I have successfully installed Nextcloud 15 on Ubuntu server 16.04 from scratch.
It works fine since a few weeks but I think docker is better for maintenance and I would like to migrate my existing installation to docker.
As I’m new to docker I would get some advices before trying to achieve this. I have already created some singularity containers to help students and I’m quite familiar with Linux administration but I don’t know docker…
I would like to migrate my whole installation to a docker container (Ubuntu, Apache, Php, MySQL and Nextcloud) but I don’t know where to start for my particular config… even if I had read this :
https://github.com/nextcloud/docker
I’ll try to give you as much informations as I can about my installation but feel free to ask more if something is missing.
First you have to know that there is no data physically on the server,
everything is stored in non-Amazon s3 containers, including the primary storage
.
My Linux distro is Ubuntu server 16.04 with the following packages :
I use PHP-FPM
Here is my Nextcloud config (only the beginning but I can post the whole file if you think it could be relevant) :
"system": {
"objectstore": {
"class": "OC\\Files\\ObjectStore\\S3",
"arguments": {
"bucket": "nextcloud-primary",
"autocreate": true,
"key": "xxxxx",
"secret": "xxxxx",
"hostname": "storage.provider.tld",
"use_ssl": true,
"use_path_style": true
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"nextcloud.mydomain.tld"
"datadirectory": "\/var\/www\/nextcloud\/data",
"dbtype": "mysql",
"version": "15.0.2.0",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379
And this is my apache vhost
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName nextcloud.mydomain.tld
DocumentRoot /var/www/nextcloud
# HTTP2
Protocols h2 h2c http/1.1
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always set Referrer-Policy "no-referrer"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
SSLCertificateFile /etc/letsencrypt/live/nextcloud.mydomain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.mydomain.tld/privkey.pem
SSLEngine on
SSLProtocol all -TLSv1 -TLSv1.1 -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
</VirtualHost>
</IfModule>
Any help would be appreciated.
Regards
whole installation to a docker container (Ubuntu, Apache, Php, MySQL and Nextcloud)
ähm. all in one container? no. that’s possible. but not docker style.
don’t know where to start
docker tutorial.
GitHub
that will give you a running setup. and you can learn how docker is working.portainer.io ) do the following:
git clone https://github.com/ReinerNippes/nextcloud_on_docker
cd nextcloud_on_docker
git checkout portainer
vim inventory
ansible-playbook nextdocker.yml
the branch portainer was created today. i wnat to test it a bit more. that’s why i didn’t merge it yet.
stored in non-Amazon s3 containers
i would make a copy of the data to a second bucket. like a backup.rclone.org . could be helpful.
“objectstore”: { … }
let me know if it’s working and i will intergrate it in my playbook.
My Linux distro is Ubuntu server
leave this behind. welcome to dockerland. it will run on centos, debian, ubuntu, … but you won’t care.
you need:
let’s encrypt certificate for nextcloud.mydomain.tld
in my setup traefik will handle this for you. just set the nextcloud_server_fqdn variable in the inventory.
“instanceid”: “REMOVED SENSITIVE VALUE
in the nextcloud data folder you’ll a folder appdata_REMOVED SENSITIVE VALUE
this will import your mysql dump into the container mysql db:
docker exec -i nextcloud-db mysql -unextcloud -p<password> nextcloud < data.sql
unless you changed db name and/or user in the inventory.
Thank you for all this informations, I’m little bit more aware of Docker usage now.
Before you answered my post I have successfully setup a Nextcloud instance with docker-compose on a nexttest.yourdomain.tld machine for testing using this : https://github.com/nextcloud/docker/tree/master/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm
What do you think about that ? What is the difference and the pros and cons compared to your solution ?
my playbook uses traefik as a reverse proxy handling letsencrypt and all security settings.
my playbook can remove all containers (-e state=absent) and reinstall.
if you want another application you just copy one of the files in dockercontainer and editthe main.yml there. (imho the ansible stuff is pretty simple to understand.)
my playbook installs docker and setup the os.
ready to login your nextcloud in 15-20 minutes. after launch of the server.
using cloud-init in the folder cloud-stuff you launch hundreds of nextclouds within minutes.
each server/service in one container. web-server, php, database and nextcloud = 4 container. if one image (service) get’s an update it will be replaced and you don’t need to worry about the other services.
Yes, in fact that’s what I meant…
have a look at rclone.org . could be helpful.
Yes, I’m already using this software and I never do anything before making a backup. Backup is life.
and just copy the objectstore definition to the new config.php
How to do that ? How can I modify a file into the Nextcloud container ? And how this modification will be persistent ? See related questions at the end of the post.
let me know if it’s working and i will intergrate it in my playbook.
You’ll be the first to know
leave this behind. welcome to dockerland. it will run on centos, debian, ubuntu, … but you won’t care.
Yes, that’s why I want to migrate to docker.
if you copy the data files from your nc installation to the new one make sure that the ID in the folder name is the same as in the config.php
Again, how do I make a copy ? What is the command line ?
this will import your mysql dump into the container mysql db:
docker exec -i nextcloud-db mysql -unextcloud -p<password> nextcloud < data.sql
I like it when there is a command line, this step is very clear.
Well, here are the pending questions for me when using your containers :
How do I backup the containers (containers themselves, data, database, webserver config, certificates, etc…)
the example is using docker volumes instead of directories in the hosts filesystem.
Could you explain ?
