Thanks for the guide, I got this one working over the other guide. Though it seems like: 1. You get this prompt about HSTS which wasn't discussed: The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗. 2. There are other issues that the redirects didn't resolve: - Your web server is not properly set up to resolve "/.well-known/webfinger". - Your web server is not properly set up to resolve "/.well-known/nodeinfo".
Same here. For #1, I believe the HSTS issue isn't so much a problem, considering that Cloudflare Tunnel enforces HTTPS at their end, not on the client. My understanding (and I could be wrong) is that the way to resolve this is by generating a cert from let'sencrypt or somewhere and having that handshake happen on a reverse proxy manager's end, like NPM. I'm not 100%, but I inferred as much from a GitHub post.
I love that you made this video. It's a great practical demo of how to setup cloudflared tunnels! However, I would like to warn you as well as people reading the comments that those Apache settings are dangerous! They're basically enabling a slow-loris attack, a very simple and affective DOS wherein the attacker bogs down your server by choking it it with a few long-running bogus requests. If you wish to upload large files to your Nextcloud server, I recommend leaving the Apache settings as-is and using the desktop sync client, as it will break them intelligently into smaller chunks for upload. The browser client isn't setup to do this (AFAIK).
Man, you rock....have been messing with nextcloud for a while and though I like it, setup has always been hit or miss, this one finally has all the right markers and get to use it with tunnels. You are a champ as always.
You don't actually need to redeploy the container to change the restart policy. Just go into the container, find the restart policies section and change it, then hit update. For me, so far, this has always worked. But thanks for this great info, helped me out immensely!
I'm so grateful for this video. I'm a newbie to this; I only wanted a cloud server. Without this video, It would've been nearly impossible. I really appreciate your effort, thanks so much.
Man! Thank you so much for this video and all your knowledge! I have like 3 weeks fighting with NGINX, firewalls, stacks, etc... and now finally with this solution everythong is working as intended! I'm already a Patreon but is nothing for all the stuffs you do and teach us! Thank you again! (Sorry for my english, is my second language).
Wow! I wasn't even aware that there is something called cloudflare tunnel. Seems like a great solution compared to port forwarding and lesser headaches! Thanks as always.
This is a great video, thank you very much. I struggled for days to get this working the way you go through it (makes it look easy). But my setup, which I thought was similar to yours, really was not because my home lab did not have the DSL router in bridge mode. I am using the Bell HH4000 and the only way I could figure to get it into bridge mode was to buy a NetGear pfsense firewall and configure my HH4000 with the DMZ advanced mode. I am hoping my days of struggling and learning helps someone. I also forgot to open the UFW port 8080 on my host.
I can confirm the 100mb limitation is there. For some reason if you upload via web interface it works but if you use the nextcloud client or WebDAV it stops as soon as the file hits 100mb. More investigation is needed. P.s. I confirmed with cloudflare documentation. All HTTP POST request size is limited to 100mb on the free plan..So if you use the desktop client ( WebDAV based) or any other WebDAV client , and need to upload large files this method is not for you. If you only use the web interface you should be fine !
Thank you for the video , has fixed some of my older problems . for some reason the background jobs are not executing and uptimekoma is runnning and up
you are very smart, and have a lot of information, unfortunately your communication is tailored to "other" people that are not me, i've seen and re-seen your videos and still do not understand what your doing. thanks for sharing, and hopefully one day i can understand what you are saying
Hi David, longtime viewer, love your videos. Have you ever tried maximizing next cloud storage capacity to use external storage like say an attached storage on your OMV setup or even a network attached drive on the network?
hey, how did you do the steps that involved portainer? (ex: editing the config file) since I'm running into issues when adding the overwriteprotocol and etc. did you add any mysql info when setting up nextcloud and how? (I used the docker route and was wondering if mysql needed setting up or something)
FYI to anyone, when you set up your cloudflare and put force policy HTTP to HTTPs, do not put overwriteprotocol to HTTPS in config.ini. It would cause infinite loop of redirect.
Any chance this video can be rebuilt for NextCloud All in One? The docker compose file isn't the same and it runs an https validation before component install. Also, once NextCloud is up and running, how do you add more storage after the fact?
Hey Thanks for this tutorial. Followed it but I still have some warnings. 1. Strict Transport Security HTTP header is not set to at least "15552000" seconds 2. Your web server is not properly set up to resolve "/.well-known/webfinger" 3. Your web server is not properly set up to resolve "/.well-known/nodeinfo" I don't know why it's throwing out this issue, I saw the right commands on the config.php file and when you visit the url it works.
Hi Are you planning for updating this for Nextcloud All in One? It is quite different than this version and it is recommended installation method. Thanks for your videos
Wanna know what I as an individual who is into order appreciate? Consistency.. Know what I didn't get here when attempting to pair up your video docker-compose file with the companion one on your website? Oh yeah, that's right.... Consistency... Everything was all swapped around. I speak for all of us when I say that I appreciate that.
Great job, even in 2024 this is still relevant. Worked perfect with all the latest versions. Can you explain how one would add my unraid shares, array or even a pool disk? I have a large doc file already on my array and would like to access them from nextcloud. Thanks again.
Thanks for the great video! I'm kind of new to all this and was wondering why you don't need to specify PUID and PGID in the docker compose? I've seen in all the linuxserver docker stacks that they use 1000 for "easy user mappings"
have you had the issue?: "Your data directory and files are probably accessible from the internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root." if so, how did you fix it?
Hey! I've followed the steps in this video to setup a Nextcloud instance using Docker and Portainer. I'm using Cloudflare Tunnel to access it on the internet, but I'm unable to use video calls in Nextcloud Talk because it needs a Turn Server. Could you please make a video on how to set that up in Docker using Portainer?
How do you deal with cloudflare shutting down your account for violating the ToS? The user agreement specifically states that cloudflare is to be used to host web pages etc. and file transfer, as well as streaming via cloudflare will result in them suspending your account.
So if I follow all these steps mentioned in the video, I should able to to access my nextcloud setup on mobile app outside my home network? is cloudflare is same like twingate?
First - Excellent TH-cam Channel. Did you really quick your day job to do TH-cam? Kudos to your vidio editor too. 🙂 My question is. I currently expose a random port on my firewall and then use Cloudflare Origin rule to rewrite 443 to the random rule that I have open on my firewall - then port Forward from random port to 443 to my Nginx proxy server. And now for the question. With CloudflarD Tunnels, do I still need Nginx? Cuz the last two times I installed this on my Docker it broke my RPI. Thank you and keep up the good work. Chris
Hey Chris! So..I didn't quit my day job so much as a medical incident in 2016 made is very difficult for me to go back to a "normal" job. So I started doing TH-cam in hopes to bring in an income. I'm just a one-man-show who work in a little corner of the house, coming up with video ideas, recording them, and then editing. To answer your question about port forwarding, Nginx Proxy Manager (NPM), CloudFlare tunnels, etc., I'm actually releasing a video about this tomorrow, but, to give a quick answer, you can use NPM with CloudFlare tunnels if you want to, but I've completely removed NPM from my homelab and use CloudFlare tunnels exclusively.
Thank you! But how about the 100mb cloudflare size limit? Can i do anything on server side? To upload big files with browser...? Instead of using nextcloud client and set chunksizes ...
What an awesome tutorial.. Sorry to be late... but.. how can i update nextcloud properly? Pulling latest image version from STACK or CONTAINER..? thankyou!
If you're using portainer, check out this video and it will give you an idea of how to easily update your containers. Just make sure you have a good backup strategy in place in case anything goes wrong.
Excellent video, only one thing, I did everything but I still got the HTTPS warning, even though I can access my site via a domain, the Nextcloud App stills marks it as insecure and somehow I'm unable to get the menu to display...
If I got it right you can use a cloudflare tunnel not only to access your services running on a server with their own domain without opening ports, but you can also get access to your own Home LAN to use, i.g, RDP, to fetch your files as you would do via a VPN like Wireguard and OpenVPN. It seems that you need such a WARP app and set another service on your cloudflare account. Any chance to get a new video tutorial about that? Thanks
Hi David, great tutorial How does this work with Navidrome, inparticular the app I have on my phone (symphonium). Or would I need to specify different rules specific to navidrome whic hallows the apps to connect?
Streaming is a violation of TOS for Cloudflare Tunnels. Symphonium will work great with Tailscale on your phone and media server, as long as you're not running a different VPN on your phone at the same time, which I think is not possible. Tailscale is also way easier to set up and connect than cloudflare tunnels. Just use the IP created in Tailscale for your server and add port for Navidrome as a media source in Symphonium.
Thanks for the great content again David. I took this a step forward and added the cloud flare tunnel as a container in my stack using the same network. here is the snippet that I got working with leantime as an app: version: '3.3' services: leantime_tunnel: container_name: leantime_tunnel image: 'cloudflare/cloudflared:latest' restart: unless-stopped command: tunnel run networks: - leantime-net environment: - TUNNEL_TOKEN=XXXXXX networks: leantime-net: external: false
This looks great! Something to keep in mind is that you can use a single Tunnel for multiple applications, so you don't need to deploy a tunnel for each application. I plan on making a video about this soon!
@@DBTechYT Thanks David! I experimented with this a bit with some of my self-hosted domains and I found that in Cloudflare tunnel configuration, for public hostnames, you can use the name of the container that hosts the target service instead of the server's IP! So in essence if you setup a docker-compose file and use a network, the container names will resolve in the tunnel for the hostname services. This is very helpful in the case you have a cluster (Swarm or Kubernetes) and your containers are spread across multiple nodes. I do agree that you can use a single tunnel for multiple apps. I am going to use a tunnel for each domain I self-host as they are a stack in portainer today. Keep up the great work. I learned a lot from your channel!
@@DBTechYT nice. yes I myself have one tunnel running with access to 6 apps so far and growing. This video finally got my nextcloud working but with one extra error than you that I am still working on so thank you. now I just need the exact same style video as this for home assistant and I'm golden! Thank you again!!
Dude, Thank you, finally got this working. Have the transactional file locking error, but I don't care. if ya care to suggest a way to solve it, with out having to redo everything, that woudl be great, but if not, Oh well!! Thanks again!! p.s. you move fast!! Only thing I have issue with is the php upload size did not change. limits at 586 mb or something like that, I did not use the same composer file as you tho and I don't think I am running the same database either!!! I don't know, I just know that I built a great composer file and you helped me get it all working. So there, as we say down south.... nevermind, I'll refrain and keep plugging at it. I am running progrese or something like that so if ya have any idea why the php upload size might not be changing with the .htaccess edit let me know, and thanks again. Great Vid!!!
Hi David love the tutorial... I have more questions than answers... I noticed that you had 2 instances of next-cloud running, of which they did not have the standard portainer IP schema. Did you use a MAC Vlan or did you just create a new IP schema for your docker containers. I'm asking because i have followed your instructions to the "T" and i am unable to get my cloud flare tunnel to successfully connect to my next-cloud. It works for a few of my other containers like grafana, and i IOT device i use to monitor the temp in my network room. I even went as far as changing my port from 8443 to 8080 and still the same error. Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.
I have a question. You live in USA and you edit the config file with default_phone_region=US. What should you do, if you don't live in US, e.g.: default_phone_region=AT for Austria or default_phone_region=DE for Germany?
Nice vid. I tried this with a cloudflare tunnel on unRAID. All my other Dockers work with my tunnel but I get a 400 error when using next cloud with the tunnel set to https and a 502 when using it with http. Has anyone ran into this issue and have a solution?
Hey! Greate video, I have loved watching clouflare tunnel stuff from you! I have a quick question though, whenever I set up my tunnel for Nextcloud I always get 502 on the connection, however if I change it to another service it works fine. I even tried to change the port of the nextcloud service but this issue still persists, do you have any idea what could be happening?
Which volume do I want for storage ?. I want to direct the storage to my 2TB drive but not sure which volume that would be for the stack ?. I see there's this volume directory: /home/docker/nextcloud/db:/var/lib/mysql then there's a bunch of other ones but I would guess you don't want to mess with those ?.
You're going to have to mount the 2TB drive on your system. I don't know what you're using, so you're going to have to sort that part first. Once you have the drive mounted, you can mount the volumes to that drive in whatever folder you want
Amazing video and i have been requested this quite some time now.. Finally you did it.. One question, Is there any bandwidth limitation on CloudFlare tunnel? Can I use it to upload download unlimited amount of data? I know its free but we do have to enter credit card details during setup.
