Setup Nextcloud 29 for private photo/video storage and sharing using Ubuntu and docker compose on Intel NUC minipc
Hardware
Intel(R) Client Systems NUC10i7FNK (6 core i7-10710U, 64GB, 4TB nvme) + Ubuntu 24.04 noble
Docker install
https://docs.docker.com/engine/install/ubuntu/
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove -y $pkg; done apt update apt install ca-certificates curl install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc chmod a+r /etc/apt/keyrings/docker.asc echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null apt update apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Prepare folders and scripts
mkdir -p /docker/nextcloud/var/www/html mkdir -p /docker/mariadb/var/lib/mysql mkdir -p /docker/etc/nginx/sites-enabled/ mkdir -p /docker/etc/ssl/private/ mkdir -p /docker/etc/ssl/certs/ vi nextcloud.yml vi ./nextcloud_update.sh chmod +x ./nextcloud_update.sh ./nextcloud_update.sh
nginx configuration
vi /docker/etc/nginx/nginx.conf
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 2048M;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1.3 ; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
vi /docker/etc/nginx/sites-enabled/nextcloud.conf
server {
listen 80;
server_name cloud.example.com;
return 301 https://$server_name$request_uri;
location / {
}
}
server {
#listen 443 quic;
listen 443 ssl;
http2 on;
server_name cloud.example.com;
ssl_certificate /docker/etc/ssl/private/key-and-certificates.pem;
ssl_certificate_key /docker/etc/ssl/private/key-and-certificates.pem;
client_max_body_size 16G;
client_body_timeout 600s;
add_header Strict-Transport-Security 'max-age=15552000; includeSubDomains';
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 1h;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate "/docker/etc/ssl/certs/my-certificate-authotities.ca";
resolver 1.1.1.1 8.8.4.4 valid=300s;
resolver_timeout 5s;
location ^~ /.well-known {
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
return 301 /index.php$request_uri;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
#add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400';
add_header X-protocol $server_protocol always;
include /etc/nginx/mime.types;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.0.1:8880;
}
}
vi /docker/etc/nginx/mime.types
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/x-javascript mjs;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
vi /docker/etc/ssl/private/key-and-certificates.pem
your key and certs
vi /docker/etc/ssl/certs/my-certificate-authotities.ca
your ca certs
Update scriptÂ
./nextcloud_update.sh
nextcloud_update.sh
#!/bin/bash docker compose -f nextcloud.yml ps docker compose -f nextcloud.yml down ; docker compose -f nextcloud.yml up -d --build --force-recreate; docker compose -f nextcloud.yml ps docker compose -f nextcloud.yml logs --follow
docker compose file
nextcloud.yml
docker-compose.yml
services:
web:
image: nginx
container_name: cloud-web
restart: always
ports:
- 80:80
- 443:443/tcp
- 443:443/udp
- 8080:8080
volumes:
- /docker/etc/nginx:/etc/nginx
- /docker/etc/ssl:/etc/ssl:ro
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
db:
image: mariadb:10.11.7
container_name: cloud-db
restart: always
command: --transaction-isolation=READ-COMMITTED --log-bin=mysqld-bin --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
volumes:
- /docker/mariadb/var/lib/mysql:/var/lib/mysql:rw
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- type: tmpfs
target: /tmp
environment:
- MYSQL_ROOT_PASSWORD=db_admin_pass
- MYSQL_PASSWORD=db_user_pass
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MARIADB_AUTO_UPGRADE=yes
- REDIS_HOST=redis
- REDIS_PORT=6379
redis:
image: redis:alpine
container_name: cloud-cache
restart: always
app:
image: nextcloud:29.0.1
container_name: cloud-server
hostname: cloud.example.com
restart: always
ports:
- 8880:80
links:
- db
- redis
volumes:
- /docker/nextcloud/var/www/html:/var/www/html:rw
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- type: tmpfs
target: /tmp:exec
devices:
- /dev/dri:/dev/dri
environment:
- MYSQL_PASSWORD=db_user_pass
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db
- OVERWRITEHOST=cloud.example.com
- OVERWRITEPROTOCOL=https
- NEXTCLOUD_ADMIN_USER=nc_admin_user
- NEXTCLOUD_ADMIN_PASSWORD=nc_admin_pass
- NEXTCLOUD_UPLOAD_LIMIT=20G
- PHP_UPLOAD_LIMIT=32G
- PHP_MEMORY_LIMIT=32G
- APACHE_BODY_LIMIT=0
example of running
root@server:~# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d02e9b147afa nextcloud:29.0.1 "/entrypoint.sh apac…" 8 minutes ago Up 8 minutes 0.0.0.0:8880->80/tcp, :::8880->80/tcp cloud-server c917babfd03f redis:alpine "docker-entrypoint.s…" 8 minutes ago Up 8 minutes 6379/tcp cloud-cache fdd3842ad78b mariadb:10.11.7 "docker-entrypoint.s…" 8 minutes ago Up 8 minutes 3306/tcp cloud-db 4c54e98fcbad nginx "/docker-entrypoint.…" 8 minutes ago Up 8 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp cloud-web
add plugins
- https://apps.nextcloud.com/apps/memories
- https://apps.nextcloud.com/apps/recognize or https://apps.nextcloud.com/apps/facerecognition
- https://apps.nextcloud.com/apps/previewgenerator
- https://apps.nextcloud.com/apps/workflow_media_converter
Tuning
that have to be done every container version update
To get in nextcloud container
docker exec -it cloud-server bash
Prepare mirrors list for apt
apt update apt install lsb-release
UA mirrors example
cat <<EOF >/etc/apt/sources.list deb http://debian.volia.net/debian $(lsb_release -sc) main contrib non-free deb-src http://debian.volia.net/debian $(lsb_release -sc) main contrib non-free deb http://mirror.mirohost.net/debian-security $(lsb_release -sc)-security main contrib non-free non-free-firmware deb-src http://mirror.mirohost.net/debian-security $(lsb_release -sc)-security main contrib non-free deb http://debian.netforce.hosting/debian $(lsb_release -sc)-updates main contrib non-free non-free-firmware deb-src http://debian.netforce.hosting/debian $(lsb_release -sc)-updates main contrib non-free EOF
use ffmpeg 6
cat <<EOF >>/etc/apt/sources.list deb http://debian.ids-services.de/debian-multimedia/ $(lsb_release -sc) main deb-src http://debian.ids-services.de/debian-multimedia/ $(lsb_release -sc) main EOF apt update -oAcquire::AllowInsecureRepositories=true apt install -y --allow-unauthenticated deb-multimedia-keyring
apt update apt install -y --allow-unauthenticated sudo vim git wget exiftool vainfo intel-media-va-driver-non-free ffmpeg # add HW media conversion support (for Intel graphics) groupadd -g 109 render usermod -a -G video www-data usermod -a -G render www-data
install some tools and compile ImageMagick
# Compile latest ImageMagick apt install -y build-essential autoconf libtool apt build-dep -y imagemagick libmagickcore-dev libde265 libheif cd /usr/src/ git clone https://github.com/strukturag/libde265.git git clone https://github.com/strukturag/libheif.git cd libde265/ ./autogen.sh ./configure make -j 6 make install cd /usr/src/libheif/ ./autogen.sh ./configure make -j 6 make install cd /usr/src/ #wget https://www.imagemagick.org/download/ImageMagick.tar.gz #wget https://imagemagick.org/download/ImageMagick.tar.gz #wget https://imagemagick.org/archive/ImageMagick.tar.gz wget https://download.imagemagick.org/archive/ImageMagick.tar.gz tar xf ImageMagick.tar.gz cd ImageMagick-7* ./configure --with-heic=yes make -j 6 make install ldconfig
Optional switch back from ffmpeg 6.0.1 to 5.1.4
apt-cache policy ffmpeg apt remove ffmpeg apt install ffmpeg=7:5.1.4-0+deb12u1
compile php-imagick
cd /usr/src/ wget http://pecl.php.net/get/imagick-3.7.0.tgz tar -xvzf imagick-3.7.0.tgz cd imagick-3.7.0/ phpize ./configure make -j 6 make install
set new limits and restart apache
echo "LimitRequestBody 0" > /etc/apache2/conf-enabled/apache-limits.conf sed -i '/memory_limit/d' /usr/local/etc/php/conf.d/nextcloud.ini sed -i '/upload_max_filesize/d' /usr/local/etc/php/conf.d/nextcloud.ini sed -i '/post_max_size/d' /usr/local/etc/php/conf.d/nextcloud.ini echo "memory_limit=48G" >>/usr/local/etc/php/conf.d/nextcloud.ini echo "upload_max_filesize=32G" >>/usr/local/etc/php/conf.d/nextcloud.ini echo "post_max_size=32G" >>/usr/local/etc/php/conf.d/nextcloud.ini service apache2 reload
add apps
cd /var/www/html sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install memories" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install recognize" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install previewgenerator" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install workflow_media_converter" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install imageconverter" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ recognize:download-models" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ memories:places-setup"
use facerecognition instead of recognize
recognize is more user-friendly, easy to install and allows manual sort of unrecognized faces, but in case for some reason need another face recognition tool there is also facerecognition available
