Programster's Blog

Tutorials focusing on Linux, programming, and open source

Add SSL To Nextcloud

In this tutorial, we are going to use an Nginx reverse proxy to handle HTTPS requests and redirect to the nextcloud container we deployed with docker. We are also going to use docker-compose to manage the multiple containers (one for Nextcloud, and one for the reverse proxy). If you are already using a reverse proxy, you can skip this tutorial and just give it your SSL certificates and have it forward plain HTTP requests to your nextcloud server.

Steps

Generate your SSL certificates or generate some self-signed certificates. If you have two certifacate files, one for your CA, and one for your site, then you will have to combine them like so:

cat my-site.crt > ssl.crt
echo "" >> ssl.crt
cat ca.crt >> ssl.crt

Copy the certificates over to your server in a folder within $HOME/certs. You can change the path if you wish, but you will have to change it accordingly in the future steps. Make sure to name your files after your domain. E.g. my domain is nextcloud.programster.org so my files are:

nextcloud.programster.org.crt
nextcloud.programster.org.key

Make sure you are using the decrypted private key file.

Install docker-compose.

Create an nginx-overrides.conf file to tell Nginx we want to support large file uploads for our Nextcloud server:

echo client_max_body_size 1000000m; > $HOME/nginx-overrides.conf

Create a docker-compose.yml file like so, making sure to replace nextcloud.programster.org with whatever your nextcloud server's name is.

version: '2'

services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    ports:
      - "443:443"
    environment:
        - MAX_UPLOAD_SIZE=200000000M
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - $HOME/certs:/etc/nginx/certs
      - $HOME/nginx-overrides.conf:/etc/nginx/conf.d/nginx-overrides.conf:ro
    restart: always

  nextcloud.programster.org:
    depends_on:
      - nginx-proxy
    image: nextcloud:12
    ports:
      - "80:80"
    environment:
      - VIRTUAL_HOST=nextcloud.programster.org
      - VIRTUAL_PROTO=http
    volumes:
      - $HOME/nextcloud:/var/www/html
    restart: always

Stop and remove any existing nextcloud containers you have if you have any running.

Run the following command to start your containers:

docker-compose up

You should now be able to log into your nextcloud server using HTTPS.

Debugging

Database DNS

When I first performed these steps, my nextcloud server would only show a blank page. It turned out that it could no longer find the database server and the DNS was no longer resolving correctly. I fixed this by editing the config.php file at $HOME/nextcloud/config/config.php, as root. I then found the line with dbhost and changed it's value to the IP of my database server, rather than its hostname.

SSL Certificate

The order at which you stick your certificate files together to form a single certificate file really matters! If you find that it is not working, then try regenerating your certificate file. When you view it, you should see your domain certificate above the CA certificate like so: