driver failed programming external connectivity on endpoint nextcloud-aio-domaincheck

[vallamost]

Anyone else seeing this issue?

I just created a brand new Ubuntu 20 Server (VM running in ESXI, NAT'd to a static public IP.), installed Docker. When walking through the install instructions, port forwarding 443, 8443, and 80, installing the NextCloud container; when I log in via the LOCAL IP at 8080 over https with the admin credentials I get The server is not reachable on Port 443.

If I follow the public doc instructions

After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.
E.g. https://internal.ip.of.this.server:8080
If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatially by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443

I don't think these instructions are accurate. I can see the public port open on my public IP but visiting the public domain name via 8443 just times out.

[pestotoast]

It is trying to start the domaincheck container here but that fails. This is probably because port 443 (which is needed by the domaincheck container) is already in use by something else.

Which command did you use to start the master container?

[vallamost]

This is the only thing I used to start NextCloud:

sudo docker run -it \
--name nextcloud-aio-mastercontainer \
--restart always \
-p 80:80 \
-p 8080:8080 \
-p 8443:8443 \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
nextcloud/all-in-one:latest

Sorry need to clarify, if I use the local IP over 8080 I get prompted for the domain name. But it says 443 is unreachable.

root@nextcloud-ubuntu:/home/raat# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      7540/docker-proxy
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      7519/docker-proxy
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      851/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2607/sshd: /usr/sbi
tcp        0      0 127.0.0.1:38391         0.0.0.0:*               LISTEN      5181/containerd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      8901/docker-proxy
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      7498/docker-proxy
tcp6       0      0 :::80                   :::*                    LISTEN      7547/docker-proxy
tcp6       0      0 :::8080                 :::*                    LISTEN      7525/docker-proxy
tcp6       0      0 :::22                   :::*                    LISTEN      2607/sshd: /usr/sbi
tcp6       0      0 :::443                  :::*                    LISTEN      8909/docker-proxy
tcp6       0      0 :::8443                 :::*                    LISTEN      7504/docker-proxy
udp        0      0 127.0.0.53:53           0.0.0.0:*                           851/systemd-resolve
udp        0      0 10.0.0.137:68           0.0.0.0:*                           849/systemd-network
udp6       0      0 fe80::20c:29ff:fea8:546 :::*                                849/systemd-network
root@nextcloud-ubuntu:/home/raat#

root@nextcloud-ubuntu:/home/raat# curl -kv https://ianscloud.korkle.net:8443 --max-time 2
*   Trying 216.xxx.xxx.168:8443...
* TCP_NODELAY set
* Connection timed out after 2001 milliseconds
* Closing connection 0
curl: (28) Connection timed out after 2001 milliseconds
root@nextcloud-ubuntu:/home/raat#

[vallamost]

Update, I can see my cert getting successfully requested but it's not letting me through on 443

{"level":"info","ts":1638655317.9260948,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"ianscloud.korkle.net"}
{"level":"info","ts":1638655317.9261172,"logger":"tls.obtain","msg":"releasing lock","identifier":"ianscloud.korkle.net"}

raat@nextcloud-ubuntu:~$ curl -v -k --max-time 2 https://ianscloud.korkle.net
*   Trying 216.9.1.168:443...
* TCP_NODELAY set
* Connection timed out after 2000 milliseconds
* Closing connection 0
curl: (28) Connection timed out after 2000 milliseconds

Submitting the public domain name on the form that asks what the domain to use I get an HTTP 422 error in the POST request which gives an error message on the page of The server is not reachable on Port 443.

10.0.0.148 - - [04/Dec/2021:22:46:31 +0000] "POST /api/configuration HTTP/1.1" 422 419 "https://10.0.0.137:8080/containers" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0"

I actually modified the src/Data/ConfigurationManager.php to have the dnsIP point to the local IP of 10.0.0.137 and I saw an HTTP 200 on the POST response but the page doesn't move, so the port is indeed open.

127.0.0.1 - - [04/Dec/2021:22:44:59 +0000] "POST /api/configuration HTTP/1.1" 200 440 "https://10.0.0.137:8080/containers" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0"

[Sim0nW0lf]

I am having similar issues:

I am using port 80 and 443 already for apache.

after this startup command:

sudo docker run -it --name nextcloud-aio-mastercontainer --restart always -p 8082:80 -p 8080:8080 -p 8443:8443 --volume /Docker/Nextcloud_Beta/Container-Data/nextcloud_aio_mastercontainer:/mnt/docker-aio-config --volume /var/run/docker.sock:/var/run/docker.sock:ro nextcloud/all-in-one:develop

I get this error message in my browser after logging in on port 8080

Fatal error: Uncaught GuzzleHttp\Exception\ServerException: Server error: `POST http://localhost/v1.41/containers/nextcloud-aio-domaincheck/start` resulted in a `500 Internal Server Error` response: {"message":"driver failed programming external connectivity on endpoint nextcloud-aio-domaincheck (24c0d047eafd1a5bb1896 (truncated...) in /var/www/docker-aio/php/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113 Stack trace: #0 /var/www/docker-aio/php/vendor/guzzlehttp/guzzle/src/Middleware.php(69): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request), Object(GuzzleHttp\Psr7\Response), NULL, Array, NULL) #1 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(204): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Response)) #2 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(153): GuzzleHttp\Promise\Promise::callHandler(1, Object(GuzzleHttp\Psr7\Response), NULL) #3 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/TaskQueue.php(48): GuzzleHttp\Promise\Promise::GuzzleHttp\Promise\{closure}() #4 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(248): GuzzleHttp\Promise\TaskQueue->run(true) #5 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(224): GuzzleHttp\Promise\Promise->invokeWaitFn() #6 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\Promise\Promise->waitIfPending() #7 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\Promise\Promise->invokeWaitList() #8 /var/www/docker-aio/php/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\Promise\Promise->waitIfPending() #9 /var/www/docker-aio/php/vendor/guzzlehttp/guzzle/src/Client.php(187): GuzzleHttp\Promise\Promise->wait() #10 /var/www/docker-aio/php/vendor/guzzlehttp/guzzle/src/ClientTrait.php(95): GuzzleHttp\Client->request('POST', 'http://localhos...', Array) #11 /var/www/docker-aio/php/src/Docker/DockerActionManager.php(155): GuzzleHttp\Client->post('http://localhos...') #12 /var/www/docker-aio/php/src/Controller/DockerController.php(40): AIO\Docker\DockerActionManager->StartContainer(Object(AIO\Container\Container)) #13 /var/www/docker-aio/php/src/Controller/DockerController.php(165): AIO\Controller\DockerController->PerformRecursiveContainerStart('nextcloud-aio-d...') #14 /var/www/docker-aio/php/public/index.php(75): AIO\Controller\DockerController->StartDomaincheckContainer() #15 /var/www/docker-aio/php/vendor/slim/slim/Slim/Handlers/Strategies/RequestResponse.php(43): Closure->{closure}(Object(GuzzleHttp\Psr7\ServerRequest), Object(GuzzleHttp\Psr7\Response), Array) #16 /var/www/docker-aio/php/vendor/slim/slim/Slim/Routing/Route.php(384): Slim\Handlers\Strategies\RequestResponse->__invoke(Object(Closure), Object(GuzzleHttp\Psr7\ServerRequest), Object(GuzzleHttp\Psr7\Response), Array) #17 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(81): Slim\Routing\Route->handle(Object(GuzzleHttp\Psr7\ServerRequest)) #18 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(81): Slim\MiddlewareDispatcher->handle(Object(GuzzleHttp\Psr7\ServerRequest)) #19 /var/www/docker-aio/php/vendor/slim/slim/Slim/Routing/Route.php(341): Slim\MiddlewareDispatcher->handle(Object(GuzzleHttp\Psr7\ServerRequest)) #20 /var/www/docker-aio/php/vendor/slim/slim/Slim/Routing/RouteRunner.php(84): Slim\Routing\Route->run(Object(GuzzleHttp\Psr7\ServerRequest)) #21 /var/www/docker-aio/php/vendor/slim/csrf/src/Guard.php(456): Slim\Routing\RouteRunner->handle(Object(GuzzleHttp\Psr7\ServerRequest)) #22 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(209): Slim\Csrf\Guard->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Slim\Routing\RouteRunner)) #23 /var/www/docker-aio/php/vendor/slim/twig-view/src/TwigMiddleware.php(125): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest)) #24 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(147): Slim\Views\TwigMiddleware->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous)) #25 /var/www/docker-aio/php/src/Middleware/AuthMiddleware.php(38): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest)) #26 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(313): AIO\Middleware\AuthMiddleware->__invoke(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous)) #27 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(81): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest)) #28 /var/www/docker-aio/php/vendor/slim/slim/Slim/App.php(215): Slim\MiddlewareDispatcher->handle(Object(GuzzleHttp\Psr7\ServerRequest)) #29 /var/www/docker-aio/php/vendor/slim/slim/Slim/App.php(199): Slim\App->handle(Object(GuzzleHttp\Psr7\ServerRequest)) #30 /var/www/docker-aio/php/public/index.php(140): Slim\App->run() #31 {main} thrown in /var/www/docker-aio/php/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on line 113

[szaimen]

I am using port 80 and 443 already for apache.

Sry but port 443 is required. See https://github.com/nextcloud/all-in-one#which-ports-are-mandatory-to-be-open

[vallamost]

@szaimen Why are you closing my issue? Port 443 is open for me and I'm getting port unreachable in a NAT'd environment.

Can you please re-open my issue?

[szaimen]

driver failed programming external connectivity on endpoint nextcloud-aio-domaincheck

So you didn't have this issue anymore? After restarting the mastercontainer and logging in?
Or did you modify the container in any way?

[vallamost]

I still get that error without modifying the container in anyway. I don't recall at this time what triggers it but it happens when trying to walk through the setup on a NAT'd connection.

[szaimen]

The issue points to an already running service on port 443. Maybe you installed a webserver or snap on your ubuntu vm without knowing?

[vallamost]

The service running on 443 is your NextCloud docker container that handles the cert generation :)

[vallamost]

I think you may be confusing two different issues.

1. The main NextCloud container cannot connect to the domaincheck container on 443 when it should. I think this is due to how your backend logic is handling networking / IP traffic. Port 443 is open and available but your master container can't figure out how to reach it as seen in this screenshot:
   

Here are POST calls for the domain I'm trying to use

127.0.0.1 - - [07/Dec/2021:05:10:58 +0000] "POST /api/configuration HTTP/1.1" 422 397 "https://10.0.0.137:8080/containers" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0"
172.17.0.2:8080 10.0.0.148 - - [07/Dec/2021:05:10:58 +0000] "POST /api/configuration HTTP/1.1" 422 419 "https://10.0.0.137:8080/containers" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0"
10.0.0.148 - - [07/Dec/2021:05:10:58 +0000] "POST /api/configuration HTTP/1.1" 422 419 "https://10.0.0.137:8080/containers" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0"

We can see port 443 available just fine on the other container.

root@nextcloud-ubuntu:/home/raat# docker ps
CONTAINER ID   IMAGE                              COMMAND                  CREATED          STATUS          PORTS                                                                                                                     NAMES
5a6f2a970436   nextcloud/aio-domaincheck:latest   "/start.sh"              18 seconds ago   Up 16 seconds   0.0.0.0:443->443/tcp, :::443->443/tcp                                                                                     nextcloud-aio-domaincheck
fe2e83189876   nextcloud/all-in-one:latest        "start.sh /usr/bin/s…"   44 seconds ago   Up 37 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:8443->8443/tcp, :::8443->8443/tcp   nextcloud-aio-mastercontainer
root@nextcloud-ubuntu:/home/raat#

External port check from https://www.yougetsignal.com/tools/open-ports/:

I can telnet to 443 fine on your container as well

root@nextcloud-ubuntu:/home/raat# telnet 10.0.0.137 443
Trying 10.0.0.137...
Connected to 10.0.0.137.
Escape character is '^]'.

HTTP/1.0 400 Bad Request
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Tue, 07 Dec 2021 05:30:39 GMT
Server: lighttpd/1.4.61

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>400 Bad Request</title>
 </head>
 <body>
  <h1>400 Bad Request</h1>
 </body>
</html>
Connection closed by foreign host.
root@nextcloud-ubuntu:/home/raat#

---

2nd issue:
2) driver failed programming happens if I delete the containers and retry without properly cleaning up the volumes and restarting the main docker service.

I'm happy to do a screenshare and live debugging call to help you on these if you want.

[szaimen]

Honestly I don't know what the bug you are experiencing could be. I can only report that it works here and everywhere else because there would be many more people that would run into your issue if it would be really an issue on our side.

The error that you get on your latest screenshot is triggered here:

all-in-one/php/src/Data/ConfigurationManager.php

Lines 115 to 120 in 02365fd

	$connection = @fsockopen($domain, 443, $errno, $errstr, 0.1);
	if ($connection) {
	fclose($connection);
	} else {
	throw new InvalidSettingConfigurationException("The server is not reachable on Port 443.");
	}

Maybe it helps you figure out why that seems to fail.

It should actually successfully connect to the domaincheck container if your server is correctly reachable via that domain and you've correctly set up port-forwarding and co.

[vallamost]

Thanks, yeah, I was modifying that code earlier and I got HTTP 200s if I comment out that code and hard code the IP to be the local IP instead of the public IP but the UI isn't able to progress.