Https routing "404 page not found" docker file

Hi @all,
I know, there are a lot of questions here regarding '404 page not found' for https...but to be honest, all approaches are very different and did not help in my case.

I have the follwing docker file. With this it is possible to get to traefik dashboard via "http". With https it says "404 page not found". My dashboard also says: "There is no TLS configured".

Can somebody help me what the problem is? Actually I'm a newbie and do not have a lot of experience. So please describe it in an easy way. Thanks in advance!!

version: '3'

services:
  traefik:
    image: traefik:v2.4
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=mymail@myprovider.de"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./letsencrypt:/letsencrypt
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`myserver.myddns.net`) && PathPrefix(`/`)"
      - "traefik.http.routers.traefik.service=api@internal"
      

  nextcloud:
    image: nextcloud
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.rule=Host(`myserver.myddns.net`) && PathPrefix(`/nextcloud`)"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.tls.certresolver=myresolver"

  mattermost:
    image: mattermost/mattermost-preview
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mattermost.rule=Host(`myserver.myddns.net`) && PathPrefix(`/mattermost`)"
      - "traefik.http.routers.mattermost.entrypoints=websecure"
      - "traefik.http.routers.mattermost.tls.certresolver=myresolver"

Use 3 backticks in front and after code, or select code and press </> button. In yaml every space matters.

Use a current Traefik version, not a 1 year old version.

Compare with simple Traefik example.

Thanks! This helped.

Now it is working. Dashboard is popping up....but Im not able to access nextcloud.
It is showing:

# Not Found

The requested URL was not found on this server.

Apache/2.4.52 (Debian) Server at natune-server.ha5fhv1ccw3h6gx8.myfritz.net Port 80"

My config file looks now like this:

version: "3.3"

services:

  traefik:
    image: "traefik:v2.10"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=my.mail@mail.de"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`myserver.dns.net`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver"
      - "traefik.http.routers.traefik.service=api@internal"
    networks:
      - traefik_network      
  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`myserver.dns.net`) && PathPrefix(`/whoami`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
      
    networks:
      - traefik_network      
      
  nextcloud:
    image: nextcloud:latest
    container_name: "nextcloud"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.rule=Host(`myserver.dns.net`) && PathPrefix(`/nextcloud`)"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
    volumes:
      - "/containers/cloud/nextcloud/apps:/var/www/html/apps"
      - "/containers/cloud/nextcloud/config:/var/www/html/config"
      - "/containers/cloud/nextcloud/data:/var/www/html/data"
    depends_on:
      - db
    networks:
      - traefik_network
      
   
  db:
    container_name: "maria-db"
    restart: unless-stopped
    image: mariadb
    command: --innodb-read-only-compressed=OFF #Maria-DB fix
    environment:
      MYSQL_ROOT_PASSWORD: root
      MYSQL_DATABASE: ncdb
      MYSQL_USER: nextcloudUSER
      MYSQL_PASSWORD: nextcloudPASSWORD
    volumes:
      - "/containers/cloud/mariadb:/var/lib/mysql"
    networks:
      - traefik_network
networks:
  traefik_network:

You try to access your service with Host() && PathPrefix(). But is your target service actually responding to the path /nextcloud? Did you configure it to have that base path?

Usually you want (complex) services to be available on their own domain. PathPrefix always makes trouble for interactive web applications, because they mostly respond with fixed links like /login or /static/js/script.js.

You could use various (paid for) subdomains and use CNAME to your DynDNS name.

PS: recently posted a config for NextCloud

Hi,

I did now some changes, because I found out, that nextcloud ist not working with "myserver.com/nextcloud" (PathPrefix) . It needs a subdomain like nextcloud.myserver.com.

And thats my problem, because I have a Fritzbox and Im using "myFritz-Freigabe". And it can not handle subdomains for my server. Here is a short sketch:

myserver1266×643 76.6 KB

Now my idea is to rout the adress myserver.abcd.myfritz.net/nextcloud to a adress on my server like "nextcloud.localhost" and myserver.abcd.myfritz.net/whoami to "whoami.localhost"

Do you think this is possible? My current YML-File is looking like this (I tried to use stripprefix)

version: "3.3"

services:

  traefik:
    image: "traefik:v2.10"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      #- "--entrypoints.websecure.address=:80"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=mymail@gmx.de"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
      - "80:80"
     # - "8065:8065"
     # - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`myserver.abcd.myfritz.net`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver"
      - "traefik.http.routers.traefik.service=api@internal"

      
    networks:
      - traefik_network      
  whoami:
    image: traefik/whoami:v1.8
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.rule=Host(`myserver.abcd.myfritz.net`) && PathPrefix(`/whoami`)"
      - "traefik.http.middlewares.whoami.stripprefix.prefixes=/whoami"
      - "traefik.http.routers.whoami.middlewares=whoami@docker"      
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
     # - "traefik.http.services.whoami.loadbalancer.server.port=80"
      
    networks:
      - traefik_network      
 
 
 
  postgres:
    image: postgres:14-alpine
    container_name: postgres
    restart: always
    volumes:
      - /data/postgres:/var/lib/postgresql/data
    environment:
      - TZ=Europe/Berlin
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_PASSWORD=<ABC>
    networks:
      - traefik_network
    

  nextcloud:
    image: nextcloud
    container_name: nextcloud
    hostname: nextcloud
    restart: always
    volumes:
      - /data/nextcloud:/var/www/html
    environment:
      - TZ=Europe/Berlin
      - POSTGRES_HOST=postgres
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_PASSWORD=<ABC>
      - NEXTCLOUD_ADMIN_PASSWORD=<DEF>
      - NEXTCLOUD_ADMIN_USER=ncadmin
      - NEXTCLOUD_TRUSTED_DOMAINS=myserver.abcd.myfritz.net
      - TRUSTED_PROXIES=traefik
      - OVERWRITEPROTOCOL=https
      - NC_default_phone_region=<EU>
      - APACHE_SERVER_NAME=myserver.abcd.myfritz.net
    depends_on:
      - postgres
    labels:
      - 'traefik.enable=true'
      #- 'traefik.http.routers.nextcloud.tls=true'
      #- 'traefik.http.routers.nextcloud.tls.certresolver=myresolver'
      - 'traefik.http.routers.nextcloud.entrypoints=websecure'
      - "traefik.http.routers.nextcloud.rule=Host(`myserver.abcd.myfritz.net`) && PathPrefix(`/nextcloud`)"
      - "traefik.http.middlewares.nextcloud.stripprefix.prefixes=/nextcloud"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud@docker"  
      - 'traefik.http.routers.nextcloud.middlewares=nextcloud-dav,nextcloud-header'
      - 'traefik.http.services.nextcloud.loadbalancer.server.port=80'
      - 'traefik.http.middlewares.nextcloud-dav.redirectRegex.regex=https://(.*)/.well-known/(card|cal)dav'
      - 'traefik.http.middlewares.nextcloud-dav.redirectRegex.replacement=https://$${1}/remote.php/dav/'
      - 'traefik.http.middlewares.nextcloud-dav.redirectRegex.permanent=true'
      - "traefik.http.middlewares.nextcloud-header.headers.referrerPolicy=no-referrer"
      - "traefik.http.middlewares.nextcloud-header.headers.stsSeconds=15552000"
      - "traefik.http.middlewares.nextcloud-header.headers.forceSTSHeader=true"
      - "traefik.http.middlewares.nextcloud-header.headers.stsPreload=true"
      - "traefik.http.middlewares.nextcloud-header.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.nextcloud-header.headers.browserXssFilter=true"
      - "traefik.http.middlewares.nextcloud-header.headers.customRequestHeaders.X-Forwarded-Proto=https"

    networks:
      - traefik_network
    
 
networks:
  traefik_network:

I don’t think it’s possible to use PathPrefix with a web application like Nextcloud, as I explained above.

You can use DNS CNAME to use DynDNS with multiple domains. Just set your domain to use CNAME and point to your DynDNS domain.

Your domain
Nextcloud.example.com CNAME home.fritz.net
Fritz (automatically)
Home.fritz.net A 1.2.3.4

The domain name resolves to another domain name, that resolves to an IP. But the original domain is sent in the http request, so Traefik can match the domain.

Update: you can set a base path for nextcloud, see for example this post.

Hi bluepuma,
thanks for this tipp.
Yes your right. Nextcloud is not working with pathprefix.

Actually I didnt understand the solution you suggested...what and how I have to do it... Im a newbie?

Can you explain a little bit easier for me? Currently i setted up an account for cloudflare

Usually you set the target IP for a (sub-)domain with your DNS provider. It’s called an A record.

Alternatively you can set a CNAME for a (sub-)domain, pointing to another domain instead of pointing to an IP.

You Fritz DynDNS is pointing home.fritz.net to your home IP, probably from your DSL provider.

Now you can set additional (sub-)domains with your DNS provider to point to that fixed domain with dynamic IP.

nextcloud.mydomain.net -> CNAME -> home.fritz.net

Check if Cloudflare support CNAME. There are also free DNS providers like DuckDNS.

It is possible to use the nexcloud docker image via traefik-proxy and "PathPrefix"

It took me several hours to figure it out. But now it works.

The trick is to create a middleware and use the "replacepathregex" function

Nextcloud config.php

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => '24352345edgsdg',
  'passwordsalt' => 'dfggdfg3456345235',
  'secret' => '+owakmASIneeia1dc624vtCu/n7z3',
  'trusted_domains' =>
  array (
    0 => 'IP Proxy:8081',
    1 => 'test.dyndns.com',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '27.1.1.0',
  'dbname' => 'nextcloud',
  'dbhost' => 'db',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'Password',
  'installed' => true,
  'overwrite.cli.url' => '#todo https://test.dyndns.com/next',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '/next',
  'overwritehost' => '#todo test.dyndns.com',
  'trusted_proxies' =>
  array (
    0 => '#todo IP/24',
  ),
  'loglevel' => 2,
  'maintenance' => false,
);

Nextcloud: docker-compose.yaml

version: '2'

volumes:
  nextcloud:
  db:

services:
  db:
    image: mariadb:10.6
    restart: unless-stopped
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    volumes:
      - ./db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=Password01
      - MYSQL_PASSWORD=Password01
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    networks:
      - docker-proxy-network

  app:
    image: nextcloud:latest
    restart: unless-stopped
#    ports:    #wird nur fuer die Erstinstallation benoetigt
#      - 8081:80
    links:
      - db
    volumes:
      - ./nextcloud:/var/www/html
    environment:
      - MYSQL_PASSWORD=Password01
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db
      - TRUSTED_PROXIES=#todo IP Proxy/24

   labels:
      traefik.enable: true
      traefik.http.routers.nextcloud.entrypoints: websecure
      traefik.http.routers.nextcloud.rule: Host(`test.dyndns.com`) && (PathPrefix(`/next`))
      traefik.http.routers.nextcloud.tls: true
      traefik.http.routers.nextcloud.tls.certresolver: http_resolver
      traefik.http.routers.nextcloud.middlewares: nextcloud-secure-headers, nextcloud_redirectregex, nextcloud_replace_path
      traefik.docker.network: docker-proxy-network

#Middleware #1
      traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent: true
      traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex: 'https://(.*)/.well-known/(?:card|cal)dav'
      traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement: 'https://$${1}/remote.php/dav'

#Middleware #2
      traefik.http.middlewares.nextcloud_replace_path.replacepathregex.regex: "^/next/(.*)"
      traefik.http.middlewares.nextcloud_replace_path.replacepathregex.replacement: "/$$1"

#Middleware #3
      traefik.http.middlewares.nextcloud-secure-headers.headers.hostsProxyHeaders: "X-Forwarded-Host"
      traefik.http.middlewares.nextcloud-secure-headers.headers.referrerPolicy: "same-origin"
      traefik.http.middlewares.nextcloud-secure-headers.headers.customResponseHeaders.X-Robots-Tag: "none"

    networks:
      - docker-proxy-network

networks:
  docker-proxy-network:
    external: true