Nextcloud on Synology DSM 7.2

Assets

  • Synology DiskStation DS716+II with 8GB RAM installed and running DSM 7.2
  • Linux Web Server running Debian 12

Linux Web Server

We need to install a reverse proxy on the machine exposed to the internet to access Nextcloud.

  1. Follow the Reverse Proxy Documentation and expand the “Apache” instructions
  2. Create a subdomain for your domain, for example “cloud.yourdomain.com”. The VirtualHost definition should look like this:
    <VirtualHost *:80>
        ServerName <cloud.yourdomain.com>
    
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
        RewriteCond %{SERVER_NAME} =<cloud.yourdomain.com>
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    </VirtualHost>
    
    <VirtualHost *:443>
        ServerName <cloud.yourdomain.com>
        ServerAdmin you@yourdomain.com
        php_value date.timezone "your/timezone"
        ErrorLog ${APACHE_LOG_DIR}/nc-error.log
        CustomLog ${APACHE_LOG_DIR}/nc-access.log combined
    
        # Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
        RewriteEngine On
        ProxyPreserveHost On
        RequestHeader set X-Real-IP %{REMOTE_ADDR}s
        AllowEncodedSlashes NoDecode
        
        # Adjust the two lines below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
        ProxyPass / http://your.nas.ip.addr:11000/ nocanon
        ProxyPassReverse / http://your.nas.ip.addr:11000/
        
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
        RewriteRule .? "ws://your.nas.ip.addr:11000/%1" [P,L,UnsafeAllow3F] # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
    
        # Enable h2, h2c and http1.1
        Protocols h2 h2c http/1.1
        
        # Solves slow upload speeds caused by http2
        H2WindowSize 5242880
    
        # TLS
        SSLEngine               on
        SSLProtocol             -all +TLSv1.2 +TLSv1.3
        SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
        SSLHonorCipherOrder     off
        SSLSessionTickets       off
    
        # If running apache on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine, 
        # the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain. 
        # In this case the subdomain should already be secured without additional actions
        SSLCertificateFile /etc/letsencrypt/live/cloud.yourdomain.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/cloud.yourdomain.com/privkey.pem
    
        # Disable HTTP TRACE method.
        TraceEnable off
        <Files ".ht*">
            Require all denied
        </Files>
    
        # Support big file uploads
        LimitRequestBody 0
        Timeout 86400
        ProxyTimeout 86400
    </VirtualHost>
  3. Enable HTTP/2:
    sudo a2enmod http2
    systemctl restart apache2

Installation

  1. Follow the detailed instructions in Nextcloud All-in-One
  2. Specific instructions for the reverse proxy are in the Reverse Proxy Documentation
  3. SSH into your NAS and run the following command:
    sudo docker run \
    --init \
    --sig-proxy=false \
    --name nextcloud-aio-mastercontainer \
    --restart always \
    --publish 8080:8080 \
    --env APACHE_PORT=11000 \
    --env APACHE_IP_BINDING=0.0.0.0 \
    --env APACHE_ADDITIONAL_NETWORK="" \
    --env SKIP_DOMAIN_VALIDATION=false \
    --env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data" \
    --env NEXTCLOUD_MOUNT="/volume1/" \
    --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
    --volume /var/run/docker.sock:/var/run/docker.sock:ro \
    ghcr.io/nextcloud-releases/all-in-one:latest
  4. WARNING: do not point NEXTCLOUD_DATADIR to /volume1, as nextcloud will change ownership and permissions of the folder indicated here and break the entire functionality of your NAS. Instead, add NEXTCLOUD_MOUNT to later be able to access shared folders.
  5. If you need to change any of the options above including environment variables after your first setup of Nextcloud AIO do the following:
    1. Stop the nextcloud-aio-mastercontainer in Container Manager of your Synology DSM
    2. Remove the nextcloud-aio-mastercontainer in Container Manager, but not any other container
    3. SSH into your NAS and execute the original docker run command with the changed options
    4. Log back into Nextcloud AIO, stop and then start again all Containers from within Nextcloud AIO

Nextcloud AIO Configuration

  • When done, open a web browser and point it to https://your.nas.ip.addr:8080 and follow the on-screen instructions in Nextcloud AIO to setup all related Nextcloud containers
  • Select “Nextcloud Hub 25 Autumn” and start the installation
  • Note that it will take time to download, install, and start all related containers

NextCloud Configuration

  • Login to NextCloud as default admin, take the temporary password from the nextcloud-aio interface
  • Create a new user with admin permissions and disable the default admin
  • Enable TOTP for all users in Personal Settings –> Personal (left pane) –> Security
  • Set Email SMTP in Administration Settings –> Administration (left pane) –> Basic Settings
  • Enforce two-factor authentication in Administration Settings –> Administration (left pane) –> Security
  • Check Administration Settings –> Administration (left pane) –> Overview for Security and setup warnings
    • Login to DSM with SSH and add the php config variable at /volume1/@docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php
  • Enable External Storage app
  • Check logs and health of running containers: SSH into DSM, then:
    sudo docker ps
    sudo docker logs -f nextcloud-aio-mastercontainer
    sudo docker logs -f nextcloud-aio-apache

Attach external storage