Docker Nextcloud Role 🚀
This repository contains an Ansible role for deploying and managing Nextcloud using Docker. It covers configuration modifications, updates, backups, database management, and more. Additionally, OIDC (OpenID Connect) is supported (for example, via Keycloak).
Modify Config 🔧
Enter the Container
docker-compose exec -it application /bin/sh
Modify the Configuration
Inside the container, install a text editor and edit the config:
apk add --no-cache nano && nano config/config.php
Update 🔄
To update the Nextcloud container, execute the following commands on the server:
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --on &&
export COMPOSE_HTTP_TIMEOUT=600 &&
export DOCKER_CLIENT_TIMEOUT=600 &&
docker-compose down
Afterwards, update the applications.nextcloud.version variable to the next version and run this repository with this Ansible role.
Note:
It is only possible to update from one to the next major version at a time.
Wait for the update to finish.
Verify the update by checking the logs:
docker-compose logs application
and
docker-compose exec -it application top
If Nextcloud remains in maintenance mode after the update, try the following:
docker exec -it -u www-data nextcloud-application/var/www/html/occ maintenance:mode --on
docker exec -it -u www-data nextcloud-application /var/www/html/occ upgrade
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --off
If the update process fails, execute:
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:repair --include-expensive
and disable any non-functioning apps.
Recover Latest Backup 💾
cd {{path_docker_compose_instances}}nextcloud &&
docker-compose down &&
docker-compose exec -i database mysql -u nextcloud -pPASSWORT nextcloud < "/Backups/$(sha256sum /etc/machine-id | head -c 64)/backup-docker-to-local/latest/nextcloud_database/sql/backup.sql" &&
cd {{path_administrator_scripts}}backup-docker-to-local &&
bash ./recover-docker-from-local.sh "nextcloud_data" "$(sha256sum /etc/machine-id | head -c 64)"
Database Management 🗄️
Database Access
To access the database, execute:
docker-compose exec -it database mysql -u nextcloud -D nextcloud -p
Recreate Database with New Volume
docker-compose run --detach --name database --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql
OCC (Nextcloud Command Line) 🔧
To use OCC, run:
docker-compose exec -it -u www-data application /var/www/html/occ
User Administration
List Users
docker compose exec -it -u www-data application php occ user:list
Sync Users
docker compose exec -it -u www-data application php occ user:sync
Create user via CLI
docker compose exec -it -u www-data application php occ user:add {{username}}
Make user admin via cli
docker compose exec -it -u www-data application php occ group:adduser admin {{username}}
Delete user via CLI
docker compose exec -it -u www-data application php occ user:delete {{username}}
App Administration
docker compose exec -u www-data application php occ config:list {{app_name}}
Initialize Duplicates
docker-compose exec -it -u www-data application /var/www/html/occ duplicates:find-all --output
Unlock Files
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on
docker-compose exec -it nextcloud_database_1 mysql -u nextcloud -pPASSWORD1234132 -D nextcloud -e "delete from oc_file_locks where 1"
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --off
Apps
App Relevant Tables 🗃️
oc_appconfigoc_migrations
Cospend
Relevant SQL Commands for Cospend
Debugguging Migrations:
https://github.com/julien-nc/cospend-nc/issues/325
-- Show all Cospend Tables
SHOW TABLES where Tables_in_nextcloud LIKE "%cospend%";
-- Show Cospend Configuration
SELECT * FROM `oc_appconfig` WHERE appid LIKE "%cospend%";
-- Show Cospend Database Migrations
SELECT * FROM `oc_migrations` WHERE app LIKE "%cospend%";
Identity and Access Management (IAM)
OpenID Connect (OIDC) Support 🔐
OIDC is supported in this role—for example, via Keycloak. OIDC-specific tasks are included when enabled, allowing integration of external authentication providers seamlessly.
Verify OIDC Configuration
docker compose exec -u www-data application /var/www/html/occ config:app:get sociallogin custom_providers
LDAP
More information: https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
Get all relevant entries except password
SELECT * FROM `oc_appconfig` WHERE appid LIKE "%ldap%" and configkey != "s01ldap_agent_password";
Update User with LDAP values
docker compose exec -it -u www-data application php occ ldap:check-user --update {{username}}
Federation
If users are just created via Keycloak and not via LDAP, they have a different username. Due to this reaso concider to use LDAP to guaranty that the username is valid.
Further Information ℹ️
- Nextcloud Docker Example with Nginx Proxy, MariaDB, and FPM
- Nextcloud Upgrade via Docker by Goneuland
- Nextcloud Data Version Issue
- Nextcloud Docker Issue #1302
- Update to Nextcloud 22 Failed Database Error
- Nextcloud 21.0.0-beta1 Database Error
- Reset Password for MariaDB/MySQL in Docker
- Ansible Docker Container and depends_on Issue
- Docker Convenience Scripts by gdiepen
- Issues After Upgrading to Nextcloud 21
- Nextcloud Talk Plugin and Turnserver in Docker
- Nextcloud Talk on Docker: Turn Server Issues
Author
Developed by: Kevin Veen-Birkenbach
Website: https://www.veen.world/
This README.md was created with the help of ChatGPT.
Enjoy and happy containerizing! 😄