Skip Navigation

Nextcloud AIO + Traefik

I'm currently running a Nextcloud instance in docker, using the "multiple containers" method, but I recently discovered that the reccomended method to run it is using this "All In One" image I previously didn't know about, and so I wanted to try to migrate to that setup (also in order to have easily also the office and whiteboard features that atm I don't have on my instance + have easier Backup-restore process)

The problem is that on my server I'm using traefik as a reverse proxy to expose services to the internet, and it is working on a specific docker network (called traefik_net) where also every container that should be exposed is connected, and from the official documentation of Nextcloud AIO I really don't understand how am I supposed to configure it to work in a setup like mine (mainly because the mastercontainer creates all the containers it needs on a network called nextcloud_aio and I didn't find a way to change that and where to set the proper traefik lables)

Anyone that is running AIO behind a traefik reverse proxy maybe can help me to understand?

6

You're viewing a single thread.

6 comments
  • I've used a AIO + traefik docker setup once, but I might be a little bit rusty, it's been some time. Docs state that labels do not work with the AIO, due to the fact that mastercontainer manages the containers. With the AIO it is better to not get in the way of the mastercontainer - if any issues occur you have a non-standard deployment and need to consider that while troubleshooting. Not the most elegant solution, but you could run vanilla AIO with traefik external routing via exposed apache port on the node IP using the file provider. If you don't have one you'll need to adjust the traefik config file to include:

    providers:
      file:
        filename: #dynamic config file path goes here, example: /etc/traefik/fileConfig.yml
        watch: true
    

    Create such file and restart traefik container.

    You can use this file to provide all sorts of configs, traefik constantly checks it and makes adjustments. Here's an example:

    http:
      ## EXTERNAL ROUTING ##
      routers:
        nextcloud:
          rule: "Host(`nextcloud.example.com`)"
          entrypoints:
            - "https"
          service: nextcloud
          middlewares:
          tls:
            certresolver: "letsencrypt"
      ## SERVICES ##
      services:
        nextcloud:
          loadBalancer:
            servers:
              - url: "http://IP:PORT of the apache container"
    

    You may route internally if traefik runs on the host network. Check the link to the github documentation above for more info. Consider adjusting for a trusted proxy by limiting access to the apache container as described there.

    • Thank you! Idk how but I didn't noticed the paragraph in the docs saying that labels condition is not supported. I'll try with the file config and see if this way I can make it work. The only thing I'm still missing is the IP of the Apache container: shouldn't it be an IP on the traefik_net network where also the traefik container runs? And if so how can I specify to the mastercontainer to create the Apache container on that network with a specific IP address?

      • The cleanest way would be to do something described here, in the expanded section "On the same server in a Docker container". I don't know your docker setup though. You can however port forward the apache port and expose it on the machine IP, that way you can point the file config to the machine IP. This is the setup you would use if traefik was on a different machine than nextcloud (or any other service), but it will also work in your case. It has a big upside, if you decide to migrate your setup you can just spin up traefik on another machine and copy-paste the dynamic config file with minimal downtime (you would only need to adjust trusted proxy on the nextcloud side, if it's in use).

        • thank you! so, wanting to follow your tip and exposing the 11000 port from the apache container to the host (in order to have a setup that is valid even if I move the service to another machine), how should I do that? because the apache container is also created by AIO’s mastercontainer and so I don’t have a place where to specify its port mapping (while usually I would do it adding 11000:11000 to the ports section of the docker compose)…

          • If I remember correctly setting APACHE_PORT env variable in the mastercontainer section in your compose file should be enough to expose apache port on the node IP, mastercontainer should handle the process. These are the defaults from their compose example.

            services:
              nextcloud-aio-mastercontainer:
                environment:
                  APACHE_PORT: 11000  
            

            As you've noticed, forwarding things that way seems counterintuitive, because mastercontainer handles the managed containers and accepts limited config options as variables. Check the example compose file for common config options, like the upload limits. This is a major tradeoff of the AIO, by design, it is a standardised deployment, easy to troubleshoot and hadles a lot of things automatically, but it's inflexible. Once you get it running though it rarely causes problems.

            • ok I checked and you are right, the apache container actually exposes the 11000 port on the host. so i tried following the instructions for “traefik in a docker container on the same machine” and… it still didn’t work (now I was getting a Bad Gateway error)

              at this point I think I’ll just stick with my old setup with docker compose. I was interested in AIO because I thought it could have been an easier to maintain way to host NC (also considering it’s official, while the docker compose method is not) but apparently it’s not meant to be inserted in an already existing setup like mine so I’ll stick with what I currently have.

              it would be nice though if the NC devs also publish a “recommended docker-compose.yaml file” (in a similar way of what Immich does) so that more advanced users still can have an easy way to set everything up without having to look for the correct containers and settings required all over the internet

6 comments