Thanks for your patience
# Make sure nextcloud is enabled when we are done
trap "sudo -u www-data nextcloud php occ maintenance:mode --off" EXIT
# set nextcloud to maintenance mode
sudo -u www-data nextcloud php occ maintenance:mode --on
# backup the database
sudo docker exec -t nextcloud-db mysqldump --single-transaction -h localhost -u nextcloud -p{{ nc_db_passwd }} nextcloud > /opt/nextcloud/database_dump/db_postgres_nextcloud.sql
# backup the data dir
/usr/local/bin/restic backup /opt/nextcloud --exclude /opt/nextcloud/database
# turn maintenance mode off
sudo -u www-data nextcloud php occ maintenance:mode --off
# delete trap
trap "" EXIT
# clean up backup dir
/usr/local/bin/restic forget --keep-daily 7 --keep-weekly 5 --keep-monthly 12 --keep-yearly 75
you have to edit the two restic parameter at the beginning and the database password.
and - if you want - you have make a backup of the s3 bucket. either your provider offers something equivalent to aws or it can be done with rclone.
restore a single file: i don’t know. i have no experience with s3 as primary storage.here and here
restore everything:sudo -u www-data nextcloud php occ maintenance:mode --on
restic restore /opt/nextcloud # look at the restic homepage howto do this
well. you’ll do this when you migrate to docker. so you’ll know if it’s working.
in the nextcloud data folder you’ll a folder appdata_ REMOVED SENSITIVE VALUE
Are you talking about ‘/opt/nextcloud/www/data’ or ‘/opt/nextcloud/data’ ?
in the nextcloud data folder you’ll a folder appdata_ REMOVED SENSITIVE VALUE
This folder doesn’t exist in my Nextcloud source data folder, maybe because I’m using a s3 bucket as primary storage ?
ls -l /var/www/nextcloud/data/
total 12468
-rw-r--r-- 1 www-data www-data 0 janv. 26 21:41 index.html
-rw-r----- 1 www-data www-data 12729189 févr. 3 18:40 nextcloud.log
-rw-r--r-- 1 www-data www-data 28150 janv. 26 21:40 updater.log
drwxr-xr-x 4 www-data www-data 4096 janv. 26 21:41 updater-xxxxxxxxx
Assuming ‘/opt/nextcloud/data’ is the folder you’re talking about I’ll try to copy the content of my Nextcloud source data folder to ‘/opt/nextcloud/data/’ but how to keep or set the user and group to 82 after the copy ?
ls -l /opt/nextcloud/
total 24
drwxr-xr-x 2 82 82 4096 Feb 3 18:12 config
drwxrwx--- 5 82 82 4096 Feb 3 18:15 data
drwx------ 5 mysql mysql 4096 Feb 3 18:11 database
drwx------ 2 myuser myuser 4096 Feb 3 18:17 secrets
drwxr-x--- 2 root myuser 4096 Feb 3 18:10 traefik
drwxr-xr-x 15 82 root 4096 Feb 3 18:12 www
Are you talking about '/opt/nextcloud/www/config/config.php ’ or ‘/opt/nextcloud/config/config.php’ ?
Another question : Should I stop the containers before copying files ?
/opt/nextcloud/config/config.php is mapped to the container /var/www/html/config/config.php
/opt/nextcloud/www/config is empty on my machine.
chown 82 will change the ownership of the files. (it should be www-data. i have to correct this in a future version of the playbook. you do this with useradd --disabled-login --no-create-home --system --uid 82 www-data as well.)
i would stop the nextcloud container, edit the config.php and import the database dump. and restart the container. just rerun my playbook to do so. or try using portainer.
the mapping of the host directories to container ones you’ll find here:github.com
group: "{{ 82 if ( 'fpm' in docker_nextcloud_image ) else 33 }}"
mode: 0644
- name: "{{ 'Create' if (state is undefined or 'absent' not in state) else 'Terminate' }} the nextcloud container"
docker_container:
name: nextcloud
image: nextcloud:{{ docker_nextcloud_image | default('latest') }}
restart_policy: always
networks: "{{ nextcloud_networks['nginx' if ( 'fpm' in docker_nextcloud_image ) else 'apache'] }}"
links: "{{ nextcloud_db_link[nextcloud_db_type] | default(omit) }}"
volumes:
- "{{ nextcloud_www_dir }}:/var/www/html"
- "{{ nextcloud_config_dir }}:/var/www/html/config"
- "{{ nextcloud_data_dir }}:{{ nextcloud_container_data_dir }}"
- "{{ nextcloud_config_dir }}/php.ini:/usr/local/etc/php/php.ini"
labels:
"{{ nextcloud_traefik_label['nginx' if ( 'fpm' in docker_nextcloud_image ) else 'apache'] }}"
state: "{{ state | default('started') }}"
register: docker_result
- name: wait for nextcloud container to come up
# Some common variables used in more then one roles
nextcloud_base_dir: /opt/nextcloud
nextcloud_credential_store: "{{ nextcloud_base_dir }}/secrets"
nextcloud_data_dir: "{{ nextcloud_base_dir }}/data"
nextcloud_www_dir: "{{ nextcloud_base_dir }}/www"
nextcloud_config_dir: "{{ nextcloud_base_dir }}/config"
nextcloud_database_dir: "{{ nextcloud_base_dir }}/database"
traefik_config_dir: "{{ nextcloud_base_dir }}/traefik"
nextcloud_container_data_dir: /var/nc-data
I would use composer (installed through python-pip), with an nginx-proxy setup. To me it is the easiest way to go. Create the core installation and then modify to access your S3 storage as primary.
I have offered free live help here but no one seems to be interested or are scared of a scammer, go figure. But if you’d like to reach me, I am currently online (Until 7PM CST).
NextUser: