How To Install Nextcloud behind a secure reverse proxy (ARM)
How To Install Nextcloud behind a secure reverse proxy (ARM)
One of the main reasons for purchasing my NAS was to use Nextcloud as a file sync tool to replace Dropbox (which has become more restrictive over the years, reducing the number of clients for the free service)
I'm new to Terramaster (F4-210) and new to Docker (I started this journey on the 11th Jan 2021) but here is my recipe to get this working.
You will need to have access to a domain (including DNS access and the ability to create subdomains)
If your ISP external IP is dynamically allocated you will need to setup DDNS
You will need to have downloaded the Docker App from the App store on the TOS desktop.
Some points of reference, you will need to use your own details:
My Router IP - 192.168.1.254
My NAS IP - 192.168.1.100
My Nextcloud domain - nextcloud.mydomain.com
My DNS setting for the above - CNAME to my DDNS domain name - dns.anotherdomain.com
I'm using a MacBook, windows users need to research and install PuTTY...continued
Note!!!:before attempting to follow this recipe, read all posts in the first 2 pages before starting
I'm new to Terramaster (F4-210) and new to Docker (I started this journey on the 11th Jan 2021) but here is my recipe to get this working.
You will need to have access to a domain (including DNS access and the ability to create subdomains)
If your ISP external IP is dynamically allocated you will need to setup DDNS
You will need to have downloaded the Docker App from the App store on the TOS desktop.
Some points of reference, you will need to use your own details:
My Router IP - 192.168.1.254
My NAS IP - 192.168.1.100
My Nextcloud domain - nextcloud.mydomain.com
My DNS setting for the above - CNAME to my DDNS domain name - dns.anotherdomain.com
I'm using a MacBook, windows users need to research and install PuTTY...continued
Note!!!:before attempting to follow this recipe, read all posts in the first 2 pages before starting
Re: How To Install Nexccloud behind a secure reverse proxy (ARM)
Use SSH root access to your NAS (enable if it needed) from a Terminal window.
Create a directory for your project - I called mine nextcloud and I put it this locate:
I did this:
...continued
Code: Select all
ssh root@192.168.1.100
Create a directory for your project - I called mine nextcloud and I put it this locate:
Code: Select all
/mnt/md0/appdata/docker/projects/nextcloud/
Code: Select all
cd /mnt/md0/appdata/docker/
mkdir projects
cd projects
mkdir nextcloud
cd nextcloud
Re: How To Install Nexccloud behind a secure reverse proxy (ARM)
You will then need to create 2 files - docker-compose.yml and config.json:
For those unfamiliar with vi - it's quirky.
Press the {ins} key or the {i} key to enter insert mode.
Copy this file, paste it into your favourite editor, modify it accordingly and then copy it and paste it into your Terminal window or PuTTY session that has vi in insert mode. (For those familiar with vi - you will be able to edit it directly)
You should choose your own database passwords, but use them consistently to replace the ones detailed here.
The file details are split over 2 posts - They should be combined in a single file above - 5,000 character limit
Code: Select all
vi docker-compose.yml
Press the {ins} key or the {i} key to enter insert mode.
Copy this file, paste it into your favourite editor, modify it accordingly and then copy it and paste it into your Terminal window or PuTTY session that has vi in insert mode. (For those familiar with vi - you will be able to edit it directly)
You should choose your own database passwords, but use them consistently to replace the ones detailed here.
The file details are split over 2 posts - They should be combined in a single file above - 5,000 character limit
Re: How To Install Nexccloud behind a secure reverse proxy (ARM)
Code: Select all
version: '3'
volumes:
nextcloud:
db:
services:
db:
image: mariadb
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=dbrootpwd
- MYSQL_PASSWORD=dbuserpwn
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
Re: How To Install Nexccloud behind a secure reverse proxy (ARM)
Code: Select all
app:
image: nextcloud
restart: always
ports:
- 8080:80
links:
- db
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_PASSWORD=dbuserpwd
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db
depends_on:
- proxy
- db
Last edited by StephenM on 15 Jan 2021, 01:00, edited 1 time in total.
Re: How To Install Nexccloud behind a secure reverse proxy (ARM)
Code: Select all
proxy:
image: 'jc21/nginx-proxy-manager:latest'
restart: always
ports:
# Public HTTP Port:
- '80:80'
# Public HTTPS Port:
- '443:443'
# Admin Web Port:
- '81:81'
environment:
# These are the settings to access your db
DB_MYSQL_HOST: "db1"
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: "npm"
DB_MYSQL_PASSWORD: "dbuserpwd1"
DB_MYSQL_NAME: "npm"
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
- ./config.json:/app/config/production.json
depends_on:
- db1
Re: How To Install Nexccloud behind a secure reverse proxy (ARM)
Code: Select all
db1:
image: mariadb
restart: always
environment:
MYSQL_ROOT_PASSWORD: 'dbrootpwd1'
MYSQL_DATABASE: 'npm'
MYSQL_USER: 'npm'
MYSQL_PASSWORD: 'dbuserpwd1'
volumes:
- ./data/mysql:/var/lib/mysql
Re: How To Install Nexccloud behind a secure reverse proxy (ARM)
I can't edit now - run out of time - but above I said over the next 2 posts - I did actually mean combine the above 4 posts.
Press these keys in order {esc}{:}{w}{q}{enter} to save and exit the file
When started this should download the required docker images and start the 4 containers all connected to the same docker network.
DO NOT START YET
Next create the config.json file
Press the {ins} key or the {i} key to enter insert mode.
Copy this file, paste it into your favourite editor, modify it accordingly and then copy it and paste it into your Terminal window or PuTTY session that has vi in insert mode. (For those familiar with vi - you will be able to edit it directly)
Press these keys in order {esc}{:}{w}{q}{enter} to save and exit the file
Press these keys in order {esc}{:}{w}{q}{enter} to save and exit the file
When started this should download the required docker images and start the 4 containers all connected to the same docker network.
DO NOT START YET
Next create the config.json file
Code: Select all
vi config.json
Copy this file, paste it into your favourite editor, modify it accordingly and then copy it and paste it into your Terminal window or PuTTY session that has vi in insert mode. (For those familiar with vi - you will be able to edit it directly)
Code: Select all
{
"database": {
"engine": "mysql",
"host": "db1",
"name": "npm",
"user": "dbuserpwd1",
"password": "npm",
"port": 3306
},
}
Re: How To Install Nexccloud behind a secure reverse proxy (ARM)
OK we are ready to start some tests. While you are still in your project window type:
This will download the images and then start the containers - It's possible that the nextcloud image and the mariadb images may not load in this way - I originally used the Docker App to install these images - Go to the Registry entry and search for and download nextcloud and mariadb respectively if the docker-compose up command didn't work.
If all goes well 4 containers should have been created and they should be visible in the Docker App under Containers. They will take a while to get to a 'Healthy' status as they take a little while.
Test the Nextcloud. Click on the link below (or modify for your specific installation.
http://192.168.1.100:8080
You should be presented with a screen to create an admin user in Nextcloud - Go ahead and create a user and choose a password. It will then take a while for everything to be created and set up. Afterwards you should see the Nextcloud dashboard and a few screens to go through that briefly details some features.
If that's the case - happy days - If not, check your config files above and then restart the containers by typing:
Next check that the Nginx Proxy Manager is working.
http://192.168.1.100:81
If all is well you should be presented with an email and password box - The initial defaults are:
If you don't, check all 4 docker containers are running in the Docker App (you may have to move away from the Containers view to Overview and back again to force a screen refresh.
If they aren't running, check config and restart again (See above)
If they are running - go and make a coffee. Sometimes these things take time.
Code: Select all
docker-compose up -d
If all goes well 4 containers should have been created and they should be visible in the Docker App under Containers. They will take a while to get to a 'Healthy' status as they take a little while.
Test the Nextcloud. Click on the link below (or modify for your specific installation.
http://192.168.1.100:8080
You should be presented with a screen to create an admin user in Nextcloud - Go ahead and create a user and choose a password. It will then take a while for everything to be created and set up. Afterwards you should see the Nextcloud dashboard and a few screens to go through that briefly details some features.
If that's the case - happy days - If not, check your config files above and then restart the containers by typing:
Code: Select all
docker-compose down
docker-compose up
http://192.168.1.100:81
If all is well you should be presented with an email and password box - The initial defaults are:
Code: Select all
Email: admin@example.com
Password: changeme
If they aren't running, check config and restart again (See above)
If they are running - go and make a coffee. Sometimes these things take time.
Re: How To Install Nexccloud behind a secure reverse proxy (ARM)
OK - The basics are up and running, now lets make it accessible to the outside world, securely.
First set up port forwarding on you router (or virtual sever or whatever it's called on your set up)
Create 2 rules.
External Port 80 to Internal Port 80, internal IP address 192.168.1.100
External Port 443 to Internal Port 442, internal IP address 192.168.1.100
Log into your Nginx Proxy Manager (I might have mistakenly referred to this as Network Manager earlier but I can't edit it now.)
And add a proxy host rule
See the attachments.
This will then create the SSL certificate and set up the reverse proxy rule to attach the external internet securely to the Nextcloud instance.
First set up port forwarding on you router (or virtual sever or whatever it's called on your set up)
Create 2 rules.
External Port 80 to Internal Port 80, internal IP address 192.168.1.100
External Port 443 to Internal Port 442, internal IP address 192.168.1.100
Log into your Nginx Proxy Manager (I might have mistakenly referred to this as Network Manager earlier but I can't edit it now.)
And add a proxy host rule
See the attachments.
This will then create the SSL certificate and set up the reverse proxy rule to attach the external internet securely to the Nextcloud instance.