Ok, I tinkered a bit with the configuration today. This is what it looks like now:
docker-compose.yaml
services:
traefik:
image: traefik:v2.0.4
container_name: traefik
ports:
- "80:80"
- "443:443"
- "8080:8080"
environment:
- TZ=Europe/Berlin
- EXEC_PATH=/etc/traefik/domain_dns
- DOMAIN_TOKEN=d42d9cd98f00b204e9345998ecf8427e
- DOMAIN_NAME=mydomain.example.com
volumes:
- ./traefik.yml:/etc/traefik/traefik.yml
- ./dynamic_conf.yml:/etc/traefik/dynamic_conf.yml
- ./acme.json:/acme.json
- ./domain_dns:/etc/traefik/domain_dns
nextcloud:
image: nextcloud:stable-apache
volumes:
- "./nc/data:/var/www/html/data"
- "./nc/custom_apps:/var/www/html/custom_apps"
- "./nc/config:/var/www/html/config"
environment:
- MYSQL_HOST=db
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=somepassword
ports:
- "8084:80"
db:
image: linuxserver/mariadb:arm32v7-110.4.10mariabionic-ls42
restart: always
volumes:
- "./db:/config"
env_file:
- "db.env"
adminer:
image: adminer:4.7.4-standalone
restart: always
ports:
- "8085:8080"
traefik.yml
level: DEBUG
serversTransport:
insecureSkipVerify: true
entryPoints:
web:
address: ":80"
web-secure:
address: ":443"
api:
insecure: true
dashboard: true
providers:
file:
filename: "/etc/traefik/dynamic_conf.yml"
watch: true
certificatesResolvers:
sample:
acme:
email: admin@mydomain.example.com
storage: acme.json
dnsChallenge:
provider: exec
delayBeforeCheck: 0
dynamic_conf.yml
http:
routers:
router0:
entyPoints:
- web
service: nextcloud
rule: "Host(`raspberrypi.mydomain.example.com`) && PathPrefix(`/nc`)"
middlewares:
- redirect
router1:
entyPoints:
- web-secure
service: nextcloud
rule: "Host(`raspberrypi.mydomain.example.com`) && PathPrefix(`/nc`)"
middlewares:
- removeServiceSelector
- ncHeader
tls:
certResolver: sample
router2:
entyPoints:
- web
service: adminer
rule: "Host(`raspberrypi.mydomain.example.com`) && PathPrefix(`/ad`)"
middlewares:
- redirect
router3:
entyPoints:
- web-secure
service: adminer
rule: "Host(`raspberrypi.mydomain.example.com`) && PathPrefix(`/ad`)"
middlewares:
- removeServiceSelector
tls:
certResolver: sample
services:
nextcloud:
loadBalancer:
servers:
- url: "http://raspberrypi.mydomain.example.com:8084/"
adminer:
loadBalancer:
servers:
- url: "http://raspberrypi.mydomain.example.com:8085/"
middlewares:
ncHeader:
headers:
customResponseHeaders:
stsPreload: true
stsSeconds: 15552000
removeServiceSelector:
stripPrefix:
prefixes:
- "/nc"
- "/ad"
forceSlash: false
redirect:
redirectScheme:
scheme: https
With this configuration when called http://raspberrypi.mydomain.example.com/ad I get the adminer webinterface with a valid letsencrypt cert and everything works fine.
But when I try the nextcloud subdomain http://raspberrypi.mydomain.example.com/nc I get an ERR_SSL_PROTOCOL_ERROR. At the same time also saying it is a secure connection with a valid letsencrypt certificate.
I got this far by modifying the apache webserver config of the nextcloud container, now looking like this:
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'instanceid' => 'asdfasdfadsf',
'passwordsalt' => 'asdfasdfasdfasdfasdfasdfasdfas',
'secret' => 'asdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdf',
'trusted_domains' =>
array (
0 => '192.168.178.20:8084',
1 => 'raspberrypi.mydomain.example.com',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '16.0.5.1',
'overwrite.cli.url' => 'https://raspberrypi.mydomain.example.com:8084/',
'dbname' => 'nextcloud',
'dbhost' => 'db',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud',
'dbpassword' => 'asdfasdfasdf',
'installed' => true,
'maintenance' => false,
'theme' => '',
'loglevel' => 0,
'mysql.utf8mb4' => true,
'trusted_proxies' => ['traefik'],
'overwritehost' => 'raspberrypi.mydomain.example.com:8084',
'overwriteprotocol' => 'https',
);
but now I am stuck...
regards Stephan