====== Nextcloud on Synology DSM 7.2 ======
===== Assets =====
* Synology DiskStation DS716+II with 8GB RAM installed and running DSM 7.2
* Linux Web Server running Debian 12
===== Linux Web Server =====
We need to install a reverse proxy on the machine exposed to the internet to access Nextcloud.
- Follow the [[https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#1-configure-the-reverse-proxy|Reverse Proxy Documentation]] and expand the "Apache" instructions
- Create a subdomain for your domain, for example "cloud.yourdomain.com". The VirtualHost definition should look like this:
ServerName
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{SERVER_NAME} =
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
ServerName
ServerAdmin you@yourdomain.com
php_value date.timezone "your/timezone"
ErrorLog ${APACHE_LOG_DIR}/nc-error.log
CustomLog ${APACHE_LOG_DIR}/nc-access.log combined
# Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
RewriteEngine On
ProxyPreserveHost On
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
AllowEncodedSlashes NoDecode
# Adjust the two lines below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
ProxyPass / http://your.nas.ip.addr:11000/ nocanon
ProxyPassReverse / http://your.nas.ip.addr:11000/
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
RewriteRule .? "ws://your.nas.ip.addr:11000/%1" [P,L,UnsafeAllow3F] # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
# Enable h2, h2c and http1.1
Protocols h2 h2c http/1.1
# Solves slow upload speeds caused by http2
H2WindowSize 5242880
# TLS
SSLEngine on
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLSessionTickets off
# If running apache on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine,
# the in the below lines should be replaced with just the domain (eg. example.com), not the subdomain.
# In this case the subdomain should already be secured without additional actions
SSLCertificateFile /etc/letsencrypt/live/cloud.yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.yourdomain.com/privkey.pem
# Disable HTTP TRACE method.
TraceEnable off
Require all denied
# Support big file uploads
LimitRequestBody 0
Timeout 86400
ProxyTimeout 86400
- Enable HTTP/2:sudo a2enmod http2
systemctl restart apache2
===== Installation =====
- Follow the detailed instructions in [[https://github.com/nextcloud/all-in-one?tab=readme-ov-file#user-content-nextcloud-all-in-one|Nextcloud All-in-One]]
- Specific instructions for the reverse proxy are in the [[https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#user-content-introduction|Reverse Proxy Documentation]]
- SSH into your NAS and find the API version of your docker instance:sudo docker version
- Find the //API version// from the output and add it to the environment of the docker run command, in this example //1.43//, with ''--env DOCKER_API_VERSION=1.43''
- SSH into your NAS and run the following command:sudo docker run \
--init \
--sig-proxy=false \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 8080:8080 \
--env DOCKER_API_VERSION=1.43 \
--env APACHE_PORT=11000 \
--env APACHE_IP_BINDING=0.0.0.0 \
--env APACHE_ADDITIONAL_NETWORK="" \
--env SKIP_DOMAIN_VALIDATION=false \
--env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data" \
--env NEXTCLOUD_MOUNT="/volume1/" \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
ghcr.io/nextcloud-releases/all-in-one:latest
- **WARNING:** do not point **NEXTCLOUD_DATADIR** to /volume1, as nextcloud will change ownership and permissions of the folder indicated here and break the entire functionality of your NAS. Instead, add **NEXTCLOUD_MOUNT** to later be able to access shared folders.
- If you need to change any of the options above including environment variables after your first setup of Nextcloud AIO do the following:
- Stop the ''nextcloud-aio-mastercontainer'' in //Container Manager// of your Synology DSM
- Remove the ''nextcloud-aio-mastercontainer'' in //Container Manager//, but not any other container
- SSH into your NAS and execute the original //docker run// command with the changed options
- Log back into //Nextcloud AIO//, stop and then start again all Containers from within //Nextcloud AIO//
===== Nextcloud AIO Configuration =====
* When done, open a web browser and point it to ''https://your.nas.ip.addr:8080'' and follow the on-screen instructions in //Nextcloud AIO// to setup all related Nextcloud containers
* Select //Whiteboard//, de-select all other containers
* Select "Nextcloud Hub 25 Autumn" and start the installation
* Note that it will take time to download, install, and start all related containers
===== NextCloud Configuration =====
* Login to NextCloud as default ''admin'', take the temporary password from the nextcloud-aio interface
* Create a new user with admin permissions and disable the default ''admin''
* Enable TOTP for all users in //Personal Settings --> Personal (left pane) --> Security//
* Set Email SMTP in //Administration Settings --> Administration (left pane) --> Basic Settings//
* Enforce two-factor authentication in //Administration Settings --> Administration (left pane) --> Security//
* Check //Administration Settings --> Administration (left pane) --> Overview// for //Security and setup warnings//
* Login to DSM with SSH and add the php config variable at ''/volume1/@docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php''
* Enable //External Storage app//
* Check logs and health of running containers: SSH into DSM, then:sudo docker ps
sudo docker logs -f nextcloud-aio-mastercontainer
sudo docker logs -f nextcloud-aio-apache
* If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening ''https://yourdomain.tld/settings/admin/overview'' which will show a button on top that enables you to log in to the AIO interface by just clicking on this button.
==== If you are re-installing Nextcloud without backup ====
* Uninstall the client and then delete the following folders:C:\Users\yourwindowsusername\Nextcloud"
C:\Users\yourwindowsusername\AppData\Local\Nextcloud
C:\Users\yourwindowsusername\AppData\Roaming\Nextcloud
* If you synced external storage, remove the hidden files (starting with a ''.'') in each folder which was synced, e.g. ''.nextcloudsync.log'', ''.sync-exclude.lst'', ''.sync_*.db*''
===== Log file =====
* Login to the nextcloud instancesudo docker exec -it nextcloud-aio-nextcloud bash
* Config file:vi /var/www/html/config/config.php
* Log file:vi /var/www/html/data/nextcloud.log
* Truncate log file:sudo -u www-data truncate /var/www/html/data/nextcloud.log --size 0
===== Security & setup warnings =====
==== Mimetype migration ====
* Login to NextCloud CLIsudo docker exec -it nextcloud-aio-nextcloud bash
* Then executesudo -E -u www-data php occ maintenance:repair --include-expensive
==== Email ====
* Enter your email SMTP credentials
==== Default Phone Region ====
* Set the default phone region with:sudo docker exec -it nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="XX"
===== Attach external storage =====
- If your latest version of files is already on the server: remove all files from your desktop
- If your latest version of files is on your desktop: remove all files from the server
- Login to Nextcloud and enable //External storage support// in //Profile --> Apps --> Disabled apps//
- Go to //Adminstration settings --> External storage// and add the path to external storage:
* Folder name: the name identify this storage from the client
* External storage: Local
* Authentication: None
* Configuration: path to the external storage volume. On Synology this would be /volume1/.
* Available for:
- Open your Nextcloud client, then go to //Profile --> Settings//
- Click //Add Folder Sync Connection//, enter the local path to your folder to sync, then select the Folder name you set when you added the external storage
- Remove the preset Folder Sync Connection in your client
==== Links ====
* [[https://www.youtube.com/watch?v=hl1SpXwG1PI&t=5s|Add External Storage On Your Nextcloud: Complete Setup Guide!]]
===== Links =====
* [[https://github.com/nextcloud/all-in-one?tab=readme-ov-file|Nextcloud All-in-One]]
* [[https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md|Reverse Proxy Documentation]]
* [[https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host|How to allow the Nextcloud container to access directories on the host?]]
* [[https://github.com/nextcloud/all-in-one/releases/tag/v12.1.4|Nextcloud-AIO Release v12.1.4]]
* [[https://www.wundertech.net/how-to-install-portainer-on-a-synology-nas/|How to Install Portainer on a Synology NAS]]
* [[https://www.youtube.com/watch?v=V1tA858WiKw|How to Set Up Nextcloud on a Synology NAS! (Tutorial)]]