forked from wonderfall/nextcloud
- Based on Alpine Linux.
- Bundled with nginx and PHP 7.1 (wonderfall/nginx-php image).
- Automatic installation using environment variables.
- Package integrity (SHA512) and authenticity (PGP) checked during building process.
- Data and apps persistence.
- OPCache (opcocde), APCu (local) installed and configured.
- system cron task running.
- MySQL, PostgreSQL (server not built-in) and sqlite3 support.
- Redis, FTP, SMB, LDAP, IMAP support.
- GNU Libiconv for php iconv extension (avoiding errors with some apps).
- No root processes. Never.
- Environment variables provided (see below).
- latest : latest stable version. (15)
- 15 : latest 15.0.x version (NC stable but this container umage still untested and therefore unstable)
- 14 : latest 14.0.x version (stable)
- nightly : latest code from NextCloud, unstable
For security reasons, you should occasionally update the container, even if you have the latest version of Nextcloud. Images are built on a regular schedule, to keep underlying dependencies up to date.
- NEXTCLOUD_VERSION : version of nextcloud
- GNU_LIBICONV_VERSION : version of GNU Libiconv
- GPG_nextcloud : signing key fingerprint
- UID : nextcloud user id (default : 991)
- GID : nextcloud group id (default : 991)
- UPLOAD_MAX_SIZE : maximum upload size (default : 10G)
- APC_SHM_SIZE : apc memory size (default : 128M)
- OPCACHE_MEM_SIZE : opcache memory size in megabytes (default : 128)
- MEMORY_LIMIT : php memory limit (default : 512M)
- CRON_PERIOD : time interval between two cron tasks (default : 15m)
- CRON_MEMORY_LIMIT : memory limit for PHP when executing cronjobs (default : 1024m)
- TZ : the system/log timezone (default : Etc/UTC)
- ADMIN_USER : username of the admin account (default : none, web configuration)
- ADMIN_PASSWORD : password of the admin account (default : none, web configuration)
- DOMAIN : domain to use during the setup (default : localhost)
- DB_TYPE : database type (sqlite3, mysql or pgsql) (default : sqlite3)
- DB_NAME : name of database (default : none)
- DB_USER : username for database (default : none)
- DB_PASSWORD : password for database user (default : none)
- DB_HOST : database host (default : none)
- PERMISSION_RESET : Set to 0 to disable permission fixing on container boot - can be useful if you have a large install and wish to handle permissions manually (default : 1)
Don't forget to use a strong password for the admin account!
- 8888 : HTTP Nextcloud port.
- /data : Nextcloud data.
- /config : config.php location.
- /apps2 : Nextcloud downloaded apps.
- /nextcloud/themes : Nextcloud themes location.
- /php/session : php session files.
Basically, you can use a database instance running on the host or any other machine. An easier solution is to use an external database container. I suggest you to use MariaDB, which is a reliable database server. You can use the official
mariadb image available on Docker Hub to create a database container, which must be linked to the Nextcloud container. PostgreSQL can also be used as well. Additionally, sqlite3 is supported, but not reccomended outside of testing and very small instances.
Pull the image and create a container.
/docker can be anywhere on your host, this is just an example. Change
MYSQL_PASSWORD values (mariadb). You may also want to change UID and GID for Nextcloud, as well as other variables (see Environment Variables).
docker pull benyanke/nextcloud:10.0 && docker pull mariadb:10 docker run -d --name db_nextcloud \ -v /docker/nextcloud/db:/var/lib/mysql \ -e MYSQL_ROOT_PASSWORD=supersecretpassword \ -e MYSQL_DATABASE=nextcloud -e MYSQL_USER=nextcloud \ -e MYSQL_PASSWORD=supersecretpassword \ mariadb:10 docker run -d --name nextcloud \ --link db_nextcloud:db_nextcloud \ -v /docker/nextcloud/data:/data \ -v /docker/nextcloud/config:/config \ -v /docker/nextcloud/apps:/apps2 \ -v /docker/nextcloud/themes:/nextcloud/themes \ -e UID=1000 -e GID=1000 \ -e UPLOAD_MAX_SIZE=10G \ -e APC_SHM_SIZE=128M \ -e OPCACHE_MEM_SIZE=128 \ -e CRON_PERIOD=15m \ -e TZ=Etc/UTC \ -e ADMIN_USER=mrrobot \ -e ADMIN_PASSWORD=supercomplicatedpassword \ -e DOMAIN=cloud.example.com \ -e DB_TYPE=mysql \ -e DB_NAME=nextcloud \ -e DB_USER=nextcloud \ -e DB_PASSWORD=supersecretpassword \ -e DB_HOST=db_nextcloud \ benyanke/nextcloud:10.0
You are not obliged to use
ADMIN_PASSWORD. If these variables are not provided, you'll be able to configure your admin acccount from your browser.
Below you can find a docker-compose file, which is very useful!
