The self-hosted productivity platform that keeps you in control.
Why this image?
This non-official image is intended as an all-in-one (as in monolithic) Nextcloud production image. If you're not sure you want this image, you should probably use the official image.
Don't run random images from random dudes on the Internet. Ideally, you want to maintain and build it yourself.
Images are scanned every day by Trivy for OS vulnerabilities. Latest tag/version is automatically built weekly, so you should often update your images regardless if you're already using the latest Nextcloud version.
If you're building manually, you should always build production images without cache (use
docker build --no-cache for instance). Latest dependencies will hence be used instead of outdated ones due to a cached layer.
- Fetching PHP/nginx from their official images.
- Rootless: no privilege at any time, even at startup.
- Includes hardened_malloc, a hardened memory allocator.
- Includes a simple built-in cron system.
- Much easier to maintain thanks to multi-stages build.
- Does not include imagick, samba, etc. by default.
You're free to make your own image based on this one if you want a specific feature. Uncommon features won't be included as they can increase attack surface: this image intends to stay minimal, but functional enough to cover basic needs.
latest: latest Nextcloud version
x: latest Nextcloud x.x (e.g.
x.x.x: Nextcloud x.x.x (e.g.
You can always have a glance here. Only the latest stable version will be maintained by myself.
|NEXTCLOUD_VERSION||version of Nextcloud|
|ALPINE_VERSION||version of Alpine Linux|
|PHP_VERSION||version of PHP|
|NGINX_VERSION||version of nginx|
|APCU_VERSION||version of APCu (php ext)|
|REDIS_VERSION||version of redis (php ext)|
|HARDENED_MALLOC_VERSION||version of hardened_malloc|
|CONFIG_NATIVE||native code for hmalloc|
|UID||user id (default: 1000)|
|GID||group id (default: 1000)|
For convenience they were put at the very top of the Dockerfile and their usage should be quite explicit if you intend to build this image yourself.
Environment variables (Dockerfile)
|UPLOAD_MAX_SIZE||file upload maximum size||10G|
|APC_SHM_SIZE||apc shared memory size||128M|
|MEMORY_LIMIT||max php command mem usage||512M|
|CRON_PERIOD||cron time interval (min.)||5m|
|CRON_MEMORY_LIMIT||cron max memory usage||1G|
|DB_TYPE||sqlite3, mysql, pgsql||sqlite3|
Leave them at default if you're not sure what you're doing.
Environment variables (used by setup.sh)
|DB_TYPE||sqlit3, mysql, pgsql|
|DB_NAME||name of the database|
|DB_USER||name of the database user|
|DB_PASSWORD||password of the db user|
ADMIN_PASSWORD are optional and mainly for niche purposes. Obviously, avoid clear text passwords. Once
setup.sh has run for the first time, these variables can be removed. You should then edit
/nextcloud/config/config.php directly if you want to change something in your configuration.
The usage of Docker secrets will be considered in the future, but
config.php already covers quite a lot.
|8888 (tcp)||Nextcloud web|
- Redirecting all HTTP traffic to HTTPS
- Setting the HSTS header correctly
Migration from the legacy image
From now on you'll need to make sure all volumes have proper permissions. The default UID/GID is now 1000, so you'll need to build the image yourself if you want to change that, or you can just change the actual permissions of the volumes using
chown -R 1000:1000. The flexibility provided by the legacy image came at some cost (performance & security), therefore this feature won't be provided anymore.
Other changes that should be reflected in your configuration files:
/configvolume is now
/apps2volume is now
ghcr.io/wonderfall/nextcloudis the new image location
You should edit your