Using Podman To Deploy A Nextcloud Server
Introduction
I really want to de-Google. I don't like what Google is doing and I do not feel like helping them improve their revenue any longer. There are plenty of articles out there that detail how to stand up a Nextcloud server using docker but I don't want to use docker. Instead, I want to use podman because I like how containers can be run rootless, under an unprivileged user. Since I run Alma Linux, this article will be centered around it but should work for most distros. The primary difference between the Alma way and other distros will be how you open a port on the firewall. Alma, being a Red Hat-based distro, uses firewall-cmd.
Note that you will probably want to run Nextcloud behind a reverse proxy. This configuration is beyond the scope of this article.
Preparation
The first steps are to create a user for Nextcloud to run under and open the necessary firewall ports. In my case, I have Nextcloud running under a user called nextcloud and listening on port 8080 of my server. Some maintenance tasks you will have to do as root so make certain to give your nextcloud user the appropriate permissions to use sudo. Finally, we create a pod for the container stack to run under.
# useradd -c "Nextcloud" -m -G wheel nextcloud
# passwd nextcloudThe next step is to open the appropriate ports on the firewall.
# firewall-cmd --zone=public --add-port 8080/tcp --permanent
# firewall-cmnd --reloadNext and last we create the pod for the Nextcloud containers to run under. This is necessary so that the Nextcloud docker and MySQL docker images can communicate with each other. MySQL uses port 3306 and Nextcloud uses 8080. We have to tell podman to expressly allow these ports access.
# podman pod create --publish 3306:3306 --publish 8080:80 --name next-cloudDeploying And Staring The Containers
Now that we have the framework completed for running Nextcloud, it's time to deploy and start the containers. Make certain you are logged in as the nextcloud user and not simply sudo. We want to make certain that our Nextcloud data is persistent across the stopping and re-starting of the containers so we need to create some directories which will "map" to the inside of the container.
# mkdir apps config content data database nextcloud
Download and start the containers. If you notice the additional :Z after the directories, this is because Alma Linux has SELinux enabled. The container will not start properly without the addition :Z notation. If you do not have SELinux enabled or you are not running a distro using SELinux, you can omit the :Z.
# podman run -d --name mysql \
-e MYSQL_ROOT_PASSWORD=<root_password> \
-v ./database:/var/lib/mysql:Z \
--pod next-cloud mysql:latest
# podman run -d --name nextcloud \
-v ./nextcloud:/var/www/html:Z \
-v ./apps:/var/www/html/custom_apps:Z \
-v ./config:/var/www/html/config:Z \
-v ./data:/var/www/html/data:Z \
--pod next-cloud mysql:latestLet's make certain that the containers are running. You should see something similar to what is below. As long as we see the pod that we created and the two containers running, we can continue.
# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
01cf605a2f79 localhost/podman-pause:4.6.1-1714365972 15 hours ago Up 15 hours 0.0.0.0:3306->3306/tcp, 0.0.0.0:8080->80/tcp fcaf1994f30f-infra
3124800965ee docker.io/library/mysql:latest mysqld 15 hours ago Up 15 hours 0.0.0.0:3306->3306/tcp, 0.0.0.0:8080->80/tcp mysql
8f5c76c6fdf6 docker.io/library/nextcloud:latest apache2-foregroun... 15 hours ago Up 15 hours 0.0.0.0:3306->3306/tcp, 0.0.0.0:8080->80/tcp nextcloud
Making Nextcloud Start On Boot
Simply deploying and running the containers is not enough to make them persistent across reboots. Fortunately, podman makes this nice and easy to do. The first step is to enable linger which will keep the process running when the nextcloud user is not logged on. When you enable linger, you need to do this with root privileges using sudo.
# sudo loginctl enable-linger nextcloudNow it is time to generate the systemd files necessary for starting the containers on boot.
# mkdir -p .config/systemd/user
# cd .config/systemd/user
# podman generate systemd --new --files --name next-cloudAfter generating the systemd files, you should see three new service units which will look similar to the ones below.
# ls -ahl
-rw-r--r--. 1 nextcloud nextcloud 897 May 4 16:16 container-mysql.service
-rw-r--r--. 1 nextcloud nextcloud 982 May 4 16:16 container-nextcloud.service
-rw-r--r--. 1 nextcloud nextcloud 1063 May 4 16:16 pod-next-cloud.service
Once we have created the systemd unit files, it is a matter of enabling the pod-next-cloud.service file to run at startup time. The pod-next-cloud.service file automatically starts the two containers.
# systemctl --user daemon-reload
# systemctl --user enable pod-next-cloud.serviceFinally, reboot and verify that the pod and containers have been created and are running. You use command podman ps under the nextcloud user to see that the everything is running.
Installing Nextcloud
The next step is to run through the install wizard and Nextcloud makes this self-explanatory. Open your web browser and browse to the location of your Nextcloud install. In my case, I have Nextcloud running on its own dedicated virtual machine using the address http://192.168.122.190:8080. If you are running Nextcloud on the same machine that you are currently using, you would just use the localhost, i.e. http://127.0.0.1:8080. Upon browsing to this location, the setup wizard will automatically run.
Once the wizard has completed, you should be able to begin using Nextcloud. On my setup, I have a reverse proxy because I am self-hosting. If you will be using a reverse proxy, you have to make the following tweaks to the config.php file using sudo privileges. This file is located in /home/nextcloud/config/_data.
...
'trusted_domains' =>
[
'cloud.example.com',
],
'overwrite.cli.url' => 'https://cloud.example.com',
'overwriteprotocol' => 'https',
'forwarded_for_headers' => ['HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'],
array (
0 => '<your_ip_here:8080',
),
...One other tweak to make is your country code for phone number prefixes. Since I am in the US, I have set this to US. Use the appropriate 2 letter code for your country.
...
'default_phone_region' => 'US'
...Conclusion
You are now ready to have your own cloud services running. You will probably want a reverse proxy once you have tested things out and are ready to use it in production. Fortunately, Nextcloud has a document to help you do this with the proxy server of your choice. I use NGINX but you could use any one that you see in the list or one you don't. It's fun being able to de-Google through Nextcloud.