Now you have to use a reverse proxy in order to access to your container through Internet, steps and details are available at the end of the README.md. And that's it! Since you already configured Nextcloud through setting environment variables, there's no setup page.
You will have to build yourself using an Alpine-ARM image, like
In the admin panel, you should switch from
AJAX cron to
cron (system cron).
Pull a newer image, then recreate the container as you did before (Setup step). None of your data will be lost since you're using external volumes. If Nextcloud performed a full upgrade, your apps could be disabled, enable them again (starting with 12.0.x, your apps are automatically enabled after an upgrade).
I advise you to use docker-compose, which is a great tool for managing containers. You can create a
docker-compose.yml with the following content (which must be adapted to your needs) and then run
docker-compose up -d nextcloud-db, wait some 15 seconds for the database to come up, then run everything with
docker-compose up -d, that's it! On subsequent runs, a single
docker-compose up -d is sufficient!
Don't copy/paste without thinking! It is a model so you can see how to do it correctly.
version: '2' networks: default: driver: bridge services: nextcloud: image: benyanke/nextcloud depends_on: - nextcloud-db # If using MySQL - solr # If using Nextant - redis # If using Redis environment: - UID=1000 - GID=1000 - UPLOAD_MAX_SIZE=10G - APC_SHM_SIZE=128M - OPCACHE_MEM_SIZE=128 - CRON_PERIOD=15m - TZ=Europe/Berlin - ADMIN_USER=admin # Don't set to configure through browser - ADMIN_PASSWORD=admin # Don't set to configure through browser - DOMAIN=localhost - DB_TYPE=mysql - DB_NAME=nextcloud - DB_USER=nextcloud - DB_PASSWORD=supersecretpassword - DB_HOST=nextcloud-db volumes: - /docker/nextcloud/data:/data - /docker/nextcloud/config:/config - /docker/nextcloud/apps:/apps2 - /docker/nextcloud/themes:/nextcloud/themes # If using MySQL nextcloud-db: image: mariadb:10 volumes: - /docker/nextcloud/db:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=supersecretpassword - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - MYSQL_PASSWORD=supersecretpassword # If using Nextant solr: image: solr:6-alpine container_name: solr volumes: - /docker/nextcloud/solr:/opt/solr/server/solr/mycores entrypoint: - docker-entrypoint.sh - solr-precreate - nextant # If using Redis redis: image: redis:alpine container_name: redis volumes: - /docker/nextcloud/redis:/data
You can update everything with
docker-compose pull followed by
docker-compose up -d.
How to configure Redis
Redis can be used for distributed and file locking cache, alongside with APCu (local cache), thus making Nextcloud even more faster. As PHP redis extension is already included, all you have to is to deploy a redis server (you can do as above with docker-compose) and bind it to nextcloud in your config.php file :
'memcache.distributed' => '\OC\Memcache\Redis', 'memcache.locking' => '\OC\Memcache\Redis', 'memcache.local' => '\OC\Memcache\APCu', 'redis' => array( 'host' => 'redis', 'port' => 6379, ),
How to configure Nextant
You will have to deploy a Solr server, I've shown an example above with docker-compose. Once Nextant app is installed, go to "additional settings" in your admin pannel and use http://solr:8983/solr as "Adress of your Solr Servlet". There you go!
Tip : how to use occ command
There is a script for that, so you shouldn't bother to log into the container, set the right permissions, and so on. Just use
docker exec -ti nexcloud occ command.
Of course you can use your own solution! nginx, Haproxy, Caddy, h2o, Traefik...
Whatever your choice is, you have to know that headers are already sent by the container, including HSTS, so there's no need to add them again. It is strongly recommended (I'd like to say : MANDATORY) to use Nextcloud through an encrypted connection (HTTPS). Let's Encrypt provides free SSL/TLS certificates, so you have no excuses.
You can take a look at xataz/reverse-nginx. It was made with security and ease-of-use in mind, using the latest versions of nginx and OpenSSL. It also provides SSL/TLS automation with lego, a Let's Encrypt client. Also, no need to bother about configuration files! This image does litterally everything for you.
Look at how simple it is. First, you have to add labels to your Nextcloud container, like this:
nextcloud: ... labels: - reverse.frontend.domain=cloud.domain.tld - reverse.backend.port=8888 - reverse.frontend.ssl=true - reverse.frontend.ssltype=ec384 - reverse.frontend.hsts=false - reverse.frontend.headers=false
These labels can tell the reverse container what settings should be set when generating files/certificates for Nextcloud. Now you can add the reverse container in your docker-compose file, and you need to provide it your
reverse: image: xataz/reverse-nginx container_name: reverse ports: - "80:8080" - "443:8443" environment: - EMAILfirstname.lastname@example.org volumes: - /docker/reverse/ssl:/nginx/ssl - /var/run/docker.sock:/var/run/docker.sock depends_on: - nextcloud
That's it! Enjoy.