Nextcloud on Synology DSM 7.2

• Synology DiskStation DS716+II with 8GB RAM installed and running DSM 7.2
• Linux Web Server running Debian 12

We need to install a reverse proxy on the machine exposed to the internet to access Nextcloud.

1. Follow the Reverse Proxy Documentation and expand the “Apache” instructions
2. Create a subdomain for your domain, for example “cloud.yourdomain.com”. The VirtualHost definition should look like this:

   <VirtualHost *:80>
       ServerName <cloud.yourdomain.com>
   
       RewriteEngine On
       RewriteCond %{HTTPS} off
       RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
       RewriteCond %{SERVER_NAME} =<cloud.yourdomain.com>
       RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
   </VirtualHost>
   
   <VirtualHost *:443>
       ServerName <cloud.yourdomain.com>
       ServerAdmin you@yourdomain.com
       php_value date.timezone "your/timezone"
       ErrorLog ${APACHE_LOG_DIR}/nc-error.log
       CustomLog ${APACHE_LOG_DIR}/nc-access.log combined
   
       # Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
       RewriteEngine On
       ProxyPreserveHost On
       RequestHeader set X-Real-IP %{REMOTE_ADDR}s
       AllowEncodedSlashes NoDecode
       
       # Adjust the two lines below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
       ProxyPass / http://your.nas.ip.addr:11000/ nocanon
       ProxyPassReverse / http://your.nas.ip.addr:11000/
       
       RewriteCond %{HTTP:Upgrade} websocket [NC]
       RewriteCond %{HTTP:Connection} upgrade [NC]
       RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
       RewriteRule .? "ws://your.nas.ip.addr:11000/%1" [P,L,UnsafeAllow3F] # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
   
       # Enable h2, h2c and http1.1
       Protocols h2 h2c http/1.1
       
       # Solves slow upload speeds caused by http2
       H2WindowSize 5242880
   
       # TLS
       SSLEngine               on
       SSLProtocol             -all +TLSv1.2 +TLSv1.3
       SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
       SSLHonorCipherOrder     off
       SSLSessionTickets       off
   
       # If running apache on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine, 
       # the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain. 
       # In this case the subdomain should already be secured without additional actions
       SSLCertificateFile /etc/letsencrypt/live/cloud.yourdomain.com/fullchain.pem
       SSLCertificateKeyFile /etc/letsencrypt/live/cloud.yourdomain.com/privkey.pem
   
       # Disable HTTP TRACE method.
       TraceEnable off
       <Files ".ht*">
           Require all denied
       </Files>
   
       # Support big file uploads
       LimitRequestBody 0
       Timeout 86400
       ProxyTimeout 86400
   </VirtualHost>

3. Enable HTTP/2:

   sudo a2enmod http2
   systemctl restart apache2

1. Follow the detailed instructions in Nextcloud All-in-One
2. Specific instructions for the reverse proxy are in the Reverse Proxy Documentation
3. SSH into your NAS and find the API version of your docker instance:

   sudo docker version

4. Find the API version from the output and add it to the environment of the docker run command, in this example 1.43, with –env DOCKER_API_VERSION=1.43
5. SSH into your NAS and run the following command:

   sudo docker run \
   --init \
   --sig-proxy=false \
   --name nextcloud-aio-mastercontainer \
   --restart always \
   --publish 8080:8080 \
   --env DOCKER_API_VERSION=1.43 \
   --env APACHE_PORT=11000 \
   --env APACHE_IP_BINDING=0.0.0.0 \
   --env APACHE_ADDITIONAL_NETWORK="" \
   --env SKIP_DOMAIN_VALIDATION=false \
   --env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data" \
   --env NEXTCLOUD_MOUNT="/volume1/" \
   --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
   --volume /var/run/docker.sock:/var/run/docker.sock:ro \
   ghcr.io/nextcloud-releases/all-in-one:latest

6. WARNING: do not point NEXTCLOUD_DATADIR to /volume1, as nextcloud will change ownership and permissions of the folder indicated here and break the entire functionality of your NAS. Instead, add NEXTCLOUD_MOUNT to later be able to access shared folders.
7. If you need to change any of the options above including environment variables after your first setup of Nextcloud AIO do the following:
   1. Stop the nextcloud-aio-mastercontainer in Container Manager of your Synology DSM
   2. Remove the nextcloud-aio-mastercontainer in Container Manager, but not any other container
   3. SSH into your NAS and execute the original docker run command with the changed options
   4. Log back into Nextcloud AIO, stop and then start again all Containers from within Nextcloud AIO

• When done, open a web browser and point it to https://your.nas.ip.addr:8080 and follow the on-screen instructions in Nextcloud AIO to setup all related Nextcloud containers
• Select Whiteboard, de-select all other containers
• Select “Nextcloud Hub 25 Autumn” and start the installation
• Note that it will take time to download, install, and start all related containers

• Login to NextCloud as default admin, take the temporary password from the nextcloud-aio interface
• Create a new user with admin permissions and disable the default admin
• Enable TOTP for all users in Personal Settings –> Personal (left pane) –> Security
• Set Email SMTP in Administration Settings –> Administration (left pane) –> Basic Settings
• Enforce two-factor authentication in Administration Settings –> Administration (left pane) –> Security
• Check Administration Settings –> Administration (left pane) –> Overview for Security and setup warnings
  • Login to DSM with SSH and add the php config variable at /volume1/@docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php
• Enable External Storage app
• Check logs and health of running containers: SSH into DSM, then:

  sudo docker ps
  sudo docker logs -f nextcloud-aio-mastercontainer
  sudo docker logs -f nextcloud-aio-apache

• If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening https://yourdomain.tld/settings/admin/overview which will show a button on top that enables you to log in to the AIO interface by just clicking on this button.

• Uninstall the client and then delete the following folders:

  C:\Users\yourwindowsusername\Nextcloud"
  C:\Users\yourwindowsusername\AppData\Local\Nextcloud
  C:\Users\yourwindowsusername\AppData\Roaming\Nextcloud

• If you synced external storage, remove the hidden files (starting with a .) in each folder which was synced, e.g. .nextcloudsync.log, .sync-exclude.lst, .sync_*.db*

• Login to the nextcloud instance

  sudo docker exec -it nextcloud-aio-nextcloud bash

• Config file:

  vi /var/www/html/config/config.php

• Log file:

  vi /var/www/html/data/nextcloud.log

• Truncate log file:

  sudo -u www-data truncate /var/www/html/data/nextcloud.log --size 0

• Login to NextCloud CLI

  sudo docker exec -it nextcloud-aio-nextcloud bash

• Then execute

  sudo -E -u www-data php occ maintenance:repair --include-expensive

• Enter your email SMTP credentials

• Set the default phone region with:

  sudo docker exec -it nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="XX"

1. If your latest version of files is already on the server: remove all files from your desktop
2. If your latest version of files is on your desktop: remove all files from the server
3. Login to Nextcloud and enable External storage support in Profile –> Apps –> Disabled apps
4. Go to Adminstration settings –> External storage and add the path to external storage:
   • Folder name: the name identify this storage from the client
   • External storage: Local
   • Authentication: None
   • Configuration: path to the external storage volume. On Synology this would be /volume1/<shared folder>.
   • Available for: <user>
5. Open your Nextcloud client, then go to Profile –> Settings
6. Click Add Folder Sync Connection, enter the local path to your folder to sync, then select the Folder name you set when you added the external storage
7. Remove the preset Folder Sync Connection in your client

• Add External Storage On Your Nextcloud: Complete Setup Guide!

• Nextcloud All-in-One
• Reverse Proxy Documentation
• How to allow the Nextcloud container to access directories on the host?
• Nextcloud-AIO Release v12.1.4
• How to Install Portainer on a Synology NAS
• How to Set Up Nextcloud on a Synology NAS! (Tutorial)