diff --git a/_snippets/common-links.md b/_snippets/common-links.md index 0d0d33a..11200d2 100644 --- a/_snippets/common-links.md +++ b/_snippets/common-links.md @@ -36,6 +36,7 @@ [minio]: /recipes/minio/ [mylar]: /recipes/autopirate/mylar/ [nightscout]: /recipes/nightscout/ +[nextcloud]: /recipes/nextcloud/ [nzbget]: /recipes/autopirate/nzbget/ [nzbhydra]: /recipes/autopirate/nzbhydra/ [ombi]: /recipes/autopirate/ombi/ diff --git a/_snippets/recipe-standard-ingredients.md b/_snippets/recipe-standard-ingredients.md index 3d5779f..db81bc2 100644 --- a/_snippets/recipe-standard-ingredients.md +++ b/_snippets/recipe-standard-ingredients.md @@ -9,4 +9,4 @@ Related: - * [X] [Traefik Forward Auth][tfa] or [Authelia][authelia] to secure your Traefik-exposed services with an additional layer of authentication\ + * [X] [Traefik Forward Auth][tfa] or [Authelia][authelia] to secure your Traefik-exposed services with an additional layer of authentication diff --git a/docs/images/nextcloud.png b/docs/images/nextcloud.png index 63e733d..11bdd6d 100644 Binary files a/docs/images/nextcloud.png and b/docs/images/nextcloud.png differ diff --git a/docs/recent-changes.md b/docs/recent-changes.md index 4d56d54..87cd9bf 100644 --- a/docs/recent-changes.md +++ b/docs/recent-changes.md @@ -20,6 +20,7 @@ Recipe | Description Recipe | Description | Date ----------------------------|------------------------------------------------------------------------------|-------------- +[Nextcloud][nextcloud] | Updated for version 24, improve Redis / cron support | *24 Aug 2022* [Authelia][authelia] | Updated with test services, fixed errors | *27 Jul 2022* [Minio][minio] | Major update to Minio recipe, for new Console UI and Traefik v2 | *22 Oct 2021* [Traefik Forward Auth][tfa] | Major update for Traefik v2, included instructions for Dex, Google, Keycloak | *29 Jan 2021* diff --git a/docs/recipes/nextcloud.md b/docs/recipes/nextcloud.md index 5ec7eab..7d0042f 100644 --- a/docs/recipes/nextcloud.md +++ b/docs/recipes/nextcloud.md @@ -3,15 +3,15 @@ title: How to run Nextcloud in Docker (behind Traefik) description: We can now run Nextcloud in our Docker Swarm, with LetsEncrypt SSL termination handled by Traefik --- -# NextCloud +# NextCloud Docker Compose / Swarm Install -[NextCloud](https://www.nextcloud.org/) (_a [fork of OwnCloud](https://owncloud.com/owncloud-vs-nextcloud/), led by original developer Frank Karlitschek_) is a suite of client-server software for creating and using file hosting services. It is functionally similar to Dropbox, although Nextcloud is free and open-source, allowing anyone to install and operate it on a private server. +[NextCloud](https://nextcloud.com/) (*now called "[Nextcloud Hub II](https://nextcloud.com/blog/nextcloud-hub-2-brings-major-overhaul-introducing-nextcloud-office-p2p-backup-and-more/)"*) has as grown from a humble [fork of OwnCloud](https://owncloud.com/owncloud-vs-nextcloud/) in [2016](https://www.zdnet.com/article/owncloud-founder-forks-popular-open-source-cloud/), to an industry-leading, on-premises content collaboration platform. NextCloud still does the traditional file-collaboration, but is now beefed-up with an [app store](https://apps.nextcloud.com/featured) supporting more than 100 apps, including [text and video chats](https://apps.nextcloud.com/apps/spreed), [calendaring](https://apps.nextcloud.com/apps/calendar), a [mail client](https://apps.nextcloud.com/apps/mail), and even an [office editing suite](https://apps.nextcloud.com/apps/richdocuments). -- +It also now supports a sweet, customizable dashboard: -![NextCloud Screenshot](../images/nextcloud.png){ loading=lazy } +![NextCloud Screenshot](/images/nextcloud.png){ loading=lazy } -This recipe is based on the official NextCloud docker image, but includes seprate containers ofor the database (_MariaDB_), Redis (_for transactional locking_), Apache Solr (_for full-text searching_), automated database backup, (_you *do* backup the stuff you care about, right?_) and a separate cron container for running NextCloud's 15-min crons. +This recipe uses the official NextCloud docker hub image, and includes separate docker containers for the database (*MariaDB*), Redis (*for transactional locking*), automated database backup, (*you backup the stuff you care about, right?*) and a separate cron container for running NextCloud's 15-min background tasks. --8<-- "recipe-standard-ingredients.md" @@ -19,7 +19,7 @@ This recipe is based on the official NextCloud docker image, but includes seprat ### Setup data locations -We'll need several directories for [static data](/reference/data_layout/#static-data) to bind-mount into our container, so create them in /var/data/nextcloud (_so that they can be [backed up](/recipes/duplicity/)_) +We'll need several directories for [static data](/reference/data_layout/#static-data) to bind-mount into our container, so create them in `/var/data/nextcloud` (_so that they can be [backed up](/recipes/duplicity/)_) ```bash mkdir /var/data/nextcloud @@ -35,25 +35,27 @@ cd /var/data/runtime/nextcloud mkdir -p {db,redis} ``` -### Prepare environment +### Nextcloud environment variables -Create nextcloud.env, and populate with the following variables +Create `nextcloud.env`, and populate with the following variables -```bash -NEXTCLOUD_ADMIN_USER=admin -NEXTCLOUD_ADMIN_PASSWORD=FVuojphozxMVyaYCUWomiP9b +```bash title="/var/data/config/nextcloud/nextcloud.env" MYSQL_HOST=db +OVERWRITEPROTOCOL=https +REDIS_HOST=redis # (1)! -# For mysql -MYSQL_ROOT_PASSWORD= +# For MariaDB +MYSQL_ROOT_PASSWORD=iliketogethaxed MYSQL_DATABASE=nextcloud MYSQL_USER=nextcloud -MYSQL_PASSWORD=set to something secure> +MYSQL_PASSWORD=haxmebaby ``` -Now create a **separate** nextcloud-db-backup.env file, to capture the environment variables necessary to perform the backup. (_If the same variables are shared with the mariadb container, they [cause issues](https://forum.funkypenguin.co.nz/t/nextcloud-funky-penguins-geek-cookbook/254/3?u=funkypenguin) with database access_) +1. Necessary to add Redis support -````bash +Now create a **separate** `nextcloud-db-backup.env` file, to capture the environment variables necessary to perform the backup. (_If the same variables are shared with the mariadb container, they [cause issues](https://forum.funkypenguin.co.nz/t/nextcloud-funky-penguins-geek-cookbook/254/3?u=funkypenguin) with database access_) + +````bash title="/var/data/config/nextcloud/nextcloud-db-backup.env" # For database backup (keep 7 days daily backups) MYSQL_PWD= MYSQL_USER=root @@ -61,13 +63,13 @@ BACKUP_NUM_KEEP=7 BACKUP_FREQUENCY=1d ```` -### Setup Docker Swarm +### Nextcloud Docker Compose -Create a docker swarm config file in docker-compose syntax (v3), something like this: +Create a docker swarm config file in docker-compose syntax (v3), something like the following example: --8<-- "premix-cta.md" -```yaml +```yaml title="/var/data/config/nextcloud/nextcloud.yml" version: "3.0" services: @@ -80,24 +82,32 @@ services: deploy: labels: # traefik common + - traefik.enable=true - traefik.docker.network=traefik_public # traefikv1 - traefik.frontend.rule=Host:nextcloud.example.com + - traefik.frontend.redirect.permanent=true + - traefik.frontend.redirect.regex=https://(.*)/.well-known/(card|cal)dav + - traefik.frontend.redirect.replacement=https://$$1/remote.php/dav/ - traefik.port=80 # traefikv2 - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.example.com`)" - "traefik.http.services.nextcloud.loadbalancer.server.port=80" - - "traefik.enable=true" + - "traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.permanent=true" + - "traefik.http.middlewares.nextcloud-redirectregex.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav" + - "traefik.http.middlewares.nextcloud-redirectregex.redirectregex.replacement=https://$$1/remote.php/dav/" + - "traefik.http.routers.nextcloud.middlewares=nextcloud-redirectregex@docker" + volumes: - - /var/data/nextcloud/html:/var/www/html - - /var/data/nextcloud/apps:/var/www/html/custom_apps - - /var/data/nextcloud/config:/var/www/html/config - - /var/data/nextcloud/data:/var/www/html/data + - /var/data/nextcloud/html:/var/www/html + - /var/data/nextcloud/apps:/var/www/html/custom_apps + - /var/data/nextcloud/config:/var/www/html/config + - /var/data/nextcloud/data:/var/www/html/data db: - image: mariadb:10 + image: mariadb:10.5 #(1)! env_file: /var/data/config/nextcloud/nextcloud.env networks: - internal @@ -105,8 +115,8 @@ services: - /var/data/runtime/nextcloud/db:/var/lib/mysql db-backup: - image: mariadb:10 - env_file: /var/data/config/nextcloud/nextcloud-db-backup.env + image: mariadb:10.5 + env_file: /var/data/config/nextcloud/nextcloud-backup.env volumes: - /var/data/nextcloud/database-dump:/dump - /etc/localtime:/etc/localtime:ro @@ -116,12 +126,12 @@ services: sleep 2m while /bin/true; do mysqldump -h db --all-databases | gzip -c > /dump/dump_\`date +%d-%m-%Y"_"%H_%M_%S\`.sql.gz - (ls -t /dump/dump*.sql.gz|head -n $$BACKUP_NUM_KEEP;ls /dump/dump*.sql.gz)|sort|uniq -u|xargs rm -- {} + ls -tr /dump/dump_*.sql.gz | head -n -"$$BACKUP_NUM_KEEP" | xargs -r rm sleep $$BACKUP_FREQUENCY done EOF' networks: - - internal + - internal redis: image: redis:alpine @@ -162,70 +172,19 @@ networks: - subnet: 172.16.12.0/24 ``` +1. MariaDB 10.5 is the latest supported version + --8<-- "reference-networks.md" ## Serving -### Launch NextCloud stack +### Launch NextCloud Docker stack and setup Launch the NextCloud stack by running ```docker stack deploy nextcloud -c ``` -Log into your new instance at https://**YOUR-FQDN**, with user "admin" and the password you specified in nextcloud.env. - -### Enable redis - -To make NextCloud [a little snappier](https://docs.nextcloud.com/server/13/admin_manual/configuration_server/caching_configuration.html), edit ```/var/data/nextcloud/config/config.php``` (_now that it's been created on the first container launch_), and add the following: - -```bash - 'redis' => array( - 'host' => 'redis', - 'port' => 6379, - ), -``` - -### Use service discovery - -Want to use Calendar/Contacts on your iOS device? Want to avoid dictating long, rambling URL strings to your users, like ```https://nextcloud.batcave.com/remote.php/dav/principals/users/USERNAME/``` ? - -Huzzah! NextCloud supports [service discovery for CalDAV/CardDAV](https://tools.ietf.org/html/rfc6764), allowing you to simply tell your device the primary URL of your server (_**nextcloud.batcave.org**, for example_), and have the device figure out the correct WebDAV path to use. - -We (_and anyone else using the [NextCloud Docker image](https://hub.docker.com/_/nextcloud/)_) are using an SSL-terminating reverse proxy ([Traefik](/docker-swarm/traefik/)) in front of our NextCloud container. In fact, it's not **possible** to setup SSL **within** the NextCloud container. - -When using a reverse proxy, your device requests a URL from your proxy (), and the reverse proxy then passes that request **unencrypted** to the internal URL of the NextCloud instance (i.e., ) - -The Apache webserver on the NextCloud container (_knowing it was spoken to via HTTP_), responds with a 301 redirect to . See the problem? You requested an **HTTPS** (_encrypted_) url, and in return, you received a redirect to an **HTTP** (_unencrypted_) URL. Any sensible client (_iOS included_) will refuse such schenanigans. - -To correct this, we need to tell NextCloud to always redirect the .well-known URLs to an HTTPS location. This can only be done **after** deploying NextCloud, since it's only on first launch of the container that the .htaccess file is created in the first place. - -To make NextCloud service discovery work with Traefik reverse proxy, edit ```/var/data/nextcloud/html/.htaccess```, and change this: - -```bash -RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L] -RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L] -``` - -To this: - -```bash -RewriteRule ^\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] -RewriteRule ^\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] -``` - -Then restart your container with ```docker service update nextcloud_nextcloud --force``` to restart apache. - -Your can test for success by running ```curl -i https://nextcloud.batcave.org/.well-known/carddav```. You should get a 301 redirect to your equivalent of , as below: - -```bash -[davidy:~] % curl -i https://nextcloud.batcave.org/.well-known/carddav -HTTP/2 301 -content-type: text/html; charset=iso-8859-1 -date: Wed, 12 Dec 2018 08:30:11 GMT -location: https://nextcloud.batcave.org/remote.php/dav/ -``` - -Note that this .htaccess can be overwritten by NextCloud, and you may have to reapply the change in future. I've created an [issue requesting a permanent fix](https://github.com/nextcloud/docker/issues/577). +Log into your new instance at https://**YOUR-FQDN**, and setup your admin username and password. [^1]: Since many of my other recipes use PostgreSQL, I'd have preferred to use Postgres over MariaDB, but MariaDB seems to be the [preferred database type](https://github.com/nextcloud/server/issues/5912). -[^2]: I'm [not the first user](https://github.com/nextcloud/docker/issues/528) to stumble across the service discovery bug with reverse proxies. +[^2]: If you want better performance when using Photos in Nextcloud, have a look at [this detailed write-up](https://rayagainstthemachine.net/linux%20administration/nextcloud-photos/)! --8<-- "recipe-footer.md"