John Galea's Blog

My blog on Gadgets and the like

NextCloud container

OpenSource is a collective of coders that get together for a project. Eventually, a parting of the ways happen and a group of those coders go there own way sometimes creating a new version of the project they were working on, referred to as a fork. Well, I previously wrote about Owncloud which did exactly what I wanted, provide a safe place for me to drop files for others to come and get without the prying eyes of cloud providers or governments. Not that I’m doing anything untoward, but it’s more about privacy. From the start my friend Lance told me to skip Owncloud and go to Nextcloud. When I first loaded Nextcloud I hated it. Way too much loaded, way too busy, way to complicated to hand to a non technocrat and expect them to be able to know how to drop a file so I went with Owncloud. And then I saw something about mobile sync and discovered Nextcloud iOS (iPhone) app supports photo syncing. I’ve long been irritated by Apple’s ransoming of my photos and the continuous nagging about iCloud being full … buy more or else. Sadly, Owncloud’s iOS app does not support this, and so I decided to have another look at Nextcloud. I have no need of Mail/calendar/chat and all kinds of other clutter Nextcloud loads up so the best place to start is at the install. I’ve decided to go with a container for the initial install, and I chose Ubuntu 20 as the host. I decided a separate host to play, and to segregate so that someone filling up my space doesn’t bring down my entire container host. While this could have been handled other ways this was how I went forward and why.

To cut to the chase, here is what I found as improvements of Next over Own:

two factor authentication support, forced at a system level or at a user level
photo sync on iphone support
you can set a default users password for them let them choose their own
notifications when something is shared with you

To deploy the container I used: (this container includes Apache, and Nextcloud).

docker run \
–name=nextcloud \
–hostname=nextcloud \
-p 192.168.2.223:8080:8080/tcp \
-p 192.168.2.223:80:80/tcp \
-e VERSION=latest \
-e TZ=”America/Montreal” \
-v nextcloud:/var/www/html:rw \
–restart=always \
nextcloud

This exposes both 8080 where I intend to publish an SSL secured site on as well as 80 for initial setup. I decided I’d use my already setup mysql backend. Nexcloud requires no prep of mysql, just give it the root or DBA account and it does everything for you. It will create the account it runs on, creates the DB etc. For me, one of the keys to tolerating the clutter of Nextcloud is on the opening screen where it says install default apps, um no thanks, it’s a tick box just out of view of the next image.

And with that it’s installed ready to be configured. I recommend an admin account called something other than admin, or administrator, too obvious. The next steps are very similar to Owncloud but I’ll replicate them anyway. First off set your admin’s email account (settings personal info) and set the smtp server so emails can be sent to users when their accounts are created (settings, basic settings). It also allows them reset their own passwords. Since Nextcloud allows you to set a users password when your creating it, this isn’t as critical as it was in Owncloud, but none the less, might as well get it done. Next up was to dramatically simplify the Nextcloud clutter by disabling what I don’t want from the apps. I removed dashboard, weather, status etc and cut it to the minimum. You can always put stuff back if you need to, or ever want it. I even disabled the disabled files so end users files are gone right away once deleted. I enabled the default encryption, and then turned on encryption. This insures that files are encrypted at rest. I double check this by downloading a file using SFTP out from under Nextcloud to ensure it’s unreadable.

With this you have a basic setup, but it isn’t ready to use since there’s no SSL. Fortunately apache is part of the container so it’s pretty easy to setup. Unfortunately they did not include the SSL module but this is pretty easy to fix. So to get all this done I manually customize the files and then copy them into the container using:

docker exec -i nextcloud a2enmod ssl
docker stop nextcloud
docker cp to copy all cert files somewhere in the container you can then reference
docker cp 000-default.conf nextcloud:/etc/apache2/sites-available
/000-default.conf
docker start -i nextcloud

and with that you have SSL enabled. I’ve not yet figured out NGINX reverse proxy, so for now I just open 8080 as SSL to the Nextcloud ip. I’ve been using VEEAM to backup my VMS, but I also grab a number of key Apache config files and do a database dump on mysql using the command:

docker exec mysql mysqldump –user=root –password=password nextcloud > /home/movi
es/nextcloud.sql

To update nextcloud I use the following commands and then call the create commands I started with. You will need to reconfigure apache as well using docker cp as above:

docker stop nextcloud
docker rm nextcloud
docker rmi nextcloud
./nextcloud-create (shown above)

So with this Nextcloud is now up. There’s really two things I’m not fond of with this setup, updating is little more complicated, but the above process works, but the biggest concern is I have not been able to get mapping the container space outside the OS drive, so you could have a situation where drive fills up and bring the OS drive down or paralyzed.

December 25, 2020 - Posted by | Uncategorized

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: