{"id":29620769,"url":"https://github.com/d4void/mynextcloud","last_synced_at":"2026-05-09T09:02:09.222Z","repository":{"id":304979906,"uuid":"1000281551","full_name":"D4void/MyNextCloud","owner":"D4void","description":"My project to self-host Nextcloud with docker and traefik","archived":false,"fork":false,"pushed_at":"2025-07-17T14:08:21.000Z","size":10,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-17T16:19:00.612Z","etag":null,"topics":["docker","nextcloud","traefik"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/D4void.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-11T14:34:57.000Z","updated_at":"2025-07-17T14:08:25.000Z","dependencies_parsed_at":"2025-07-17T19:26:20.445Z","dependency_job_id":"c5e26670-bfa3-4f7c-abcb-a69dacc7752a","html_url":"https://github.com/D4void/MyNextCloud","commit_stats":null,"previous_names":["d4void/mynextcloud"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/D4void/MyNextCloud","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D4void%2FMyNextCloud","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D4void%2FMyNextCloud/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D4void%2FMyNextCloud/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D4void%2FMyNextCloud/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/D4void","download_url":"https://codeload.github.com/D4void/MyNextCloud/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D4void%2FMyNextCloud/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266236668,"owners_count":23897221,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","nextcloud","traefik"],"created_at":"2025-07-21T04:00:32.102Z","updated_at":"2026-05-09T09:02:09.216Z","avatar_url":"https://github.com/D4void.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MyNextCloud\n\nProduction-ready Nextcloud deployment with Docker Compose, featuring a custom image with SMB support and integration with Traefik reverse proxy.\n\n## Features\n\n- **Custom Nextcloud Image**: Extended official image with `smbclient` for external SMB/CIFS storage\n- **Complete Stack**: Nextcloud, MariaDB 11.4, Redis cache, Collabora Online Development Edition (CODE)\n- **Traefik Integration**: Automatic HTTPS with Let's Encrypt certificates\n- **Automated Backups**: Integrated Plakar backup system for data and database\n- **Production Ready**: Resource limits, health checks, and proper volume management\n\n## Prerequisites\n\n- Docker and Docker Compose\n- [MyTraefik](https://github.com/D4void/MyTraefik) project deployed (provides `MyTraefikNet` network)\n- [MyDockerApps](https://github.com/D4void/MyDockerApps) - Unified Docker Compose orchestrator\n- [Plakar](https://plakar.io/) - Plakar installed. Backup tool used for snapshots\n- [plakarbackup](https://github.com/D4void/plakarbackup) - My Bash wrapper script for plakar\n- DNS A record pointing to your server for `NEXTCLOUD_FQDN` and `COLLABORA_FQDN`\n\n## Quick Start\n\n### 1. Initial Configuration\n\n```bash\n# Copy environment template\ncp env.example .env\nchmod 600 .env\n\n# Edit .env with your configuration\nnano .env\n```\n\nConfigure the following critical variables:\n- `NEXTCLOUD_FQDN`: Your Nextcloud domain (e.g., `nextcloud.domain.fr`)\n- `COLLABORA_FQDN`: Collabora Online domain (e.g., `office.domain.fr`)\n- `COLLABORA_DOMAIN`: Escaped domain for regex (e.g., `nextcloud\\\\.domain\\\\.fr`)\n- `TRAEFIK_IP`: Internal IP of Traefik container\n- `NC_VOL`: Host path for volume data (e.g., `/opt/MyNextcloud`)\n- Database credentials and service versions\n\n### 2. Initialize Volumes\n\n```bash\n# Create volume directories with correct permissions\n./init-voldir.sh\n```\n\nThis creates all required directories with proper uid/gid and permissions:\n- MariaDB data (999:999, chmod 700)\n- Redis data (999:1000, chmod 700)\n- Nextcloud data/config/apps (33:33, chmod 750)\n\n### 3. Deploy Services\n\n**Recommended**: Use [MyDockerApps](https://github.com/D4void/MyDockerApps) orchestrator to manage Traefik dependency:\n\n```bash\ncd ../MyDockerApps\ndocker compose up -d\n```\n\nThis ensures Traefik starts first and creates the `MyTraefikNet` network before Nextcloud services attempt to connect.