My experiance installing a Nextcloud-Server.

I had an old PC sitting around doing nothing and I wanted a home server. After researching and looking up how to do things I got to work on it. I wanted an easy way to host my own game servers for games like minecraft, services like a youtube proxy or a RSS-feed and many more. But what I wanted most was a NextCloud server. I had to learn how to use Docker and Docker networking in such a way that it remained secure and accessible within my network, only by devices that we allowed. Everything should also be easily reversible or removable if we stop playing a game or a self-hosted service stops working. Docker is perfect for this.

After all that I have to say I love Docker and I really like Nextcloud. Once you learned how to set it up and use it, it was easy. You may notice that I have left out a lot of the security stuff, apart from the firewall. This is because every configuration will be different for everyone, as no-one has the same network, devices and/or needs. Also, I will not be discussing anything security related below. Security first, and making sure that everyone in the security department is doing their homework, and not just copying commands from someone else's documentation without knowing what they are doing.

Note1: "*" = Some kind of personal data.

Note2: Nextcloud 26 is used because many applications are not ready for 27.

Note3: As stated above, information about security and how to access the server from the outside is not mentioned/removed in this blog post.


Soooo.... This is how I had set up the basic stuff:

  1. Installing a Linux-Server.

  2. Getting the IP of the new Server.

    ip addr

  3. SSH onto it.

    ssh *******@192.168.**.**

  4. Setting up a static IP.

    sudo nano /etc/netplan/00-installer-config.yaml

    network: ethernets: eno1: addresses: [192.168.**.**/24] gateway4: 192.168.**.1 enp2s0: addresses: [192.168.**.**/24] gateway4: 192.168.**.1

  5. Loading the new config

    sudo netplan apply

  6. Check that your Internet access is still working.

    ping 1.1.1.1

  7. Setting time.

    sudo timedatectl set-timezone ******/*******

    sudo timedatectl set-local-rtc 1

  8. Adding Docker to the Server.

    sudo add-apt-repository universe

    sudo apt-get update

    sudo apt-get upgrade

    sudo apt-get install ca-certificates curl gnupg

    sudo install -m 0755 -d /etc/apt/keyrings

    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

    sudo chmod a+r /etc/apt/keyrings/docker.gpg

    echo \ "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

    sudo apt-get update

    sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin git docker-compose

    sudo docker run hello-world

  9. Setting up the Firewall

    sudo apt install ufw

    sudo ufw allow ssh

    sudo ufw enable

    sudo ufw allow 80/tcp

    sudo ufw allow 443/tcp

    sudo ufw reload

    sudo ufw status verbose

    THIS SCRIPT IS THE EASY WAY SETTING IT UP! CAN BE DONE MANUALY! CHECK THE SCRIPT BEFOR RUNNING IT!

    sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker

    sudo chmod +x /usr/local/bin/ufw-docker

    ufw-docker install

    sudo systemctl restart ufw

    sudo reboot

  10. Preparing a RAID (Highly recommended!): [https://www.digitalocean.com/community/tutorials/how-to-create-raid-arrays-with-mdadm-on-ubuntu-22-04].

    lsblk -o NAME,SIZE,FSTYPE,TYPE,MOUNTPOINT

    sudo mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sda /dev/sdb

    y

    cat /proc/mdstat

    The command above shows the progress of the raid creation. DON'T REBOOT UNTIL IT'S DONE! You can continue to set everything up, just DON'T reboot.

    sudo mkfs.ext4 -F /dev/md0

    sudo mkdir -p /mnt/md0

    sudo mount /dev/md0 /mnt/md0

    df -h -x devtmpfs -x tmpfs

    sudo mdadm --detail --scan | sudo tee -a /etc/mdadm/mdadm.conf

    Make a backup of the the "mdadm.conf" file.

    sudo update-initramfs -u

    echo '/dev/md0 /mnt/md0 ext4 defaults,nofail,discard 0 0' | sudo tee -a /etc/fstab

    sudo nano /etc/fstab

  11. Preparing the Folders.

    sudo mkdir /home/*******/nextcloud

    sudo mkdir /mnt/md0/nextcloud

    sudo mkdir /mnt/md0/nextcloud/data

    sudo mkdir /mnt/md0/nextcloud/db

  12. Creating the compose file.

    nano /home/*******/nextcloud/docker-compose.yml

    version: '3.7' services: mariadb: restart: always container_name: nextcloud-mariadb-server volumes: - '/mnt/md0/nextcloud/db:/var/lib/mysql' environment: - MYSQL_ROOT_PASSWORD=*************** - MYSQL_ROOT_HOST=% image: mariadb:latest nextcloud: restart: always volumes: - '/mnt/md0/nextcloud/data:/var/www/html' container_name: nextcloud depends_on: - 'mariadb' ports: - '8080:80' environment: - MYSQL_HOST=mariadb - MYSQL_DATABASE=nextcloud - MYSQL_USER=*************** - MYSQL_PASSWORD=*************** image: 'nextcloud:26.0.3' cron: image: rcdailey/nextcloud-cronjob restart: always network_mode: none container_name: nextcloud_cron volumes: - '/var/run/docker.sock:/var/run/docker.sock:ro' - '/etc/localtime:/etc/localtime:ro' environment: - NEXTCLOUD_CONTAINER_NAME=nextcloud - NEXTCLOUD_CRON_MINUTE_INTERVAL=5

  13. Creating the Updater/Restarter.

    sudo nano /home/********/nextcloud/nextcloud_UPDATER.sh

    #!/bin/bash cd /home/**********/nextcloud sudo docker-compose down sudo docker-compose up -d

    chmod a+x /home/**********/nextcloud/nextcloud_UPDATER.sh

  14. Setting permissions.

    sudo chown -R www-data:www-data /mnt/md0/nextcloud/data/

    sudo chmod -R 0750 /mnt/md0/nextcloud/data/

  15. Starting up all docker containers and setting up the database.

    sudo docker exec -it nextcloud-mariadb-server /bin/bash

    mariadb -u root -p

    ***************

    CREATE DATABASE nextcloud;

    CREATE USER '*************'@'%' IDENTIFIED BY '*************';

    GRANT ALL PRIVILEGES ON nextcloud.* TO '*************'@'%';

    exit;

    exit

  16. Opening and setting up Nextcloud.

    http://192.168.**.**:8080"

    root

    root

    *************

    *************

    nextcloud

    mariadb

  17. Skipping recommended apps.

  18. Checking the containers

    sudo docker container ls -a

  19. Cron should be used for internal updating of feeds and other things. Change it in the general administration settings. A separate container is used to run it, to keep everything self-contained.

  20. Now configure everything to your liking.

  21. DONE!


Now everything is set up. Files, the database, configs and other important things will be on a RAID and are much safer from drive failure than just on the system drive or a single drive. Firewall and Docker are configured for use within a local network and everything can be easily replicated, expanded or removed by using the compose files and removing individual directories for the no longer needed service. I hope I could help you get started or finding the next step for your setup!



Sources: