KPTree Wiki

This is an old revision of the document!

~~Nextcloud publishes their own Docker container of Nextcloud.~~ The Nextcloud image on Docker hub is maintained by the Nextcloud community, and is not officially supported by Nextcloud! Linuxserver.io, as well as some others also have Nextcloud containers on Docker Hub.

Nextcloud needs a number of services to run; the main Nextcloud server, a database and Redis. In addition, there needs to be a proxy server or similar to forward on common domain requests to sub-domains as well as handling certificates, however this is required for all the various services and can be considered separately.

Refer to Nextcloud's Maintenace section on instructions to backup, restore and migrate Nextcloud. Also as I am using the official Nextcloud container it has additional instructions to https://github.com/docker-library/docs/blob/master/nextcloud/README.md#migrating-an-existing-installation:migrate Nextcloud to Docker.

uid: www-data / 33, gid: www-data / 33. This seems to be Debian standard. Alpine linux seems to use 82 for www-data. Just stick with uid/gid as per the image supplied, 82 for Alpine and ignore the names.
docker exec -u www-data nextcloud-app-1 php /var/www/html/cron.php runs the cron.php
docker exec -u www-data nextcloud-app-1 php occ maintenance:mode --off|on to turn maintenance mode off or on from the containers host shell

Nextcloud with supervisord

The base Nextcloud image does not support cron. So it needs to be added, for the nextcloud-fpm.alpine version see github nextcloud docker fpm-apline cron dockerfile examples

As docker adminstartion warns about missing php imagemagick-svg support I also added the Apline package to the updated image to rectify this warning.

Dockerfile

#FROM nextcloud:stable-fpm-alpine
FROM nextcloud:fpm-alpine
# See https://hub.docker.com/_/nextcloud/ 
#   stable-fpm-alpine or production-fpm-alpine give the 
#   latest stable / production version versus fpm-alpine
#   that give the latest release
 
RUN apk add --no-cache imagemagick-svg supervisor \
  && mkdir /var/log/supervisord /var/run/supervisord
 
COPY supervisord.conf /
 
ENV NEXTCLOUD_UPDATE=1
 
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

supervisord.conf <code yaml>[supervisord] nodaemon=true logfile=/var/log/supervisord/supervisord.log pidfile=/var/run/supervisord/supervisord.pid childlogdir=/var/log/supervisord/ logfile_maxbytes=50MB ; maximum size of logfile before rotation logfile_backups=10 ; number of backed up logfiles loglevel=error [program:php-fpm] stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 command=php-fpm [program:cron] stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 command=/cron.sh</code> ++++ ====RedirectRegex==== I get a redirect error in Nextcloud that I have not been able to track down to date. Does not seem much info in this on the net, and the little there is also indicates a problem without and easy solution. Nextcloud main support looks Apache web server based with little Nginx support and even less Traefik support. Some resources related to this: *Traefik: *[[https://doc.traefik.io/traefik/middlewares/http/redirectregex/#permanent

RedirectRegex]]

mysql

Installing and Using MariaDB via Docker

Installing and Using MariaDB via Docker start

logging

The db logs seem to redirected to be handled by Docker container and can be access using: docker container logs nextcloud-db-1

backup

The Nextcloud Backup instruction are reasonably comprehensive. There are 2 backup that need to be made, both the Nextcloud data and configuration and the related mysql/mariadb data(base).

Step 0 is to gain shell access to relevant container

Confirm required user, default login is as root, for next cloud easier to use www-data
Confirm shell type, bash is more comprehensive, whereas sh or ash are better supported across different container types
Using portainer or similar just select the container and use the terminal login, >
From terminal on host running docker container use docker exec -it --user www-data nextcloud-app-1 ash, where:
- --user www-data would login as user www-data. If omitted will default login to root
- nextcloud-app-1 is the container name. This can be found using the docker ps command. Should also be able to use the container ID.
- ash is the shell to use when accessing the container.

Step 1 is to place Nextcloud into mainteance mode sudo -u www-data php occ maintenance:mode --on\

In Portainer I usually log into shell using “sh” or ash“ shells as “Bash” shell is not setup in the Alpine Nextcloud image I use.
- I also set user to www-data which is what Nextcloud has been set as user.
- I then use the command php occ maintenance:mode --on
From CLI
- docker exec -it --user www-data <container id> /bin/ash will provide a shell with user set as nominated into the container
Some pointers:
- The shell enters into the directory /var/html/www, where the occ executable is located.
- The command whoami confirms current logged in user.
- The user list can be seen with cat /etc/passwd where the user various users and their ids can be seen

Step 2 is to backup the Nextcloud data and configuration.

Nextcloud recommends rsync -Aavx nextcloud/ nextcloud-dirbkp_`date +"%Y%m%d"`/
I backup the entire docker directory weekly. The main concern is the dynamic nature of the back-up when running and alignment with database.

Step 3 is to back up the Nextcloud database:

Nextcloud recommends the following for Mysql/MAriadb:
mysqldump --single-transaction -h [server] -u [username] -p[password] [db_name] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
mysqldump --single-transaction --default-character-set=utf8mb4 -h [server] -u [username] -p[password] [db_name] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak

The simplest solution for me is to shutdown the Docker-compose for the Nextcloud instance, including all containers that make the stack and then run my Restic back up with a tag to keep this snapshot.

back-up server#tag

NGINX configuration

Nextcloud documentation (stable) on NGINX configuration

Nextcloud documentation (stable) on general installation installation index.

Reverse Proxy

Nextcloud documentation (stable) for reverse proxies, such as traefik.

cron

docker-compose exec -u www-data nextcloud php cron.php to run cron in Nextcloud Docker
https://help.nextcloud.com/t/nextcloud-docker-container-best-way-to-run-cron-job/157734
nextcloud github docker examples section

CLI Use of Nextcloud

Sometime it is necessary to get direct CLI (command line interface) access to Nextcloud for updating, turning of maintenance mode and similar.

docker exec -it --user www-data nextcloud-app-1 ash gain terminal access to Nextcloud
Nextcloud is running in the nextcloud-fpm Docker container, to access the cli in Portainer need to select /bin/sh shell and user www-data. The working directory is /var/www/html
Manually upgrade command: php occ upgrade
To check maintenance mode status: php occ maintenance:mode
To turn off maintenance mode: php occ maintenance:mode --off If all goes well Nextcloud web interface should be functional
To turn on maintenance mode: php occ maintenance:mode --on Nextcloud web interface should show that it is in maintenance mode

Listing of:

php occ|

KPTree Nextcloud 27.1.3

Usage:
  command [options] [arguments]

Options:
  -h, --help            Display help for the given command. When no command is given display help for the list command
  -q, --quiet           Do not output any message
  -V, --version         Display this application version
      --ansi|--no-ansi  Force (or disable --no-ansi) ANSI output
  -n, --no-interaction  Do not ask any interactive question
      --no-warnings     Skip global warnings, show command output only
  -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Available commands:
  check                                  check dependencies of the server environment
  completion                             Dump the shell completion script
  help                                   Display help for a command
  list                                   List commands
  status                                 show some status information
  upgrade                                run upgrade routines after installation of a new release. The release has to be installed before.
 activity
  activity:send-mails                    Sends the activity notification mails
 app
  app:disable                            disable an app
  app:enable                             enable an app
  app:getpath                            Get an absolute path to the app directory
  app:install                            install an app
  app:list                               List all available apps
  app:remove                             remove an app
  app:update                             update an app or all apps
 background
  background:ajax                        Use ajax to run background jobs
  background:cron                        Use cron to run background jobs
  background:webcron                     Use webcron to run background jobs
 background-job
  background-job:execute                 Execute a single background job manually
  background-job:list                    List background jobs
 bookmarks
  bookmarks:clear-previews               Clear all cached bookmarks previews so that they have to be regenerated
 broadcast
  broadcast:test                         test the SSE broadcaster
 circles
  circles:check                          Checking your configuration
  circles:maintenance                    Clean stuff, keeps the app running
  circles:manage:config                  edit config/type of a Circle
  circles:manage:create                  create a new circle
  circles:manage:destroy                 destroy a circle by its ID
  circles:manage:details                 get details about a circle by its ID
  circles:manage:edit                    edit displayName or description of a Circle
  circles:manage:join                    emulate a user joining a Circle
  circles:manage:leave                   simulate a user joining a Circle
  circles:manage:list                    listing current circles
  circles:manage:setting                 edit setting for a Circle
  circles:members:add                    Add a member to a Circle
  circles:members:details                get details about a member by its ID
  circles:members:level                  Change the level of a member from a Circle
  circles:members:list                   listing Members from a Circle
  circles:members:remove                 remove a member from a circle
  circles:members:search                 Change the level of a member from a Circle
  circles:memberships                    index and display memberships for local and federated users
  circles:remote                         remote features
  circles:shares:files                   listing shares files
  circles:sync                           Sync Circles and Members
  circles:test                           testing some features
 config
  config:app:delete                      Delete an app config value
  config:app:get                         Get an app config value
  config:app:set                         Set an app config value
  config:import                          Import a list of configs
  config:list                            List all configs
  config:system:delete                   Delete a system config value
  config:system:get                      Get a system config value
  config:system:set                      Set a system config value
 dav
  dav:create-addressbook                 Create a dav addressbook
  dav:create-calendar                    Create a dav calendar
  dav:delete-calendar                    Delete a dav calendar
  dav:list-calendars                     List all calendars of a user
  dav:move-calendar                      Move a calendar from an user to another
  dav:remove-invalid-shares              Remove invalid dav shares
  dav:retention:clean-up                 
  dav:send-event-reminders               Sends event reminders
  dav:sync-birthday-calendar             Synchronizes the birthday calendar
  dav:sync-system-addressbook            Synchronizes users to the system addressbook
 db
  db:add-missing-columns                 Add missing optional columns to the database tables
  db:add-missing-indices                 Add missing indices to the database tables
  db:add-missing-primary-keys            Add missing primary keys to the database tables
  db:convert-filecache-bigint            Convert the ID columns of the filecache to BigInt
  db:convert-mysql-charset               Convert charset of MySQL/MariaDB to use utf8mb4
  db:convert-type                        Convert the Nextcloud database to the newly configured one
 deck
  deck:export                            Export a JSON dump of user data
  deck:import                            Import data
  deck:transfer-ownership                Change owner of deck boards
 encryption
  encryption:change-key-storage-root     Change key storage root
  encryption:decrypt-all                 Disable server-side encryption and decrypt all files
  encryption:disable                     Disable encryption
  encryption:enable                      Enable encryption
  encryption:encrypt-all                 Encrypt all files for all users
  encryption:list-modules                List all available encryption modules
  encryption:migrate-key-storage-format  Migrate the format of the keystorage to a newer format
  encryption:set-default-module          Set the encryption default module
  encryption:show-key-storage-root       Show current key storage root
  encryption:status                      Lists the current status of encryption
 files
  files:cleanup                          cleanup filecache
  files:delete                           Delete a file or folder
  files:get                              Get the contents of a file
  files:object:delete                    Delete an object from the object store
  files:object:get                       Get the contents of an object
  files:object:put                       Write a file to the object store
  files:put                              Write contents of a file
  files:reminders                        List file reminders
  files:repair-tree                      Try and repair malformed filesystem tree structures
  files:scan                             rescan filesystem
  files:scan-app-data                    rescan the AppData folder
  files:transfer-ownership               All files and folders are moved to another user - outgoing shares and incoming user file shares (optionally) are moved as well.
 group
  group:add                              Add a group
  group:adduser                          add a user to a group
  group:delete                           Remove a group
  group:info                             Show information about a group
  group:list                             list configured groups
  group:removeuser                       remove a user from a group
 groupfolders
  groupfolders:create                    Create a new group folder
  groupfolders:delete                    Delete group folder
  groupfolders:expire                    Trigger expiry of versions and trashbin for files stored in group folders
  groupfolders:group                     Edit the groups that have access to a group folder
  groupfolders:list                      List the configured group folders
  groupfolders:permissions               Configure advanced permissions for a configured group folder
  groupfolders:quota                     Edit the quota of a configured group folder
  groupfolders:rename                    Rename group folder
  groupfolders:scan                      Scan a group folder for outside changes
  groupfolders:trashbin:cleanup          Empty the groupfolder trashbin
 info
  info:file                              get information for a file
  info:file:space                        Summarize space usage of specified folder
 integrity
  integrity:check-app                    Check integrity of an app using a signature.
  integrity:check-core                   Check integrity of core code using a signature.
  integrity:sign-app                     Signs an app using a private key.
  integrity:sign-core                    Sign core using a private key.
 l10n
  l10n:createjs                          Create javascript translation files for a given app
 log
  log:file                               manipulate logging backend
  log:manage                             manage logging configuration
  log:tail                               Tail the nextcloud logfile
  log:watch                              Watch the nextcloud logfile
 mail
  mail:account:create                    creates IMAP account
  mail:account:delete                    Delete an IMAP account
  mail:account:diagnose                  Diagnose a user's IMAP connection
  mail:account:export                    Exports a user's IMAP account(s)
  mail:account:export-threads            Exports a user's account threads
  mail:account:sync                      Synchronize an IMAP account
  mail:account:train                     Train the classifier of new messages
  mail:account:update                    Update a user's IMAP account
  mail:clean-up                          clean up all orphaned data
  mail:repair:tags                       Create default tags for account. If no account ID given, all tag entries will be repaired
  mail:tags:migration-jobs               Creates a background job entry in the cron table for every user to migrate important labels to IMAP
  mail:thread                            Build threads from the exported data of an account
 maintenance
  maintenance:data-fingerprint           update the systems data-fingerprint after a backup is restored
  maintenance:mimetype:update-db         Update database mimetypes and update filecache
  maintenance:mimetype:update-js         Update mimetypelist.js
  maintenance:mode                       set maintenance mode
  maintenance:repair                     repair this installation
  maintenance:repair-share-owner         repair invalid share-owner entries in the database
  maintenance:theme:update               Apply custom theme changes
  maintenance:update:htaccess            Updates the .htaccess file
 news
  news:feed:add                          Add a feed
  news:feed:delete                       Remove a feed
  news:feed:list                         List all feeds
  news:feed:read                         Read feed
  news:folder:add                        Add a folder
  news:folder:delete                     Remove a folder
  news:folder:list                       List all folders
  news:folder:read                       Read folder
  news:generate-explore                  Prints a JSON string which represents the given feed URL and votes, e.g.: {"title":"Feed - Title","favicon":"www.web.com\/favicon.ico","url":"www.web.com","feed":"www.web.com\/rss.xml","description":"description is here","votes":100}
  news:item:list                         List all items
  news:item:list-feed                    List all items in a feed
  news:item:list-folder                  List all items in a folder
  news:item:read                         Read item
  news:opml:export                       Print OPML file
  news:show-feed                         Prints a JSON string which represents the given feed as it would be in the DB.
  news:updater:after-update              removes old read articles which are not starred
  news:updater:before-update             This is used to clean up the database. It deletes folders and feeds that are marked for deletion
  news:updater:job                       Console API for checking the update job status and to reset it.
  news:updater:update-feed               Console API for updating a single user's feed
  news:updater:update-user               Console API for updating a single user's feed
 notification
  notification:generate                  Generate a notification for the given user
  notification:test-push                 Generate a notification for the given user
 onlyoffice
  onlyoffice:documentserver              Manage document server
 photos
  photos:map-media-to-place              Reverse geocode media coordinates.
  photos:update-1000-cities              Update the list of 1000 and more inhabitant cities
 preview
  preview:generate                       generate a preview for a file
  preview:repair                         distributes the existing previews into subfolders
  preview:reset-rendered-texts           Deletes all generated avatars and previews of text and md files
 richdocuments
  richdocuments:activate-config          Activate config changes
  richdocuments:convert-bigint           Convert the ID columns of the richdocuments tables to BigInt
  richdocuments:update-empty-templates   Update empty template files
 security
  security:bruteforce:attempts           resets bruteforce attempts for given IP address
  security:bruteforce:reset              resets bruteforce attempts for given IP address
  security:certificates                  list trusted certificates
  security:certificates:import           import trusted certificate in PEM format
  security:certificates:remove           remove trusted certificate
 serverinfo
  serverinfo:update-storage-statistics   Triggers an update of the counts related to storages used in serverinfo
 sharing
  sharing:cleanup-remote-storages        Cleanup shared storage entries that have no matching entry in the shares_external table
  sharing:delete-orphan-shares           Delete shares where the owner no longer has access to the file
  sharing:expiration-notification        Notify share initiators when a share will expire the next day.
 tag
  tag:add                                Add new tag
  tag:delete                             delete a tag
  tag:edit                               edit tag attributes
  tag:list                               list tags
 text
  text:reset                             Reset a text document
 theming
  theming:config                         Set theming app config values
 trashbin
  trashbin:cleanup                       Remove deleted files
  trashbin:expire                        Expires the users trashbin
  trashbin:restore                       Restore all deleted files according to the given filters
  trashbin:size                          Configure the target trashbin size
 twofactorauth
  twofactorauth:cleanup                  Clean up the two-factor user-provider association of an uninstalled/removed provider
  twofactorauth:disable                  Disable two-factor authentication for a user
  twofactorauth:enable                   Enable two-factor authentication for a user
  twofactorauth:enforce                  Enabled/disable enforced two-factor authentication
  twofactorauth:state                    Get the two-factor authentication (2FA) state of a user
 update
  update:check                           Check for server and app updates
 user
  user:add                               adds a user
  user:add-app-password                  Add app password for the named user
  user:delete                            deletes the specified user
  user:disable                           disables the specified user
  user:enable                            enables the specified user
  user:info                              show user info
  user:lastseen                          shows when the user was logged in last time
  user:list                              list configured users
  user:report                            shows how many users have access
  user:resetpassword                     Resets the password of the named user
  user:setting                           Read and modify user settings
  user:sync-account-data                 sync user backend data to accounts table for configured users
 versions
  versions:cleanup                       Delete versions
  versions:expire                        Expires the users file versions
 workflows
  workflows:list                         Lists configured workflows

====File Integrity Check==== This error is a bit painful. In the nextcloud instance (container)" - Basically check the files that are called up as failing integrity. - Judiciously delete files where they are not needed. - Then run command: ''php occ integrity:check-core''. Nextcloud runs ''integrety:check-core'' when starting. So if manually cleaning-up Nextcloud to remove errors Nextcloud needs to have command manually run or restarted. =====Nextcloud Client and CLI client configuration===== The basic Nextcloud client is a program installed for GUI use. You basically just install the gui program/app and use it, see [[https://nextcloud.com/install/

collabora docker-compose.yml|

---
services:
  code:
    image: collabora/code:latest
    restart: always
    #cap_add: MKNOD
    environment:
      - password=${COLLABORA_PASSWORD}
      - username=${COLLABORA_USERNAME}
      - domain=${COLLABORA_DOMAIN}
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
    ports:
      - 9980:9980
    networks:
      - proxy

networks:
  proxy:
    external: true

The mean of the configuration file is mostly standard Docker syntax with explanation of the following:

- extra_params=–o:ssl.enable=false –o:ssl.termination=true
- ssl.enable=false means that the Collabora server does not need to use ssl, as this is performed by the edge router I am using, Traefik. The Collabora server is http only.
- ssl.termination=true means that the Collabora server has external ssl termination performed by upstream router, so the external addressing must be https.
cap_add: MKNOD is not required in Linux based Docker as it is default configuration. Hence it is commented out.

++++The sensitive data is stored in a file .env

COLLABORA_USERNAME=user_name
COLLABORA_PASSWORD=PASSWD
COLLABORA_DOMAIN=collabora.local.kptree.net

Collabora References

Other Possible Apps/Images

Diun is a tool to notify if docker images have been updated. (Reportedly better than automatic updates such as watchtower.)
heindall a dashboard application. Low priority…..
linuxserver.io docker images

← Back

Start page

Next →

Nextcloud Container