TL,DR: beginner tries to set up NextCloud via docker components without having a domain. Trying to access via IP doesn’t work. Probably made a few mistakes/missed some important stuff along the way

Hi everyone,

I am completely new to self hosting. Like many others I want to move away from Google, Apple, Microsoft… for my Calendar, Tasks and Contacts, and I thought I would try self hosting all that in NextCloud. I have already tried a 3rd-party hosted NextCloud instance and I feel comfortable with it, so now I want to do the next step and host it myself on a RaspBerry Pi 4 (4GB) that I recently purchased.

I have read around and searched for tutorials, and although I am still a bit lost I decided I would start working on it and see what problems I find along the way, and learn from this. Once I’m done I hope to have learned properly, and I plan to wipe everything and do it again, this time knowing better what I’m doing.

So, to begin with I decided to do it using Docker Compose, as I’ve read it makes setup and troubleshooting easier. I found 2 tutorials that looked good to me: tutorial 1 and tutorial 2, but going through them I see the most frequent case they require that I have my own domain (tutorial 1 has only that option, tutorial 2 offers that option or using an IP address). Do I need to have my own domain to have NextCloud calendar, tasks and contacts shared between my computer and my smartphone? If both options are possible, is one of them more secure than the other? is there some strong reason to avoid one of them?

Since I don’t have a domain (I’m completely new to this), I opted to try tutorial 2 with IP address, but I got stuck in the end, where I am supposed to access my NextCloud Web Interface. Tutorial 2 suggests getting my Raspberry Pi IP address with hostname -I (step 17), but this way I get five different IP addresses (4 IPv4 and one IPv6), not just one. When I try any of those IPs on a browser (step 18) none of them work. I guess I am missing something basic here, so I’d be grateful if someone can point me in the right direction.

Searching for an answer I found a comment on reddit saying that I can skip getting a domain and host locally (no domain) and set up a VPN.

Would it be necessary in my case to get a domain? If I skip the domain, what steps am I missing to be able to access my current NextCloud docker installation? What mistakes have I made so far, and what resources can I use to learn about what I’m missing? Do you have any other tips for an absolute beginner (who is comfortable around the linux command line)?

  • Lem453@lemmy.ca
    link
    fedilink
    English
    arrow-up
    10
    ·
    9 months ago

    The domain makes proper security certificates for HTTPS much more usable and easy to manage.

    The reason you are finding it hard to use IP only is because yiu have to disable certain security features ti make it work.

    You can get a domain for $1 per year. I would highly suggest getting a domain and setting up a proper reverse proxy which will allow to to easily setup any service you want after that.

    Nextcloud is also one of the harder things to setup.

    You could start with something easier like a simple dokuwiki site as a test to get the reverse proxy and domain name part working.

    There is a reason why this is the “correct” way to do this. It will make all future projects much easier.

    • nshibj@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      Thank you for your answer. I will look into getting a domain, but I want to try to fight with this a bit more, mainly as a learning experience. I will also look for easier projects for a beginner, like the dokuwiki you recommended.

      • Scrubbles@poptalk.scrubbles.tech
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        9 months ago

        Don’t freak out about a domain, we were all there and tried to get our stuff to work without them. Learn from us, young Padawan. Learn from our mistakes.

        I use namecheap and they have been reliable, easy to use, and well, cheap :D

        • terminhell@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          9 months ago

          I set mine up with a no-ip dyndns for free. Lots of options here op. But in the long run having any domain is going to smooth out the process. Also don’t skip over LetsEncrypt cert.

  • kevincox@lemmy.ml
    link
    fedilink
    English
    arrow-up
    5
    ·
    9 months ago

    You don’t need a domain. However it is probably a good idea.

    1. You can’t get a globally trusted SSL certificate for an IP address. So you will need to use a self-signed certificate and manage trusting it on every device.
    2. If you don’t have a stable IP you will need to update bookmarks whenever it changes and memorizing it may be a chore.

    If you don’t want to purchase your own domain you can likely use a free subdomain, this will often come from a dynamic DNS provider.

    However if you can I would strongly recommend getting your own domain sooner rather than later. If only because it means that you can own your email address which is basically the keys to all third-party services you use these days. Domains are pretty cheap, probably <$20/year for a generic like .com or the TLD of your country. Personally I would happy skip out on eating out once a year to have my domain.

    • nshibj@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      Thank you for your reply. I think I will look into getting a domain, however I still want to try this, to use it as a learning experience. Try to make it work like this, then keep learning and probably switch to a domain, which seems to be the common thing.

  • ryper@lemmy.ca
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    9 months ago

    This doesn’t help with your current issue, but you should use Nextcloud All-In-One instead of setting up individual containers like in the tutorials you linked. It will create and manage all the containers that are needed.

    Domains are pretty cheap, so you may want to consider whether not using one is really worth the effort.

    • nshibj@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      Thanks, the tip for Nextcloud All-In-One is actually a very good one. I want to try to make my current setup work, as I said mainly as a learning experience. But I will definitely consider that option once I’m done with this experiment. I guess I will also get a domain.

  • socphoenix@midwest.social
    link
    fedilink
    English
    arrow-up
    4
    ·
    9 months ago

    At a glance your first issue is finding the correct ip address, you should only have one local ip address to access it with (inside your home network).

    To find your local ip, type “ip a” into the terminal, and look for the address under “eth0“ for a wired connection, or “wlan0” for wireless. This will allow you to connect using the ip and port while on your home network to test the connection and make sure it works right.

    After that, I highly recommend the vpn option, it will simplify connecting to it while not at home without creating security issues like setting it up with a domain. I personally use zerotier, that guide will help you get it set up on the raspberry pi. Not the last bit about a “managed ip.” That will be the address to tell your phone to connect too once you have the vpn set up on the phone as well.

    • nshibj@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      9 months ago

      Thank you, the ip a command helped me get the IP clear, however I am still not sure about the port. I tried with :80, :8080 and :443 (because 80 and 443 are the ones mentioned in the compose.yaml file, and I saw online that 8080 is also a common one?) but none of them worked :(.

      I think I will try zerotier, but first I need to be able to access NextCloud from my home network via the IP, which I’m currently unable to do. The tutorial I followed says

      The other option is to use a self-signed certificate. This certificate is signed by your own server and won’t be verifiable by any web browser unless you manually install the certificate.

      However, it doesn’t explain where that certificate will be stored nor how I can manually install it in the browser I want to use to access NextCloud. Could that help with my issue?

      • socphoenix@midwest.social
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        9 months ago

        You would be given a safety risk warning page by your browser if you did the self signed certificate that you’d need to tell it to connect anyway, so that likely isn’t the issue. Looking at ports, how are you trying to connect to the server? If you did not assign a certificate at all, you would want to use port 80, port 443 if you did install a certificate.

        For instance, my Nextcloud is on ip 192.168.50.30 With that in mind I would be using:

        No certificate: http://192.168.50.30:80 Certificate: https://192.168.50.30:443

        Does this look like what you are typing in?

        As two additional questions, what is the output of “docker container ls” typed into the terminal? And what operating system did you install on the pi, was it raspbian?

        • nshibj@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          9 months ago

          Thanks for your answer. I am indeed getting no warning on my browser, just “Unable to connect” on LibreWolf and “This site can’t be reached” on Chromium. I tried the same format (https://192.168.50.30:80) with ports 80, 8080 and 443. The only difference is it was always https:// (since I think my browsers are configured to force https everywhere).

          The out put of docker container ls looks like this:

          CONTAINER ID   IMAGE              COMMAND                  CREATED        STATUS                                  PORTS     NAMES
          95a71b3ce4f6   nextcloud:apache   "/entrypoint.sh apac…"   24 hours ago   Restarting (1) 30 seconds ago                     nextcloud-app-1
          590b07333fa1   nextcloud:apache   "/cron.sh"               24 hours ago   Restarting (1) Less than a second ago             nextcloud-cron-1
          337fd48a72e8   nextcloud-proxy    "/app/docker-entrypo…"   24 hours ago   Restarting (1) 17 seconds ago                     nextcloud-proxy-1
          401d57a50ec8   mariadb:10.6       "docker-entrypoint.s…"   24 hours ago   Restarting (1) 57 seconds ago                     nextcloud-db-1
          c6093edc9f71   redis:alpine       "docker-entrypoint.s…"   24 hours ago   Restarting (1) 9 seconds ago                      nextcloud-redis-1
          

          I notice that the “PORTS” column is empty. I am running Raspbian GNU/Linux 11 (bullseye) on my Raspberry Pi, yes.

          • socphoenix@midwest.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            9 months ago

            If you are on the raspberry pi with a physical screen/keyboard and mouse you can also try accessing with the ip address “localhost:80” and see if there’s a connection that way as well.

          • socphoenix@midwest.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            9 months ago

            We can get the port list another way. From the terminal on the raspberry pi run the command “nmap localhost”. Let us know what that shows, but I would expect to see either 80, 443, or both.

            As a side note, if you did not give the nextcloud container a certificate when you made it, you cannot use https:// on the browser, as it has no way to talk using that security mechanism. It is only capable in that case of using http:// and port 80. You will need to disable forced https to access the site (this is fine on the local network if every device is trusted, and only encrypted vpn service in like zerotier is used imo). This might be your problem here, especially if you are seeing both ports listed as open on the pi.

            • nshibj@lemmy.worldOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              9 months ago

              Thank you for this new tip, I think we found the problem: ports 80 and 443 are not open. After I installed nmap (which was surprisingly not present in my Raspbian installation), the output of nmap localhost reads:

              Not shown: 997 closed ports
              PORT    STATE SERVICE
              22/tcp  open  ssh
              53/tcp  open  domain
              631/tcp open  ipp
              

              I guess I did something wrong when following the tutorial (or the tutorial had some mistake, but I’d me more inclined to think the mistake was mine). I will try to clear this installation on docker and start all over again, then I will check nmap localhost again to see if it works fine then.

              Thank you very much for your support. I still feel quite lost, but I finally found out why this is not working and I can repeat the steps and pay special attention… or look for a different method (someone here suggested using Nextcloud All-In-One).

              • socphoenix@midwest.social
                link
                fedilink
                English
                arrow-up
                1
                ·
                9 months ago

                Glad we got to the root issue! As others have said this is a learning process and you picked one of the more complicated ones to start with. Once this is done e everything else will start to feel much easier!

  • CocoCyclone
    link
    fedilink
    English
    arrow-up
    3
    ·
    9 months ago

    If you don’t want to get a domain name perhaps you can go with Duck DNS then use Caddy for the reverse proxy to your NextCloud instance. Download the DuckDNS plugin for Caddy and set up DNS Challenge to have Caddy fetch a Let’s Encrypt cert for you and update it when needed.

    You also have the option to point your DuckDNS domain name to a private IP address on your LAN if you need to.

    The only bad part is that you have to type a long URL but you will also get a valid cert with a free domain.

  • Nate
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    If you don’t want to buy a domain you can try a reverse DNS lookup, your ISP may already give you one. Mine was C-XX-XX-XX-XX.hsd1.pa.comcast.net and I could get a let’s encrypt certificate with that. I did end up buying a domain but it was good for personal use

  • ordellrb@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    Can you reach the dockercontainer? i have used docker only once (without any Proxy settings )but i had to specify which ports from inside go to which on the outside, something like: “docker run --name docker-nginx -p 80:80 nginx” https://www.digitalocean.com/community/tutorials/how-to-run-nginx-in-a-docker-container-on-ubuntu-22-04

    You don’t need a Own Domain, you can use a dynamic-dns-service to reach your server from everywhere, even if your ISP changes your ip. I use dedyn.io. (its free) here is a turtorial: https://desec.readthedocs.io/en/latest/dyndns/configure.html

    • nshibj@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      Thanks for your reply. I am not sure about this. Following the tutorial I created a compose.yaml file that had proxy settings:

        proxy:
          ports:
            - 80:80
            - 443:443
      

      so I would assume that already takes care of the ports?

      I will have a look at dedyn.io and the tutorial you shared once I manage to reach NextCloud locally via the IP address. Thanks

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    9 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DNS Domain Name Service/System
    HTTP Hypertext Transfer Protocol, the Web
    HTTPS HTTP over SSL
    IP Internet Protocol
    SSL Secure Sockets Layer, for transparent encryption
    nginx Popular HTTP server

    5 acronyms in this thread; the most compressed thread commented on today has 4 acronyms.

    [Thread #597 for this sub, first seen 12th Mar 2024, 16:15] [FAQ] [Full list] [Contact] [Source code]