I’m trying to set up Nextcloud using the AIO Docker install onto my Synology.

I got through the first stage of setup, and navigated to the /containers page. It shows all containers as “Starting”, with a yellow dot. Except for the Fulltextsearch, which is Stopped red (due to me stopping it, after I realised I had installed it despite my platform not supporting Seccomp, but the “Optional containers” checkbox being greyed out even when it’s stopped).

Many of these containers show as green/healthy in the DSM Container Manager even though the /containers page doesn’t show them as such.

Logs for the different containers:

Mastercontainer logs: 
Trying to fix docker.sock permissions internally...
Adding internal www-data to group root
DOCKER_API_VERSION was found to be set to '1.43'.
Please note that only v1.44 is officially supported and tested by the maintainers of Nextcloud AIO.
So you run on your own risk and things might break without warning.
WARNING: No kernel memory TCP limit support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
WARNING: No kernel memory TCP limit support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
Initial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080/
⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!

If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443/
/usr/lib/python3.12/site-packages/supervisor/options.py:13: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
  import pkg_resources
{"level":"warn","ts":1766322552.6626272,"msg":"failed to set GOMAXPROCS","error":"open /sys/fs/cgroup/cpu/cpu.cfs_quota_us: no such file or directory"}
{"level":"info","ts":1766322552.6628811,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":3671407411,"previous":9223372036854775807}
{"level":"info","ts":1766322552.6629462,"msg":"using config from file","file":"/Caddyfile"}
{"level":"info","ts":1766322552.6645825,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"info","ts":1766322552.6664238,"msg":"serving initial configuration"}
[mpm_event:notice] [pid 152:tid 152] AH00489: Apache/2.4.66 (Unix) OpenSSL/3.5.4 configured -- resuming normal operations
[core:notice] [pid 152:tid 152] AH00094: Command line: 'httpd -D FOREGROUND'
NOTICE: fpm is running, pid 157
NOTICE: ready to handle connections
NOTICE: PHP message: 404 Not Found
Type: Slim\Exception\HttpNotFoundException
Code: 404
Message: Not found.
File: /var/www/docker-aio/php/vendor/slim/slim/Slim/Middleware/RoutingMiddleware.php
Line: 76
Trace: #0 /var/www/docker-aio/php/vendor/slim/slim/Slim/Routing/RouteRunner.php(62): Slim\Middleware\RoutingMiddleware->performRouting(Object(GuzzleHttp\Psr7\ServerRequest))
#1 /var/www/docker-aio/php/vendor/slim/csrf/src/Guard.php(482): Slim\Routing\RouteRunner->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#2 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(178): Slim\Csrf\Guard->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Slim\Routing\RouteRunner))
#3 /var/www/docker-aio/php/vendor/slim/twig-view/src/TwigMiddleware.php(117): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#4 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(129): Slim\Views\TwigMiddleware->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous))
#5 /var/www/docker-aio/php/src/Middleware/AuthMiddleware.php(53): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#6 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(283): AIO\Middleware\AuthMiddleware->__invoke(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous))
#7 /var/www/docker-aio/php/vendor/slim/slim/Slim/Middleware/ErrorMiddleware.php(77): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#8 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(129): Slim\Middleware\ErrorMiddleware->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous))
#9 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(73): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#10 /var/www/docker-aio/php/vendor/slim/slim/Slim/App.php(209): Slim\MiddlewareDispatcher->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#11 /var/www/docker-aio/php/vendor/slim/slim/Slim/App.php(193): Slim\App->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#12 /var/www/docker-aio/php/public/index.php(200): Slim\App->run()
#13 {main}
Tips: To display error details in HTTP response set "displayErrorDetails" to true in the ErrorHandler constructor.
NOTICE: Terminating ...
NOTICE: exiting, bye-bye!
[mpm_event:notice] [pid 152:tid 152] AH00491: caught SIGTERM, shutting down
Database logs: 
+ rm -rf '/var/lib/postgresql/data/*'
+ touch /mnt/data/initial-cleanup-done
+ set +ex
chmod: /var/run/postgresql: Operation not permitted
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/data ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default "max_connections" ... 100
selecting default "shared_buffers" ... 128MB
selecting default time zone ... Australia/Brisbane
creating configuration files ... ok
running bootstrap script ... ok
sh: locale: not found
[30] WARNING:  no usable system locales were found
performing post-bootstrap initialization ... ok
initdb: warning: enabling "trust" authentication for local connections
initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.
syncing data to disk ... ok


