Skip to content

Instantly share code, notes, and snippets.

@gilangvperdana
Last active January 14, 2023 02:21
Show Gist options
  • Save gilangvperdana/cc7c92c167e4d4fa4db4fffbf76a8bb6 to your computer and use it in GitHub Desktop.
Save gilangvperdana/cc7c92c167e4d4fa4db4fffbf76a8bb6 to your computer and use it in GitHub Desktop.
Nextcloud Ubuntu 20.04LTS with Docker

Docker-compose

---
version: '2'

services:
  app:
    image: linuxserver/nextcloud
    restart: always
    ports:
      - 8082:80
    volumes:
      - /mnt/nextcloud/config:/config
      - /mnt/nextcloud/data:/data
    environment:
      - MYSQL_DATABASE=CHANGEME
      - MYSQL_USER=CHANGEME
      - MYSQL_PASSWORD=CHANGEME
      - MYSQL_HOST=db
  db:
    image: mariadb
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - ./sqldata:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=CHANGEME
      - MYSQL_PASSWORD=CHANGEME
      - MYSQL_DATABASE=CHANGEME
      - MYSQL_USER=CHANGEME

Nginx Reverse Block

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80;
    if ($scheme = "http") {
        return 301 https://$host$request_uri;
    }

    listen 443 ssl http2;
    server_name drive.example.org;

    location / {
        proxy_pass http://192.168.20.216:8082$request_uri;

        proxy_set_header Host drive.example.org;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 0;

        # Websocket
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }

    ssl_certificate /etc/letsencrypt/live/drive.example.org/fullchain.pem;   # managed by certbot on host machine
    ssl_certificate_key /etc/letsencrypt/live/drive.example.org/privkey.pem; # managed by certbot on host machine

    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
    ssl_session_tickets off;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
}

Force HTTPS

nano /mnt/nextcloud/config/www/nextcloud/config/config.php
<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'REDACTED',
  'passwordsalt' => 'REDACTED',
  'secret' => 'REDACTED',
  'trusted_domains' => 
  array (
    0 => 'drive.example.org',
  ),
  'dbtype' => 'mysql',
  'version' => '25.0.2.3',
  'overwriteprotocol' => 'https',
  'overwrite.cli.url' => 'https://drive.example.org',
  'dbname' => 'nextcloud',
  'dbhost' => '172.25.0.2',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'REDACTED',
  'dbpassword' => 'REDACTED',
  'installed' => true,
);

Manual Install Apps

cd /nextcloud/apps
wget .tar.gz from https://apps.nextcloud.com/
Activate on Apps tabs -> Configure on Settings

Onlyoffice

wget from https://apps.nextcloud.com/apps/onlyoffice

sudo docker run -i -t -d -p 443:443 \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver

### Put TLS crt here
/app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
/app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt

### Generate TOKEN
sudo docker exec $ONLYOFFICE_CONTAINER_ID /var/www/onlyoffice/documentserver/npm/json -f /etc/onlyoffice/documentserver/local.json

### Configure on ONLYOFFICE Settings
INSECURE TLS -> TRUE

Reference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment