I love that you made this video. It's a great practical demo of how to setup cloudflared tunnels! However, I would like to warn you as well as people reading the comments that those Apache settings are dangerous! They're basically enabling a slow-loris attack, a very simple and affective DOS wherein the attacker bogs down your server by choking it it with a few long-running bogus requests. If you wish to upload large files to your Nextcloud server, I recommend leaving the Apache settings as-is and using the desktop sync client, as it will break them intelligently into smaller chunks for upload. The browser client isn't setup to do this (AFAIK).
Thanks for the guide, I got this one working over the other guide. Though it seems like: 1. You get this prompt about HSTS which wasn't discussed: The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗. 2. There are other issues that the redirects didn't resolve: - Your web server is not properly set up to resolve "/.well-known/webfinger". - Your web server is not properly set up to resolve "/.well-known/nodeinfo".
Same here. For #1, I believe the HSTS issue isn't so much a problem, considering that Cloudflare Tunnel enforces HTTPS at their end, not on the client. My understanding (and I could be wrong) is that the way to resolve this is by generating a cert from let'sencrypt or somewhere and having that handshake happen on a reverse proxy manager's end, like NPM. I'm not 100%, but I inferred as much from a GitHub post.
Man, you rock....have been messing with nextcloud for a while and though I like it, setup has always been hit or miss, this one finally has all the right markers and get to use it with tunnels. You are a champ as always.
I'm so grateful for this video. I'm a newbie to this; I only wanted a cloud server. Without this video, It would've been nearly impossible. I really appreciate your effort, thanks so much.
Wow! I wasn't even aware that there is something called cloudflare tunnel. Seems like a great solution compared to port forwarding and lesser headaches! Thanks as always.
Man! Thank you so much for this video and all your knowledge! I have like 3 weeks fighting with NGINX, firewalls, stacks, etc... and now finally with this solution everythong is working as intended! I'm already a Patreon but is nothing for all the stuffs you do and teach us! Thank you again! (Sorry for my english, is my second language).
You don't actually need to redeploy the container to change the restart policy. Just go into the container, find the restart policies section and change it, then hit update. For me, so far, this has always worked. But thanks for this great info, helped me out immensely!
This is a great video, thank you very much. I struggled for days to get this working the way you go through it (makes it look easy). But my setup, which I thought was similar to yours, really was not because my home lab did not have the DSL router in bridge mode. I am using the Bell HH4000 and the only way I could figure to get it into bridge mode was to buy a NetGear pfsense firewall and configure my HH4000 with the DMZ advanced mode. I am hoping my days of struggling and learning helps someone. I also forgot to open the UFW port 8080 on my host.
I can confirm the 100mb limitation is there. For some reason if you upload via web interface it works but if you use the nextcloud client or WebDAV it stops as soon as the file hits 100mb. More investigation is needed. P.s. I confirmed with cloudflare documentation. All HTTP POST request size is limited to 100mb on the free plan..So if you use the desktop client ( WebDAV based) or any other WebDAV client , and need to upload large files this method is not for you. If you only use the web interface you should be fine !
Hey Thanks for this tutorial. Followed it but I still have some warnings. 1. Strict Transport Security HTTP header is not set to at least "15552000" seconds 2. Your web server is not properly set up to resolve "/.well-known/webfinger" 3. Your web server is not properly set up to resolve "/.well-known/nodeinfo" I don't know why it's throwing out this issue, I saw the right commands on the config.php file and when you visit the url it works.
hey, how did you do the steps that involved portainer? (ex: editing the config file) since I'm running into issues when adding the overwriteprotocol and etc. did you add any mysql info when setting up nextcloud and how? (I used the docker route and was wondering if mysql needed setting up or something)
you are very smart, and have a lot of information, unfortunately your communication is tailored to "other" people that are not me, i've seen and re-seen your videos and still do not understand what your doing. thanks for sharing, and hopefully one day i can understand what you are saying
FYI to anyone, when you set up your cloudflare and put force policy HTTP to HTTPs, do not put overwriteprotocol to HTTPS in config.ini. It would cause infinite loop of redirect.
Any chance this video can be rebuilt for NextCloud All in One? The docker compose file isn't the same and it runs an https validation before component install. Also, once NextCloud is up and running, how do you add more storage after the fact?
Wanna know what I as an individual who is into order appreciate? Consistency.. Know what I didn't get here when attempting to pair up your video docker-compose file with the companion one on your website? Oh yeah, that's right.... Consistency... Everything was all swapped around. I speak for all of us when I say that I appreciate that.
Thanks for the great content again David. I took this a step forward and added the cloud flare tunnel as a container in my stack using the same network. here is the snippet that I got working with leantime as an app: version: '3.3' services: leantime_tunnel: container_name: leantime_tunnel image: 'cloudflare/cloudflared:latest' restart: unless-stopped command: tunnel run networks: - leantime-net environment: - TUNNEL_TOKEN=XXXXXX networks: leantime-net: external: false
This looks great! Something to keep in mind is that you can use a single Tunnel for multiple applications, so you don't need to deploy a tunnel for each application. I plan on making a video about this soon!
@@DBTechYT Thanks David! I experimented with this a bit with some of my self-hosted domains and I found that in Cloudflare tunnel configuration, for public hostnames, you can use the name of the container that hosts the target service instead of the server's IP! So in essence if you setup a docker-compose file and use a network, the container names will resolve in the tunnel for the hostname services. This is very helpful in the case you have a cluster (Swarm or Kubernetes) and your containers are spread across multiple nodes. I do agree that you can use a single tunnel for multiple apps. I am going to use a tunnel for each domain I self-host as they are a stack in portainer today. Keep up the great work. I learned a lot from your channel!
@@DBTechYT nice. yes I myself have one tunnel running with access to 6 apps so far and growing. This video finally got my nextcloud working but with one extra error than you that I am still working on so thank you. now I just need the exact same style video as this for home assistant and I'm golden! Thank you again!!
have you had the issue?: "Your data directory and files are probably accessible from the internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root." if so, how did you fix it?
Thank you for the video , has fixed some of my older problems . for some reason the background jobs are not executing and uptimekoma is runnning and up
Hi David, longtime viewer, love your videos. Have you ever tried maximizing next cloud storage capacity to use external storage like say an attached storage on your OMV setup or even a network attached drive on the network?
How do you deal with cloudflare shutting down your account for violating the ToS? The user agreement specifically states that cloudflare is to be used to host web pages etc. and file transfer, as well as streaming via cloudflare will result in them suspending your account.
Dude, Thank you, finally got this working. Have the transactional file locking error, but I don't care. if ya care to suggest a way to solve it, with out having to redo everything, that woudl be great, but if not, Oh well!! Thanks again!! p.s. you move fast!! Only thing I have issue with is the php upload size did not change. limits at 586 mb or something like that, I did not use the same composer file as you tho and I don't think I am running the same database either!!! I don't know, I just know that I built a great composer file and you helped me get it all working. So there, as we say down south.... nevermind, I'll refrain and keep plugging at it. I am running progrese or something like that so if ya have any idea why the php upload size might not be changing with the .htaccess edit let me know, and thanks again. Great Vid!!!
Hi Are you planning for updating this for Nextcloud All in One? It is quite different than this version and it is recommended installation method. Thanks for your videos
Great job, even in 2024 this is still relevant. Worked perfect with all the latest versions. Can you explain how one would add my unraid shares, array or even a pool disk? I have a large doc file already on my array and would like to access them from nextcloud. Thanks again.
I have a question. You live in USA and you edit the config file with default_phone_region=US. What should you do, if you don't live in US, e.g.: default_phone_region=AT for Austria or default_phone_region=DE for Germany?
Thanks for the great video! I'm kind of new to all this and was wondering why you don't need to specify PUID and PGID in the docker compose? I've seen in all the linuxserver docker stacks that they use 1000 for "easy user mappings"
at 8:56 in the video you say "Click here" and poof the nextcloud login screen is presented. What did you click to make that happen? I am not sure if you clicked on nextcloud-app or nextcloud-db and whether you clicked an icon or the 8080:80. Nothing I clicked seems to give the same result
you would click the ports next to the nextcloud-app. But, I'm guessing when you did that, it took you to 0.0.0.0:8080. If that's the case, watch this short: ua-cam.com/users/shortsq6PimerKycI
Hey! I've followed the steps in this video to setup a Nextcloud instance using Docker and Portainer. I'm using Cloudflare Tunnel to access it on the internet, but I'm unable to use video calls in Nextcloud Talk because it needs a Turn Server. Could you please make a video on how to set that up in Docker using Portainer?
Thank you! But how about the 100mb cloudflare size limit? Can i do anything on server side? To upload big files with browser...? Instead of using nextcloud client and set chunksizes ...
