Nextcloud is a self-hosted content collaboration platform. This config includes automated and encrypted backups of the database and all data to S3 cloud storage (or compatible S3 API endpoint.)
First, you need to create the S3 bucket that will be used for backups, and you can optionally create an S3 bucket that will be used for Primary Storage (see the Enable Object Storage section). You can use the included minio service for testing purposes, or choose your own S3 vendor for production.
Run make config to run the configuration wizard, or copy .env-dist to
.env_${DOCKER_CONTEXT}_default, and edit variables accordingly.
NEXTCLOUD_TRAEFIK_HOSTthe external domain name to forward from traefik.NEXTCLOUD_DATABASE_PASSWORDyou must choose a secure password for the database.
By default, Primary Storage is stored in the nextcloud_data docker volume.
Optionally, you can store this data externally in an S3 Bucket instead.
NEXTCLOUD_PRIMARY_STORAGEeither "Docker Volume" or "S3 Bucket"NEXTCLOUD_OBJECTSTORE_S3_HOSTthe S3 endpoint domain name for Primary Storage (this is ignored if NEXTCLOUD_PRIMARY_STORAGE=Docker Volume)NEXTCLOUD_OBJECTSTORE_S3_BUCKETthe name of the S3 bucket for Primare Storage (this is ignored if NEXTCLOUD_PRIMARY_STORAGE=Docker Volume)NEXTCLOUD_OBJECTSTORE_S3_KEYthe S3 access key ID for Primary Storage (this is ignored if NEXTCLOUD_PRIMARY_STORAGE=Docker Volume)NEXTCLOUD_OBJECTSTORE_S3_SECRET= the S3 secret key for Primary Storage (this is ignored if NEXTCLOUD_PRIMARY_STORAGE=Docker Volume)NEXTCLOUD_BACKUP_S3_HOSTthe S3 endpoint domain name for backups of database and dataNEXTCLOUD_BACKUP_S3_BUCKETthe name of the S3 bucket for backups of database and dataNEXTCLOUD_BACKUP_S3_KEYthe S3 access key ID for backups of database and dataNEXTCLOUD_BACKUP_S3_SECRETthe S3 secret key for backups of database and data
See AUTH.md for information on adding external authentication on top of your app.
To start Nextcloud, go into the nextcloud directory and run make install.
Immediately visit the configured domain name in your web browser (run make open) and create the administrator accout. It is recommended to uncheck the
checkbox called Install recommended apps. It's a heavy install with this
option, and you can install additional apps later anyway.
Finish the installation, and you'll end up on the dashboard screen.
Nextcloud stores data in two places (possibly three if you turn on Object Storage):
- The PostgreSQL database is stored in the
nextcloud_postgresDocker volume. This config creates thepostgres_backupcontainer to automatically backup the PostgreSQL database (nightly) to S3. - The application data is stored in the
nextcloud_dataDocker volume (mounted as/var/www/htmlin thenextcloud_appcontainer). This config creates thedata_backupcontainer which creates a backup (nightly) to S3. - The
Primary Storagefor user created files (and uploads) is in/var/www/html/data, which by default is already included in thedata_backupof/var/www/html. However, if you choose to enable Object Storage, user files will be stored externally in S3 and will not be backed up by this configuration anymore.
Be sure to save a copy your .env_${DOCKER_CONTEXT}_default file someplace safe, including the S3
bucket name, endpoint, credentials, and encryption passphrase. You will need all
this information if you need to restore from backup!
The cron jobs will automatically run backups on schedule (@daily by default,
which is at midnight.) You can make a backup anytime (immediately) by running
these Makefile targets:
make backup_db
make backup_data
Look inside the S3 bucket and you'll find a directory tree that looks like this:
- nextcloud.example.com/
- data/
- (contents is an encrypted restic repository of /var/www/html backup)
- postgres/
- (contents is encrypted postgresql dump files)
- data/
(With this structure you can re-use this bucket for backups of other hostnames too.)
To completely restore Nextcloud from backup, you will need to first restore your
backup copy of the .env_${DOCKER_CONTEXT}_default file, including your configured S3 bucket name,
endpoint, credentials, and encryption passphrase.
Bring up nextcloud as normal:
make install
Do not create the admin account and do not finish with the installer.
Restore the PostgreSQL database:
make restore_db
Restore the application config and data, into maintenance mode:
make restore_data
When both are restored successfully, disable maintenance mode :
make disable_maintenance
Now open the app in your web browser (make open) and login, everything should
be restored.
By default, all data is stored in the nextcloud_data Docker volume, mounted as
/var/www/html/data. Object Storage allows for the Primary Storage (user files)
to be stored externally in an S3 bucket. This is optional, and Primary Storage
is set to be saved in a Docker volume in the default .env-dist.
See the Nextcloud documentation about the implications of using S3 for Primary Storage.
If you use Object Storage, the Primary Storage S3 bucket (user files) is NOT
included in the backup scripts!
Nextcloud does not encrypt files in object storage! (the backups are though)
To enable Object Storage do the following:
- Create a new S3 bucket (not the same one you used for backups)
- Run
make configand select "S3 Bucket" for "Primary Storage" (or manually change theNEXTCLOUD_PRIMARY_STORAGEvariable toS3 Bucketin your.env_${DOCKER_CONTEXT}_defaultand set the values for your Object Storage S3 bucket, endpoint, and credentials).