Really struggling: trying to set up non-docker on same device as Traefik, to go through Traefik

Hello there - brand new here...
I also am way past what is my 'comfort zone'.
I am practically a total noob brute-forcing my way through to getting things to work.

What I am trying to set up is:
Already, docker-things seem to work fine.
But I installed Nextcloud as a Snap in Ubuntu, and I'm trying to route that through Traefik with the file-provider function...
I spent a week trying to read up on things (from understanding nothing), and now 3 days or so trying to set it up.

I was wondering if someone would mind to write a super basic template for how to get my 'scenario' working. (nothing else, no certificate or anything - that I'll yet try to learn soon)

-That isn't to assume upon the generosity of others or 'expect' that I just be handed things of course.
I meant to add that indeed I would understand if nobody would feel like 'assisting', since I'm gonna be pretty useless in understanding help - being pretty new to all this - I was just thinking if it was easy to write the most basic parts of the necessary 'code' to make that scenario work - so I can understand what I do wrong and ultimately get it to work of course.

I put Nextcloud to run on ports 81 and 444 for http and https respectively (since Traefik binds to ports 80 and 443 of course) - so what would I want to do in Traefik for it to hook into that and put either a subdomain or subdirectory on it - and deliver that from 80 and 443 to WAN clients?

Note also: that is all running on the same server, hence I can't have nextcloud listening on the same IP on 80 and 443


--- and that is about it for my main matter really... If however you want to read more (not recommended xD ) read on ahead. (I am not very concise in general, so I thought splitting up my novel into "point" and "rant" might be better)

I feel quite anxious having to write and bother others with this, but I thought at first it wouldn't be so hard for me to get up and running... I first started with Nginx, and found a guide online that made it seem... well... not easy per se, but it was easy to follow at least. But there were some thigns that didn't work - so I eventually went with Traefik which sounded simpler to run containerized things through.

I am not keen on posting my docker-compose and 'rules/nextcloud.toml' things here, since I figure it would be more effort to 'fix' my mess rather than just start over.

I've been fiddling so much with this my head is spinning, and I think I'm going delirious: suddenly I think I'm getting good ideas, and I realize shortly after it won't work either. and for a moment I came to the conclusion that...
Is my attempted setup impossible as-is?
Docker, Traefik and my Snap-Nextcloud all run on the same server.
naturally, again, I had to change Nextcloud's ports to not break Traefik's bind to 80 and 443.
But does Traefik have to bind itself to 81 and 444 as well, to be able to 'listen' on those?

I mean - would Nextcloud have to be on a separate server, runnning on 80 and 443, and then it would work? and it doesn't work, currently, because Traefik can't listen on 81 and 444 because, well, Nextcloud bound them?

Even as I'm writing this, I am pondering if I could circumvent that "issue" with runnnig Nextcloud only on a virtual network on the same server, to have it run on ports 80 and 443, but only on the virtual network. - but even then, it just doesn't work. I always get an 404 error.

At one point near the beginning, I thought I got the whole thing to work...
"http:// LANserverip:80/cloud" would forward me to suddenly be connected to
"https:// LANserverip:444/cloud" - actually sort of working.

However... I was under the impression I could 'hide' the fact that Nextcloud is listening on 81 and 444 if using subdomains or subdirectories through Traefik?... I think, similar to the idea of a DNS SRV-thing. (I think it was called that)

(Sorry my terminology is horrible)

Yes I am waaay over what I know to do... I have a basic course in networking that I can easily setup people's networks. I am hosting servers such as OpenVPN, Minecraft, XMPP, email, SIP (for myself and friends/family)... and they all work fine WAN-side (not to say that it 'shows' I am good... but at least I know some things - but reverse proxying has me utterly stumped, obviously).

I should maybe mention too that, all of that I already set up, and what I am trying to set up now - is all really just for fun. I don't need any of it in the least - but I enjoyed setting all that up so far, and the idea of a reverse proxy intrigued me a good bit.


For fun, I tried to change my nextcloud.toml file to instead 'forward' google.com through Traefik, but I still get a 404 error... so I figure I have something else fundamentally wrong in my setup, or I am completely misunderstanding how the functions work (I found many guides writing from start to end "what to do" but not explaining stuff like "look at this line: - --entryPoints.https.address=:443: here entryPoint is a command telling Traefik to 'look out' for stuff that come next - "https" is a variable and could be named potatoes instead..."
... but since none of them talk about exactly what I wanted to do, I had to sort figure out myself what the different functions do... and I'm too nooby to understand docs.traefik.io wording... though I thought I understood at least a bit, until none of my attempts at setting it up worked out : P

Anyway... I probably wrote quite enough.
Sorry in advance for my mess of a wall of text
Also sorry if my post break some community guidelines: I was just really eager to ask someone who knows about Traefik, because despite my best efforts and having a hundred Eureka! moments - my setup still never worked.

Naturally feel free to ask questions, but don't expect that I can even answer everything since my setup for Traefik has become quite Frankensteiny (like my domain names now seem to still forward :443/cloud to :444/cloud, even when Traefik isn't running, leaving me even more confused).

Oh and finally, here is my toml:

 http:
   routers:
     nextcloud-router:
       entryPoints:
         - https
         - http
         - nextcloud81
         - nextcloud444
       service: nextcloud-service
       rule: "host(`foobar.duckdns.org`)"
       priority: 1000
   services:
     nextcloud-service:
       loadBalancer:
         servers:
           - url: "https:// LANserverip:444" 
           - url: "http:// LANserverip:81" 
   middlewares:
     subdirectory:
       addPrefix:
         prefix: "/cloud"
         permanent: true

for the docker-compose file, everything is pretty much like how it starts out here*, with the addition of it listening to port 443 as well: * https:// docs.traefik .io/getting-started/quick-start/

I also defined:

      - --entryPoints.nextcloud444.address=:444
      - --entryPoints.nextcloud81.address=:81

I tried to open and close ports - pointing nextcloud to 127 .0.0.1:444 instead of LANserverip, and of course adjusting the toml file accordingly - but nothing even gave the hint of 'oooh, it's almost working' (though I guess that's rarely the case in IT/networking facepalm)

(using mostly duckdns.org for this, but also freedns.afraid.org) (duckdns support dynamic/wildcard subdomains for free, while freedns does not. but both should work fine with subdirectories at least)

(as an extra thing... since Nextcloud also has some guidelines for how to configure it when putting it behind a reverse proxy, I instead also tried to reverse proxy my minecraft server in the same fashion, but it works just as well D: (Since I thought too, that maybe I am just adjusting nextcloud incorrectly) )

((Edit: I put some spaces in some of the 'links' since it wouldn't let me post here otherwise))

Please try following link's nextcloud and pi-hole sections, if you didn't already.

ultimate Guide

Ah thanks - I did already look at that one in particular quite a bit - but I will continue to 'study' it further.
I was thinking after I wrote, and now with the link you sent as well, that maybe part of my issue is relating to 'certificates' even 'internally' between services and Traefik, like the article also points out in regards to Nextcloud, some additional work there is necessary.

Though I do wonder too then why I couldn't get minecraft to work, since I suppose it isn't using any certificate, or... well... I mean I don't even know to be honest.

Regardless though: I will try to take more time to read over that article... I originally skipped over some parts especially about 'securing' things since stuff like cloudflare, I can't seem to use with my setup of freedns and duckdns (or I'm very likely just not bright enough to figure out how) and I don't quite understand Let's Encrypt either ((On its own Nextcloud got a certificate, but now trying to put it through Traefik - that isn't compatible anymore, or atl east I'm not sure how to 'import it')) And I originally skipped the Nextcloud part in the article since I think it refers to Nextcloud in Docker? and needing to use labels? which I think you can only apply to anything in a container? : o

Anyway sorry for my derailment: point is just, will take more time to read over the article again - and thank you! : )

Hi,
Just for curiousity. Why don't you prefer to use nextcloud official docker image?
I`m same situation for Freedombox. My freedombox image runs on a separate server on same LAN. The mean problem is secure negotiating between traefik and non-dockerized server. At this point may be nginx better handles this problem. [Nginx-in-the-middle]?

