Sunday, September 15, 2019

NextCloud Experience

Goals

Primary goal, since I have a windows machine, is to install nextcloud so that the data directory is exposed in a windows directory.

I have a regular backup for the windows directory that takes care of failure situations.
It is not perfect, but I wish to avoid an in-vm or in-docker-volume data directory that keeps growing and rather have a share on which it is visible.
I suppose if I was ALL linux or ALL mac etc this may be less tricky.

Primary troubles:

1. Docker on windows: 
  • The amount of control on volume bind mounts from inside docker is limited.
  • Nextcloud is very particular about the data directory, it wants specifically 0770 permission owned by www-data.
Between these two I did not find a way to setup the data directory in a windows drive.

2. SQLite and windows shared folders: 
I like sqlite, for home use it is enough, I have been using it in owncloud for a few years without issues.
SQLite driver or whatever, seems to have a problem running in linux but accessing a windows mount.
For example, if you setup a linux in virtualbox, setup nextcloud, and if you share a windows folder and place the data directory, sqlite calls will fail.
So, either drop sqlite or place sqlite inside native volumes.

Solution

  • Virtualbox shared folder ownership:
    • Windows and docker cannot manage permissions volume bind so nextcloud fails.
    • Solution:
      • Run ubuntu in a virtualbox and override the uid,gid of Virtualbox shared folder using a simple fstab declaration.
      • Ubuntu has technically abstracted the drive as a linux drive with appropriate permissions.
  • Run Docker compose in ubuntu and bind mount the shared folder
  • Run postgres to avoid the sqlite pitfall. I really don't care about the db side since data is what I am worried about.

Tricky item:

When you first login to nextcloud it configures it as well. This also adds trusted host as to the ip you are coming in from.
If you launch browser from your *windows* host, then it is logged as trusted host.
This is good because otherwise it is fairly painful to edit the config inside nextcloud to add another trusted host as there is no admin UI for this.

 Now you can place nextcloud behind nginx or other proxy before exposing it to internet - one more abstraction layer.

Outcome:

  • Windows host can now see the files users in my home are placing into the data drive and this is backed up regularly.
  • I can also share readonly shares of large libraries of music and videos across all the users.
Overall diagram:



The geeky bits:

1. Docker compose file. I cobbled this from the examples. Obviously password and host etc are to be configured to good security.

version: '2'

volumes:
    nc_root:
    nc_config:
    postgres_db:


services:
  db:
    image: postgres:alpine
    restart: always
    expose:
        - "5432"
    volumes:
        - postgres_db:/var/lib/postgresql/data
    env_file:
        - db.env
    networks:
        - mynetwork

  app:
    image: nextcloud
    networks:
        mynetwork:
            aliases:
            - nccloud.local.lan
    container_name: nccloud
    ports:
        - 8123:80
    volumes:
        - nc_root:/var/www/html
        - nc_config:/var/www/html/config
        - /media/sf_docker_nc_data:/var/www/html/data
    restart: always
    environment:
        - POSTGRES_HOST=db
        - POSTGRES_USER=postgres
        - POSTGRES_PASSWORD=password
        - POSTGRES_PORT=5432
        - POSTGRES_DB=nextcloud

    env_file:
        - db.env
    depends_on:
        - db
networks:
    mynetwork:
        driver: bridge

2. /etc/fstab entry to mount the shared folder with appropriate uid and gid. uid 33 and gid 33 are for www-data (which also happens to be provisioned by default in ubuntu with the same uid/gid combo).

docker_nc_data /media/sf_docker_nc_data  vboxsf uid=33,gid=33,umask=077 0 0


3. Added this to start and stop the service

# /etc/systemd/system/nextcloud-docker-compose.service

[Unit]
Description=Docker Compose Start of NextCloud
Requires=docker.service
After=docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/home/nextcloud/DockerNC
ExecStart=/usr/local/bin/docker-compose up -d
ExecStop=/usr/local/bin/docker-compose down
TimeoutStartSec=0

[Install]
WantedBy=multi-user.target

Enable this with: systemctl enable nextcloud-docker-compose

 4. Some reference commands that make life easy:

 
#follow logs when docker compose starts - good to see what is going on
sudo docker-compose logs --follow
# good for clean up and leave no trace.
sudo docker volume prune
#good for snooping around in the vm
sudo docker exec -it  nccloud bash

The end.
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)