Nextcloud

Installation

Pre-Installation

Choose a place to store your user files (e.g. documents, photos, etc.). You can mount a different disk for example.

  1. Find out the name of the drive
    lsblk
    
  2. Create the mount path and change ownership
    sudo mkdir /mnt/data
    sudo chown -R $USER:$USER /mnt/data
    
  3. Create an fstab entry to mount the drive on startup
    sudo nano /etc/fstab
    
    and add the the following to the bottom (replace /dev/sda1 accordingly)
    /dev/sda1 /mnt/data ext4 defaults 0 0
    
docker-compose.yml
version: "3"
services:
  nextcloud_db:
    image: mariadb
    container_name: nextcloud_db
    restart: unless-stopped
    command: --transaction-isolation=READ-COMMITTED --log-bin=ROW
    volumes:
      - ./data/db:/var/lib/mysql
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    environment:
      - MYSQL_HOST=nextcloud_db
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD}
      - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_MYSQL_ROOT_PASSWORD}

  nextcloud_redis:
    image: redis:alpine
    container_name: nextcloud_redis
    command: redis-server --requirepass ${NEXTCLOUD_REDIS_HOST_PASSWORD}
    restart: unless-stopped
    environment:
      - REDIS_HOST=nextcloud_redis
      - REDIS_HOST_PASSWORD=${NEXTCLOUD_REDIS_HOST_PASSWORD}

  nextcloud:
    image: nextcloud
    container_name: nextcloud
    restart: unless-stopped
    depends_on:
      - nextcloud_db
      - nextcloud_redis
    volumes:
      - ./data/app:/var/www/html
      - ./config:/var/www/html/config
      - /mnt/data/nextcloud:/var/www/html/data
    hostname: cloud.${SITE}
    environment:
      - MYSQL_HOST=nextcloud_db
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD}
      - REDIS_HOST=nextcloud_redis
      - REDIS_HOST_PASSWORD=${NEXTCLOUD_REDIS_HOST_PASSWORD}
      - OVERWRITEHOST=cloud.${SITE}
      - OVERWRITEPROTOCOL=https
      - overwrite.cli.url=https://cloud.${SITE}
      - PHP_MEMORY_LIMIT=768M
      - PHP_UPLOAD_LIMIT=1G
      - TRUSTED_PROXIES=${LOCAL_IP}

    labels:
      traefik.enable: true
      # https://docs.nextcloud.com/server/22/admin_manual/installation/harden_server.html
      # https://doc.traefik.io/traefik/v2.6/middlewares/http/headers/
      traefik.http.middlewares.header-nextcloud.headers.browserXssFilter: true
      traefik.http.middlewares.header-nextcloud.headers.contentTypeNosniff: true
      traefik.http.middlewares.header-nextcloud.headers.customFrameOptionsValue: 'SAMEORIGIN'
      traefik.http.middlewares.header-nextcloud.headers.referrerPolicy: 'no-referrer'
      traefik.http.middlewares.header-nextcloud.headers.stsincludesubdomains: true
      traefik.http.middlewares.header-nextcloud.headers.stspreload: true
      traefik.http.middlewares.header-nextcloud.headers.stsseconds: 15552000
      # https://docs.nextcloud.com/server/21/admin_manual/issues/general_troubleshooting.html#service-discovery
      # https://docs.nextcloud.com/server/23/admin_manual/configuration_server/reverse_proxy_configuration.html#traefik-2
      # https://doc.traefik.io/traefik/v2.6/middlewares/http/redirectregex/
      traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.permanent: true
      traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.regex: 'https://cloud.${SITE}/.well-known/(card|cal)dav'
      traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.replacement: 'https://cloud.${SITE}/remote.php/dav/'
      traefik.http.routers.nextcloud.entrypoints: websecure
      traefik.http.routers.nextcloud.middlewares: 'header-nextcloud,redirect-dav-nextcloud,secured@file'
      traefik.http.routers.nextcloud.rule: 'Host(`cloud.${SITE}`)'
      traefik.http.services.nextcloud.loadbalancer.server.port: 80

Post-Installation

See also

Calendar

To use the calendar, an admin first needs to activate the app in the admin settings. If that is done, you can log into your user account.

If you have set up 2FA, you will first need to create a new app password:

  1. Go to User>Settings>Security and scroll down to Devices & session.
  2. Choose a name for yout app (e.g. Thunderbird) and click on Create new app password.
  3. Save Username and Password for later and click Done.
  4. Go to your calendar of choice and follow their instructions to set up the calendar.
  5. In the setup, use the Username and Password from above.

For Thunderbird see here.