How I setup my personal Nextcloud server on the internet

#Nextcloud is a product that I have been looking at for some time. Since version Hub 6, it has been possible to develop your own applications not only in PHP, but with any programming language. Technically, it works with #Docker. This aroused my particular interest, which is why I finally decided to set up my own Nextcloud server. In this blog post I describe the path I took and which documents / aids I used.

Nextcloud on #Raspberry PI 5

First I had to decide whether I wanted to use a hosted Nextcloud system or operate my own Nextcloud server. After some research, I opted for my own server, which I wanted to install on a brand new Raspberry PI 5. The deciding factor was this excellent video on apfelcast.com. As I have always been interested in the Raspberry PI, this was the perfect opportunity to gain some experience with it.

So I bought a Raspberry PI 5 with 8 GB of RAM and a 2 TB external USB SSD hard disk. The whole thing, including the fan, case and power supply for the PI, cost around Eur 210 (where else can you get a computer with these features for this price?). The PI was ready for use within a few (approx. 30) minutes. I was then able to log on to it using SSH. The setup of the PI is also described in the video above.

Docker and Nextcloud

Following the instructions in the video, I now installed Docker and Nextcloud. The latter runs in a Docker container. I installed the Docker engine on the SD card from which the PI boots. However, I installed everything that belongs to Nextcloud (including the Nextcloud configuration, DB, ...) on the external SSD hard disk and not on the SD card. That way I'm able to just connect the USB SSD to another server and run the Nextcloud with even more computing power. The directory structure at my external SSD looks like this:

/mnt/ssd_sda1/
├── docker-compose.yml
├── lost+found
├── ncdata
│   ├── appdata_oc74sn132wxw
│   ├── files_external
│   ├── myuser
│   ├── ncadmin
│   ├── index.html
│   └── nextcloud.log
└── nextcloud
    ├── apps
    ├── config
    ├── mariadb
    └── nextcloud

ncdata contains all the data the users of my Nextcloud server save in their accounts. nextcloud contains the configuration and runtime artifacts Nextcloud uses.

As a reminder for me: The root directory of the ssd partition contains docker-compose.yml, which is used to start the containers.

Now I was able to access the Nextcloud in my local network (http://ncpi.local:8080).

Access from the internet

Next, I made my Nextcloud instance accessible from the Internet. I obtained a dyndns URL from ClouDNS and set up my Fritzbox router (the most common router in Germany) so that it forwards the requests to my dyndns URL to the Nextcloud instance. This is described very well in this video from approx. 7:25 to 10:23. Nextcloud then had to be configured to accept requests from my new dyndns. This is also described in the video from approx. 10:23 to 11:07.

Using Reverse proxy and SSL encryption

Now my Nextcloud instance was accessible via http on the Internet. We all know that this is of course a no-go. So I set to work encrypting the access with SSL. Since I might want to provide other services on the Internet later, I thought it would be a good idea to install a reverse proxy that forwards the requests to my Nextcloud server and other ones later on. This reverse proxy would perform the SSL termination. So I didn't have to deal with the SSL configuration of Nextcloud. This server is still contacted by the RP via http. For some reason (I forgot which ones) I decided to use nginx as the RP. After initial unsuccessful attempts with the product itself, I came across the nginxproxymanager, which makes configuring a #nginx RP a breeze. Even the generation and use of Letsencrypt SSL certificates works at the touch of a button. Thus, the configuration of the RP with SSL encryption was completed within a short time. Of course, the RP also runs in its own Docker container. Both the configuration of the Docker container and that of the nginx server are stored on my SD card. As you can see I use a data directory to save the nginxproxymanager configuration. This is ok for me at the moment. Maybe I switch to a database as described in the documentation of the product lat.

└── nginx
    ├── data
    │   ├── access
    │   ├── custom_ssl
    │   ├── database.sqlite
    │   ├── keys.json
    │   ├── letsencrypt-acme-challenge
    │   ├── logs
    │   └── nginx
    ├── docker-compose.yml
    └── letsencrypt
        ├── accounts
        ├── archive
        ├── live
        ├── renewal
        └── renewal-hooks

For the content of the docker-compose.yml have a look at the getting started guide.

Now, of course, I had to change the port forwarding of my router to the RP. Once I had done this, I was able to access my Nextcloud server from the Internet via SSL :–)

Access via Nextcloud Android app

This worked perfectly from the browsers on my computer. However, when I used the Nextcloud Android App, I received the following error message “Strict mode, no HTTP connection allowed!”. I metagered the internet and found this imformative forum discussion. This instructed me to add the following lines to my config.php.

  'overwrite.cli.url' => 'https://mydomainname.xxxx.xxx',
  'overwriteprotocol' => 'https',

After I restarted the Nextcloud server I could also access it from my Android device.

Here you can see my entire Nextcloud config.php file.

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'upgrade.disable-web' => true,
  'instanceid' => 'xxxxxxxx',
  'passwordsalt' => 'xxxxxxxx',
  'secret' => 'xxxxxxxx',
  'trusted_domains' =>
  array (
    0 => 'nextcloud.local:8080',
    1 => 'mydomainname.xxxx.xxx',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '28.0.1.1',
  'overwrite.cli.url' => 'https://mydomainname.xxxx.xxx',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => 'mariadb',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'mydbuser',
  'dbpassword' => 'mydbpassword',
  'installed' => true,
  'loglevel' => 0,
);

Conclusion

As you can see, it is not difficult to operate a functional Nextcloud server securely on the Internet. Now I'm curious to see what's possible with Nextcloud and how I can integrate my own projects developed with node.js (#sapcap) into Nextcloud.