Nextcloud in docker behind traefik on unraid

Question

I'm running traefik as a reverse proxy on my unraid (6.6.6) Apps like, sonarr/radarr, nzbget, organizr, all work fine. But that's mostly due to the fact that these are super easy to set up. You only need 4 traefik specific labels and that's it.

traefik.enable=true

traefik.backend=radarr

traefik.frontend.rule=PathPrefix: /radarr

traefik.port=7878

traefik.frontend.auth.basic.users=username:password

So far so good, everything is using ssl and working great.

But as soon as I have to configure some extra stuff for the containers to work behind a reverse proxy I get lost. I've read dozens of guides regarding nextcloud, but I can't get it to work. Currently I'm using the linuxserver/nextcloud docker and from my internal network it's working great. I got everything set up, added users and smb shares and everybody can connect fine. But I can't get it to work behind traefik using a subdirectory. It's probably just some traefik labels I need to add to the nextcloud container, but I'm simply too much of a newb to know which ones I need.

My first issue was that nextcloud forces https, which traefik doesn't like unless you configure some stuff. So for now I'm just using the traefik.frontend.auth.forward.tls.insecureSkipVerify=true label to work around this. I know it's potentially a security issue, but if I'm not mistaken it only opens up the possibility of a man in the middle attack. Which shouldn't be too much of an issue since both traefik and nextcloud are running on the same machine (and besides everything else is going over http).

So now that I got that working I get a Error 500 message when I try to open mydomain.tld/nextcloud. The traefik log says "Error calling . Cause: Get : unsupported protocol scheme \"\"" I tried adding some labels I found in a guide (https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/#NextCloud_Your_Own_Cloud_Storage)

"traefik.frontend.headers.SSLRedirect=true"
"traefik.frontend.headers.STSSeconds=315360000"
"traefik.frontend.headers.browserXSSFilter=true"
"traefik.frontend.headers.contentTypeNosniff=true"
"traefik.frontend.headers.forceSTSHeader=true"
"traefik.frontend.headers.SSLHost=mydomain.tld"
"traefik.frontend.headers.STSPreload=true"
"traefik.frontend.headers.frameDeny=true"

I just thought I'd try it, maybe I get lucky. Sadly I didn't. Still Error 500.

You don't happen to have a public facing repository of your setup to get traefik working with UnRaid do you? — Otis Wright, Aug 20 '19 at 20:07

score 1 · Answer 1 · answered Feb 05 '19 at 17:46

In your traefik logs enable using:

loglevel = "DEBUG"

More info here:https://docs.traefik.io/configuration/logs/

After doing this I realized that my docker label was not correctly applying the InsecureSkipVerify = true line in my config. The error I was able to see in the logs was:

500 Internal Server Error' caused by: x509: cannot validate certificate for 172.17.0.x because it doesn't contain any IP SANs"

To work around this I had to add InsecureSkipVerify = true directly to the traefik.toml file for this to work correctly.

Nextcloud in docker behind traefik on unraid

1 Answers1