TurnKey Linux’ Nextcloud container on Proxmox

Here is an update : Nextcloud Docker container

I have been using Nextcloud since 2017 on my Unraid server using the Linuxserver Docker image. It works, but I have a major issue with it. I could not get my instance of Nextcloud upgraded to the latest stable. I started with version 12 and got it upgraded to version 14. Version 14 is the highest I can get my Nextcloud instance. Usually, upgrading the Linuxserver Docker containers is a matter of pulling a new image. However, the Nextcloud image is an exception. The Nextcloud image needs to be upgraded within the container. Here is the thread from Unraid forum in regards to upgrading the Linuxserver Nextcloud Docker container.

I am switching my Nextcloud instance from Linuxserver Nextcloud Docker image to TurnKey Linux Nextcloud LXC container. I will be using NFS from my NAS for the /data as shown in Figure 1. I also need to expose my Nextcloud to the Internet so that I can access my server anywhere. This is going to be behind an NGINX reverse proxy.

I am assuming that you have the following services in placed.

• A reverse-proxy server such an NGINX
• Valid certificate (Lets Encrypt)
• A domain

Since I am going to be using my NAS to store my Nextcloud data as shown in Figure 1, I need to add the NFS share to Proxmox, so that the LXC can mount the bind point. The steps below are the things I am going to implement to accomplish my goal.

1. Add the NFS share as a storage in Proxmox
2. Download the TurnKey Linux Nextcloud template
3. Create the Nextcloud container using the TurnKey Linux Nextcloud template
4. Modify the container’s <container-id>.conf file to bind the mount point
5. Setup the NGINX server block
6. Adjust the PHP file based on my settings
7. Configure Nextcloud
8. Create a new admin account

Let’s go through the laundry list above. We are going to do this in order from 1 through 8.

1. Login to Proxmox web UI and navigate to Datacenter > Storage
2. Click Add then select NFS
   1. In the ID field, give the storage that can be easily identify
   2. In the Server field, enter the IP address of the NFS server
   3. In the Export field, enter the absolute path of the NFS export
   4. In the Content field, deselect the Disk Image and select the Container

Let’s download the TKL Nextcloud template using the Proxmox web UI

1. Expand your PVE node and navigate to the storage where you keep the container templates/ISO
2. Select Content then Templates
3. Search for “nextcloud“
4. Select the turnkey-nextcloud
5. Click Download

Once the template has been downloaded, we can create the Nextcloud container.

• Click on the button in the upper right corner Create CT
  1. Make sure under the General tab, the Unprivileged is marked as shown in Figure 4
  2. Click Next
  3. Under the Template tab, select the storage where we downloaded the TKL Nextcloud template
  4. Find the debian-10-turnkey-nextcloud_16.0-1_amd64.tar.gz and select it
  5. Click Next when done
  6. Under the Root Disk tab, adjust based on your parameters
  7. Click Next
  8. Under the CPU and Memory tabs, set it based on your needs
  9. Click Next
  10. Under the Network tab, configure your network based on your environment
  11. Click Next
  12. Under the Confirm tab, do not select Start after created box
  13. Click Finish

Before starting the container, we need to modify the LXC container .conf file that is located in /etc/pve/lxc/. Navigate to PVE node and select Shell to access the node’s terminal. Before modifying the .conf file, we need to get the path of the NFS export we added earlier. Navigate to the directory /etc/pve/ and cat the storage.cfg.

# Navigate to where the storage.cfg is
cd /etc/pve/

# We need to find the ID  and its path. This will print 
# the information we need which is the path 
# "/mnt/pve/tower_cloud"
grep "tower_cloud" storage.cfg -A 4

Once we get the path to the NFS storage, we need to modify the Nextcloud container .conf file. The .conf file is located in /etc/pve/lxc/. We need to add a line to the .conf file. However, we need to identify which one is our Nextcloud container. Each container in /etc/pve/lxc/ is labeled by its CT ID. So back to Figure 4, my CT ID is 109. Therefore, the file that I need to edit is the 109.conf.

My NFS export is /mnt/user/Cloud from my NAS. However, my target directory is a subdirectory in my NFS export which is /mnt/user/Cloud/nextcloud_lxc. Therefore, I added the subfolder to my path.

# To add the mountpoint to the 109.conf
# pct set <ct-id> --mp0 <source-path>,mp=<destination-path>
pct set 109 --mp0 /mnt/pve/tower_cloud/nextcloud_lxc,mp=/var/www/nextcloud/data

Now that the NFS storage has been mounted we can start working on the Nextcloud container. Before powering on the Nextcloud container, we need to configure our NGINX to point it to our subdomain.

I am using NGINX as my reverse-proxy so that I can access my resources securely from outside of my network. Below is the server block.

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app nextcloud;
        set $upstream_port 443;
        set $upstream_proto https;
        proxy_pass https://10.0.7.21/;

        proxy_max_temp_file_size 2048m;
    }
}

Now, we need to power on the Nextcloud TurnKey container. Navigate to CT’s Console and login as root user.

1. Enter the MySQL password for Adminer which is the frontend for MySQL
2. Enter the password for the Nextcloud admin account
3. Enter the domain
4. It is up to you if you want to use the TKL services, but I skipped mine
5. It is up to you if you want TKL notifications. I skipped mine
6. Install the security updates
7. The page is the appliance services. Do not go to http://<ip-address> yet to initialize Nextcloud. Click on Advanced Menu
8. Select Quit to enter the terminal

Once we are in the terminal, navigate to /var/www/nextcloud/config/. Just in case, make a backup of the config.php.

cd /var/www/nextcloud/config/

# Make a backup of config.php
cp config.php config.php.bak

Now we need to edit the config.php file. We need to replace and add couple of lines. Adjust the value based on your use case.

• Replace the line 0 => 'localhost' with the correct IP address 0 => '10.0.7.21'
• Replace the line 'overwrite.cli.url' => 'http://localhost', with your own domain'overwrite.cli.url' => 'https://nextcloud.networkshinobi.com',
• Add the following line: 'overwritehost' => 'nextcloud.networkshinobi.com',
• Add the following line: 'overwriteprotocol' => 'https',

The config.php file should look something similar to below

<?php
$CONFIG = array (
  'passwordsalt' => 'OPIju1935706jhaliuoiejlo*&po;',
  'secret' => '79df369621cafe8e85ba7a8cf6d794asdi23498uoidhjaoic01ae333f3cfe176198uwke42,
  'trusted_domains' => 
  array (
    0 => 'localhost',
1 => 'nextcloud.networkshinobi.com',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '18.0.4.2',
  'overwrite.cli.url' => 'https://nextcloud.networkshinobi.com',
  'overwritehost' => 'nextcloud.networkshinobi.com',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'Ohnskie2aaasljeoia87be3ak74sy8732qydiuhf',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
    'timeout' => 0.0,
  ),
  'filelocking.enabled' => true,
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'instanceid' => '92fa8123425269u',
);

In addition to editing the config.php file, we need to change the owner of the nextcloud directory and add the .ocdata to the data directory.

• Make sure to add the file .ocdata in the root of the NFS share; otherwise, you will get an error as shown in Figure 20.
• Change the owner of the directory /var/www/nextcloud to www-data

# Add the .ocdata file in the root of the data directory
touch /var/www/nextcloud/data/.ocdata

# Change the directory owner
chown -R www-data:www-data /var/www/nextcloud

At this point, the Nextcloud LXC container should be configured. Open a web-browser and navigate to the IP address or the subdomain of the LXC container. If everything goes well, you should get the login prompt. Login to Nextcloud using the “admin” account that was created in Figure 13.

1. We will create a new admin
2. Delete the TKL admin account

Let’s create a new admin account. Login to the nextcloud web UI. https://<sub.domain.com> using the TKL admin account. Then navigate to upper right corner and click on the admin account. Click on Users.

Click on New user and give it a new name and a password. Make sure that select admin from the group to add the new user to the admin group. When done, click on the blue button then logout.

Login as the new admin. Then go back to the new admin account then select Users. From here, delete the original admin account as shown in Figure 22 and start using the new admin account.

One last thing, the default timezone is UTC. There is nothing wrong about UTC and most system preferred UTC. If it bothers you, the command to change the timezone is dpkg-reconfigure tzdata.

That’s about it. Cheers!