Deploy Nextcloud on your server
How to deploy nextcloud with docker compose and access it in https
Prerequisites
You will need to have a working docker environnement, fot that you can follow this post
Deploy Nextcloud with docker compose
Preparing the Docker Compose File
Create a Docker Compose file that defines the Nextcloud service and its dependencies. Open a text editor and create a new file named docker-compose.yml
. Paste the following content into the file:
version: '3'
services:
db:
image: mariadb
container_name: db
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
- /PATH/LOCAL/STORAGE/nextcloud/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=A_STRONG_PASSWORD
- MYSQL_PASSWORD=ANOTHER_STRONG_PASSWORD
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
redis:
image: redis:alpine
container_name: redis
restart: always
nextcloud:
image: nextcloud
container_name: nextcloud
ports:
- 8080:80
environment:
- MYSQL_PASSWORD=SAME_THAN_MYSQL_PASSWORD_FOR_THE_DB
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db
- REDIS_HOST=redis
volumes:
- /PATH/LOCAL/STORAGE/nextcloud/www:/var/www/html
restart: always
Make sure to replace A_STRONG_PASSWORD
and ANOTHER_STRONG_PASSWORD
with secure passwords of your choice and also /PATH/LOCAL/STORAGE
to a folder to store your nextcloud datas.
Save the file once you've made the necessary changes.
Running Nextcloud with Docker Compose
Now that we have our Docker Compose file ready, let's proceed with running Nextcloud:
Run the following command to start the Nextcloud service:
docker-compose up -d
Once every container started you can access your nextcloud instance with http://your_server_ip:8080
You just need to the create the user login and password , click Install and you are good to go.
Configure Nextcloud to use HTTPS
Configure Swag
To access netxcloud using https the best way is o to use a reverse proxy, like usual we will use swag as the reverse proxy, if you don't have swag installed you see how to do it here
Swag as a pre-configured file for Nextcloud, so go to the folder nginx/proxy-confs
of your Swag installation folder and rename / copy the file nextcloud.subdomain.conf.sample
to nextcloud.subdomain.conf
Edit the nextcloud.subdomain.conf
file and replace the line
set $upstream_port 443;
with
set $upstream_port 80;
For a reason, the default configuration file for nextcloud use the port 443 instead of the port 80.
Then edit the file nginx/ssl.conf
and uncomment the lines
add_header Strict-Transport-Security "max-age=63072000" always;
add_header Referrer-Policy "same-origin" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
Otherwise Nextcloud will give you errors during the security check.
Configure NextCloud
There is 2 way to configure SSL with nextcloud
On an already running nextcloud server
Edit the file /PATH/LOCAL/STORAGE/nextcloud/www/config/config.php
and add the followings lines before the last )
'trusted_proxies' => ['swag'],
'overwriteprotocol' => 'https',
and also add your domain name as trused domain in the same file
array (
0 => '192.168.1.50:8080', # This line may look different on your setup, don't modify it.
1 => 'nextcloud.your.domain',
),
Once it's done, save the file and restart your nextcloud container with docker compose restart nextcloud
You can now access your nextcloud server using https://nextcloud.your.domain
On a new docker deployement
You can directly deploy Nextcloud with SSL by adding the 3 followings lines in your docker-compose.yml
file
- NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.your.domain
- TRUSTED_PROXIES=swag
- OVERWRITEPROTOCOL=https
Your docker-compose.yml
file should looks like this.
version: '3'
services:
db:
image: mariadb
container_name: db
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
- /PATH/LOCAL/STORAGE/nextcloud/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=A_STRONG_PASSWORD
- MYSQL_PASSWORD=ANOTHER_STRONG_PASSWORD
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
redis:
image: redis:alpine
container_name: redis
restart: always
nextcloud:
image: nextcloud
container_name: nextcloud
ports:
- 8080:80
environment:
- MYSQL_PASSWORD=SAME_THAN_MYSQL_PASSWORD_FOR_THE_DB
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db
- REDIS_HOST=redis
- NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.your.domain
- TRUSTED_PROXIES=swag
- OVERWRITEPROTOCOL=https
volumes:
- /PATH/LOCAL/STORAGE/nextcloud/www:/var/www/html
restart: always
Do a docker compose up -d
to start your new deployement.
/PATH/LOCAL/STORAGE/nextcloud/www/config/config.php
if you want to modify / update it.You can now access your nextcloud server using https://nextcloud.your.domain