Nextcloud behind Traefik2 - how?

macmattias · October 31, 2021, 10:04am

I am running Nextcloud behind Traefik using these labels on the nextcloud container:

    labels:
      - traefik.enable=true
      - traefik.http.routers.nextcloud.entrypoints=websecure
      - traefik.http.routers.nextcloud.rule=Host(`cloud.domain.tld`)
      - traefik.http.routers.nextcloud.tls.certresolver=cloudflare

I get to many redirects when using that URL, what I have read about this is that I need to use websecure to avoid this and that is what I have used.

With these I get an 404:

      - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect
      - traefik.http.routers.nextcloud.tls.certresolver=cloudflare
      - traefik.http.routers.nextcloud.rule=Host(`cloud.domain.tld`)
      - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://domain.tld
      - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' domain.tld *.domain.tld
      - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011
      - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true
      - traefik.http.middlewares.nextcloud.headers.stsPreload=true
      - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
      - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/

So... what do I need to do to get this to work?

wollomatic · November 1, 2021, 2:55pm

Hi @macmattias,

for a good diagnosis the logfile would be helpful.

This is my working configuration:

#(nextcloud docker-compose.yaml)
#[...]
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.entrypoints=web-secure"
      - "traefik.http.routers.nextcloud.rule=Host(`cloud.example.invalid`)"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nextcloud.tls.certresolver=tlschallenge"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-dav,secHeaders@file"
      - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
      - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
#[...]

I use this traefik-configuration: GitHub - wollomatic/traefik2-hardened: hardened rootless traefik2 deployment without mounting the docker socket into the traefik container

But it should also work with this simplified config: https://github.com/wollomatic/simple-traefik

I'd also recommend adding this to nextcloud´s config.php:

  'trusted_proxies' =>
  array (
    0 => 'xxx.xxx.xxx.xxx',
  ),

with xxx.xxx.xxx.xxx replaced with the IP of your traefik container. See Reverse proxy — Nextcloud latest Administration Manual latest documentation

Regards,
Wolfgang

macmattias · November 3, 2021, 6:19pm

Thanks! That made it work!

Topic		Replies	Views
Traefik2 + Nextcloud = tons of errors Traefik v2 docker	1	629	February 11, 2024
Redirect non-existing site Traefik v2 docker	12	1592	October 28, 2021
Middleware does not exist with nextcloud Traefik v2 docker	5	27	October 26, 2024
Getting 404 After Restarting Server Traefik v2 docker , tcp	0	313	March 27, 2021
Specific container app that runs on https Traefik v2 docker , middleware	0	317	March 20, 2021

Nextcloud behind Traefik2 - how?

Related topics