This boilerplate focuses on providing a simple way to run nextcloud on docker with SSL.
- It includes: postgres 13 and redis for production setups.
- It includes SSL support via LetsEncrypt using Traefik (either via http or dns challenge).
It should be production ready. Setup time: 1 minute
cp .env_exmple .env
If you are just trying out, you can already run ./start.sh
and access via https://mynextcloud.lan
You will have issues with logging redirects, please continue to Finalize/Hardening
.
Adjust all the passwords
(generate those) and the DOMAIN
to your likings
vi .env
DB_PW=somepassword
REDIS_PW=somepassword12
DOMAIN=mynextcloud.lan
Now you can run it already (or jump to ssl DNS if you need DNS bases challenged below)
docker-compose up
# or
./start.sh
That's it - now connect to https://mynextcloud.lan
or whatever you picked as the domain.
You will have issues with logging redirects, please continue to Finalize/Hardening
.
Most of the things like sts
we already could fix using traefik label annotations. But there are additional things
to be fixed, which just take a couple of minutes.
Nextcloud does require to define what ip your trusted proxy has. This needs to be fixed via the configuration
docker-compose exec app bash
apt update
apt install -y vim
vim /var/www/htmlconfig/config.php
Now add this statement
'trusted_proxies' => array ("traefik"),
One last thing is we need to override the proxy-auto-configuration since Nextcloud is not able to detect it see here for more informations
So add this 2 lines while using your configured domain, again /var/www/htmlconfig/config.php
'overwriteprotocol' => 'https',
'overwritehost' => 'mynextcloud.lan',
In /var/www/htmlconfig/config.php
adjust overwrite.cli.url
and fix the protocol from http
to https
.
To be able to run nextcloud behind SSL using LetsEncrypt without any big effort, you can use the traefik
integration.
The default configuration is already using
COMPOSE_FILE=docker-compose.yml:docker-compose-traefik-http.yml
Now you can already connect using https://nextcloud.tld
and in addition requests to http://nextcloud.tld
are already
redirected to https://nextcloud.tld
automatically. Neat
Or for the DNS-01 variant you will need to add another 2 variables (this example is for cloudflare)
vim .env
# this is needed to enable the extra traefik service
COMPOSE_FILE=docker-compose.yml:docker-compose-traefik-dns.yml
TRAEFIK_ACME_CHALLENGE_DNS_PROVIDER=cloudflare
TRAEFIK_ACME_CHALLENGE_DNS_CREDENTIALS=CF_DNS_API_TOKEN=<YOURTOKEN>
docker-compose up
You nextcloud data is on the volume data
The database is located in the named volume db
Ensure you set the VERSION in your .env
file to something that is at most one major version away from your current. Then update one by one using ./occ upgrade
just run to pull and star the new images
./update.sh
docker-compose exec -u www-data app
cd /var/www/html
./occ upgrade