You can use the free account with no CC info. People have said that they've encountered a 100mb limit in the NC desktop app, but not in the browser version as I showed
@@DBTechYT Cool Thanks.. I will try it out.. I guess it asked for my CC info when I was enabling Zero Access. Don't remember, I have not been charged yet though
Just found this amazing video but my issue is that I can now access my Nextcloud through Cloudflare tunnel, but the desktop and mobile app cannot. Do you know why that would be case?
Hi, nice tutorial, only have one problem, I set everything up and it works fine but upload speeds are terrible, it uploads everything, no matter the size, at less than 50 KB/s, the thing is that only happens if I use it through cloudflare tunnels, if I open my ports to access it directly (which I only did for testing, it's not something I'd like doing), the upload speeds are much higher, just what they should be, any ideas?
I actually received an email this morning asking about Outline. I'm definitely interested, but their documentation is awful. I'll dig into it a bit and see what I can come up with.
hello DBtech good video, I tried to do it but it is giving me the error "internal server error" already tried everything, delete the folder, fresh install and it does not work and if it works it comes out sql error
This isn't any more complicated and port forwarding and using a reverse proxy. And you don't have to port forward using this method, making your network a bit more secure from outside intruders
Hey buddy, thanks for the video. I was really looking forward for this video. I tried to edit my setup on my UnRaid server and got a 400 error message which is not a big deal. I think I might know what is the problem but I just need confirmation, do you advise to do a fresh install? I have OMV on a VM on Unraid and on my RPI4. Again I think video was good l.
I got my old Nextcloud to work using the same steps, only thing I had to change was from http to https and turn on one of the options on TLS which it was giving me a message saying server not reachable or refusing to connect.
@@edgardoirizarry9997 Can you expand on this or share your TLS solution? Currently trying to set this up on my Unraid and running into the Error 400 via HTTP and getting the cloudflare Bad gateway when doing HTTPS. Can't figure it out. Thanks!
at 8:56 in the video you say "Click here" and poof the nextcloud login screen is presented. What did you click to make that happen? I am not sure if you clicked on nextcloud-app or nextcloud-db and whether you clicked an icon or the 8080:80. Nothing I clicked seems to give the same result
you would click the ports next to the nextcloud-app. But, I'm guessing when you did that, it took you to 0.0.0.0:8080. If that's the case, watch this short: th-cam.com/users/shortsq6PimerKycI
Hello! Thanks so much for the tutorial! About the passwords, it sort of concerns me to have the mariadb key also printed on the dockercompose file. Is it possible to do it in a safer way? I guess if someone gets to peek my portainer/docker settings could hack into my db... or am I being too paranoid?
The likelihood of someone hacking into your portainer is pretty low unless your security is REALLY bad and you've made enemies with hacker types. That said, you could use a secrets file to hide all of your sensitive data
@@DBTechYT Thanks for replying. I was googling for this when I saw you replied. I'm a noob and just want to set up a nexctloud server but exposing it to public internet is freaking me out a little bit.
Can you get talk working while using a Cloudflare tunnel on NextCloud? I mean it works but no audio or video can make it off the network. I can not seem to find any docs on this.
Hey David, I am having issue with cronjobs as it says some jobs hav'nt run since ~5 days. Have you check your nextcloud if everything is working fine there?
here's what I would recommend for cron jobs. Set up an Uptime Kuma container. Then get your NextCloud cron job URL and have Uptime Kuma ping it periodically and that will run the cron jobs for you and keep things working better. I made a video talking about this technique at one point, but I don't remember what video it was in. You might check this video? th-cam.com/video/rj7DZdWMK2k/w-d-xo.html
@@DBTechYT yes here is the problem. As on the first day when I set it up, it was working as I followed your whole video including uptimekuma. Even now, the uptimekuma shows no errors but when I go to the Basic settings in nextcloud, there it says some jobs did not run since 6 days( the number of days since I installed the nextcloud). Is this just a message in raspberry pi or, is it really not working?
I mean, after couple of days it just start showing me that error everytime I install nextcloud. I use cron for cron jobs. Even though, if I try to change it to Ajax or webcron, it still give the same warning.
Then I would assume that something isn't running. I would look into your container logs and make sure that you have the right cron job setting configured in NextCloud and that you're using the right URL to ping periodically.
Hello! I have a problem. I can´t run the portainer console. Portainer have a error: Unable to retrieve image details. Do you know what is the problem? Thanks!
it seems an issue with docker itself I logged in to debian and used this command sudo apt install --allow-downgrades docker-ce=5:25.0.5-1~debian.12~bookworm
Any idea how to make Nextckoud Office or OpenOffice to work with this setup ? "Collabora Online - Built-in CODE Serve" or "Community Document Server " refuse to work.
I'm facing an issue, my public hostname gets me no where and just times out. My setup is: nextcloud running as a plugin on truenas. Installed the cloudflare agent on a VM running docker inside the truenas. Any ideias? I have tried everything
Hi, thank you very much for the tutorial! However, I always get the warning that the Strict-Transport-Security HTTP header is not configured to at least “15552000” and that I should enable HSTS. I already tried some tips involving the default-ssl.conf, but (probably because I'm using a cloudflare tunnel) it is not working. Do you know how to fix this problem?
I am having this same issue and I am looking for a solution as well. Apparently I need to add something that looks like this: add_header Strict-Transport-Security "max-age=15552000"; to some config somewhere but still searching for the answer for now.
@@CozyTek I already tried something like that, but the problem appears to be that the container is without SSL. However, I was able to fix this problem by enabling HSTS in the Cloudflare SSL settings. So far, it seems to work as the error message is gone.
I'm currently trying to run this, but when I try to connect to my nextcloud using the cloudflare tunnel, it runs so slow. I runs perfectly when I use the my.local.ip:port locally. please help!
@@DBTechYT with this replacing nginx proxy manager how does this interact with tutorials for vault warden? Or is this one of those things where for that you probably would want to port forward?
I was hoping I could find a solution to my problem. I have Nextcloud running behind a reverse proxy and no exposed ports on the container. I'm able to get to it through the internal domain I set up the proxy rule for but using my Cloudflare tunnel external domain causes it to redirect to the internal one which means I can't access it from outside my network. I don't have an issue with the other services I have running through a Cloudflare tunnel and it seems to be something specific with Nextcloud that I'd like to either disable or configure to work with Cloudflare. I was hoping this video would help but DBTech isn't running behind a reverse proxy and in fact I never even get the error about an untrusted domain.
If you don't want to open ports on your network and you want the security of CloudFlare protecting you, you use CloudFlare Tunnels. If you want everything on-premises with a bit more work on your side, you use Nginx Proxy Manager
@@DBTechYT actually I'd appreciate a video then about how to integrate authelia. I'm using it to secure photoprism as it does not offer 2FA yet. It works on NPM, but the process to integrate it into Cloudflare tunnel seems fairly complex 🙄
I have a similar setting with cloudflare tunnel, but I can not get the real IP addresses when someone tries to logging into my cloud. So it's a security issue. There is a way to fix it without reverseproxymanager?
Editing the file for caldav was good but when I updated, obviously, nextcloud wiped what I did in this file. I don't want to update this file everytime so I don' t know if there's a definitive solution.
New subscriber here, very cool video! I followed the instruction and i can now access nextcloud from the internet, but i get SSL_ERROR_RX_RECORD_TOO_LONG (on firefox) while trying to access it with the local ip. (I want local access to transfer files faster)
Just in case anyone has this issue it means you are not attempting to connect to the site via the cloudflare tunnel and rather the service IP. Try again but with the cloudflare domain, hope this helps.
Hi, i was following your guide and was very clear however i am not able to connect next cloud with cloudeflare tunnel , i got all the time " argo tunnel 400 bad request the plain http request was sent to https port" i also tried to reinstall next cloud . It is very strange because is perfectly working with NiginxProxyManage. I would like to close the port open for it Do you have any suggestion how to solve ?
Hello, just on this I have no issue getting your set up however I cant get this working with the app? It says theres a malformed server config, I dont knnow what that refers to althoguh
Starting at 16:00, modifying config file doesn't seem to be the best solution for this. Isn't the image going to be rebuilt when a new version comes out? Meaning your config changes will be overwritten by the default values after updating nextcloud?
That's absolutely a concern. If you want to prevent your config customizations from being overwritten, you can create your own config file somewhere on the server and then map its location to the location of the config file in the container via the volumes section. Something like: - /path/to/custom/config.php:/path/to/config/in/the/container/config.php
According to nextcloud documentation, to update to the next version you have to remove the previous nextcloud container, and doing so you lose the apache configuration (caldav etc.). Is there some way to make this configuration persistent or to embend it in the compose file?
You should be able to pull the new version of the container, stop your existing container, and then bring the container back up and it should use the new version. The only reason it wouldn't do that is if your docker-compose has a specific verison in it rather than :latest
![BOWKYLION - วิงวอน (ex-change) [Official MV]](http://i.ytimg.com/vi/cLdnZWDaO-w/mqdefault.jpg)
Thanks for the guide, I got this one working over the other guide.
Though it seems like:
1. You get this prompt about HSTS which wasn't discussed: The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.
2. There are other issues that the redirects didn't resolve:
- Your web server is not properly set up to resolve "/.well-known/webfinger".
- Your web server is not properly set up to resolve "/.well-known/nodeinfo".
did you find a solution for it?
Same here. For #1, I believe the HSTS issue isn't so much a problem, considering that Cloudflare Tunnel enforces HTTPS at their end, not on the client. My understanding (and I could be wrong) is that the way to resolve this is by generating a cert from let'sencrypt or somewhere and having that handshake happen on a reverse proxy manager's end, like NPM. I'm not 100%, but I inferred as much from a GitHub post.
Hi, Did you find any solution for that issues?, is not quite clear on the video this 2 points. Regards
I love that you made this video. It's a great practical demo of how to setup cloudflared tunnels!
However, I would like to warn you as well as people reading the comments that those Apache settings are dangerous! They're basically enabling a slow-loris attack, a very simple and affective DOS wherein the attacker bogs down your server by choking it it with a few long-running bogus requests.
If you wish to upload large files to your Nextcloud server, I recommend leaving the Apache settings as-is and using the desktop sync client, as it will break them intelligently into smaller chunks for upload. The browser client isn't setup to do this (AFAIK).
Man, you rock....have been messing with nextcloud for a while and though I like it, setup has always been hit or miss, this one finally has all the right markers and get to use it with tunnels. You are a champ as always.
Thanks!! I appreciate that and hope this is helpful for you!
You don't actually need to redeploy the container to change the restart policy. Just go into the container, find the restart policies section and change it, then hit update. For me, so far, this has always worked. But thanks for this great info, helped me out immensely!
I'm so grateful for this video. I'm a newbie to this; I only wanted a cloud server. Without this video, It would've been nearly impossible. I really appreciate your effort, thanks so much.
Glad it helped!
Hey David, thanks for this video. Can you please explain the "fixing caldav" part? I didn't understand what you do on this part. Thank you in advance.
Thank you so much for sharing this! You made my deployment way a lot easier. Appreciate your time and effort!
Man! Thank you so much for this video and all your knowledge! I have like 3 weeks fighting with NGINX, firewalls, stacks, etc... and now finally with this solution everythong is working as intended! I'm already a Patreon but is nothing for all the stuffs you do and teach us! Thank you again! (Sorry for my english, is my second language).
Wow! I wasn't even aware that there is something called cloudflare tunnel. Seems like a great solution compared to port forwarding and lesser headaches! Thanks as always.
Glad it helped!
@@DBTechYT will Cloudflare tunnel fix double nat issues?
@@raylab77 Yes. I'm CGNATed, and Cloudlflare tunnelling gets around it (via a domain name).
@@raylab77 yes
This is a great video, thank you very much. I struggled for days to get this working the way you go through it (makes it look easy). But my setup, which I thought was similar to yours, really was not because my home lab did not have the DSL router in bridge mode. I am using the Bell HH4000 and the only way I could figure to get it into bridge mode was to buy a NetGear pfsense firewall and configure my HH4000 with the DMZ advanced mode. I am hoping my days of struggling and learning helps someone. I also forgot to open the UFW port 8080 on my host.
I can confirm the 100mb limitation is there. For some reason if you upload via web interface it works but if you use the nextcloud client or WebDAV it stops as soon as the file hits 100mb. More investigation is needed.
P.s. I confirmed with cloudflare documentation. All HTTP POST request size is limited to 100mb on the free plan..So if you use the desktop client ( WebDAV based) or any other WebDAV client , and need to upload large files this method is not for you. If you only use the web interface you should be fine !
yep, nginx proxy manager with lets encrypt doesnt have this issue.
I’m glad I watched enough of the video to hear this is a OMV video. I’ve been searching for this exact content. Thank you sir
Glad it was helpful!
I was just looking for this last night, and you posted this today. Crazy! Obliterating that like button! 😃
That 'overwriteprotocol' setting saved my day, many thanks, sir!
Thank you for the video , has fixed some of my older problems .
for some reason the background jobs are not executing and uptimekoma is runnning and up
Thank you so much for the video, it helped me a lot. It's people like you that make the world a smarter place.
you are very smart, and have a lot of information, unfortunately your communication is tailored to "other" people that are not me, i've seen and re-seen your videos and still do not understand what your doing. thanks for sharing, and hopefully one day i can understand what you are saying
This video was super helpful in getting my NextCloud setup with access through Cloudflare tunnels. Liked and tip sent.
Cool, thanks!
Hi David, longtime viewer, love your videos. Have you ever tried maximizing next cloud storage capacity to use external storage like say an attached storage on your OMV setup or even a network attached drive on the network?
Super great tutorial, I setup with just docker instead of portainer with it and still found this super helpful. Thanks!
hey, how did you do the steps that involved portainer? (ex: editing the config file) since I'm running into issues when adding the overwriteprotocol and etc.
did you add any mysql info when setting up nextcloud and how? (I used the docker route and was wondering if mysql needed setting up or something)
@@migii3127 I didnt use portainer or mysql at all since my deployment is for small personal use
Thanks for the video, I was struggling with this for an embarrassing amount of time. Thank you so much!
Wow dude. Thank you. I was struggling so much deploying this. And your guide helped me out so so much. Thanks a ton mate. I learnt a bit too.
FYI to anyone, when you set up your cloudflare and put force policy HTTP to HTTPs, do not put overwriteprotocol to HTTPS in config.ini. It would cause infinite loop of redirect.
Any chance this video can be rebuilt for NextCloud All in One? The docker compose file isn't the same and it runs an https validation before component install. Also, once NextCloud is up and running, how do you add more storage after the fact?
Hey Thanks for this tutorial.
Followed it but I still have some warnings.
1. Strict Transport Security HTTP header is not set to at least "15552000" seconds
2. Your web server is not properly set up to resolve "/.well-known/webfinger"
3. Your web server is not properly set up to resolve "/.well-known/nodeinfo"
I don't know why it's throwing out this issue, I saw the right commands on the config.php file and when you visit the url it works.
Get the same errors. Have you ever been able to solve them?
Did u get the solution for problems 2 and 3 ?
thanks for the info as always. how do you go about resolving the webfinger/nodeinfo redirects afterwards?
Hi
Are you planning for updating this for Nextcloud All in One? It is quite different than this version and it is recommended installation method. Thanks for your videos
Cool, exactly what I was looking to learn today. Please tell me the mail passwords have been amended since this from config.php though?
Great to hear!! And, yes, the passwords have been revoked/changed :)
Wanna know what I as an individual who is into order appreciate? Consistency.. Know what I didn't get here when attempting to pair up your video docker-compose file with the companion one on your website? Oh yeah, that's right.... Consistency... Everything was all swapped around. I speak for all of us when I say that I appreciate that.
Great job, even in 2024 this is still relevant. Worked perfect with all the latest versions. Can you explain how one would add my unraid shares, array or even a pool disk? I have a large doc file already on my array and would like to access them from nextcloud. Thanks again.
Glad this video was helpful. Unfortunately I've got no experience with Unraid, so I'm unable to help with that :(
Great video. can you show how to use multiple apps on the same cloudflare tunnel? Thank you.
I'm interested in it too
Click on your tunnel > Configure > Public Hostname > add public hostname
Thanks for the great video! I'm kind of new to all this and was wondering why you don't need to specify PUID and PGID in the docker compose? I've seen in all the linuxserver docker stacks that they use 1000 for "easy user mappings"
It defaults to UID & GID 33 on most Linux systems for the default `www-data` user used by apache2
have you had the issue?:
"Your data directory and files are probably accessible from the internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root."
if so, how did you fix it?
Do you have an example of what it looks like or to setup the docker volume share path? Example I would want to use my NAS. Thank you for your videos.
keep it up with these docker image tutorials!!!!!
Hey! I've followed the steps in this video to setup a Nextcloud instance using Docker and Portainer. I'm using Cloudflare Tunnel to access it on the internet, but I'm unable to use video calls in Nextcloud Talk because it needs a Turn Server. Could you please make a video on how to set that up in Docker using Portainer?
Please show us how to enable ssl on nextcloud with cloudflare ssl certificates.
I figured this out and using ssl on cloudflare tunnel on nextcloud
How do you deal with cloudflare shutting down your account for violating the ToS? The user agreement specifically states that cloudflare is to be used to host web pages etc. and file transfer, as well as streaming via cloudflare will result in them suspending your account.
they removed that ToS..
Hi! Thanks for this video. Will all the customisations done to the container remain after image update?
So if I follow all these steps mentioned in the video, I should able to to access my nextcloud setup on mobile app outside my home network?
is cloudflare is same like twingate?
First - Excellent TH-cam Channel. Did you really quick your day job to do TH-cam? Kudos to your vidio editor too. 🙂 My question is. I currently expose a random port on my firewall and then use Cloudflare Origin rule to rewrite 443 to the random rule that I have open on my firewall - then port Forward from random port to 443 to my Nginx proxy server. And now for the question. With CloudflarD Tunnels, do I still need Nginx? Cuz the last two times I installed this on my Docker it broke my RPI. Thank you and keep up the good work.
Chris
Hey Chris! So..I didn't quit my day job so much as a medical incident in 2016 made is very difficult for me to go back to a "normal" job. So I started doing TH-cam in hopes to bring in an income. I'm just a one-man-show who work in a little corner of the house, coming up with video ideas, recording them, and then editing.
To answer your question about port forwarding, Nginx Proxy Manager (NPM), CloudFlare tunnels, etc., I'm actually releasing a video about this tomorrow, but, to give a quick answer, you can use NPM with CloudFlare tunnels if you want to, but I've completely removed NPM from my homelab and use CloudFlare tunnels exclusively.
Thank you!
But how about the 100mb cloudflare size limit? Can i do anything on server side? To upload big files with browser...?
Instead of using nextcloud client and set chunksizes ...
What an awesome tutorial.. Sorry to be late... but.. how can i update nextcloud properly? Pulling latest image version from STACK or CONTAINER..? thankyou!
If you're using portainer, check out this video and it will give you an idea of how to easily update your containers. Just make sure you have a good backup strategy in place in case anything goes wrong.
@@DBTechYT Thanks for the tip! I will check!
I followed the tutorial and I was able to get it up and running on a Orange Pi 5 with Ubuntu server and M 2 SSD
Excellent video, only one thing, I did everything but I still got the HTTPS warning, even though I can access my site via a domain, the Nextcloud App stills marks it as insecure and somehow I'm unable to get the menu to display...
If I got it right you can use a cloudflare tunnel not only to access your services running on a server with their own domain without opening ports, but you can also get access to your own Home LAN to use, i.g, RDP, to fetch your files as you would do via a VPN like Wireguard and OpenVPN. It seems that you need such a WARP app and set another service on your cloudflare account. Any chance to get a new video tutorial about that? Thanks
Hi David, great tutorial
How does this work with Navidrome, inparticular the app I have on my phone (symphonium). Or would I need to specify different rules specific to navidrome whic hallows the apps to connect?
Streaming is a violation of TOS for Cloudflare Tunnels. Symphonium will work great with Tailscale on your phone and media server, as long as you're not running a different VPN on your phone at the same time, which I think is not possible. Tailscale is also way easier to set up and connect than cloudflare tunnels. Just use the IP created in Tailscale for your server and add port for Navidrome as a media source in Symphonium.
Thanks for the great content again David. I took this a step forward and added the cloud flare tunnel as a container in my stack using the same network. here is the snippet that I got working with leantime as an app:
version: '3.3'
services:
leantime_tunnel:
container_name: leantime_tunnel
image: 'cloudflare/cloudflared:latest'
restart: unless-stopped
command: tunnel run
networks:
- leantime-net
environment:
- TUNNEL_TOKEN=XXXXXX
networks:
leantime-net:
external: false
This looks great! Something to keep in mind is that you can use a single Tunnel for multiple applications, so you don't need to deploy a tunnel for each application. I plan on making a video about this soon!
@@DBTechYT Thanks David! I experimented with this a bit with some of my self-hosted domains and I found that in Cloudflare tunnel configuration, for public hostnames, you can use the name of the container that hosts the target service instead of the server's IP! So in essence if you setup a docker-compose file and use a network, the container names will resolve in the tunnel for the hostname services. This is very helpful in the case you have a cluster (Swarm or Kubernetes) and your containers are spread across multiple nodes.
I do agree that you can use a single tunnel for multiple apps. I am going to use a tunnel for each domain I self-host as they are a stack in portainer today.
Keep up the great work. I learned a lot from your channel!
@@DBTechYT nice. yes I myself have one tunnel running with access to 6 apps so far and growing. This video finally got my nextcloud working but with one extra error than you that I am still working on so thank you. now I just need the exact same style video as this for home assistant and I'm golden! Thank you again!!
that one tunnel even gives me access to my synology NAS. ;)
Dude, Thank you, finally got this working. Have the transactional file locking error, but I don't care. if ya care to suggest a way to solve it, with out having to redo everything, that woudl be great, but if not, Oh well!! Thanks again!!
p.s. you move fast!! Only thing I have issue with is the php upload size did not change. limits at 586 mb or something like that, I did not use the same composer file as you tho and I don't think I am running the same database either!!! I don't know, I just know that I built a great composer file and you helped me get it all working. So there, as we say down south.... nevermind, I'll refrain and keep plugging at it. I am running progrese or something like that so if ya have any idea why the php upload size might not be changing with the .htaccess edit let me know, and thanks again. Great Vid!!!
Hi David love the tutorial... I have more questions than answers... I noticed that you had 2 instances of next-cloud running, of which they did not have the standard portainer IP schema. Did you use a MAC Vlan or did you just create a new IP schema for your docker containers. I'm asking because i have followed your instructions to the "T" and i am unable to get my cloud flare tunnel to successfully connect to my next-cloud. It works for a few of my other containers like grafana, and i IOT device i use to monitor the temp in my network room. I even went as far as changing my port from 8443 to 8080 and still the same error.
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Having a similar issue did you ever find a fix?
I have a question. You live in USA and you edit the config file with default_phone_region=US. What should you do, if you don't live in US, e.g.: default_phone_region=AT for Austria or default_phone_region=DE for Germany?
Change it match your region
Nice vid. I tried this with a cloudflare tunnel on unRAID. All my other Dockers work with my tunnel but I get a 400 error when using next cloud with the tunnel set to https and a 502 when using it with http.
Has anyone ran into this issue and have a solution?
I'm Having the same issue, please let me know if you found a solution, I've been working at this for a couple days now, running on TrueNAS Scale
@@Joe1038hsame issue, also on truenas scale. ever find a solution?
Thank you David. This video helped me a lot.
What SSL/TLS encryption mode are you using?
do you have video for the update with nextcloud aio docker compose?
Hey! Greate video, I have loved watching clouflare tunnel stuff from you! I have a quick question though, whenever I set up my tunnel for Nextcloud I always get 502 on the connection, however if I change it to another service it works fine. I even tried to change the port of the nextcloud service but this issue still persists, do you have any idea what could be happening?
I have this same issue.
did you ever find a fix?
9:46 When you installed recommended app, will it make nextcloud container same as nextcloud/all-in-one docker images?
Which volume do I want for storage ?. I want to direct the storage to my 2TB drive but not sure which volume that would be for the stack ?.
I see there's this volume directory: /home/docker/nextcloud/db:/var/lib/mysql
then there's a bunch of other ones but I would guess you don't want to mess with those ?.
You're going to have to mount the 2TB drive on your system. I don't know what you're using, so you're going to have to sort that part first. Once you have the drive mounted, you can mount the volumes to that drive in whatever folder you want
Amazing video and i have been requested this quite some time now.. Finally you did it.. One question, Is there any bandwidth limitation on CloudFlare tunnel? Can I use it to upload download unlimited amount of data? I know its free but we do have to enter credit card details during setup.
You can use the free account with no CC info. People have said that they've encountered a 100mb limit in the NC desktop app, but not in the browser version as I showed
@@DBTechYT Cool Thanks.. I will try it out.. I guess it asked for my CC info when I was enabling Zero Access. Don't remember, I have not been charged yet though
@@DBTechYT As far as I can see, to create the Tunnel, I must chose a plan. And even if I chose the 0$ plan, they ask us to enter cc
Could you please hit ctrl+ a few times to increase the zoom level of your browser shots.
TNX MAN VERY BEST NEXTCLOUD SETUP CLOUDFLARE CONFİGURE VİDEO TNX TNX TNX ♫ ♥
Just found this amazing video but my issue is that I can now access my Nextcloud through Cloudflare tunnel, but the desktop and mobile app cannot. Do you know why that would be case?
Hi, nice tutorial, only have one problem, I set everything up and it works fine but upload speeds are terrible, it uploads everything, no matter the size, at less than 50 KB/s, the thing is that only happens if I use it through cloudflare tunnels, if I open my ports to access it directly (which I only did for testing, it's not something I'd like doing), the upload speeds are much higher, just what they should be, any ideas?
Can you do a video on installing Outline Wiki with docker and NOT Slack auth? I'm having a hell of a time with it.
I actually received an email this morning asking about Outline. I'm definitely interested, but their documentation is awful. I'll dig into it a bit and see what I can come up with.
@@DBTechYT I know, right! Appreciate it!
THANK YOU !!!! I was googling for hours on how to address the "trusted _domains" issue. Love you content David
Thanks for the video, it help me a lot
hello DBtech good video, I tried to do it but it is giving me the error "internal server error" already tried everything, delete the folder, fresh install and it does not work and if it works it comes out sql error
Did you try Talk function? Because cloudflare is not allowing traffic for STUN ports..
I have something hundred percent running perfect never fails ...best ever BUT i need to change it around to something pretty complicated...
This isn't any more complicated and port forwarding and using a reverse proxy. And you don't have to port forward using this method, making your network a bit more secure from outside intruders
Hey buddy, thanks for the video. I was really looking forward for this video. I tried to edit my setup on my UnRaid server and got a 400 error message which is not a big deal. I think I might know what is the problem but I just need confirmation, do you advise to do a fresh install? I have OMV on a VM on Unraid and on my RPI4. Again I think video was good l.
I've heard mixed results when doing this on RPi, but haven't tested it for myself. I probably should just so I can verify everything.
@@DBTechYT I will do a fresh install, that way everything goes smoothly. Thanks buddy keep the good work.
I got my old Nextcloud to work using the same steps, only thing I had to change was from http to https and turn on one of the options on TLS which it was giving me a message saying server not reachable or refusing to connect.
@@edgardoirizarry9997 Can you expand on this or share your TLS solution? Currently trying to set this up on my Unraid and running into the Error 400 via HTTP and getting the cloudflare Bad gateway when doing HTTPS. Can't figure it out. Thanks!
Anybody figure this out? I also get the 400 error. All other Dockers in unRAID work with the tunnel. Next cloud gives a 400 error.
Cloudflare tunnels not showing anymore.
This is an old video. It's still in the dashboard under a different header in the menu
at 8:56 in the video you say "Click here" and poof the nextcloud login screen is presented. What did you click to make that happen? I am not sure if you clicked on nextcloud-app or nextcloud-db and whether you clicked an icon or the 8080:80. Nothing I clicked seems to give the same result
you would click the ports next to the nextcloud-app. But, I'm guessing when you did that, it took you to 0.0.0.0:8080. If that's the case, watch this short: th-cam.com/users/shortsq6PimerKycI
Very helpful, thank you very much!!
Hi, would there be any issues with cloudflare tunnel t&c if I mainly used nextcloud to backup photos & videos?
how to access home assistant from outside local network running home assistant on a docker container with no add ons
Hello! Thanks so much for the tutorial!
About the passwords, it sort of concerns me to have the mariadb key also printed on the dockercompose file. Is it possible to do it in a safer way? I guess if someone gets to peek my portainer/docker settings could hack into my db... or am I being too paranoid?
The likelihood of someone hacking into your portainer is pretty low unless your security is REALLY bad and you've made enemies with hacker types. That said, you could use a secrets file to hide all of your sensitive data
@@DBTechYT Thanks for replying. I was googling for this when I saw you replied. I'm a noob and just want to set up a nexctloud server but exposing it to public internet is freaking me out a little bit.
Can you get talk working while using a Cloudflare tunnel on NextCloud? I mean it works but no audio or video can make it off the network. I can not seem to find any docs on this.
Thanks for this. Quick question. I have set next cloud up on my TruNas Scale server. Would the cloud flare tunnel access work for this.
It should
@@DBTechYT thanks David. I will give this a go when I get home from work toaday
Hey David, I am having issue with cronjobs as it says some jobs hav'nt run since ~5 days. Have you check your nextcloud if everything is working fine there?
here's what I would recommend for cron jobs. Set up an Uptime Kuma container. Then get your NextCloud cron job URL and have Uptime Kuma ping it periodically and that will run the cron jobs for you and keep things working better. I made a video talking about this technique at one point, but I don't remember what video it was in. You might check this video? th-cam.com/video/rj7DZdWMK2k/w-d-xo.html
@@DBTechYT yes here is the problem. As on the first day when I set it up, it was working as I followed your whole video including uptimekuma. Even now, the uptimekuma shows no errors but when I go to the Basic settings in nextcloud, there it says some jobs did not run since 6 days( the number of days since I installed the nextcloud). Is this just a message in raspberry pi or, is it really not working?
I mean, after couple of days it just start showing me that error everytime I install nextcloud. I use cron for cron jobs. Even though, if I try to change it to Ajax or webcron, it still give the same warning.
Then I would assume that something isn't running. I would look into your container logs and make sure that you have the right cron job setting configured in NextCloud and that you're using the right URL to ping periodically.
@@DBTechYT Alright. Then where should I share my logs with you?
Hello! I have a problem. I can´t run the portainer console. Portainer have a error: Unable to retrieve image details. Do you know what is the problem? Thanks!
it seems an issue with docker itself I logged in to debian and used this command
sudo apt install --allow-downgrades docker-ce=5:25.0.5-1~debian.12~bookworm
i spent 3 hours looking for a fix and that's the solution so far
Any idea how to make Nextckoud Office or OpenOffice to work with this setup ? "Collabora Online - Built-in CODE Serve" or "Community Document Server " refuse to work.
Will those setting stay persistent if you update your NextCloud container??
I'm facing an issue, my public hostname gets me no where and just times out.
My setup is: nextcloud running as a plugin on truenas. Installed the cloudflare agent on a VM running docker inside the truenas.
Any ideias? I have tried everything
Hi, thank you very much for the tutorial! However, I always get the warning that the Strict-Transport-Security HTTP header is not configured to at least “15552000” and that I should enable HSTS. I already tried some tips involving the default-ssl.conf, but (probably because I'm using a cloudflare tunnel) it is not working. Do you know how to fix this problem?
I am having this same issue and I am looking for a solution as well. Apparently I need to add something that looks like this: add_header Strict-Transport-Security "max-age=15552000"; to some config somewhere but still searching for the answer for now.
@@CozyTek I already tried something like that, but the problem appears to be that the container is without SSL. However, I was able to fix this problem by enabling HSTS in the Cloudflare SSL settings. So far, it seems to work as the error message is gone.
I'm currently trying to run this, but when I try to connect to my nextcloud using the cloudflare tunnel, it runs so slow. I runs perfectly when I use the my.local.ip:port locally. please help!
Can we use cloudflare tunnels along with Nginx PM? If so, could you please make a video about it? Thanks
This replaces NPM
@@DBTechYT with this replacing nginx proxy manager how does this interact with tutorials for vault warden? Or is this one of those things where for that you probably would want to port forward?
Has anyone gotten a 502 bad gateway error? I followed everything in the video but still getting the 502. I'm using a raspberry pi.
same here. not sure what Im doing wrong lol
I was hoping I could find a solution to my problem. I have Nextcloud running behind a reverse proxy and no exposed ports on the container. I'm able to get to it through the internal domain I set up the proxy rule for but using my Cloudflare tunnel external domain causes it to redirect to the internal one which means I can't access it from outside my network. I don't have an issue with the other services I have running through a Cloudflare tunnel and it seems to be something specific with Nextcloud that I'd like to either disable or configure to work with Cloudflare. I was hoping this video would help but DBTech isn't running behind a reverse proxy and in fact I never even get the error about an untrusted domain.
Thanks for the tutorial! Does this mean that nginx proxy manager and such are obsolete?
depends on how you want to run your network, but I prefer this method
@@DBTechYT thanks for the quick reply. Maybe a video on the advantages and disadvantages of the two as alternatives to each other would be nice!
If you don't want to open ports on your network and you want the security of CloudFlare protecting you, you use CloudFlare Tunnels. If you want everything on-premises with a bit more work on your side, you use Nginx Proxy Manager
@@DBTechYT thanks for the clarification!
@@DBTechYT actually I'd appreciate a video then about how to integrate authelia. I'm using it to secure photoprism as it does not offer 2FA yet. It works on NPM, but the process to integrate it into Cloudflare tunnel seems fairly complex 🙄
I have a similar setting with cloudflare tunnel, but I can not get the real IP addresses when someone tries to logging into my cloud. So it's a security issue. There is a way to fix it without reverseproxymanager?
Editing the file for caldav was good but when I updated, obviously, nextcloud wiped what I did in this file. I don't want to update this file everytime so I don' t know if there's a definitive solution.
You are the best!! Thanksss
I am trying to set up the cardav part in my truenas scale thru its shell but for reason the config wont save
New subscriber here, very cool video!
I followed the instruction and i can now access nextcloud from the internet, but i get SSL_ERROR_RX_RECORD_TOO_LONG (on firefox) while trying to access it with the local ip. (I want local access to transfer files faster)
Just in case anyone has this issue it means you are not attempting to connect to the site via the cloudflare tunnel and rather the service IP. Try again but with the cloudflare domain, hope this helps.
Hi, i was following your guide and was very clear however i am not able to connect next cloud with cloudeflare tunnel , i got all the time " argo tunnel 400 bad request the plain http request was sent to https port" i also tried to reinstall next cloud .
It is very strange because is perfectly working with NiginxProxyManage. I would like to close the port open for it
Do you have any suggestion how to solve ?
Same here also looking for help. All other Dockers work with the tunnel but next cloud gets the 400 error. I cannot find a resolution.
@@thatdude610 I found the problem , it was the rocket option , once disabled all working .
@@simonemastellonephotography What do you mean bu the rocket opiton, can you explain further? Having a similar problem.
Thanks for the tutorial.
Hello, just on this I have no issue getting your set up however I cant get this working with the app? It says theres a malformed server config, I dont knnow what that refers to althoguh
Starting at 16:00, modifying config file doesn't seem to be the best solution for this. Isn't the image going to be rebuilt when a new version comes out? Meaning your config changes will be overwritten by the default values after updating nextcloud?
That's absolutely a concern. If you want to prevent your config customizations from being overwritten, you can create your own config file somewhere on the server and then map its location to the location of the config file in the container via the volumes section.
Something like:
- /path/to/custom/config.php:/path/to/config/in/the/container/config.php
Video idea. Setting up a redis server in docker for Nextcloud memory cache.
If I didn't hate NextCloud so very much I might.
@@DBTechYT 😂 fair enough
According to nextcloud documentation, to update to the next version you have to remove the previous nextcloud container, and doing so you lose the apache configuration (caldav etc.). Is there some way to make this configuration persistent or to embend it in the compose file?
You should be able to pull the new version of the container, stop your existing container, and then bring the container back up and it should use the new version. The only reason it wouldn't do that is if your docker-compose has a specific verison in it rather than :latest