Setting up Nextcloud

Introduction

This tutorial will explain how to set up a Nextcloud server with Docker.

Environment

Hardware amd64 VPS
OS Debian 10 Buster

Dependencies

  1. Docker
  2. docker-compose
  3. Internet Domain

Step by Step Instructions

1. Add DNS entry to your domain.

A domain of your choice needs to point to the address of your server.

2. Change to root user

sudo -s

3. Installation of additional Dependencies

apt update
apt install -y certbot nginx

4. Create nextcloud user and add persistence

useradd --system --create-home --shell /bin/bash --password <your-password-here> nextcloud
mkdir /home/nextcloud/nextcloud /home/nextcloud/apps /home/nextcloud/config /home/nextcloud/data /home/nextcloud/theme
chown -R nextcloud:nextcloud /home/nextcloud/nextcloud /home/nextcloud/apps /home/nextcloud/config /home/nextcloud/data /home/nextcloud/theme

5. Configure NGINX server

Create and open vhost file:

nano /etc/nginx/sites-available/nextcloud.domain.tld.vhost

Paste the following configuration into the file:

server {
  listen 80;
  server_name nextcloud.domain.tld;
  client_max_body_size 0;

  if ($host != "nextcloud.domain.tld") {
        return 444;
  }

  location ~* {
    proxy_pass http://127.0.0.1:8080;
    proxy_redirect default;
    proxy_set_header Host      $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  }

  location ~ /.well-known/acme-challenge/ {
    allow all;
  }

}

Activate vhost file:

ln -s /etc/nginx/sites-available/nextcloud.domain.tld.vhost /etc/nginx/sites-enabled/nextcloud.domain.tld.vhost

Restart NGINX:

systemctl restart nginx

6. Create Let's Encrypt certificate for nextcloud.domain.tld

https://certbot.eff.org/lets-encrypt/debianbuster-nginx

Restart NGINX:

systemctl restart nginx

7. Run server

Create and open docker-compose.yaml:

cd /home/nextcloud
nano docker-compose.yaml

Paste the following configuration into the file:

version: '3.3'

services:
  nextcloud_db:
    image: postgres
    container_name: nextcloud_db
    command: --transaction-isolation="read committed"
    restart: unless-stopped
    volumes:
      - /home/nextcloud/db:/var/lib/postgresql/data
    environment:
      - 'POSTGRES_DB=nextcloud'
      - 'POSTGRES_USER=nextcloud'
      - 'POSTGRES_PASSWORD=your-database-password'

  nextcloud:
    image: nextcloud:22.1.1 # Change, if newer version is available -> https://hub.docker.com/_/nextcloud/
    container_name: nextcloud
    ports:
      - 8080:80
    links:
      - db
    volumes:
      - /home/nextcloud/nextcloud:/var/www/html
      - /home/nextcloud/apps:/var/www/html/custom_apps
      - /home/nextcloud/config:/var/www/html/config
      - /home/nextcloud/data:/var/www/html/data
      #- /home/nextcloud/theme:/var/www/html/themes/<YOUR_CUSTOM_THEME>
    environment:
      - 'POSTGRES_HOST=db'
      - 'POSTGRES_DB=nextcloud'
      - 'POSTGRES_USER=nextcloud'
      - 'POSTGRES_PASSWORD=your-database-password'
      - 'NEXTCLOUD_ADMIN_USER=your-nextcloud-admin-username'
      - 'NEXTCLOUD_ADMIN_PASSWORD=your-nextcloud-admin-password'
      - 'NEXTCLOUD_TRUSTED_DOMAINS=https://nextcloud.domain.tld nextcloud.domain.tld domain.tld'
    restart: unless-stopped
    depends_on:
      - db
    
  cron:
    image: nextcloud
    container_name: nextcloud_cron
    restart: always
    volumes:
      - ./nextcloud:/var/www/html
      - ./apps:/var/www/html/custom_apps
      - ./config:/var/www/html/config
      #- /data/nx/data:/var/www/html/data
      - ./data:/var/www/html/data
      #- theme:/var/www/html/themes/<YOUR_CUSTOM_THEME>
    entrypoint: /cron.sh
    depends_on:
      - db

Run server temporarily:

docker-compose up -d && docker-compose down

Adjust config.php file:

nano config/config.php

Change the following lines:

'overwrite.cli.url' => 'https://localhost',
'overwriteprotocol' => 'https',

Keep things as they are, but change http to https.

So, for example, if the config was like this before:

'overwrite.cli.url' => 'http://localhost',
'overwriteprotocol' => 'http',

You change the above to this:

'overwrite.cli.url' => 'https://localhost',
'overwriteprotocol' => 'https',

It is likely that the overwriteprotocol key is missing entirely. If that is the case, just add it, as shown above.

Now, actually run the server:

docker-compose up -d

8. Set up server

Visit your website: https://nextcloud.domain.tld

Follow the on-screen instructions.

9. Adjust background jobs

Go to Settings -> Administration -> Basic settings -> Background jobs.

Select "Cron".

 

Upgrade Nextcloud

0. You can only upgrade from one major version to another. I.e. only from 19.0.0 to 20.0.0 or 20.0.0 to 21.0.0!

1. Take a backup before upgrading!

Make sure sure, you have enough diskspace available, before beginning the backup operation.

cd /home/nx
tar -czf nextcloud-22.1.1_20210909.tar.gz .

2. Adjust the Nextcloud image version to the newest one.

a. Open docker-compose.yaml.

b. Go to the line starting with "image: nextcloud".

c. Change the Docker image's version. Example: Change Docker image tag from nextcloud:22.1.1 to nextcloud:23.1.13.

3. Start the Docker composition and wait for the upgrade to finish.

docker-compose down && docker-compose up -d && docker logs -f nextcloud

When the upgrade has finished, the logs will stop showing upgrade messages and show the web server logs again. To test, if the upgrade has really successfully finished, visit your Nextcloud website. If it is running fine, the upgrade has definitely finished.

4. Apply the advanced upgrade tasks that may take longer than a minimal upgrade.

Some things are not upgraded by default, because it could take a long time. So, before applying the following instructions, you should make sure you have enough time for Nextcloud to upgrade them.

docker exec -it nextcloud bash
su www-data -s /bin/bash -mc '/var/www/html/occ db:add-missing-indices'
su www-data -s /bin/bash -mc '/var/www/html/occ db:add-missing-primary-keys'
su www-data -s /bin/bash -mc '/var/www/html/occ db:add-missing-columns'
su www-data -s /bin/bash -mc '/var/www/html/occ db:convert-filecache-bigint'

Output should look like this:

Check indices of the share table.
Check indices of the filecache table.
Adding additional size index to the filecache table, this can take some time...
Filecache table updated successfully.
Check indices of the twofactor_providers table.
Check indices of the login_flow_v2 table.
Check indices of the whats_new table.
Check indices of the cards table.
Adding cards_abiduri index to the cards table, this can take some time...
cards table updated successfully.
Check indices of the cards_properties table.
Check indices of the calendarobjects_props table.
Adding calendarobject_calid_index index to the calendarobjects_props table, this can take some time..
calendarobjects_props table updated successfully.
Check indices of the schedulingobjects table.
Adding schedulobj_principuri_index index to the schedulingobjects table, this can take some time...
schedulingobjects table updated successfully.
Check indices of the oc_properties table.
Adding properties_path_index index to the oc_properties table, this can take some time...
oc_properties table updated successfully.
#########################################
Check primary keys.
Adding primary key to the federated_reshares table, this can take some time...
federated_reshares table updated successfully.
Adding primary key to the systemtag_object_mapping table, this can take some time...
systemtag_object_mapping table updated successfully.
Adding primary key to the comments_read_markers table, this can take some time...
comments_read_markers table updated successfully.
Adding primary key to the collres_resources table, this can take some time...
collres_resources table updated successfully.
Adding primary key to the collres_accesscache table, this can take some time...
collres_accesscache table updated successfully.
Adding primary key to the filecache_extended table, this can take some time...
filecache_extended table updated successfully.
#########################################
Check columns of the comments table.
Adding additional reference_id column to the comments table, this can take some time...
Comments table updated successfully.
#########################################
Following columns will be updated:

* federated_reshares.share_id
* files_trash.auto_id
* mounts.storage_id
* mounts.root_id
* mounts.mount_id
* share_external.id
* share_external.parent

This can take up to hours, depending on the number of files in your instance!
Continue with the conversion (y/n)? [n] y

Sources