How To Install Nextcloud behind a secure reverse proxy (ARM)

Discussion about Docker
User avatar
StephenM
Posts: 69
Joined: 11 Jan 2021, 21:55

How To Install Nextcloud behind a secure reverse proxy (ARM)

Post by StephenM »

One of the main reasons for purchasing my NAS was to use Nextcloud as a file sync tool to replace Dropbox (which has become more restrictive over the years, reducing the number of clients for the free service)

I'm new to Terramaster (F4-210) and new to Docker (I started this journey on the 11th Jan 2021) but here is my recipe to get this working.

You will need to have access to a domain (including DNS access and the ability to create subdomains)
If your ISP external IP is dynamically allocated you will need to setup DDNS
You will need to have downloaded the Docker App from the App store on the TOS desktop.


Some points of reference, you will need to use your own details:
My Router IP - 192.168.1.254
My NAS IP - 192.168.1.100
My Nextcloud domain - nextcloud.mydomain.com
My DNS setting for the above - CNAME to my DDNS domain name - dns.anotherdomain.com

I'm using a MacBook, windows users need to research and install PuTTY...continued

Note!!!:before attempting to follow this recipe, read all posts in the first 2 pages before starting
User avatar
StephenM
Posts: 69
Joined: 11 Jan 2021, 21:55

Re: How To Install Nexccloud behind a secure reverse proxy (ARM)

Post by StephenM »

Use SSH root access to your NAS (enable if it needed) from a Terminal window.

Code: Select all

ssh root@192.168.1.100

Create a directory for your project - I called mine nextcloud and I put it this locate:

Code: Select all

/mnt/md0/appdata/docker/projects/nextcloud/
I did this:

Code: Select all

cd /mnt/md0/appdata/docker/
mkdir projects
cd projects
mkdir nextcloud
cd nextcloud
...continued
User avatar
StephenM
Posts: 69
Joined: 11 Jan 2021, 21:55

Re: How To Install Nexccloud behind a secure reverse proxy (ARM)

Post by StephenM »

You will then need to create 2 files - docker-compose.yml and config.json:

Code: Select all

vi docker-compose.yml
For those unfamiliar with vi - it's quirky.
Press the {ins} key or the {i} key to enter insert mode.

Copy this file, paste it into your favourite editor, modify it accordingly and then copy it and paste it into your Terminal window or PuTTY session that has vi in insert mode. (For those familiar with vi - you will be able to edit it directly)

You should choose your own database passwords, but use them consistently to replace the ones detailed here.

The file details are split over 2 posts - They should be combined in a single file above - 5,000 character limit
User avatar
StephenM
Posts: 69
Joined: 11 Jan 2021, 21:55

Re: How To Install Nexccloud behind a secure reverse proxy (ARM)

Post by StephenM »

Code: Select all

version: '3'                                                                                                                                                         
                                                                                                                                                                     
volumes:                                                                                                                                                             
  nextcloud:                                                                                                                                                         
  db:                                                                                                                                                                
                                                                                                                                                                     
services:                                                                                                                                                            
  db:                                                                                                                                                                
    image: mariadb                                                                                                                                                   
    restart: always                                                                                                                                                  
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW                                                                                              
    volumes:                                                                                                                                                         
      - db:/var/lib/mysql                                                                                                                                            
    environment:                                                                                                                                                     
      - MYSQL_ROOT_PASSWORD=dbrootpwd                                                                                                                                
      - MYSQL_PASSWORD=dbuserpwn                                                                                                                                      
      - MYSQL_DATABASE=nextcloud                                                                                                                                     
      - MYSQL_USER=nextcloud        
                                                                                                                                       
 
User avatar
StephenM
Posts: 69
Joined: 11 Jan 2021, 21:55

Re: How To Install Nexccloud behind a secure reverse proxy (ARM)

Post by StephenM »

Code: Select all

app:                                                                                                                                                               
    image: nextcloud                                                                                                                                                 
    restart: always                                                                                                                                                  
    ports:                                                                                                                                                           
      - 8080:80                                                                                                                                                      
    links:                                                                                                                                                           
      - db                                                                                                                                                           
    volumes:                                                                                                                                                         
      - nextcloud:/var/www/html                                                                                                                                      
    environment:                                                                                                                                                     
      - MYSQL_PASSWORD=dbuserpwd                                                                                                                                      
      - MYSQL_DATABASE=nextcloud                                                                                                                                     
      - MYSQL_USER=nextcloud                                                                                                                                         
      - MYSQL_HOST=db                                                                                                                                                
    depends_on:                                                                                                                                                      
      - proxy                                                                                                                                                        
      - db
 
Last edited by StephenM on 15 Jan 2021, 01:00, edited 1 time in total.
User avatar
StephenM
Posts: 69
Joined: 11 Jan 2021, 21:55

Re: How To Install Nexccloud behind a secure reverse proxy (ARM)

Post by StephenM »

