[How-To] Nextcloud with Letsencrypt using OMV and docker-compose

    • 3rd-party
    • [How-To] Nextcloud with Letsencrypt using OMV and docker-compose

      Docker Container set up by this method can be managed by openmediavault-docker-gui, portainer or from CLI.


      Pre-requisites
      In order to be able to reach nextcloud from the internet you need an external IPv4 address and a hostname.
      Regarding external IPv4 address check you router or ask your internet service provider.
      To register a hostname you can use services like duckdns, selfhost.eu, strato.de or many others.
      Make sure to use strong passwords!!!

      Preparation

      • Install and fully update OMV4 or OMV5 (a restart might be needed if the kernel has been updated)
      • install omv-extras
      • for OMV4
        • enable docker-ce Repo in omv-extras
        • install openmediavault-docker-gui plugin
        • select suitable docker base path in Services > Docker > Setting (by default it is placed on the OS drive; in case of limited space on the OS drive it should be placed on a data drive)
        • enable docker plugin
        • install docker-compose from CLI apt install docker-compose
      • for OMV5
        • in OMV-extras | settings
          • select suitable "Docker Storage" path

          • install Docker and Portainer (you can install Cockpit instead of Portainer or also additionally)
      • create a user dedicated for docker in the GUI of OMV, let's call him "docker1"
      • in the CLI determine UID (user ID) and GID (group ID) of user "docker1" id docker1
      Installation of Nextcloud and Letsencrypt in Docker
      • forward ports in your router (check user manual of your router how to to this)
        • port extern 443 to port 444 intern (IP of your NAS)
        • port extern 80 to port 81 intern (IP of your NAS)
      • in CLI:
        • mkdir /home/docker1 create a folder for user docker1 in home directory
        • mkdir /home/docker1/nextcloud create a folder where we will put the docker-compose.yml file to setup nextcloud
        • cd /home/docker1/nextcloud change in that directory
        • nano docker-compose.yml create an empty file and start the editor
        • copy the content of the Source Code box below in the editor, edit the relevant entries and save the file with Ctrl+X and y; name must be "docker-compose.yml"
          • to copy the content of the Source Code box use the small icon in the top right corner of the box ("Copy Contents")
          • text after "#" are comments and indicate where you need to make adjustments to the file
          • PUID is the UID of your docker1 user; PGID is the GID of you docker1 user
          • it is not required that the folders ("appdata", "appdata/nextcloud" etc) in "volumes:" exist; they will be created when we run docker-compose











      Source Code

      1. version: "2"
      2. services:
      3. nextcloud:
      4. image: linuxserver/nextcloud
      5. container_name: nextcloud
      6. environment:
      7. - PUID=1000 #change PUID if needed
      8. - PGID=100 #change PGID if needed
      9. - TZ=Europe/Berlin #change Time Zone if needed
      10. volumes:
      11. - /srv/dev-disk-by-label-disk1/appdata/nextcloud/config:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted
      12. - /srv/dev-disk-by-label-disk1/appdata/nextcloud/data:/data #/srv/dev-disk-by-label-disk1 needs to be adjusted
      13. depends_on:
      14. - mariadb
      15. # ports: # uncomment this and the next line if you want to bypass the proxy
      16. # - 450:443
      17. restart: unless-stopped
      18. mariadb:
      19. image: linuxserver/mariadb
      20. container_name: nextclouddb
      21. environment:
      22. - PUID=1000 #change PUID if needed
      23. - PGID=100 #change PGID if needed
      24. - MYSQL_ROOT_PASSWORD=mariadbpassword #change password
      25. - TZ=Europe/Berlin #Change Time Zone if needed
      26. volumes:
      27. - /srv/dev-disk-by-label-disk1/appdata/nextclouddb:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted
      28. restart: unless-stopped
      29. letsencrypt:
      30. image: linuxserver/letsencrypt
      31. container_name: letsencrypt
      32. cap_add:
      33. - NET_ADMIN
      34. environment:
      35. - PUID=1000 #change PUID if needed
      36. - PGID=100 #change PGID if needed
      37. - TZ=Europe/Berlin # change Time Zone if needed
      38. - URL=xxxx.de #insert your domain name - yourdomain.url
      39. - SUBDOMAINS=www,
      40. - VALIDATION=http
      41. - EMAIL=xxx.yyy@provider.com # define email; required to renew certificate
      42. volumes:
      43. - /srv/dev-disk-by-label-disk1/appdata/letsencrypt:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted
      44. ports:
      45. - 444:443
      46. - 81:80
      47. restart: unless-stopped
      Display All
      • after you saved the file, run docker-compose up -d in the directory where the docker-compose.yml file is located; this will download the needed images and start the container

      • when finished, run docker logs -f letsencrypt and check for errors
      Configuration of proxy
      • cd /srv/dev-disk-by-label-disk1/appdata/letsencrypt/nginx/proxy-confs /srv/dev-disk-by-label-disk1 has to be adjusted
      • cp nextcloud.subfolder.conf.sample nextcloud.subfolder.conf this will copy the sample configuration file for nextcloud and removes the .sample so that the file will become active
      • nano /srv/dev-disk-by-label-disk1/appdata/nextcloud/config/www/nextcloud/config/config.php and insert the text from the box below at the end, but befor the ");" - change "your.url" to your domain

      Source Code

      1. 'trusted_proxies' =>
      2. array (
      3. 0 => 'letsencrypt',
      4. ),
      5. 'overwritewebroot' => '/nextcloud',
      6. 'overwrite.cli.url' => 'https://your.url/nextcloud',
      7. 'trusted_domains' =>
      8. array (
      9. 0 => 'your.url:443',
      10. ),
      • docker restart letsencrypt to restart the letsencrypt container
      • docker logs -f letsencrypt to check for errors
      • docker restart nextcloud
      Nextcloud can now be reached with https://your.url/nextcloud
      • on the welcome screen of nextcloud we need to configure the database
      • click on "Storage&Database"
      • select MySQL/MariaDB
        • Database user --> "root"
        • Database password --> password which has been specified in the docker-compose file with MYSQL_ROOT_PASSWORD
        • Database name --> "nextcloud"
        • localhost host --> "nextclouddb"
        then click "finish setup"




      Please note: the configuration of the proxy is highly dependent on how you set up your domain. For further details check the available documentation for letsencrypt. E.g.
      blog.linuxserver.io/2019/04/25…domainreverseproxyexample
      hub.docker.com/r/linuxserver/letsencrypt

      Q&A for my HOWTO: forum.openmediavault.org/index…V-and-docker-compose-Q-A/
      Odroid HC2 - armbian - OMV5.x | Asrock Q1900DC-ITX - Intenso SSD 120GB - OMV5.x
      :!: Backup - Solutions to common problems - OMV setup videos - OMV5 Documentation - user guide :!:

      The post was edited 11 times, last by macom: corrected "depends on" (mariadb); put the correct names of the fields on the Welcome page of Nextcloud to specify the MySQL/MariaDB added Q&A link removed exposed ports of nextcloud as not needed ().

    • If you want to use duckdns:

      Nextcloud with Letsencrypt using errorOMV and docker-compose - Q&A

      Without the symlink part at the beginning.

      Thanks to @Morlan also for this.
      Odroid HC2 - armbian - OMV5.x | Asrock Q1900DC-ITX - Intenso SSD 120GB - OMV5.x
      :!: Backup - Solutions to common problems - OMV setup videos - OMV5 Documentation - user guide :!:

      The post was edited 1 time, last by macom ().

    • If you get a warning in Nextcloud regarding "Strict Transport-Security" do the following:

      in "yourconfigfolder/letsencrypt/nginx" open ssl.conf and remove the "#" in front of


      #add_headerStrict-Transport-Security "max-age=63072000; includeSubDomains;preload" always;


      docker restart letsencrypt
      Odroid HC2 - armbian - OMV5.x | Asrock Q1900DC-ITX - Intenso SSD 120GB - OMV5.x
      :!: Backup - Solutions to common problems - OMV setup videos - OMV5 Documentation - user guide :!:
    • In case your certificate is not renewed automatically by letsencrypt:

      • open a ssh connection to OMV
      • docker exec -it letsencrypt /bin/bash to be able to execute commands within the container
      • certbot renew to renew the certificate
      • exit to leave the container
      Thanks to @emerenel
      Odroid HC2 - armbian - OMV5.x | Asrock Q1900DC-ITX - Intenso SSD 120GB - OMV5.x
      :!: Backup - Solutions to common problems - OMV setup videos - OMV5 Documentation - user guide :!: