TurnKey Linux’ Nextcloud container on Proxmox

Here is an update : Nextcloud Docker container

I have been using Nextcloud since 2017 on my Unraid server using the Linuxserver Docker image. It works, but I have a major issue with it. I could not get my instance of Nextcloud upgraded to the latest stable. I started with version 12 and got it upgraded to version 14. Version 14 is the highest I can get my Nextcloud instance. Usually, upgrading the Linuxserver Docker containers is a matter of pulling a new image. However, the Nextcloud image is an exception. The Nextcloud image needs to be upgraded within the container. Here is the thread from Unraid forum in regards to upgrading the Linuxserver Nextcloud Docker container.

I am switching my Nextcloud instance from Linuxserver Nextcloud Docker image to TurnKey Linux Nextcloud LXC container. I will be using NFS from my NAS for the /data as shown in Figure 1. I also need to expose my Nextcloud to the Internet so that I can access my server anywhere. This is going to be behind an NGINX reverse proxy.

Figure 1

I am assuming that you have the following services in placed.

  • A reverse-proxy server such an NGINX
  • Valid certificate (Lets Encrypt)
  • A domain

Since I am going to be using my NAS to store my Nextcloud data as shown in Figure 1, I need to add the NFS share to Proxmox, so that the LXC can mount the bind point. The steps below are the things I am going to implement to accomplish my goal.

  1. Add the NFS share as a storage in Proxmox
  2. Download the TurnKey Linux Nextcloud template
  3. Create the Nextcloud container using the TurnKey Linux Nextcloud template
  4. Modify the container’s <container-id>.conf file to bind the mount point
  5. Setup the NGINX server block
  6. Adjust the PHP file based on my settings
  7. Configure Nextcloud
  8. Create a new admin account

Let’s go through the laundry list above. We are going to do this in order from 1 through 8.

  1. Login to Proxmox web UI and navigate to Datacenter > Storage
  2. Click Add then select NFS
    1. In the ID field, give the storage that can be easily identify
    2. In the Server field, enter the IP address of the NFS server
    3. In the Export field, enter the absolute path of the NFS export
    4. In the Content field, deselect the Disk Image and select the Container
Figure 2

Let’s download the TKL Nextcloud template using the Proxmox web UI

  1. Expand your PVE node and navigate to the storage where you keep the container templates/ISO
  2. Select Content then Templates
  3. Search for “nextcloud
  4. Select the turnkey-nextcloud
  5. Click Download
Figure 3

Once the template has been downloaded, we can create the Nextcloud container.

  • Click on the button in the upper right corner Create CT
    1. Make sure under the General tab, the Unprivileged is marked as shown in Figure 4
    2. Click Next
    3. Under the Template tab, select the storage where we downloaded the TKL Nextcloud template
    4. Find the debian-10-turnkey-nextcloud_16.0-1_amd64.tar.gz and select it
    5. Click Next when done
    6. Under the Root Disk tab, adjust based on your parameters
    7. Click Next
    8. Under the CPU and Memory tabs, set it based on your needs
    9. Click Next
    10. Under the Network tab, configure your network based on your environment
    11. Click Next
    12. Under the Confirm tab, do not select Start after created box
    13. Click Finish
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10
Figure 11

Before starting the container, we need to modify the LXC container .conf file that is located in /etc/pve/lxc/. Navigate to PVE node and select Shell to access the node’s terminal. Before modifying the .conf file, we need to get the path of the NFS export we added earlier. Navigate to the directory /etc/pve/ and cat the storage.cfg.

# Navigate to where the storage.cfg is
cd /etc/pve/

# We need to find the ID  and its path. This will print 
# the information we need which is the path 
# "/mnt/pve/tower_cloud"
grep "tower_cloud" storage.cfg -A 4
Figure 12

Once we get the path to the NFS storage, we need to modify the Nextcloud container .conf file. The .conf file is located in /etc/pve/lxc/. We need to add a line to the .conf file. However, we need to identify which one is our Nextcloud container. Each container in /etc/pve/lxc/ is labeled by its CT ID. So back to Figure 4, my CT ID is 109. Therefore, the file that I need to edit is the 109.conf.

My NFS export is /mnt/user/Cloud from my NAS. However, my target directory is a subdirectory in my NFS export which is /mnt/user/Cloud/nextcloud_lxc. Therefore, I added the subfolder to my path.

# To add the mountpoint to the 109.conf
# pct set <ct-id> --mp0 <source-path>,mp=<destination-path>
pct set 109 --mp0 /mnt/pve/tower_cloud/nextcloud_lxc,mp=/var/www/nextcloud/data

Now that the NFS storage has been mounted we can start working on the Nextcloud container. Before powering on the Nextcloud container, we need to configure our NGINX to point it to our subdomain.

I am using NGINX as my reverse-proxy so that I can access my resources securely from outside of my network. Below is the server block.

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver valid=30s;
        set $upstream_app nextcloud;
        set $upstream_port 443;
        set $upstream_proto https;

        proxy_max_temp_file_size 2048m;

Now, we need to power on the Nextcloud TurnKey container. Navigate to CT’s Console and login as root user.

  1. Enter the MySQL password for Adminer which is the frontend for MySQL
  2. Enter the password for the Nextcloud admin account
  3. Enter the domain
  4. It is up to you if you want to use the TKL services, but I skipped mine
  5. It is up to you if you want TKL notifications. I skipped mine
  6. Install the security updates
  7. The page is the appliance services. Do not go to http://<ip-address> yet to initialize Nextcloud. Click on Advanced Menu
  8. Select Quit to enter the terminal
Figure 12
Figure 13
Figure 14
Figure 15
Figure 16
Figure 17
Figure 18
Figure 19

Once we are in the terminal, navigate to /var/www/nextcloud/config/. Just in case, make a backup of the config.php.

cd /var/www/nextcloud/config/

# Make a backup of config.php
cp config.php config.php.bak

Now we need to edit the config.php file. We need to replace and add couple of lines. Adjust the value based on your use case.

  • Replace the line 0 => 'localhost' with the correct IP address 0 => ''
  • Replace the line 'overwrite.cli.url' => 'http://localhost', with your own domain'overwrite.cli.url' => 'https://nextcloud.networkshinobi.com',
  • Add the following line: 'overwritehost' => 'nextcloud.networkshinobi.com',
  • Add the following line: 'overwriteprotocol' => 'https',

The config.php file should look something similar to below

$CONFIG = array (
  'passwordsalt' => 'OPIju1935706jhaliuoiejlo*&po;',
  'secret' => '79df369621cafe8e85ba7a8cf6d794asdi23498uoidhjaoic01ae333f3cfe176198uwke42,
  'trusted_domains' => 
  array (
    0 => 'localhost',
1 => 'nextcloud.networkshinobi.com',
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '',
  'overwrite.cli.url' => 'https://nextcloud.networkshinobi.com',
  'overwritehost' => 'nextcloud.networkshinobi.com',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'Ohnskie2aaasljeoia87be3ak74sy8732qydiuhf',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
    'timeout' => 0.0,
  'filelocking.enabled' => true,
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'instanceid' => '92fa8123425269u',

In addition to editing the config.php file, we need to change the owner of the nextcloud directory and add the .ocdata to the data directory.

  • Make sure to add the file .ocdata in the root of the NFS share; otherwise, you will get an error as shown in Figure 20.
  • Change the owner of the directory /var/www/nextcloud to www-data
# Add the .ocdata file in the root of the data directory
touch /var/www/nextcloud/data/.ocdata

# Change the directory owner
chown -R www-data:www-data /var/www/nextcloud
Figure 20

At this point, the Nextcloud LXC container should be configured. Open a web-browser and navigate to the IP address or the subdomain of the LXC container. If everything goes well, you should get the login prompt. Login to Nextcloud using the “admin” account that was created in Figure 13.

  1. We will create a new admin
  2. Delete the TKL admin account

Let’s create a new admin account. Login to the nextcloud web UI. https://<sub.domain.com> using the TKL admin account. Then navigate to upper right corner and click on the admin account. Click on Users.

Click on New user and give it a new name and a password. Make sure that select admin from the group to add the new user to the admin group. When done, click on the blue button then logout.

Figure 21

Login as the new admin. Then go back to the new admin account then select Users. From here, delete the original admin account as shown in Figure 22 and start using the new admin account.

Figure 22

One last thing, the default timezone is UTC. There is nothing wrong about UTC and most system preferred UTC. If it bothers you, the command to change the timezone is dpkg-reconfigure tzdata.

That’s about it. Cheers!

Notify of

Newest Most Voted
Inline Feedbacks
View all comments
3 years ago

When you boot up the turnkey container, mine did not display the blue screen with all the questions. How do I run setup inside the container?

Found it, just type in ‘turnkey-init’ at the prompt inside the container

Last edited 3 years ago by bill
3 years ago

Hey, thanks for the article. This is exactly what I am trying to do. I’m running into trouble with the nginx reverse proxy, with 502 bad gateway errors so any help is appreciated. I’m also a noob at all this, so please go easy on me 🙂 Here is my setup. Nextcloud LXC is on and my nginx runs in a separate LXC in When the request hits nginx, I need to forward it to right. So, here goes. Add to the trusted_hosts list in nextcloud’s config.php. How do i set the overwrite.cli/host/protocol then? Do I… Read more »

Reply to  Karlo Abaga
3 years ago

Great, thanks for the reply. I’ll look into the SWAG container. It might simplify my life. 🙂
Looking forward to more posts on your blog

JF Caringi
JF Caringi
3 years ago

terrific job, thanks!

Last edited 3 years ago by JF Caringi
David Smith
David Smith
3 years ago

This is.a really useful guide but i am not sure i am following it to the letter. I have got the install working, but i am limited to the size of the root disk that i set, yours being 10Gb in the figure 6. I want to install a root disk but have the data disk on the NFS drive, i have tried moving it by mounting the NFS in FSTAB and copying and moving the data drive (and routing in config.php) but it wouldnt work. Are you able to expand the guide a little ?

David Smith
David Smith
Reply to  Karlo Abaga
3 years ago

Thanks for quick response. i used the PCT set command and it puts the container on the NFS drive but my storage for data directory on nextcloud is limited to the size of the container i selected in root drive (10Gb). i want to use my full NFS drive (6TB DLink 320 NAS) to host the data directory from nextcloud. there are some instructions out there about moving the data directory, but i cant seem to get any to work. I presume i could just set the disk size to 4T or something, but i would like the files to… Read more »

3 years ago

Thank you so much, i’m noob with low english skill and that was a great help :3 I will share what i did to finally get my server without warning etc after 2 day of headhache on my proxmox 🙂 On my reverse proxy (nginx) to have a valid certificate and working redirection (i’m totally noob with NGINX, don’t understand all but it work well for me..) : # certbot –nginx –agree-tos –redirect –hsts –staple-ocsp –email [email protected] -d nextcloud.mydomain.com # vi /etc/nginx/conf.d/nextcloud.conf nexcloud.conf : — server_tokens off; server { listen 80;   listen [::]:80;   server_name   nextcloud.mydomain.com;   return 404; } server { server_name   nextcloud.mydomain.com;… Read more »

2 years ago

Hi! Tahnk you very much for this turorial, this is exactly what i was looking for. However i cant seem to make the NFS MountPoint going to work. I can add my Synology NFS Share to the proxmox Host, i can add/delete files in that share and everything works. When i try to create an unprivileged CT, the NFS mountpoint does not work at all. I then tried creating it as a privileged CT and put the mountpoint in it but it seems that the turnkey nextcloud installation is creating an /var/www/nextcloud-data folder and puts the ../admin, ../nextcloud.log and so… Read more »

Reply to  Karlo Abaga
2 years ago

Yes, i can see the mount as it self, but it seems that my permissions are not right. When i ls -l the directory /var/www/nextcloud/, all the folders have www-data as the owner, except the folder data, which i mounted. It is with green background in the ls -l listing and has the owner ‘nobody’ and group ‘nogroup’. I tried your command chown -R but it says ‘operation not permitted’ on that data folder. When i open my Synology NAS to check the rights, i tried all squash-possibilities and gave rights to the Proxmox Host IP and Container IP but… Read more »

Reply to  Eike
2 years ago

were you able to fix it?having similar issue!

Adam S
Adam S
2 years ago

Thank you for this write up. I had searched several months ago for a concise Proxmox-TKL-NextCloud guide. I was able to get this working using the host name of my local server. I do not have an NGINX proxy. Instead I used my router (an EdgeRouter X) and skipped certificates. However, if I try to set it up with an FQDN like you have, I am unable to bring up the login page. I get an ERR_CONNECTION_REFUSED. I have tried so many configurations, I could not tell you. I can still ping the NextCloud server by host name or FQDN… Read more »

Last edited 2 years ago by Adam S
2 years ago

thanks for creating that guide …..I have not converted my existing nextcloud setup (currently done via docker on an omv server) but I like to move to proxmox to have more flexibility. My idea is to have omv running in a vm on proxmox and use nfs (or cifs) as well to let nextcloud use the data as well as others. About NFS I am wondering in generall if it would be easier to do a nfs mount inside the container rather then mounting it on the host and then doing a mount bind point thing. Of course a nfs… Read more »

2 years ago

I am playing around on a test pve and for me it looks like that actually there is no need to edit the 100.cfg or whatever number file but the line according to your guide needs to get added to the .cfg file (the way I read it) is actually a command which will modify the cfg file if exectuted in the pve shell: pct set 109 –mp0 /mnt/pve/tower_cloud/nextcloud_lxc,mp=/var/www/nextcloud/data
The cfg file then gets a line like mp0: ….
Just wondering if i misunderstood the guide of if there are different ways to do the same.

2 years ago

So I’m going to try using the same imager, a question I have is how do you update the image? With docker I just place the config and data outside but I’m not sure about LXCs.

Carl J
Carl J
2 years ago

Thanks for the detailed article (will have to go over it again).
I’m planning on running NextCloud in an LXC on Proxmox, so this is helpful (I’ve tried in the past but had some issues with getting it going).

