Nextcloud on Synology DSM 7.2

• Synology DiskStation DS716+II with 8GB RAM installed and running DSM 7.2
• Linux Web Server running Debian 12

We need to install a reverse proxy on the machine exposed to the internet to access Nextcloud.

1. Follow the Reverse Proxy Documentation and expand the “Apache” instructions
2. Create a subdomain for your domain, for example “cloud.yourdomain.com”. The VirtualHost definition should look like this:

   <VirtualHost *:80>
       ServerName <cloud.yourdomain.com>
   
       RewriteEngine On
       RewriteCond %{HTTPS} off
       RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
       RewriteCond %{SERVER_NAME} =<cloud.yourdomain.com>
       RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
   </VirtualHost>
   
   <VirtualHost *:443>
       ServerName <cloud.yourdomain.com>
       ServerAdmin you@yourdomain.com
       php_value date.timezone "your/timezone"
       ErrorLog ${APACHE_LOG_DIR}/nc-error.log
       CustomLog ${APACHE_LOG_DIR}/nc-access.log combined
   
       # Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
       RewriteEngine On
       ProxyPreserveHost On
       RequestHeader set X-Real-IP %{REMOTE_ADDR}s
       AllowEncodedSlashes NoDecode
       
       # Adjust the two lines below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
       ProxyPass / http://your.nas.ip.addr:11000/ nocanon
       ProxyPassReverse / http://your.nas.ip.addr:11000/
       
       RewriteCond %{HTTP:Upgrade} websocket [NC]
       RewriteCond %{HTTP:Connection} upgrade [NC]
       RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
       RewriteRule .? "ws://your.nas.ip.addr:11000/%1" [P,L,UnsafeAllow3F] # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
   
       # Enable h2, h2c and http1.1
       Protocols h2 h2c http/1.1
       
       # Solves slow upload speeds caused by http2
       H2WindowSize 5242880
   
       # TLS
       SSLEngine               on
       SSLProtocol             -all +TLSv1.2 +TLSv1.3
       SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
       SSLHonorCipherOrder     off
       SSLSessionTickets       off
   
       # If running apache on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine, 
       # the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain. 
       # In this case the subdomain should already be secured without additional actions
       SSLCertificateFile /etc/letsencrypt/live/cloud.yourdomain.com/fullchain.pem
       SSLCertificateKeyFile /etc/letsencrypt/live/cloud.yourdomain.com/privkey.pem
   
       # Disable HTTP TRACE method.
       TraceEnable off
       <Files ".ht*">
           Require all denied
       </Files>
   
       # Support big file uploads
       LimitRequestBody 0
       Timeout 86400
       ProxyTimeout 86400
   </VirtualHost>

3. Enable HTTP/2:

   sudo a2enmod http2
   systemctl restart apache2

1. Follow the detailed instructions in Nextcloud All-in-One
2. Specific instructions for the reverse proxy are in the Reverse Proxy Documentation
3. SSH into your NAS and run the following command:

   sudo docker run \
   --init \
   --sig-proxy=false \
   --name nextcloud-aio-mastercontainer \
   --restart always \
   --publish 8080:8080 \
   --env APACHE_PORT=11000 \
   --env APACHE_IP_BINDING=0.0.0.0 \
   --env APACHE_ADDITIONAL_NETWORK="" \
   --env SKIP_DOMAIN_VALIDATION=false \
   --env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data" \
   --env NEXTCLOUD_MOUNT="/volume1/" \
   --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
   --volume /var/run/docker.sock:/var/run/docker.sock:ro \
   ghcr.io/nextcloud-releases/all-in-one:latest

4. WARNING: do not point NEXTCLOUD_DATADIR to /volume1, as nextcloud will change ownership and permissions of the folder indicated here and break the entire functionality of your NAS. Instead, add NEXTCLOUD_MOUNT to later be able to access shared folders.
5. If you need to change any of the options above including environment variables after your first setup of Nextcloud AIO do the following:
   1. Stop the nextcloud-aio-mastercontainer in Container Manager of your Synology DSM
   2. Remove the nextcloud-aio-mastercontainer in Container Manager, but not any other container
   3. SSH into your NAS and execute the original docker run command with the changed options
   4. Log back into Nextcloud AIO, stop and then start again all Containers from within Nextcloud AIO

• When done, open a web browser and point it to https://your.nas.ip.addr:8080 and follow the on-screen instructions in Nextcloud AIO to setup all related Nextcloud containers
• Select “Nextcloud Hub 25 Autumn” and start the installation
• Note that it will take time to download, install, and start all related containers

• Login to NextCloud as default admin, take the temporary password from the nextcloud-aio interface
• Create a new user with admin permissions and disable the default admin
• Enable TOTP for all users in Personal Settings –> Personal (left pane) –> Security
• Set Email SMTP in Administration Settings –> Administration (left pane) –> Basic Settings
• Enforce two-factor authentication in Administration Settings –> Administration (left pane) –> Security
• Check Administration Settings –> Administration (left pane) –> Overview for Security and setup warnings
  • Login to DSM with SSH and add the php config variable at /volume1/@docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php
• Enable External Storage app
• Check logs and health of running containers: SSH into DSM, then:

  sudo docker ps
  sudo docker logs -f nextcloud-aio-mastercontainer
  sudo docker logs -f nextcloud-aio-apache

• SSH into your DSM and add 'nextcloud' as user and group with ID to /etc/passwd and /etc/group
• Add External Storage On Your Nextcloud: Complete Setup Guide!

• Nextcloud All-in-One
• Reverse Proxy Documentation
• How to allow the Nextcloud container to access directories on the host?
• How to Install Portainer on a Synology NAS
• How to Set Up Nextcloud on a Synology NAS! (Tutorial)