[How-To] Nextcloud with Letsencrypt using OMV and docker-compose

  • Docker Container set up by this method can be managed by openmediavault-docker-gui, portainer or from CLI.


    Pre-requisites
    In order to be able to reach nextcloud from the internet you need an external IPv4 address and a hostname.
    Regarding external IPv4 address check you router or ask your internet service provider.
    To register a hostname you can use services like duckdns, selfhost.eu, strato.de or many others.
    Make sure to use strong passwords!!!


    Preparation

    • Install and fully update OMV4 or OMV5 (a restart might be needed if the kernel has been updated)
    • install omv-extras
    • for OMV4

      • enable docker-ce Repo in omv-extras
      • install openmediavault-docker-gui plugin
      • select suitable docker base path in Services > Docker > Setting (by default it is placed on the OS drive; in case of limited space on the OS drive it should be placed on a data drive)
      • enable docker plugin
      • install docker-compose from CLI apt install docker-compose
    • for OMV5

      • in OMV-extras | settings

        • select suitable "Docker Storage" path


        • install Docker and Portainer (you can install Cockpit instead of Portainer or also additionally)
    • create a user dedicated for docker in the GUI of OMV, let's call him "docker1"
    • in the CLI determine UID (user ID) and GID (group ID) of user "docker1" id docker1

    Installation of Nextcloud and Letsencrypt in Docker

    • forward ports in your router (check user manual of your router how to to this)

      • port extern 443 to port 444 intern (IP of your NAS)
      • port extern 80 to port 81 intern (IP of your NAS)
    • in CLI:

      • mkdir /home/docker1 create a folder for user docker1 in home directory
      • mkdir /home/docker1/nextcloud create a folder where we will put the docker-compose.yml file to setup nextcloud
      • cd /home/docker1/nextcloud change in that directory
      • nano docker-compose.yml create an empty file and start the editor
      • copy the content of the Source Code box below in the editor, edit the relevant entries and save the file with Ctrl+X and y; name must be "docker-compose.yml"

        • to copy the content of the Source Code box use the small icon in the top right corner of the box ("Copy Contents")
        • text after "#" are comments and indicate where you need to make adjustments to the file
        • PUID is the UID of your docker1 user; PGID is the GID of you docker1 user
        • it is not required that the folders ("appdata", "appdata/nextcloud" etc) in "volumes:" exist; they will be created when we run docker-compose











    • after you saved the file, run docker-compose up -d in the directory where the docker-compose.yml file is located; this will download the needed images and start the container


    • when finished, run docker logs -f letsencrypt and check for errors

    Configuration of proxy

    • cd /srv/dev-disk-by-label-disk1/appdata/letsencrypt/nginx/proxy-confs /srv/dev-disk-by-label-disk1 has to be adjusted
    • cp nextcloud.subfolder.conf.sample nextcloud.subfolder.conf this will copy the sample configuration file for nextcloud and removes the .sample so that the file will become active
    • nano /srv/dev-disk-by-label-disk1/appdata/nextcloud/config/www/nextcloud/config/config.php and insert the text from the box below at the end, but befor the ");" - change "your.url" to your domain
    Code
    'trusted_proxies' =>
    array (
    0 => 'letsencrypt',
    ),
    'overwritewebroot' => '/nextcloud',
    'overwrite.cli.url' => 'https://your.url/nextcloud',
    'trusted_domains' =>
    array (
    0 => 'your.url:443',
    ),
    • docker restart letsencrypt to restart the letsencrypt container
    • docker logs -f letsencrypt to check for errors
    • docker restart nextcloud

    Nextcloud can now be reached with https://your.url/nextcloud

    • on the welcome screen of nextcloud we need to configure the database
    • click on "Storage&Database"
    • select MySQL/MariaDB

      • Database user --> "root"
      • Database password --> password which has been specified in the docker-compose file with MYSQL_ROOT_PASSWORD
      • Database name --> "nextcloud"
      • localhost host --> "nextclouddb"

      then click "finish setup"




    Please note: the configuration of the proxy is highly dependent on how you set up your domain. For further details check the available documentation for letsencrypt. E.g.
    https://blog.linuxserver.io/20…domainreverseproxyexample
    https://hub.docker.com/r/linuxserver/letsencrypt


    Q&A for my HOWTO: forum.openmediavault.org/index…V-and-docker-compose-Q-A/

  • If you get a warning in Nextcloud regarding "Strict Transport-Security" do the following:


    in "yourconfigfolder/letsencrypt/nginx" open ssl.conf and remove the "#" in front of



    #add_headerStrict-Transport-Security "max-age=63072000; includeSubDomains;preload" always;



    docker restart letsencrypt

  • In case your certificate is not renewed automatically by letsencrypt:


    • open a ssh connection to OMV
    • docker exec -it letsencrypt /bin/bash to be able to execute commands within the container
    • certbot renew to renew the certificate
    • exit to leave the container

    Thanks to @emerenel

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!