Run Nextcloud over SSL in Docker


I set up Nextcloud using this video guide.

I’m trying to get my Nextcloud calendars working with my Apple devices. As stated in the docs, Apple is forcing users to use SSL for this. As my Nextcloud instance is hosted on my own network and I access it via a VPN while away (i.e. no need for SSL), I tried looking around for ways to bypass this, but it seems like there aren’t any.

I found this guide which seems to be exactly what I’m looking for, but I’m stuck. I would’ve asked the user who posted the guide, but they haven’t been active for a while.

To be specific:

  1. I don’t have an email linked to my Nextcloud admin account. What do I put into RUN /usr/local/bin/ admin@domain.tld nextcloud.domain.tld?
  2. As I use an internal IP as my “domain” (i.e. how I access my Nextcloud server), what do I put for nextcloud.domain.tld? Do I include the port (192.168.x.x:8080) or not (192.168.x.x)?
  3. My biggest issue: After saving and giving it executable permissions (I did this with sudo chmod -x, I hope that’s right), the guide says I should

modify your docker run or docker-compose command to include the changes

Is this referring to the command to start Nextcloud from the video guide I mentioned at the beginning? That would be
docker run --name nextcloud -d -p 8080:80 -v /home/pi/nextcloud:/var/www/html --network nextcloud-net nextcloud

I’m unsure about what to change and especially weary about running docker build --tag nextcloud_ssl, because it sounds like I’ll be making a new Nextcloud instance that’s not related to my old one at all. Of course, I barely have anything stored in my Nextcloud instance at the moment, so it wouldn’t be too big of a hassle to start new.

Thanks for trying to help!

TLS certificates are always assigned for hostnames (maybe there is a way to issues self-signed cert for an IP)…

Self-signed cert issued for your internal hostname nextcloud.local might be the answer for your question but I would not recommend this way as well, until you absolutely have to. Self-signed certs needs to be installed to each client, which is a pain. Better you setup public DNS records and install reverse proxy with valid public LetsEncrypt or ZeroSSL certificate.