It's true, I have been considering that too...
I do have Nextcloud already set up as I want otherwise, but it's not a whole lot of work - it definitely would have been faster to start over with the Docker image.

I came across Nextcloud years ago, and only just installed it very recently as a snap.
But yeah, it's only been 2 weeks now since I came across even what a reverse proxy is, and I just thought all that you could do with one sounded really neat... not really even necessary for my setup at this time, but intriguing none the less

I was also considering after a few more adjustments (just to see if I'll finally get it), to try and read up on Nginx and see if that makes more sense to me finally (after learning some things in Traefik, maybe now I'll have an easier time to understand Nginx stuff as well)

If I do actually manage to get it to work as-is; I might still reinstall it via Docker eventually anyway just for simplicity's sake; but I was eager to learn how to do it with my current setup. Though my eagerness is slowly dwindling, because I felt sure that after learning some 'syntax' in Traefik, I'd be able to get it to work relatively easy - but nope D:
That isn't to say anything negative of Traefik - I am aware that it's me who is doing something wrong; maybe I'm misunderstanding the function of some commands, and expecting the wrong result.


Anyway sorry I always derail.
I can't say much in regards to what I will 'actually' do - my setup sort of works as-is, but well; I like to (try) and learn things, and this happened to pique my interest. I sat almost literally 3 days non-stop trying to read up on things and trying to get it to work, changing every little thing that "Ooh, maybe this is why it's not working".

TLDR: Really though I don't have a reason to not just use Nextcloud Docker image, I'm just unreasonably stubborn (but not smart enough to pull through xD )

So - it seems like things actually work... but not quite how I wanted.
Indeed Traefik is forwarding me to Nextcloud

However... rather than 'wrap' Nextcloud into my subdomain or subdirectory, it just spits me out at port 444 where I put Nextcloud, leaving me directly connected to Nextcloud, rather than through Traefik on port 443... (therefore also requiring I port forward port 444, which I don't want to have to do)

Am I misunderstanding how things ought to work, or is that what it does when using file-provider?
Or am I missing an obvious addition to my setup to 'wrap' Nextcloud in Traefik?

Sorry to spam my own thread.

But just to update - at the moment I am just about to set up Nextcloud in Docker instead finally.
There are a couple of issues with Snap-Nextcloud, such as I can't bind it to only work on 127.0.0.1 (https://github.com/nextcloud/nextcloud-snap/issues/331) - it ties it's defined ports on all available networks - and the way you 'navigate' Nextcloud as a regular user on its in-built site, is not gonna work very well between how Nextcloud makes 'links' on its own site, and with what Traefik is expecting to 'hear' as requests, (Nextcloud would have to 'call' itself as it appears through Traefik, but it makes it unable to find its own files most of the time... not entirely sure why, but regardless...) meaning you'd fall outside of Traefik as soon as you click anything on the inbuilt nextcloud-site.

Maybe there is something to do with Nginx, but sort of starting to understand the 'logic' of things, and the particular case of Nextcloud Snap not being possible to lock to just 1 interface - I don't think there would be anything to do regardless.

So if anyone would happen across this thread via google/bing/duckduckgo/yahoo/yandex/baidu-whatever, well - maybe it will be of some help at least to know not to waste time on trying to set up this particular scenario. (for me it wasn't a complete waste of time though, I learned a good bit about how it all works, and of course about Traefik in general)

Just to reiterate, a part of what kills this setup, is that Nextcloud-snap is running on the same device as Traefik... If now Nextcloud was running on a separate device on your LAN, then, from what I understand, that should be perfectly doable.
(mind you... maybe you can do some clever managing of iptables, to prevent nextcloud from having access to anything else - but for me - that becomes too much work to maintain and remember years down the line that you had set up like that)

Oooor, maybe the github issues I linked, will be looked after at some point...
Of course maybe I'm all off, and it's related to something else

In any case: if anyone understands fully the scenario I'm painting - feel free to correct where I'm wrong of course.

So - to Nextcloud-Docker I shall go!