Running behind Traefik Reverse Proxy

[sleepy-soul]

Hi,
I tried out Nextcloud AIO on docker and it is really AIO stop for Nextcloud. I used the official docker-compose file to run AIO and also start containers as well.
But I want to run AIO behind Traefik Reverse Proxy. Traefik uses docker labels to route traffic and provides SSL as well. It runs on 80,443 and I tried adding 8080 port in label and then access it using URL. It worked but, as soon as I login, I get an error saying "Slim Application Error" and nothing shows up. I am not sure how to proceed further with Traefik or AIO. If anyone got it to working using Traefik, I can have a check at your compose file for better understanding.

Also, another question is, How to change the volume mount from a docker-volume to a host path mount? I added host path instead of docker volume, but container didn't even start and keep showing

"nextcloud-aio | It seems like you did not give the mastercontainer volume the correct name?"

[szaimen]

Hello, I currently see no way around using a traefik.toml if you want to run Nextcloud AIO behind Traefik (also see the network host option in the reverse proxy documentation). But I cannot help further here as I don't run Traefik myself. After someone figured this out I'll gladly add it to the reverse-proxy documentation.

---

Also, another question is, How to change the volume mount from a docker-volume to a host path mount? I added host path instead of docker volume, but container didn't even start and keep showing

There are these two options: https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive and https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir

[szaimen]

You can also see the reply in #553 (reply in thread)

[macaussie]

I used docker-compose and added the apache port as shown below.

nextcloud:
image: nextcloud/all-in-one:latest
restart: unless-stopped
container_name: nextcloud-aio-mastercontainer
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 16000:80
- 16001:8080
- 16002:8443
environment:
- APACHE_PORT=11000
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer

Then in the traefik rules folder I created nc.toml with the following config

[http.routers]
[http.routers.nc-rtr]
entryPoints = ["https"]
rule = "Host(nc.mydomain.com)"
service = "nc-svc"
middlewares = ["chain-no-auth"]
[http.routers.nc-rtr.tls]
certresolver = "dns-cloudflare"

[http.services]
[http.services.nc-svc]
[http.services.nc-svc.loadBalancer]
passHostHeader = true
[[http.services.nc-svc.loadBalancer.servers]]
url = "http://xxx.xxx.xxx.xxx:11000"

Now I have Nextcloud behind a Traefik2 (docker) reverse proxy.

I hope this helps.

[robotictacos]

@szaimen I read both. I think I know what's going on, not sure how to fix it though. I can get the AIO setup screen to start the setup process, but only by using @macaussie 's suggestion of mapping ports 16000-16002 to the internal ports of 80, 8080 and 8443, and then navigating to https://myurl:16001. So progress! So it could be that the 11000 port doesn't actually go anywhere until after the initial setup (can you confirm that?). Otherwise I get a Bad Gateway error.

Now I am stuck on setup. It's looking for a borg backup file, which I don't have because this is a new install. Any tips to get past that?

[szaimen]

you need to enter the domain that you want to use

[robotictacos]

I entered the domain, that part is fine, but I don't have a backup archive, and the setup will not proceed without one.

[szaimen]

don't you get any error message?

[szaimen]

Maybe javascript is disabled?

[robotictacos]

Here is the error shown in the container, note that I tried to provide a (existing) folder and password, in case it wants to create a new backup:

[Wed May 04 16:55:09.695316 2022] [php:notice] [pid 654] [client 127.0.0.1:43692] Slim Application Error\nType: GuzzleHttp\Exception\ServerException\nCode: 500\nMessage: Server error: POST http://localhost/v1.41/containers/nextcloud-aio-borgbackup/start resulted in a 500 Internal Server Error response:\n{"message":"Bind mount failed: '/mnt/backup' does not exists"}\n\n\nFile: /var/www/docker-aio/php/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php\nLine: 113\nTrace: #0 /var/www/docker-aio/php/vendor/guzzlehttp/guzzle/src/Middleware.php(69): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request), Object(GuzzleHttp\Psr7\Response), NULL, Array, NULL)\n#1 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(204): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Response))\n#2 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(153): GuzzleHttp\Promise\Promise::callHandler(1, Object(GuzzleHttp\Psr7\Response), NULL)\n#3 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/TaskQueue.php(48): GuzzleHttp\Promise\Promise::GuzzleHttp\Promise\{closure}()\n#4 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(248): GuzzleHttp\Promise\TaskQueue->run(true)\n#5 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(224): GuzzleHttp\Promise\Promise->invokeWaitFn()\n#6 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\Promise\Promise->waitIfPending()\n#7 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\Promise\Promise->invokeWaitList()\n#8 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\Promise\Promise->waitIfPending()\n#9 /var/www/docker-aio/php/vendor/guzzlehttp/guzzle/src/Client.php(187): GuzzleHttp\Promise\Promise->wait()\n#10 /var/www/docker-aio/php/vendor/guzzlehttp/guzzle/src/ClientTrait.php(95): GuzzleHttp\Client->request('POST', 'http://localhos...', Array)\n#11 /var/www/docker-aio/php/src/Docker/DockerActionManager.php(177): GuzzleHttp\Client->post('http://localhos...')\n#12 /var/www/docker-aio/php/src/Controller/DockerController.php(50): AIO\Docker\DockerActionManager->StartContainer(Object(AIO\Container\Container))\n#13 /var/www/docker-aio/php/src/Controller/DockerController.php(125): AIO\Controller\DockerController->PerformRecursiveContainerStart('nextcloud-aio-b...')\n#14 /var/www/docker-aio/php/vendor/slim/slim/Slim/Handlers/Strategies/RequestResponse.php(43): AIO\Controller\DockerController->StartBackupContainerTest(Object(GuzzleHttp\Psr7\ServerRequest), Object(GuzzleHttp\Psr7\Response), Array)\n#15 /var/www/docker-aio/php/vendor/slim/slim/Slim/Routing/Route.php(384): Slim\Handlers\Strategies\RequestResponse->__invoke(Array, Object(GuzzleHttp\Psr7\ServerRequest), Object(GuzzleHttp\Psr7\Response), Array)\n#16 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(81): Slim\Routing\Route->handle(Object(GuzzleHttp\Psr7\ServerRequest))\n#17 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(81): Slim\MiddlewareDispatcher->handle(Object(GuzzleHttp\Psr7\ServerRequest))\n#18 /var/www/docker-aio/php/vendor/slim/slim/Slim/Routing/Route.php(341): Slim\MiddlewareDispatcher->handle(Object(GuzzleHttp\Psr7\ServerRequest))\n#19 /var/www/docker-aio/php/vendor/slim/slim/Slim/Routing/RouteRunner.php(84): Slim\Routing\Route->run(Object(GuzzleHttp\Psr7\ServerRequest))\n#20 /var/www/docker-aio/php/vendor/slim/csrf/src/Guard.php(456): Slim\Routing\RouteRunner->handle(Object(GuzzleHttp\Psr7\ServerRequest))\n#21 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(209): Slim\Csrf\Guard->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Slim\Routing\RouteRunner))\n#22 /var/www/docker-aio/php/vendor/slim/twig-view/src/TwigMiddleware.php(115): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))\n#23 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(147): Slim\Views\TwigMiddleware->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous))\n#24 /var/www/docker-aio/php/src/Middleware/AuthMiddleware.php(38): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))\n#25 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(313): AIO\Middleware\AuthMiddleware->__invoke(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous))\n#26 /var/www/docker-aio/php/vendor/slim/slim/Slim/Middleware/ErrorMiddleware.php(107): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))\n#27 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(147): Slim\Middleware\ErrorMiddleware->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous))\n#28 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(81): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))\n#29 /var/www/docker-aio/php/vendor/slim/slim/Slim/App.php(215): Slim\MiddlewareDispatcher->handle(Object(GuzzleHttp\Psr7\ServerRequest))\n#30 /var/www/docker-aio/php/vendor/slim/slim/Slim/App.php(199): Slim\App->handle(Object(GuzzleHttp\Psr7\ServerRequest))\n#31 /var/www/docker-aio/php/public/index.php(155): Slim\App->run()\n#32 {main}, referer: https://nextcloud.mydomain.com:16001/containers

If I don't enter anything and click the submit button, I very briefly see a circle, then nothing, as if it will not proceed without some sort of input.

[szaimen]

Maybe reading this would already explain a few things: https://github.com/nextcloud/all-in-one#how-does-it-work

[robotictacos]

No, I meant Nextcloud is working, I created a user login etc. I do appreciate your help though.

[szaimen]

okay if you made it work like this you are likely a magician.
Are you sure that you did not use the toml file?

[szaimen]

can you post the output of sudo docker inspect nextcloud-aio-apache please?

[szaimen]

Hello, I see we have to drastically improve the reverse proxy documentation. I already have some ideas but will probably not come to it before this afternoon.

[macaussie]

@szaimen saw the updated doc. Looks look.

Just an explanation why I personally am mapping the 16000 ports. I have other services running on 80, 8080 & 8443.

[szaimen]

Thanks for the feedback! Will merge this then now :)

Yes, thought so that these ports are already in use :)

[szaimen]

For anyone reading this, please follow the reworked reverse proxy documentation: https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
Feedback is welcome!

[macaussie]

Hi Simon

I have a further update and shall share my files. Whilst it was working, I was still getting the following errors:

The "X-Robots-Tag" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

What I have done to setup my system is as follows:

docker-compose file:
nextcloud:
image: nextcloud/all-in-one:latest
restart: always
container_name: nextcloud-aio-mastercontainer
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 16000:8080
environment:
- APACHE_PORT=11000

volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer

Traefik/rules/nc.toml file:

[http.routers]
[http.routers.nc-rtr]
entryPoints = ["https"]
rule = "Host(my.domain.com)"
service = "nc-svc"
middlewares = ["chain-nc"]
[http.routers.nc-rtr.tls]
certresolver = "dns-cloudflare"

[http.services]
[http.services.nc-svc]
[http.services.nc-svc.loadBalancer]
passHostHeader = true
[[http.services.nc-svc.loadBalancer.servers]]
url = "http://xxx.xxx.xxx.xxx:11000"

Traefik/rules/middlewares.toml file:

#added at the bottom
[http.middlewares.nc-middlewares-secure-headers]
[http.middlewares.nc-middlewares-secure-headers.headers]
accessControlMaxAge = 100
hostsProxyHeaders = ["X-Forwarded-Host"]
sslRedirect = true
stsSeconds = 63072000
stsIncludeSubdomains = true
stsPreload = true
forceSTSHeader = true
customFrameOptionsValue = "SAMEORIGIN"
contentTypeNosniff = true
browserXssFilter = true
referrerPolicy = "same-origin"
featurePolicy = "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
[http.middlewares.nc-middlewares-secure-headers.headers.customResponseHeaders]
X-Robots-Tag = "none"
server = ""

Traefik/rules/middleware-chains.toml file

added at the bottom

[http.middlewares.chain-nc]
[http.middlewares.chain-nc.chain]
middlewares = [ "middlewares-rate-limit", "nc-middlewares-secure-headers"]

No more errors and an A+ on the security scan.

Cheers,
James

[szaimen]

Hi,

thanks for this but there appears to be something wrong. You should not need to set all the headers manually as Nextcloud should provide them on its own. The only header needed should be the HSTS setting and maybe also the x-forwarded-host headder. Can you please investigate this?

Thank you!

[szaimen]

So basically I think these should be enough?

[http.middlewares.nc-middlewares-secure-headers]
[http.middlewares.nc-middlewares-secure-headers.headers]
hostsProxyHeaders = ["X-Forwarded-Host"]
sslRedirect = true
stsSeconds = 63072000
stsIncludeSubdomains = true
stsPreload = true
forceSTSHeader = true

[macaussie]

All of those and these two

referrerPolicy = "same-origin"
X-Robots-Tag = "none"

I assume this is because NextCloud is behind the reverse proxy.

It works without any of this but I do get the warnings with I look at overview.

[macaussie]

Yeah that looks good.

[szaimen]

Thank you! Will merge then :)

[szaimen]

Short question: can everything of this not be in one file or do these have to be different files?

[macaussie]

I believe they have to be seperate files.

[szaimen]

Okay, then lets leave it like this :)

[chrisbley]

I keep getting the "The server is not reachable on port 443" error on the AIO setup page being behind Traefik.
I configured the AIO container using docker labels; Traefik dashboard says that everything is ok, from entrypoint 443 to Service "nextcloud-aio-mastercontainer". I've used my portforwardings for ports 80 and 443 successfully with Nginx Proxy Manager in the past, so I don't think there's anything wrong with my port 443. Any advice how to debug would be very much appreciated - Cheers!

[szaimen]

See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md

[robotictacos]

You have to access the AIO page using port 8080, then you can hit the main Nextcloud page via 443.

…

On May 10, 2022 at 8:07 AM, <chrisbley ***@***.***)> wrote: I keep getting the "The server is not reachable on port 443" error on the AIO setup page being being Traefik. I configured the AIO container using docker labels; Traefik dashboard says that everything is ok, from entrypoint 443 to Service "nextcloud-aio-mastercontainer". I've used my portforwardings for ports 80 and 443 successfully with Nginx Proxy Manager in the past, so I don't think there's anything wrong with my port 443. Any advice how to debug would be very much appreciated - Cheers! — Reply to this email directly, view it on GitHub (#543 (comment)), or unsubscribe (https://github.com/notifications/unsubscribe-auth/ALKJUX4EWH66FGHG5ZVZKV3VJJGPXANCNFSM5U2BWWYA). You are receiving this because you were mentioned.Message ID: ***@***.***>

[chrisbley]

That's exactly what I cannot do - I am on the AIO setup page via my local 8181:8080 port mapping, and getting that port 443 error when putting in my domain name. Sent on the go. Dave Campbell ***@***.***> schrieb am Di., 10. Mai 2022, 14:22:

…

You have to access the AIO page using port 8080, then you can hit the main Nextcloud page via 443. > > On May 10, 2022 at 8:07 AM, <chrisbley ***@***.***)> wrote: > > > > > > > > > I keep getting the "The server is not reachable on port 443" error on the AIO setup page being being Traefik. > I configured the AIO container using docker labels; Traefik dashboard says that everything is ok, from entrypoint 443 to Service "nextcloud-aio-mastercontainer". I've used my portforwardings for ports 80 and 443 successfully with Nginx Proxy Manager in the past, so I don't think there's anything wrong with my port 443. Any advice how to debug would be very much appreciated - Cheers! > > > > — > Reply to this email directly, view it on GitHub ( #543 (comment)), or unsubscribe ( https://github.com/notifications/unsubscribe-auth/ALKJUX4EWH66FGHG5ZVZKV3VJJGPXANCNFSM5U2BWWYA ). > You are receiving this because you were mentioned.Message ID: ***@***.***> > > > — Reply to this email directly, view it on GitHub <#543 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AXKZ5OD4SATRKI7PSRQUOI3VJJIJVANCNFSM5U2BWWYA> . You are receiving this because you commented.Message ID: ***@***.***>

[szaimen]

See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md

[robotictacos]

Yeah you will get that if the reverse proxy isn’t set correctly. I also had that issue. If you are on traefik (I assume you are since you are replying to this discussion) you have to set the url to http://yourip:11000 in your toml file

…

On May 10, 2022 at 8:25 AM, <chrisbley ***@***.***)> wrote: That's exactly what I cannot do - I am on the AIO setup page via my local 8181:8080 port mapping, and getting that port 443 error when putting in my domain name. Sent on the go. Dave Campbell ***@***.***> schrieb am Di., 10. Mai 2022, 14:22: > > > > You have to access the AIO page using port 8080, then you can hit the main > Nextcloud page via 443. > > > > > > > > > > > > > > On May 10, 2022 at 8:07 AM, <chrisbley ***@***.***)> wrote: > > > > > > > > > > > > > > > > > > I keep getting the "The server is not reachable on port 443" error on > the AIO setup page being being Traefik. > > I configured the AIO container using docker labels; Traefik dashboard > says that everything is ok, from entrypoint 443 to Service > "nextcloud-aio-mastercontainer". I've used my portforwardings for ports 80 > and 443 successfully with Nginx Proxy Manager in the past, so I don't think > there's anything wrong with my port 443. Any advice how to debug would be > very much appreciated - Cheers! > > > > > > > > — > > Reply to this email directly, view it on GitHub ( > #543 (comment)), > or unsubscribe ( > https://github.com/notifications/unsubscribe-auth/ALKJUX4EWH66FGHG5ZVZKV3VJJGPXANCNFSM5U2BWWYA > ). > > You are receiving this because you were mentioned.Message ID: > ***@***.***> > > > > > > > > > — > Reply to this email directly, view it on GitHub > <#543 (comment)>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AXKZ5OD4SATRKI7PSRQUOI3VJJIJVANCNFSM5U2BWWYA> > . > You are receiving this because you commented.Message ID: > ***@***.***> > — Reply to this email directly, view it on GitHub (#543 (comment)), or unsubscribe (https://github.com/notifications/unsubscribe-auth/ALKJUX4WWQR23OBSRJN5LATVJJIU5ANCNFSM5U2BWWYA). You are receiving this because you were mentioned.Message ID: ***@***.***>

[chrisbley]

thank you for your replies, @robotictacos! Had to make a break as this was eating too much of my time.

I still haven't managed to get it working - this is my traefik config, after translating szaimen's reverse proxy guide to my yaml file:
https://www.toptal.com/developers/hastebin/nucojotuno.yaml

could you please have a quick look at it, maybe you can find the mistake?

thank you!

[robotictacos]

Hi Chris,
Sad to say, I gave up on AIO. I did manage to get it to work, but then if you need to tweak something inside the container, like for me a path to a folder, it's kind of impossible the way it's currently implemented. Also, I despise volume mapping, I pretty much never ever do that simply because I want access to the folders being mounted inside the guest, and this implementation is absolutely riddled with volumes. It was quite a time sink for not much payoff. If you like I can show my yaml with a more conventional configuration which is performing nicely.

