I am trying to run the official nextcloud docker-compose.yml(https://github.com/nextcloud/docker/blob/master/.examples/docker-compose.yml) with the mailcow-dockerized(https://github.com/mailcow/mailcow-dockerized) project on one vps.
It actually works, I can access both applications in the browser(even email sending and receiving works) :), there is only one drawback, as soon as both apps try to access fpm, the vps crashes.
So I was thinking this probably has to do that they both want to access port 9000 of the host.
So the next thing I tried to do, was changing the per host configuration to add fastcgi pass:
.examples/proxy/VIRTUAL_HOST_location
fastcgi_pass nextcloud_fpm:9000;
But I get a blank page with no nginx or fastcgi errors(docker logs proxy -f --since 2).
And docker logs nextcloud_fpm -f --since 2 outputs the following:
172.19.0.7 - 08/Sep/2017:13:07:32 +0000 "- " 200
172.19.0.7 - 08/Sep/2017:13:07:40 +0000 "- " 200
version: '2' services: proxy:
image: jwilder/nginx-proxy
container_name: proxy
ports:
- 80:80
- 443:443
volumes:
- ./proxy/conf.d:/etc/nginx/conf.d
- ./proxy/vhost.d:/etc/nginx/vhost.d
- ./proxy/html:/usr/share/nginx/html
- ./proxy/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy-tier
restart: always
letsencrypt-companion:
image: alastaircoote/docker-letsencrypt-nginx-proxy-companion
container_name: letsencrypt-companion
volumes_from:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./proxy/certs:/etc/nginx/certs:rw
restart: always
web:
image: nginx
container_name: nextcloud_webserver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
links:
- app
- collabora
volumes_from:
- app
environment:
- VIRTUAL_HOST=${DOMAIN}
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
- LETSENCRYPT_HOST=${DOMAIN}
- LETSENCRYPT_EMAIL=
networks:
- proxy-tier
restart: always
app:
image: nextcloud:fpm
container_name: nextcloud_fpm
links:
- db
volumes:
- ./nextcloud/apps:/var/www/html/apps
- ./nextcloud/config:/var/www/html/config
- ./nextcloud/data:/var/www/html/data
networks:
- proxy-tier
restart: always
db:
image: mariadb
container_name: db
volumes:
- ./nextcloud/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=
networks:
- proxy-tier
restart: always
redis:
image: redis
container_name: redis
networks:
- proxy-tier
restart: always
collabora:
image: collabora/code
container_name: collabora
cap_add:
- MKNOD
environment:
- domain=${DOMAIN}
networks:
- proxy-tier
restart: always
networks: proxy-tier:
external:
name: nginx-proxy
Excerpt of the mailcow docker-compose(with the changed part from the original):
php-fpm-mailcow:
image: mailcow/phpfpm:1.0
build: ./data/Dockerfiles/phpfpm
command: "php-fpm -d date.timezone=${TZ}"
depends_on:
- redis-mailcow
volumes:
- ./data/web:/web:ro
- ./data/conf/rspamd/dynmaps:/dynmaps:ro
- dkim-vol-1:/data/dkim
environment:
- DBNAME=${DBNAME}
- DBUSER=${DBUSER}
- DBPASS=${DBPASS}
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
- IMAP_PORT=${IMAP_PORT:-143}
- IMAPS_PORT=${IMAPS_PORT:-993}
- POP_PORT=${POP_PORT:-110}
- POPS_PORT=${POPS_PORT:-995}
- SIEVE_PORT=${SIEVE_PORT:-4190}
- SUBMISSION_PORT=${SUBMISSION_PORT:-587}
- SMTPS_PORT=${SMTPS_PORT:-465}
- SMTP_PORT=${SMTP_PORT:-25}
restart: always
dns:
- 172.22.1.254
dns_search: mailcow-network
networks:
mailcow-network:
aliases:
- phpfpm
nginx-mailcow:
depends_on:
- sogo-mailcow
- php-fpm-mailcow
image: nginx:mainline-alpine
healthcheck:
test: ["CMD", "ping", "php-fpm-mailcow", "-c", "5"]
interval: 5s
timeout: 5s
retries: 10
command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/listen_plain.template > /etc/nginx/conf.d/listen_plain.active &&
envsubst < /etc/nginx/conf.d/templates/listen_ssl.template > /etc/nginx/conf.d/listen_ssl.active &&