Success. You can now start the database server using:

    pg_ctl -D /var/lib/postgresql/data -l logfile start

waiting for server to start....
[36] LOG:  starting PostgreSQL 17.7 on x86_64-pc-linux-musl, compiled by gcc (Alpine 15.2.0) 15.2.0, 64-bit
[36] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
[39] LOG:  database system was shut down at 2025-12-21 23:21:07 AEST
[36] LOG:  database system is ready to accept connections
 done
server started
CREATE DATABASE


/usr/local/bin/docker-entrypoint.sh: running /docker-entrypoint-initdb.d/init-user-db.sh
CREATE ROLE
ALTER DATABASE
+ touch /mnt/data/initialization.failed
+ psql -v ON_ERROR_STOP=1 --username nextcloud --dbname nextcloud_database
GRANT
GRANT
+ rm /mnt/data/initialization.failed

waiting for server to shut down....2025-12-21 23:21:12.597 AEST [36] LOG:  received fast shutdown request
+ set +ex
[36] LOG:  aborting any active transactions
[36] LOG:  background worker "logical replication launcher" (PID 42) exited with exit code 1
[37] LOG:  shutting down
[37] LOG:  checkpoint starting: shutdown immediate
[37] LOG:  checkpoint complete: wrote 934 buffers (5.7%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.805 s, sync=0.674 s, total=2.456 s; sync files=308, longest=0.322 s, average=0.003 s; distance=4260 kB, estimate=4260 kB; lsn=0/19163B0, redo lsn=0/19163B0
[36] LOG:  database system is shut down
 done
server stopped

PostgreSQL init process complete; ready for start up.

[14] LOG:  starting PostgreSQL 17.7 on x86_64-pc-linux-musl, compiled by gcc (Alpine 15.2.0) 15.2.0, 64-bit
[14] LOG:  listening on IPv4 address "0.0.0.0", port 5432
[14] LOG:  listening on IPv6 address "::", port 5432
[14] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
[57] LOG:  database system was shut down at 2025-12-21 23:21:15 AEST
[14] LOG:  database system is ready to accept connections
[55] LOG:  checkpoint starting: time
[55] LOG:  checkpoint complete: wrote 48 buffers (0.3%); 0 WAL file(s) added, 0 removed, 0 recycled; write=4.592 s, sync=0.911 s, total=6.666 s; sync files=13, longest=0.172 s, average=0.071 s; distance=270 kB, estimate=270 kB; lsn=0/1959CE8, redo lsn=0/1959C58
++ rm -f /mnt/data/database-dump.sql.temp
++ touch /mnt/data/export.failed
++ pg_dump --username nextcloud nextcloud_database
++ rm -f /mnt/data/database-dump.sql
++ mv /mnt/data/database-dump.sql.temp /mnt/data/database-dump.sql
++ pg_ctl stop -m fast
[14] LOG:  received fast shutdown request
[14] LOG:  aborting any active transactions
[14] LOG:  background worker "logical replication launcher" (PID 60) exited with exit code 1
[55] LOG:  shutting down
[55] LOG:  checkpoint starting: shutdown immediate
[55] LOG:  checkpoint complete: wrote 0 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.001 s, sync=0.001 s, total=0.502 s; sync files=0, longest=0.000 s, average=0.000 s; distance=0 kB, estimate=243 kB; lsn=0/1959D98, redo lsn=0/1959D98
[14] LOG:  database system is shut down
waiting for server to shut down.... done
server stopped
++ rm /mnt/data/export.failed
++ echo 'Database dump successful!'
++ set +x
Database dump successful!
Setting postgres values...
chmod: /var/run/postgresql: Operation not permitted

