Set up Nextcloud, want to get Lets Encrypt working with Sophos XG Firewall

[jang430]

Hi.  I've got a working Nextcloud docker container.  Since I'm using Sophos XG for home, I am not using pfsense, and I'm not using NginX.  I'd like to use my Sophos firewall's dynamic dns feature to point to my unraid box.  How do I do this?  

 

What I've done so far:

 

I've got a working Nextcloud docker container that works within the house.  My Sophos XG firewall has provided me with fqdns xxxx.myfirewall.co.  This points to my public IP.  I've followed @gridrunner's guide 

so far, but instead of going to duckdns, I'm using my Sophos XG's free ddns service.  So far, I've only got 1 subdomain, xxxx.myfirewall.co.  

 

I've followed online instructions on how to forward http and http traffic to my unraid.  Right now, when you access https://xxxx.myfirewall.co,  I see:

 

Welcome to our server

The website is currently being setup under this address.

For help and support, please contact: [email protected]

 

I think this shows https is working?

 

My logs from letsencrypt shows:

Variables set:
PUID=99
PGID=100
TZ=Asia/Shanghai
URL=myfirewall.co
SUBDOMAINS=xxxx
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
[email protected]
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d xxxx.myfirewall.co
E-mail address entered: [email protected]
http validation is selected
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxx.myfirewall.co
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/xxxx.myfirewall.co/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/xxxx.myfirewall.co/privkey.pem
Your cert will expire on 2018-11-25. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready

 

When accessing http://xxxx.myfirewall.co, I don't get any response.

 

I don't know how to carry on from here.  What I've done so far doesn't seem to point to my Nextcloud docker container so far, since I'm not creating any subdomain for my nextcloud, as I assume sophos doesn't allow something like cloud.xxxx.myfirewall.co, or do they?  Hope someone can chip in.  don't know how to proceed to either use cloud.xxxx.myfirewall.co, or xxxx.myfirewall.co/cloud that will point to my nextcloud.  Hope someone can provide me next steps.

[jang430]

anyone?

[Rollingsound514]

Bump

[Rollingsound514]

I fixed it by being VERY careful of the subdomain set in the proxy confs sample for nextcloud in letsencrypt app data. Then of course removing .sample from the file name. I thought the "nextcloud" he was putting in during tutorial is what we named the cloud server earlier in the tutorial and not the subdomain of our dynamic DNS service 

Edited September 1, 2018 by Rollingsound514