shrtrnd Posted January 18, 2019 Share Posted January 18, 2019 (edited) Hey so I'm fairly new to the "docker party" and linux in general, so please bare with me when some questions or follow up questions might seem super obvious or stupid :D. I'm currently running traefik as a reverse proxy on my unraid (6.6.6) Apps like, sonarr/radarr, nzbget, organizr, all work fine. But that's mostly due to the fact that these are super easy to set up. You only need 4 traefik specific labels and that's it. traefik.enable=true traefik.backend=radarr traefik.frontend.rule=PathPrefix: /radarr traefik.port=7878 traefik.frontend.auth.basic.users=username:password So far so good, everything is using ssl and working great. But as soon as I have to configure some extra stuff for the containers to work behind a reverse proxy I get lost. I've read dozens of guides regarding owncloud/nextcloud, but I can't get it to work. Currently I'm using the dlandon owncloud docker and from my internal network it's working great. I got everything set up, added users and smb shares and everybody can connect fine. But I can't get it to work behind traefik using a subdirectory. It's probably just some traefik labels I need to add to the owncloud container, but I'm simply too much of a newb to know which ones I need. My first issue was that the dlandon docker forces https, which traefik doesn't like unless you configure some stuff. So for now I'm just using the traefik.frontend.auth.forward.tls.insecureSkipVerify=true label to work around this. I know it's potentially a security issue, but if I'm not mistaken it only opens up the possibility of a man in the middle attack. Which shouldn't be too much of an issue since both traefik and owncloud are running on the same machine (and besides everything else is going over http). So now that I got that working I get a Error 500 message when I try to open mydomain.tld/owncloud. The traefik log says "Error calling . Cause: Get : unsupported protocol scheme \"\"" I tried adding some labels I found in a guide (https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/#NextCloud_Your_Own_Cloud_Storage) - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=mydomain.tld" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" I just thought I'd try it, maybe I get lucky Sadly I didn't. Still Error 500. So now I'm asking for help. Maybe someone knowledgeable in this stuff can give me some pointers or might even know exactly what I need to do. Thanks in advance! Cheers Edited January 18, 2019 by shrtrnd Quote Link to comment
Niklas Posted January 19, 2019 Share Posted January 19, 2019 Do you have any traefik.toml? Quote Link to comment
shrtrnd Posted January 19, 2019 Author Share Posted January 19, 2019 (edited) Yes, like I said, traefik is working fine for everything else. I just switched to the linuxserver nextcloud but that has the exact same issue. Error 500 unsupported protocol scheme \"\" I know this has to be some really stupid mistake I'm making What's so strange is, I'm finding so little about this on google. I can't be the only one using nextcloud behind a traefik reverse proxy. And my config is pretty standard. linuxserver/nextcloud and traefik, that's it. Here's my toml. logLevel = "DEBUG" defaultEntryPoints = ["http", "https"] [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.http.whitelist] sourceRange = ["192.168.1.0/24"] useXForwardedFor = true [entryPoints.https] address = ":443" [entryPoints.https.tls] [entryPoints.https_auth] address = ":444" [entryPoints.https_auth.auth.basic] users = ["user:password"] [entryPoints.https_auth.tls] [api] # Let's encrypt configuration [acme] email = "[email protected]" storage="/etc/traefik/cert/yoda.json" entryPoint = "https" acmeLogging = true onHostRule = false [acme.tlsChallenge] [[acme.domains]] main = "mydomain.tld" sans = ["mydomain.tld"] # Connection to docker host system (docker.sock) [docker] endpoint = "unix:///var/run/docker.sock" domain = "docker.local" watch = true exposedbydefault = false Edited January 19, 2019 by shrtrnd Quote Link to comment
Niklas Posted January 19, 2019 Share Posted January 19, 2019 (edited) I tried today. This works fine for the nextcloud docker from linuxserver: The last label (customFrameOptionsValue) is needed, without it, Nextcloud will tell you to set it. This is my traefik.toml: #debug = true logLevel = "INFO" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC defaultEntryPoints = ["https", "http"] InsecureSkipVerify = true sendAnonymousUsage = false checkNewVersion = false [api] # Enable more detailed statistics. [api.statistics] # Number of recent errors logged. # # Default: 10 # recentErrors = 100 [traefikLog] filePath = "/etc/traefik/log/traefik.log" [accessLog] filePath = "/etc/traefik/log/access.log" [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] sniStrict = true [retry] [file] directory = "/etc/traefik/rules" watch = true [docker] endpoint = "unix:///var/run/docker.sock" domain = "removed" watch = true exposedByDefault = false network = "br0" [acme] email = "removed" storage = "/etc/traefik/acme.json" entryPoint = "https" OnHostRule = true acmeLogging = true [acme.dnsChallenge] provider = "my_provider" Edited January 19, 2019 by Niklas Quote Link to comment
shrtrnd Posted January 20, 2019 Author Share Posted January 20, 2019 (edited) Thanks so much for your help, I really appreciate it! Sadly, that is still a no on nextcloud... In chrome I still get Error 500 and in Firefox, the page is just blank. And the traefik log gives the same error: Error calling . Cause: Get : unsupported protocol scheme \"\"" Did you change anything in the nextcloud config? I just don't get it. And when I google this problem, so little comes up. Edited January 20, 2019 by shrtrnd Quote Link to comment
Niklas Posted January 20, 2019 Share Posted January 20, 2019 (edited) No changes to Nextcloud config. I use subdomains for my dockers so I use frontend rule as "Host:subdomain.domain.tld" How about adding insecureSkipVerify = true to the toml instead of a label? Log to file and check what traefik is doing? debug = true logLevel = "DEBUG" [traefikLog] filePath = "/etc/traefik/log/traefik.log" Edited January 20, 2019 by Niklas Quote Link to comment
shrtrnd Posted January 20, 2019 Author Share Posted January 20, 2019 (edited) I just did a full reset on traefik and nextcloud. switch over to subdomains, copied your toml and left nextcloud in it's original config, nothing has changed. I even deleted all appdata folders for nextcloud and traefik before. The error log still says "Error calling . Cause: Get : unsupported protocol scheme \"\"" And the access log for traefik says "[20/Jan/2019:18:13:00 +0000] "GET /favicon.ico HTTP/2.0" 500 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0" 47 "Auth for frontend-Host-nextcloud-ruleoftwo-org-0" "/favicon.ico" 0ms" I'm completely out of ideas now. How is this possible? Here is my toml https://pastebin.com/Gg4tzLTS Edit: Ok here's something weird, in my desperation I removed most of the labels for the nextcloud container you posted and then tried readding them one after the other. My first error was an NGINX error that told me I was sending a HTTP request on a HTTP port. Well yeah of course I am. So I added back the traefik.protocol=https part. And now I'm greeted with this page You said you didn't change anything inside the nextcloud config right? So how are you getting past this message without editing the config.php? Edited January 20, 2019 by shrtrnd Quote Link to comment
Niklas Posted January 20, 2019 Share Posted January 20, 2019 (edited) Yes. I added my domain to config.php under trusted_domains. Forgot about that but you would see that as you do now. I also run Nextcloud (and Traefik) on br0 with static internal ip. 'trusted_domains' => array ( 0 => '192.168.1.30', 1 => 'nextcloud.domain.tld', ), Edited January 20, 2019 by Niklas Quote Link to comment
shrtrnd Posted January 20, 2019 Author Share Posted January 20, 2019 Yeah my only suspicion is that the traefik.frontend.auth.forward.tls.insecureSkipVerify somehow broke it for me, not exactly sure why or how, but without it, it's working now, even though before it didn't... really strange. Anyway, thanks a lot for your help! 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.