[szaimen]

Regarding being able to tweak things, did you see this https://github.com/nextcloud/all-in-one/tree/main/manual-install?

[robotictacos]

No, that wasn't an option when I was working on this previously, that does seem to reflect what I wanted to do though.

[chrisbley]

hey @robotictacos , thank you for your feedback; I'd love to see your configuration that worked for you!
(I'm still wondering if I should generally switch to toml config instead of yaml config, as most container documentation seem to have toml but not yaml config examples...)
Cheers!

[chrisbley]

Hey @robotictacos, seems my reply didn't get through last time. If you don't mind, could you send me your working traefik config? Thanks a lot! Sent on the go. Dave Campbell ***@***.***> schrieb am Di., 24. Mai 2022, 01:40:

…

Hi Chris, Sad to say, I gave up on AIO. I did manage to get it to work, but then if you need to tweak something inside the container, like for me a path to a folder, it's kind of impossible the way it's currently implemented. Also, I despise volume mapping, I pretty much never ever do that simply because I want access to the folders being mounted inside the guest, and this implementation is absolutely riddled with volumes. It was quite a time sink for not much payoff. If you like I can show my yaml with a more conventional configuration which is performing nicely. — Reply to this email directly, view it on GitHub <#543 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AXKZ5OE4LPOYGQSPMMEISUDVLQJPPANCNFSM5U2BWWYA> . You are receiving this because you commented.Message ID: ***@***.***>

[jonnyparris]

Hey @chrisbley - did you get this working in the end? I'm also getting the 443 error even though https://portchecker.co/check says that the port is open 🤔 . Does that perhaps resonate with any other error / misconfiguration that you've encountered @szaimen ?
(and yes I tried the docs version first, but it didn't work for me, but using labels did).
I also tried using Caddy too but it complains that the 443 has already been bound because I've got Traefik runnning fine for a bunch of other services on the same server. I'm open to ideas to get them playing nicely together failing an update/tweak that gets Traefik working first.
Thanks in advance!

[chrisbley]

Hey Ruskin, No I didn't get it working! It appears to be not about open ports, but rather about headers. I gave up on it. Sent on the go. Ruskin ***@***.***> schrieb am Mi., 17. Aug. 2022, 23:43:

…

Hey @chrisbley <https://github.com/chrisbley> - did you get this working in the end? I'm also getting the 443 error even though https://portchecker.co/check says that the port is open 🤔 . Does that perhaps resonate with any other error / misconfiguration that you've encountered @szaimen <https://github.com/szaimen> ? (and yes I tried the docs version first, but it didn't work for me, but using labels did). I also tried using Caddy too but it complains that the 443 has already been bound because I've got Traefik runnning fine for a bunch of other services on the same server. I'm open to ideas to get them playing nicely together failing an update/tweak that gets Traefik working first. Thanks in advance! — Reply to this email directly, view it on GitHub <#543 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AXKZ5OHOPZH5F72EN24QVETVZVMIZANCNFSM5U2BWWYA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[jonnyparris]

Ah shame. Thanks for the headers hint; I might dive deeper.
Did you give up on Traefik or AIO or both?

[chrisbley]

I gave up on both. Maybe Traefik is just too complicated for me, but there was several things that I failed to do with Trafik: safely expose the API, configure header forwarding for any installation of Nextcloud (docker, VM etc.) and other things. I'm going to use the Nextcloud VM by Hansson and pay them for making it work behind my Nginx Proxy Manager. I've dumped so much time in this already that the 60 Euro per 30min for their service look like good value to me.

------ Originalnachricht ------ Von "Ruskin" ***@***.***> An "nextcloud/all-in-one" ***@***.***> Cc "chrisbley" ***@***.***>; "Mention" ***@***.***> Datum 22.08.2022 13:15:09 Betreff Re: [nextcloud/all-in-one] Running behind Traefik Reverse Proxy (Discussion #543)

Ah shame. Thanks for the headers hint; I might dive deeper. Did you give up on Traefik or AIO or both? — Reply to this email directly, view it on GitHub <#543 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AXKZ5OCYAEPWXVFLWCL4N6DV2NOL3ANCNFSM5U2BWWYA>. You are receiving this because you were mentioned.Message ID:

***@***.***>

…

[jonnyparris]

fwiw I just abandoned traefik completely and used cloudflare tunnels instead and managed to get things working finally.

Disclaimer: I work for CF, but not on the tunnels product and it's my first time using it as a reverse proxy like this. Pleasantly surprising all the same after sinking so many hours into wrestling with Traefik 😤