How to Install Nextcloud with Docker

Nextcloud is an open-source software for creating and using your own cloud storage. It allows users to store data, synchronize it between devices, and share files through a user-friendly interface. This solution is ideal for those prioritizing privacy and security over public cloud services. Nextcloud offers a range of features, including file management, calendars, contacts, and integration with other services and applications.

When deploying Nextcloud, Docker provides a convenient and efficient way to install and manage the application. Docker uses containerization technology, simplifying deployment and configuration and ensuring scalability and portability. Combining Docker with Docker Compose allows you to automate and standardize the deployment process, making it accessible even to users with minimal technical expertise.

In this guide, we'll walk you through installing Nextcloud using Docker Compose, configuring Nginx as a reverse proxy, and obtaining an SSL certificate with Certbot to secure your connection.

Installing Docker and Docker Compose

Docker is a powerful tool for developers that makes deploying and running applications in containers easy. Docker Compose simplifies orchestration of multi-container applications using YAML configuration files, which streamline the setup and management of complex applications.

1. Download the installation script by running the command:

curl -fsSL https://get.docker.com -o get-docker.sh

This script automates the Docker installation process for various Linux distributions.

2. Run the installation script:

sudo sh ./get-docker.sh

This command installs both Docker and Docker Compose. You can add the --dry-run option to preview the actions without executing them.

3. After the script completes, verify that Docker and Docker Compose are installed correctly by using the following commands:

docker -v
docker compose version

These commands should display the installed versions, confirming successful installation.

Preparing to Install Nextcloud

Creating a Working Directory

In Linux, third-party applications are often installed in the /opt directory. Navigate to this directory with the command:

cd /opt

Create a folder named mynextcloud in the /opt directory, which will serve as the working directory for your Nextcloud instance:

mkdir mynextcloud

Configuring the docker-compose.yml File

After creating the directory, navigate into it:

cd mynextcloud

We will define the Docker Compose configuration in the docker-compose.yml file. To edit this file, use a text editor such as nano or vim:

nano docker-compose.yml

In the docker-compose.yml file, you should include the following content:

version: '2'

volumes:
  mynextcloud:
  db:

services:
  db:
    image: mariadb:10.6
    restart: unless-stopped
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=RootPass
      - MYSQL_PASSWORD=NextPass
      - MYSQL_DATABASE=nextclouddb
      - MYSQL_USER=nextclouduser

  app:
    image: nextcloud
    restart: unless-stopped
    ports:
      - 8081:80
    links:
      - db
    volumes:
      - mynextcloud:/var/www/html
    environment:
      - MYSQL_PASSWORD=NextPass
      - MYSQL_DATABASE=nextclouddb
      - MYSQL_USER=nextclouduser
      - MYSQL_HOST=db

Parameters in this file:

• version: '2': Specifies the version of Docker Compose being used. Version 2 is known for its simplicity and stability.

• volumes: Defines two named volumes: mynextcloud for app data and db for database storage.

• services:

• db:

• image: Uses the MariaDB 10.6 image.

• restart: Automatically restarts the service unless manually stopped.

• volumes: Binds the db volume to /var/lib/mysql in the container for persistent database storage.

• environment: Sets environment variables like passwords, database name, and user credentials.

• app:

• image: Uses the Nextcloud image.

• ports: Maps port 8081 on the host to port 80 inside the container, allowing access to Nextcloud through port 8081.

• links: Links the app container to the db container for database interaction.

• volumes: Binds the mynextcloud volume to /var/www/html for storing Nextcloud files.

• environment: Configures database-related environment variables, linking the Nextcloud app to the database.

This configuration sets up your application and database environment. Now, we can move on to launching and configuring Nextcloud.

Running and Configuring Nextcloud

Once the docker-compose.yml configuration is ready, you can start the project.

Run the following commands in the mynextcloud directory to download the necessary images and start the containers:

docker compose pull
docker compose up

The docker compose pull command will download the required Nextcloud and MariaDB images. The docker compose up command will launch the containers based on your configuration.

The initial setup may take a while. When it’s complete, you will see messages like:

nextcloud-app-1  | New nextcloud instance
nextcloud-app-1  | Initializing finished

After the initial configuration, you can access Nextcloud through your browser. Enter http://server-ip:8081 into the browser’s address bar.

You will be prompted to create an administrator account by providing your desired username and password.

During the initial configuration, you can also choose additional apps to install.

Stopping and Restarting Containers in Detached Mode

After verifying that Nextcloud is running correctly through the web interface, you can restart the containers in detached mode to keep them running in the background.

If the containers are still running in interactive mode (after executing docker compose up without the -d flag), stop them by pressing Ctrl+C in the terminal.

To restart the containers in detached mode, use the command:

docker compose up -d

The -d flag stands for "detached mode," which allows the containers to run in the background independently of your terminal session.

Now the containers are running in the background. If you have a domain ready, you can proceed with configuring the server as a reverse proxy.

Setting up Nginx as a Reverse Proxy

Installation

Nginx is often chosen as a reverse proxy due to its performance and flexibility. You can install it by running the command:

sudo apt install nginx

Configuring Nginx

Create a configuration file for your domain (e.g., nextcloud-test.com). Use a text editor to create the file in the /etc/nginx/sites-available directory:

sudo nano /etc/nginx/sites-available/nextcloud-test.com

Add the following directives to the file:

server {
    listen 80;
    server_name nextcloud-test.com;

    location / {
        proxy_pass http://localhost:8081;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
    }

    location ^~ /.well-known {
        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }
        location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation { try_files $uri $uri/ =404; }
        return 301 /index.php$request_uri;
    }
}

This configuration sets up the web server to proxy requests to Nextcloud running on port 8081, with headers for security and proxying.

Key Configuration Details

• Basic Configuration:

server {
    listen 80;
    server_name nextcloud-test.com;

    location / {
        proxy_pass http://localhost:8081;
        ...
    }
}

This block configures the server to listen on port 80 (standard HTTP) and handle requests directed to nextcloud-test.com. Requests are proxied to the Docker container running Nextcloud on port 8081.

• Proxy Settings:

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

These headers ensure that the original request information (like the client’s IP address and request protocol) is passed on to the application, which is important for proper functionality and security.

• HSTS (HTTP Strict Transport Security):

add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;

This header enforces security by instructing browsers only to use HTTPS when accessing your site for the next 180 days.

• Well-Known URI Settings:

location ^~ /.well-known {
    ...
}

This block handles special requests to .well-known URIs, used for service discovery (e.g., CalDAV, CardDAV) and domain ownership verification (e.g., for SSL certificates).

Enabling the Nginx Configuration

Create a symbolic link to the configuration file from the /etc/nginx/sites-enabled/ directory:

sudo ln -s /etc/nginx/sites-available/nextcloud-test.com /etc/nginx/sites-enabled/

Now restart Nginx to apply the new configuration:

sudo systemctl restart nginx

At this point, your web server is configured as a reverse proxy for the Nextcloud application, and you can access it via your domain (note that you might initially see an "Access through untrusted domain" error, which we’ll fix later).

Configuring SSL Certificates with Certbot

Installing Certbot

Certbot is a tool from the Electronic Frontier Foundation (EFF) used for obtaining and managing SSL certificates from Let's Encrypt. It automates the process, enhancing your website's security by encrypting the data exchanged between the server and its users. To install Certbot and the Nginx plugin, use the following command:

sudo apt install certbot python3-certbot-nginx

Obtaining and Installing the SSL Certificate

To obtain an SSL certificate for your domain and configure the web server to use it, run the command:

sudo certbot --non-interactive -m [email protected] --agree-tos --no-eff-email --nginx -d nextcloud-test.com

In this command:

• --non-interactive: Runs Certbot without interactive prompts.

• -m [email protected]: Specifies the admin email for notifications.

• --agree-tos: Automatically agrees to Let's Encrypt’s terms of service.

• --no-eff-email: Opts out of EFF-related emails.

• --nginx: Uses the Nginx plugin to automatically configure SSL.

• -d nextcloud-test.com: Specifies the domain for which the certificate is issued.

Certbot will automatically update the Nginx configuration to use the SSL certificate, including setting up HTTP-to-HTTPS redirection. After Certbot completes the process, restart Nginx to apply the changes:

sudo systemctl restart nginx

Now, your Nextcloud instance is secured with an SSL certificate, and all communication between the server and clients will be encrypted.

Fixing the "Access through Untrusted Domain" Error

When accessing Nextcloud through your domain, you may encounter an "Access through untrusted domain" error. This occurs because the initial configuration was done using the server’s IP address.

Since our application is running inside a container, you can either use docker exec or modify the Docker volume directly. We’ll use the latter method since we created Docker volumes earlier in the docker-compose.yml file.

1. First, list your Docker volumes:

docker volume ls

Find the volume named mynextcloud_mynextcloud.

2. To access the volume, run:

docker volume inspect mynextcloud_mynextcloud

Look for the Mountpoint value to find the path to the volume.

3. Change to that directory:

cd /var/lib/docker/volumes/mynextcloud_mynextcloud/_data

4. Navigate to the config directory and open the config.php file for editing:

cd config
nano config.php

5. In the file, update the following lines:

• Change overwrite.cli.url from http://server_ip:8081 to https://your_domain.

• In the trusted_domains section, replace server_ip:8081 with your domain.

• Add the line 'overwriteprotocol' => 'https' after overwrite.cli.url to ensure all resources load via HTTPS.

6. Save the changes (in Nano, use Ctrl+O, then Ctrl+X to exit).

After saving the changes in config.php, you should be able to access the application through your domain without encountering the "untrusted domain" error.

Conclusion

Following these steps, you’ll have a fully functional, secure Nextcloud instance running in a containerized environment.