Skip to content

OpenCloud + external NGINX : error 500 on logging with bind volumes #195

New issue
New issue
Open
Open
OpenCloud + external NGINX : error 500 on logging with bind volumes#195
@Draky50110

Description

@Draky50110
Draky50110
opened on Jan 2, 2026

Hello.

I tried to used bind/mounted volumes for an OpenCloud instance, using external SWAG docker (nginx).

All were OK with docker volumes but now I can't use admin password as defined in .env.

Here is docker-compose .yml :
services:
opencloud:
image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
# changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog
# release notes: https://docs.opencloud.eu/opencloud_release_notes.html
user: ${OC_CONTAINER_UID_GID:-1000:1000}
networks:
opencloud-net:
swag_default:
entrypoint:
- /bin/sh
# run opencloud init to initialize a configuration file with random secrets
# it will fail on subsequent runs, because the config file already exists
# therefore we ignore the error and then start the opencloud server
command: ["-c", "opencloud init || true; opencloud server"]
environment:
# enable services that are not started automatically
OC_ADD_RUN_SERVICES: ${START_ADDITIONAL_SERVICES}
OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}
OC_LOG_LEVEL: ${LOG_LEVEL:-info}
OC_LOG_COLOR: "${LOG_PRETTY:-false}"
OC_LOG_PRETTY: "${LOG_PRETTY:-false}"
# do not use SSL between the reverse proxy and OpenCloud
PROXY_TLS: "false"
# INSECURE: needed if OpenCloud / reverse proxy is using self generated certificates
OC_INSECURE: "${INSECURE:-false}"
# basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
# demo users
IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
# admin password
IDM_ADMIN_PASSWORD: "${INITIAL_ADMIN_PASSWORD}"
# email server (if configured)
NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}"
NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}"
NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-OpenCloud Notifications notifications@cloud.opencloud.test}"
NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}"
NOTIFICATIONS_SMTP_PASSWORD: "${SMTP_PASSWORD}"
NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE:-false}"
NOTIFICATIONS_SMTP_AUTHENTICATION: "${SMTP_AUTHENTICATION}"
NOTIFICATIONS_SMTP_ENCRYPTION: "${SMTP_TRANSPORT_ENCRYPTION:-none}"
FRONTEND_ARCHIVER_MAX_SIZE: "10000000000"
FRONTEND_CHECK_FOR_UPDATES: "${CHECK_FOR_UPDATES:-true}"
PROXY_CSP_CONFIG_FILE_LOCATION: /etc/opencloud/csp.yaml
# enable to allow using the banned passwords list
OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt
# control the password enforcement and policy for public shares
OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:-true}"
OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD:-false}"
OC_PASSWORD_POLICY_DISABLED: "${OC_PASSWORD_POLICY_DISABLED:-false}"
OC_PASSWORD_POLICY_MIN_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_CHARACTERS:-8}"
OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:-1}"
OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:-1}"
OC_PASSWORD_POLICY_MIN_DIGITS: "${OC_PASSWORD_POLICY_MIN_DIGITS:-1}"
OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:-1}"
volumes:
- ./config/opencloud/csp.yaml:/etc/opencloud/csp.yaml
- ./config/opencloud/banned-password-list.txt:/etc/opencloud/banned-password-list.txt
# configure the .env file to use own paths instead of docker internal volumes
- ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
- ${OC_DATA_DIR:-opencloud-data}:/var/lib/opencloud
- /srv/dev-disk-by-uuid-d8bffa60-55e6-4f01-9272-cbfd70470062/DOWNLOADS/Documents:/var/lib/opencloud
- ${OC_APPS_DIR:-./config/opencloud/apps}:/var/lib/opencloud/web/assets/apps
logging:
driver: ${LOG_DRIVER:-local}
restart: always

#volumes:

opencloud-config:

opencloud-data:

networks:
opencloud-net:
swag_default:
external: true

And here is docker logs :
2026-01-02T20:02:19Z ERR invalid credentials bind_dn=uid=idp,ou=sysusers,o=libregraph-idm line=github.com/opencloud-eu/opencloud/pkg/log/logrus_wrapper.go:50 op=bind remote_addr=127.0.0.1:37622 service=idm
2026-01-02T20:02:19Z ERR identifier failed to logon with backend error="ldap identifier backend logon connect error: LDAP Result Code 49 "Invalid Credentials": " line=github.com/opencloud-eu/opencloud/pkg/log/logrus_wrapper.go:50 service=idp

Any idea ?
Not sure ldap is started and didn't find where I would need to change something...

root@openmediavault:~/CONFIG/opencloud# tree -a
.
├── apps
├── config
│   ├── banned-password-list.txt
│   ├── csp.yaml
│   ├── opencloud.yaml
│   ├── proxy.yaml
│   └── radicale
│   └── config
├── data
└── radicale
└── data

8 directories, 4 files

Thanks

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions