Owncloud behind traefik, need some guidance


shrtrnd

Recommended Posts

Hey so I'm fairly new to the "docker party" and linux in general, so please bare with me when some questions or follow up questions might seem super obvious or stupid :D. 

 

I'm currently running traefik as a reverse proxy on my unraid (6.6.6)
Apps like, sonarr/radarr, nzbget, organizr, all work fine. But that's mostly due to the fact that these are super easy to set up. You only need 4 traefik specific labels and that's it. 

traefik.enable=true

traefik.backend=radarr

traefik.frontend.rule=PathPrefix: /radarr

traefik.port=7878

traefik.frontend.auth.basic.users=username:password

 

So far so good, everything is using ssl and working great. 

But as soon as I have to configure some extra stuff for the containers to work behind a reverse proxy I get lost. I've read dozens of guides regarding owncloud/nextcloud, but I can't get it to work. 

Currently I'm using the dlandon owncloud docker and from my internal network it's working great. I got everything set up, added users and smb shares and everybody can connect fine. But I can't get it to work behind traefik using a subdirectory. It's probably just some traefik labels I need to add to the owncloud container, but I'm simply too much of a newb to know which ones I need. 

My first issue was that the dlandon docker forces https, which traefik doesn't like unless you configure some stuff. So for now I'm just using the traefik.frontend.auth.forward.tls.insecureSkipVerify=true label to work around this. I know it's potentially a security issue, but if I'm not mistaken it only opens up the possibility of a man in the middle attack. Which shouldn't be too much of an issue since both traefik and owncloud are running on the same machine (and besides everything else is going over http). 
So now that I got that working I get a Error 500 message when I try to open mydomain.tld/owncloud. 
The traefik log says "Error calling . Cause: Get : unsupported protocol scheme \"\""
I tried adding some labels I found in a guide (https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/#NextCloud_Your_Own_Cloud_Storage)
- "traefik.frontend.headers.SSLRedirect=true"

- "traefik.frontend.headers.STSSeconds=315360000"

- "traefik.frontend.headers.browserXSSFilter=true"

- "traefik.frontend.headers.contentTypeNosniff=true"

- "traefik.frontend.headers.forceSTSHeader=true"

- "traefik.frontend.headers.SSLHost=mydomain.tld"

- "traefik.frontend.headers.STSPreload=true"

- "traefik.frontend.headers.frameDeny=true"

I just thought I'd try it, maybe I get lucky :D
Sadly I didn't. Still Error 500. 

So now I'm asking for help. Maybe someone knowledgeable in this stuff can give me some pointers or might even know exactly what I need to do. 

Thanks in advance!


Cheers

Edited by shrtrnd
Link to comment

Yes, like I said, traefik is working fine for everything else. 

I just switched to the linuxserver nextcloud but that has the exact same issue. Error 500 unsupported protocol scheme \"\"
I know this has to be some really stupid mistake I'm making :D

What's so strange is, I'm finding so little about this on google. I can't be the only one using nextcloud behind a traefik reverse proxy. And my config is pretty standard. linuxserver/nextcloud and traefik, that's it. 

Here's my toml. 

 

 

 

logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.http.redirect]
  entryPoint = "https"
  [entryPoints.http.whitelist]
  sourceRange = ["192.168.1.0/24"]
  useXForwardedFor = true

  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]

  [entryPoints.https_auth]
  address = ":444"
  [entryPoints.https_auth.auth.basic]
  users = ["user:password"]
  [entryPoints.https_auth.tls]

[api]

# Let's encrypt configuration
[acme]
email = "[email protected]"
storage="/etc/traefik/cert/yoda.json"
entryPoint = "https"
acmeLogging = true
onHostRule = false

[acme.tlsChallenge]

[[acme.domains]]
  main = "mydomain.tld"
  sans = ["mydomain.tld"]


# Connection to docker host system (docker.sock)
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "docker.local"
watch = true
exposedbydefault = false

Edited by shrtrnd
Link to comment

I tried today. This works fine for the nextcloud docker from linuxserver:

Capture_ServerUpdateContainer_-_Google_Chrome_2019-01-19_20-54-10_71743206.thumb.png.1e5d9b4c1d2a3ea646dcba2e6e709fc7.png


The last label (customFrameOptionsValue) is needed, without it, Nextcloud will tell you to set it. :)

 

This is my traefik.toml:

#debug = true

logLevel = "INFO" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC

defaultEntryPoints = ["https", "http"]
InsecureSkipVerify = true
sendAnonymousUsage = false
checkNewVersion = false

[api]
  # Enable more detailed statistics.
  [api.statistics]

    # Number of recent errors logged.
    #
    # Default: 10
    #
    recentErrors = 100

[traefikLog]
  filePath = "/etc/traefik/log/traefik.log"
  
[accessLog]
  filePath = "/etc/traefik/log/access.log"

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
   [entryPoints.https.tls]
   sniStrict = true

[retry]

[file]
directory = "/etc/traefik/rules"
watch = true

[docker]
  endpoint = "unix:///var/run/docker.sock"
  domain = "removed"
  watch = true
  exposedByDefault = false
  network = "br0"
  
[acme]
  email = "removed"
  storage = "/etc/traefik/acme.json"
  entryPoint = "https"
  OnHostRule = true
  acmeLogging = true

  [acme.dnsChallenge]
  provider = "my_provider"

 

Edited by Niklas
Link to comment

Thanks so much for your help, I really appreciate it!
Sadly, that is still a no on nextcloud... :(
In chrome I still get Error 500 and in Firefox, the page is just blank. And the traefik log gives the same error:

Error calling . Cause: Get : unsupported protocol scheme \"\""
 

Did you change anything in the nextcloud config?
I just don't get it. And when I google this problem, so little comes up. 
VjVK6Bg.png

Edited by shrtrnd
Link to comment

No changes to Nextcloud config. I use subdomains for my dockers so I use frontend rule as "Host:subdomain.domain.tld"

How about adding insecureSkipVerify = true to the toml instead of a label?

Log to file and check what traefik is doing?


debug = true

logLevel = "DEBUG"

[traefikLog]
filePath = "/etc/traefik/log/traefik.log"

Edited by Niklas
Link to comment

I just did a full reset on traefik and nextcloud. switch over to subdomains, copied your toml and left nextcloud in it's original config, nothing has changed. I even deleted all appdata folders for nextcloud and traefik before. 
The error log still says "Error calling . Cause: Get : unsupported protocol scheme \"\""
And the access log for traefik says "[20/Jan/2019:18:13:00 +0000] "GET /favicon.ico HTTP/2.0" 500 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0" 47 "Auth for frontend-Host-nextcloud-ruleoftwo-org-0" "/favicon.ico" 0ms"

I'm completely out of ideas now. How is this possible? 

Here is my toml 
https://pastebin.com/Gg4tzLTS

 

Edit: 
Ok here's something weird, in my desperation I removed most of the labels for the nextcloud container you posted and then tried readding them one after the other. 
My first error was an NGINX error that told me I was sending a HTTP request on a HTTP port. Well yeah of course I am. So I added back the traefik.protocol=https part. 
And now I'm greeted with this page
U2NzAUR.png

 

You said you didn't change anything inside the nextcloud config right? So how are you getting past this message without editing the config.php?

Edited by shrtrnd
Link to comment

Yes. I added my domain to config.php under trusted_domains. Forgot about that but you would see that as you do now. ;-)

I also run Nextcloud (and Traefik) on br0 with static internal ip.

 

  'trusted_domains' => 
  array (
    0 => '192.168.1.30',
    1 => 'nextcloud.domain.tld',
  ),

Edited by Niklas
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.