Skip to content

Deployment Overview of Nextcloud on Server

Prerequisites and Basic Requirements

To successfully deploy the Nextcloud application with OnlyOffice integration, the target server must meet the following requirements:

  • Operating System: Linux-based server with Docker and Docker Compose installed.

  • Privileges: Root access or sudo privileges are required to manage system services, create volumes, and configure the firewall.

  • Firewall Configuration: The server firewall must allow incoming traffic on specific TCP ports. The deployment script configures rules for:

    • Port 80 (HTTP)

    • Port 443 (HTTPS)

    • Port 22 (SSH - required for system access)

  • Domain: A fully qualified domain name (FQDN) must be resolvable to the server's IP address to handle SSL certificate generation via Certbot.

FQDN of the Final Panel

The application is accessible via the hostkey.in domain using a specific prefix and server identifier. The standard format for the FQDN is:

nextcloud<ServerID>.hostkey.in

  • Protocol: HTTPS

  • Port: 443

  • Example: nextcloud123.hostkey.in

Note: The deployment script automatically configures the system to redirect HTTP traffic (Port 80) to HTTPS (Port 443).

File and Directory Structure

The deployment organizes configuration files, certificates, and application data into the following directories:

  • Application Configuration and Scripts:

    • /opt/nextcloud/: Contains the Docker Compose file, configuration scripts, and PHP settings.

      • /opt/nextcloud/compose.yml: The primary Docker Compose definition.

      • /opt/nextcloud/set_configuration.sh: The initialization script for Nextcloud settings and OnlyOffice integration.

      • /opt/nextcloud/www.conf, /opt/nextcloud/fpm.conf, /opt/nextcloud/php.ini: PHP-FPM and runtime configurations.

  • Nginx Configuration:

    • /opt/nginx/: Contains the main Nginx configuration and environment files.

      • /opt/nginx/nginx.conf: The main Nginx configuration file.

      • /opt/nginx/nginx-certbot.env: Environment variables for the Certbot service.

      • /opt/nginx/user_conf.d/: Directory for user-specific server configurations.

        • /opt/nginx/user_conf.d/<final_domain>.conf: The specific server block configuration for the deployed domain.

  • Data Storage:

    • Nextcloud application data is stored in a Docker volume named app_data by default. If a custom path is defined during deployment, it maps to the specified directory on the host (e.g., /opt/nextcloud_data).

    • Database data is stored in the db_data Docker volume.

    • OnlyOffice data is stored in the document_data volume.

    • OnlyOffice logs are stored in the document_log volume.

    • SSL certificates are stored in the nginx_secrets volume, mapped to /etc/letsencrypt inside the Nginx container.

Application Installation Process

The application is deployed using Docker Compose, which orchestrates multiple containers to run the Nextcloud stack, the PostgreSQL database, Redis, OnlyOffice Document Server, and the Nginx proxy.

The deployment performs the following steps:

  1. Directory Creation: Creates necessary directories for configuration files and data paths.

  2. Volume Initialization: Creates the following Docker volumes if they do not already exist:

    • app_data

    • db_data

    • document_data

    • document_log

    • nginx_secrets

  3. Service Launch: Executes docker compose up -d from the /opt/nextcloud directory to start all services.

  4. SSL Certificate Provisioning: The deployment triggers Certbot within the Nginx container to obtain or renew an SSL certificate for the domain using the webroot challenge.

  5. Configuration Initialization: Runs the set_configuration.sh script to:

    • Initialize the Nextcloud database and admin account.

    • Configure trusted domains.

    • Install and configure the OnlyOffice app within Nextcloud.

  6. Database Optimization: Executes specific Nextcloud commands to add missing database indices and columns.

The Docker Compose file specifies the following images:

  • postgres:alpine

  • redis:alpine

  • nextcloud:fpm

  • onlyoffice/documentserver:latest

  • jonasal/nginx-certbot:latest

Docker Containers and Their Deployment

The deployment utilizes the following containers defined in /opt/nextcloud/compose.yml:

  • db

    • Image: postgres:alpine

    • Purpose: Hosts the PostgreSQL database.

    • Environment: Configured with database name nextcloud and user nextcloud.

    • Volume: Mounts db_data to /var/lib/postgresql/data.

    • Ports: Exposes 5432 internally.

  • redis

    • Image: redis:alpine

    • Purpose: Caching layer for Nextcloud.

    • Ports: No ports exposed externally.

  • app (Container Name: app-server)

    • Image: nextcloud:fpm

    • Purpose: The core Nextcloud PHP-FPM application.

    • Environment: Connects to db and redis services. Configures OVERWRITEHOST, OVERWRITEPROTOCOL, and OVERWRITECLIURL.

    • Volumes: Mounts app_data (or a custom host path) to /var/www/html and maps local PHP configuration files.

    • Ports: Exposes 80 and 9000 internally.

  • onlyoffice-document-server

    • Image: onlyoffice/documentserver:latest

    • Purpose: Provides document editing capabilities.

    • Volumes: Mounts document_data to /var/www/onlyoffice/Data and document_log to /var/log/onlyoffice.

    • Ports: Exposes 80 and 443 internally.

  • nginx (Container Name: nginx-certbot)

    • Image: jonasal/nginx-certbot:latest

    • Purpose: Acts as a reverse proxy and handles SSL termination via Certbot.

    • Ports: Maps host ports 80 and 443 to the container.

    • Volumes: Mounts nginx_secrets for certificates, the application data volume, and the user configuration directory.

Proxy Servers

The system uses Nginx as the reverse proxy and SSL termination point.

  • Image: jonasal/nginx-certbot:latest

  • Configuration:

    • Main Config: /opt/nginx/nginx.conf

    • User Config: /opt/nginx/user_conf.d/<final_domain>.conf

  • SSL Handling:

    • The Nginx container automatically obtains and renews SSL certificates using Certbot.

    • Certificates are stored in /etc/letsencrypt/live/<final_domain>/ inside the container.

    • The configuration enforces HTTPS redirection (HTTP returns a 301 redirect to HTTPS).

    • Security headers such as Strict-Transport-Security, X-Frame-Options, and X-Content-Type-Options are added by default.

  • Routing:

    • Requests to / are proxied to the app container (Nextcloud).

    • Requests to /ds-vpath/ are proxied to the onlyoffice-document-server container.

Databases

  • Database Type: PostgreSQL

  • Container: db

  • Storage Location: Docker volume db_data mapped to /var/lib/postgresql/data.

  • Connection Details:

    • Host: db (internal Docker network hostname)

    • Port: 5432

    • Database Name: nextcloud

    • User: nextcloud

    • Password: Defined in the deployment variables (accessible via nextcloud_admin_pwd).

Access Rights and Security

  • Firewall Rules:

    • If firewalld is present, ports 80 and 443 are enabled in the public zone.

    • If ufw is present, ports 22, 80, and 443 are enabled.

  • Container Security:

    • The Nginx configuration includes security headers to prevent common web vulnerabilities.

    • Access to sensitive directories within the Nextcloud application (e.g., /build, /tests, /config, /lib, /3rdparty, /templates, /data) is denied by Nginx.

    • Access to specific paths starting with ., autotest, occ, issue, indie, db_, and console is denied.

  • File Permissions:

    • Configuration directories (/opt/nextcloud, /opt/nginx) are owned by root with mode 0640 or 0755.

    • The Docker containers run with default user permissions as defined by the images (Nextcloud app runs as www-data inside the container).

Available Ports for Connection

The following ports are configured on the server for external access:

Port Protocol Service Description
80 TCP Nginx HTTP traffic (redirects to HTTPS)
443 TCP Nginx HTTPS traffic (main access)
22 TCP SSH System administration

Internal ports exposed by containers (not accessible directly from the host firewall):

  • 5432: PostgreSQL

  • 80, 9000: Nextcloud FPM

  • 80, 443: OnlyOffice Document Server

Starting, Stopping, and Updating

The entire stack is managed via Docker Compose located in /opt/nextcloud.

  • Start the Stack: 

    cd /opt/nextcloud
docker compose up -d

  • Stop the Stack: 

    cd /opt/nextcloud
docker compose down

  • Restart the Stack: 

    cd /opt/nextcloud
docker compose restart

  • Update Images: To pull the latest versions of the container images and restart the services: 

    cd /opt/nextcloud
docker compose pull
docker compose up -d

  • View Logs: 

    docker logs -f app-server
docker logs -f nginx-certbot

Note: After updating or restarting, the set_configuration.sh script may need to be re-run manually if database schema changes require migration, although standard updates usually handle this automatically upon container startup.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×