Update nextcloud to 24 (#238)

2025-12-13 01:36:23 +00:00 · 2022-08-24 18:26:28 +12:00
parent 58147a4b0b
commit 389d7d7338
5 changed files with 47 additions and 86 deletions
--- a/_snippets/common-links.md
+++ b/_snippets/common-links.md
@@ -36,6 +36,7 @@
 [minio]:                /recipes/minio/
 [mylar]:                /recipes/autopirate/mylar/
 [nightscout]:           /recipes/nightscout/
 [nextcloud]:            /recipes/nextcloud/
 [nzbget]:               /recipes/autopirate/nzbget/
 [nzbhydra]:             /recipes/autopirate/nzbhydra/
 [ombi]:                 /recipes/autopirate/ombi/
--- a/_snippets/recipe-standard-ingredients.md
+++ b/_snippets/recipe-standard-ingredients.md
@@ -9,4 +9,4 @@
    Related:
-    * [X] [Traefik Forward Auth][tfa] or [Authelia][authelia] to secure your Traefik-exposed services with an additional layer of authentication\
+    * [X] [Traefik Forward Auth][tfa] or [Authelia][authelia] to secure your Traefik-exposed services with an additional layer of authentication
--- a/docs/images/nextcloud.png
+++ b/docs/images/nextcloud.png
--- a/docs/recent-changes.md
+++ b/docs/recent-changes.md
@@ -20,6 +20,7 @@ Recipe                   | Description
 Recipe                      | Description                                                                  | Date
 ----------------------------|------------------------------------------------------------------------------|--------------
 [Nextcloud][nextcloud]      | Updated for version 24, improve Redis / cron support                                   | *24 Aug 2022*
 [Authelia][authelia]        | Updated with test services, fixed errors                                     | *27 Jul 2022*
 [Minio][minio]              | Major update to Minio recipe, for new Console UI and Traefik v2              | *22 Oct 2021*
 [Traefik Forward Auth][tfa] | Major update for Traefik v2, included instructions for Dex, Google, Keycloak | *29 Jan 2021*
--- a/docs/recipes/nextcloud.md
+++ b/docs/recipes/nextcloud.md
@@ -3,15 +3,15 @@ title: How to run Nextcloud in Docker (behind Traefik)
 description: We can now run Nextcloud in our Docker Swarm, with LetsEncrypt SSL termination handled by Traefik
 ---
-# NextCloud
+# NextCloud Docker Compose / Swarm Install
-[NextCloud](https://www.nextcloud.org/) (_a [fork of OwnCloud](https://owncloud.com/owncloud-vs-nextcloud/), led by original developer Frank Karlitschek_) is a suite of client-server software for creating and using file hosting services. It is functionally similar to Dropbox, although Nextcloud is free and open-source, allowing anyone to install and operate it on a private server.
+[NextCloud](https://nextcloud.com/) (*now called "[Nextcloud Hub II](https://nextcloud.com/blog/nextcloud-hub-2-brings-major-overhaul-introducing-nextcloud-office-p2p-backup-and-more/)"*) has as grown from a humble [fork of OwnCloud](https://owncloud.com/owncloud-vs-nextcloud/) in [2016](https://www.zdnet.com/article/owncloud-founder-forks-popular-open-source-cloud/), to an industry-leading, on-premises content collaboration platform. NextCloud still does the traditional file-collaboration, but is now beefed-up with an [app store](https://apps.nextcloud.com/featured) supporting more than 100 apps, including [text and video chats](https://apps.nextcloud.com/apps/spreed), [calendaring](https://apps.nextcloud.com/apps/calendar), a [mail client](https://apps.nextcloud.com/apps/mail), and even an [office editing suite](https://apps.nextcloud.com/apps/richdocuments).
- <https://en.wikipedia.org/wiki/Nextcloud>
+It also now supports a sweet, customizable dashboard:
-![NextCloud Screenshot](../images/nextcloud.png){ loading=lazy }
+![NextCloud Screenshot](/images/nextcloud.png){ loading=lazy }
-This recipe is based on the official NextCloud docker image, but includes seprate containers ofor the database (_MariaDB_), Redis (_for transactional locking_), Apache Solr (_for full-text searching_), automated database backup, (_you *do* backup the stuff you care about, right?_) and a separate cron container for running NextCloud's 15-min crons.
+This recipe uses the official NextCloud docker hub image, and includes separate docker containers for the database (*MariaDB*), Redis (*for transactional locking*), automated database backup, (*you backup the stuff you care about, right?*) and a separate cron container for running NextCloud's 15-min background tasks.
 --8<-- "recipe-standard-ingredients.md"
@@ -19,7 +19,7 @@ This recipe is based on the official NextCloud docker image, but includes seprat
 ### Setup data locations
-We'll need several directories for [static data](/reference/data_layout/#static-data) to bind-mount into our container, so create them in /var/data/nextcloud (_so that they can be [backed up](/recipes/duplicity/)_)
+We'll need several directories for [static data](/reference/data_layout/#static-data) to bind-mount into our container, so create them in `/var/data/nextcloud` (_so that they can be [backed up](/recipes/duplicity/)_)
 ```bash
 mkdir /var/data/nextcloud
@@ -35,25 +35,27 @@ cd /var/data/runtime/nextcloud
 mkdir -p {db,redis}
 ```
-### Prepare environment
+### Nextcloud environment variables
-Create nextcloud.env, and populate with the following variables
+Create `nextcloud.env`, and populate with the following variables
-```bash
+```bash title="/var/data/config/nextcloud/nextcloud.env"
 NEXTCLOUD_ADMIN_USER=admin
 NEXTCLOUD_ADMIN_PASSWORD=FVuojphozxMVyaYCUWomiP9b
 MYSQL_HOST=db
 OVERWRITEPROTOCOL=https
 REDIS_HOST=redis # (1)!
-# For mysql
+# For MariaDB
-MYSQL_ROOT_PASSWORD=<set to something secure>
+MYSQL_ROOT_PASSWORD=iliketogethaxed
 MYSQL_DATABASE=nextcloud
 MYSQL_USER=nextcloud
-MYSQL_PASSWORD=set to something secure>
+MYSQL_PASSWORD=haxmebaby
 ```
-Now create a **separate** nextcloud-db-backup.env file, to capture the environment variables necessary to perform the backup. (_If the same variables are shared with the mariadb container, they [cause issues](https://forum.funkypenguin.co.nz/t/nextcloud-funky-penguins-geek-cookbook/254/3?u=funkypenguin) with database access_)
+1. Necessary to add Redis support
-````bash
+Now create a **separate** `nextcloud-db-backup.env` file, to capture the environment variables necessary to perform the backup. (_If the same variables are shared with the mariadb container, they [cause issues](https://forum.funkypenguin.co.nz/t/nextcloud-funky-penguins-geek-cookbook/254/3?u=funkypenguin) with database access_)
 ````bash title="/var/data/config/nextcloud/nextcloud-db-backup.env"
 # For database backup (keep 7 days daily backups)
 MYSQL_PWD=<set to something secure, same as MYSQL_ROOT_PASSWORD above>
 MYSQL_USER=root
@@ -61,13 +63,13 @@ BACKUP_NUM_KEEP=7
 BACKUP_FREQUENCY=1d
 ````
-### Setup Docker Swarm
+### Nextcloud Docker Compose
-Create a docker swarm config file in docker-compose syntax (v3), something like this:
+Create a docker swarm config file in docker-compose syntax (v3), something like the following example:
 --8<-- "premix-cta.md"
-```yaml
+```yaml title="/var/data/config/nextcloud/nextcloud.yml"
 version: "3.0"
 services:
@@ -80,16 +82,24 @@ services:
    deploy:
      labels:
      # traefik common
      - traefik.enable=true
      - traefik.docker.network=traefik_public
      # traefikv1
      - traefik.frontend.rule=Host:nextcloud.example.com
      - traefik.frontend.redirect.permanent=true
      - traefik.frontend.redirect.regex=https://(.*)/.well-known/(card|cal)dav
      - traefik.frontend.redirect.replacement=https://$$1/remote.php/dav/
      - traefik.port=80     
      # traefikv2
      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.example.com`)"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
-      - "traefik.enable=true"
+      - "traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.permanent=true"
      - "traefik.http.middlewares.nextcloud-redirectregex.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nextcloud-redirectregex.redirectregex.replacement=https://$$1/remote.php/dav/"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-redirectregex@docker"
    volumes:
      - /var/data/nextcloud/html:/var/www/html
      - /var/data/nextcloud/apps:/var/www/html/custom_apps
@@ -97,7 +107,7 @@ services:
      - /var/data/nextcloud/data:/var/www/html/data
  db:
-    image: mariadb:10
+    image: mariadb:10.5 #(1)!
    env_file: /var/data/config/nextcloud/nextcloud.env
    networks:
      - internal
@@ -105,8 +115,8 @@ services:
      - /var/data/runtime/nextcloud/db:/var/lib/mysql
  db-backup:
-    image: mariadb:10
+    image: mariadb:10.5
-    env_file: /var/data/config/nextcloud/nextcloud-db-backup.env
+    env_file: /var/data/config/nextcloud/nextcloud-backup.env
    volumes:
      - /var/data/nextcloud/database-dump:/dump
      - /etc/localtime:/etc/localtime:ro
@@ -116,7 +126,7 @@ services:
      sleep 2m
      while /bin/true; do
        mysqldump -h db --all-databases | gzip -c > /dump/dump_\`date +%d-%m-%Y"_"%H_%M_%S\`.sql.gz
-        (ls -t /dump/dump*.sql.gz|head -n $$BACKUP_NUM_KEEP;ls /dump/dump*.sql.gz)|sort|uniq -u|xargs rm -- {}
+        ls -tr /dump/dump_*.sql.gz | head -n -"$$BACKUP_NUM_KEEP" | xargs -r rm
        sleep $$BACKUP_FREQUENCY
      done
      EOF'
@@ -162,70 +172,19 @@ networks:
        - subnet: 172.16.12.0/24
 ```
 1. MariaDB 10.5 is the latest supported version
 --8<-- "reference-networks.md"
 ## Serving
-### Launch NextCloud stack
+### Launch NextCloud Docker stack and setup
 Launch the NextCloud stack by running ```docker stack deploy nextcloud -c <path -to-docker-compose.yml>```
-Log into your new instance at https://**YOUR-FQDN**, with user "admin" and the password you specified in nextcloud.env.
+Log into your new instance at https://**YOUR-FQDN**, and setup your admin username and password.
 ### Enable redis
 To make NextCloud [a little snappier](https://docs.nextcloud.com/server/13/admin_manual/configuration_server/caching_configuration.html), edit ```/var/data/nextcloud/config/config.php``` (_now that it's been created on the first container launch_), and add the following:
 ```bash
 'redis' => array(
     'host' => 'redis',
     'port' => 6379,
      ),
 ```
 ### Use service discovery
 Want to use Calendar/Contacts on your iOS device? Want to avoid dictating long, rambling URL strings to your users, like ```https://nextcloud.batcave.com/remote.php/dav/principals/users/USERNAME/``` ?
 Huzzah! NextCloud supports [service discovery for CalDAV/CardDAV](https://tools.ietf.org/html/rfc6764), allowing you to simply tell your device the primary URL of your server (_**nextcloud.batcave.org**, for example_), and have the device figure out the correct WebDAV path to use.
 We (_and anyone else using the [NextCloud Docker image](https://hub.docker.com/_/nextcloud/)_) are using an SSL-terminating reverse proxy ([Traefik](/docker-swarm/traefik/)) in front of our NextCloud container. In fact, it's not **possible** to setup SSL **within** the NextCloud container.
 When using a reverse proxy, your device requests a URL from your proxy (<https://nextcloud.batcave.com/.well-known/caldav>), and the reverse proxy then passes that request **unencrypted** to the internal URL of the NextCloud instance (i.e., <http://172.16.12.123/.well-known/caldav>)
 The Apache webserver on the NextCloud container (_knowing it was spoken to via HTTP_), responds with a 301 redirect to <http://nextcloud.batcave.com/remote.php/dav/>. See the problem? You requested an **HTTPS** (_encrypted_) url, and in return, you received a redirect to an **HTTP** (_unencrypted_) URL. Any sensible client (_iOS included_) will refuse such schenanigans.
 To correct this, we need to tell NextCloud to always redirect the .well-known URLs to an HTTPS location. This can only be done **after** deploying NextCloud, since it's only on first launch of the container that the .htaccess file is created in the first place.
 To make NextCloud service discovery work with Traefik reverse proxy, edit ```/var/data/nextcloud/html/.htaccess```, and change this:
 ```bash
 RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
 RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
 ```
 To this:
 ```bash
 RewriteRule ^\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
 RewriteRule ^\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
 ```
 Then restart your container with ```docker service update nextcloud_nextcloud --force``` to restart apache.
 Your can test for success by running ```curl -i https://nextcloud.batcave.org/.well-known/carddav```. You should get a 301 redirect to your equivalent of <https://nextcloud.batcave.org/remote.php/dav/>, as below:
 ```bash
 [davidy:~] % curl -i https://nextcloud.batcave.org/.well-known/carddav
 HTTP/2 301
 content-type: text/html; charset=iso-8859-1
 date: Wed, 12 Dec 2018 08:30:11 GMT
 location: https://nextcloud.batcave.org/remote.php/dav/
 ```
 Note that this .htaccess can be overwritten by NextCloud, and you may have to reapply the change in future. I've created an [issue requesting a permanent fix](https://github.com/nextcloud/docker/issues/577).
 [^1]: Since many of my other recipes use PostgreSQL, I'd have preferred to use Postgres over MariaDB, but MariaDB seems to be the [preferred database type](https://github.com/nextcloud/server/issues/5912).
-[^2]: I'm [not the first user](https://github.com/nextcloud/docker/issues/528) to stumble across the service discovery bug with reverse proxies.
+[^2]: If you want better performance when using Photos in Nextcloud, have a look at [this detailed write-up](https://rayagainstthemachine.net/linux%20administration/nextcloud-photos/)!
 --8<-- "recipe-footer.md"
`@@ -9,4 +9,4 @@`

	`Related:`	`Related:`

	`* [X] [Traefik Forward Auth][tfa] or [Authelia][authelia] to secure your Traefik-exposed services with an additional layer of authentication\`	`* [X] [Traefik Forward Auth][tfa] or [Authelia][authelia] to secure your Traefik-exposed services with an additional layer of authentication`