Nextcloud-Docker on Ubuntu Kubernetes in 2021

Back in 2018 I’ve published my Article Nextcloud-Docker on Kubernetes-cluster + SSL certificates. Since then, some things have changed and became easier. Hence, let’s wrap it up to a simpler 2021-version!

Changes

  • Ubuntu 20.04 LTS
  • Install Microk8s via Snap, instead of native Kubernetes.io sources

What is excluded

Helm. Why? I’m a big fan of helm and I’m using it for some orchestrations as well. However especially for Nextcloud,

  1. I prefer orchestrating everything on my own
  2. While publishing my initial Nextcloud-article, some serious things have changed in Helm. The inintial article is still valid and compatible with today’s packages.

Let’s jump in!

Download and set up Ubuntu 20.04 LTS. I won’t cover any further steps here since there are a lot of information out there.

Setting up Docker & Kubernetes (Microk8s) on Ubuntu

$ sudo apt update && sudo apt upgrade -y
$ sudo apt install docker.io
$ sudo systemctl enable docker
$ sudo snap install microk8s –classic

Pretty easy, isn’t it? πŸ™‚

Setting up Nextcloud on Microk8s

Extra-hint: Use the following in an extra-terminal to be able to see what the Kubernetes-cluster is doing

$ watch -n 10 kubectl get deployment,svc,pods,pvc,pv,ing

Deployment + Service: MariaDB

As a user (not root) create a folder nc-deployment, download pre-defined MariaDB-descriptions from my GitHub, adjust it to your needs and deploy:

$ mkdir nc-deployment
$ cd nc-deployment
$ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/db-deployment.yaml

$ nano db-deployment.yaml
--> change MYSQL_PASSWORD here
--> change MYSQL_ROOT_PASSWORD here
--> change db's HostPath here, which should be the absolute location of 'nc-deployment'/db-pv (eg /home/andremotz/nc-deployment/db-pv)

$ kubectl create -f db-deployment.yaml

$ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/db-svc.yaml
$ kubectl create -f db-svc.yaml

Deployment + Service: Nextcloud:

Next, download Nextcloud-descriptions, adjust them and deploy:

$ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/nc-deployment.yaml

$ nano nc-deployment.yaml
--> change NEXTCLOUD_URL
--> change NEXTCLOUD_ADMIN_PASSWORD
--> change MYSQL_PASSWORD (the value you've entered before)
--> change html's hostPath (eg. to /home/andremotz/nc-deployment/nc-pv)

$ kubectl create -f nc-deployment.yaml

$ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/nc-svc.yaml
$ kubectl create -f nc-svc.yaml

Create self-signed certificates

The OMGWTFSSL-Docker image offers easy-to-use certificate-creation. Here we are using only a Pod, not a Deployment. Once the certificates are created, the Pod will stop.

$ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/omgwtfssl-pod.yaml

$ nano omgwtfssl-pod.yaml
--> change SSL_SUBJECT to your server's name
--> change CA_SUBJECT to your mail-adress
--> change SSL_KEY to a proper filename
--> change SSL_CSR to a proper filename
--> change SSL_CERT to a proper filename
--> change cert's hostPath (eg. to /home/andremotz/nc-deployment/certs-pv)

$ kubectl create -f omgwtfssl-pod.yaml

Deployment + Service: Nginx reverse Proxy

One could already easily adjust the Nextcloud-service to publish HTTP-driven service. However we want to use a Nginx-instance in front of our Nextcloud to be able to use HTTPS-encryption. For the proxy we are not using a Deployment but a Pod, to be able to make use of standard HTTP/HTTPS-ports 80 & 443

$ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/nginx.conf

$ nano nginx.conf
--> change server_name (two locations in the file!) to the server name you've provided before for SSL_SUBJECT
--> change ssl_certificate to the filename you've provide before for SSL_CERT
--> change ssl_certificate_key to the filename you've provide before for SSL_KEY

$ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/proxy-pod.yaml

$ nano proxy-pod.yaml
--> change cert's hostPath to the location you have provided before---> change nginx-config's hostpath to the location where you've stored nginx.conf before (eg. /home/andremotz/nc-deployment/nginx.conf)
--> change nginx-logs' hostpath to a proper location

$ kubectl create -f proxy-pod.yaml

Now you should be able to point your browser to https://<yourserver> and see a new Nextcloud-instance, running on a super-hyper nextlevel-Kubernetes cluster, that you could use for further cool stuff πŸ˜‰

Final hint:
Disable swap permanently – add a comment to the /etc/fstab – swap entry like this:

#/swap.img none swap sw 0 0

That’s it!! πŸ˜‰

Nextcloud-Docker on Kubernetes-cluster + SSL certificates

Folks, this has taken me ages (ok to be honest – three weeks, which is still a lot ;-)) to get up and running. But finally, I have made it and learned a lot about Docker, Docker-Compose, Nginx and Kubernetes of course.


Summary

In this post I am showing how to set up a Nextcloud on Kubernetes + Ubuntu 18.04. I am running a Nextcloud-instance on a public VM to sync stuff with my phone. Another one (with more data) is only accessible via my LAN/VPN. The first one I am encrypting via Let’s Encrypt (open todo!) and the 2nd one via self-signed certificates.

The stacks are set up via Kubernetes to be able to scale horizontally in the future, since I had to live with some performance-issues in the past. GitHub – andremotz – nextcloud-kubernetes Continue reading Nextcloud-Docker on Kubernetes-cluster + SSL certificates

Homeserver update: The ultimate backup-system

A couple of months my primary harddisk of my Homeserver crashed. As a result I lost the main system which was Windows Home Server. I didn’t want to set up everything again because I thought there will be the same case again – harddrives are born to die sooner or later. So I decided I to set up a more agile system that I can back up easy. A system that can boot up from an attached USB flash drive. So I switched over to Ubuntu Server. Continue reading Homeserver update: The ultimate backup-system

DIY GNU/Linux Firewall, Router & Gateway

Once again I had to use my Geek-genes to solve a bunch of problems with a kind of fly flap: A Do It Yourself GNU/Linux Firewall, Router and Gateway for the home network. While most people do not seem to have problems with these tiny little routers and Wifi-Access Points that they get from their Internet Carrier, I recognized that the number of connection-issues correlates with the number of Computers and mobilephones you have at home.

A dedicated machine acts the primary gateway for all devices and allows remote connections via OpenVPN, which is really useful: I can backup my Laptop via Internet πŸ™‚ It took me several days to get it up and running, but that project pushed my Linux and networking-skills beyond somewhere they never have been before and our network issuses have been solved.

Computer hardware is really cheap these days so I could by a kind of high-end equipment for its tasks. An IBM eServe 336 costs me around € 60 on eBay plus shipping from Germany and that bit of hardware (Dual GBit NICs !, SCSI Raid-1 !!, Intel Xeon 3 GHZ !11) should work at least for the next ten years.

Windows Home Server + Mac Backup

Finally I want to show the world a projects that I was working on in my spare time for two years now. Due to the fact that the number of computers at home increased in the past few years, a backup-solution is obsolete.

I have chosen Windows Home Server to backup two already running Windows-machines and three Macs. While the integrated backup-routine for connected Windows-machines works very well, I had to think of a solution for the Macs. Apple’s Time Machine only accepts local hard disks but no remote connections, so they have sales arguments for their Time Capsule-product. Continue reading Windows Home Server + Mac Backup