First - Excellent UA-cam Channel. Did you really quick your day job to do UA-cam? Kudos to your vidio editor too. 🙂 My question is. I currently expose a random port on my firewall and then use Cloudflare Origin rule to rewrite 443 to the random rule that I have open on my firewall - then port Forward from random port to 443 to my Nginx proxy server. And now for the question. With CloudflarD Tunnels, do I still need Nginx? Cuz the last two times I installed this on my Docker it broke my RPI. Thank you and keep up the good work. Chris
Hey Chris! So..I didn't quit my day job so much as a medical incident in 2016 made is very difficult for me to go back to a "normal" job. So I started doing UA-cam in hopes to bring in an income. I'm just a one-man-show who work in a little corner of the house, coming up with video ideas, recording them, and then editing. To answer your question about port forwarding, Nginx Proxy Manager (NPM), CloudFlare tunnels, etc., I'm actually releasing a video about this tomorrow, but, to give a quick answer, you can use NPM with CloudFlare tunnels if you want to, but I've completely removed NPM from my homelab and use CloudFlare tunnels exclusively.
Hi, i was following your guide and was very clear however i am not able to connect next cloud with cloudeflare tunnel , i got all the time " argo tunnel 400 bad request the plain http request was sent to https port" i also tried to reinstall next cloud . It is very strange because is perfectly working with NiginxProxyManage. I would like to close the port open for it Do you have any suggestion how to solve ?
Just don't work.. I can't see why is it. But i did it very simirlaly to you (not using portainer but the plain docker run from the docker hub.) And the page that opens say that the cloudfare is working but Host is in Error even though I can access it locally and i know its running. Will be testing the connection between the docker containers as I think that is the problem..
Hello! I have a problem. I can´t run the portainer console. Portainer have a error: Unable to retrieve image details. Do you know what is the problem? Thanks!
it seems an issue with docker itself I logged in to debian and used this command sudo apt install --allow-downgrades docker-ce=5:25.0.5-1~debian.12~bookworm
I'm currently trying to run this, but when I try to connect to my nextcloud using the cloudflare tunnel, it runs so slow. I runs perfectly when I use the my.local.ip:port locally. please help!
So if I follow all these steps mentioned in the video, I should able to to access my nextcloud setup on mobile app outside my home network? is cloudflare is same like twingate?
Nice vid. I tried this with a cloudflare tunnel on unRAID. All my other Dockers work with my tunnel but I get a 400 error when using next cloud with the tunnel set to https and a 502 when using it with http. Has anyone ran into this issue and have a solution?
This isn't any more complicated and port forwarding and using a reverse proxy. And you don't have to port forward using this method, making your network a bit more secure from outside intruders
Excellent video, only one thing, I did everything but I still got the HTTPS warning, even though I can access my site via a domain, the Nextcloud App stills marks it as insecure and somehow I'm unable to get the menu to display...
If I got it right you can use a cloudflare tunnel not only to access your services running on a server with their own domain without opening ports, but you can also get access to your own Home LAN to use, i.g, RDP, to fetch your files as you would do via a VPN like Wireguard and OpenVPN. It seems that you need such a WARP app and set another service on your cloudflare account. Any chance to get a new video tutorial about that? Thanks
Just found this amazing video but my issue is that I can now access my Nextcloud through Cloudflare tunnel, but the desktop and mobile app cannot. Do you know why that would be case?
Hi David love the tutorial... I have more questions than answers... I noticed that you had 2 instances of next-cloud running, of which they did not have the standard portainer IP schema. Did you use a MAC Vlan or did you just create a new IP schema for your docker containers. I'm asking because i have followed your instructions to the "T" and i am unable to get my cloud flare tunnel to successfully connect to my next-cloud. It works for a few of my other containers like grafana, and i IOT device i use to monitor the temp in my network room. I even went as far as changing my port from 8443 to 8080 and still the same error. Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.
Which volume do I want for storage ?. I want to direct the storage to my 2TB drive but not sure which volume that would be for the stack ?. I see there's this volume directory: /home/docker/nextcloud/db:/var/lib/mysql then there's a bunch of other ones but I would guess you don't want to mess with those ?.
You're going to have to mount the 2TB drive on your system. I don't know what you're using, so you're going to have to sort that part first. Once you have the drive mounted, you can mount the volumes to that drive in whatever folder you want
Starting at 16:00, modifying config file doesn't seem to be the best solution for this. Isn't the image going to be rebuilt when a new version comes out? Meaning your config changes will be overwritten by the default values after updating nextcloud?
That's absolutely a concern. If you want to prevent your config customizations from being overwritten, you can create your own config file somewhere on the server and then map its location to the location of the config file in the container via the volumes section. Something like: - /path/to/custom/config.php:/path/to/config/in/the/container/config.php
I'm facing an issue, my public hostname gets me no where and just times out. My setup is: nextcloud running as a plugin on truenas. Installed the cloudflare agent on a VM running docker inside the truenas. Any ideias? I have tried everything
I am stuck in a constant loop of redirects after connecting it to my domain and accessing them remotely. Local access using my domain has no issues whatsoever. I don’t understand what is going on, I have followed the steps exactly using the tunnel, and everything else works like Plex and truenas web ui the only thing that doesn’t work is nextcloud. Any ideas?
Hi, nice tutorial, only have one problem, I set everything up and it works fine but upload speeds are terrible, it uploads everything, no matter the size, at less than 50 KB/s, the thing is that only happens if I use it through cloudflare tunnels, if I open my ports to access it directly (which I only did for testing, it's not something I'd like doing), the upload speeds are much higher, just what they should be, any ideas?
Can you get talk working while using a Cloudflare tunnel on NextCloud? I mean it works but no audio or video can make it off the network. I can not seem to find any docs on this.
What an awesome tutorial.. Sorry to be late... but.. how can i update nextcloud properly? Pulling latest image version from STACK or CONTAINER..? thankyou!
If you're using portainer, check out this video and it will give you an idea of how to easily update your containers. Just make sure you have a good backup strategy in place in case anything goes wrong.
I was hoping I could find a solution to my problem. I have Nextcloud running behind a reverse proxy and no exposed ports on the container. I'm able to get to it through the internal domain I set up the proxy rule for but using my Cloudflare tunnel external domain causes it to redirect to the internal one which means I can't access it from outside my network. I don't have an issue with the other services I have running through a Cloudflare tunnel and it seems to be something specific with Nextcloud that I'd like to either disable or configure to work with Cloudflare. I was hoping this video would help but DBTech isn't running behind a reverse proxy and in fact I never even get the error about an untrusted domain.
I have a similar setting with cloudflare tunnel, but I can not get the real IP addresses when someone tries to logging into my cloud. So it's a security issue. There is a way to fix it without reverseproxymanager?
Any idea how to make Nextckoud Office or OpenOffice to work with this setup ? "Collabora Online - Built-in CODE Serve" or "Community Document Server " refuse to work.
Hi David, great tutorial How does this work with Navidrome, inparticular the app I have on my phone (symphonium). Or would I need to specify different rules specific to navidrome whic hallows the apps to connect?
Streaming is a violation of TOS for Cloudflare Tunnels. Symphonium will work great with Tailscale on your phone and media server, as long as you're not running a different VPN on your phone at the same time, which I think is not possible. Tailscale is also way easier to set up and connect than cloudflare tunnels. Just use the IP created in Tailscale for your server and add port for Navidrome as a media source in Symphonium.
Hi, thank you very much for the tutorial! However, I always get the warning that the Strict-Transport-Security HTTP header is not configured to at least “15552000” and that I should enable HSTS. I already tried some tips involving the default-ssl.conf, but (probably because I'm using a cloudflare tunnel) it is not working. Do you know how to fix this problem?
I am having this same issue and I am looking for a solution as well. Apparently I need to add something that looks like this: add_header Strict-Transport-Security "max-age=15552000"; to some config somewhere but still searching for the answer for now.
@@CozyTek I already tried something like that, but the problem appears to be that the container is without SSL. However, I was able to fix this problem by enabling HSTS in the Cloudflare SSL settings. So far, it seems to work as the error message is gone.
Hello, just on this I have no issue getting your set up however I cant get this working with the app? It says theres a malformed server config, I dont knnow what that refers to althoguh
Editing the file for caldav was good but when I updated, obviously, nextcloud wiped what I did in this file. I don't want to update this file everytime so I don' t know if there's a definitive solution.
hello DBtech good video, I tried to do it but it is giving me the error "internal server error" already tried everything, delete the folder, fresh install and it does not work and if it works it comes out sql error
Hey, im facing difficulty logging in using local access, meaning when i open next cloud using its local address, i can see the login page and when i try to login it doesnt work. any idea why?
By default, Nextcloud is only accessible on the URL you configured it on. Likely you'll need to edit the Nextcloud config file in the container to add the local address as an allowed URL. I don't remember all the proper terms as it's been a long time since I've touched Nextcloud, but I'm almost 100% sure this is the issue.
thats a proxying over cloudflare limit, if you access our nextcloud locally its fine, and also if you get a cloudflare cert and use that in nginx proxy manager without proxying through cloudflare, should bypass 100mb limit
Was going smooth till the apt update, i'm using unraid and when i open the terminal for nextcloud i don't know the root password to run any apt update Anyone?
Seems nextcloud is a crap. I could not get the data directory changed to my ZFS pool. I tried the docker way and had the same problem; worse could not even stop the containers. Who will put all the files in /var?
This is Great, David! I have a cloudflared tunnel with full (strict) with origin certs downloaded that I’ve confirmed can get to my Rpi4 and have installed Nextcloudpi through the install script. My Rpi4 is Raspbian OS 64 Bullseye. The ddns site is registered to a .ml domain, as the config of the tunnel differs with this domain type. I could be persuaded to install the nextcloudpi through the docker image method, as I now have an SSD in the pi and don’t need to have the data directory on the storage USB drive (not an option in docker image) and I can arrange for the external drive to backup data from connected devices through the nextcloud interface. The main issue that I’m having is that I cannot seem to have the ddns direct to the nextcloud instance and I keep getting the redirect error message that doesn’t allow it to securely bring up the page. Apache2 site redacted below: ServerName 192.168.1.XX Redirect permanent / sub.domain.com/
ServerName sub.domain.com DocumentRoot /var/www/nextcloud CustomLog /var/log/apache2/nc-access.log combined ErrorLog /var/log/apache2/nc-error.log SSLEngine on SSLProxyEngine on SSLCertificateFile /home/$USER/Documents/sub.domain.com.pem SSLCertificateKeyFile /home/$USER/Documents/sub.domain.com.key # For notify_push app in NC21 ProxyPass /push/ws ws://127.0.0.1:7867/ws ProxyPass /push/ 127.0.0.1:7867/ ProxyPassReverse /push/ 127.0.0.1:7867/ Options +FollowSymlinks AllowOverride All Dav off LimitRequestBody 0 SSLRenegBufferSize 10486000
Header always set Strict-Transport-Security "max-age=15768000; includeSubDo> And my Cloudflare Tunnel redacted is: tunnel: $tunnel-ID credentials-file: /home/$USER/.cloudflared/$tunnel-ID.json ingress: - hostname: sub.domain.com service: 192.168.1.XX - service: http_status:404
HELPPPP! I get an error after creating my tunnel saying "Your data directory is readable by other users. Please change the permissions to 0770 so that the directory cannot be listed by other users." I tried chmod, chown, recreating a user... it was intalled on root user with OMV6 on external drive. I don't know what to do :( can you please help me...?
Hey David, I am having issue with cronjobs as it says some jobs hav'nt run since ~5 days. Have you check your nextcloud if everything is working fine there?
here's what I would recommend for cron jobs. Set up an Uptime Kuma container. Then get your NextCloud cron job URL and have Uptime Kuma ping it periodically and that will run the cron jobs for you and keep things working better. I made a video talking about this technique at one point, but I don't remember what video it was in. You might check this video? ua-cam.com/video/rj7DZdWMK2k/v-deo.html
@@DBTechYT yes here is the problem. As on the first day when I set it up, it was working as I followed your whole video including uptimekuma. Even now, the uptimekuma shows no errors but when I go to the Basic settings in nextcloud, there it says some jobs did not run since 6 days( the number of days since I installed the nextcloud). Is this just a message in raspberry pi or, is it really not working?
I mean, after couple of days it just start showing me that error everytime I install nextcloud. I use cron for cron jobs. Even though, if I try to change it to Ajax or webcron, it still give the same warning.
Then I would assume that something isn't running. I would look into your container logs and make sure that you have the right cron job setting configured in NextCloud and that you're using the right URL to ping periodically.
Hey! Greate video, I have loved watching clouflare tunnel stuff from you! I have a quick question though, whenever I set up my tunnel for Nextcloud I always get 502 on the connection, however if I change it to another service it works fine. I even tried to change the port of the nextcloud service but this issue still persists, do you have any idea what could be happening?
Anybody knows how to edit the 000-default.conf file in a Unraid instance? no matter what I tried in command line I get permission denied to try to nano edit the file and file is only mounted when container is running
I love that you made this video. It's a great practical demo of how to setup cloudflared tunnels!
However, I would like to warn you as well as people reading the comments that those Apache settings are dangerous! They're basically enabling a slow-loris attack, a very simple and affective DOS wherein the attacker bogs down your server by choking it it with a few long-running bogus requests.
If you wish to upload large files to your Nextcloud server, I recommend leaving the Apache settings as-is and using the desktop sync client, as it will break them intelligently into smaller chunks for upload. The browser client isn't setup to do this (AFAIK).
Thanks for the guide, I got this one working over the other guide.
Though it seems like:
1. You get this prompt about HSTS which wasn't discussed: The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.
2. There are other issues that the redirects didn't resolve:
- Your web server is not properly set up to resolve "/.well-known/webfinger".
- Your web server is not properly set up to resolve "/.well-known/nodeinfo".
did you find a solution for it?
Same here. For #1, I believe the HSTS issue isn't so much a problem, considering that Cloudflare Tunnel enforces HTTPS at their end, not on the client. My understanding (and I could be wrong) is that the way to resolve this is by generating a cert from let'sencrypt or somewhere and having that handshake happen on a reverse proxy manager's end, like NPM. I'm not 100%, but I inferred as much from a GitHub post.
Hi, Did you find any solution for that issues?, is not quite clear on the video this 2 points. Regards
Thank you so much for sharing this! You made my deployment way a lot easier. Appreciate your time and effort!
Man, you rock....have been messing with nextcloud for a while and though I like it, setup has always been hit or miss, this one finally has all the right markers and get to use it with tunnels. You are a champ as always.
Thanks!! I appreciate that and hope this is helpful for you!
I'm so grateful for this video. I'm a newbie to this; I only wanted a cloud server. Without this video, It would've been nearly impossible. I really appreciate your effort, thanks so much.
Glad it helped!
Wow! I wasn't even aware that there is something called cloudflare tunnel. Seems like a great solution compared to port forwarding and lesser headaches! Thanks as always.
Glad it helped!
@@DBTechYT will Cloudflare tunnel fix double nat issues?
@@raylab77 Yes. I'm CGNATed, and Cloudlflare tunnelling gets around it (via a domain name).
@@raylab77 yes
Man! Thank you so much for this video and all your knowledge! I have like 3 weeks fighting with NGINX, firewalls, stacks, etc... and now finally with this solution everythong is working as intended! I'm already a Patreon but is nothing for all the stuffs you do and teach us! Thank you again! (Sorry for my english, is my second language).
I’m glad I watched enough of the video to hear this is a OMV video. I’ve been searching for this exact content. Thank you sir
Glad it was helpful!
You don't actually need to redeploy the container to change the restart policy. Just go into the container, find the restart policies section and change it, then hit update. For me, so far, this has always worked. But thanks for this great info, helped me out immensely!
This is a great video, thank you very much. I struggled for days to get this working the way you go through it (makes it look easy). But my setup, which I thought was similar to yours, really was not because my home lab did not have the DSL router in bridge mode. I am using the Bell HH4000 and the only way I could figure to get it into bridge mode was to buy a NetGear pfsense firewall and configure my HH4000 with the DMZ advanced mode. I am hoping my days of struggling and learning helps someone. I also forgot to open the UFW port 8080 on my host.
I can confirm the 100mb limitation is there. For some reason if you upload via web interface it works but if you use the nextcloud client or WebDAV it stops as soon as the file hits 100mb. More investigation is needed.
P.s. I confirmed with cloudflare documentation. All HTTP POST request size is limited to 100mb on the free plan..So if you use the desktop client ( WebDAV based) or any other WebDAV client , and need to upload large files this method is not for you. If you only use the web interface you should be fine !
yep, nginx proxy manager with lets encrypt doesnt have this issue.
Thank you so much for the video, it helped me a lot. It's people like you that make the world a smarter place.
Thanks for the video, I was struggling with this for an embarrassing amount of time. Thank you so much!
Hey Thanks for this tutorial.
Followed it but I still have some warnings.
1. Strict Transport Security HTTP header is not set to at least "15552000" seconds
2. Your web server is not properly set up to resolve "/.well-known/webfinger"
3. Your web server is not properly set up to resolve "/.well-known/nodeinfo"
I don't know why it's throwing out this issue, I saw the right commands on the config.php file and when you visit the url it works.
Get the same errors. Have you ever been able to solve them?
Did u get the solution for problems 2 and 3 ?
This video was super helpful in getting my NextCloud setup with access through Cloudflare tunnels. Liked and tip sent.
Cool, thanks!
