Preface

I have always wanted to write a tutorial on how to build a docker version of nextcloud, but it takes a long time to redeploy it, and I can't remember too many details. But it's too troublesome, and I have to write a lot, so I don't have the mood or motivation to do it. But this time the opportunity finally came. Yesterday, thinking that nextcloud hasn't been upgraded for a long time, I directly docker pull linuxserver/nextcloud, and then rebuild it, and as expected:

Well, this is not the first time that if the LinuxServer/NextCloud version upgrade spans a major version, various problems are likely to occur. So I might as well take this opportunity to move NextCloud from MacMini to Inter Mini host, so this article was written.

Note: In fact, it is easier to deploy NextCloud using Docker Compose. However, based on the reasons I mentioned before, in order to reuse existing containers (Mariadb, Redis), I prefer to use Docker Run. If you like simplicity, Docker Compose is more recommended.

Create and initialize the mariadb database

Nextcloud needs to use a database. The options are SQLite, mariadb, and PostgreSQL. You can choose according to your own usage habits. I use mariadb more frequently in other applications, so if there is a ready-made one, I will directly choose mariadb (mysql is also OK, but mariadb is always preferred when there is a choice).

Because I use docker run to deploy, I need to manually create a mariadb database and initialize it (if you have an existing mariadb, just initialize it directly). The process for creating a new mariadb database is as follows:

Create a new public-net bridge (optional)

docker network create public-net

Note:
This step is not required, but because the non-default bridge public-net needs to be referenced in both the mariadb container (and the subsequent redis container) and the nextcloud container, so that nextcloud can directly access mariadb using the container name, it needs to be created in advance (if there are other existing non-default bridges, you can also reuse them).

其实在nextcloud里用–link参数直接链接mariadb也能达到一样的目的，但是为了以后容器多了方便管理和运维（例如创建不同的bridge用以连接不同区域的容器），尽量不要使用–link参数，因为容器多了以后到处链接有可能把自己搞晕，不便于运维，所以最好从一开始就养成使用–net参数的良好习惯。

Create a new mariadb database (optional)

If there is no mariadb database container in the environment or you do not want to reuse the existing one, you need to create a new one.

Create a directory on the host that needs to be mounted into the mariadb container

mkdir -p /docker/mariadb/db

Create mariadb container

The command to build the mariadb database in docker run format is as follows:

docker run --name=mariadb01 -d --restart=always \ --net=public-net \ #Specify mariadb container to use public-net bridge, which needs to be the same as nextcloud later -p 3306:3306 \ #Map the host's port 3306 to the container's port 3306 -v /docker/mariadb/db:/var/lib/mysql \ #Mount the previously created host directory to the specified directory inside the container -e MARIADB_ROOT_PASSWORD=123 \ #Specify the password corresponding to the database root user, which you can modify by yourself mariadb:10.11

Initialize the mariadb database

Please refer to my other article for details:Tips and tricks: Create a new empty database and grant permissions to corresponding users，下文中假定初始化后库名称、对应的用户名和密码均为”nextcloud”。

Deploy nextcloud

Pre-deploy nextcloud

First, use the simplest command to create nextcloud:

docker run --name=nextcloud -d linuxserver/nextcloud 

Then copy the three directories of config, app, and data in the container to the /docker/nextcloud/ directory of the host:

docker cp nextcloud:/config /docker/nextcloud docker cp nextcloud:/app /docker/nextcloud docker cp nextcloud:/data /docker/nextcloud

The purpose of doing this is to copy the contents of the folders required for the normal deployment of nextcloud. If you directly use the -v parameter to mount an empty folder on the host into the container, the container will not start at all.
To delete a container:

docker stop nextcloud docker rm nextcloud

Officially deploy nextcloud

The docker format command is as follows:

docker run --name=nextcloud -d --restart=always \ --net=public-net \ # and mariadb containers are connected to the same bridge -p 9010:80 \ # map the host port 9010 to the container's http port 80. You can modify the port according to your actual environment -e TZ=Asia/chongqing \ # set the container time zone -v /docker/nextcloud/app:/app \ # map the first three folders copied from the container to the host to the specified folders in the container -v /docker/nextcloud/data:/data \ -v /docker/nextcloud/config:/config \ linuxserver/nextcloud 

Note: There are two more parameters-e PUID=xxxand-e PGID=xxxIs an optional parameter.-vIf the parameter causes permission problems, you can consider using it (if there is no permission problem, don't use it. For example, I don't use it, but I can't access it directly after using the container. . ). The specific PUID and PGID values are given byid usernameThe command is obtained as follows:

Configure nextcloud

Initialize nextcloud

usehttp://Host IP:9010Visit nextcloud:

Note: To install the recommended apps normally later, you need a science or magic environment, otherwise you can only install them manually later.
Initialization successful:

Change the default language

Done:

Allow access using domain name

Nextcloud, like WordPress, will also lock the access address used during initialization. For example, in the previous section, we usedhttp://host ip:9010To initialize, when we want to use it through the reverse proxynextcloud.example.comWhen accessing by domain name, the following situations will occur:

It will tell us that we are accessing it using an untrusted domain name. The solution is to modify the config/config.php file.

Edit the host file /docker/nextcloud/config/www/nextcloud/config/config.php:

vim /docker/nextcloud/config/www/nextcloud/config/config.php

The default is in the red box:

At this time, there are two ways to modify the format:
Format 1

'trusted_domains' => array ( 0 => '192.168.1.10:9010', 1 => 'nextcloud.example.com', ),

Format 2

'trusted_domains' => [ '192.168.1.10:9010', 'nextcloud.example.com' ],

注意：格式2′nextcloud.example.com‘ 后面没有,And format 1 has.

After the modification is complete, save config.php and restart the nextcloud container, and you can log in using the domain name.

Note: For the specific configuration of the reverse proxy, please refer to my other two articles:Docker series uses Docker to build its own reverse proxy based on NPMandLinux panel series configure reverse proxy and use non-443 port for publishing.

Optimizing NextCloud performance using Redis

In fact, up to this point, nextcloud is already available for use. However, we can optimize the performance of nextcloud and improve the user experience through some follow-up operations.
Deploy the redis container:

docker run --name redis -d --restart=always --net=public-net -p 6379:6379 redis

Edit the config.php file and find the following content:

The red boxAPCuChange toRedisAnd add the redis cache server:

  'memcache.locking' => '\\OC\\Memcache\\Redis', #Change the file lock to redis cache file lock 'redis' => #Specify the address and port of the redis cache server array ( 'host' => 'redis', 'port' => 6379, ),

As shown below:

Save the changes and restart the nextcloud container.

Security and Optimization Warnings

In the overview of management settings, there will be some security warnings:

These warnings do not affect the use (in fact, if you have deployed nextcloud using source code before, you will know that this warning is really nothing...), but as a person with obsessive-compulsive disorder, it is really unpleasant to see them, so I'd better try to solve it.
1,

These two can be solved by adding the following configuration to the config.php file:

  'default_phone_region' => 'CN', 'mail_smtpmode' => 'smtp', 'mail_smtphost' => 'smtp.163.com', 'mail_sendmailmode' => 'smtp', 'mail_smtpport' => '587', 'mail_smtpsecure' => 'ssl', 'mail_from_address' => 'abcd', #Assume the email address is [email protected] 'mail_domain' => '163.com', 'mail_smtpauth' => 1, 'mail_smtpname' => 'abcd', 'mail_smtppassword' => 'xxxxxxxxxxxxxxxx', #163 email authorization code, not email login password

注：邮箱部分也可以在”基本设置”-“电子邮件服务器”里进行设置：

2,

This is because we mapped the http port 80 of the nextcloud container, and we used https to access nextcloud through a reverse proxy, which caused confusion in nextcloud. We need to tell nextcloud to add the reverse proxy address to the trusted proxy list. This can be solved by adding the following configuration to the config.php file:

  'trusted_proxies' => array ( 0 => '192.168.1.1', # assumes 192.168.1.1 is the IP address of the reverse proxy),

3.

If NextCloud is deployed in source code mode, you need to modify the configuration file in the deployed web server to solve this error. However, since we are deploying it in Docker mode, you don’t need to worry about it. You can just disable the detection. This can be solved by adding the following configuration in the config.php file:

'check_for_working_wellknown_setup' => false,

4.

Modify the config.php file and add the following configuration:

'maintenance_window_start' => 1,

5.

