The optimal & fastest Nextcloud-FPM docker setup with Caddy as webserver and https-proxy

I was on a mission to get Nextcloud-FPM to work with Docker-Caddy-Proxy, this Caddy container allows to use Docker-Compose labels to easily enable HTTPS/reverse proxy access and act as a webserver as well.

I have it working! I get an A+ rating at https://scan.nextcloud.com/.

With this setup, you will get:

  1. The fastest database option (PostgreSQL).
    
  2. Caching (Redis), Nextcloud without Redis is too slow. 
    
  3. Fastest Nextcloud build (PHP-FPM), faster than the default Apache release.
    
  4. A single container for https reverse-proxy and webserver (Caddy, replacing nginx).
    

My docker compose:

version: "2.3"
services:
##________CLOUD________
##_____________________ Caddy [CLOUD/web-proxy]
  caddy:
    container_name: caddy-proxy
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    restart: always
    networks: 
      - web-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - $DOCKERDIR/caddy/caddy_data:/data
      - $DOCKERDIR/caddy/config:/config
      - $DOCKERDIR/nextcloud/var/www/html:/nextcloud/var/www/html
      - $DOCKERDIR/nextcloud/var/data:/nextcloud/var/nextdata
    ports:
      - 80:80
      - 443:443
##
##____________________ NextCloud [CLOUD/Files/NextCloud]
  nextcloud:
    image: nextcloud:21-fpm
    container_name: nextcloud
    restart: always
    mem_limit: 2048m
    mem_reservation: 512m
    networks:
      - web-proxy
      - nextcloud
    depends_on:
      - nextcloud-db
      - nextcloud-cache
    environment:
      NEXTCLOUD_DATA_DIR: /var/nextdata
      NEXTCLOUD_TRUSTED_DOMAINS: next.$DOMAIN
      NEXTCLOUD_ADMIN_USER: $USER1
      NEXTCLOUD_ADMIN_PASSWORD: $USER1PW
      POSTGRES_HOST: nextcloud-db
      POSTGRES_DB: nextcloud
      POSTGRES_USER: $USER
      POSTGRES_PASSWORD: $PW_INT
      REDIS_HOST: nextcloud-cache
      REDIS_HOST_PASSWORD: $PW_INT
      SMTP_HOST: $SMTPHOST
      SMTP_SECURE: tls
      SMTP_NAME: $SMTPUSER
      SMTP_PASSWORD: $SMTPPASS
      SMTP_FROM_ADDRESS: $EMAIL
      SMTP_PORT: 587
    volumes:
        # the actual data of the Nextcloud:
      - $DOCKERDIR/nextcloud/var/nextdata:/var/nextdata
        # Main folder needed for updating:
      - $DOCKERDIR/nextcloud/var/www/html:/var/www/html
        # local configuration
      - $DOCKERDIR/nextcloud/var/www/html/config:/var/www/html/config
        # Custom settings for php fpm to make nextcloud work. The default settings resulted in the error:
        # WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
      - $DOCKERDIR/nextcloud/etc/www-custom.ini:/usr/local/etc/php-fpm.d/zz-custom.conf
    labels:
      caddy: next.$DOMAIN
      caddy.tls: $EMAIL
      caddy.file_server: "" 
      caddy.root: "* /nextcloud/var/www/html"
      caddy.php_fastcgi: "{{upstreams 9000}}"
      caddy.php_fastcgi.root: "/var/www/html"
      caddy.php_fastcgi.env: "front_controller_active true"
      caddy.encode: gzip
      caddy.redir_0: "/.well-known/carddav /remote.php/dav 301"
      caddy.redir_1: "/.well-known/caldav /remote.php/dav 301"
      caddy.header.Strict-Transport-Security: '"max-age=15768000;includeSubDomains;preload"' # Required for Nextcloud
      #caddy.header.X-XSS-Protection: '"1; mode=block;"'             # Required for FileRun+OnlyOffice
      #caddy.header.X-Content-Type-Options: "nosniff"                # Required for FileRun+OnlyOffice
      #caddy.header.X-Frame-Options: "SAMEORIGIN"                    # Required for FileRun+OnlyOffice
##____________________ NextCloud [CLOUD/Files/NextCloud/database]
  nextcloud-db:
    container_name: nextcloud-db
    image: postgres:12-alpine
    restart: always
    networks:
      - nextcloud
    environment:
      POSTGRES_USER: $USER
      POSTGRES_PASSWORD: $PW_INT
    volumes:
      - $DOCKERDIR/nextcloud/db:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro
##____________________ NextCloud [CLOUD/Files/NextCloud/cache]
  nextcloud-cache:
    container_name: nextcloud-cache
    image: redis:alpine
    restart: always
    mem_limit: 2048m
    mem_reservation: 512m
    networks:
      - nextcloud
    command: redis-server --requirepass $PW_INT
#
#
networks:
  web-proxy:
    driver: bridge
  nextcloud:
    driver: bridge

I actually decided to stick to filerun https://filerun.com/
Even though I went through all this effort, Filerun is still faster/more smooth. But the difference is smaller now.

What really makes the difference: with Filerun, each user account is linked to a folder on the local disk drive. Local changes are reflected immediately. This fits nicely with your own NAS, your existing data/folder structure and makes it very easy to backup user data or use other tools to sync/copy that data to the users or to a backup location (btrfs send/receive, ssh, rsync, Syncthing).

The downside: limited to 10 user accounts/not open source. But for a homeserver situation, definitely a great choice if you do not need all the extra bells & whistles of Nextcloud, since FileRun is purely a file/drive/dropbox

I like your setup on simple docker-compose but I want to use official caddy image. Can you give me pointers on how to setup the proper Caddyfile? I tried yours:

root * /var/www/html
    file_server
    php_fastcgi app:9000 {
         root /var/www/html
        env front_controller_active true
    }
    encode gzip

    header {
        Strict-Transport-Security "max-age=15768000;includeSubDomains;preload"
    }

    redir /.well-known/carddav /remote.php/dav 301
    redir /.well-known/caldav /remote.php/dav 301

But after few hours, the Nextcloud-app (the fpm image) will crunch at 100% CPU and logs showing:

"user":"- ","app":"PHP","method":"PUT","url":"/index.php/apps/user_status/heartbeat","message":{"Exception":"Error","Message":"ini_set(): Headers already sent. You cannot change the session module's ini settings at this time at /var/www/html/lib/base.php#402","Code":0,"Trace":[{"function":"onError","class":"OC\\Log\\ErrorHandler","type":"::","args":[2,"ini_set(): Headers already sent. You cannot change the session module's ini settings at this time","/var/www/html/lib/base.php",402,[]]},{"file":"/var/www/html/lib/base.php","line":402,"function":"ini_set","args":["session.cookie_secure","1"]},{"file":"/var/www/html/lib/base.php","line":639,"function":"initSession","class":"OC","type":"::","args":[]},{"file":"/var/www/html/lib/base.php","line":1076,"function":"init","class":"OC","type":"::","args":[]},{"file":"/var/www/html/index.php","line":35,"args":["/var/www/html/lib/base.php"],"function":"require_once"}],"File":"/var/www/html/lib/private/Log/ErrorHandler.php","Line":92,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0","version":"21.0.0.18"

and docker log only says something about PROPFIND /remote.php (sorry I already deleted my containers)

Any advice?

This setup is working like a charm.
So fast, so reliable on my web server (dedicated 32gb 500mo ssd…), nearly as fast as Google Suite !

I’m wondering if it’s a good idea to run Nextcloud and other services (web hosting) on the same server.

In this idea, how can I use my Traefik set (for web hosting with multiple nginx-phpfpm stack) and this Caddy on the same level ? They both use 80 & 443 :frowning:

Many thanks for this work and for a future answer.