Add SSL To Nextcloud
In this tutorial, we are going to use an Nginx reverse proxy to handle HTTPS requests and redirect to the nextcloud container we deployed with docker. We are also going to use docker-compose to manage the multiple containers (one for Nextcloud, and one for the reverse proxy). If you are already using a reverse proxy, you can skip this tutorial and just give it your SSL certificates and have it forward plain HTTP requests to your nextcloud server.
Steps
Generate your SSL certificates or generate some self-signed certificates. If you have two certifacate files, one for your CA, and one for your site, then you will have to combine them like so:
cat my-site.crt > ssl.crt
echo "" >> ssl.crt
cat ca.crt >> ssl.crt
Copy the certificates over to your server in a folder within $HOME/certs
.
You can change the path if you wish, but you will have to change it accordingly in the future steps.
Make sure to name your files after your domain. E.g. my domain is nextcloud.programster.org so my files are:
nextcloud.programster.org.crt
nextcloud.programster.org.key
Create an nginx-overrides.conf file to tell Nginx we want to support large file uploads for our Nextcloud server:
echo client_max_body_size 1000000m; > $HOME/nginx-overrides.conf
Create a docker-compose.yml
file like so, making sure to replace nextcloud.programster.org
with whatever your nextcloud server's name is.
version: '2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
ports:
- "443:443"
environment:
- MAX_UPLOAD_SIZE=200000000M
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- $HOME/certs:/etc/nginx/certs
- $HOME/nginx-overrides.conf:/etc/nginx/conf.d/nginx-overrides.conf:ro
restart: always
nextcloud.programster.org:
depends_on:
- nginx-proxy
image: nextcloud:12
ports:
- "80:80"
environment:
- VIRTUAL_HOST=nextcloud.programster.org
- VIRTUAL_PROTO=http
volumes:
- $HOME/nextcloud:/var/www/html
restart: always
Stop and remove any existing nextcloud containers you have if you have any running.
Run the following command to start your containers:
docker-compose up
You should now be able to log into your nextcloud server using HTTPS.
Debugging
Database DNS
When I first performed these steps, my nextcloud server would only show a blank page. It turned out that it could no longer find the database server and the DNS was no longer resolving correctly.
I fixed this by editing the config.php file at $HOME/nextcloud/config/config.php
, as root. I then found the line with dbhost
and changed it's value to the IP of my database server, rather than its hostname.
SSL Certificate
The order at which you stick your certificate files together to form a single certificate file really matters! If you find that it is not working, then try regenerating your certificate file. When you view it, you should see your domain certificate above the CA certificate like so:
First published: 16th August 2018