homelab/active/podman_nextcloud/nextcloud-aio.md

Nextcloud AIO

• Nextcloud AIO
  • Install with Rootless Podman
    • Create the nextcloud user
    • Create the container autostart service
    • Install Nextcloud
    • Install Caddy
    • Firewall
  • Backups
    • Manual Backups
  • Maintenance Mode
  • Trusted Proxy
  • Default phone region
  • Adding existing files
  • Theming
  • Changing the domain
  • Uninstall
  • Edit QCOW
  • Exclude Lists
  • Troubleshooting
    • Stuck in login screen
    • Freezing after working for a bit
      • Out of disk space
      • Redis can't dump its DB
      • Error connecting to server

https://github.com/nextcloud/all-in-one

Install with Rootless Podman

Roughly taken from https://github.com/nextcloud/all-in-one/discussions/3487

This has been tested working on Fedora 41 with selinux and firewalld enabled.

Create the nextcloud user

useradd nextcloud
loginctl enable-linger $(id -u nextcloud)
systemctl --user --machine=nextcloud@.host enable podman-restart
systemctl --user --machine=nextcloud@.host enable --now podman.socket
su -l nextcloud
mkdir -p /home/nextcloud/.config/containers/systemd
exit

Create the container autostart service

Edit the autostart service to include "unless-stopped" containers.

machinectl shell nextcloud@
systemctl --user edit podman-restart.service

[Service]
ExecStart=
ExecStart=/usr/bin/podman $LOGGING start --all --filter restart-policy=always --filter restart-policy=unless-stopped
ExecStop=/bin/sh -c '/usr/bin/podman $LOGGING stop $(/usr/bin/podman container ls --filter restart-policy=always --filter restart-policy=unless-stopped -q)'

systemctl --user daemon-reload

Install Nextcloud

On the operator

1. Edit nextcloud-aio-mastercontainer.container to include the correct username and UID where relevant.
2. Copy the files to the server:

#  Copy the quadlet files
scp \
active/podman_nextcloud/nextcloud-aio-mastercontainer.container \
3dserver:/home/nextcloud/.config/containers/systemd/

ssh chown -R nextcloud:nextcloud /home/nextcloud/.config/containers/systemd/

On the server

machinectl shell nextcloud@

# Create volumes
mkdir nextcloud_data
mkdir nextcloud_aio_mastercontainer

# Create the nextcloud network with ipv6
podman network create --ipv6 nextcloud-aio

# Reload and restart the service
systemctl --user daemon-reload
systemctl --user restart nextcloud-aio-mastercontainer

Install Caddy

As root

mkdir /etc/caddy
vim /etc/caddy/Caddyfile

Caddy will automatically provision certificates if the server DNS points to the correct IP and is accessible on the ports specifified. All you need to do is put https in the caddy conf.

https://nextcloud.reeseapps.com:443 {
    reverse_proxy 127.0.0.1:11000
}

https://nextcloud.reeseapps.com:8443 {
    reverse_proxy 127.0.0.1:11001 {
        transport http {
            tls_insecure_skip_verify
        }
    }
}

vim /etc/containers/systemd/caddy.container

[Unit]
Description=Caddy

[Container]
AddCapability=NET_ADMIN
ContainerName=caddy
Image=docker.io/caddy:2
Network=host
SecurityLabelDisable=true
Volume=/etc/caddy:/etc/caddy
Volume=caddy_data:/data
Volume=caddy_config:/config

[Service]
Restart=always

[Install]
WantedBy=default.target

systemctl daemon-reload
systemctl start caddy

Firewall

Allow traffic to 11000 from your reverse proxy

Backups

IMPORTANT: you will need both KEY AND PASSPHRASE to access this repo! If you used a repokey mode, the key is stored in the repo, but you should back it up separately. Use "borg key export" to export the key, optionally in printable format. Write down the passphrase. Store both at safe place(s).

docker exec nextcloud-aio-borgbackup borg key export /mnt/borgbackup/borg/

If you need to reset the borg backup repo:

docker exec nextcloud-aio-borgbackup rm /mnt/docker-aio-config/data/borg.config

Manual Backups

1. Backup nextcloud_data
2. Backup all nextcloud volumes at /home/nextcloud/.local/share/containers/storage/volumes/
3. Backup .config/containers/systemd/

