Self-Hosted Cloud Environment (NextCloud)

In the following steps we are going to deploy a NextCloud instance on our docker server. NextCloud offers a large amount of self-hosted services in one and should become your most used service.

Here is a small list of what NextCloud will offer for our setup, and what similar popular service it should replace.

Features

File Storage/Sharing/Synchronization

  • OneDrive
  • Google Drive
  • Dropbox
  • Other file sharing, syncing, storage providers.

I would not use NextCloud as a bulk file storage server or primary file backup location for multiple machines. Some services like ElephantDrive, BackBlaze, Carbonite, and CrashPlan are built for massive storage of files for backup purposes.

Groupware (Calendar, Contacts, Tasks)

  • Gmail
  • Hotmail/Live/Outlook.com
  • Exchange
  • Other webmail providers

I have left email out of Groupware for the time being. NextCloud does not accept incoming SMTP mail, it is not an email server. There are web IMAP clients for NextCloud to access IMAP servers, but we will get into those later in the series.

Basic Note Taking

  • Evernote
  • OneNote
  • Tettra

The notes plugin for NextCloud allows basic notes with markdown, at the moment it does not support importing/inserting images or hand drawn notes. For simple text notes it is working great.

Password Management

  • Dashlane
  • 1Password
  • Keeper
  • LastPass

The passwords addon for NextCloud has been great. We keep all our passwords secured on a system we control and have a web interface built into NextCloud to manage the passwords along with browser plugins for Chrome, Firefox, and mobile clients.

Bookmark Storage/Synchronization

  • Xmarks
  • EverSync
  • Raindrop.io
  • Pocket

Basic bookmark syncing, for backup or just to have across multiple computers and devices. I am aware that some in the list above also offer other features but we just want to sync bookmarks at the moment.

Deploy NextCloud Docker Container

Lets begin by setting up our instance of NextCloud. We are going to continue from our base install of docker, portainer, and nginx proxy manager. So you can look back at those pages if you have not been following this series.

Start by logging into your Portainer install by visiting the public address of your VPS on port 9000.

http://ipaddress:9000/

Click “Containers” on the left and then “Add container” at the top row of buttons.

In the “Name” box I will give it the name of “nextcloud” and then for “Image” I will be using “nextcloud:latest”.

Under “Network ports configuration” we will click the “publish new network port” three times so we get three rows to add mappings for. Make it look like the following, as we have been increasing our host port in the previous articles we are now at 6082:

Host: 6082 -> Container: 80

Now at the bottom click on “Restart policy” and change it to “Always”.

Now skip over to “Volumes” and click the gray “map additional volume” button. Create the following mapping, and change the type on the right to “Bind”.

Container: /var/www/html -> Host: /media/nextcloud

Before we deploy this new container, we need to create that host directory. Open your SSH client and connect to your VPS. Then run the following commands:

username@vps-8734:~$ sudo -i
root@vps-8734:~# mkdir -p /media/nextcloud

Once you have the directory created, deploy the container using the blue “Deploy the container” button.

DNS Setup

We now need to create our subdomain and give NextCloud its own FQDN. Login to your DNS provider as we did in the previous article for setting up our self-hosted search engine under DNS Settings / Hostname.

Create a new “CNAME” record type and for the name put in “cloud” and the pointer or destination enter “docker.yourdomain.xyz” so you have similar to the following (taken from previous article):

Record: A
Hostname: docker
Domain: yourdomain.xyz

Record: CNAME
Hostname: cloud
Pointer/Dest: docker.yourdomain.xyz

When your “CNAME” record has been created, lets now move into our proxy manager. Visit your administrative interface for your nginx proxy manager instance that we setup in a previous article.

Once you are logged into the UI, click on “Hosts” at the top then “Proxy Hosts” in the drop down menu. Now click on the “Add Proxy Host” button in the top right.

For our domain name, this is the FQDN (Fully Qualified Domain Name) that the reverse proxy will listen for on incoming connections. Set this to “cloud.yourdomain.xyz”, leave the scheme as “http”, set the “Forward Hostname / IP” to “docker.yourdomain.xyz”, and set the forward port to “6082”. You can also set the slider for “Block Common Exploits” to enabled.

Click Save at the bottom right and the dialog will go away, and a new Proxy Host will appear in the list. Currently running as HTTP Only.

Getting your HTTPS Certificate and Verifying Traffic

This step will verify a few things and if all traffic is flowing correctly, give you a free SSL/TLS certificate from Lets’ Encrypt.

Click the three dots on the right of the entry for “cloud.yourdomain.xyz” and choose “Edit”. Click “SSL” on the top menu bar and select “Request a new SSL certificate” from the drop down. I also usually choose “Force SSL” and “HTTP/2 Support”. At the bottom verify the email is good (they use this in case the certificate is expiring and no renew has happened to inform you), and choose “I agree”.

Click the “Save” button and give it a little bit of time. If the dialog goes away without errors you have successfully pulled your first SSL certificate. If you got any errors, then you need to verify a few things.

  • Firewalls; Are you allowing ports 80 and 443 through your firewalls to the reverse proxy docker instance?
  • Are all your DNS records correct?
    • Verify your “A” record that points your hostname of “docker.yourdomain.xyz” to the public IP address of your docker server.
    • Verify your “CNAME” record points “cloud.yourdomain.xyz” to “docker.yourdomain.xyz”.

You can retry five times before you will be temp banned from Lets’ Encrypt for that FQDN and will need to wait an hour to try again. Don’t keep at it if it fails, check all your settings and give your DNS provider some time to public the changed records.

Some Tweaking

Switch back to your Portainer admin interface and click the check box next to your NextCloud instance. Click the red stop button at the top and wait until the container is stopped.

Then in your SSH session on the VPS host, change directory into the nextcloud config folder and edit the config.php file as such:

root@vps-8734:~# cd /media/nextcloud/config
root@vps-8734:~# nano config.php

Reviewing the file you should have an “array” named “trusted_domains” and one named “trusted_proxies”. Take a look at my sample below and modify your configuration to match, replacing anything you may have configured differently.

'passwordsalt' => '9YAY............',
'secret' => 'GZ............................',
'trusted_domains' =>
array (
  0 => 'cloud.yourdomain.xyz',
),
'trusted_proxies' =>
array (
  0 => '172.17.0.0/16',
),
'datadirectory' => '/var/www/html/data',
'version' => '23.0.3.2',
'overwrite.cli.url' => 'http://cloud.yourdomain.xyz',
'overwritehost' => 'cloud.yourdomain.xyz',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/',

You should verify your “trusted_proxies” array contains the same as above for your docker setup. You can do this by viewing the “Networks” page in Portainer and viewing the “IPV4 IPAM Subnet” for the “bridge” network.

Also check and replace/add the configuration values that start with “overwrite” in the code above.

When your done making these changes hit CTRL+O and then CTRL+X to save and close the file.

In Portainer go ahead and select the NextCloud container, then click “Start” at the top.

Does it work?

If everything is working, you should be able to open your browser and navigate to:

https://cloud.yourdomain.xyz

You should be presented with a simple NextCloud welcome page and setup. Since we are going with a single user system, you can leave this with using SQLite and continue to creating your user account.

In the next article we will install some plugins to NextCloud to extend the base feature set for Bookmarks, Passwords, Notes, and Tasks.

One thought on “Self-Hosted Cloud Environment (NextCloud)

Leave a Reply

Your email address will not be published.