Sign in Subscribe
docker

Deploy Nextcloud on your server

How to deploy nextcloud with docker compose and access it in https

2nistech

4 min read

Prerequisites

You will need to have a working docker environnement, fot that you can follow this post

Start with docker and docker compose
How to install docker and docker compose on Debian 12
2nis Tech World2nistech

Deploy Nextcloud with docker compose

Preparing the Docker Compose File

Create a Docker Compose file that defines the Nextcloud service and its dependencies. Open a text editor and create a new file named docker-compose.yml. Paste the following content into the file:

version: '3'
services:
  db:
    image: mariadb
    container_name: db
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - /PATH/LOCAL/STORAGE/nextcloud/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=A_STRONG_PASSWORD
      - MYSQL_PASSWORD=ANOTHER_STRONG_PASSWORD
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud

  redis:
    image: redis:alpine
    container_name: redis
    restart: always

  nextcloud:
    image: nextcloud
    container_name: nextcloud
    ports:
      - 8080:80
    environment:
      - MYSQL_PASSWORD=SAME_THAN_MYSQL_PASSWORD_FOR_THE_DB
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db
      - REDIS_HOST=redis
    volumes:
      - /PATH/LOCAL/STORAGE/nextcloud/www:/var/www/html
    restart: always

Make sure to replace  A_STRONG_PASSWORD and ANOTHER_STRONG_PASSWORD with secure passwords of your choice and also /PATH/LOCAL/STORAGE to a folder to store your nextcloud datas.

Save the file once  you've made the necessary changes.

Running Nextcloud with Docker Compose


Now that we have our Docker Compose file ready, let's proceed with running Nextcloud:

Run the following command to start the Nextcloud service:

docker-compose up -d

Once every container started you can access your nextcloud instance with http://your_server_ip:8080

You just need to the create the user login and password , click Install and you are good to go.

Configure Nextcloud to use HTTPS

Configure Swag

To access netxcloud using https the best way  is o to use a reverse proxy, like usual we will use swag as the reverse proxy, if you don't have swag installed you see how to do it here

Use the Swag docker container as reverse proxy
We are going to see how to use swag as an SSL reverse proxy for your dockers app.
2nis Tech World2nistech

Swag as a pre-configured file for Nextcloud, so go to the folder nginx/proxy-confs of your Swag installation folder and rename / copy the file nextcloud.subdomain.conf.sample to nextcloud.subdomain.conf

Edit the nextcloud.subdomain.conf file and replace the line

set $upstream_port 443;
with
set $upstream_port 80;

For a reason, the default configuration file for nextcloud use the port 443 instead of the  port 80.

Then edit the file nginx/ssl.conf and uncomment the lines

add_header Strict-Transport-Security "max-age=63072000" always;

add_header Referrer-Policy "same-origin" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;

Otherwise Nextcloud will give you errors during the security check.

Configure NextCloud

There is 2 way to configure SSL with nextcloud

On an already running nextcloud server

Edit the file /PATH/LOCAL/STORAGE/nextcloud/www/config/config.php and add the followings lines before the last )

  'trusted_proxies' => ['swag'],
  'overwriteprotocol' => 'https',

and also add your domain name as trused domain in the same file

  array (
    0 => '192.168.1.50:8080', # This line may look different on your setup, don't modify it.
    1 => 'nextcloud.your.domain',
  ),

Once it's done, save the file and restart your nextcloud container with docker compose restart nextcloud

You can now access your nextcloud server using https://nextcloud.your.domain

On a new docker deployement

You can directly deploy Nextcloud with SSL by adding the 3 followings  lines in your docker-compose.yml file

      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.your.domain
      - TRUSTED_PROXIES=swag
      - OVERWRITEPROTOCOL=https

Your docker-compose.ymlfile  should looks like this.

version: '3'
services:
  db:
    image: mariadb
    container_name: db
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - /PATH/LOCAL/STORAGE/nextcloud/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=A_STRONG_PASSWORD
      - MYSQL_PASSWORD=ANOTHER_STRONG_PASSWORD
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud

  redis:
    image: redis:alpine
    container_name: redis
    restart: always

  nextcloud:
    image: nextcloud
    container_name: nextcloud
    ports:
      - 8080:80
    environment:
      - MYSQL_PASSWORD=SAME_THAN_MYSQL_PASSWORD_FOR_THE_DB
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db
      - REDIS_HOST=redis
      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.your.domain
      - TRUSTED_PROXIES=swag
      - OVERWRITEPROTOCOL=https
    volumes:
      - /PATH/LOCAL/STORAGE/nextcloud/www:/var/www/html
    restart: always

Do a docker compose up -d to start your new deployement.

💡
You can't add those three lines on a already deployed seafile environnement, you will need to edit the /PATH/LOCAL/STORAGE/nextcloud/www/config/config.php if you want to modify / update it.

You can now access your nextcloud server using https://nextcloud.your.domain