Docker + Nextcloud + External storage

  • That's very detailed, thank you for all those explanations!

    I think I will try the last option: keep /data folder on the internal SD card and share the external storage via Nextcloud app. I will make sure the users don't put too many files in the root directory (/data), which is size limited.

    How can you explain we couldn't use something as -v /var/media/MyBook:/data?

  • To use -v /var/media/MyBook:/data the user nobody needs write access to existing files so instead of fmask=0133 the external storage should be mounted fmask=0111, which honestly I can't see why is not this way due that the current default directory mask already grants full access to anyone. And there is little that Nextcloud could do other than providing the check_data_directory_permissions flag.

    Certainly is not a good idea to keep a busy /data directory in an sd card like a Raspberry Pi with multiple continuous log and database writes on top of the kodi ones even if the bulk of the storage is elsewhere.

    I don't know if there is a way to delay the docker to load certain containers so that at boot you could remount the external storage with write access before the cointaners are started.

    May be in a future Libreelec release this fmask parameter could be set to a more useful value.

  • OK, I understand. Libreelec is certainly not the best OS to host Nextcloud, I guess? I tried DietPi but had some difficulties as well, maybe I didn't try enough...

    One thing I have learnt now: we often have to wait after doing an action on Libreelec/Docker for it to be effective. It might be the same with other OS...

  • Hi,

    My setup is running for more than 2 months, but I find it very slow. On local network, it could last up to 40 seconds to load the Files page, which I find very long.

    Do you have some clues how to speed it up?

    Thanks.

  • Nextcloud web ui log doesn't show anything in particular. Do we have access to other logs? docker logs docker.linuxserver.nextcloud returns nothing.

    Is there a way to switch to http instead of https to avoid any certificate problem when interfacing Nextcloud with other apps?

    Thanks

  • In the config folder, you can find the nginx and php logs

    http would require modifying the default nginx site conf, which you can do, but we don't support it. We recommend reverse proxying (potentially via our letsencrypt image)

  • Logs don't show anything suspicious. I will have a look at letsencrypt, then.

    Just to know: if a Raspberry is too weak for Nextcloud, which platform would you better suggest?

    Thanks

  • Hi,

    Sorry but I will need help here.

    I've installed Letsencrypt addon and configured it with:

    - Port 80: 85 (and, on my router, redirected port 80 from outside to port 85 on the Raspberry)

    - URL: my personal url which is registered at no-ip.com (xxx.ddns.net) and configured as a Dyndns on my router. This DNS works as I can still access my Nextcloud instance which is on port 443 (is that a problem?)

    - subdomains: I don't really know what to write here as I don't have any registered subdomain. It could be great to be able to access, i.e. Nextcloud via nc.xxx.ddns.net, but I don't have any idea if it is possible and how to do that. So I've tried to write "www,nc" for further use.

    - validation method: http

    I waited for the log to show the result of the installation, I don't have it anymore but I got a message saying that subdomains were unreachable so I had to check my config.

    Could you please help me in understanding what I missed?

    Thanks

    Edited once, last by Alomon (April 17, 2020 at 9:33 PM).

  • I can't help you with your domain name or cnames, but if you want a reliable ddns address, look into duckdns. All subdomains to your custom domain automatically forward to your ip. With that, you can do nc.customname.duckdns.org

    For certs, you need to check the logs to see what went wrong. The commands are in the pinned thread about linuxserver docker addons

  • OK, thanks.

    Just one thing which is not really documented: can I keep my Nextcloud instance on port 443? I've read somewhere that with letsencrypt, no other application should listen to port 443. If not, I would have to uninstall it completely before going further.

    Moreover, I've read that a docker network might be necessary, is it mandatory here with linuxserver containers? [Edit: while trying to setup a docker network, I've seen one is already created, named lsio]

    Sorry if it's a lot of questions, but the doc is not so easy to find (lot of pages/posts on different websites, especially due to Libreelec integration...).

    Thanks again

    Edited once, last by Alomon (April 18, 2020 at 12:58 PM).

  • Hi,

    I've read your well written guide and I've understood a lot of things now. But still, if I follow the instructions about Nextcloud installation and adapt them to LE, I understand I just have to install Nextcloud add-on, Mariadb add-on and letsencrypt add-on, then adapt config files (for Nextcloud ans letsencrypt) and router configuration as explained. However, I still think that Nextcloud and Letsencrypt listen to the same port (443), which prevents the setup to work. What did I miss in your guide? Should I change a port somewhere?

    Thanks again

    P.S.: I forgot to mention that I keep on getting an error on letsencrypt logs: [emerg] "proxy_max_temp_file_size" directive invalid value in /config/nginx/proxy-confs/nextcloud.subdomain.conf:33

    Edited once, last by Alomon (April 18, 2020 at 7:07 PM).

  • If you're gonna reverse proxy, it doesn't matter what port nextcloud is set to as it won't be used. The addons already attach to the lsio network and advertise themselves with the dns host names "nextcloud", "mariadb", "letsencrypt", etc.

    Don't overthink it. Don't modify anything in the proxy conf, just follow the directions at the top and make the necessary changes to nextcloud config.php file so it allows reverse proxy access.

  • Hi,

    Now I think I've got it installed, I used CLI to be able to monitor everything:

    Code
    docker create \
      --name=nextcloud \
      --net=lsio \
      -e PUID=65534 \
      -e PGID=100 \
      -e TZ=Europe/London \
      -v /storage/.kodi/userdata/addon_data/docker.linuxserver.nextcloud/config:/config \
      -v /storage/.kodi/userdata/docker.linuxserver.nextcloud/data:/data \
      --restart unless-stopped \
      linuxserver/nextcloud

    Then:

    Code
    docker start mariadb
    docker start nextcloud
    docker start letsencrypt

    I used a custom dhparams to speed things up as explained here. I also had to edit nextcloud.subdomain.conf file with proxy_max_temp_file_size 1024m; as explained there. Then docker restart letsencrypt.

    I can now access to my Nextcloud instance via https://nextcloud._MY_DOMAIN_.duckdns.org. Howerver, my browsers still trigger a safety alert regarding the certificate because the certificate is for _MY_DOMAIN_.duckdns.org and not for nextcloud._MY_DOMAIN_.duckdns.org.

    I tried as well to install letsencrypt with wildcard as SUBDOMAINS but got the same error because the certificate was for *._MY_DOMAIN_.duckdns.org.

    This seems to provide other applications to access Nextcloud (in my case, Home Assistant).

    Is there a solution fot that?

    Thanks again

  • That's a restriction documented in the readme. Duckdns validation results in a cert with only one address covered. That's because duckdns only allows one TXT record set.

    So it can cover only one of the following at a time:

    domain.duckdns.org

    *.domain.duckdns.org

    nextcloud.domain.duckdns.org

    The readme recommends using the second option so it covers all (sub)subdomains, and using the www endpoint instead of the naked domain.

  • That's what I thought it was due to, thanks for the confirmation. So if I'm right, letsencrypt container should be created with -e SUBDOMAINS=wildcard \. But then, I can't find a way to make the server automatically load Nextcloud when we access http://www.domain.duckdns.org. Do I understand well?

    And ultimately, will it allow browsers and external applications to access my instance without doubting about the certificate? Our should I use another validation method for that?

    Thanks.

    Edited once, last by Alomon (April 21, 2020 at 9:07 PM).