Nextcloud Container

This is an old revision of the document!


Back  
 Next

Nextcloud Container

Nextcloud publishes their own Docker container of Nextcloud. The Nextcloud image on Docker hub is maintained by the Nextcloud community, and is not officially supported by Nextcloud! Linuxserver.io, as well as some others also have Nextcloud containers on Docker Hub.

Nextcloud needs a number of services to run; the main Nextcloud server, a database and Redis. In addition, there needs to be a proxy server or similar to forward on common domain requests to sub-domains as well as handling certificates, however this is required for all the various services and can be considered separately.

Refer to Nextcloud's Maintenace section on instructions to backup, restore and migrate Nextcloud. Also as I am using the official Nextcloud container it has additional instructions to https://github.com/docker-library/docs/blob/master/nextcloud/README.md#migrating-an-existing-installation:migrate Nextcloud to Docker.

  • uid: www-data / 33, gid: www-data / 33. This seems to be Debian standard. Alpine linux seems to use 82 for www-data. Just stick with uid/gid as per the image supplied, 82 for Alpine and ignore the names.
  • docker exec -u www-data nextcloud-app-1 php /var/www/html/cron.php runs the cron.php
  • docker exec -u www-data nextcloud-app-1 php occ maintenance:mode --off|on to turn maintenance mode off or on from the containers host shell

Nextcloud with supervisord

The base Nextcloud image does not directly support cron. So it needs to be added, for the nextcloud-fpm.alpine version see github nextcloud docker fpm-apline cron dockerfile examples

As docker adminstartion warns about missing php imagemagick-svg support I also added the Apline package to the updated image to rectify this warning. Today after upgrading to Nextcloud 29 I finally got rid of all my administration page errors. This included some issues with nginx configuration that magically went away with version 29 and adding imagemagick-svg to the image as noted below.

Dockerfile

supervisord.conf

docker-compose.yml

RedirectRegex

I get a redirect error in Nextcloud that I have not been able to track down to date. Does not seem much info in this on the net, and the little there is also indicates a problem without and easy solution. Nextcloud main support looks Apache web server based with little Nginx support and even less Traefik support. Some resources related to this:

mysql

Installing and Using MariaDB via Docker

logging

The db logs seem to redirected to be handled by Docker container and can be access using: docker container logs nextcloud-db-1

backup

The Nextcloud Backup instruction are reasonably comprehensive. There are 2 backup that need to be made, both the Nextcloud data and configuration and the related mysql/mariadb data(base).

Step 0 is to gain shell access to relevant container

  • Confirm required user, default login is as root, for next cloud easier to use www-data
  • Confirm shell type, bash is more comprehensive, whereas sh or ash are better supported across different container types
  • Using portainer or similar just select the container and use the terminal login, >
  • From terminal on host running docker container use docker exec -it --user www-data nextcloud-app-1 ash, where:
    • --user www-data would login as user www-data. If omitted will default login to root
    • nextcloud-app-1 is the container name. This can be found using the docker ps command. Should also be able to use the container ID.
    • ash is the shell to use when accessing the container.

Step 1 is to place Nextcloud into mainteance mode sudo -u www-data php occ maintenance:mode --on\

  • In Portainer I usually log into shell using “sh” or ash“ shells as “Bash” shell is not setup in the Alpine Nextcloud image I use.
    • I also set user to www-data which is what Nextcloud has been set as user.
    • I then use the command php occ maintenance:mode --on
  • From CLI
    • docker exec -it --user www-data <container id> /bin/ash will provide a shell with user set as nominated into the container
  • Some pointers:
    • The shell enters into the directory /var/html/www, where the occ executable is located.
    • The command whoami confirms current logged in user.
    • The user list can be seen with cat /etc/passwd where the user various users and their ids can be seen

Step 2 is to backup the Nextcloud data and configuration.

  • Nextcloud recommends rsync -Aavx nextcloud/ nextcloud-dirbkp_`date +"%Y%m%d"`/
  • I backup the entire docker directory weekly. The main concern is the dynamic nature of the back-up when running and alignment with database.

Step 3 is to back up the Nextcloud database:

  • Nextcloud recommends the following for Mysql/MAriadb:
  • mysqldump --single-transaction -h [server] -u [username] -p[password] [db_name] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
  • mysqldump --single-transaction --default-character-set=utf8mb4 -h [server] -u [username] -p[password] [db_name] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak

The simplest solution for me is to shutdown the Docker-compose for the Nextcloud instance, including all containers that make the stack and then run my Restic back up with a tag to keep this snapshot.

back-up server#tag

NGINX configuration

Nextcloud documentation (stable) on NGINX configuration

Nextcloud documentation (stable) on general installation installation index.

Reverse Proxy

Nextcloud documentation (stable) for reverse proxies, such as traefik.

cron

CLI Use of Nextcloud

Sometime it is necessary to get direct CLI (command line interface) access to Nextcloud for updating, turning of maintenance mode and similar.

  • docker exec -it --user www-data nextcloud-app-1 ash gain terminal access to Nextcloud
  • Nextcloud is running in the nextcloud-fpm Docker container, to access the cli in Portainer need to select /bin/sh shell and user www-data. The working directory is /var/www/html
  • Manually upgrade command: php occ upgrade
  • To check maintenance mode status: php occ maintenance:mode
  • To turn off maintenance mode: php occ maintenance:mode --off If all goes well Nextcloud web interface should be functional
  • To turn on maintenance mode: php occ maintenance:mode --on Nextcloud web interface should show that it is in maintenance mode

Listing of:

php occ

File Integrity Check

This error is a bit painful. In the nextcloud instance (container)”

  1. Basically check the files that are called up as failing integrity.
  2. Judiciously delete files where they are not needed.
  3. Then run command: php occ integrity:check-core.

Nextcloud runs integrety:check-core when starting. So if manually cleaning-up Nextcloud to remove errors Nextcloud needs to have command manually run or restarted.

Nextcloud Client and CLI client configuration

The basic Nextcloud client is a program installed for GUI use. You basically just install the gui program/app and use it, see Nextcloud Install. OPtions to install include sudo apt install nextcloud-desktop or install via AppImage the release can be found here: https://download.nextcloud.com/desktop/releases/Linux/

There is also a CLI program included called nextcloudcmd there seems to be a method to use the AppImage package to access the command, see here: Where to download just nextcloudcmd? In debian sudo apt install nextcloud-desktop-cmd will down load nextcloudcmd, however it will also download the bulk of the dependencies for nextcloud desktop too.

Another possible option is to use webdav to access the Nextcloud repository and rsync latest files between these. See: davfs2. The Nextcloud directory can be mounted locally and then use rsync to copy latest common files between local and Nextcloud. This can be used to sync two local computers.

References

Nextcloud Office / Collabora

Nextcloud can run an internal server for Collabora, a LibraOffice based online type office server, or a separate Collobora server. I never got the internal server working. I got a Collobora server operating in a Docker container and then managed to get Nextcloud to operate with the server. I have placed the Collabora server behind my Traefik server and given it a local address only. The local address means that the Nextcloud server can not access the Collabora server unless it is operating on the LAN. It is not difficult for me to setup the Collabora server for external access, but I need to think and investigate the potential security issued with this as a public facing server.

collabora docker-compose.yml

The sensitive data is stored in a file .env

Collabora References

Other Possible Apps/Images

  • Diun is a tool to notify if docker images have been updated. (Reportedly better than automatic updates such as watchtower.)
  • heindall a dashboard application. Low priority…..
/app/www/public/data/attic/docker_notes/docker-nextcloud.1714287083.txt.gz · Last modified: 2024-04-28 Sun wk17 14:51
CC Attribution-Share Alike 4.0 International Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International