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:remove recognize" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install facerecognition" docker-php-ext-configure bz2 docker-php-ext-install bz2 apt install -y libavdevice-dev libavfilter-dev libavformat-dev apt install -y libavcodec-dev libswresample-dev libswscale-dev apt install -y libavutil-dev cd /usr/src/ git clone https://github.com/davisking/dlib.git cd dlib/dlib mkdir build cd build cmake -DBUILD_SHARED_LIBS=ON .. make sudo make install cd /usr/src/ git clone https://github.com/goodspb/pdlib.git cd pdlib phpize ./configure --enable-debug # you may need to indicate the dlib install location # PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure --enable-debug make sudo make install echo "extension=pdlib.so" > /usr/local/etc/php/conf.d/docker-php-ext-pdlib.ini cd /var/www/html/ sudo -u www-data /bin/bash -c "./occ config:app:set facerecognition max_image_area --value 786432" sudo -u www-data /bin/bash -c "./occ config:app:set facerecognition min_image_size --value 128" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=32G ./occ face:setup -M 32G -m 1" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=32G ./occ face:setup -M 32G -m 4" sudo -u www-data /bin/bash -c "./occ face:background_job -t 900"
Cleanup build directory
cd /usr/src/ rm ImageMagick.tar.gz rm imagick-*.tgz rm -Rf ImageMagick-* rm -Rf imagick-*
Enable preview for HEIC
cd /var/www/html vi config/config.php
config/config.php
'enable_previews' => true, 'enabledPreviewProviders' => array ( 0 => 'OC\\Preview\\PNG', 1 => 'OC\\Preview\\JPEG', 2 => 'OC\\Preview\\GIF', 3 => 'OC\\Preview\\BMP', 4 => 'OC\\Preview\\HEIC', 5 => 'OC\\Preview\\MP3', 6 => 'OC\\Preview\\TXT', 7 => 'OC\\Preview\\Movie', ),
Crontab
on host system
*/5 * * * * /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=10G /usr/local/bin/php -f /var/www/html/cron.php"
Check installations
Check php-imagick
php -r 'phpinfo();' |grep ImageMagick
Check ImageMagick
convert -version
Check Intel graphics codec support
vainfo
Check ffmpeg
ffmpeg -codecs |grep -e 265 -e 264
Check logs
docker compose -f nextcloud.yml logs --follow
Nextcloud cli commands
see https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html
from host system (examples)
/usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ status" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ config:system:get version" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "NC_debug=true PHP_MEMORY_LIMIT=512M ./occ app:list" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:remove recognize" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install memories" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install previewgenerator" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install workflow_media_converter" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:update --all" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ db:add-missing-indices -vvv" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ maintenance:repair" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ maintenance:mode --on" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ maintenance:mode --off" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ trashbin:cleanup --all-users" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=32G ./occ files:scan --all --generate-metadata --no-interaction -vvv" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=32G ./occ preview:generate-all -vvv" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=32G ./occ memories:index" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=32G ./occ memories:index --force"
cli for recognize
/usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=32G ./occ recognize:cluster-faces" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=32G ./occ recognize:classify"
cli for facerecognition
/usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "./occ face:reset --all" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "./occ face:stats" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "./occ face:progress" /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "./occ face:background_job -t 900"
from inside the container (examples)
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=2G ./occ preview:generate-all -vvv" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=10G /usr/local/bin/php -f /var/www/html/occ memories:index" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=10G /usr/local/bin/php -f /var/www/html/occ recognize:cluster-faces" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=10G /usr/local/bin/php -f /var/www/html/occ recognize:classify" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=2G ./occ recognize:download-models" sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=32G ./occ memories:index --force"
clear files locks in Redis
/usr/bin/docker exec cloud-cache redis-cli flushall
Previous Nextcloud related articles
Batch convert using workflow_media_converter example
mariadb upgrade docker 10.6.8 10.10.2
nextcloud cli commands examples
video encoding HW acceleration for nextcloud in docker
