Guide for installing Nextcloud on a Synology NAS using docker

I usually don’t use alot of words so I will try to keep this guide simple and focus on the steps neccessary to setup the nextcloud and mariadb instances.

For this to work you will need a Synology NAS (plus model) with the docker package installed. If you don’t have docker installed then search for it in the package manager.

Most guides I’ve seen ask the user to enable SSH and then use docker-compose or just plain docker commands to run whatever the guide is about, I’m not going to do that. Why you ask? Because I feel that most users are intimidated by a console interface. I’m going to stay within the DSM and set everything up via the DSM and docker gui.

Here we go!

Step 1: Create new user and group for docker in DSM

This is not needed but recommended. It’s possible to use any user and group but remember that if an attacker manages to escape the container sandbox they’ll have all the permissions that the choosen user/group have. Therefor I feel it’s better to setup a specific group for all docker users, and then set the restrictions on group and user level. I usually don’t allow any access to my shared folders for the docker group. If some containers need to share data I create a specific shared folder and give the group read and write access. I’ll breeze through this part since I assume everyone knows how to setup new groups and users via the DSM.

  1. Open the DSM Control Panel and go to “User”
    1. Create a new user called docker-nextcloud
    2. Go through the wizard and finish the setup
      • Restrict permissions
  2. Go to “Group” tab
    1. Create new group called docker-users
    2. Restrict group access to applications and shared folders
    3. Once finished select the group in the list and click on “Edit Member”
    4. Add the previously created user (docker-nextcloud) as a member.

UID and GID

Now we are going to get the GID and UID for the group and user. This would be much more simple if we were to use SSH but we can get around this by using the task scheduler and creating a user defined script.

  1. Navigate to the “Task Scheduler” tab in the Control Panel.
  2. Before doing anything else we need to make sure the output of our command is saved somewhere, do this by pressing the “Settings” button in the top menu and select a destination for the log file. Task scheduler, Settings alt text
  3. Create a new “User-defined script” via the “Scheduled Task” option in the “Create” menu. Task scheduler, Create new script alt text
  4. Give your new task a name, i.e. “Get GID and UID” and make sure you uncheck the “Enabled” checkmark. (The user has to be of an elevated status, root or your admin user.) Task scheduler, Create new task alt text
  5. Move on to the “Task Settings” tab an enter the following in the “User-defined script” textbox.
    1. id docker-nextcloud
      1. The id command fetches user information data for the provided username
      2. Screenshot Task scheduler, Create new task, settings alt text
  6. Once you press the OK button the task will be created and selectable in the “Task scheduler” list, select your new task and press the “Run” button in the top menu to execute the task. You will be asked to confirm, press Ok.
  7. Once the task has finished select it once more in the “Task scheduler” list followed by the “Action” menu button and the “View Result” button in the “Action” menu. A new window will appear showing the result from the command we ran. It should look something like the result below. Take a note of the uid and the gid for our user and group, in this case 1032 and 65540.
    1. uid=1032(docker-nextcloud) gid=100(users) groups=100(users),65540(docker-users)

Step 2: Create a shared folder for Nextcloud and its database

I’ll breeze through this part aswell since I assume everyone knows how to create a new shared folder.

  1. Open the DSM Control Panel and go to “Shared Folder”
  2. Create a new shared folder and give read and write access to the previously created group (docker-users), if you want you can also give the same permissions to our user (docker-nextcloud).
  3. Using File Station, create two folders in the newly created shared folder. One for nextcloud and the other for mariadb.
    1. Within the nextcloud folder create two new folders, one called data and another called config. These folders will be used later by docker.
    2. Within the mariadb folder, create one new folder called config.
  4. Make sure the folders are owned by the docker-users group, do that by right clicking the top folders and chosing “Properties” followed by changing the owner in the window that appears, make sure you select “Apply to this folder and sub-folders”.

Docker stuff

Step 3: Create a new network

Why do we need a new bridge network? The default bridge network does not have name based access active by default (dns resolution), all communication between containers has to be done directly, by IP. Since the provided IP can change depending on the order the containers boot, we need to prevent this by activing dns resolution and accessing our containers by name, this way the underlying IP can change but we will still be able to access our containers by their name.

  1. Go to the Network tab in the docker gui. Network list alt text
  2. Click Add and provide a name for the network, for example: nextcloud-network.
  3. Leave only “Enable IPv4” checked. Network information alt text
  4. Add the network to your list.

Step 4: Download docker images

I am a big fan of the linuxserver images, they provide high quality, up to date images with consistency and make sure most, if not all of their images allow you to set the gid and uid. You can use the official images but this guide only targets the linuxserver images, some environment variables may therefor differ if you choose to use any other image.

  1. Open up the Docker GUI
  2. Click on “Registry” on the left side panel.
  3. Search for nextcloud. Registry, nextcloud alt text
  4. Select the linuxserver/nextcloud image and click on the download button.
  5. Select the latest tag in the new windows followed by the button select. Registry, latest tag alt text
  6. Do the same for MariaDb, (image linuxserver/mariadb)
  7. Once downloaded the images will appear in the “Image” panel.

Step 5: Creating a container for MariaDb

Now we are ready to create a container for the database that nextcloud will use.

