Traefik V3 - Nextcloud AIO

Traefik Traefik v3 (latest)
,
1

Hello everyone, referring to this documentation https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md, can you see where the error in my configuration is coming from? When trying to connect, I get a 'Bad Gateway' error.

Nextcloud AIO docker-compose

services:
  nextcloud-aio-mastercontainer:
    image: ghcr.io/nextcloud-releases/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config 
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - frontend
    environment:
      APACHE_PORT: 11000 <- I tried with it on and off
      APACHE_IP_BINDING: 127.0.0.1 <- I tried with it on and off
      APACHE_ADDITIONAL_NETWORK: frontend
      SKIP_DOMAIN_VALIDATION: true
volumes: 
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer
networks:
  frontend:
    external: true

Traefik docker-compose

---
services:
  traefik:
    image: docker.io/library/traefik:v3.3.4
    container_name: traefik
    command:
      - "--api.dashboard=true"
      - "--api.insecure=false"
      - "--providers.docker=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
    ports:
      - 80:80
      - 443:443
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.local`)"
      - "traefik.http.routers.traefik-dashboard.service=api@internal"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro       
      - ./config/:/etc/traefik/:ro
      - ./certs/:/var/traefik/certs/:rw
    environment:
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
    networks:
      - frontend
      - backend

  whoami:
    image: "traefik/whoami"
    container_name: "whoami"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.local`)"
      - "traefik.http.routers.whoami.entrypoints=web"
    networks:
      - frontend
      - backend
      
networks:
  frontend:
    external: true
  backend:
    external: true

Nextcloud.yaml

http:
  routers:
    nextcloud:
      rule: "Host(`example.com`)"
      entrypoints:
        - "websecure"
      service: nextcloud
      middlewares:
        - nextcloud-chain
      tls:
        certresolver: "cloudflare"

  services:
    nextcloud:
      loadBalancer:
        servers:
          - url: "http://localhost:11000"

  middlewares:
    nextcloud-secure-headers:
      headers:
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        referrerPolicy: "same-origin"

    https-redirect:
      redirectscheme:
        scheme: https 

    nextcloud-chain:
      chain:
        middlewares:
          # - ... (e.g. rate limiting middleware)
          - https-redirect
          - nextcloud-secure-headers

Traefik.yaml

global:
  checkNewVersion: false
  sendAnonymousUsage: false
log:
  level: DEBUG
api:
  dashboard: true
  insecure: true
entrypoints:
  web: 
    address: :80
  websecure:
    address: :443
certificatesResolvers:
  cloudflare:
    acme:
      email: email@adress.com  # <-- Change this to your email
      storage: /opt/docker/traefik/certsls/cloudflare-acme.json
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      dnsChallenge:
        provider: cloudflare  # <-- (Optional) Change this to your DNS provider
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"

  file:
    directory: /etc/traefik/ # Adjust the path according your needs.
    watch: true
2

You can’t have Traefik static config in traefik.yml and command:, decide for one (doc).

When using multiple Docker networks, set docker.network (doc).

Check simple Traefik example and dnsChallenge example.

Note that you usually can’t use localhost within a container for a target, as that is only localhost within the container, not on host.