Template for self hosted nextcloud instance using docker and crowdsec as a firewall. Use as a starting point and modify accordingly.
|-------------------------------- Docker network --------------------------------|
[ HOST ] 192.168.XXX.0/24
__________ ______________ ___________ _________
| | <--> :80/:443 <-> | nginx proxy | <---------------> | | <----> | mariaDb |
| docker | -------------- | nextcloud | ---------
<--:80/:443--> | + | <---> :3921 <---> | coTurn | | | <----> | redis |
| crowdsec | -------------- ----------- ---------
| bouncer | <---> :8080 <---> | crowdSec | <--[ nginx logs ]
| | --------------
|__________| <---> :3000 <---> | crowdSecDash |
--------------
| certbot | -->[ nginx certs ]
--------------
Breif overview:
Reverse proxy and https handling.
Generates the ssl certs for https connection.
Cloud server.
Main database used by the nextcloud container.
Memory cache for database.
TURN server for nextcloud video calls.
crowdSed security engine. Communitcates via port 8080 to the firewall bouncer on the local host.
Simple dashboard for metrics from the security engine.
- install docker
optional:- install pv (used by backup script)
- set timezone sudo timedatectl set-timezone Europe/Stockholm
- set locale sudo dpkg-reconfigure
- docker compose down
- total clean:
- docker volume prune -a
- docker system prune -a
- clean instance ./cleanInstanse.sh (removes nexcloud folder + certbot)
- configure .env, set passwords for db and correct ip's
- docker compose up --build -d
- access locally and set admin user