Nextcloud Nginx Proxy Manager in 10 Minutes!

This tutorial shows you how to easily set up Nextcloud and protect it with Nginx Proxy Manager and real SSL certs on a Linux Server. I make it fast and easy for you, so we can deploy it in about 10 Minutes.

You can use this tutorial for Cloud Environments and On-Premises. Or if you want to deploy it on a small server or raspberry pi at home. The only important requirement is that you need a DNS record pointing to the public IP address. If you’re running the server at home behind a router, you need to forward the ports 80, 81, and 443.

Docker-Compose Template

version: '3'

volumes:
  nextcloud-data:
  nextcloud-db:
  npm-data:
  npm-ssl:
  npm-db:

networks:
  frontend:
    # add this if the network is already existing!
    # external: true
  backend:

services:

  nextcloud-app:
    image: nextcloud
    restart: always
    volumes:
      - nextcloud-data:/var/www/html
    environment:
      - MYSQL_PASSWORD=replace-with-secure-password
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=nextcloud-db
    networks:
      - frontend
      - backend

  nextcloud-db:
    image: mariadb
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - nextcloud-db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=replace-with-secure-password
      - MYSQL_PASSWORD=replace-with-secure-password
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    networks:
      - backend

  npm-app:
    image: jc21/nginx-proxy-manager:latest
    restart: always
    ports:
      - "80:80"
      - "81:81"
      - "443:443"
    environment:
      - DB_MYSQL_HOST=npm-db
      - DB_MYSQL_PORT=3306
      - DB_MYSQL_USER=npm
      - DB_MYSQL_PASSWORD=replace-with-secure-password
      - DB_MYSQL_NAME=npm
    volumes:
      - npm-data:/data
      - npm-ssl:/etc/letsencrypt
    networks:
      - frontend
      - backend

  npm-db:
    image: jc21/mariadb-aria:latest
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=replace-with-secure-password
      - MYSQL_DATABASE=npm
      - MYSQL_USER=npm
      - MYSQL_PASSWORD=replace-with-secure-password
    volumes:
      - npm-db:/var/lib/mysql
    networks:
      - backend

Deployment of Nextcloud with Nginx Proxy Manager on a fresh Server

If you don’t know about Docker and Docker-Compose, make sure you check out my tutorials on YouTube. We can easily deploy the full stack with this template with Docker-Compose or Portainer Stacks.

Install Docker and Docker-Compose

You can easily install Docker and Docker-Compose by following the official instructions.

Deployment with Docker-Compose

First, let’s create a new project folder in the /opt directory.

 mkdir /opt/nextcloud
 cd /opt/nextcloud 

Copy the Docker-Compose Template to your remote server. Execute the Docker-Compose file.

docker-compose up -d

Check if all Containers are running properly.

docker-compose ps
Output of “docker-compose ps” should look like this

(Optional) Deployment of Nextcloud in existing Portainer and Nginx Proxy Manager Installation

Note, if you already have an existing Nginx Proxy Manager installation running, follow this: Remove the Nginx Proxy Manager Parts from the Compose file. Then, uncomment the line “#external: True” in the networks section, to connect the containers to your existing Docker Network. Because this should be the same name as the network, where your Nginx Proxy Manager is connected to!

Configure Nginx Proxy Manager

When all containers are up and running, you can open the Nginx Proxy Manager on port 81. Make sure you’re using HTTP and the public IP address of your server to connect. When you login the first time with the username “admin@example.com” and password “changeme”, you need to change the credentials.

Create a new Proxy Host, and fill in the domain name and connect it to the “Nextcloud-app” on port 80.

Obtain a new SSL certificate with letsencrypt.

Now you should be able to access your Nextcloud Installation in the Browser.

Performance Issues with Nextcloud

On most servers, you probably can just continue with the “Install recommended apps” checkbox enabled. But I had very bad performance issues with this setting. Because, this was caused by the Collabora Built-In CODE Server, which was automatically installed. But, what you can do about this is, uncheck the checkbox “Install recommended apps”. Then install the Collabora Online Apps manually and use the Collabora Demo Servers.

Desktop Client Sync

I also had problems with setting up the Nextcloud Desktop Client Synchronization. We need to make a change in the config/config.php file. Make sure you add this line here in the configuration file.

'overwriteprotocol' => 'https'

28 thoughts on “Nextcloud Nginx Proxy Manager in 10 Minutes!”

  1. Hi Christian

    First of all, thanks for a lot of very good content!

    I have on suggestion and one questions I hope you can help me with:

    Suggestion: In the nextcloud container you have the possibility to mount a volume for the nextcloud config (/var/www/html/config), which is described in the readme on github under persistent data.

    Question: I simply can’t understand how the NPM and NC container can communicate when you don’t bind any ports for the NC container. Can you explain how this happens?

    Thanks in advance.

    Reply
  2. This looked good but sadly just left me with a Bad Gateway 502 error from the Nextcloud and container.
    There is no way to complete setup as there is no access to the container?

    Reply
    • Bad Gateway means there is something wrong with the connection to the container. Usually you should check the IP address, DNS name or if the container is in a different network than the npm.

      Reply
  3. Thanks for providing such good content.

    I’m working with the following scenario:
    Host (Ubuntu 20.04 LTS) managed by ispconfig (with Apache) with several main domains. Works fine so far. I would like to add several apps e.g. nextcloud, suitecrm, gitlab, youtrack running in docker containers and would like to make them available for all domains. I can do that by using dedicated ports for every app and configure proxy Apache directives for each app in each domain.

    I believe a scenario based on Nginx proxy manager would be more elegant. Because of ispconfig I cannot use the ports 80, 81 and 443 for Nginx proxy manager. But when I change the ports I see “internal error” while trying to create a subdomain with ssl.

    I would appreciate any ideas how to setup my scenario without “internal error”. Thanks in advance.

    Reply
  4. Is it also possible to use port 443 for Let’s Encrypt? I can’t open port 80 on my ISP’s garbage.

    And what about using CloudFlare? What’s the most secure solution?

    Arnold

    Reply
  5. Hi Christian. Danke für die tolle Anleitung. Mein Container nextcloud_nextcloud-app_1 bekommt leider keine Internetverbindung für Updates und die Editor Installation. Wie kann diese für den Container hergestellt werden?

    Reply
  6. This is the best tutorial I’ve seen for nginx+nextcloud setup ever.
    I’ve been struggling with setting up nextcloud for several months now using nextclouds official images and examples. But your setup takes it up several notches, and makes proxy + ssl administration super easy and beautiful.

    I greatly appreciate the instructions and the code! Thank you!

    Reply
  7. Hi there thanks for this comprehensive tutorial. Everything works flawlessly except the smbclient. It’s not installed. This would be a dealbreaker for me, so my question, how can I install it? Thank you for your time!

    Reply
  8. forgot to mention that
    – the backend network is not declared in the final network section at the end of the docker-compose file
    – and that maybe due to NC22? But I get a database error when trying to launch NC the first time:

    “Error while trying to initialise the database: An exception occurred while executing a query: SQLSTATE[HY000]: General error: 4047 InnoDB refuses to write tables with ROW_FORMAT=COMPRESSED or KEY_BLOCK_SIZE. ”

    Cheers! ;-D
    Dario

    Reply
    • Found out! With mariadb 10.6 there is a change in the handling of comppressed tables, sert to read only by default,..

      Just add
      –innodb-read-only-compressed=OFF
      to the “command:” section on nextcloud-mariadb in the docker-compose file andd it works.

      Reply
      • Hi, I am getting the same error when I try to open NextCloud for the first time.
        Please could you advise how I add the command –innodb-read-only-compressed=OFF?
        I have tried adding it as follows:
        command: –transaction-isolation=READ-COMMITTED –binlog-format=ROW –innodb-read-only-compressed=OFF
        But this produces an error in the nextcloud_nextcloud-db_1 log as follows:

        mysqld: Too many arguments (first extra is ‘–innodb-read-only-compressed=OFF’).

        Thank you for your help.

        Reply
        • Here is a command line that works:
          –transaction-isolation=READ-COMMITTED –binlog-format=ROW –innodb-file-per-table=1 –skip-innodb-read-only-compressed

          Reply
  9. Oh, my first comment got flagged!
    I try to condens:

    Thanks for the tutorial, I could not have it working though.
    – why the name of the containers are so variable? (despite being declared f.ex nextcloud-app, they end being nextcloud_nextcloud-app-1 or similar most of the time. How to solve? Once renamed, they work.
    – I would appreciate to see mentioned how to have local volumes for nextcloud data outside of the containers (var/), for example in a folder in my home.

    Now the heavy stuff:
    – anything about Collabora and how to set it up? It is so touchy, I got it working one time, but never since. I do not think their documentation is good.
    – every update of NextCloud on docker was a pain for me. Most of the time it ended with a broken situation, and I had to reinstall. Ideas/experience?
    – easy and working back up possibilities to assist with such problems?
    Thanks and cheers, great job!!
    Dario

    Reply
  10. Hi there Christian,

    Thank you for doing this all! You’ve really helped me going from a mechanical engineer to a mechnical engineer with it skills 🙂

    I have some questions regarding this.

    First one; In the dockerhub build the mounded volumes are simply data and config. Your version however mounts a html folder and a mysql folder. How did you find out how to do this ? Is there ant nextcloud documentation i’m missing ? And what is the difference between your approach and the one discussed on the dockerhub ? I’d like to understand the process in order to learn from it 🙂

    Second question: is it possible in the build to run the nextcloud and database instance on my nvme drive while storing the files on a external drive ? My nvme is only 500 gig and I would rather not fill it up with ‘regular’ files.

    Thank you in advance!

    Finally maybe a nice tip for another video: Calendso! I’m a teacher (mechanical engineering) and because our IT department is unfortunatley quite limited our outlook appointments are not functining propperly, my classes don’t show up in my outlook…. my solution now is calendly but that costs me 100 euro a year. I’d like to selfhost it using calendso 🙂

    Thanx and keep up the fantastic work!

    Reply
  11. Hallo Christian,

    super für die gute Anleitung!

    Trotz der von dir beschriebenen Konfig und dem befolgen der Anleitung
    hier: https://help.nextcloud.com/t/nextcloud-and-nginx-proxy-manager/104180/7
    und hier: https://docs.nextcloud.com/server/22/admin_manual/issues/general_troubleshooting.html#service-discovery

    kommen bei mir (Nextcloud 21.1.1 offizielles Apache Image) folgende Fehler:
    1. Der “Strict-Transport-Security“-HTTP-Header ist nicht auf mindestens “15552000“ Sekunden eingestellt. Für mehr Sicherheit wird das Aktivieren von HSTS empfohlen, wie es in den Sicherheitshinweisen ↗ erläutert ist.
    2. Ihr Webserver ist nicht richtig konfiguriert um “/.well-known/caldav” aufzulösen. Weitere Informationen hierzu finden Sie in unserer Dokumentation ↗.
    3. Ihr Webserver ist nicht richtig konfiguriert um “/.well-known/carddav” aufzulösen. Weitere Informationen hierzu finden Sie in unserer Dokumentation ↗.

    Reply
  12. Ah! Kurzer Nachtrag. Er hatte die Aktivierung von HSTS im SSL-Reiter nicht übernommen. die erste Warnung ist somit weg, aber wie bekomme ich den Redirect hin? Habe dazu nichts im Internet finden können und ich habe in der .htaccess schon einen (von Haus aus) vorhandenen eintrag mit:
    RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
    RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]

    drin stehen. Da ich nextcloud in der standard-Docker Variante betreibe liegt es ja im /var/www/html-Ordner und ich muss den rewrite nicht abändern, oder?

    Reply
  13. Hi Cristiano
    I have a problem, the reverse proxy server (Nginx Proxy Manager) is located in a private subnet, my reverse proxy does not have Internet to manage the certificates (using Cerbot), the certificates are generated and stored on a remote server in the private subnet and I need the reverse proxy server to get or point to the certificates stored on the remote server

    Reply

Leave a Comment

I accept the Privacy Policy