Nextcloud

Nextcloud is a drop-in replacement for many popular cloud services, including file sharing, calendar, groupware, and more. One of its more common uses for the home environment is serving as a media backup, and organizing and sharing service. This procedure demonstrates how to set up Nextcloud on TrueNAS and configure it to support hosting a wider variety of media file previews, including High-Efficiency Image Container (HEIC), MP4, and MOV files.

TrueNAS offers one deployment option for setting up Nextcloud, a Linux Debian-based TrueNAS version application available in TrueNAS releases 24.10 and later. The instructions in this article apply to these TrueNAS 24.10 and later releases.

TrueNAS offered a FreeBSD-based TrueNAS Nextcloud plugin in releases 13.0 and 13, but it is no longer available in TrueNAS 13.0 and is soon to be unavailable in 13.3. Refer to release notes for more information on upcoming and current changes. For more information on the FreeBSD-based Nextcloud plugin, see Nextcloud.

Before you install the Nextcloud app:

Configure Nextcloud Datasets and ACLs

You must configure the ACLs permissions for two datasets while on the >Datasets screen: the parent dataset (i.e., the nextcloud dataset) and the postgres_data dataset. You can configure ACL permissions for the Nextcloud html and data datasets when prompted or configure them in the app installation wizard as described in the installation section.

To configure the dataset ACL permissions from the Datasets screen, either select the Set ACL for this dataset option when prompted after adding the dataset or select the dataset row and then click Edit on the Permissions widget to open the Edit ACL screen.

When adding the parent dataset, select the Generic dataset preset after entering the name. Select the option to edit the ACL, set the owner and group to admin or the name of your administration user account, and click Apply Owner and Apply Group. Next, add an ACE entry for the netdata and www-dat users and give them full permissions. Click Save Access Control List.

When adding the postgres_data dataset, enter the dataset name and then click Advanced Options to show the advanced dataset settings. Scroll down to the ACL Type and select POSIX from the dropdown list, and then click Save. Only the postgres_data dataset requires the POSIX ACL type setting.

Click Set ACL for this dataset to open the Edit ACL screen. Set the owner and group to netdata and click Apply Owner and Apply Group, and then with that ACL entry highlighted, assign full control permissions before you save the ACL. Click Save Access Control List.

Adding a certificate is optional but if you want to use a certificate for this application, either create a new self-signed CA and certificate or import an existing CA and create the certificate for Nextcloud. A certificate is not required to deploy the application.

• Set up a Nextcloud account. If you have an existing Nextcloud account, you enter the credentials for that user in the installation wizard. If you do not have an existing Nextcloud account, you can create one using the application install wizard.

This basic procedure covers the required Nextcloud app settings. For optional settings, see Understanding App Installation Wizard Settings.

Go to Apps, click on Discover Apps, and locate the app widget by either scrolling down to it or begin typing the name into the search field. For example, to locate the MinIO app widget, begin typing minIO into the search field to show app widgets matching the search input.

If this is the first application installed, TrueNAS displays a dialog about configuring apps.

Configuring Apps Dialog

Click Confirm then Agree to close the dialog and open the application details screen.

If not the first time installing apps the dialog does not show, click on the widget to open the app information screen.

Click Install to open the app installation wizard.

Application configuration settings are grouped into several sections, each explained below in Understanding App Installation Wizard Settings. To find specific fields begin typing in the Search Input Fields search field to show the section or field, scroll down to a particular section, or click on the section heading in the list of sections on the upper-right of the wizard screen.

Next, enter the Nextcloud Configuration settings.

Entering Nextcloud Configuration Settings

For a basic installation, you can accept default values, but enter the following values: Enter the name of the administration user in Admin User and Admin Password. If using an existing Nextcloud account, enter the administration credentials for that account or enter new to create new Nextcloud user account credentials.

Select the APT packages you want to use. Nextcloud requires ffmpeg and smbclient. Click Add to the right of APT Packages twice to add two sets of Package fields. Select ffmpeg in one, and smbclient in the other. If also selecting ocrmypdf, also set the Tesseract Language Codes option to use. Click Add to show the Language field then enter either chi-sim for simplified Chinese or eng for English. See Nextcloud Configuration Settings below for more information.

Enter either the fully qualified domain name or the IP address and port for your TrueNAS system in Host as ##.###.###.##:port or my.domain.com:port. The Data Directory Path is pre-populated with the correct path.

Enter a password in Redis Password to create a new credential or enter the existing password if you already have Redis configured in your Nextcloud account. Enter a password in Database Password to create a new credential for the Nextcloud database or enter the existing password if you already have the Nextcloud account database configured. Nextcloud does not URL encode in some places so do not use the ampersand (&), at (@), hashtag (#), or percent (%) characters in the Redis password.

Accept the remaining defaults in the Nextcloud Configuration section. However, if you are setting up a cron job schedule, select Enabled under Cron to show the settings that allow you to schedule a cron job.

Nextcloud Cron Jobs

NextCloud cron jobs only run while the app is running. If you stop the app, the cron job(s) do not run until you start the app again.

For more information on formatting and using cron jobs, see Managing Cron Jobs.

The TrueNAS app is configured with all the required environment variables, but if you want to further customize the container, click Add to the right of Additional Environment Variables for each to enter the variable(s) and values(s).

Enter the network configuration settings. Enter the default port, 30027, in WebUI Port, or enter an available port number of your choice. See Network Configuration below for more information on changing the default port. This port must match the one used in Host above.

If you configured a certificate, select it in Certificate ID. A certificate is required if you want to select an external port other than the default 30027.

Enter the storage settings for each dataset you created for the Nextcloud app.

Configuring Nextcloud Storage

Do not select DEPRECATED: Old Storage Structure if you are deploying Nextcloud for the first time as this slows down the installation and is not necessary. If you are upgrading where your Nextcloud deployment in TrueNAS was a 1.x.x release, select this option.

  Set Host Path (Path that already exists on the system) in Type for Nextcloud AppData Storage. Select Enable ACL, and then either enter or browse to and select the html dataset to populate the Host Path field.

Select Add to the right of ACL Entries, add the 33 user ID, and give it FULL_CONTROL Access. Select Force Flag.

Repeat this step for the Nextcloud User Data Storage storage volume. After setting Type to Host Path (Path that already exists on the system) and selecting Enable ACL, enter or browse to and select the data dataset. Select Add to the right of ACL Entries to add the 33 user ID, and give it FULL_CONTROL Access. Select Force Flag

Finally, set Type to Host Path (Path that already exists on the system) under Nextcloud Postgres Data Storage. Do not select Enable ACL! Either enter or browse to and select the postgres_data dataset to populate the Host Path field. Do not add an ACE entry for this dataset using the app installation wizard. ACL permissions are set for this dataset in the Before You Begin section in the Configure Nextcloud Dataset ACLs expandable section.

Click Install. A progress dialog displays before switching to the Installed applications screen. The Installed screen displays with the nextcloud app in the Deploying state. Status changes to Running when ready to use.

Click Web Portal on the Application Info widget to open the Nextcloud web portal sign-in screen.

The following section provides more detailed explanations of the settings in each section of the Install installation wizard.

Nextcloud configuration settings include setting up credentials, APT packages (previously referred to as the commands), the host IP and port, data directory path, upload limits, execution times, memory limits and cache memory consumption, adding a cron job with schedule, and adding additional environment variables.

If you have an existing Nextcloud account add the credentials for that account in the Admin User and Admin Password fields. If you do not have an existing account enter the name and password you want to use to create the Nextcloud login credentials.

Adding APT Packages

Nextcloud has three APT package options:

• ffmpeg
• smbclient
• ocrmypdf

You must add both the ffmpeg and smbclient packages to deploy this app.

You can also use ocrmypdf if needed, but you must select the Tesseract Language Code to use. Options are chi-sim for Simplified Chinese or eng for English. For more information on tesseract languages to install for OCRmypdf, see here for a list of language codes. Typing the wrong language code blocks the container from starting. Only takes effect if ocrmypdf is selected.

Click Add to the right of APT Packages for each option you want or need to add.

Data Directory Path shows the data directory where Nextcloud stores all files from the users. It is prepopulated with /var/www/html/data which is the default path inside the container. We recommend not changing this path.

Nextcloud Redis requires a password for access. If you have an existing Nextcloud account with Redis configured, enter that existing password here but if not, enter a password to use for Redis in Nextcloud. Nextcloud also requires a password to secure access to the database. If you have an existing Nextcloud account database with a password configured, enter it Database Password. If you do not have an existing database password enter a new password for the database. The default value is nextcloud. The TrueNAS Nextcloud app passes these passwords to Nextcloud.

The PHP Upload Limit (in GB) applies a timeout to the client_max_body size in nginx, and the post_max_size and upload_max_filesize in PHP. Accept the default.

The Max Execution Time (in Seconds) sets the maximum execution time for Nextcloud. The default is 30 seconds but you can adjust this based upon your needs.

The PHP Memory Limit (in MB) sets a memory limit on PHP. The default is 512, with a range of 128 to 4096.

The OP Cache Memory Consumption (in MB) sets the size of the memory cache consumption. The default is 128, with a range of 128 to 1024.

If enabled, Cron shows the Schedule option. The default value is */5 * * * *. Enter the schedule values to replace the asterisks based on your desired schedule.

The default web port for Nextcloud is 30027.

Nginx Configuration setting, Proxy Timeout, applies the time out (in seconds) to proxy connection, and proxy send and receive. The default value is 60 with a minimum of 30 seconds. Enable Use a different port for URL rewrites to show the External Port setting. When enabled, the URL write uses the access port instead of the node port (default 9001). External Port default port is 443. Nextcloud continues to listen on the node port.

TrueNAS provides two options for storage volumes: ixVolumes and host paths.

Nextcloud needs three datasets for host path storage volume configurations:

• html to use as the AppData storage volume.
• data to use as the User Data storage volume.
• postgres_data to use as the Postgres Data storage volume.

If you group these datasets under a parent dataset named nextcloud, configure the ACL permissions for this parent dataset and add an ACE entry for the netdata user.

The app installation wizard cannot set up the ACL type or correctly add user permissions for the postgres storage volume. You must configure these outside the install wizard using the Add Dataset and Edit ACL screens. When adding the postgres_data dataset set it up with a POSIX ACL, and add the netdata user as the owner user and group with full control permissions.

See the instructions provided in the Before You Begin section for instructions on creating both the parent and postgres_data datasets and configuring the ACL permissions for each.

Creating App Datasets

To create the Nextcloud app datasets, go to Datasets, select the dataset you want to use as the parent dataset, then click Add Dataset to add a dataset. In this example, we create the Nextcloud datasets under the root parent dataset tank.

Enter nextcloud in Name, and select Apps as the Dataset Preset. Click Advanced Options if you want to make any other setting changes. Click Save. When prompted, select Return to Pool List to configure permissions later after adding the other three datasets, or open the ACL editor to edit ACL permissions immediately after adding the dataset.

Next, select the nextcloud dataset, and click Add Dataset to add the first child dataset. Enter html in Name and select Apps as the Dataset Preset. Click Advanced Options if you want to make any other setting changes. Click Save.

Repeat this two more times to add the other child datasets to the nextcloud parent dataset. When finished you should have the nextcloud parent dataset with three child datasets under it. Our example paths are:

• */mnt/tank/nextcloud/*html
• */mnt/tank/nextcloud/*data
• */mnt/tank/nextcloud/*postgres_data

Select Enable ACL to show the ACL and ACE Entries options.

Configuring ACE Entries

Enter or browse to select the dataset and populate Host Path.

Next, click Add to the right of ACL Entries to show the permissions settings. Set ID Type to Entry is for a USER or Entry is for a GROUP. If you configured a group in TrueNAS that you want to give access to instead of a single user, set the ID to the group option and enter the GID for that group.

Enter the UID as one of the following:

• The default app user:
  • 568 for apps in all trains if the app can run as any non-root user.
  • 999 for all postgres storage volumes.
  • 0 if running as root.
  • 473 for MinIO app in the stable train.
• The run-as-user UID set as a default for the app. The run-as user shows on the app details screen in the Run As Content widget, and on the Installed application screen after the app deploys. You can refer to the tutorial for the app, or look in the questions.yaml file found in the GitHub repository for the application to find this UID/GID.
• The user ID for the new or existing TrueNAS user added to serve as the administrator for the app.

If the app shows User and Group Configuration settings, the default UID shows on the screen. If not, choose the run-as user ID found in the Run As Content widget.

Use the default user ID 999 for all postgres storage volumes, not the run-as user.

If you created a new TrueNAS user to serve as the app administration user, add an entry record and enter the UID for this user in addition to the run-as user ID.

When adding the ACL entry for the run-as user, default user, and/or optional TrueNAS app administrator user, and postgres user ID, set the Access permissions level to FULL CONTROL.

Select Force Flag to apply the ACL even if the path has existing data. This allows you to update the app when an update is available.

TrueNAS Additional Storage options include the ability to mount an SMB share inside the container pod.

Set Type an SMB/CIFS Share (Mounts a volume to a SMB share) to add an SMB share storage volume.

Select Read Only to make the storage volume read only.

Enter the path inside the container to mount the storage for the share volume in Mount Path.

Enter the server address for the SMB share in Server, the path to mount the SMB share in Path, and the share authentication user credentials in User and Password. (Optional) enter the share domain name in domain.

Permissions are currently limited to the permissions of the user that mounted the share.

Use the SMB option for data synchronization between a share and the app if the option shows on the screen. A present, only the Syncthing app includes this option.

If the app does not deploy, try adding the www-data user and group (33:33) to the nextcloud dataset but do not set recursive. Stop the app before editing the ACL permissions for the datasets.

Next, add the www-data user and group to the html and data datasets. You can set this to recursive, but it is not necessary. To do this:

1. Select the dataset, scroll down to the Permissions widget, click Edit to open the ACL Editor screen.
2. Click Add Item, select User in Who and www-data in the User field, and select Full Control in Permissions.
3. Add an entry for the group by repeating the above steps but select Group.
4. Click Save Access Control List.

Finally, add the user netdata and group docker (999:999) to the Postgres Data dataset, following the same process. Within the postgres container, the user and group 999 map to postgres.