Install nextcloud with docker-compose and nginx

DevConram · August 8, 2020, 2:03pm

I am not learning… I am banging my head in to a wall

bergbiber · August 29, 2020, 10:02pm

maybe i can add the ending of my story: i finally got nextcloud work. unfortunately i was not able to make it with nginx. something is broken if you want to run nc in a subfolder. dont know what is wrong. so i decided to switch to traefik which works perfectly fine. at the beginning it is a bit confusing to understand but then it is really nice and comfortable.
i can provide my config if somebodys interested.

timbuckto · September 9, 2020, 3:01pm

You could do Pods in Fedora or LXD in Ubuntu if you don’t want to deal with sub directories and they could be their own little (containerized) servers pointing one to the other.

I’ve done it with LXD where nginx was a separate container for a reverse proxy and in the nextcloud container I did a LEMP stack so that the nginx container could note it as a node managed by the nginx container. LXD is kind of like docker and VM’s combined. So you can create some pretty neat stuff and manage it like an individual machine. Now, if you have a lot of containers, Docker (or Pods in Fedora) is better as there are management systems that handle updates and config backups easier than LXD. LXD is a little more hands on with setup, unless you setup ansible playbooks for recreating images.

koj · September 24, 2020, 9:08am

Hey, Reiner_Nippes,
I have tried to install nextcloud according to your playbook, but my browser does not find the site. My configuration is a raspberry 4b with aarch64. When inspecting the dockerproxy logs, I can see the following error::

Blockquote
standard_init_linux.go:211: exec user process caused “exec format error”.

Could you, please, help me ?

Thank you very much.

benuser7 · October 4, 2020, 10:25pm

Yes please, have been struggling with traefik and nc for a while, no luck with with either nginx or traefik.
Is your config working with https or just HTTP?

Thanks

Ryu945 · October 9, 2020, 4:17pm

Here is the Docker Compose file I use. It is nice because you can use this both for internet exposed NextCloud sites and LAN only NextCloud sites since it uses DNS verification. I have gone through this file for quite a few hours trying to hammer out all the bugs in deployment while trying to follow least privileges practices. Your notice I use a lot of networks because if a container is not suppose to to talk to each other then it shouldn’t be able to talk to another container. At this time, everything is working in it except the Collabora server. I am still trying to get that working. I use a MariaDB, NGINX reverse proxy and ClamAV anti-virus. I also have the problem solved where Nextcloud apps would not connect to the Nextcloud server. SSL certificates and renewals are handled automatically so you don’t have to worry about it. I heavily use volumes so that you can easily tear down and build back containers without worry of data loss.

In my particular deployment, my host server has multiple static IPs. This is how I can get ports 80 and 443 used for multiple services I plan on running on my equipment. For example, if your deployment server is on IPs 192.168.1.5 and 192.168.1.6 . You can set your exposed ports up like this:

      - 192.168.1.6:80:80
      - 192.168.1.6:443:443

This will leave port 80 and 443 open on 192.168.1.5 .

If anyone sees this that knows how to setup Collabora, help would be appreciated. Otherwise, this compose file works fine for everything except Collabora.

version: '3.7' 

services:

  proxy:
    image: pinidh/nginx-proxy:latest
    labels:
    - nextcloud-proxy.nginx-proxy=true
    container_name: nextcloud-proxy
    networks:
      - network1
      - network2
      - network3
    ports:
      - 80:80
      - 443:443
    volumes:
      - nextcloud_dhparam:/etc/nginx/dhparam
      - nextcloud_conf.d:/etc/nginx/conf.d:rw
      - nextcloud_vhost.d:/etc/nginx/vhost.d:rw
      - nextcloud_html:/usr/share/nginx/html:rw
      - nextcloud_certs:/etc/nginx/certs:ro
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
    restart: unless-stopped

  letsencrypt:
    image: pinidh/letsencrypt-nginx-proxy-companion:latest
    container_name: nextcloud-letsencrypt
    depends_on:
      - proxy
    networks:
      - network1
      - network3
    volumes:
      - nextcloud_acme:/etc/acme.sh
      - nextcloud_certs:/etc/nginx/certs:rw
      - nextcloud_vhost.d:/etc/nginx/vhost.d:rw
      - nextcloud_html:/usr/share/nginx/html:rw
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - NGINX_PROXY_CONTAINER_LABEL=nextcloud-proxy.nginx-proxy
      - NETWORK_ACCESS=internal
    restart: unless-stopped

  db:
    image: mariadb
    container_name: nextcloud-mariadb
    networks:
      - network4
    volumes:
      -  nextcloud_db:/var/lib/mysql
      - /etc/localtime:/etc/localtime:ro
    environment:
      - MYSQL_ROOT_PASSWORD=dragondragon
      - MYSQL_PASSWORD=dradra
      - MYSQL_DATABASE=dragon
      - MYSQL_USER=dragonballz
      - NETWORK_ACCESS=internal
    restart: unless-stopped
  
  app:
    image: nextcloud:latest
    container_name: nextcloud-app
    networks:
      - network2
      - network4
      - network3
    depends_on:
      - letsencrypt
      - proxy
      - db
      - av
      - collabora
    volumes:
      - nextcloud:/var/www/html
      - nextcloud_app_config:/var/www/html/config
      - nextcloud_app_custom_apps:/var/www/html/custom_apps
      - nextcloud_app_data:/var/www/html/data
      - nextcloud_app_themes:/var/www/html/themes
      - /etc/localtime:/etc/localtime:ro
    environment:
      - OVERWRITEPROTOCOL=https
      - VIRTUAL_HOST=march.ofthedragon.com
      - LETSENCRYPT_march.ofthedragon.com
      - LETSENCRYPT_DNS_MODE=dns_duckdns
      - LETSENCRYPT_DNS_MODE_SETTINGS=export DuckDNS_Token=atokeneffort
      - LETSENCRYPT_EMAIL=theemailtheemailthethetheemail
      - NETWORK_ACCESS=internal
      - LETSENCRYPT_TEST=true
      - DEBUG=1
    restart: unless-stopped


  av:
    image: mkodockx/docker-clamav:alpine
    container_name: nextcloud-clamav
    networks: 
      - network2
    depends_on:
      - proxy
    environment:
      - NETWORK_ACCESS=internal
    restart: unless-stopped


  collabora:
    image: collabora/code
    container_name: nextcloud-collabora
    networks:
      - network3
    depends_on:
      - letsencrypt
      - proxy
    volumes:
      - /etc/localtime:/etc/localtime:ro
    environment:
      - VIRTUAL_HOST=data.ballz.com
      - LETSENCRYPT_HOST=data.ballz.com
      - LETSENCRYPT_DNS_MODE=dns_duckdns
      - LETSENCRYPT_DNS_MODE_SETTINGS=export DuckDNS_Token=atokeneffort
      - LETSENCRYPT_EMAIL=theemailtheemailthethetheemail
      - LETSENCRYPT_TEST=true
      - DEBUG=1
      - domain=march\\.ofthedragon\\.com
      - username=datadata
      - password=databallz
      - dictionaries=en de es it fr ja
      - NETWORK_ACCESS=internal
    cap_add:
      - MKNOD
    restart: unless-stopped


volumes:
  nextcloud:
  nextcloud_db:
  nextcloud_conf.d:
  nextcloud_vhost.d:
  nextcloud_html:
  nextcloud_certs:
  nextcloud_app_config:
  nextcloud_app_custom_apps:
  nextcloud_app_data:
  nextcloud_app_themes:
  nextcloud_acme:
  nextcloud_dhparam:
  
  

networks:
  network4:
    internal: true
  network2:
  network1:
  network3:
    internal: true

Reiner_Nippes · October 9, 2020, 5:14pm

@koj looks like there is no arm image for dockerproxy. you may try an older version of the playbook: GitHub - ReinerNippes/nextcloud_on_docker at v1.1