Table of Contents

Nextcloud on Synology DSM 7.2

Assets

Linux Web Server

We need to install a reverse proxy on the machine exposed to the internet to access Nextcloud.

  1. Follow the Reverse Proxy Documentation and expand the “Apache” instructions
  2. Create a subdomain for your domain, for example “cloud.yourdomain.com”. The VirtualHost definition should look like this:
    <VirtualHost *:80>
        ServerName <cloud.yourdomain.com>
    
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
        RewriteCond %{SERVER_NAME} =<cloud.yourdomain.com>
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    </VirtualHost>
    
    <VirtualHost *:443>
        ServerName <cloud.yourdomain.com>
        ServerAdmin you@yourdomain.com
        php_value date.timezone "your/timezone"
        ErrorLog ${APACHE_LOG_DIR}/nc-error.log
        CustomLog ${APACHE_LOG_DIR}/nc-access.log combined
    
        # Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
        RewriteEngine On
        ProxyPreserveHost On
        RequestHeader set X-Real-IP %{REMOTE_ADDR}s
        AllowEncodedSlashes NoDecode
        
        # Adjust the two lines below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
        ProxyPass / http://your.nas.ip.addr:11000/ nocanon
        ProxyPassReverse / http://your.nas.ip.addr:11000/
        
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
        RewriteRule .? "ws://your.nas.ip.addr:11000/%1" [P,L,UnsafeAllow3F] # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
    
        # Enable h2, h2c and http1.1
        Protocols h2 h2c http/1.1
        
        # Solves slow upload speeds caused by http2
        H2WindowSize 5242880
    
        # TLS
        SSLEngine               on
        SSLProtocol             -all +TLSv1.2 +TLSv1.3
        SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
        SSLHonorCipherOrder     off
        SSLSessionTickets       off
    
        # If running apache on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine, 
        # the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain. 
        # In this case the subdomain should already be secured without additional actions
        SSLCertificateFile /etc/letsencrypt/live/cloud.yourdomain.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/cloud.yourdomain.com/privkey.pem
    
        # Disable HTTP TRACE method.
        TraceEnable off
        <Files ".ht*">
            Require all denied
        </Files>
    
        # Support big file uploads
        LimitRequestBody 0
        Timeout 86400
        ProxyTimeout 86400
    </VirtualHost>
  3. Enable HTTP/2:
    sudo a2enmod http2
    systemctl restart apache2

Installation

  1. Follow the detailed instructions in Nextcloud All-in-One
  2. Specific instructions for the reverse proxy are in the Reverse Proxy Documentation
  3. SSH into your NAS and run the following command:
    sudo docker run \
    --init \
    --sig-proxy=false \
    --name nextcloud-aio-mastercontainer \
    --restart always \
    --publish 8080:8080 \
    --env APACHE_PORT=11000 \
    --env APACHE_IP_BINDING=0.0.0.0 \
    --env APACHE_ADDITIONAL_NETWORK="" \
    --env SKIP_DOMAIN_VALIDATION=false \
    --env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data" \
    --env NEXTCLOUD_MOUNT="/volume1/" \
    --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
    --volume /var/run/docker.sock:/var/run/docker.sock:ro \
    ghcr.io/nextcloud-releases/all-in-one:latest
  4. WARNING: do not point NEXTCLOUD_DATADIR to /volume1, as nextcloud will change ownership and permissions of the folder indicated here and break the entire functionality of your NAS. Instead, add NEXTCLOUD_MOUNT to later be able to access shared folders.
  5. If you need to change any of the options above including environment variables after your first setup of Nextcloud AIO do the following:
    1. Stop the nextcloud-aio-mastercontainer in Container Manager of your Synology DSM
    2. Remove the nextcloud-aio-mastercontainer in Container Manager, but not any other container
    3. SSH into your NAS and execute the original docker run command with the changed options
    4. Log back into Nextcloud AIO, stop and then start again all Containers from within Nextcloud AIO

Nextcloud AIO Configuration

NextCloud Configuration

Attach external storage