Take Control of Your Data- Self-Hosting NextCloud with MariaDB, Redis, with Let's Encrypt SSL and Securely Access via TailScale VPN

[! Table of Contents]

1. Introduction
   
   1.1. Preface
   
   1.2. Architecture

2. Initial Setup
   
   2.1. Get a Domain Name
   
   2.2. Tailscale VPN Setup
   
   2.3. Installing Docker
   
   2.4. Pointing DNS to the Server's Private IP Address

3. NextCloud Deployment
   
   3.1. SSL Request with Let's Encrypt
   
   3.2. Using a.env File to Manage Configuration Variables
   
   3.3. NextCloud Configuration inconfig.php
   
   3.4. Creating the Apache Configuration File
   
   3.5. Setting Request Limits in Apache
   
   3.6. Script to Enable SSL and Headers Module in NextCloud Container

4. Docker Compose
   
   4.1. Creating a Docker Compose File
   
   4.2. Running Docker Services

5. Accessing NextCloud on a Private IP
   
   5.1. Accessing via Private IP
   
   5.2. Resolving Untrusted Domain Error

1 Introduction :

1.1 Preface

In today's digital age, data is the new currency. But with popular collaboration tools like Slack and Microsoft Teams, there's a growing concern about data privacy and security. These platforms may collect user data, potentially using it to train AI models or fix bugs, leaving organizations vulnerable.

That's why self-hosting has become an attractive option for businesses seeking control over their data. In this article, we'll guide you through setting up NextCloud, a powerful collaboration platform, using MariaDB as our database and Redis for caching. We'll also use Let's Encrypt SSL certificates using Certbot and accessing it securely via TailScale VPN.

The Best Part?

• Flexibility: This setup will run entirely in Docker containers, making it easy to deploy on any platform with Docker installed.

• Security: We'll use TailScale to establish secure, encrypted connections from client devices, ensuring NextCloud is only accessible via private IP.

1.2 Architecture :

This self-hosted NextCloud setup is designed with security, privacy, and performance in mind. The architecture ensures that services remains private and secure ( Considering you have enabled RBAC , followed Zero Trust Principles and best practices for shared security model if you have Virtual Machine/Server in public cloud . )

The NextCloud server is accessible only through Tailscale VPN, which establishes secure, encrypted communication between employee devices and the server. Access control (ACLs) is strictly enforced, allowing only approved employees (e.g., Employee 1 and Employee 2) to connect, while denying access to others (e.g., Employee 3..even if he connected to VPN and external users trying to connect to nextcloud without VPN).

The NextCloud service itself is containerized and runs within a Docker container. The key services include:

• Let's Encrypt: Ensuring secure communication between clients and the server using Let's Encrypt SSL/TLS certificates.

• NextCloud: The core collaboration platform, running alongside Apache2 as the web server (Apache2 running in same nextcloud container. If you are usingnextcloud:fpm docker image you may need to setupapache ortraefik container. In this article have usednextcloud:apache-stable docker image).

• Redis: Handling caching duties to improve performance.

• MariaDB: Serving as the primary database for storing sensitive data.

This containerized approach offers modularity, ease of management, and scalability, all while maintaining a high level of security and performance.

2 Initial Setup :

2.1 Get a Domain name:

[!NOTE]
If you already have a domain name, you can skip this step.

For those who need to purchase a domain, there are several providers to choose from, including:

• Namecheap
• GoDaddy
• Hostinger
• Google Domains

Please note, I am not promoting any specific platform, and these links are not affiliate links. You are free to select any domain provider that suits your needs.

2.2 Tailscale :

Tailscale is a modern VPN service that simplifies connecting devices and applications over a secure network. It leverages the WireGuard protocol to create a peer-to-peer mesh network, known as TailNet, which allows devices within the same private network to communicate directly. This is different from traditional VPNs, which route all traffic through a central gateway.

Tailscale can be used for various purposes, including:

• SSH Access: Securely connect to remote machines.
• File Access and Sharing: Access and share files across devices.
• Private Website Access: Reach privately hosted websites.
• Database and Kubernetes Clusters: Connect to databases and Kubernetes clusters securely.

2.2.1 Key Differences from Traditional VPNs

Traditional VPNs create a central tunnel for all network traffic, routing it through a single gateway. In contrast, Tailscale establishes a peer-to-peer or point-to-point mesh network, which they refer to as TailNet, enabling direct communication between devices.

2.2.2 Setting Up Tailscale

2.2.3 Sign Up and Access the Admin Dashboard

1. Sign Up: Create an account at Tailscale.
2. Admin Dashboard: After signing up, you will be directed to the Tailscale Admin Dashboard.

2.2.4 Install Tailscale on Linux

1. Open your Linux terminal and run:

   curl-fsSL https://tailscale.com/install.sh | sh

2. Check the status of the Tailscale service:

   sudosystemctl status tailscaled

3. Enable and start the Tailscale service:

   sudosystemctlenabletailscaledsudosystemctl start tailscaled

2.2.5 Install Tailscale on Windows

1. Download the Tailscale installer for Windows from here.
2. Once Installed login to tailscale.

2.2.6 Configure Tailscale

1. Generate an Auth Key:

• Return to the Tailscale Admin Dashboard.

• Navigate to Settings to generate an authentication key. (I have used Ubuntu 24.04 Linux as WSL. )

1. Authenticate and Connect:

• Return to your Linux terminal.

• Run the following command to authenticate and connect:

sudotailscale up--auth-key=YOUR_AUTH_KEY--ssh

Replace YOUR_AUTH_KEY with the key you generated.

Congratulations! Your Linux is now configured for remote SSH access over a private IP. Both your Windows machine and the Linux instance should be connected to Tailscale to access resources or applications and to perform SSH.

2.2.7 SSH Using Tailscale Browser-Based Access

1. Access Tailscale Admin Portal:

• Go to the Tailscale Admin Portal.

• Select the machine you want to SSH into and choose the option to SSH into the machine.

1. Select User:
   • Choose the user you want to log in as.

1. Confirm Identity:

• Confirm your identity by logging in to Tailscale.

• You are now connected to WSL / Linux through your browser.

2.2.8 Get Private IP :

To obtain the private IP address of your machine, you can use the following command in the terminal:

tailscale ip-4

Alternatively, you can also find the private IP address through the Tailscale admin portal. Be sure to note this IP, as we will need it for subsequent configuration steps.

2.3 Installing Docker :

-- Steps For ubuntu 24 :

2.3.1Install using theapt repository

Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.

1. Set up Docker'sapt repository.

# Add Docker's official GPG key:sudoapt-get updatesudoapt-getinstallca-certificates curlsudo install-m 0755-d /etc/apt/keyringssudocurl-fsSL https://download.docker.com/linux/ubuntu/gpg-o /etc/apt/keyrings/docker.ascsudo chmoda+r /etc/apt/keyrings/docker.asc# Add the repository to Apt sources:echo\"deb [arch=$(dpkg--print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu\$(. /etc/os-release&&echo"$VERSION_CODENAME") stable" |\sudo tee /etc/apt/sources.list.d/docker.list> /dev/nullsudoapt-get update

• To install the latest version, run:

sudoapt-getinstalldocker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

• Verify that the Docker Engine installation is successful by running :

sudodocker pssudodocker info

-- For Other Machines :
Docker Installation Guide for :

Windows :https://docs.docker.com/desktop/install/windows-install/
Mac :https://docs.docker.com/desktop/install/mac-install/

Ubuntu :https://docs.docker.com/engine/install/ubuntu/
Debian :https://docs.docker.com/engine/install/debian/
RHEL :https://docs.docker.com/engine/install/rhel/
Fedora :https://docs.docker.com/engine/install/fedora/
Raspberry Pi :https://docs.docker.com/engine/install/raspberry-pi-os/
CentOS :https://docs.docker.com/engine/install/centos/
SLES :https://docs.docker.com/engine/install/centos/

2.4 Pointing DNS to the Server's Private IP Address :

To configure your DNS to point to the private IP of your server, follow these steps. In this example, I have used Cloudflare as the domain provider:

1. Log in to your domain provider's dashboard.
2. Navigate to theWebsite section and selectyour domain.

Now clickDNS -->Records -->Add record :

To set up access to your Nextcloud instance via a custom subdomain, you need to create anA record with your domain provider.

Choose a subdomain name, such asnextcloud-server, so your Nextcloud instance will be accessible atnextcloud-server.domain.com.

In the DNS settings, point this subdomain to the Tailscale IP address you copied earlier in step 2.2.8 .

keep this tab open we may need to addTXT record for Let's Encrypt SSL .

3 Nextcloud Deployment :

3.1 SSL request :

In this section, we’ll walk through how to request a free SSL certificate from Let's Encrypt using Certbot. This SSL certificate will secure your domain, and the process is simple with Docker.

Step 1: Running Certbot to Generate an SSL Certificate

To begin, open your terminal and run the following Docker command. This will start the Certbot client, which will guide you through the process of generating a free SSL certificate:

docker run-it--rm\-v"/etc/letsencrypt:/etc/letsencrypt"\-v"/var/lib/letsencrypt:/var/lib/letsencrypt"\certbot/certbot certonly--manual--preferred-challenges dns

This command will initiate Certbot in interactive mode, prompting you for details like your domain name and email address.

Step 2: Input Required Information

After running the command, Certbot will ask for several pieces of information. Follow the prompts as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.logEnter email address(usedforurgent renewal and security notices)(Enter'c' to cancel): email@example.comPleasereadthe Terms of Service at:https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree tocontinue.(Y)es/(N)o: YWould you like to receive email updates from Let's Encrypt and the EFF?(Y)es/(N)o: Y

Next, you will be prompted to enter the domain name for which you want the SSL certificate:

Please enter the domain name(s) you would like on your certificate(comma and/or space separated)(Enter'c' to cancel):nextcloud-server.domain.com

Step 3: Deploying DNS TXT Record

Certbot will now ask you to deploy a DNS TXT record for domain validation. You need to add a specific TXT record to your domain's DNS configuration:

Please deploy a DNS TXT record under the name:_acme-challenge.nextcloud-server.domain.com.With the following value:D1eW0MaeV4L61WsvJJHniuUBAuj3aoggwF2-mXad21KaF-x

Go to your domain provider's DNS management interface and add a new TXT record:

• Type: TXT
• Name: _acme-challenge.nextcloud-server.domain.com
• Value: D1eW0MaeV4L61WsvJJHniuUBAuj3aoggwF2-mXad21KaF-x

Step 4: Verifying the DNS Record

Before continuing, ensure the DNS record has been successfully deployed. You can verify this using online tools like theGoogle Admin Toolbox.

Once the record is visible, return to your terminal and pressEnter to proceed.

Step 5: SSL Certificate Issuance

Once the DNS record is verified, Certbot will complete the certificate generation. You will see a message like this:

Successfully received certificate.Certificate is saved at: /etc/letsencrypt/live/nextcloud-server.domain.com/fullchain.pemKey is saved at:         /etc/letsencrypt/live/nextcloud-server.domain.com/privkey.pemThis certificate expires on 2024-12-15.

Important Notes:

• This certificate is valid for 90 days, and you will need to renew it before it expires.
• For manual DNS-based certificates, renewal requires repeating this process unless you configure automated renewal using Certbot hooks.

( I will cover SSL Autorenewal in next article. )

We have successfully obtained an SSL certificate for your domain. Now, your connection will be secured with HTTPS!

3.2 Utilizing a .env File to Manage Configuration Variables

When deploying applications using Docker, it’s important to manage the configuration effectively. One of the best practices is to use a.env file to store environment variables instead of hardcoding values directly in yourdocker-compose.yml file. This approach not only keeps your configuration organized but also simplifies the process of making changes in the future.

To create a.env file, open your terminal and use the following command:

nano .env

In the.env file, you can define your environment variables like this:

NEXTCLOUD_ADMIN_USER=email@example.comNEXTCLOUD_ADMIN_PASSWORD=YOUR_SECURE_PASSWORDNEXTCLOUD_PORT=80NEXTCLOUD_PORT_HTTPS=443PRIVATE_IP=YOUR_TAILSCALE_IP_HEREREDIS_HOST=redisREDIS_HOST_PORT=6379REDIS_HOST_PASSWORD=YOUR_SECURE_PASSWORDMYSQL_HOST=dbMYSQL_DATABASE=nextcloudMYSQL_USER=nextclouddbMYSQL_PASSWORD=YOUR_SECURE_PASSWORDMYSQL_ROOT_PASSWORD=YOUR_SECURE_ROOT_PASSWORDMYSQL_HOST_PORT=3379NEXTCLOUD_SSL_KEY_PATH=/etc/letsencrypt/live/nextcloud-server.domain.com/privkey.pemNEXTCLOUD_SSL_CERT_PATH=/etc/letsencrypt/live/nextcloud-server.domain.com/fullchain.pemNEXTCLOUD_APACHE_CONFIG_PATH=./000-default.confNEXTCLOUD_APACHE_LIMIT_PATH=./apache-limits.conf

3.3 Nextcloud Configuration in config.php

[!NOTE]

!! SKIP this step if you are deploying nextcloud first time.

Next, you'll need to configure Nextcloud itself. The configuration settings for Nextcloud are typically stored in the/var/www/html/config/config.php file in nextcloud docker container. Below is a sample configuration that you can adapt to your setup:

To create aconfig.php file, open your terminal and use the following command:

nano config.php

In theconfig.php file, you can add configurations like this:

<?php$CONFIG=array('htaccess.RewriteBase'=>'/','memcache.local'=>'\\OC\\Memcache\\APCu','apps_paths'=>array(0=>array('path'=>'/var/www/html/apps','url'=>'/apps','writable'=>false,),1=>array('path'=>'/var/www/html/custom_apps','url'=>'/custom_apps','writable'=>true,),),'memcache.distributed'=>'\\OC\\Memcache\\Redis','memcache.locking'=>'\\OC\\Memcache\\Redis','redis'=>array('host'=>'redis','password'=>'','port'=>6379,),'upgrade.disable-web'=>true,'passwordsalt'=>'NSOLqCOL3s+8JyIaFtz6Xw0guUC7Vf','secret'=>'nLg9bkVKY4HV4fOkop6vmJ5/DyqdOUo21545JQTpmzWQSGe3','trusted_domains'=>array(0=>'nextcloud-server.domain.com',),'datadirectory'=>'/var/www/html/data','dbtype'=>'mysql','version'=>'29.0.6.1','overwrite.cli.url'=>'http://localhost','dbname'=>'nextcloud','dbhost'=>'db','dbport'=>'','dbtableprefix'=>'oc_','mysql.utf8mb4'=>true,'dbuser'=>'nextclouddb','dbpassword'=>'YOUR_SECURE_PASSWORD','installed'=>true,'instanceid'=>'ocuijn9xg681',);

Mounting an Existing config.php File

If you already have aconfig.php file and want to mount it to your Nextcloud Docker container, make sure to uncomment the following line in yourdocker-compose.yml file:

# 3 - ./config.php:/var/www/html/config/config.php

By doing so, you can easily manage your Nextcloud configuration without modifying the Docker image itself.

3.4 Creating the Apache Configuration File

To set up your Apache web server, you’ll need to create a configuration file. Start by opening your terminal and running the following command:

nano 000-default.conf

In thisapache.conf file, you will define your server settings. Below is a sample configuration for a Nextcloud server, which includes both HTTP and HTTPS settings:

Sample Apache2 Configuration File

<VirtualHost *:80>ServerName nextcloud-server.domain.comRedirectpermanent / https://nextcloud-server.domain.com/</VirtualHost><VirtualHost *:443>ServerName nextcloud-server.domain.com<IfModule mod_headers.c>Headeralwaysset Strict-Transport-Security "max-age=15552000; includeSubDomains"</IfModule>ServerAdmin webmaster@localhostDocumentRoot /var/www/html# Enable SSLSSLEngineonSSLProtocol TLSv1.2 TLSv1.3# Specify the certificate filesSSLCertificateFile /etc/ssl/certs/fullchain.pemSSLCertificateKeyFile /etc/ssl/private/privkey.pemErrorLog ${APACHE_LOG_DIR}/error.logCustomLog ${APACHE_LOG_DIR}/access.log combined</VirtualHost>

3.5 Setting Request Limits in Apache

To enhance the performance and security of your Apache server, you can set limits on the size of the request body. This helps prevent abuse by limiting the maximum size of uploaded files. To do this, create or modify theapache-limits.conf file. Open your terminal and enter the following command:

nano apache-limits.conf

In theapache-limits.conf file, add the following line:

LimitRequestBody 104857600

This configuration sets the maximum allowed size of the request body to100 MB (104,857,600 bytes).

3.6 Script to Enable SSL and Headers Module in Nextcloud Container :

The official Nextcloud Docker image (nextcloud:apache-stable) does not come with SSL enabled by default. To enable SSL support and necessary headers in your Nextcloud container, you can use the following script. This script ensures that the SSL module and headers are properly configured.

Create a new script file, for exampleenable_ssl.sh, and add the following content:

#!/bin/bash# 4 Enable SSL module and configure Apache SSLdockerexecncapp-nextcloud-server /bin/bash-c"a2enmod ssl"dockerexecncapp-nextcloud-server /bin/bash-c"a2ensite 000-default"dockerexecncapp-nextcloud-server /bin/bash-c"a2enmod headers"# 5 Restart Apache to apply changesdockerexecncapp-nextcloud-server /bin/bash-c"service apache2 reload"

Make sure to give the script execution permissions before running it:

chmod +x enable_ssl.sh

4 Docker Compose :

At this stage, we have gathered the essential files required for our setup, including the SSL certificates,config.php,000-default.conf,apache-limits.conf, and the necessaryscript.

Now, let's move forward by creating a Docker Compose file. This file will serve as the backbone of our deployment, orchestrating the various services and configurations we've prepared.

To create our Docker Compose file, open a terminal and enter the following command:

nano docker-compose.yml

This command will open the Nano text editor, where we can define our services and configurations. Below is a sample configuration to get you started:

#   Docker compose file for Nextcloud setup with Redis and Mariadbservices:nc:image:nextcloud:stable-apacherestart:unless-stoppedcontainer_name:ncapp-nextcloud-serverports:-${PRIVATE_IP}:${NEXTCLOUD_PORT}:80-${PRIVATE_IP}:${NEXTCLOUD_PORT_HTTPS}:443volumes:-${NEXTCLOUD_SSL_KEY_PATH}:/etc/ssl/private/privkey.pem-${NEXTCLOUD_SSL_CERT_PATH}:/etc/ssl/certs/fullchain.pem-${NEXTCLOUD_APACHE_CONFIG_PATH}:/etc/apache2/sites-enabled/000-default.conf-${NEXTCLOUD_APACHE_LIMIT_PATH}:/etc/apache2/conf-enabled/apache-limits.conf# - ./config.php:/var/www/html/config/config.php-nc_data:/var/www/html-nc_apache2:/etc/apache2/depends_on:-redis-dblinks:-db-redisnetworks:-redisnet-dbnethealthcheck:test:[CMD-SHELL,curl -f http://localhost]interval:1mtimeout:10sretries:3deploy:resources:limits:cpus:'2'memory:2048M# labels:#   maintainer: "Your Name <your@email.com>"#   org.label-schema.version: "latest"#   org.label-schema.name: "Nextcloud-NC-APP"#   org.label-schema.description: "Self-hosted file sharing and collaboration platform"#   org.label-schema.url: "https://nextcloud.com"#   org.label-schema.documentation: "https://docs.nextcloud.com"#   org.label-schema.source: "https://github.com/nextcloud/docker"#   org.label-schema.issues: "https://github.com/nextcloud/docker/issues"environment:-NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}-NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}-REDIS_HOST=${REDIS_HOST}-REDIS_HOST_PORT=${REDIS_HOST_PORT}# - REDIS_HOST_PASSWORD=${REDIS_HOST_PASSWORD}  # Cant login to nexcloud if enabled-MYSQL_HOST=${MYSQL_HOST}-MYSQL_DATABASE=${MYSQL_DATABASE}-MYSQL_USER=${MYSQL_USER}-MYSQL_PASSWORD=${MYSQL_PASSWORD}redis:image:redis@sha256:6a5130174e14177c3777ea34f4989a91bb5a7d7562dd48578cbfa3ad8cd53743restart:unless-stoppedcontainer_name:ncapp-redis-servernetworks:-redisnetdeploy:resources:limits:cpus:'1'memory:1024Mvolumes:-rd_data:/datahealthcheck:test:[CMD-SHELL,redis-cli PING]interval:1mtimeout:10sretries:3# labels:#   maintainer: "Your Name <your@email.com>"#   org.label-schema.version: "latest"#   org.label-schema.name: "Nextcloud-REDIS"#   org.label-schema.description: "Self-hosted file sharing and collaboration platform"#   org.label-schema.url: "https://nextcloud.com"#   org.label-schema.documentation: "https://docs.nextcloud.com"#   org.label-schema.source: "https://github.com/nextcloud/docker"#   org.label-schema.issues: "https://github.com/nextcloud/docker/issues"environment:-REDIS_HOST=${REDIS_HOST}-REDIS_HOST_PORT=${REDIS_HOST_PORT}# - REDIS_PASSWORD=${REDIS_HOST_PASSWORD}expose:-${REDIS_HOST_PORT}db:image:mariadb:10.5command:--transaction-isolation=READ-COMMITTED --binlog-format=ROW# if getting this error : 4047 InnoDB refuses to write tables with ROW_FORMAT=COMPRESSED or KEY_BLOCK_SIZE.# More details here : https://techoverflow.net/2021/08/17/how-to-fix-nextcloud-4047-innodb-refuses-to-write-tables-with-row_formatcompressed-or-key_block_size/# Comment the above command and use the below :# command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressedrestart:unless-stoppedcontainer_name:ncapp-db-servervolumes:-db_data:/var/lib/mysqlhealthcheck:test:[CMD-SHELL,mysqladmin ping -h localhost]interval:1mtimeout:10sretries:3networks:-dbnetdeploy:resources:limits:cpus:'2'memory:4096M# labels:#   maintainer: "Your Name <your@email.com>"#   org.label-schema.version: "latest"#   org.label-schema.name: "Nextcloud-MARIADB"#   org.label-schema.description: "Self-hosted file sharing and collaboration platform"#   org.label-schema.url: "https://nextcloud.com"#   org.label-schema.documentation: "https://docs.nextcloud.com"#   org.label-schema.source: "https://github.com/nextcloud/docker"#   org.label-schema.issues: "https://github.com/nextcloud/docker/issues"environment:-MYSQL_DATABASE=${MYSQL_DATABASE}-MYSQL_USER=${MYSQL_USER}-MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}-MYSQL_PASSWORD=${MYSQL_PASSWORD}expose:-${MYSQL_HOST_PORT}volumes:db_data:nc_data:rd_data:nc_apache2:networks:dbnet:driver:bridgeredisnet:driver:bridge

Once you have saved yourdocker-compose.yml file, you can start your services in detached mode using the following command:

docker-compose up-d

This command will pull the necessary images (if not already available) and start the containers in the background, allowing you to continue using your terminal for other tasks.

After running above command , wait for about 5 to 10 seconds to ensure that all services are properly initialized. Once the waiting period is over, you can enable SSH by running the script:

./enable-ssh.sh

This script will configure SSH access, allowing you to manage your services remotely and securely.

If you are getting output similar to this , then please wait for 5 more seconds and rerun the script :
ERROR :

Considering dependency setenvifforssl:Module setenvif already enabledConsidering dependency mimeforssl:Module mime already enabledConsidering dependency socache_shmcbforssl:Enabling module socache_shmcb.Enabling module ssl.See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.To activate the new configuration, you need to run:  service apache2 restartSite 000-default already enabledModule headers already enabledReloading Apache httpd web server: apache2 failed!Apache2 is not running ...(warning).

EXPECTED OUTPUT :

$./enable-ssl.shConsidering dependency setenvifforssl:Module setenvif already enabledConsidering dependency mimeforssl:Module mime already enabledConsidering dependency socache_shmcbforssl:Module socache_shmcb already enabledModule ssl already enabledSite 000-default already enabledModule headers already enabledReloading Apache httpd web server: apache2.

5 Accessing Nextcloud on a Private IP

To successfully access your Nextcloud instance running on a private IP, ensure that Tailscale is active on both the server hosting Nextcloud and the machine you are using for access.

1. Open Your Browser: Navigate to the private IP address of your Nextcloud server.
2. Login Credentials: Enter your administrator username and password. Upon logging in, you may encounter the following error:

   ## Access through untrusted domain   Please contact your administrator. If you are an administrator, edit the "trusted_domains" setting in config/config.php like the example in config.sample.php.   Further information on how to configure this can be found in the [documentation](https://docs.nextcloud.com/server/29/go.php?to=admin-trusted-domains).

Resolving the Untrusted Domain Error

To resolve the untrusted domain issue, you need to update the trusted domains in your Nextcloud configuration:

1. Access the Docker Container: Execute the following command to enter your Nextcloud Docker container:

   dockerexec-it ncapp-nextcloud-server /bin/bash

1. Install a Text Editor: If not already installed, you can installnano by running:

   apt update&& aptinstallnano

1. Edit the Configuration File: Open the configuration file using:

   nano /var/www/html/config/config.php

1. Locate the Trusted Domains Section: UseCtrl + W to initiate a search and typetrusted_domains, then hit Enter.

1. Modify the Trusted Domains: You can either edit the existinglocalhost entry or add your domain. Your configuration block should look like this:

array(0=>'localhost',1=>'nextcloud-server.domain.com',),

1. Save and Exit: Save your changes innano by pressingCtrl + X, then confirm withY and press Enter.

Now, you should be able to access your Nextcloud instance athttps://nextcloud-server.domain.com.

Congratulations! You've successfully configured your Nextcloud server to recognize your domain.

As we come to the end of this guide, we hope you've gained valuable insights and practical steps to take control of your data by self-hosting NextCloud with MariaDB, Redis, and secure access via Tailscale VPN. By following these steps, you've not only set up a powerful collaboration platform but also enhanced your data security and privacy.

Remember, self-hosting isn't just about functionality—it's about owning your infrastructure and safeguarding sensitive information. Whether you're managing it for personal use or for a team, always prioritize regular backups, updates, and monitoring to maintain the integrity of your setup.

If you found this guide helpful and have any questions or feedback, feel free to reach out. For more insights on technology and to stay updated with my latest content, connect with me on LinkedIn and you can support open source community by buying a coffee here.

*Email *: hi@plexio.cloud
*Linkedin *:  LinkedIn

Thank you for following along, and best of luck with your self-hosting journey!