PostgreSQL Database directory appears to contain a database; Skipping initialization

[14] LOG:  starting PostgreSQL 17.7 on x86_64-pc-linux-musl, compiled by gcc (Alpine 15.2.0) 15.2.0, 64-bit
[14] LOG:  listening on IPv4 address "0.0.0.0", port 5432
[14] LOG:  listening on IPv6 address "::", port 5432
[14] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
[24] LOG:  database system was shut down at 2025-12-21 23:49:29 AEST
[14] LOG:  database system is ready to accept connections
Nextcloud logs: 
Waiting for database to start...
Waiting for database to start...
Waiting for database to start...
Redis logs: 
Memory overcommit is disabled but necessary for safe operation
See https://github.com/nextcloud/all-in-one/discussions/1731 how to enable overcommit
Redis has started
# WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. Being disabled, it can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
# WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.

I don’t think Redis is related to my current problem, but I suspect they may be an issue later…

Configuration

AIO compass.yaml file: 
name: nextcloud-aio
services:
  nextcloud-aio-mastercontainer:
    image: ghcr.io/nextcloud-releases/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /run/docker.sock:/var/run/docker.sock:ro
    network_mode: bridge
    ports:
      - 8080:8080
    environment:
      APACHE_PORT: 11000
      APACHE_IP_BINDING: 127.0.0.1
      DOCKER_API_VERSION: 1.43 # As far as I can tell, this is the version supported on Synology when running "docker version | grep API"
      NEXTCLOUD_DATADIR: /volume1/nextcloud
      WATCHTOWER_DOCKER_SOCKET_PATH: /run/docker.sock
      COLLABORA_SECCOMP_DISABLED: true

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

Does anyone have any idea of how to get this working? Or of good troubleshooting steps to try?

  • StoryTooMany@aussie.zoneEnglish
    2·
    3 months ago

    Interesting, my Synology only has 1.41 as the highest Docker API. It also has the standard /var/run/docker.sock path, no need for the override.

    I don’t run Nextcloud on it though. Synology’s stuff is often too out of date or customised to run on the bare metal. Just getting Nextcloud backups working to the Synology with Borg was a nightmare with their weird SSH permissions system.

    Judging by that error in the Master container logs and the incomplete status info, it might be failing to get the container status. Glancing at the AOI code, GuzzleHttp is what it uses to talk to Docker, so a 404 there suggests its making a request to docker but that url doesn’t exist. My guess is it’s your API version isn’t actually supported by the AIO code - its asking for something that doesn’t exist in 1.43.

    Unfortunately, it looks like AIO recently (in the last few weeks) updated and the minimum Docker API is now 1.44, hence that warning you get. I would maybe try 1.41, as that was the previously supported version and is likely to be the most compatible. It doesn’t seem possible to downgrade the AIO container either, as that will lock you to the associated NextCloud version.

    I would consider an alternative installation method, tbh. A VM on the Synology might work, and let you update Docker independent of Synology’s schedule

    • Zagorath@aussie.zoneOPEnglish
      1·
      3 months ago

      Interesting, my Synology only has 1.41 as the highest Docker API. It also has the standard /var/run/docker.sock path, no need for the override.

      Very interesting. I have a DS923+ running DSM 7.3.2.

      Just checking that I’m doing it right. I ssh into the Synology and run docker version, then read out the “API version”. Is that right?

      Synology’s stuff is often too out of date or customised to run on the bare metal

      That was actually why I was hoping to run Nextcloud on it through Docker, rather than running the version of Nextcloud that’s in the DS Package Center.

      My guess is it’s your API version isn’t actually supported by the AIO code - its asking for something that doesn’t exist in 1.43

      Ah damn. That’s unfortunate. I was hoping that being only one version behind, the official claim that only the latest version is supported would be more of a “just in case” disclaimer, rather than something that actually causes meaningful issues.

      Thanks for the help.

      • StoryTooMany@aussie.zoneEnglish
        2·
        3 months ago

        I ssh into the Synology and run docker version, then read out the “API version”. Is that right?

        Yes, API version, specifically the server one.

        Running inside Docker is great, except where your program also talks to Docker, in which case the host version can matter. I’m just guessing here, since the log doesn’t actually list the url that got a 404, but it would fit the symptoms. You might be able to see something from the Docker daemon logs after opening the AIO web UI.

        • Zagorath@aussie.zoneOPEnglish
          1·
          3 months ago

          You might be able to see something from the Docker daemon logs after opening the AIO web UI

          Which logs is that, sorry? And I’m guessing you mean when I load up :8080/containers? The page screenshotted in the OP?

          • StoryTooMany@aussie.zoneEnglish
            2·
            3 months ago

            Yes, when you load the page. The logs for Docker itself would be viewed through SSH using something like journalctl -u docker.service. If you’re lucky it’ll report something there when you load the page and it makes the invalid request

            • Zagorath@aussie.zoneOPEnglish
              1·
              3 months ago

              Damn. I thought that might be what you meant, but unfortunately it doesn’t seem to work. I tried refreshing the page a few times first, and then:

              $ sudo journalctl -u docker.service
-- No entries --

              And the other two options mentioned on Docker’s guide to logs were equally unhelpful. /var/log/syslog doesn’t exist, and sudo cat /var/log/messages spits out an enormous amount of stuff, but the most recent is over 3 hours ago and not obviously related to any of this. (Note: it’s 16:05 as I write this.)

              2025-12-30T02:27:45+10:00 Synology1 synopkgctl[17441]: util.cpp:127 Install extension done
2025-12-30T02:27:45+10:00 Synology1 root[17622]: CS: [start-stop-status]: Synology Drive start...
2025-12-30T02:27:48+10:00 Synology1 redis-server[17759]: oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
2025-12-30T02:27:48+10:00 Synology1 redis-server[17759]: Redis version=6.2.19, bits=64, commit=813cfe7f, modified=0, pid=17759, just started
2025-12-30T02:27:48+10:00 Synology1 redis-server[17759]: Configuration loaded
2025-12-30T02:27:54+10:00 Synology1 srvctl[18182]: (18182:59552) [INFO] client-updater.cpp(307): ====== ClientUpdater Starting. ======
2025-12-30T02:27:54+10:00 Synology1 srvctl[18182]: (18182:59552) [INFO] client-updater.cpp(326): ClientUpdater: release version from DB: 46
2025-12-30T02:27:54+10:00 Synology1 srvctl[18182]: (18182:59552) [INFO] client-updater.cpp(596): ====== ClientUpdater Success.  ======
2025-12-30T02:35:55+10:00 Synology1 invoked[9073]: store.cpp:229 failed to parse response: .
2025-12-30T03:10:06+10:00 Synology1 synoconfbkp[10005]: service/auto_config_backup.cpp:231 The key value is empty: priKey_hash
2025-12-30T03:10:06+10:00 Synology1 synoconfbkp[10005]: service/auto_config_backup.cpp:231 The key value is empty: pwd_hash
2025-12-30T03:49:40+10:00 Synology1 invoked[9073]: store.cpp:229 failed to parse response: .
2025-12-30T12:49:52+10:00 Synology1 dlid[15920]: server error. [504]
2025-12-30T12:49:52+10:00 Synology1 dlid[15920]: Error downloading payload
2025-12-30T12:49:52+10:00 Synology1 dlid[15920]: Error execute payload

              Piping the output to grep -i next doesn’t give any results since I obtained Let’s Encrypt certs over a week ago. grep -i docker only gives:

              2025-12-30T02:24:32+10:00 Synology1 synowebapi_SYNO.Docker.Container_1_stop[31186]: profile.cpp:1187 WebStation is not enabled

              Repeated 9 total times with different numbers in the square brackets, between 02:24:00 and 02:26:00. (Plus some other responses from 2+ weeks ago.)

              • StoryTooMany@aussie.zoneEnglish
                2·
                3 months ago

                Damn. It was worth a shot. There might be a way to turn on more logging, but it’s probably not worth the effort diagnosing the issue further. This far into the weeds it won’t get you much, unless you want to start making bug reports to NextCloud