  1. Navigate to the “Image” panel and select your newly downloaded mariadb image in the list.
  2. Press the “Launch” button in the top menu.
  3. In the window that appears provide a name for your container Docker Image, create container mariadb alt text
    1. Optional: Check the “Enable resources limitation” checkmark and set it to whatever you feel is enough. I prefer to limit the resources my containers have access to.
  4. Click on the “Advanced Settings” button, NOW the fun part start =)
    1. Navigate to the “Volume” tab
    2. Click the “Add folder” button and find your shared-folder/mariadb/config folder. Once the folder has been added, provide the mount path of /config. Do the same for the shared-folder/mariadb/data folder, provide the mount path of /data Docker Image, create container mariadb, volumes alt text
    3. Move on to the “Network” tab in the top menu.
      1. Press the + button and select your new network, add it.
      2. Select the network called “bridge” in the list and click on the - (minus) button to remove it. Once done the only network should be the one we created earlier. Docker Image, create container mariadb, network alt text
    4. Next is the “Port setting” tab, change the “Local port” to whatever port you wish, or use the same one as the “Container port”. Docker Image, create container mariadb, ports alt text
    5. And finally, the “Environment” tab. Here we will have to change a couple values and also add some new ones. The function of adding new entries is the same as in the network tab, simply use the + (plus) button. Docker Image, create container mariadb, environment alt text
      1. Variable Value
        MYSQL_DIR /config
        DATADIR /data (changed)
        MYSQL_PASSWORD choose a password (added)
        MYSQL_USER nextcloud (added)
        MYSQL_DATABASE nextcloud_db (added)
        TZ Your time zone for example Europe/Stockholm (added)
        MYSQL_ROOT_PASSWORD choose a root password (added)
        PGID 65540 (your value differs) (added)
        PUID 1032 (your value differs) (added)
    6. Click apply to confirm your changes.
  5. Once the “Advanced settings” are done we are ready to start the container. Press the “Next button” followed by “Apply”.
  6. If everything went as planned a new entry should appear in the “Container” view. Click on “Container” in the left menu to see the list. Select your container and press the “Details” button. Check the log tab and make sure no errors are reported. The most common error I come accross is permissions related. In this case I accedentily switched the PGID and PUID, which gave me an error since docker couldn’t write to the folders in the shared folder.
    1. If everything is okey the following log-message should appear `mysqld_safe Starting mysqld daemon with databases from /data

Step 6: Creating a container for Nextcloud

The steps for creating a container for nextcloud are basically the same as in Step 5: Creating a container for MariaDb, instead of choosing the MariaDb image you choose the Nextcloud image. So I am going to jump over 1 through 3 and jump straight to 4 - “Advanced settings”.

  1. See Step 5.1:
  2. See Step 5.2:
  3. See Step 5.3: (Container name is nextcloud-web)
  4. A wild “Advanced settings” window appears.
    1. Just as before we navigate to the “Volume” tab first
    2. Click the “Add folder” button and find your shared-folder/nextcloud/config folder. Once the folder has been added, provide the mount path of /config. Do the same for the shared-folder/nextcloud/data folder, provide the mount path of /data Docker Image, create container nextcloud, volumes alt text
    3. Moving on to the “Network” tab and as before we add our own network (nextcloud-network) and remove the bridge network.
    4. Onto “Port settings”. Nextcloud requires two exposed ports, 443 and 80. Since theese usually are reserved we can’t use the same ports as our “Local Ports”, instead we will have to map them to something else, here I am using 30443 and 30080. Docker Image, create container nextcloud, ports alt text
    5. And lastly the “Environment” tab. All that needs to be done here is adding the PGID and PUID. Docker Image, create container nextcloud, environment alt text
      1. Variable Value
        PGID 65540 (your value differs) (added)
        PUID 1032 (your value differs) (added)
    6. Click apply to confirm changes
  5. Press the “Next” button followed by “Apply” to finish the wizard and start the container. It’s going to take a while to initialize Docker Image, create container nextcloud, final step alt text
  6. Find the newly created container in the “Container” panel and select it followed by pressing the “Details” button. Once the creation process has settled the following entry NOTICE: ready to handle connections should appear in the log.
  7. Now the containers are initialized and we can move on to finalizing the process.

Step 7: Finalizing the Nextcloud installation.

Nextcloud is up and running now but it’s not aware of the mariadb database server. To remedy this we need to navigate to our newly created nextcloud container.

  1. Navigate to https://YOUR-NAS-IP:30443
  2. Provide a username and password for the Admin account
  3. Click on “Storage & database” to expand the options.
  4. Select MySQL/MariaDB from the “Configure the database” option.
  5. During the MariaDB container creation process we set some values in the “Environment” tab, which initialized a new user and database for us. Nextcloud needs the database username and password, it also needs the name of the database.
    1. Variable Value
      MYSQL_PASSWORD choosen_password
      MYSQL_USER nextcloud
      MYSQL_DATABASE nextcloud_db
      MYSQL_ROOT_PASSWORD choosen_root_password
  6. Nextcloud assumes that the database is located on the same machine, therefor it provides the value of “localhost”, we need to change this to the name of our MariaDB container instance and its port, nextcloud-database:3306.
  7. Uncheck “Install recommended apps” if you don’t want them.
  8. Click on “Finish Setup” and wait, the process takes a minute. Nextcloud, final setup alt text
  9. Voila! You now have your own Nextcloud instance running. Nextcloud, final setup done! alt text