Nextcloud installation with Docker and a secure NGINX reverse proxy
Jul 16 2024
Nextcloud is a fantastic self-hosted package which you can use not only for file transfer but also for different things, such as Calendar and Contact synchronization, Notes and much much more. However, it is often a hassle to install manually. This is why today we will be exploring a simple way to install it from scratch through Docker. We will also see how to properly secure the installation through a SSL certificate.
This tutorial assumes that you have your own VPS and have access through a command line (probably SSH) to it.
For practical usage I am also assuming that you have your own domain name example.com
to that we can get Nextcloud running on a subdomain e.g. cloud.example.com
.
Docker installation
The first obvious requirement is that you have Docker installed. Of course, this will depend on your Operating System of choice, here I am assuming a generic Linux situation (Debian). See the Docker website for a straightforward tutorial for the installation of Docker and Docker Compose.
Besides that we will also need nginx
and certbot
.
This is because we will setup a reverse proxy that will not run in a container but rather on our system itself.
This has the advantage that you can also run other Docker containers through it if you should ever want to.
apt install nginx certbot
Nextcloud Docker container
The first thing we want to do is to get a Nextcloud Docker container running. This part is taken from the official Nextcloud Docker Github tutorial.
In essence, one single command for all default settings is enough to get the Docker container set up:
docker run -d -p 8080:80 nextcloud
By default the Nextcloud data will be stored in /var/lib/docker/volumes/
.
It's literally that easy - that's the advantage of Docker.
Now we will have to take care of come other things.
Domain setup
If you haven't already done so, through your Domain registrar (or otherwise DNS provider such as Cloudflare) setup subdomain records pointing to the IPv4 an IPv6 address of your VPS:
Make a A
record (e.g. cloud
) pointing to the IPv4 address and a AAAA
record pointing to the IPv6 address.
Later we will obtain SSL certificates for this subdomain.
That's all for the setup of our subdomain.
NGINX reverse proxy
On your VPS we now want to setup a NGINX reverse proxy, that will open up our Nextcloud Docker installation to the whole internet in a secure way.
NGINX config for Docker
Create a new file in /etc/nginx/sites-avaiable/nextcloud-docker
using your favorite text editor.
Paste the following content into it:
upstream nextcloud-docker {
zone docker-cloud 64k;
server 127.0.0.1:8080;
keepalive 2;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' "";
}
server {
listen 80;
listen [::]:80;
server_name cloud.example.com;
if ($host = cloud.example.com) {
return 301 https://$host$request_uri;
}
return 404;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.example.com;
ssl_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cloud.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 525M;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://nextcloud-docker;
}
}
Make sure to replace cloud.example.com
with your desired (sub-)domain.
Earlier we have run the Docker command with port 8080
.
This reverse proxy will forward the NGINX requests to the Docker container through the correct port.
You will also note, that we have already referred to a SSL certificate through a path. The certificate that we will generate in the next step will be located at that path.
Certbot certificate
Generating a SSL certificate is also very easy with the following command:
certbot certonly --nginx -d cloud.example.com
Of course you will need to substitute the domain name with your own domain.
Activate NGINX
Activate NGINX:
systemctl enable --now nginx
Now link your NGINX config into the directory of enabled websites:
ln -s /etc/nginx/sites-avaiable/nextcloud-docker /etc/nginx/sites-enabled/
Reload NGINX:
systemctl reload nginx
Now you should be able to access your Nextcloud installation through your chosen domain name. You can now continue the Nextcloud setup through the web interface.
This is already it! Feel free to contact me if you have (critical) additions to this post.