envsubst < /etc/nginx/conf.d/templates/server_name.template > /etc/nginx/conf.d/server_name.active &&
nginx -g 'daemon off;'"
environment:
- HTTPS_PORT=${HTTPS_PORT:-443}
- HTTP_PORT=${HTTP_PORT:-80}
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
- VIRTUAL_HOST=${MAILCOW_HOSTNAME}
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=${HTTP_PORT:-80}
- LETSENCRYPT_HOST=${MAILCOW_HOSTNAME}
- LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
volumes:
- ./data/web:/web:ro
- ./data/conf/rspamd/dynmaps:/dynmaps:ro
#- ./data/assets/ssl/:/etc/ssl/mail/:ro
- mailcerts:/etc/ssl/mail/:ro
- ./data/conf/nginx/:/etc/nginx/conf.d/:rw
expose:
- "${HTTP_PORT:-80}"
#ports:
# - "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
# - "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
restart: always
dns:
- 172.622.1.254
dns_search: mailcow-network
networks:
mailcow-network:
ipv4_address: 172.22.1.251
aliases:
- nginx
proxy-tier:
# At the end of the docker-compse:
networks:
mailcow-network:
driver: bridge
enable_ipv6: true
ipam:
driver: default
config:
- subnet: 172.22.1.0/24
- subnet: fd4d:6169:6c63:6f77::/64
proxy-tier:
external:
name: nginx-proxy
volumes:
vmail-vol-1:
mysql-vol-1:
dkim-vol-1:
redis-vol-1:
rspamd-vol-1:
postfix-vol-1:
crypt-vol-1:
mailcerts:
driver_opts:
type: none
device: /opt/nextcloud-docker/.examples/proxy/certs/${MAILCOW_HOSTNAME}
o: bind
So I am seeing now, they have their individual nginx files. The part for nextcloud(also available on github repo, but I cannot post more than 2 links, thanks sf!):
user www-data;
events {
worker_connections 768;
}
http {
upstream backend {
server app:9000;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
client_max_body_size 10G; # 0=unlimited - set max upload size
fastcgi_buffers 64 4K;
gzip off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location / {
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass backend;
fastcgi_intercept_errors on;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
# collabora static files
location ^~ /loleaflet {
proxy_pass https://collabora:9980;
proxy_set_header Host $http_host;
}
# collabora WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://collabora:9980;
proxy_set_header Host $http_host;
}
# collabora websockets, download, presentation and image upload
location ^~ /lool {
proxy_pass https://collabora:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
}
That means, I already wrongly took the containername for the fastcgi pass, instead of the app container from the docker-compose :(.
But that results in *4 connect() failed (111: Connection refused) while connecting to upstream, client:
The part for mailcow(also available in github repo):
server {
listen 8081;
listen [::]:8081;
index index.php index.html;
server_name _;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /dynmaps;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
I am unsure now, what makes my server crash. What I do know is docker ps | grep 9000 outputs this:
4c04c978c4d5 nextcloud:fpm "/entrypoint.sh ph..." 8 minutes ago Up 7 minutes 9000/tcp nextcloud_fpm
9ff7a19d0253 mailcow/phpfpm:1.0 "/docker-entrypoin..." 2 days ago Up 2 days 9000/tcp mailcowdockerized_php-fpm-mailcow_1
And I still think, that makes it crash.
nmap -p 9000 cloud.mydomain.com outputs this:
Starting Nmap 7.01 at 2017-09-09 09:14 CEST
Nmap scan report for cloud.mydomain.com (ip)
Host is up (0.029s latency).
rDNS record for ip: mail.mydomain.com
PORT STATE SERVICE
9000/tcp closed cslistener
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
I don't understand, what that means, using nmap for the first time.
