This will build a Dockerfile for Nextcloud - a web based groupware solution.
- Includes fail2ban for bad authentication blocking
- Includes Nextcloud Hi Performance Files Backend
- [Dave Conroy][https://github.com/tiredofit]
- About
- Maintainer
- Table of Contents
- Installation
- Configuration
- Upgrading from the 2.x Series
- Maintenance
- Support
- License
- References
Clone this repository and build the image with docker build <arguments> (imagename) .
Builds of the image are available on Docker Hub and is the recommended method of installation.
The following image tags are available along with their tagged release based on what's written in the Changelog:
Version | Container OS | Tag |
---|---|---|
23 | Alpine | :23-latest |
22 | Alpine | :22-latest |
21 | Alpine | :21-latest |
Images are built primarily for amd64
architecture, and may also include builds for arm/v6
, arm/v7
, arm64
and others. These variants are all unsupported. Consider sponsoring my work so that I can work with various hardware. To see if this image supports multiple architecures, type docker manifest (image):(tag)
-
The quickest way to get started is using docker-compose. See the examples folder for a working docker-compose.yml that can be modified for development or production use.
-
Set various environment variables to understand the capabilities of this image.
-
Map persistent storage for access to configuration and data files for backup.
- Make networking ports available for public access if necessary
The first boot can take from 2 minutes - 5 minutes depending on your CPU to setup the proper schemas.
The following directories are used for configuration and can be mapped for persistent storage.
Upgrading from an earlier version of this image running Nextcloud 20 or earlier? See Upgrading from the 2.x Series
Directory | Description |
---|---|
/data/userdata |
Nextcloud Data |
/www/nextcloud/config |
Nextcloud Configuration Directory |
/data/apps |
Custom Apps downloaded from Plugin Store |
/data/themes |
Custom Themes Directory |
/data/cache |
Cache Directory |
/data/tmp |
Temporary Directory |
/data/templates/ |
Templates Directory |
/www/logs |
Nginx / php-fpm / Nextcloud logfiles |
This image relies on an Alpine Linux base image that relies on an init system for added capabilities. Outgoing SMTP capabilities are handlded via msmtp
. Individual container performance monitoring is performed by zabbix-agent. Additional tools include: bash
,curl
,less
,logrotate
,nano
,vim
.
Be sure to view the following repositories to understand all the customizable options:
Image | Description |
---|---|
OS Base | Customized Image based on Alpine Linux |
Nginx | Nginx webserver |
PHP-FPM | PHP Interpreter |
If you there are features that you wish to override based on the defaults and for some reason the environment variables are not working, create a file called custom.config.php
in your data/config
directory
Parameter | Description | Default |
---|---|---|
ADMIN_USER |
Admin user e.g. admin |
|
ADMIN_PASS |
Admin pass e.g. password |
|
DOMAIN |
The Domain that this is configured for e.g. 'example.org' | |
DB_TYPE |
Set the DB_TYPE - e.g. mysql , postgres , sqlite3 |
sqlite3 |
DB_HOST |
Hostname of DB Server e.g. nextcloud-db |
|
DB_NAME |
Database name e.g. nextcloud |
|
DB_PORT |
Database port e.g. 3306 |
|
DB_USER |
Username for Database e.g. nextcloud |
|
DB_PASS |
Password for Database e.g. password |
|
IFRAME_DOMAINS |
Comma seperated value of domains/hostnames you want to allow loading the site via an IFrame e.g. site.example.com |
|
MONITORING_APPLICATION_TOKEN |
Monitoring Application Token if 'serverinfo' application installed |
This image automatically configures nextcloud with the following options as defined in config.sample.php.
Variable | Description | Nextcloud Attribute | Default |
---|---|---|---|
ANIMATED_GIFS_MAX_FILESIZE |
Max file size for Animated Gifs | max_filesize_animated_gifs_public_sharing |
10 |
CACHE_DIRECTORY |
Cache Directory (leave blank for default) | `` | |
CIPHER |
Encryption Cipher | cipher |
AES-256-CFB |
DATA_DIRECTORY |
Data Directory | ${NGINX_WEBROOT}/data |
|
DEFAULT_APPLICATION |
Default Application users see | defaultapp |
files |
DEFAULT_LANGUAGE |
Default Language to Install | default_language |
en |
DEFAULT_LOCALE |
Default Locale | default_locale |
en_US |
ENABLE_APP_CODE_CHECKER |
Check for signatures on all code | appcodechecker |
TRUE |
ENABLE_APP_STORE |
Enable App Store | appstoreenabled |
TRUE |
ENABLE_BRUTEFORCE_PROTECTION |
Enable Brute Force Protection | auth.bruteforce.protection.enabled |
TRUE |
ENABLE_CHECK_WELLKNOWN |
Enable .wellknown check in admin | TRUE |
|
ENABLE_DISPLAY_NAME_CHANGE |
Allow user to change name | allow_user_to_change_display_name |
TRUE |
ENABLE_FILESYSTEM_CHECK_CHANGES |
Check changes on Filesystem in Background | filesystem_check_changes |
FALSE |
ENABLE_FILE_LOCKING |
Enable File Locking | filelocking.enabled |
TRUE |
ENABLE_KNOWLEDGE_BASE |
Enable Help Menu | knowledgebaseenabled |
TRUE |
ENABLE_LOGIN_FORM_AUTOCOMPLETE |
Allow Autocomplete on Login Pages | login_form_autocomplete |
TRUE |
ENABLE_LOG_QUERY |
Enable Logging DB Queries | log_query |
FALSE |
ENABLE_MYSQL_UTF8MB4 |
Enable 4 byte strings for MariaDB | mysql.utf8mb4 |
TRUE |
ENABLE_PARTFILE_UPLOADS_STORAGE |
Enable uploading .part files in same location | TRUE |
|
ENABLE_PREVIEWS |
Enable Document Previews | enable_previews |
TRUE |
ENABLE_SESSION_KEEPALIVE |
Enable Keepalive sessions | session_keepalive |
TRUE |
ENABLE_SIGN_UP |
Allow Signups to Instance | simpleSignUpLink.shown |
TRUE |
ENABLE_SMTP_AUTHENTICATION |
Enable SMTP Authentication | mail_smtpauth |
FALSE |
ENABLE_TOKEN_AUTH_ENFORCED |
Enforce logging in with Tokens for Clients | token_auth_enforced |
FALSE |
FILE_LOCKING_DEBUG |
Debug File Locking | filelocking.debug |
FALSE |
FORCE_LANGUAGE |
Force Language | force_language |
en |
FORCE_LOCALE |
Force Locale | force_locale |
en_US |
HASHING_COST |
Performance Cost for Hashing | hashingCost |
10 |
LDAP_CLEANUP_INTERVAL |
How many minutes to cleanup LDAP users | ldapUserCleanupInterval |
51 |
LOG_DATE_FORMAT |
Format for Date and Time in logs | logdateformat |
Y-m-d H:i:s |
LOG_DIR |
Log Directory | logfile |
/www/logs/nextcloud |
LOG_FILE_AUDIT |
Audit Log file | audit.log |
|
LOG_FILE_FLOW |
Workflow Log File | flow.log |
|
LOG_LEVEL |
Log Level | loglevel |
2 |
LOG_TIMEZONE |
Timezone for Logfile | logtimezone |
Container Timezone |
OVERWRITE_HOST |
Override the hostname for URLs | overwritehost |
`` |
OVERWRITE_PROTOCOL |
Override the Protocol if behind proxy | overwriteprotocol |
`` |
PREVIEW_MAX_X |
Maximum Pixels for Previews (X) | preview_max_x |
200 |
PREVIEW_MAX_Y |
Maximum Pixels for Previews (Y) | preview_max_y |
200 |
SHARE_FOLDER |
Change root path of all shares to users | / |
|
SHARING_ENABLE_ACCEPT |
Enable Sharing Acceptance features | FALSE |
|
SHARING_ENABLE_MAIL |
Enable Sharing Mail Notification | TRUE |
|
SHARING_FORCE_ACCEPT |
Force Sharing Acceptance features | FALSE |
|
SHARING_MAX_AUTOCOMPLETE_RESULTS |
Maximum results returned when searching | sharing.maxAutocompleteResults |
0 |
SHARING_MIN_SEARCHSTRING_LENGTH |
How many characters to type before searching | sharing.minSearchStringLength |
2 |
SKELETON_DIRECTORY |
What folder is copied to new users folders on first login | skeletondirectory |
${NGINX_WEBROOT}/core/skeleton |
SMTP_AUTHENTICATION_TYPE |
Type of SMTP Authentication | mail_smtpauthtype |
NONE |
SMTP_DEBUG |
Debug SMTP activities | mail_smtpdebug |
FALSE |
SMTP_DOMAIN |
Email Domain for Outbound mail | mail_domain |
example.org |
SMTP_FROM |
Account name for Outbound Email, SMTP_DOMAIN will be added | mail_from_address |
noreply |
SMTP_HOST |
Remote SMTP Host | mail_smtphost |
postfix_relay |
SMTP_PASS |
SMTP Password | mail_smtppassword |
`` |
SMTP_PORT |
SMTP Port | mail_smtpport |
25 |
SMTP_SECURE |
tls ,ssl if SMTP is TLS/SSL encrypted |
mail_smtpsecure |
FALSE |
SMTP_SEND_PLAINTEXT_ONLY |
Send Plaintext Email Only | mail_send_plaintext_only |
FALSE |
SMTP_TIMEOUT |
Timeout for SMTP connections | mail_smtptimeout |
10 |
SMTP_USER |
SMTP Username (user part) | mail_smtpname |
`` |
SORT_GROUPS_BY_NAME |
Sort groups by name as opposed to most users | sort_groups_by_name |
FALSE |
TRASHBIN_RETENTION |
How to deal with users trashbins | trashbin_retention_obligation |
auto |
VERSIONS_RETENTION |
How to deal with File Versions | versions_retention_obligation |
auto |
The following ports are exposed.
Port | Description |
---|---|
80 |
HTTP |
-
If you are upgrading from the 2.x series of images (Nextcloud 20 and below) please note that the following environment variables have been introduced
-
TEMP_DIRECTORY
- For holding temporary files -
CACHE_DIRECTORY
- Moving the "Cache" per user out of their user data folder for those using S3 Backend for performance reasons -
APP_DIRECTORY
- Applications downloaded from the App Store -
DATA_DIRECTORY
- Users Data Directory -
You will also need to export new volumes if you are using the new defaults to these paths above:
Environment Variable | 2.x Images volume mapping | New Image mapping |
---|---|---|
APP_DIRECTORY |
/www/nextcloud/custom-apps |
/data/apps |
CACHE_DIRECTORY |
unset | /data/cache |
DATA_DIRECTORY |
/www/nextcloud/data |
/data/userdata |
SKELETON_DIRECTORY |
${NGINX_WEBROOT}/core/skeleton |
/data/templates/skeleton |
TEMP_DIRECTORY |
unset | /data/tmp |
- Additionally you will need to make a change to the database to support the change of the data location as listed here.
For debugging and maintenance purposes you may want access the containers shell.
bash docker exec -it (whatever your container name is) bash
These images were built to serve a specific need in a production environment and gradually have had more functionality added based on requests from the community.
- The Discussions board is a great place for working with the community on tips and tricks of using this image.
- Consider sponsoring me personalized support.
- Please, submit a Bug Report if something isn't working as expected. I'll do my best to issue a fix in short order.
- Feel free to submit a feature request, however there is no guarantee that it will be added, or at what timeline.
- Consider sponsoring me regarding development of features.
- Best effort to track upstream changes, More priority if I am actively using the image in a production environment.
- Consider sponsoring me for up to date releases.
MIT. See LICENSE for more details.