I have several services installed on my Digitalocean VPS server (Ubuntu 24.04 LTS):

1. Wireguard “baremetal” installation (via apt get).
2. Nextcloud SNAP installation.
3. Docker and docker compose and docker container instllation of Portainer. (docker open port 8080 for local agent and 9443 for webUI)
4. NGINX “baremetal” installation (via apt get).
5. Letencryp SNAP installaion.

Now I want install n8n via docker container, but I already have bad installation experience. The problem was that Nextcloud was already configured (NGINX as reverse proxy and Nextcloud letsencrypt functionality), and when I try to use for issuing certificates via SNAP Letsencrypt and NGINX for Nextcloud and Portainer – everything stopped working.

So, I show you how was setuped Nextcloud with Letsencrypt.

1. Standard SNAP-application installation
2. Setuped trusted domain and subdomain

snap run nextcloud.occ config:system:set trusted_domains 1 –value=mydomain.com
snap run nextcloud.occ config:system:set trusted_domains 1 –value=cloud.mydomain.com
3. Enabled Nextcloud letsencrypt functionality
snap run nextcloud.enable-https lets-encrypt

4. Setuped NGINX:
   add /etc/nginx/sites-available/nextcloud and /etc/nginx/sites-enable/nextcloud

   server {
   listen 80;
   listen [::]:80;
   server_name cloud.domain.com;
   location / {
   proxy_pass_header Server;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_pass http://127.0.0.1:8080;
   }

add file /etc/nginx/tcpconf.d/nextcloud

stream {
        server {
                listen 443;
                listen [::]:443;
                proxy_pass 127.0.0.1:8443;
        }
}

…and all working good! I ype http://cloud.domain.com and join to Nextcloud https://cloud.domain.com via SSL.

After that I installed Portainer (via docker container) and decided to reconfigure everything.

How I setuped Portainer:
”’
docker volume create portainer_data
docker run -d -p 8000:8000 -p 9443:9443 –name portainer –restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
”’

So next I create NGINX files for Portainer.

sudo mkdir -p /var/www/portainer.domain.com/html
sudo chown -R $USER:$USER /var/www/portainer.domain.com/html/

sudo cp /etc/nginx/sites-available/nextcloud /etc/nginx/sites-available/portainer
sudo nano /etc/nginx/sites-available/portainer
sudo systemctl restart nginx

sudo ln -s /etc/nginx/sites-available/portainer /etc/nginx/sites-enabled/portainer

#sudo cp /etc/nginx/tcpconf.d/nextcloud /etc/nginx/tcpconf.d/portainer 
#sudo nano /etc/nginx/tcpconf.d/portainer 

sudo systemctl restart nginx

And its not working. First of all I delete all NGINX configs for Portainer and delete /etc/nginx/tcpconf.d/nextcloud and I see that Nextcloud work as I expected. Maybe tcpconf.d/nextcloud was redundant? Ok.

Next for experiment I delete all about Nextcloud NGINX configuration files and try setup Portainer.
I setuped SNAP Letsencrypt and add certs to NGINX Portainer config:
sudo certbot –nginx -d portainer.domain.com

Now I have only 1 NGINX config /etc/nginx/sites-available/portainer and /etc/nginx/sites-enable/portainer:

        location / {
                proxy_pass_header   Server;
                proxy_set_header    Host $host;
                proxy_set_header    X-Real-IP $remote_addr;
                proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header    X-Forwarded-Proto $scheme;
                proxy_pass          https://0.0.0.0:9443;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/portainer.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/portainer.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = portainer.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
        listen 80;
        listen [::]:80;
        server_name portainer.domain.com;
    return 404; # managed by Certbot
}

I understnad that now Portainer can work via SSL and should take letsencrypt certs in setup process, but when I join webinterface I cant see SSL cert.
No SSL certs in browser

So, now I have working Portainer withouth SSL certificates or working Nextcloud with SSL certificates. And I dont uderstand how to fix NGINX for work like reverse proxy for Nextcloud and Portainer and add SSL certs via NGINX for both.

Just for information

sudo netstat -tulpn

sudo ufw status