For anyone following along (@cfabbro) we got it working!! The MariaDB container was failing to start up because we never configured a password for it. Woohoo!! The final docker-compose.yml:...
Exemplary
For anyone following along (@cfabbro) we got it working!! The MariaDB container was failing to start up because we never configured a password for it. Woohoo!!
Haha, isn't that just the worst when something like that happens? If I had a dollar for every minute I have wasted troubleshooting only to find out I missed something super fundamental/simple, I...
The MariaDB container was failing to start up because we never configured a password for it.
Haha, isn't that just the worst when something like that happens? If I had a dollar for every minute I have wasted troubleshooting only to find out I missed something super fundamental/simple, I would probably be a millionaire right now. :P
Congats, and thanks for the ping. Also, you're an awesome person for being so generous with your time and expertise, @smores! :)
Hahaha yes! I’m glad we were able to get on a call, the real time log tailing made it very apparent what was wrong. Absolutely!! It was very nice to be able to help out; honestly it went even more...
Hahaha yes! I’m glad we were able to get on a call, the real time log tailing made it very apparent what was wrong.
Absolutely!! It was very nice to be able to help out; honestly it went even more smoothly than I expected!
I would highly recommend getting it set up with Docker. It’s much, much easier to manage the dependencies, permissions, and upgrades that way. If you could use some more guidance I can check back...
I would highly recommend getting it set up with Docker. It’s much, much easier to manage the dependencies, permissions, and upgrades that way. If you could use some more guidance I can check back in tonight after work and try to help out! I’ve set up Nextcloud a few times now
Sorry it's so late! I got caught up in a few other things. Happy to help though! What GCP platform are you using? Google Compute Engine? Google actually has some pretty great documentation for...
Sorry it's so late! I got caught up in a few other things. Happy to help though!
What GCP platform are you using? Google Compute Engine? Google actually has some pretty great documentation for setting up Docker on a GCE instance: https://cloud.google.com/compute/docs/containers/
You could also use GKE, Google Kubernetes Engine, which is specifically for spinning up containerized (i.e. dockerized) applications. This might end up being more complicated in the long run, if you end up wanting a MySQL/MariaDB instance (instead of SQLite), and I'm actually not sure off the top of my head what work would need to be done to have a persistent volume for the actual files.
Unless you have a particular desire to learn Kubernetes (it is a very cool platform!) it probably makes sense to stick to GCE. The docs for the nextcloud docker image actually give an example docker-compose.yml file for nextcloud with a mariadb database:
You can save that as a file, docker-compose.yml, in your home directory on your GCE instance, and then run docker-compose up -d, and once everything finishes installing and running, you'll have a working nextcloud instance!
There are a few more steps (you'll want to make sure you get SSL and a domain name set up, and open ports 80 and 443 on your GCE host) but this is probably a good goal for now if this is your first experience with Docker. Definitely ask any questions and I'll do my best to help!
I’m reading a bit more about the Container Optimized OS; it seems a little intense :/ haha it would probably be easiest to just use the Ubuntu base image instead, and use these instructions to...
I’m reading a bit more about the Container Optimized OS; it seems a little intense :/ haha it would probably be easiest to just use the Ubuntu base image instead, and use these instructions to install Docker on it: https://docs.docker.com/engine/install/ubuntu/
Awesome!! Installing Nextcloud should be as easy as creating a file named docker-compose.yml with the contents I posted above, and then running docker-compose up -d from the directory that file is in
Awesome!! Installing Nextcloud should be as easy as creating a file named docker-compose.yml with the contents I posted above, and then running docker-compose up -d from the directory that file is in
Ah! Yeah you'll need to start the Docker daemon. I think you should be able to do that with systemd: https://docs.docker.com/engine/install/linux-postinstall/#configure-docker-to-start-on-boot You...
Woohoo! That’s great. The next steps are to get the ports opened and forwarded correctly. I’ll write something up tomorrow about how to get that working (you might be able to find it yourself,...
Woohoo! That’s great. The next steps are to get the ports opened and forwarded correctly. I’ll write something up tomorrow about how to get that working (you might be able to find it yourself, too!). Basically what you’re looking for is documentation on opening ports 80 and 443 on your GCE instance (it’s possible that there’s no work to do here and this is already working, I would just have to check). You’ll also want to change the port mapping in your docker compose file; right now it reads 8080:80, but we’ll want to set it to 80:80, so that when you type the IP address of your instance into your browser, you’ll be served your Nextcloud instance by default. Once those two steps are done, you should be able to visit your Nextcloud instance by just typing your instance’s IP address into your browser!
Alright let's see what we can do! (sorry I didn't have a chance to look into this sooner, was having some issues with the lawn mower this morning!) So essentially what we're doing is creating an...
Exemplary
Alright let's see what we can do! (sorry I didn't have a chance to look into this sooner, was having some issues with the lawn mower this morning!)
So essentially what we're doing is creating an "ingress" rule in the Firewall for your network. Ingress rules specify how the firewall handles incoming connections. The steps for doing this are here. You're going to want to create a new ingress rule that allows traffic on the tcp protocol on port 80. Until you have a domain name and SSL set up (we can talk through how to do this, too), you might want to set a Source filter that only allows traffic from your home network.
Then, like I mentioned above, you'll want to change the 8080:80 line to 80:80 in your docker-compose.yml, and you should be able to access your nextcloud instance by typing the IP address of your GCE instance into your browser!
Yes! Definitely. Once you have a domain name and SSL, you can open up the source filter so that it can be connected to from any IP, but you still want to make sure that you’re only exposing...
Yes! Definitely. Once you have a domain name and SSL, you can open up the source filter so that it can be connected to from any IP, but you still want to make sure that you’re only exposing HTTP(S) ports (80 and 443) to the internet!
Sweet!!! Actually, now that’s definitely working, before you fill out the setup, now might be a good time to get a reverse proxy set up with an SSL cert. I have to go for a run, but in the...
Sweet!!! Actually, now that’s definitely working, before you fill out the setup, now might be a good time to get a reverse proxy set up with an SSL cert. I have to go for a run, but in the meantime, if you don’t have one already, now would be a good time to buy a domain name! I’ll write up some instructions to get set up with caddy when I get back!
Ok! Let's do this. Step 1: You need to point your domain name at your server! If you haven't already, add an A record with your domain registrar that resolves to the IP address of your GCE...
Ok! Let's do this.
Step 1: You need to point your domain name at your server! If you haven't already, add an A record with your domain registrar that resolves to the IP address of your GCE instance. We'll need this in order to set up Caddy.
Step 2: Make a new file named Caddyfile. This is the contents of the configuration for the caddy server. It should look like this:
yourdomainname.com {
header / {
Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
Content-Security-Ploicy "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';frame-src 'self';child-src 'self'"
X-Robots-Tag "none" # This will ask search engines _not_ to index your site! If you want to be indexed, remove this
}
proxy / localhost:8080 {
transparent
insecure_skip_verify
websocket
}
}
Happy to answer any questions about what's happening above!
Step 3: We need to make some changes to the docker-compose.yml again. Here's what we need:
version:'2'volumes:nextcloud:db:caddy_data:services:db:image:mariadbcommand:--transaction-isolation=READ-COMMITTED --binlog-format=ROWrestart:alwaysvolumes:-db:/var/lib/mysqlenvironment:-MYSQL_ROOT_PASSWORD=-MYSQL_PASSWORD=-MYSQL_DATABASE=nextcloud-MYSQL_USER=nextcloudapp:image:nextcloudports:-8080:80# Note that this is a back to 8080 again!links:-dbvolumes:-nextcloud:/var/www/htmlrestart:alwayscaddy:image:caddyvolumes:-"path/to/Caddyfile:/etc/caddy/Caddyfile"# Make sure you replace "path/to/Caddyfile" with the actual path to your Caddyfile that you made earlier!-"caddy_data:/data"ports:-80:80-443:443restart:always
Then if you restart docker-compose (sudo docker-compose down && sudo docker-compose up -d), you should find yourself able to get back to that settings page by going to your domain name in your browser!
Full disclosure: I've never run Caddy via docker-compose before, so it's possible I mucked up that config file. Let me know if you run into any trouble!
Cool! So it seems like Caddy wasn’t able to complete the ACME challenge it uses to get you an SSL cert. Most likely this means I messed up that docker compose :P Can you: copy/paste your current...
Cool! So it seems like Caddy wasn’t able to complete the ACME challenge it uses to get you an SSL cert. Most likely this means I messed up that docker compose :P
Can you:
copy/paste your current docker-compose.yml in here?
run sudo docker-compose logs and try to paste in any lines pertaining to the caddy container? Each line should be prefixed with the name of the container, so the caddy ones should start with something like [caddy_1]
This is the issue, but I don’t know why. From reading the docs on the caddy docker image, it should be enough to just have 443:443 in the port mapping (which you do!). I’ll read a bit more about...
server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server
This is the issue, but I don’t know why. From reading the docs on the caddy docker image, it should be enough to just have 443:443 in the port mapping (which you do!). I’ll read a bit more about the caddy docker setup and see if anything jumps out.
Oh, one more thing (this might be it?) You have - “/etc/Caddyfile”; you need to have - “path/to/Caddyfile:/etc/caddy/Caddyfile” instead. So, for example, if your Caddyfile is in /home/abc, you...
Oh, one more thing (this might be it?)
You have - “/etc/Caddyfile”; you need to have - “path/to/Caddyfile:/etc/caddy/Caddyfile” instead. So, for example, if your Caddyfile is in /home/abc, you need - “/home/abc/Caddyfile:/etc/caddy/Caddyfile”
It looks like somehow that last quote after /etc/caddy/Caddyfile is a curly quote, instead of a straight quote. Try deleting it and retyping it. Also this might have just been a copy/paste issue,...
It looks like somehow that last quote after /etc/caddy/Caddyfile is a curly quote, instead of a straight quote. Try deleting it and retyping it.
Also this might have just been a copy/paste issue, but make sure that caddy: is also indented two spaces! It should be indented at the same level as db: and app:
You might need to change this to www.abc-cloud-xyz, since it seems like you're being redirected there. This isn't causing any of the issues we're currently seeing, but this should be...
abc-cloud.xyz
You might need to change this to www.abc-cloud-xyz, since it seems like you're being redirected there.
Content-Security-Ploicy
This isn't causing any of the issues we're currently seeing, but this should be Content-Security-Policy!
unrecognized directive: proxy
Womp, this is my bad. You're using Caddy v2; I gave you configuration for Caddy v1. I believe that entire proxy block
proxy / localhost:8080 {
transparent
websocket
}
can be replaced with the new reverse_proxy directive
reverse_proxy localhost:8080
EDIT:
Also it looks like you can (should?) remove the / after header, so that it just reads
Hahaha sure is. Request URL: https://www.abc-cloud.xyz/ Request Method: GET Remote Address: 34.72.140.170:443 Status Code: 502 Bad Gateway Version: HTTP/2 502 Bad Gateway means that caddy is for...
Hahaha sure is.
Request URL: https://www.abc-cloud.xyz/
Request Method: GET
Remote Address: 34.72.140.170:443
Status Code: 502 Bad Gateway
Version: HTTP/2
502 Bad Gateway means that caddy is for some reason unable to communicate with the Nexcloud backend. Could you check the logs again?
EDIT:
Oh, you know what? I bet this is a docker networking thing. I'll poke around the docs a bit more.
WOOHOO!! Admin username & password - yup, this is what you think it is The Data Folder field has /var/www/html/data by default so I guess I leave it? - This should be fine! Just note that this is...
WOOHOO!!
Admin username & password - yup, this is what you think it is
The Data Folder field has /var/www/html/data by default so I guess I leave it? - This should be fine! Just note that this is on your GCE instance, so you'll have available to you however much storage your instance has
Configure the database: I assume that I'll select MySQL/MariaDB - Yes!
Database user? - nextcloud
Database password? - no password, let me know if this causes any issues but it should be fine I think
Database name? - nextcloud
localhost? - the database host is db
A checkbox to install (or not) recommended apps. Probably fine to leave this unchecked and add these as they become useful
Hm. Ok. Let's try adding a custom network so we can just use localhost (I really didn't think this would be the thing we'd get stuck on!) Here's what your docker-compose should look like now:...
Hm. Ok. Let's try adding a custom network so we can just use localhost (I really didn't think this would be the thing we'd get stuck on!) Here's what your docker-compose should look like now:
Note the new networks entry at the top level, and also in the db and app service configs.
I think this should let you just leave the default localhost. It's possible that this might also mean needing to change your Caddyfile; if after making this change you get a blank page again, try changing http://app:80 to http://backend:80 (hopefully you won't need to do that though).
Hahahaha I think a giant tildes thread probably isn’t the most... efficient way to have this conversation :) honestly I’m pretty impressed at how far we’ve gotten in spite of that though!
Hahahaha I think a giant tildes thread probably isn’t the most... efficient way to have this conversation :) honestly I’m pretty impressed at how far we’ve gotten in spite of that though!
Heh, it used to be wayyyyy worse before the (reply to above comment) feature. That pretty much solved the issue, at least from a technical perspective.
Heh, it used to be wayyyyy worse before the (reply to above comment) feature. That pretty much solved the issue, at least from a technical perspective.
Hahahaha :sigh: remote debugging can be a little tough! Actually, I wonder if we’re at the point where it would make sense to have a quick video chat and try to work this out in real time? Up to...
Hahahaha :sigh: remote debugging can be a little tough!
Actually, I wonder if we’re at the point where it would make sense to have a quick video chat and try to work this out in real time? Up to you, I imagine it would go a lot faster though!
Jitsi should work fine unless you only have Safari available? We can figure out something else if so, though. I have a Google Meet account through work, too
Jitsi should work fine unless you only have Safari available? We can figure out something else if so, though. I have a Google Meet account through work, too
Oh! Actually, I bet I know what's happening! You need to add one more Firewall rule. Same as before, now you're going to want to create a new ingress rule that allows traffic on the tcp protocol...
Oh! Actually, I bet I know what's happening!
You need to add one more Firewall rule. Same as before, now you're going to want to create a new ingress rule that allows traffic on the tcp protocol on port 443. 443 is the port that browsers use for HTTPS traffic by default, and it needs to be open in the firewall for the ACME challenge to work!
For anyone following along (@cfabbro) we got it working!! The MariaDB container was failing to start up because we never configured a password for it. Woohoo!!
The final
docker-compose.yml
:And final
Caddyfile
:Haha, isn't that just the worst when something like that happens? If I had a dollar for every minute I have wasted troubleshooting only to find out I missed something super fundamental/simple, I would probably be a millionaire right now. :P
Congats, and thanks for the ping. Also, you're an awesome person for being so generous with your time and expertise, @smores! :)
Hahaha yes! I’m glad we were able to get on a call, the real time log tailing made it very apparent what was wrong.
Absolutely!! It was very nice to be able to help out; honestly it went even more smoothly than I expected!
I would highly recommend getting it set up with Docker. It’s much, much easier to manage the dependencies, permissions, and upgrades that way. If you could use some more guidance I can check back in tonight after work and try to help out! I’ve set up Nextcloud a few times now
Sorry it's so late! I got caught up in a few other things. Happy to help though!
What GCP platform are you using? Google Compute Engine? Google actually has some pretty great documentation for setting up Docker on a GCE instance: https://cloud.google.com/compute/docs/containers/
You could also use GKE, Google Kubernetes Engine, which is specifically for spinning up containerized (i.e. dockerized) applications. This might end up being more complicated in the long run, if you end up wanting a MySQL/MariaDB instance (instead of SQLite), and I'm actually not sure off the top of my head what work would need to be done to have a persistent volume for the actual files.
Unless you have a particular desire to learn Kubernetes (it is a very cool platform!) it probably makes sense to stick to GCE. The docs for the nextcloud docker image actually give an example docker-compose.yml file for nextcloud with a mariadb database:
You can save that as a file,
docker-compose.yml
, in your home directory on your GCE instance, and then rundocker-compose up -d
, and once everything finishes installing and running, you'll have a working nextcloud instance!There are a few more steps (you'll want to make sure you get SSL and a domain name set up, and open ports 80 and 443 on your GCE host) but this is probably a good goal for now if this is your first experience with Docker. Definitely ask any questions and I'll do my best to help!
