[How-To] Nextcloud with Letsencrypt using OMV and docker-compose

  • Docker Container set up by this method can be managed by openmediavault-docker-gui, portainer or from CLI.


    Pre-requisites
    In order to be able to reach nextcloud from the internet you need an external IPv4 address and a hostname.
    Regarding external IPv4 address check you router or ask your internet service provider.
    To register a hostname you can use services like duckdns, selfhost.eu, strato.de or many others.
    Make sure to use strong passwords!!!


    Preparation

    • Install and fully update OMV4 or OMV5 (a restart might be needed if the kernel has been updated)
    • install omv-extras
    • for OMV4



      • enable docker-ce Repo in omv-extras
      • install openmediavault-docker-gui plugin
      • select suitable docker base path in Services > Docker > Setting (by default it is placed on the OS drive; in case of limited space on the OS drive it should be placed on a data drive)
      • enable docker plugin
      • install docker-compose from CLI apt install docker-compose
    • for OMV5



      • in OMV-extras | settings



        • select suitable "Docker Storage" path


        • install Docker and Portainer (you can install Cockpit instead of Portainer or also additionally)
    • create a user dedicated for docker in the GUI of OMV, let's call him "docker1"
    • in the CLI determine UID (user ID) and GID (group ID) of user "docker1" id docker1

    Installation of Nextcloud and Letsencrypt in Docker

    • forward ports in your router (check user manual of your router how to to this)



      • port extern 443 to port 444 intern (IP of your NAS)
      • port extern 80 to port 81 intern (IP of your NAS)
    • in CLI:



      • mkdir /home/docker1 create a folder for user docker1 in home directory
      • mkdir /home/docker1/nextcloud create a folder where we will put the docker-compose.yml file to setup nextcloud
      • cd /home/docker1/nextcloud change in that directory
      • nano docker-compose.yml create an empty file and start the editor
      • copy the content of the Source Code box below in the editor, edit the relevant entries and save the file with Ctrl+X and y; name must be "docker-compose.yml"



        • to copy the content of the Source Code box use the small icon in the top right corner of the box ("Copy Contents")
        • text after "#" are comments and indicate where you need to make adjustments to the file
        • PUID is the UID of your docker1 user; PGID is the GID of you docker1 user
        • it is not required that the folders ("appdata", "appdata/nextcloud" etc) in "volumes:" exist; they will be created when we run docker-compose











    • after you saved the file, run docker-compose up -d in the directory where the docker-compose.yml file is located; this will download the needed images and start the container


    • when finished, run docker logs -f letsencrypt and check for errors

    Configuration of proxy

    • cd /srv/dev-disk-by-label-disk1/appdata/letsencrypt/nginx/proxy-confs /srv/dev-disk-by-label-disk1 has to be adjusted
    • cp nextcloud.subfolder.conf.sample nextcloud.subfolder.conf this will copy the sample configuration file for nextcloud and removes the .sample so that the file will become active
    • nano /srv/dev-disk-by-label-disk1/appdata/nextcloud/config/www/nextcloud/config/config.php and insert the text from the box below at the end, but befor the ");" - change "your.url" to your domain
    Code
    'trusted_proxies' =>
    array (
    0 => 'letsencrypt',
    ),
    'overwritewebroot' => '/nextcloud',
    'overwrite.cli.url' => 'https://your.url/nextcloud',
    'trusted_domains' =>
    array (
    0 => 'your.url:443',
    ),
    • docker restart letsencrypt to restart the letsencrypt container
    • docker logs -f letsencrypt to check for errors
    • docker restart nextcloud

    Nextcloud can now be reached with https://your.url/nextcloud

    • on the welcome screen of nextcloud (see picture below) we need to configure the database
    • click on "Storage&Database"
    • select MySQL/MariaDB



      • Database user --> "root"
      • Database password --> password which has been specified in the docker-compose file with MYSQL_ROOT_PASSWORD
      • Database name --> "nextcloud"
      • localhost host --> "nextclouddb"

      then click "finish setup"




    Please note: the configuration of the proxy is highly dependent on how you set up your domain. For further details check the available documentation for letsencrypt. E.g.
    https://blog.linuxserver.io/20…domainreverseproxyexample
    https://hub.docker.com/r/linuxserver/letsencrypt


    Trouble shooting letsencrypt image and port forwarding:

    https://blog.linuxserver.io/20…t-mapping-and-forwarding/


    SWAG as replacement of letsencrypt

    https://blog.linuxserver.io/2020/08/21/introducing-swag/

    https://docs.linuxserver.io/general/swag


    Q&A for my HOWTO: forum.openmediavault.org/index…V-and-docker-compose-Q-A/

  • If you get a warning in Nextcloud regarding "Strict Transport-Security" do the following:


    in "yourconfigfolder/letsencrypt/nginx" open ssl.conf and remove the "#" in front of



    #add_headerStrict-Transport-Security "max-age=63072000; includeSubDomains;preload" always;



    docker restart letsencrypt

  • In case your certificate is not renewed automatically by letsencrypt:


    • open a ssh connection to OMV
    • docker exec -it letsencrypt /bin/bash to be able to execute commands within the container
    • certbot renew to renew the certificate
    • exit to leave the container

    Thanks to @emerenel

  • Some further comments and hints from wiegell


    1) If people are having trouble with HDD spinups, it turns out, that the cronjob file in the linuxserver/nextcloud image has only recently been made editable. It's required to recreate the container from a newer image, if one want's to edit this file and change nextcloud settings to AJAX.


    2) If anyone should have webdav issues (airplay in my case), HTTP2 might be the problem.


    3) I got "server reached pm.max_children" errors from the php log, which were solved by increasing the max_children in a similar fashion to what's being explained here. I would add, that it can be good to check with "top" (while doing demanding work), that the increase in threads doesn't start using memory cache, which in my case is on a slow SD card. In general this has sped up cpu/memory intensive tasks e.g. creation of thumbnails.


    Thanks to wiegell

  • If you want to speed up Nextcloud as suggested by monsen in this post: nextcloud fast video feedback

    Quote

    Furthermore i would suggest to add redis to the installation to speed up nextcloud.

    This can be done by adding the following to the stack script:

    Code

    Code
    redis:
    image: redis
    container_name: redis
    hostname: redis
    volumes:
    - /srv/dev-disk-by-label-SSD_Data/appdata/redisDocker:/data #--> needs to be changed to your config
    restart: unless-stopped


    The nextcloud config (.../www/nextcloud/config/config.php) must be adapted to use redis as described here: https://docs.nextcloud.com/ser…aching_configuration.html


    add this:

    Code
    'memcache.local' => '\\OC\\Memcache\\APCu',
    'memcache.distributed' => '\\OC\\Memcache\\Redis',
    'redis' =>
    array (
    'host' => 'redis',
    'port' => 6379,
    ),

    Don't forget to restart the nextcloud container after the change of config-php has been saved.;)


    Thanks to monsen and riff-raff

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!