---
navigation: true
title: Nextcloud
main:
  fluid: false
---
:ellipsis{left=0px width=40rem top=10rem blur=140px}
# Nextcloud

::alert{type="info"}
🎯 __Goals:__ Install [Nextcloud](https://nextcloud.com/) to manage your photos and files across all your devices.
::

[Nextcloud](https://nextcloud.com/) is a self-hosted solution that allows you to access and synchronize your data across all your devices. It also includes collaboration features, calendar, and more. It’s a great alternative to services like Google Drive, iCloud, or OneDrive.

![Picture](/img/serveex/nextcloud.png)

## Installation
---
::alert{type="info"}
:::list{type="info"}
- We'll be using the Docker image maintained by [LinuxServer.io](https://docs.linuxserver.io/images/docker-nextcloud/)
:::
::

File structure:

```console
root
└── docker
    └── nextcloud
        ├── config
        ├── data
        ├── compose.yaml
        └── .env
```

Open Dockge, click on `compose`, name the stack `nextcloud` and paste the following:

```yaml
---
services:
  nextcloud:
    image: lscr.io/linuxserver/nextcloud:latest
    container_name: nextcloud
    environment:
      - PUID=${PUID}
      - PGID=${GUID}
      - TZ=Etc/UTC
    volumes:
      - /docker/nextcloud/config:/config
      - /docker/nextcloud/data:/data
    ports:
      - ${PORT}:443
    restart: unless-stopped
```

::alert{type="info"}
:::list{type="info"}
- If you’re using a NAS or network-shared drive via [Samba](/general/networking/samba), replace `/docker/nextcloud/data` with the path to your shared folder.
:::
::

Find your `PUID` and `GUID` by running the following command:

```shell
id username
```

Then fill out the `.env` file with your preferred port and the values found above, for example:

```properties
PUID=1000
GUID=1000
PORT=4545
```

Deploy the stack and visit `http://yourserverip:4545` to complete the setup.

::alert{type="danger"}
:::list{type="danger"}
- __If it fails:__ check your firewall rules.
:::
::

## Exposing Nextcloud with Swag
---
The goal of this setup is to access Nextcloud remotely from all your devices. We’ll use Swag to expose the app.

::alert{type="info"}
:::list{type="info"}
- We assume you have a subdomain `nextcloud.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/networking/dns). And unless you’re using [Cloudflare Zero Trust](/serveex/security/cloudflare), port `443` on your router must be forwarded to port `443` on your server using [NAT rules](/general/networking/nat).
:::
::

In Dockge, go to your SWAG stack and edit the compose to add Nextcloud's network:

```yaml
services:
  swag:
     container_name: # ...
      # ... 
     networks:               
      # ...           
      - nextcloud            
    
networks:                    
  # ...
  nextcloud:                 
    name: nextcloud_default  
    external: true           
```

::alert{type="info"}
:::list{type="info"}
- We assume the Nextcloud network is named `nextcloud_default`. You can confirm connectivity by visiting the SWAG dashboard at http://yourserverip:81.
:::
::

Redeploy the stack and wait for SWAG to become fully operational.

In Nextcloud’s files, edit the `config.php` file:

::alert{type="success"}
✨ __Tip:__ You can use [File Browser](/serveex/files/file-browser) to navigate and edit files instead of using terminal commands.
::

```shell
sudo vi /docker/nextcloud/config/www/nextcloud/config/config.php
```

Enter edit mode with `i` and paste the following before the final `);`:

```php
'trusted_proxies' => [gethostbyname('swag')],
'overwrite.cli.url' => 'https://nextcloud.example.com/',
'overwritehost' => 'nextcloud.example.com',
'overwriteprotocol' => 'https',
```

Also add your domain in the `array` section. It should look like this:

```php
array (
   0 => '192.168.0.1:444', # This line may differ—don’t change it!
   1 => 'nextcloud.yourdomain.com', # Add your domain here
),
```

Press `Esc`, then save and exit by typing `:x` and hitting Enter.

In Swag’s folders, create the file `nextcloud.subdomain.conf`:

```shell
sudo vi /docker/swag/config/nginx/proxy-confs/nextcloud.subdomain.conf
```

Enter edit mode with `i` and paste the following:

```nginx
## Version 2024/04/25
server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app nextcloud;
        set $upstream_port 443;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        # Hide proxy response headers from Nextcloud that conflict with ssl.conf
        proxy_hide_header Referrer-Policy;
        proxy_hide_header X-Content-Type-Options;
        proxy_hide_header X-Frame-Options;
        proxy_hide_header X-XSS-Protection;

        # Disable proxy buffering
        proxy_buffering off;
    }
}
```

Press `Esc`, save and exit with `:x` then Enter.

That’s it—you’ve exposed Nextcloud! Don’t forget to install [the desktop and mobile apps](https://nextcloud.com/install/).

::alert{type="success"}
✨ __Tip:__ You can natively protect this app with Authentik by [following these instructions](https://docs.goauthentik.io/integrations/services/nextcloud/).
::