Recently I moved my Nextcloud and Collabora installations over to Docker containers. Here I explain the process from pulling and starting the containers to configuring the reverse proxies using NGINX.
You’ll need to have Docker installed on your host machine. Also, you’ll need a web server to handle the reverse proxy requests. I’m using NGINX here.
Nextcloud container
The Nextcloud Docker image can be source from Docker Hub here – https://hub.docker.com/_/nextcloud/ – scroll down to the Running this image with Docker Compose heading.
Below is my files structure where I keep the docker compose file:
~/Sites/nextcloud
- docker-compose.yml
You will want to change the port number in the docker-compose file to an available port on your server. Also, update passwords or decide whether to store them in a file using Docker secrets. Then from here it’s just a simple case of running:
$ docker-compose up -d
...
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
94e717c242b2 nextcloud "/entrypoint.sh ap..." 2 seconds ago Up 2 seconds 0.0.0.0:8015->80/tcp nextcloud_app_1
6d292cee74f1 mariadb:10.2.33 "docker-entrypoint..." 2 seconds ago Up 2 seconds 3306/tcp nextcloud_db_1
Notice I’m using post 8015 as this was available on my server. So if I go to http://mydomain.com:8015 I can see the install screen for Nextcloud.
Installing Collabora container
Nextcloud doesn’t handle office document natively, so you need to setup a Collabora server to allow editing of office documents. Collabora provides an online office suite service that enable you to access documents, author new content and work collaboratively on document files (Word, Excel etc).
The Collabora image can be found here – https://hub.docker.com/r/collabora/code
Below is the command to pull and start the Collabora container:
$ sudo docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=nextcloud\.martyn\.biz' --restart always --cap-add MKNOD collabora/code
Configuring Nginx reverse proxy
A common configuration these days is to have Nginx reverse proxy for Apache that uses Nginx as front end, and Apache as back end. Nginx, doing what it does best, handles the incoming request from the browser and passes it to the apache backend, which is better for handling the dynamic processing of PHP, etc.
Below is the reverse proxy configuration for the Nextcloud container:
server {
server_name nextcloud.mydomain.com;
index index.html;
location / {
proxy_pass http://localhost:8015/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
client_max_body_size 0;
access_log /var/log/nginx/nextcloud.access.log;
error_log /var/log/nginx/nextcloud.error.log;
}
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
listen [::]:443 ssl http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/nextcloud.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/nextcloud.mydomain.com/privkey.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/nextcloud.mydomain.com/chain.pem;
}
server {
if ($host = nextcloud.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name nextcloud.mydomain.com;
return 404; # managed by Certbot
}
And we need to do another configuration file for the Collabora container. Here is mine taken from the Collabora docs – https://www.collaboraoffice.com/code/nginx-reverse-proxy/
server {
listen 443 ssl;
server_name office.mydomain.com;
ssl_certificate /etc/letsencrypt/live/office.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/office.mydomain.com/privkey.pem; # managed by Certbot
# static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
You’ll need to configure your own certificates. I used Certbot to generate the certificates from Let’s Encrypt.
Then we reload the server:
$ sudo service nginx reload
So now, we can go to nextcloud.mydomain.com and continue with the installation using the database credentials from the docker-compose.yml file.
You’ll need to update the Collabora server URL to office.mydomain.com (or whatever server_name is set to in the config file) within Nextcloud settings. Then, you should be able to create, edit and collaborate documents within Files.