How Should I Setup HTTPS/SSL

Ryu945 · December 8, 2018, 10:42pm

I setup NextCloud in Dockers using the default NextCloud image and MariaDB image. I have firewall rules set correctly. I am currently looking into how to setup a HTTPS/SSL. I am thinking I should go with Let’s Encrypt. I have seen some articles go into using NGINX. I have seen others say it sets it up on the NextCloud container itself. How should I set this up?

Reiner_Nippes · December 8, 2018, 11:43pm

there are some solutions. -> google: docker & letsencrypt.
you’ll find container that will get the certificates for you. and then you have to map the certificate folder from that container to your web server container. and change the web server config to use https.

another solution is using traefik.io
e.g. https://github.com/pagnotta/treafik_nxtcloud

mike0 · December 9, 2018, 6:35am

nextcloud docker image uses apache2 webserver you can access container cli with
docker exec -it container_name /bin/bash - than you just configure the apache2 webserver.
you have to enable ssl mod and configure sites available for http rewrite to https and store your certs in a docker volume that is mapped to a location inside container.
Then use docker certbot with --standalone option with port 80 open to verify domain and have drop certs into volume mapped to container.
Or like Nippes said use a reverse proxy traefik/nginx to do all of the above.

It would be cool if nextcloud had a https setup script available inside container that would ask for your domain, ask for ssl settings, enable sslmod, create rewrite rules, enable site, create folder for certs.
Then all people would need to learn would be certbot standalone with volume mapped to “folder premade for certs”.

Reiner_Nippes · December 9, 2018, 5:45pm

but be aware that you would have to do this for each image you use. that is to say you have to repeat after each update.

better to look at the right examples:

github.com

nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml

version: '3'

services:
  db:
    image: postgres:alpine
    restart: always
    volumes:
      - db:/var/lib/postgresql/data:Z
    env_file:
      - db.env

  redis:
    image: redis:alpine
    restart: always

  app:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z

This file has been truncated. show original

Reiner_Nippes · December 9, 2018, 5:53pm

just in case you need a fancy gui for docker: -> https://portainer.io/
(only for boys. real men do hardcore cli. )

oh. and just in case you want to have a script/playbook to setup nextcloud on docker:

but please don’t use it on an existing installation. that may cause havoc.

mike0 · December 10, 2018, 1:45am

This is true unless a docker volume is mapped to /etc/apache2 and /var/www/html then your config persists along with config.php and personal files. - Yeah it’s probably an antipattern but a good learning experience.

mike0 · December 10, 2018, 1:50am

For the record one of Nippes solutions is the correct way.