I’m reading a bit more about the Container Optimized OS; it seems a little intense :/ haha it would probably be easiest to just use the Ubuntu base image instead, and use these instructions to install Docker on it: https://docs.docker.com/engine/install/ubuntu/
Awesome!! Installing Nextcloud should be as easy as creating a file named
docker-compose.yml
with the contents I posted above, and then runningdocker-compose up -d
from the directory that file is inAh! Yeah you'll need to start the Docker daemon. I think you should be able to do that with systemd: https://docs.docker.com/engine/install/linux-postinstall/#configure-docker-to-start-on-boot
You can try something like
To start it, and
To make sure it started up correctly
Huh! Could you show me the output from
sudo service docker status
?Ah, you know what, you might need to run docker compose as root. Could you try
sudo docker-compose up -d
?Woohoo! That’s great. The next steps are to get the ports opened and forwarded correctly. I’ll write something up tomorrow about how to get that working (you might be able to find it yourself, too!). Basically what you’re looking for is documentation on opening ports 80 and 443 on your GCE instance (it’s possible that there’s no work to do here and this is already working, I would just have to check). You’ll also want to change the port mapping in your docker compose file; right now it reads 8080:80, but we’ll want to set it to 80:80, so that when you type the IP address of your instance into your browser, you’ll be served your Nextcloud instance by default. Once those two steps are done, you should be able to visit your Nextcloud instance by just typing your instance’s IP address into your browser!
Alright let's see what we can do! (sorry I didn't have a chance to look into this sooner, was having some issues with the lawn mower this morning!)
So essentially what we're doing is creating an "ingress" rule in the Firewall for your network. Ingress rules specify how the firewall handles incoming connections. The steps for doing this are here. You're going to want to create a new ingress rule that allows traffic on the tcp protocol on port 80. Until you have a domain name and SSL set up (we can talk through how to do this, too), you might want to set a Source filter that only allows traffic from your home network.
Then, like I mentioned above, you'll want to change the
8080:80
line to80:80
in yourdocker-compose.yml
, and you should be able to access your nextcloud instance by typing the IP address of your GCE instance into your browser!Nothing of substance to add here, but I just wanted to say that you're awesome for being so helpful. Have an exemplary! :)
Thanks @cfabbro!! I appreciate it!
Yes! Definitely. Once you have a domain name and SSL, you can open up the source filter so that it can be connected to from any IP, but you still want to make sure that you’re only exposing HTTP(S) ports (80 and 443) to the internet!
Good luck!
Sweet!!! Actually, now that’s definitely working, before you fill out the setup, now might be a good time to get a reverse proxy set up with an SSL cert. I have to go for a run, but in the meantime, if you don’t have one already, now would be a good time to buy a domain name! I’ll write up some instructions to get set up with caddy when I get back!
Ok! Let's do this.
Step 1: You need to point your domain name at your server! If you haven't already, add an A record with your domain registrar that resolves to the IP address of your GCE instance. We'll need this in order to set up Caddy.
Step 2: Make a new file named
Caddyfile
. This is the contents of the configuration for the caddy server. It should look like this:Happy to answer any questions about what's happening above!
Step 3: We need to make some changes to the
docker-compose.yml
again. Here's what we need:Then if you restart docker-compose (
sudo docker-compose down && sudo docker-compose up -d
), you should find yourself able to get back to that settings page by going to your domain name in your browser!Full disclosure: I've never run Caddy via docker-compose before, so it's possible I mucked up that config file. Let me know if you run into any trouble!
Cool! So it seems like Caddy wasn’t able to complete the ACME challenge it uses to get you an SSL cert. Most likely this means I messed up that docker compose :P
Can you:
docker-compose.yml
in here?sudo docker-compose logs
and try to paste in any lines pertaining to the caddy container? Each line should be prefixed with the name of the container, so the caddy ones should start with something like[caddy_1]
This is the issue, but I don’t know why. From reading the docs on the caddy docker image, it should be enough to just have 443:443 in the port mapping (which you do!). I’ll read a bit more about the caddy docker setup and see if anything jumps out.
Oh, one more thing (this might be it?)
You have
- “/etc/Caddyfile”
; you need to have- “path/to/Caddyfile:/etc/caddy/Caddyfile”
instead. So, for example, if your Caddyfile is in/home/abc
, you need- “/home/abc/Caddyfile:/etc/caddy/Caddyfile”
It looks like somehow that last quote after /etc/caddy/Caddyfile is a curly quote, instead of a straight quote. Try deleting it and retyping it.
Also this might have just been a copy/paste issue, but make sure that
caddy:
is also indented two spaces! It should be indented at the same level asdb:
andapp:
Ok! Could you show me:
sudo docker-compose logs
?You might need to change this to
www.abc-cloud-xyz
, since it seems like you're being redirected there.This isn't causing any of the issues we're currently seeing, but this should be
Content-Security-Policy
!Womp, this is my bad. You're using Caddy v2; I gave you configuration for Caddy v1. I believe that entire proxy block
can be replaced with the new reverse_proxy directive
EDIT:
Also it looks like you can (should?) remove the
/
afterheader
, so that it just readsHahaha sure is.
Request URL: https://www.abc-cloud.xyz/
Request Method: GET
Remote Address: 34.72.140.170:443
Status Code: 502 Bad Gateway
Version: HTTP/2
502 Bad Gateway means that caddy is for some reason unable to communicate with the Nexcloud backend. Could you check the logs again?
EDIT:
Oh, you know what? I bet this is a docker networking thing. I'll poke around the docs a bit more.
Ah, let's try replacing
localhost:8080
in the Caddyfile withhttp://app:80
WOOHOO!!
Admin username & password - yup, this is what you think it is
The Data Folder field has /var/www/html/data by default so I guess I leave it? - This should be fine! Just note that this is on your GCE instance, so you'll have available to you however much storage your instance has
Configure the database: I assume that I'll select MySQL/MariaDB - Yes!
Database user? - nextcloud
Database password? - no password, let me know if this causes any issues but it should be fine I think
Database name? - nextcloud
localhost? - the database host is
db
A checkbox to install (or not) recommended apps. Probably fine to leave this unchecked and add these as they become useful
Hm. Let's try adding
To the
db:
part of the configuration, and then putdb:3306
in the host field on the nextcloud setup pageHm. Ok. Let's try adding a custom network so we can just use localhost (I really didn't think this would be the thing we'd get stuck on!) Here's what your docker-compose should look like now:
Note the new
networks
entry at the top level, and also in thedb
andapp
service configs.I think this should let you just leave the default
localhost
. It's possible that this might also mean needing to change your Caddyfile; if after making this change you get a blank page again, try changinghttp://app:80
tohttp://backend:80
(hopefully you won't need to do that though).Goddamn, you two are still trying to sort this out? Madness!! Though it's awesome to see you still trying to help @suspended. :)
Hahahaha I think a giant tildes thread probably isn’t the most... efficient way to have this conversation :) honestly I’m pretty impressed at how far we’ve gotten in spite of that though!
Heh, it used to be wayyyyy worse before the (reply to above comment) feature. That pretty much solved the issue, at least from a technical perspective.
Hahahaha :sigh: remote debugging can be a little tough!
Actually, I wonder if we’re at the point where it would make sense to have a quick video chat and try to work this out in real time? Up to you, I imagine it would go a lot faster though!
We can use Jitsi! Are you free now-ish? I need like 15 minutes
Jitsi should work fine unless you only have Safari available? We can figure out something else if so, though. I have a Google Meet account through work, too
Ok! Let's try it, we can do something else if it doesn't work: https://meet.jit.si/abc-cloud-debugging
Oh! Actually, I bet I know what's happening!
You need to add one more Firewall rule. Same as before, now you're going to want to create a new ingress rule that allows traffic on the tcp protocol on port 443. 443 is the port that browsers use for HTTPS traffic by default, and it needs to be open in the firewall for the ACME challenge to work!