Self-host Nextcloud

Changelog

2025/06/08: Included a quick look; updated the Docker Compose file to include better Docker networking and integration with a reverse proxy (NPM).

What Is Nextcloud and What Do I Get From Using It?

Nextcloud is an open-source platform for file sync, sharing, and collaboration. You can self-host it for free on your own server or pay a provider to host it for you. Out of the box you get file syncing (desktop & mobile clients), sharing with granular permissions, calendars/contacts, and Nextcloud Talk for calls and chat. With add-ons like Collabora Online you also get real-time document editing. Thanks to a very active app ecosystem, you can extend it a lot. Highlights:

• Data Privacy and Control: Self-hosting means full control over where and how your data is stored.

• Customization and Flexibility: Dozens of apps (polls, forms, Deck/Kanban, mail, photo libraries, OCR, notes). You can also build your own.

• All-in-one-place: One tool for collaborative docs (Google Docs alternative), file sharing (Dropbox alternative), video calls (Zoom alternative), and scheduling (Doodle alternative).

• Integration Options: Works well with tools like OpenProject (attach files to tasks) and many others.

• Lower Costs: Scale storage/CPU on your server instead of stacking SaaS subscriptions.

Nextcloud AIO Quick Look

📦 App Info

• Logo:
  
• Purpose: A self-hosted productivity platform for file syncing, collaboration, calendar, contacts, and more
  
• Deployment: Docker Compose, Snap, Web Installer, or Manual (LAMP stack)

---

🔍 Tech & Usage

• Stack: PHP (with JS frontend), database (PostgreSQL or MariaDB/MySQL), Redis cache
• Memory: ~1.5 GB in idle for a standard setup, depends on enabled apps
  
• Disk: ~500 MB base + storage for user files
  
• CPU: ~4% of 4 vCPUs (idle, scales with users and features enabled)

---

📜 License & Community

• License: Open Source (AGPL-3.0)
  
• Pricing: Free (self-host); paid hosting/support available
• Type: Community-driven with commercial backing (Nextcloud GmbH)
  
• User Base: Large

---

🌐 Homepage · 💻 GitHub

Sounds good? Let’s get started!

Step 1: Install Nextcloud

Step 1.1: Register Your New Subdomain

Visit your domain registrar and set an A-record for nextcloud.yourdomain.com (or whatever subdomain you prefer) pointing to your server’s IPv4 address. (If you get stuck on domains or reverse proxy prep, see the server-basics post.)

Step 1.2: Install Nextcloud

Connect to your server:

ssh user@your_server_ip

Create a working directory and enter it:

mkdir nextcloud

1

Makes a folder named nextcloud (name it anything you like).

cd nextcloud

1

Switches into that folder.

Create a docker-compose.yml file.

nano docker-compose.yml

1

We’ll define the Nextcloud AIO setup here.

We’ll use the official Nextcloud AIO image. This spins up and manages the full Nextcloud stack for you (app, DB, Redis, optional services). The snippet below assumes you already run a reverse proxy (Nginx Proxy Manager) on a Docker network called npmnet.

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - npmnet
    environment:
      - APACHE_PORT=11000
      - APACHE_IP_BINDING=0.0.0.0
      - APACHE_ADDITIONAL_NETWORK=npmnet

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer
    
networks:
  npmnet:
    external: true

1

AIO needs access to the Docker socket to create/update its internal containers. Because this is powerful access, protect the AIO Update/Admin UI with a strong password (you’ll set it later) and don’t expose it publicly.

2

Attach to the same Docker network your reverse proxy uses so NPM can reach Nextcloud internally.

3

The Apache container inside AIO will listen on this port inside Docker.

4

Bind Apache to all interfaces in the container so the reverse proxy can reach it over the Docker network.

5

Ensures the AIO-managed Apache container is also attached to npmnet, preventing “Bad Gateway (502)” errors.

6

Declares that npmnet already exists. (If it doesn’t, create it with docker network create npmnet and make sure your reverse proxy is on it.)

Wondering what the code means?

Services Section

• nextcloud-aio-mastercontainer

  • image: nextcloud/all-in-one: This specifies the Docker image to use. In this case, it is the latest version of the Nextcloud All-in-One image.

  • init: true: This makes sure that an init system (like tini) is used to handle process management inside the container.

  • restart: always: This ensures that the container always restarts if it stops or if the Docker daemon is restarted. This is good for ensuring the service is always running.

  • container_name: nextcloud-aio-mastercontainer: This gives a specific name to the container, making it easier to manage.

• volumes

  • nextcloud_aio_mastercontainer:/mnt/docker-aio-config: This creates a named volume (nextcloud_aio_mastercontainer) and mounts it inside the container at /mnt/docker-aio-config. This is used for storing configuration data persistently.

  • /var/run/docker.sock:/var/run/docker.sock: This mounts the Docker socket into the container as read-write. This allows the container to communicate with the Docker daemon, which is necessary for managing other containers. Note that read-write (‘rw’) is a security risk, so we need to secure the AIO update page properly.

• environment

  • APACHE_PORT=11000: This sets an environment variable inside the container, specifying the port on which the Apache server (part of Nextcloud) will listen.

  • APACHE_IP_BINDING=0.0.0.0: This sets another environment variable, specifying that Apache should listen on the container’s interface so NPM can reach it over Docker networking. We set this because we want Nginx Proxy Manager to handle incoming requests from the web (request -> NPM -> Nextcloud, instead of request -> Nextcloud). We would have to delete this line if we were not using some kind of reverse proxy. Otherwise, Nextcloud would not be reachable from outside the server (e.g. from your browser).

Volumes Section

• nextcloud_aio_mastercontainer: This defines a named volume with the name nextcloud_aio_mastercontainer. Named volumes are used to persist data, even if the container is removed or updated.

---

Bring the stack up:

docker compose up -d

1

Starts the mastercontainer in the background; it will orchestrate additional Nextcloud containers on first run.

Step 1.3: Configure Proxy and Test

Next, go to your Nginx Proxy Manager admin page. Add a host record for nextcloud.yourdomain.com, with the forward hostname ‘nextcloud-aio-apache’, and port 11000. Enable Block Common Exploits and Websockets Support.

Move to the SSL tab and request a new certificate. Enable Force SSL, HTTP/2 Support, and HSTS. Enter your email address and agree to the terms and conditions.

In the Advanced tab, you can optionally raise limits for large uploads:

client_body_buffer_size 512k;
proxy_read_timeout 86400s;
client_max_body_size 0;

These settings are optional, but have been recommended on GitHub. Setting proxy_read_timeout to 86400s (24 hours) specifies the maximum amount of time for an operation, such as a file upload. This will allow enough time for even large files to be uploaded at slow upload speeds. Setting client_max_body_size to 0 specifies that there is no limit to the size of files that Nextcloud will handle. You can set user limits in Nextcloud itself, so it makes sense not to set any limits here. Hit save. Don’t try to the reach your instance with your subdomain, yet.

Now, we need to set up another proxy host—this time for the AIO Update UI. The Nextcloud All-in-One interface offers a convenient way to stop, update, and restart your containers. However, since we are running everything behind a reverse proxy, we must configure routing to the update page correctly; otherwise, you’ll encounter timeouts and won’t be able to update safely.

First, register a new subdomain with your domain registrar, for example ‘aio.yourdomain.com’.

Then, in Nginx Proxy Manager, go to Access Lists in the navigation bar. Here, we’ll set up basic authentication for the AIO update page. Click Add Access List, give it a descriptive name, and enable Satisfy Any. Under the Authorization tab, create a username and a strong password. Save your changes. This access list will now be available for selection in your proxy host configuration.

Next, create another proxy host for ‘aio.yourdomain.com’, with the forward hostname ‘nextcloud-aio-mastercontainer’, and port 8080. Enable Block Common Exploits, Websockets Support, and choose the access list you just created. In the SSL tab, request a new certificate, force SSL, and save.

Step 1.4: Set Up Your Nextcloud Instance

Use your new AIO subdomain to access the setup page of your Nextcloud instance. You will see the Nextcloud AIO setup page. Important: Copy the password provided on the setup page. Once you have copied it, click the login button.

A login window appears. Enter the passphrase. In the next window, enter your public Nextcloud domain (e.g. nextcloud.yourdomain.com) and continue.

In the next window you can choose some addons. I usually start light for performance on small VPS plans. If you want collaborative editing and video calls, enable Collabora and Talk. Set the correct timezone, then click Start containers.

You’ll see build progress indicators. Wait until all containers are green (running), typically ~5 minutes. You can click a container’s status to view its logs.

When the process completes, AIO shows your initial Nextcloud admin credentials and an option to set up backups. (If your disk is tight, you can skip backups for now and revisit later, or rely of your VPS provider’s snapshot capabilities). Use the credentials to log in at your public Nextcloud domain (https://nextcloud.yourdomain.com).

Security tip: After confirming everything works, you can disable the AIO admin proxy host in NPM until the next maintenance window. Disabling routing to the AIO page increases security, but Nextcloud might not be able to send you update reminders. Therefore, you must keep track of updates manually.

If you need more details, you can find the official setup guide here.

Troubleshooting

• You can find more options and explanations concerning your docker-compose.yml file here.

• General advice and a FAQ can be found here.

• If you ever see a random hex string instead of the Nextcloud login page, you’re probably hitting the AIO domaincheck helper. Make sure AIO has created the nextcloud-aio-apache container and that your public proxy points to nextcloud-aio-apache:11000 on the shared Docker network.

• One problem that can arise when you try to put an existing Nextcloud instance behind a reverse proxy is that it does not recognize the old setup and offers to configure a fresh installation instead. You can try removing all Nextcloud containers except the master container (keep the volumes, of course, or you will lose all your data!). Then, go through the installation process and start the containers. If all goes well, Nextcloud will create fresh containers and finally recognize them.

• If you no longer have the passphrase (or it doesn’t work), you can grab it with docker exec nextcloud-aio-mastercontainer grep password /mnt/docker-aio-config/data/configuration.json.

• If you’re stuck and want to start fresh, you can reset your Nextcloud instance. If something went wrong before you could reach the AIO interface, try to figure out what is wrong by looking in the logs (docker logs <containername> -f), and carefully checking the NPM settings. Also try “docker compose down”, and then rebuild the containers with “docker compose up -d”, especially after changing something in the docker-compose.yml file.

Step 1.5: Install and Configure Nextcloud Desktop (Optional)

You can install Nextcloud Desktop on your local machine to automatically synchronize files with your Nextcloud instance in folders you specify. That’s quite useful. For example, when you work on a presentation and click save, the updated file is automatically backed up to your cloud. And when a colleague edits it in the cloud, the updated file is automatically downloaded to your system.

If you want that, here is what you do:

• Get Nextcloud Desktop from the official download page. There are options for Windows, Mac, and Linux.

• Install it.

• Start the app. You will be prompted to link your Desktop App with the URL of your instance. A browser window will pop up asking you to log in for verification.

• Next, choose what should be synced and where in the Desktop app. That’s it.

---

Step 2: Explore and Customize Your Nextcloud Instance

You have your own Nextcloud! Log in and click around. In the top right corner you will find a panel where you can change the look, go to the settings or install applications. Here are some pointers on how to get started.

2.1 Installing an Office Suite

• Choosing an Office Suite: You will probably need an office suite that enables collaborative editing. You can choose between Nextcloud Office (Collabora) and OnlyOffice. Nextcloud Office should be already installed.

• Nextcloud Office: NO is a recent app developed by Nextcloud themselves. It is a version of Collabora that is optimized for Nextcloud. Collabora in turn uses LibreOffice.

• OnlyOffice: The focus of OnlyOffice is the look of and compatibility with Microsoft Office documents. Although Nextcloud Office does also supports MS Office files such as .docx, you may get a closer experience and better compatibility with OnlyOffice.

• Installation: You can (de)install either from the Nextcloud App Store. You can also get both, but this will use up your VPS resources and may get confusing.

2.2 Setting Up Video Calls (Nextcloud Talk)

• Install Nextcloud Talk: This should also be installed out of the box. However, you need to make sure that port 3478 is open on your server. Use sudo ufw allow 3478 in your server console. This port is used by the TURN (Traversal Using Relays around NAT) server inside the Talk docker container. The TURN server ensures that people using a computer behind a restrictive firewall (think work environment) can join the video conference by relaying the media stream instead of using a direct (P2P) connection that might be blocked.

• Configuration: You should see it in the top toolbar. Go ahead and explore! Test the functionality with a friend to get used to it. You will notice cool things like the automatic recording of each participant’s speaking time.

2.3 Explore the Store for More Useful Apps

• Keep Your Server Resources in Mind: There are lots of apps you can install. But each one uses a little more of your server’s resources. So only install what you really need, and disable the ones you don’t use.

• Examples For Potentially Useful Apps:

  • Notes: Quick notes with mobile apps available.

  • Polls: The Polls app allows you to create polls, for example to schedule a meeting.

  • Forms: An app for simple questionnaires.

  • Tasks: Organize your tasks, sync them to your devices and calendar.

  • OpenProject: Attach Nextcloud files to OpenProject tasks (see the official guide).

2.4 Configuring File Sync

• Desktop and Mobile Clients: Install the Nextcloud clients on your devices. See above for how to do install the desktop client. Mobile apps are also available.

• Sync Folders: Choose which folders you want to sync from your devices to Nextcloud and vice versa. For example, in the desktop client, click on your user and go to settings. There you can add folders on your system that you want to sync. Remember that your server’s storage capacity is probably quite limited. So only sync files that are important for collaboration. If you need more storage, you can upgrade your server rental plan or use the “External storage support” app to point your Nextcloud to external storage such as a Network Attached Storage (NAS).

2.5 Additional Customization and Security Settings

• Appearance and Accessibility: There is a menu of the same name, where you can change the theme of your Nextcloud, change the background, and configure keyboard shortcuts.

• Personal Settings: Here you can add your personal information if you wish. There is also a useful indicator of how much space your files are using.

• Add Users: You can share files, polls and video calls with anyone via links (they enter as guests). Consider creating user accounts for people you collaborate with frequently, such as co-authors. You can set permissions and manage access for all users.

• Security Settings: In the Administration Settings menu, you will see tips to enhance your secrurity settings. The security settings in the Nginx Proxy Manager should already take care of critical security issues. Nextcloud also offers a nice feature to check the security status of your Nextcloud instance. Just enter the URL of your Nextcloud instance and check what could be improved. Your rating should always be “A” or “A+”.

Step 3 (Later): Upgrading Nextcloud

Fortunately, you can upgrade your installed applications with a simple click from your Nextcloud menu. Upgrading the Docker containers themselves isn’t much more difficult.

1. Backup Your Data: Before proceeding with the upgrade, it’s important to back up your Nextcloud data. Make sure you have everything backed up in case the worst happens and your current installation bricks. Either have a full backup of your Nextcloud ready, or a recent server snapshot that you can easily revert to.

2. Enable the AIO admin proxy host in NPM (maintenance window), open https://aio.yourdomain.com, sign in, and run the system update. Watch the logs until containers are healthy. Optionally disable the AIO admin proxy host again when you’re done.

That’s it, thank you for following along - dot by dot.

Giving Back

How awesome is Nextcloud? And all that FOR FREE. Visit the contribution page to find out how you can give back.