After pulling the latest Nextcloud image I got some warnings about missing indices, missing primary keys and about converting some column types to big int. The warnings could easily be fixed by running the suggested occ comands. Append “-no-interaction” to suppress the confirmation question (see docs).
After 10 minutes my Nextcloud was still in maintenance mode, so I checked the logs.
$ docker logs nextcloud-app_1
Initializing nextcloud 20.0.1.1 ...
Upgrading nextcloud from 19.0.1.1 ...
Initializing finished
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Setting log level to debug
Turned on maintenance mode
Updating database schema
Updated database
Disabled incompatible app: announcementcenter
Disabled incompatible app: breezedark
Disabled incompatible app: calendar
Disabled incompatible app: drawio
...
...
...
Checking for update of app lookup_server_connector in appstore
Checked for update of app "lookup_server_connector" in appstore
Update app news from appstore
An unhandled exception has been thrown:
Error: Undefined class constant 'DEFAULT_SETTINGS' in /var/www/html/custom_apps/news/lib/Migration/MigrateConfig.php:49
Stack trace:
#0 [internal function]: OCA\News\Migration\MigrateConfig->__construct(Object(OCA\News\Config\LegacyConfig), Object(OC\AllConfig), Object(OCA\News\AppInfo\Application))
#1 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(101): ReflectionClass->newInstanceArgs(Array)
#2 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(109): OC\AppFramework\Utility\SimpleContainer->buildClass(Object(ReflectionClass))
#3 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(126): OC\AppFramework\Utility\SimpleContainer->resolve('OCA\\News\\Migrat...')
#4 /var/www/html/lib/private/AppFramework/DependencyInjection/DIContainer.php(455): OC\AppFramework\Utility\SimpleContainer->query('OCA\\News\\Migrat...')
#5 /var/www/html/lib/private/ServerContainer.php(140): OC\AppFramework\DependencyInjection\DIContainer->queryNoFallback('OCA\\News\\Migrat...')
#6 /var/www/html/lib/private/Repair.php(119): OC\ServerContainer->query('OCA\\News\\Migrat...')
#7 /var/www/html/lib/private/legacy/OC_App.php(1035): OC\Repair->addStep('OCA\\News\\Migrat...')
#8 /var/www/html/lib/private/legacy/OC_App.php(979): OC_App::executeRepairSteps('news', Array)
#9 /var/www/html/lib/private/Installer.php(206): OC_App::updateApp('news')
#10 /var/www/html/lib/private/Updater.php(452): OC\Installer->updateAppstoreApp('news')
#11 /var/www/html/lib/private/Updater.php(260): OC\Updater->upgradeAppStoreApps(Array)
#12 /var/www/html/lib/private/Updater.php(130): OC\Updater->doUpgrade('20.0.1.1', '19.0.1.1')
#13 /var/www/html/core/Command/Upgrade.php(255): OC\Updater->upgrade()
#14 /var/www/html/3rdparty/symfony/console/Command/Command.php(255): OC\Core\Command\Upgrade->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#15 /var/www/html/3rdparty/symfony/console/Application.php(1000): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#16 /var/www/html/3rdparty/symfony/console/Application.php(271): Symfony\Component\Console\Application->doRunCommand(Object(OC\Core\Command\Upgrade), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#17 /var/www/html/3rdparty/symfony/console/Application.php(147): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#18 /var/www/html/lib/private/Console/Application.php(215): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#19 /var/www/html/console.php(100): OC\Console\Application->run()
#20 /var/www/html/occ(11): require_once('/var/www/html/c...')
#21 {main} 0/0 [->--------------------------] 0%Configuring Redis as session handler
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.1X.X.XX. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.1X.X.XX. Set the 'ServerName' directive globally to suppress this message
Seems like the news app updating process threw an exception. After searching for a minute I found this thread, where someone got the same error and just manually disabled the maintenace mode. So I did the same:
$ docker exec --user www-data nextcloud-app_1 php /var/www/html/occ maintenance:mode --off
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Maintenance mode disabled
Went back to the WebGui, logged in and he asked me to update the news app. Now the update finished without problems.
Heute habe ich den Blog von einem DigitalOcean Droplet auf einen V-Root Server bei Strato umgezogen. Da der V-Root etwas mehr Power hat, werde ich einige Dienste, die ich bereits privat auf meinen Proxmox Servern hoste, auch auf den Strato Server umziehen. Bisher habe ich meine Anwendungen überwiegend in LXC’s (Linux Containern) oder auch VM’s installiert. In Kombination mit ZFS als Dateisystem (mit der großartigen Snapshot Fähigkeit) bin ich damit die letzten 4 Jahre ohne Probleme gefahren. Bei einem V-Root ist diese Möglichkeit nun nicht mehr gegeben. Daher habe ich die Chance genutzt, tiefer in das Thema Docker einzusteigen. Bisher habe ich nur vereinzelt Docker Container genutzt und die wenigen jeweils auch nochmal in einem LXC (vereinfachte mir das Snapshot handling). Nun also mal der Versuch, komplett auf Docker umzusteigen.
Der WordPress Blog ist als erstes in einen Docker Container umgezogen. Danach habe ich noch Nextcloud (plus OnlyOffice & Collabora) und Bitwarden aufgesetzt. Hier werde ich jedoch noch ein paar Tage testen, bevor ich mit all meinen Daten rüber migriere. Da man immer wieder von Traefik als Reverse Proxy in Kombination mit Docker liest, habe ich diesen probiert, jedoch nach mehreren Stunden etwas gefrustet wieder sein lassen. Auch wenn die ersten Services ganz gut damit liefen, scheint mir der Aufwand erheblich höher und die benötigten Labels für jeden Container nicht grade intuitiv. Da in den meisten Dokus Beispiele für Nginx zu finden sind, bin ich zurück zu dem Nginx Proxy Manager, welchen ich bereits seit Jahren erfolgreich zuhause im Einsatz habe. Auch wenn das bedeutet, dass ein Docker Container nun nicht “automatisch” via Traefik (durch 10-20 vorher zusammen gesuchte Labels je Service….) nach außen bereitgestellt wird, sondern nur nach “einigen wenigen” Klicks im Nginx Proxy Manager…. Nach meinem Gefühl, gibt sich das irgendwie nicht viel.
Einige weitere Dienste stehen noch auf der Liste und auch ein paar neue Sachen möchte ich mit aufnehmen. Bereits installiert sind:
WordPress
Nginx Proxy Manager
Nextcloud
OnlyOffice
Collabora
Bitwarden
MyPhpAdmin
Es folgen noch:
Portainer
Wallabag
Gitlab
Jitsi
Teamspeak
PiHole
Wireguard
OpenLDAP
Und je länger man nachdenkt, desto mehr fällt einem sicherlich noch ein. 🙂 Die Docker-Compose Dateien werde ich dann final auch hier Veröffentlichen mit allen zugehörigen Links, die mir bei der ein oder anderen Schwierigkeit geholfen haben.
About two years ago I installed Nextcloud via the NextcloudPi script in an LXC Debian Stretch Container on my Proxmox Host. Since last year there is a new Debian release called Buster and I wanted to upgrade my container. But somehow it was not possible… there was something broken and on every upgrade I tried, a swap error came up. I searched for hours, but couldn’t find any solutions to this error, so I had to move my whole Nextcloud installation to a new debian buster container. I took the chance to create the new container as unprivileged container. Since I had no experience moving a complete Nextcloud instance, I first read the NC Wiki and had a look at some tutorials. Finally I followed C. Riegers awesome guide on backing and restoring a Nextcloud instance. Everything went well until step 9.
root@nc:/var/www/nextcloud# sudo -u www-data php /var/www/nextcloud/occ maintenance:data-fingerprint
An unhandled exception has been thrown:
Doctrine\DBAL\DBALException: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [1698] Access denied for user 'ncadmin'@'localhost' in /var/www/nextcloud/lib/private/DB/Connection.php:64
As I’ve been restoring on a brand new LXC Buster container, of course a few things were missing. I restored my nextcloud database, but I also had to recreate the “ncadmin” dbuser and grant the right permissions. I looked up the ncadmin password in my nextcloud config.php and added the user.
mysql -u root -p
CREATE USER 'ncadmin'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES on nextcloud.* to ncadmin@localhost;
Next try with step 9.
root@nc:/var/www/nextcloud# sudo -u www-data php /var/www/nextcloud/occ maintenance:data-fingerprint
An unhandled exception has been thrown:
...nextcloud Redis server went away in /var/www/nextcloud/lib/private/Memcache/Redis.php:54
Still no success. Hiting google brought me to this link. C. Rieger was already there. 🙂 While checking /etc/redis/redis.conf I noticed that in my nextcloud config.php there was a different path for redis.sock.
redis.conf
unixsocket /var/run/redis/redis-server.sock
config.php
'host' => '/var/run/redis/redis.sock',
After changing the path I rebooted the container and again tried step 9. Now with success and my Nextcloud instance was back online. I only had to add the new hostname to the trusted domains and could login again. The only thing I couldn’t get to work was the NextcloudPi functionality. Since I was only using the nextcloudpi auto upgrade scripts, I could live without that. I disabled and deinstalled the app from the user interface.
To use OnlyOffice with Nextcloud, your container needs to reachable via https, so you need to add a subdomain and SSL Certificate in your Nginx reverse proxy. Then just go to your Nextcloud installation and install the OnlyOffice Addon. There just enter the new domain to your OnlyOffice Docker Container and the JSON Web Token. Office files should now be editable in OnlyOffice.
If you want to use the external storage app to mount an NFS share in Nextcloud, there are two ways when using Docker. Mount the NFS share directly inside the Docker container. This would be easier when the container is already up and runing. Or mount the NFS share on the Host and pass the mountpoint as an argument when creating the Docker container: -v /mnt/nfs/:/mnt/nfs/
Both, Nextcloud and Collabora, are recommending the Docker installation for Collaboraoffice (here and here). But I wasn’t able to get the Collabora Docker Image running succesfully inside an Debian Buster LXC. There were appearing some errors and as far as I understand, it has something to do with running an LXC on ZFS. After spending about 3 hours I gave up and did a manual installation.
Installation
For a current installation guide, have look on their website here. Install https support for apt and add Collabora CODE repository. (CODE = Collabora Online Development Edition)
You have to edit three sections in the config: SSL handling, inserting your Nextcloud domain as WOPI client and add some credentials for webinterface. So open the config with:
nano /etc/loolwsd/loolwsd.xml
If you are using a reverse proxy (I have running a docker with nginx) which is managing all SSL certifactes, you don’t need local certifactes for your Collaboraoffice. So scroll down to the SSL settings, disable SSL and enable SSL termination.
<ssl desc="SSL settings">
<enable type="bool" desc="Controls whether SSL encryption is enable (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable>
<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses https." type="bool" default="true">true</termination>
2. Next add you Nextcloud domain in the WOPI storage section.
<storage desc="Backend storage">
<filesystem allow="false" />
<wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
<host desc="Regex pattern of hostname to allow or deny." allow="true">localhost</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">nextcloud\.domain\.org</host>
3. Add your credentials fot the webinterface.
<admin_console desc="Web admin console settings.">
<enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
<enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
<username desc="The username of the admin console. Ignored if PAM is enabled.">user_name</username>
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password.">super_secret_password</password>
Now restart loolwsd and check the status.
systemctl restart loolwsd.service
systemctl status loolwsd.service
Check if the https connection is working via browser https://ipaddress:9980 or curl:
Go to your reverse proxy, in my case I just use the nginx webui, and add another subdomain for collabora with an SSL certificate.
You also have to add a few custom locations. Look at the Collabora website for the some nginx configs. I used the second with “SSL terminates at the proxy”. I also added the given custom locations via the webui, e.g.:
You should now be able to reach Collabora through your new subdomain via https. https://collabora.your.domain.org/ And if you added /lool/adminws in your nginx config, you can also access the webui. https://collabora.your.domain.org/loleaflet/dist/admin/admin.html
Install & configure Collabora Online App in Nextcloud
The easiest part is to install the Collabora Online App. If done, go to Settings -> Collabora Online and set your Collabora Domain https://collabora.your.domain.org/ in here. Apply and edit your first excel in Nextcloud.
Add a Token in you local.json file. If your running ONLYOFFICE on linux you will find the file here:
/etc/onlyoffice/documentserver/local.json
Set inbox, outbox and browser to true and add you token in the secret part for inbox, outbox and session. I just generated a random string via Bitwarden.