Table of Contents
Nextcloud on Synology DSM 7.2
Assets
- Synology DiskStation DS716+II with 8GB RAM installed and running DSM 7.2
- Linux Web Server running Debian 12
Linux Web Server
We need to install a reverse proxy on the machine exposed to the internet to access Nextcloud.
- Follow the Reverse Proxy Documentation and expand the “Apache” instructions
- Create a subdomain for your domain, for example “cloud.yourdomain.com”. The VirtualHost definition should look like this:
<VirtualHost *:80> ServerName <cloud.yourdomain.com> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} RewriteCond %{SERVER_NAME} =<cloud.yourdomain.com> RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> <VirtualHost *:443> ServerName <cloud.yourdomain.com> ServerAdmin you@yourdomain.com php_value date.timezone "your/timezone" ErrorLog ${APACHE_LOG_DIR}/nc-error.log CustomLog ${APACHE_LOG_DIR}/nc-access.log combined # Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html RewriteEngine On ProxyPreserveHost On RequestHeader set X-Real-IP %{REMOTE_ADDR}s AllowEncodedSlashes NoDecode # Adjust the two lines below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below ProxyPass / http://your.nas.ip.addr:11000/ nocanon ProxyPassReverse / http://your.nas.ip.addr:11000/ RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Connection} upgrade [NC] RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$" RewriteRule .? "ws://your.nas.ip.addr:11000/%1" [P,L,UnsafeAllow3F] # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below # Enable h2, h2c and http1.1 Protocols h2 h2c http/1.1 # Solves slow upload speeds caused by http2 H2WindowSize 5242880 # TLS SSLEngine on SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder off SSLSessionTickets off # If running apache on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine, # the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain. # In this case the subdomain should already be secured without additional actions SSLCertificateFile /etc/letsencrypt/live/cloud.yourdomain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/cloud.yourdomain.com/privkey.pem # Disable HTTP TRACE method. TraceEnable off <Files ".ht*"> Require all denied </Files> # Support big file uploads LimitRequestBody 0 Timeout 86400 ProxyTimeout 86400 </VirtualHost> - Enable HTTP/2:
sudo a2enmod http2 systemctl restart apache2
Installation
- Follow the detailed instructions in Nextcloud All-in-One
- Specific instructions for the reverse proxy are in the Reverse Proxy Documentation
- SSH into your NAS and run the following command:
sudo docker run \ --init \ --sig-proxy=false \ --name nextcloud-aio-mastercontainer \ --restart always \ --publish 8080:8080 \ --env APACHE_PORT=11000 \ --env APACHE_IP_BINDING=0.0.0.0 \ --env APACHE_ADDITIONAL_NETWORK="" \ --env SKIP_DOMAIN_VALIDATION=false \ --env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data" \ --env NEXTCLOUD_MOUNT="/volume1/" \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ ghcr.io/nextcloud-releases/all-in-one:latest
- WARNING: do not point NEXTCLOUD_DATADIR to /volume1, as nextcloud will change ownership and permissions of the folder indicated here and break the entire functionality of your NAS. Instead, add NEXTCLOUD_MOUNT to later be able to access shared folders.
- If you need to change any of the options above including environment variables after your first setup of Nextcloud AIO do the following:
- Stop the
nextcloud-aio-mastercontainerin Container Manager of your Synology DSM - Remove the
nextcloud-aio-mastercontainerin Container Manager, but not any other container - SSH into your NAS and execute the original docker run command with the changed options
- Log back into Nextcloud AIO, stop and then start again all Containers from within Nextcloud AIO
Nextcloud AIO Configuration
- When done, open a web browser and point it to
https://your.nas.ip.addr:8080and follow the on-screen instructions in Nextcloud AIO to setup all related Nextcloud containers - Select “Nextcloud Hub 25 Autumn” and start the installation
- Note that it will take time to download, install, and start all related containers
NextCloud Configuration
- Login to NextCloud as default
admin, take the temporary password from the nextcloud-aio interface - Create a new user with admin permissions and disable the default
admin - Enable TOTP for all users in Personal Settings –> Personal (left pane) –> Security
- Set Email SMTP in Administration Settings –> Administration (left pane) –> Basic Settings
- Enforce two-factor authentication in Administration Settings –> Administration (left pane) –> Security
- Check Administration Settings –> Administration (left pane) –> Overview for Security and setup warnings
- Login to DSM with SSH and add the php config variable at
/volume1/@docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php
- Enable External Storage app
- Check logs and health of running containers: SSH into DSM, then:
sudo docker ps sudo docker logs -f nextcloud-aio-mastercontainer sudo docker logs -f nextcloud-aio-apache
Attach external storage
- SSH into your DSM and add 'nextcloud' as user and group with ID to
/etc/passwdand/etc/group