\n\n**Alternative** (standalone, requires MyTraefik already running):\n\n```bash\ndocker compose up -d\n```\n\nAccess Nextcloud at `https://\u003cNEXTCLOUD_FQDN\u003e` and complete the web setup.\n\n\n## Building Custom Image (Optional)\n\nThe custom image adds SMB client support to official Nextcloud.\n\nIf you want to build the image yourself, edit build.sh and run it:\n\n```bash\n./build.sh\n```\n\nThis builds `d4void/nextcloud:${NEXTCLOUD_TAG}` and pushes to Docker Hub.\n(Change to your dockerhub repository and modify docker compose file accordingly)\n\n## Administration\n\n### Nextcloud CLI (occ)\n\nUse the `occ.sh` wrapper for all occ commands:\n\n```bash\n./occ.sh maintenance:mode --on\n./occ.sh files:scan --all\n./occ.sh user:list\n./occ.sh app:enable files_external\n```\n\n### Maintenance Mode\n\n```bash\n# Enable maintenance mode\n./occ.sh maintenance:mode --on\n\n# Disable maintenance mode\n./occ.sh maintenance:mode --off\n```\n\n[Maintenance doc](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html#)\n\n\n### After first startup\n\n**Nextcloud**\n\nIn the admin panel (overview), you may see recommendations and you can apply them with the occ command (default phone region, maintenance window, DB missing indices).\n\nExamples:\n\n```bash\n./occ.sh config:system:set default_phone_region --value=FR\n./occ.sh config:system:set maintenance_window_start --value=\"1\" --type=integer\n./occ.sh maintenance:repair --include-expensive\n./occ.sh db:add-missing-indices\n```\n\nYou may also need to set up the system config for `overwrite.cli.url`, `overwritehost` and `overwriteprotocol`.\n\nIt's possible to set these parameters in `config.php` in the Nextcloud volume or use the occ command.\n\n```bash\nsource .env\n./occ.sh config:system:set overwrite.cli.url --value=https://$NEXTCLOUD_FQDN\n./occ.sh config:system:set overwritehost --value=$NEXTCLOUD_FQDN\n./occ.sh config:system:set overwriteprotocol --value=https\n``` \n\nFinally, because of Traefik, we need to define it as a trusted proxy. \n([Documentation reverse proxy](https://docs.nextcloud.com/server/31/admin_manual/configuration_server/reverse_proxy_configuration.html))\n\n```bash\nsource .env\n./occ.sh config:system:set trusted_proxies 0 --value=\"$TRAEFIK_IP\"\n```\n\nI also had a warning concerning .well-known URLs\n`Could not check that your web server serves '.well-known' correctly. Please check manually. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its 'trusted_domains' or the 'overwrite.cli.url'. This failure may be the result of a server-side DNS mismatch or outbound firewall rule.`\n\n```bash\n./occ.sh config:system:set trusted_domains 2 --value=localhost\n```\n\n**Collabora Online Development Edition**\n\nAfter startup, verify Collabora access at https://${COLLABORA_FQDN}/browser/dist/admin/admin.html\n\nConfigure the Nextcloud WOPI URL (Web Application Open Platform Interface) with the occ command or in the Nextcloud admin panel, Nextcloud Office menu.\n\n```bash\nsource .env\n./occ.sh config:app:set richdocuments wopi_url --value=\"https://${COLLABORA_FQDN}/\"\n```\n\nConfigure the WOPI allowlist to authorize the WOPI client (the Collabora server must be allowed to act as a WOPI client). I set the IP subnet configured for `MyTraefikNet` to allow internal calls.\n\n```bash\nsource ../MyTraefik/.env\n./occ.sh config:app:set richdocuments wopi_allowlist --value=\"$SUBNET\"\n```\n\nNote:\n\nAt the beginning, I faced many network issues with Collabora and Nextcloud in Docker. \n\nFirst, the Nextcloud and Collabora FQDNs were resolved with their public IP and communication was done externally, leading to issues with headers.\n\nI forced the Nextcloud and Collabora FQDNs to resolve to the Traefik IP using `extra_hosts` in `docker-compose.yml`. For the Nextcloud container, the Collabora FQDN resolves to the Traefik IP address. For the Collabora container, the Nextcloud FQDN resolves to the Traefik IP address.\n\nNextcloud service\n```\nnc-nextcloud:\n...\nextra_hosts:\n    - \"${COLLABORA_FQDN}:${TRAEFIK_IP}\"\n```\n\nCollabora service\n```\nnc-collabora:\n...\nextra_hosts:\n    - \"${NEXTCLOUD_FQDN}:${TRAEFIK_IP}\"\n```\n\nThere are two other points in `docker-compose.yml` for the Collabora service. We need to authorize the Nextcloud domain to make WOPI requests with `domain=`, and we need to authorize the `origin` header from the browser with `aliasgroup1=`.\n\nSo we have:\n```bash\nenvironment:\n    - domain=${COLLABORA_DOMAIN}\n    - aliasgroup1=https://${NEXTCLOUD_FQDN}\n```\n\nConcerning TLS, it is managed by Traefik, so we need to have:\n`- extra_params=--o:ssl.enable=false --o:ssl.termination=true`\n\n\nTo debug and trace (header, IP), add:\n`- extra_params=--o:logging.level=trace`\n\n\n\n### Nextcloud User locked\n\nIf a user is locked (too many authentication failures for example) : `.occ.sh user:enable \u003cusername\u003e`\n\n\n### Preview and cpu/mem \n\nFiles previews is enabled by default and it can consume a lot of cpu \u0026 memory. Running this on a weak machine, can bring bad performance.\n\nDisable the previews:\n\n```bash\n./occ.sh config:system:set enable_previews --value=false --type=boolean\n```\n\nOr limit the concurrency and image size:\n\n```bash\n./occ.sh config:system:set enable_previews --value=true --type=boolean\n./occ.sh config:system:set preview_concurrency_new --value=1 --type=integer\n./occ.sh config:system:set preview_concurrency_all --value=2 --type=integer\n./occ.sh config:system:set preview_max_x --value=256 --type=integer\n./occ.sh config:system:set preview_max_y --value=256 --type=integer\n```\n\n[Check Nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#enable-previews)\n\nBy default, Docker uses all available resources. See the [Resource Limits](#resource-limits) section to configure CPU and memory limits.\n\n\n## Backup \u0026 Restore\n\n### Backup\n\nThe backup script creates a MariaDB dump and Plakar snapshot:\n\n```bash\n./nc-backup.sh\n```\n\nProcess:\n1. Enables maintenance mode\n2. Dumps MariaDB with `--single-transaction`\n3. Creates Plakar snapshot of dump + data/config/custom_apps\n4. Disables maintenance mode\n5. Cleans up temporary files\n\n**Dependency**: Requires [plakarbackup.sh](https://github.com/D4void/plakarbackup) installed at the path specified in `PLAKAR` variable.\n\nCurrently at `/usr/local/bin/plakarbackup.sh`\n\n### Restore\n\nTwo-step restoration process:\n\n```bash\n# Step 1: Extract Plakar snapshot\n./plakar-restore.sh \u003crepo_name\u003e \u003crestore_dir\u003e \u003csnapshot_id\u003e\n\n# Step 2: Restore database and data\n./nc-restore.sh \u003cdump_file\u003e \u003cdata_directory\u003e\n```\n\n**Warning**: Existing data/config/custom_apps are moved to `.old` directories before restore.\n\n## Architecture\n\n### Services\n\n| Service | Image | Purpose | Port |\n|---------|-------|---------|------|\n| nc-nextcloud | d4void/nextcloud:32.0.6-apache | Main Nextcloud server | 80 |\n| nc-cron | d4void/nextcloud:32.0.6-apache | Background jobs | - |\n| nc-db | mariadb:11.4-noble | Database with binlog | 3306 |\n| nc-redis | redis:8.0.2-alpine | Cache | 6379 |\n| nc-collabora | collabora/code:25.04.9.1.1 | Collabora Online | 9980 |\n\n### Networks\n\n- **MyNCnet** (internal): Service-to-service communication\n- **MyTraefikNet** (external): Traefik reverse proxy connection\n\n### Volumes\n\nAll volumes use bind mounts to `${NC_VOL}`:\n\n```\n${NC_VOL}/\n├── var-lib-mysql/     # MariaDB data\n├── redis_data/        # Redis persistence\n├── data/              # User files\n├── config/            # Nextcloud config\n├── custom_apps/       # Custom apps\n├── app/               # Nextcloud core\n└── backup/            # Local backups\n```\n\n### Key Design Decisions\n\n- **extra_hosts**: Forces Nextcloud ↔ Collabora communication through Traefik's internal IP instead of external DNS\n- **Bind mounts**: Explicit control over file permissions and ownership\n- **Shared volumes**: nc-nextcloud and nc-cron share the same volumes for consistency\n- **MariaDB binlog**: Transaction isolation with binary logging for replication support\n\n## Configuration Details\n\n### Resource Limits\n\nConfigured for standalone Docker Compose (convert to `deploy.resources` for Swarm):\n\n- nc-nextcloud: 0.7 CPU, 3GB RAM\n- nc-cron: 0.7 CPU, 3GB RAM  \n- nc-db: 0.7 CPU, 3GB RAM\n- nc-redis: 0.25 CPU, 512MB RAM\n- nc-collabora: 0.5 CPU, 1GB RAM\n\nEdit cpus and mem_limit in `docker-compose.yml`\n\n### Network Configuration\n\n#### Internal Network\n- `MyNCnet`: Internal network for `nc-nextcloud`, `nc-cron`, `nc-collabora`, `nc-redis`, `nc-db` communication\n\n#### External Network  \n- `MyTraefikNet`: Connection to Traefik reverse proxy (must exist before deployment)\n\n### Traefik Labels\n\nThe `nc-nextcloud` and `nc-collabora` services use these Traefik labels:\n- Routes HTTPS traffic via `Host()` rule\n- TLS termination with `certresolver=mytlschallenge` (Let's Encrypt)\n- Security middleware from `security@file` (HSTS, security headers)\n\n\n\n## Troubleshooting\n\n### Nextcloud can't connect to Collabora\n\nCheck `extra_hosts` configuration and verify `TRAEFIK_IP` matches Traefik container IP:\n\n```bash\ndocker inspect \u003ctraefik_container\u003e | grep IPAddress\n```\n\n### Permission errors\n\nVerify volume directory ownership:\n\n```bash\nls -la ${NC_VOL}/\n```\n\nRe-run `./init-voldir.sh` if needed.\n\n### Database connection issues\n\nCheck MariaDB container logs:\n\n```bash\ndocker logs nc-db\n```\n\n## License\n\nThis project is licensed under the MIT License. See [LICENSE](LICENSE) for details.\n\n## Related Projects\n\n- [Official Nextcloud Documentation](https://docs.nextcloud.com/)\n- [Collabora Online Documentation](https://www.collaboraoffice.com/code/)\n- [Collabora Integration Guide](https://help.nextcloud.com/t/collabora-integration-guide/151879)\n- [Traefik Documentation](https://doc.traefik.io/traefik/)\n- [MyTraefik](https://github.com/D4void/MyTraefik) - Traefik reverse proxy configuration\n- [MyDockerApps](https://github.com/D4void/MyDockerApps) - Unified Docker Compose orchestrator\n- [Plakar](https://plakar.io/) - Backup tool used for snapshots\n- [plakarbackup](https://github.com/D4void/plakarbackup) - Bash wrapper script for plakar\n\n\n---\n\n*This README was initially generated with AI assistance.*","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd4void%2Fmynextcloud","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fd4void%2Fmynextcloud","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd4void%2Fmynextcloud/lists"}