If NextCloud uses nginx for source code deployment and performs SSL decryption on nginx, to solve this problem, you only need to add the following content to the nginx configuration file:

add_header Strict-Transport-Security "max-age=15552000";

If you use a CDN, such as CloudFlare or other domestic CDN providers, you need to enable HSTS and set the expiration time to at least
6 monthsor15552000 seconds.
cloudflare:

Tencent Cloud CDN:

Note: Once HSTS is enabled and an expiration time is set, the browser will only use https to access the website during this period. If the website is changed back to http, it will become inaccessible.
6.

This is said to be a bug. If you have to solve it, the previous solution is to run the apt command to install it in the container:

docker exec --user root -it nextcloud /bin/bash -c 'apt update && apt install -y libmagickcore-6.q16-6-extra'

However, the latest version of nextcloud (I am using 28.0.3 now) doesn't even have the apt command. I have no choice but to put up with it. This is the only way to go for now. Unfortunately, there is one missing piece.

Restart nextcloud, the final result is as follows:

In addition: Since HSTS is enabled, you must test the level. Here is the URL for testing the SSL security level of the website. Friends who are interested can do a test:
https://www.ssllabs.com/ssltest/

About LinuxServer/NextCloud Upgrade

The following is the translation of the official statement on nextcloud upgrade on linuxserver (the original link is as follows:https://docs.linuxserver.io/images/docker-nextcloud/):

“更新 Nextcloud 的方法是调用新镜像并用它重新创建容器。

You can only upgrade one major version at a time. For example, if you want to upgrade from version 14 to version 16, you must first upgrade from version 14 to version 15, and then upgrade from version 15 to version 16.

由于所有数据都存储在 /config 和 /data 卷中，因此不会丢失任何数据。启动脚本会检查卷中的版本和已安装的 docker 版本。如果发现不匹配，它就会自动启动升级程序。”

But in reality, I don't upgrade the nextcloud version often. When I suddenly remember it one day, it must be at least a major version away. At this time, if I use the usual upgrade method of general containers: pull the image first, then rebuild, the probability of failure is very high (just like why I have to reinstall nextcloud this time~~~), so it is best to upgrade inside the container:

But if you ask me why I didn't use the official image of nextcloud, but the linuxserver/nextcloud version, I have forgotten the reason. I remember that I felt that the file organization of the linuxserver/nextcloud version was better, and the description of the command parameters on dockerhub was more to my liking. The official image of nextcloud was a headache for me, and I got used to it and was too lazy to change it... You can also try to use the official image directly, and if you use the linuxserver/nextcloud version, you must pay attention when you want to upgrade.

Client Settings

Another powerful feature of nextcloud is that it supports multi-platform clients:

不过要想正常使用多平台客户端的前提是nextcloud有公网域名，比如前面提到”nextcloud.example.com”，下面就以mac版nextcloud客户端设置过程为例演示如何添加已有公网域名的nextcloud服务器，跟着如下步骤操作即可：

success:

The client settings for other platforms are similar, so I won’t go into details.

In the future, just drop the files that need to be synchronized on multiple platforms into the local nextcloud folder, such as my obsidian working directory, and then you can see the same content when you open obsidian on any other platform.

---

If you want to write on a Mac and also be able to open it on an iPad or iOS, you need to transfer it through iCloud, such as regularly synchronizing the Obsidian folder in the local NextCloud to iCloud, and then setting the Obsidian working directory of iOS and iPad to the folder in iCloud.

---

Afterword

In fact, the above are just the most basic functions of NextCloud. There are many places where NextCloud can be played, which are all achieved through its applications (you need to use science or magic, otherwise you can only find a way to download the offline package and install it yourself):

For example, you can install a music player and scan lossless music on external storage to turn it into an online music player; you can install the onlyoffice plug-in and use it with the onlyoffice container to implement online multi-format document editing (see:Docker series deploys onlyoffice container for nextcloud); it can support multiple users and turn NextCloud into a small portal. Administrators can send announcements to other users and implement process management; it can be integrated with many commonly used software in the world; it can allow users to register with their email addresses, etc. You can search for specific NextCloud applications on the Internet. There are too many to list.

Also: I finally finished the tutorial for setting up the docker version of nextcloud. It was so hard to write.