Code: Select all

proxy:                                                                                                                                                             
    image: 'jc21/nginx-proxy-manager:latest'                                                                                                                         
    restart: always                                                                                                                                                  
    ports:                                                                                                                                                           
      # Public HTTP Port:                                                                                                                                            
      - '80:80'                                                                                                                                                      
      # Public HTTPS Port:                                                                                                                                           
      - '443:443'                                                                                                                                                    
      # Admin Web Port:                                                                                                                                              
      - '81:81'                                                                                                                                                      
    environment:                                                                                                                                                     
      # These are the settings to access your db                                                                                                                     
      DB_MYSQL_HOST: "db1"                                                                                                                                           
      DB_MYSQL_PORT: 3306                                                                                                                                            
      DB_MYSQL_USER: "npm"                                                                                                                                           
      DB_MYSQL_PASSWORD: "dbuserpwd1"                                                                                                                                       
      DB_MYSQL_NAME: "npm"                                                                                                                                           
    volumes:                                                                                                                                                         
      - ./data:/data                                                                                                                                                 
      - ./letsencrypt:/etc/letsencrypt                                                                                                                               
      - ./config.json:/app/config/production.json                                                                                                                    
    depends_on:                                                                                                                                                      
      - db1                                                                                                                                                          
User avatar
StephenM
Posts: 69
Joined: 11 Jan 2021, 21:55

Re: How To Install Nexccloud behind a secure reverse proxy (ARM)

Post by StephenM »

Code: Select all

db1:                                                                                                                                                               
    image: mariadb                                                                                                                                                   
    restart: always                                                                                                                                                  
    environment:                                                                                                                                                     
      MYSQL_ROOT_PASSWORD: 'dbrootpwd1'                                                                                                                                     
      MYSQL_DATABASE: 'npm'                                                                                                                                          
      MYSQL_USER: 'npm'                                                                                                                                              
      MYSQL_PASSWORD: 'dbuserpwd1'                                                                                                                                          
    volumes:                               
      - ./data/mysql:/var/lib/mysql  
User avatar
StephenM
Posts: 69
Joined: 11 Jan 2021, 21:55

Re: How To Install Nexccloud behind a secure reverse proxy (ARM)

Post by StephenM »

I can't edit now - run out of time - but above I said over the next 2 posts - I did actually mean combine the above 4 posts.

Press these keys in order {esc}{:}{w}{q}{enter} to save and exit the file

When started this should download the required docker images and start the 4 containers all connected to the same docker network.
DO NOT START YET

Next create the config.json file

Code: Select all

vi config.json
Press the {ins} key or the {i} key to enter insert mode.

Copy this file, paste it into your favourite editor, modify it accordingly and then copy it and paste it into your Terminal window or PuTTY session that has vi in insert mode. (For those familiar with vi - you will be able to edit it directly)

Code: Select all

{
  "database": {
    "engine": "mysql",
    "host": "db1",
    "name": "npm",
    "user": "dbuserpwd1",
    "password": "npm",
    "port": 3306
  },
}
Press these keys in order {esc}{:}{w}{q}{enter} to save and exit the file
User avatar
StephenM
Posts: 69
Joined: 11 Jan 2021, 21:55

Re: How To Install Nexccloud behind a secure reverse proxy (ARM)

Post by StephenM »

OK we are ready to start some tests. While you are still in your project window type:

Code: Select all

docker-compose up -d
This will download the images and then start the containers - It's possible that the nextcloud image and the mariadb images may not load in this way - I originally used the Docker App to install these images - Go to the Registry entry and search for and download nextcloud and mariadb respectively if the docker-compose up command didn't work.

If all goes well 4 containers should have been created and they should be visible in the Docker App under Containers. They will take a while to get to a 'Healthy' status as they take a little while.

Test the Nextcloud. Click on the link below (or modify for your specific installation.

http://192.168.1.100:8080

You should be presented with a screen to create an admin user in Nextcloud - Go ahead and create a user and choose a password. It will then take a while for everything to be created and set up. Afterwards you should see the Nextcloud dashboard and a few screens to go through that briefly details some features.

If that's the case - happy days - If not, check your config files above and then restart the containers by typing:

Code: Select all

docker-compose down
docker-compose up
Next check that the Nginx Proxy Manager is working.
http://192.168.1.100:81

If all is well you should be presented with an email and password box - The initial defaults are:

Code: Select all

Email:    admin@example.com
Password: changeme
If you don't, check all 4 docker containers are running in the Docker App (you may have to move away from the Containers view to Overview and back again to force a screen refresh.

If they aren't running, check config and restart again (See above)

If they are running - go and make a coffee. Sometimes these things take time.
User avatar
StephenM
Posts: 69
Joined: 11 Jan 2021, 21:55

Re: How To Install Nexccloud behind a secure reverse proxy (ARM)

Post by StephenM »

OK - The basics are up and running, now lets make it accessible to the outside world, securely.

First set up port forwarding on you router (or virtual sever or whatever it's called on your set up)

Create 2 rules.

External Port 80 to Internal Port 80, internal IP address 192.168.1.100
External Port 443 to Internal Port 442, internal IP address 192.168.1.100

Log into your Nginx Proxy Manager (I might have mistakenly referred to this as Network Manager earlier but I can't edit it now.)

And add a proxy host rule

See the attachments.

This will then create the SSL certificate and set up the reverse proxy rule to attach the external internet securely to the Nextcloud instance.
Attachments
Screenshot 2021-01-14 at 17.23.47.jpg
Screenshot 2021-01-14 at 17.24.35.jpg
Locked