Skip to main content

Installation

Pre-Installation

Choose a place to store your user files (e.g. documents, photos, etc.). You can mount a different disk for example.

  1. Find out the name of the drive 
    lsblk
  2. Create the mount path and change ownership 
    sudo mkdir /mnt/data
sudo chown -R $USER:$USER /mnt/data
  3. Create an fstab entry to mount the drive on startup 
    sudo nano /etc/fstab
    and add the the following to the bottom (replace /dev/sda1 accordingly) 
    /dev/sda1 /mnt/data ext4 defaults 0 0
docker-compose.yml
version: "3"
services:
  nextcloud_db:
    image: mariadb
    container_name: nextcloud_db
    restart: unless-stopped
    command: --transaction-isolation=READ-COMMITTED --log-bin=ROW
    volumes:
      - ./data/db:/var/lib/mysql
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    environment:
      - MYSQL_HOST=nextcloud_db
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD}
      - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_MYSQL_ROOT_PASSWORD}

  nextcloud_redis:
    image: redis:alpine
    container_name: nextcloud_redis
    command: redis-server --requirepass ${NEXTCLOUD_REDIS_HOST_PASSWORD}
    restart: unless-stopped
    environment:
      - REDIS_HOST=nextcloud_redis
      - REDIS_HOST_PASSWORD=${NEXTCLOUD_REDIS_HOST_PASSWORD}

  nextcloud:
    image: nextcloud
    container_name: nextcloud
    restart: unless-stopped
    depends_on:
      - nextcloud_db
      - nextcloud_redis
    volumes:
      - ./data/app:/var/www/html
      - ./config:/var/www/html/config
      - /mnt/data/nextcloud:/var/www/html/data
    hostname: cloud.${SITE}
    environment:
      - MYSQL_HOST=nextcloud_db
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD}
      - REDIS_HOST=nextcloud_redis
      - REDIS_HOST_PASSWORD=${NEXTCLOUD_REDIS_HOST_PASSWORD}
      - OVERWRITEHOST=cloud.${SITE}
      - OVERWRITEPROTOCOL=https
      - overwrite.cli.url=https://cloud.${SITE}
      - PHP_MEMORY_LIMIT=768M
      - PHP_UPLOAD_LIMIT=1G
      - TRUSTED_PROXIES=${LOCAL_IP}

    labels:
      traefik.enable: true
      # https://docs.nextcloud.com/server/22/admin_manual/installation/harden_server.html
      # https://doc.traefik.io/traefik/v2.6/middlewares/http/headers/
      traefik.http.middlewares.header-nextcloud.headers.browserXssFilter: true
      traefik.http.middlewares.header-nextcloud.headers.contentTypeNosniff: true
      traefik.http.middlewares.header-nextcloud.headers.customFrameOptionsValue: 'SAMEORIGIN'
      traefik.http.middlewares.header-nextcloud.headers.referrerPolicy: 'no-referrer'
      traefik.http.middlewares.header-nextcloud.headers.stsincludesubdomains: true
      traefik.http.middlewares.header-nextcloud.headers.stspreload: true
      traefik.http.middlewares.header-nextcloud.headers.stsseconds: 15552000
      # https://docs.nextcloud.com/server/21/admin_manual/issues/general_troubleshooting.html#service-discovery
      # https://docs.nextcloud.com/server/23/admin_manual/configuration_server/reverse_proxy_configuration.html#traefik-2
      # https://doc.traefik.io/traefik/v2.6/middlewares/http/redirectregex/
      traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.permanent: true
      traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.regex: 'https://cloud.${SITE}/.well-known/(card|cal)dav'
      traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.replacement: 'https://cloud.${SITE}/remote.php/dav/'
      traefik.http.routers.nextcloud.entrypoints: websecure
      traefik.http.routers.nextcloud.middlewares: 'header-nextcloud,redirect-dav-nextcloud,secured@file'
      traefik.http.routers.nextcloud.rule: 'Host(`cloud.${SITE}`)'
      traefik.http.services.nextcloud.loadbalancer.server.port: 80

Post-Installation

  • Set the default phone region

    Edit config/config.php and add 'default_phone_region' => 'DE', down at the bottom.

  • Create a sudo cronjob for the nextcloud background tasks

    Edit

    sudo crontab -e

    and add the following line

    */5 * * * * docker exec -u www-data nextcloud php /var/www/html/cron.php

  • Setup 2FA and everything else in the GUI

See also

Back to top