be exposed is connected, and from the official documentation of Nextcloud AIO I really don’t understand how am I supposed to configure it to work in a setup like mine (mainly because the mastercontainer creates all the containers it needs on a network called nextcloud_aio
and I didn’t find a way to change that and where to set the proper traefik lables)
Anyone that is running AIO behind a traefik reverse proxy maybe can help me to understand?
I’ve used a AIO + traefik docker setup once, but I might be a little bit rusty, it’s been some time. Docs state that labels do not work with the AIO, due to the fact that mastercontainer manages the containers. With the AIO it is better to not get in the way of the mastercontainer - if any issues occur you have a non-standard deployment and need to consider that while troubleshooting. Not the most elegant solution, but you could run vanilla AIO with traefik external routing via exposed apache port on the node IP using the file provider. If you don’t have one you’ll need to adjust the traefik config file to include:
providers:
file:
filename: #dynamic config file path goes here, example: /etc/traefik/fileConfig.yml
watch: true
Create such file and restart traefik container.
You can use this file to provide all sorts of configs, traefik constantly checks it and makes adjustments. Here’s an example:
http:
## EXTERNAL ROUTING ##
routers:
nextcloud:
rule: "Host(`nextcloud.example.com`)"
entrypoints:
- "https"
service: nextcloud
middlewares:
tls:
certresolver: "letsencrypt"
## SERVICES ##
services:
nextcloud:
loadBalancer:
servers:
- url: "http://IP:PORT of the apache container"
You may route internally if traefik runs on the host network. Check the link to the github documentation above for more info. Consider adjusting for a trusted proxy by limiting access to the apache container as described there.
Thank you! Idk how but I didn’t noticed the paragraph in the docs saying that labels condition is not supported. I’ll try with the file config and see if this way I can make it work.
The only thing I’m still missing is the IP of the Apache container: shouldn’t it be an IP on the traefik_net
network where also the traefik container runs? And if so how can I specify to the mastercontainer to create the Apache container on that network with a specific IP address?
The cleanest way would be to do something described here, in the expanded section “On the same server in a Docker container”. I don’t know your docker setup though. You can however port forward the apache port and expose it on the machine IP, that way you can point the file config to the machine IP. This is the setup you would use if traefik was on a different machine than nextcloud (or any other service), but it will also work in your case. It has a big upside, if you decide to migrate your setup you can just spin up traefik on another machine and copy-paste the dynamic config file with minimal downtime (you would only need to adjust trusted proxy on the nextcloud side, if it’s in use).
thank you! so, wanting to follow your tip and exposing the 11000 port from the apache container to the host (in order to have a setup that is valid even if I move the service to another machine), how should I do that? because the apache container is also created by AIO’s mastercontainer and so I don’t have a place where to specify its port mapping (while usually I would do it adding 11000:11000 to the ports section of the docker compose)…
EDIT
Never mind, my reading skills… I never used the AIO image… Sorry :/.