Question: Why the NFS server for Nextcloud? Why not access the mount directly from Nextcloud (through a bind mount)? Is this for security reasons?

Thanks again

Reply to  Karlo Abaga
2 years ago

When you say official container are you refering to this above LXC container? If not please share what steps are different than this guide.
Alos, i found in teh current lxc the directory is /var/www/nexcloud-data and not nextcloud/data
FYI – in my setup (like above) my update failed at ‘creating backup’. Dont know why

2 years ago

My disk now show the shared volume and capacity but any file i drop simply goes to the lxc vm disk of 32 GB instead of using the mount folder! what could be wrong?

2 years ago

Thank you very much for the detailed installation procedure. As I use Apache2, instead of Ngnix, reverse proxy with letsencrypt SSL, I have to amend /etc/apache2/sites-avaliable/nextcloud.conf in nextcould root console. The nextcould container, by default, uses Apache2 for HTTP redirection to https with self-signed certificate. The revised nextcloud.conf looks like belows. Basically, I comment out the whole Virtualhost 443 section and Directory section, and add DocumentRoot in Virtualhost 80. After restart the container, the local access to nextcloud becomes HTTP protocol, and thus I can use normal Apache2 reverse proxy to gain authorized ssl/https access to nextcloud. ServerName localhost <VirtualHost… Read more »

Reply to  bthoven
2 years ago

Disabling https like above has negative effect on Nextcloud app on Android. I can’t sign in. It seems Nextcloud newer versions plant https as necessary in many parts of the software, which is a good thing.

I’m later able to make Apache reverse proxy, with letsencrypt, work with Nextcloud self-signed https as shown in another comment of mine.

2 years ago

As I used Apache2 reverse proxy, not ngnix. Below is the reverse proxy part that works

<VirtualHost *:443>
  ProxyPreserveHost On
#SSLProxyVerify none
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
#SSLProxyCheckPeerExpire off
  ServerName nextcloud.bthofen.com  
  SSLProxyEngine on
  ProxyPass /
  ProxyPassReverse /
Reply to  bthoven
2 years ago

Just to add to the above post that I didn’t show the other part of apache reverse proxy serup which specifies virtual host port 80 and 443 with letsencrypt key directory set up because they are the preliminary set up which must be there to support any additional virtual host we add, in this case, Nextcloud.

2 years ago

Thank you very much for this topic!
I have a bit difficult to login as root user. I don’t know the root password. Please, what is the default password for root user?

Sorry for this useless comment! I forgot that I taped it yesterday during CT creation.
Thanks again for the topic

Last edited 2 years ago by bzhenel
2 years ago


Can You elaborate how exacly You have configured nginx ?
Was this LXC from proxmox templates ?

Reply to  Karlo Abaga
2 years ago

I am also trying to use NGINX Proxy Manager but i think “scratching surface” is more appropriate term then trying. Could You please point any useful article ? I cant find anything suitable.

Faisal Alhaddar
Faisal Alhaddar
2 years ago

I tried to find a solution, but I am new to the Linux world and I searched and found this link to solve this problem, but I could not figure out the steps to solve this problem

Can you help me solve this problem?
step by step


this link



2 years ago

Hi, great article. By the way I am currently contemplating where to install nextcloud on unraid and move it proxmox lxc container. Can you tell me why you chose to move to proxmox?

Also I have a spare server, do you think it would be better to make it as backup server for unraid (if I move nextcloud here) or proxmox?


1 year ago

Hi, I install nextcloud with your LXC template.
But I use Nginx as Reverseproxy on another LXC.
My LXC Nextcloud is on and my LXC Nginx on
I have a free account on No-ip for dynamic dns.

When I go to my nextcloud on LAN is OK, but when I try by dynamic DNS with “XXX.XXX/nextcloud” I redirected to LAN IP, and it’s inaccessible.

Reply to  Karlo Abaga
1 year ago

I haven’t a Docker installation on my little own home-server :). On my Nginx, I change LAN IP, here it’s my Nginx conf file : upstream plex_backend { server; keepalive 32; } server { listen 443 ssl; listen [::]:443 ssl; server_name Xxx.xxx.xxx; ssl_certificate /etc/letsencrypt/live/Xxx.xxx.xxx/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/Xxx.xxx.xxx/privkey.pem; # managed by Certbot location / { proxy_pass; } location /nextcloud { proxy_pass; } } server { if ($host = Xxx.xxx.xxx) { return 301 https://$host$request_uri; } # managed by Certbot listen 80 default_server; listen [::]:80; server_name Xxx.xxx.xxx; proxy_buffering off; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection… Read more »

1 year ago

wow this is amazing! thank you m

Would love your thoughts, please comment.x