homelab/active/podman_nextcloud/nextcloud-aio.md

Nextcloud AIO

• Nextcloud AIO
  • Install with Rootless Podman
    • Create the nextcloud user
    • Install Podman
    • Create the container autostart service
    • Install Nextcloud
    • Install Caddy
    • Firewall
  • Backups
  • Maintenace Mode
  • Trusted Proxy
  • Default phone region
  • Adding existing files
  • Theming
  • Changing the domain
  • Uninstall
  • Edit QCOW
  • Stuck in login screen
  • Freezing after working for a bit
    • Out of disk space
    • Redis can't dump its DB

https://github.com/nextcloud/all-in-one

Install with Rootless Podman

Roughly taken from https://github.com/nextcloud/all-in-one/discussions/3487

This has been tested working on Fedora 41 with selinux and firewalld enabled.

Create the nextcloud user

useradd nextcloud
su - nextcloud
ssh-keygen
exit
cp ~/.ssh/authorized_keys /home/nextcloud/.ssh/authorized_keys
chown nextcloud:nextcloud /home/nextcloud/.ssh/authorized_keys
loginctl enable-linger $(id -u nextcloud)

Install Podman

# As root user
dnf install podman

# Now SSH into the server as the nextcloud user
systemctl --user enable podman-restart
systemctl --user enable --now podman.socket

Create the container autostart service

Edit the autostart service to include "unless-stopped" containers.

As the nextcloud user:

systemctl --user edit podman-restart.service

[Service]
ExecStart=
ExecStart=/usr/bin/podman $LOGGING start --all --filter restart-policy=always --filter restart-policy=unless-stopped
ExecStop=/bin/sh -c '/usr/bin/podman $LOGGING stop $(/usr/bin/podman container ls --filter restart-policy=always --filter restart-policy=unless-stopped -q)'

systemctl --user daemon-reload

Install Nextcloud

# Make the container systemd directory (if needed)
ssh nextcloud mkdir -p ~/.config/containers/systemd

# Create the nextcloud network with ipv6
ssh nextcloud podman network create --ipv6 nextcloud-aio

#  Copy the quadlet files
scp \
active/podman_nextcloud/nextcloud-aio-mastercontainer.container \
nextcloud:.config/containers/systemd/

# Reload and restart the service
ssh nextcloud systemctl --user daemon-reload
ssh nextcloud systemctl --user restart nextcloud-aio-mastercontainer

Install Caddy

As root

mkdir /etc/caddy
vim /etc/caddy/Caddyfile

Caddy will automatically provision certificates if the server DNS points to the correct IP and is accessible on the ports specifified. All you need to do is put https in the caddy conf.

https://nextcloud.reeseapps.com:443 {
    reverse_proxy 127.0.0.1:11000
}

https://nextcloud.reeseapps.com:8443 {
    reverse_proxy 127.0.0.1:11001 {
        transport http {
            tls_insecure_skip_verify
        }
    }
}

vim /etc/containers/systemd/caddy.container

[Unit]
Description=Caddy

[Container]
AddCapability=NET_ADMIN
ContainerName=caddy
Image=docker.io/caddy:2
Network=host
SecurityLabelDisable=true
Volume=/etc/caddy:/etc/caddy
Volume=caddy_data:/data
Volume=caddy_config:/config

[Service]
Restart=always

[Install]
WantedBy=default.target

systemctl daemon-reload
systemctl start caddy

Firewall

Allow traffic to 11000 from your reverse proxy

Backups

IMPORTANT: you will need both KEY AND PASSPHRASE to access this repo! If you used a repokey mode, the key is stored in the repo, but you should back it up separately. Use "borg key export" to export the key, optionally in printable format. Write down the passphrase. Store both at safe place(s).

docker exec nextcloud-aio-borgbackup borg key export /mnt/borgbackup/borg/

If you need to reset the borg backup repo:

docker exec nextcloud-aio-borgbackup rm /mnt/docker-aio-config/data/borg.config

Maintenace Mode

docker stop nextcloud-aio-apache
docker exec -it -u www-data nextcloud-aio-nextcloud ./occ maintenance:mode --on

docker start nextcloud-aio-apache
docker exec -it -u www-data nextcloud-aio-nextcloud ./occ maintenance:mode --off

Trusted Proxy

If running with a reverse proxy.

docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 2 --value="10.1.0.0/16"
docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 3 --value="fd00:fd41:d0f1:1010::/64"

Default phone region

docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="US"

Adding existing files

docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --path=ducoterra/files

Theming

Red: #B30000

Changing the domain

docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"

Uninstall

docker stop $(docker ps -a -q)
docker container prune

# DANGER ZONE
# This deletes all your data
docker volume prune -a -f

defaults,_netdev,x-systemd.requires=iscsid.service 0 1

Edit QCOW

sudo modprobe nbd
sudo qemu-nbd -c /dev/nbd0 --read-only /path/to/image.qcow2
udisksctl mount -b /dev/nbd0p1

Stuck in login screen

Check logs at /var/www/html/data/nextcloud.log in nextcloud-aio-nextcloud container.

Sometimes this is caused by a broken app or twofactor. try:

# Disable two factor
./occ twofactorauth:state <user>
./occ twofactorauth:disable <user> totp

# Disable problem app
./occ app:disable integration_openai

Freezing after working for a bit

Out of disk space

This can happen when nextcloud tries to write logs to its volume and doesn't have enough space

podman exec -it nextcloud-aio-nextcloud bash
df -h .

Redis can't dump its DB

This can happen when the redis volume doesn't have the correct permissions

podman exec -it --user root nextcloud-aio-redis bash
ls -lah /data
chown redis:redis /data