Copy these back to where they came to restore

Maintenance Mode

docker stop nextcloud-aio-apache
docker exec -it -u www-data nextcloud-aio-nextcloud ./occ maintenance:mode --on

docker start nextcloud-aio-apache
docker exec -it -u www-data nextcloud-aio-nextcloud ./occ maintenance:mode --off

Trusted Proxy

If running with a reverse proxy.

docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 2 --value="10.1.0.0/16"
docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 3 --value="fd00:fd41:d0f1:1010::/64"

Default phone region

docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="US"

Adding existing files

docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --path=ducoterra/files

Theming

Red: #B30000

Changing the domain

docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"

Uninstall

docker stop $(docker ps -a -q)
docker container prune

# DANGER ZONE
# This deletes all your data
docker volume prune -a -f

defaults,_netdev,x-systemd.requires=iscsid.service 0 1

Edit QCOW

sudo modprobe nbd
sudo qemu-nbd -c /dev/nbd0 --read-only /path/to/image.qcow2
udisksctl mount -b /dev/nbd0p1

Exclude Lists

Exclude lists take effect only if the folders/files haven't been synced yet. Here's a basic one I stole that works well for development resources.

Put this in ~/.config/Nextcloud/sync-exclude.list

]*~
]~$*
].~lock.*
]~*.tmp
]*.~*
]Icon\r*
].DS_Store
].ds_store
]*.textClipping
]._*
]Thumbs.db
]photothumb.db
]System Volume Information
].*.sw?
].*.*sw?
].TemporaryItems
].Trashes
].DocumentRevisions-V100
].Trash-*
].fseventd
].apdisk
].Spotlight-V100
].directory
]*.part
]*.filepart
]*.crdownload
]*.kate-swp
]*.gnucash.tmp-*
].synkron.*
].sync.ffs_db
].symform
].symform-store
].fuse_hidden*
]*.unison
].nfs*
]My Saved Places.
]*.sb-*
]*.dll
]*.exe
].git/
].lock
]*.bin
].bin
]bin/
]*.lock
]node_modules/
].cache/
].vscode/
].pytest_cache/
].github/
].ipynb_checkpoints/
]*.exe
]*.dll
]*.class
]*.com
]*.so
]*.o
]@*/
]__pycache__/
].Python/
]build/
]dist/
]eggs/
].eggs/
]wheels/
]sdist/
]var/
]*.egg/
]*.egg-info/
]lib64/
]lib/
].tox/
].nox/
]env/
]venv/
]ENV/
]env.bak/
]venv.bak/
]site/
]cython_debug/
]vendor/
]tmp/
].libs/
].debs/
]src/
]Debug/
]debug/
]*.pdb
]*.enc
].enc
].sass-cache/
]_site/
].info
]*.info
].jekyll-cache
].jekyll-cache/
].zotero-ft-cache
].zotero-ft-info
]*.idlk
]zotero.sqlite.bak
]*.dwl
]*.dwl2
]*.bkp
]*.dtmp
].$*
]*.tmp
]_build/
].venv/

Troubleshooting

Stuck in login screen

Check logs at /var/www/html/data/nextcloud.log in nextcloud-aio-nextcloud container.

Sometimes this is caused by a broken app or twofactor. try:

# Disable two factor
./occ twofactorauth:state <user>
./occ twofactorauth:disable <user> totp

# Disable problem app
./occ app:disable integration_openai

Freezing after working for a bit

Out of disk space

This can happen when nextcloud tries to write logs to its volume and doesn't have enough space

podman exec -it nextcloud-aio-nextcloud bash
df -h .

Redis can't dump its DB

This can happen when the redis volume doesn't have the correct permissions

podman exec -it --user root nextcloud-aio-redis bash
ls -lah /data
chown redis:redis /data

Error connecting to server

Your nextcloud instance won't be able to use host loopback with rootless containers. If you have a local DNS record pointing to your server's IP address you'll need to delete that until this is fixed.