HowTo: Ubuntu + Docker + Nextcloud + Talk + Collabora

Unexpectedly, I have just found a solution:

It was caused by some changes with REDIS.

I added following lines in docker-compose.yml:

• REDIS_HOST_PASSWORD=123redis

and

• command: redis-server --requirepass 123redis

So, my part of nextcloud and redis in the docker-compose.yml looks like:

services:
nextcloud:
image: nextcloud
container_name: nextcloud
networks:
- nextcloud
ports:
- “127.0.0.1:8080:80”
volumes:
- ${NEXTCLOUD_ROOT}/html:/var/www/html
- ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data
extra_hosts:
- “${NEXTCLOUD_FQDN}:${NEXTCLOUD_IPADDRESS}”
- “${COLLABORA_FQDN}:${NEXTCLOUD_IPADDRESS}”
depends_on:
- mariadb
- redis
environment:
- NEXTCLOUD_TRUSTED_DOMAINS=’${NEXTCLOUD_FQDN}’
- NEXTCLOUD_DATA_DIR=/srv/nextcloud/data
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_HOST=nextcloud-mariadb
- REDIS_HOST=nextcloud-redis
- REDIS_HOST_PASSWORD=123redis
restart: unless-stopped

…

redis:
image: redis
container_name: nextcloud-redis
networks:
- nextcloud
restart: unless-stopped
command: redis-server --requirepass 123redis

Hopefully it will help others.

BR, noxxville

One other thing, Karl, I don’t see the Mail App among my apps. Is this as intended?

thanks!

@noxxville I’ve seen some reference to that, but what I’ve noticed is that some new setups need it and some don’t. I did a clean setup of NC 20 just like this recently and didn’t need a redis password.

@Javihache Yes. Any apps you want, you will need to install and configure. I didn’t really cover any post-setup customization in the guide.

Hey Karl! Thanks for the quick reply again. I mean the Mail app is not even in the list of the “featured apps”. When I navigate to Apps on the Nextcloud instance, I can install or disable many apps (talk, calendar, external sites, deck, etc…), but Mail is just not there at all. Therefore I cannot even install it or enable it.

Javier Hermosa

The mail app is under office & text, and also in the groupware and hub bundles.

Nah it was a bug with Nextcloud Docker 20.0.6… 20.0.7 took a while to be ported to docked. All good now.

The only thing I cannot manage to get working, neither with your docker installation or with my zip installation on a different server is the coturn server… I always get the “no ICE candidates were found”… I noticed on your description, at the Nextcloud Talk point, it says “use cloud.domain.name:3489” and then “forward TCP and/or UDP port 3478”. Looking at the docker-compose.yml I can imagine the right port is 3478… I tried both and it doesn’t work either way.

EDIT: Turn Server (Coturn): Einrichtung funktioniert nicht - #15 by FatBastard

Hallo all,
it’s me … again
I was thinking about a second nextcloud Instance. It is possible to edit the docker-compose.yml to get a second nextcloud instance, using the same mysql, redis, collabora and coturn?

I tried to add an secound instance by adding a new “service”. But nothing I tried was working.

For Example:

services:
nextcloud:
image: nextcloud
container_name: nextcloud
…
nextcloud_2:
image: nextcloud
container_name: nextcloud_2
…

Of course I also used new variables to separate the URLs etc. But I got always the issue that I got the massage, that the second instance has overwritten my first one. Or I got issues with the Image.

I am new at the Docker concept, therefore I am happy about any little hint, what I am doing wrong

Thanks,
Nils

@noxxville You sure can, and what I would suggest is rather than having them in the same compose file, I would make a completely separate folder with its own compose file and its own copy of all the containers. The main things you would need to change are the port numbers and any duplicate names (services, networks, absolute paths, etc.).

Doing it that way you can easily take one down for maintenance without disturbing the other, or also easily move one to a separate server later if you decide to.

@KarlF12 Ok, of course that makes perfect sense. And as you said, this should be much easier to aministrate. Sometimes it can be so easy …

I wanted to take a moment to reply and, firstly, say thank you for this. This walkthrough was incredibly useful and functionally essential to my deployment of my own instance using docker.

I also wanted to commend you on your effort. I saw your posts as far back as 2019 when I was triaging a problem related to Collabora not displaying documents (which had to do with PEBKAC on my end, not yours) and developing your skillset then contributing it back.

Thank you. Glad it was helpful. I actually started working on an update to this over the weekend for Ubuntu Server 20.04 and Nextcloud 21. I want to integrate both of the high performance backends, and I’m debating leaving the Collabora part off since both Collabora and ONLYOFFICE are integrated now.

I think I’ve got the Files HPB working. I need to do some testing on that and then figure out the Talk HPB. My goal is to get both backends integrated in one docker-compose setup.

Awesome tutorial.

However, in case anyone is trying to run Nextcloud + Collabora inside Docker on and old Debian machine (8 or older), I banged my head against the wall for hours with Collabora failing to respond until I found my way to this answer:

https://help.nextcloud.com/t/collabora-docker-capabilities-problem/4774/10

One simple line in a daemon.json file:

{
“storage-driver”: “devicemapper”
}

…restart docker service, and Collabora suddenly sprang to life and started responding. Problem solved.

For anyone following this hitting an error like:

SQLSTATE[HY000]: General error: 4047 InnoDB refuses to write tables with ROW_FORMAT=COMPRESSED or KEY_BLOCK_SIZE.

… This is due to an issue with new versions of MariaDB. Full details can be found in this thread.

The solution is to add the following to the mariadb portion of your docker-compose.yml:

command: ['--innodb_read_only_compressed=OFF']

For example:

  mariadb:
    image: mariadb
    container_name: nextcloud-mariadb
    restart: unless-stopped
    command: ['--innodb_read_only_compressed=OFF']
    volumes:
      - ${NEXTCLOUD_ROOT}/mariadb:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    networks:
      - nextcloud

I have two questions:

1. Can I upgrade my docker image to a later version of NextCloud? How do I do it?

2. There seems to be an app (music) that interferes with my docker image and now I cannot login to Nextcloud. Do you know why this happens and how I can fix it?

Thank you for your great work here!

Cordially,
Martin Book

please review the guide of the docker container section Update to a newer version.
You can disable apps from command line using the occ app: commands

For new questions and specific issues with your installations it’s recommended to open a new thread rather cluttering another topic.

Point taken. I will hope for an answer on those channels. Unfortunately occ app:disable does not work in this case. Do not know why. I just pulled Nextcloud and it seems fine when I am locking at things in terminal in the folder where the docker image is. Unfortunately when I occ upgrade it does not work. There is an error that has got to do with the music app (that I fully regret installing now as I have never ever used it) and I am stuck in maintenance mode. Not very happy about that.

It all started when I tried to update apps in the UI inside Nextcloud. Should not have done it without upgrading Nextcloud first.

Sorry for clutterin, I’ll move along.

Can anyone help with the question? Container NextCloud accepts external storage on the same machine mounted as Snapraid? Openmediavault 5.

Just in case anybody else is having the same problem with Nextcloud 23 and Collabora (Collabora not opening any document):

It seems that the developers of Collabora have changed some directory names, which makes the original 011-collabora.conf invalid.

Here is a fixed version of that file:

<VirtualHost *:80>
  ServerName office.domain.name
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  AllowEncodedSlashes NoDecode
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off
  ProxyPreserveHost On
  # static html, js, images, etc. served from coolwsd
  # browser is the client part of Collabora Online
  ProxyPass           /browser https://127.0.0.1:9980/browser retry=0
  ProxyPassReverse    /browser https://127.0.0.1:9980/browser
  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery
  # Capabilities
  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
  # Main websocket
  ProxyPassMatch      "/cool/(.*)/ws$"      wss://127.0.0.1:9980/cool/$1/ws nocanon
  # Admin Console websocket
  ProxyPass           /cool/adminws wss://127.0.0.1:9980/cool/adminws
  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /cool https://127.0.0.1:9980/cool
  ProxyPassReverse    /cool https://127.0.0.1:9980/cool
  # Compatibility with integrations that use the /lool/convert-to endpoint
  ProxyPass           /lool https://127.0.0.1:9980/cool
  ProxyPassReverse    /lool https://127.0.0.1:9980/cool
</VirtualHost>

<VirtualHost *:443>
  ServerName office.domain.name
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  SSLEngine on
  AllowEncodedSlashes NoDecode
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off
  ProxyPreserveHost On
  # static html, js, images, etc. served from coolwsd
  # browser is the client part of Collabora Online
  ProxyPass           /browser https://127.0.0.1:9980/browser retry=0
  ProxyPassReverse    /browser https://127.0.0.1:9980/browser
  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery
  # Capabilities
  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
  # Main websocket
  ProxyPassMatch      "/cool/(.*)/ws$"      wss://127.0.0.1:9980/cool/$1/ws nocanon
  # Admin Console websocket
  ProxyPass           /cool/adminws wss://127.0.0.1:9980/cool/adminws
  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /cool https://127.0.0.1:9980/cool
  ProxyPassReverse    /cool https://127.0.0.1:9980/cool
  # Compatibility with integrations that use the /lool/convert-to endpoint
  ProxyPass           /lool https://127.0.0.1:9980/cool
  ProxyPassReverse    /lool https://127.0.0.1:9980/cool
  SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>

Cheers!

With 1 remark only, I would completely disable http and move to https only with e.g. following config:

<VirtualHost *:80>

  ServerName office.domain.name
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

  Redirect permanent / https://office.domain.name/

</VirtualHost>

If you disable HTTP rather than use a redirect, keep in mind that not all browsers will automatically go to HTTPS. It’s likely to cause confusing among your users when they just type in the FQDN and hit enter.

You have to keep the port open anyway if you use certbot, even if you take away the redirect.