Docker Community Forums

Share and learn in the Docker community.

Nextcloud data - remote pc

Hi.
I am relatively new to docker but with help from the many good online resources (incl. here!) I have got a docker compose installation running on a raspberry Pi 3B.
I have an nginx container running as a reverse proxy for various other container services (incl. home assistant for example).
I want to run a nextcloud container as well, but on another pc.
My question is therefore, is it possible to keep all incoming traffic directed to the reverse proxy on the Pi with a setup that redirects the nexctcloud traffic to and from the pc, such that only the pi has WAN access?
I assume there will be some configuration of the docker network necessary, or will it all be done in the nextcloud configuration? Any help greatly appreciated.
Here is part of my docker-compose setup:

networks:
  rproxy:
    name: rproxynet    


services:
  nginx:
    container_name: reverseproxy
    image: nginx:latest
    depends_on:
      - kanboard
    networks:
      - rproxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /home/pi/reverseproxy/nginx:/etc/nginx
      - /etc/letsencrypt/:/etc/letsencrypt
    restart: unless-stopped

kanboard:
  container_name: kanboard
  image: kanboard/kanboard:latest
  networks:
    - rproxy
  volumes:
    - /home/pi/kanboard/data:/var/www/app/data
    - /home/pi/kanboard/plugins:/var/www/app/plugins
  restart: unless-stopped

homeassistant:
  container_name: home-assistant
  image: homeassistant/raspberrypi3-homeassistant
  depends_on:
    - kanboard
  networks:
    - rproxy
  volumes:
    - /home/pi/homeassistant:/config
  environment:
    - TZ=Europe/London 
 restart: unless-stopped

That can be completly solved within your nginx reverse proxy configuration.
For nginx, it does not matter wether the target is a container or another host.

Side notes:
Your docker-compose.yml is an incoherent mix of services. I would suggest to seperate incoherent services into their own stack. Though, you will need to create the network from the cli and mark it in the docker-compose.yml files as external.

Also, why would the nginx container depend on the kanboard service? Whenever the target service is available, the rp rules will apply, regardless wether it was started befor or after nginx.

Thanks for the reply.
If the nextcloud installation is in a docker container on the pc is this still possible? (i.e. how to reference a container on a remote pc).

Also thanks for the suggestions on the setup generally. I can see now that it should have been that kanboard should be dependent on nginx and not the other way around.

Just publish the container port (like you do for nginx) for your nc container. Then use the hosts ip and the published host port to communicate with the other container thru the published port.

This dependence should not realy matter… as Kanbaoard works independently and nginx will regardless wether the target is available or not - whenver the target becomes available the reverse proxy rule will work. Though, the bigger point was “why mix unrelated services?”

Excellent, thanks. Now i know what documentation areas to study.

The thinking behind the nginx / kanboard dependency was that since nginx is a reverse proxy, it should be up and running before access to kanboard is possible.

Once a client recieves a 401 or 403 status response it will do a fetch to /index.php/core/wipe/check and set the token parameter to the apptoken.

curl https://cloud.example.com/index.php/core/wipe/check -X POST -d ‘token=’
In case the client gets back a 200 status code and a JSON array with wipe set to true like:

{
“wipe”:true
}
then the client should proceed to wipe the device.