Super great tutorial, I setup with just docker instead of portainer with it and still found this super helpful. Thanks!
hey, how did you do the steps that involved portainer? (ex: editing the config file) since I'm running into issues when adding the overwriteprotocol and etc.
did you add any mysql info when setting up nextcloud and how? (I used the docker route and was wondering if mysql needed setting up or something)
@@migii3127 I didnt use portainer or mysql at all since my deployment is for small personal use
I was just looking for this last night, and you posted this today. Crazy! Obliterating that like button! 😃
Wow dude. Thank you. I was struggling so much deploying this. And your guide helped me out so so much. Thanks a ton mate. I learnt a bit too.
you are very smart, and have a lot of information, unfortunately your communication is tailored to "other" people that are not me, i've seen and re-seen your videos and still do not understand what your doing. thanks for sharing, and hopefully one day i can understand what you are saying
FYI to anyone, when you set up your cloudflare and put force policy HTTP to HTTPs, do not put overwriteprotocol to HTTPS in config.ini. It would cause infinite loop of redirect.
Any chance this video can be rebuilt for NextCloud All in One? The docker compose file isn't the same and it runs an https validation before component install. Also, once NextCloud is up and running, how do you add more storage after the fact?
keep it up with these docker image tutorials!!!!!
Thank you David. This video helped me a lot.
Wanna know what I as an individual who is into order appreciate? Consistency.. Know what I didn't get here when attempting to pair up your video docker-compose file with the companion one on your website? Oh yeah, that's right.... Consistency... Everything was all swapped around. I speak for all of us when I say that I appreciate that.
Hey David, thanks for this video. Can you please explain the "fixing caldav" part? I didn't understand what you do on this part. Thank you in advance.
Thanks for the great content again David. I took this a step forward and added the cloud flare tunnel as a container in my stack using the same network. here is the snippet that I got working with leantime as an app:
version: '3.3'
services:
leantime_tunnel:
container_name: leantime_tunnel
image: 'cloudflare/cloudflared:latest'
restart: unless-stopped
command: tunnel run
networks:
- leantime-net
environment:
- TUNNEL_TOKEN=XXXXXX
networks:
leantime-net:
external: false
This looks great! Something to keep in mind is that you can use a single Tunnel for multiple applications, so you don't need to deploy a tunnel for each application. I plan on making a video about this soon!
@@DBTechYT Thanks David! I experimented with this a bit with some of my self-hosted domains and I found that in Cloudflare tunnel configuration, for public hostnames, you can use the name of the container that hosts the target service instead of the server's IP! So in essence if you setup a docker-compose file and use a network, the container names will resolve in the tunnel for the hostname services. This is very helpful in the case you have a cluster (Swarm or Kubernetes) and your containers are spread across multiple nodes.
I do agree that you can use a single tunnel for multiple apps. I am going to use a tunnel for each domain I self-host as they are a stack in portainer today.
Keep up the great work. I learned a lot from your channel!
@@DBTechYT nice. yes I myself have one tunnel running with access to 6 apps so far and growing. This video finally got my nextcloud working but with one extra error than you that I am still working on so thank you. now I just need the exact same style video as this for home assistant and I'm golden! Thank you again!!
that one tunnel even gives me access to my synology NAS. ;)
have you had the issue?:
"Your data directory and files are probably accessible from the internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root."
if so, how did you fix it?
Thank you for the video , has fixed some of my older problems .
for some reason the background jobs are not executing and uptimekoma is runnning and up
Hi David, longtime viewer, love your videos. Have you ever tried maximizing next cloud storage capacity to use external storage like say an attached storage on your OMV setup or even a network attached drive on the network?
How do you deal with cloudflare shutting down your account for violating the ToS? The user agreement specifically states that cloudflare is to be used to host web pages etc. and file transfer, as well as streaming via cloudflare will result in them suspending your account.
they removed that ToS..
I followed the tutorial and I was able to get it up and running on a Orange Pi 5 with Ubuntu server and M 2 SSD
Please show us how to enable ssl on nextcloud with cloudflare ssl certificates.
I figured this out and using ssl on cloudflare tunnel on nextcloud
Dude, Thank you, finally got this working. Have the transactional file locking error, but I don't care. if ya care to suggest a way to solve it, with out having to redo everything, that woudl be great, but if not, Oh well!! Thanks again!!
p.s. you move fast!! Only thing I have issue with is the php upload size did not change. limits at 586 mb or something like that, I did not use the same composer file as you tho and I don't think I am running the same database either!!! I don't know, I just know that I built a great composer file and you helped me get it all working. So there, as we say down south.... nevermind, I'll refrain and keep plugging at it. I am running progrese or something like that so if ya have any idea why the php upload size might not be changing with the .htaccess edit let me know, and thanks again. Great Vid!!!
That 'overwriteprotocol' setting saved my day, many thanks, sir!
Hi
Are you planning for updating this for Nextcloud All in One? It is quite different than this version and it is recommended installation method. Thanks for your videos
Thank you every time!
Very helpful, thank you very much!!
Great job, even in 2024 this is still relevant. Worked perfect with all the latest versions. Can you explain how one would add my unraid shares, array or even a pool disk? I have a large doc file already on my array and would like to access them from nextcloud. Thanks again.
Glad this video was helpful. Unfortunately I've got no experience with Unraid, so I'm unable to help with that :(
I have a question. You live in USA and you edit the config file with default_phone_region=US. What should you do, if you don't live in US, e.g.: default_phone_region=AT for Austria or default_phone_region=DE for Germany?
Change it match your region
You are the best!! Thanksss
thanks for the info as always. how do you go about resolving the webfinger/nodeinfo redirects afterwards?
THANK YOU !!!! I was googling for hours on how to address the "trusted _domains" issue. Love you content David
Cool, exactly what I was looking to learn today. Please tell me the mail passwords have been amended since this from config.php though?
Great to hear!! And, yes, the passwords have been revoked/changed :)
Thanks for the great video! I'm kind of new to all this and was wondering why you don't need to specify PUID and PGID in the docker compose? I've seen in all the linuxserver docker stacks that they use 1000 for "easy user mappings"
It defaults to UID & GID 33 on most Linux systems for the default `www-data` user used by apache2
at 8:56 in the video you say "Click here" and poof the nextcloud login screen is presented. What did you click to make that happen? I am not sure if you clicked on nextcloud-app or nextcloud-db and whether you clicked an icon or the 8080:80. Nothing I clicked seems to give the same result
you would click the ports next to the nextcloud-app. But, I'm guessing when you did that, it took you to 0.0.0.0:8080. If that's the case, watch this short: ua-cam.com/users/shortsq6PimerKycI
Hey! I've followed the steps in this video to setup a Nextcloud instance using Docker and Portainer. I'm using Cloudflare Tunnel to access it on the internet, but I'm unable to use video calls in Nextcloud Talk because it needs a Turn Server. Could you please make a video on how to set that up in Docker using Portainer?
Thank you!
But how about the 100mb cloudflare size limit? Can i do anything on server side? To upload big files with browser...?
Instead of using nextcloud client and set chunksizes ...
First - Excellent UA-cam Channel. Did you really quick your day job to do UA-cam? Kudos to your vidio editor too. 🙂 My question is. I currently expose a random port on my firewall and then use Cloudflare Origin rule to rewrite 443 to the random rule that I have open on my firewall - then port Forward from random port to 443 to my Nginx proxy server. And now for the question. With CloudflarD Tunnels, do I still need Nginx? Cuz the last two times I installed this on my Docker it broke my RPI. Thank you and keep up the good work.
Chris
Hey Chris! So..I didn't quit my day job so much as a medical incident in 2016 made is very difficult for me to go back to a "normal" job. So I started doing UA-cam in hopes to bring in an income. I'm just a one-man-show who work in a little corner of the house, coming up with video ideas, recording them, and then editing.
To answer your question about port forwarding, Nginx Proxy Manager (NPM), CloudFlare tunnels, etc., I'm actually releasing a video about this tomorrow, but, to give a quick answer, you can use NPM with CloudFlare tunnels if you want to, but I've completely removed NPM from my homelab and use CloudFlare tunnels exclusively.
Hi, i was following your guide and was very clear however i am not able to connect next cloud with cloudeflare tunnel , i got all the time " argo tunnel 400 bad request the plain http request was sent to https port" i also tried to reinstall next cloud .
It is very strange because is perfectly working with NiginxProxyManage. I would like to close the port open for it
Do you have any suggestion how to solve ?
Same here also looking for help. All other Dockers work with the tunnel but next cloud gets the 400 error. I cannot find a resolution.
@@thatdude610 I found the problem , it was the rocket option , once disabled all working .
@@simonemastellonephotography What do you mean bu the rocket opiton, can you explain further? Having a similar problem.
Do you have an example of what it looks like or to setup the docker volume share path? Example I would want to use my NAS. Thank you for your videos.
Great video. can you show how to use multiple apps on the same cloudflare tunnel? Thank you.
I'm interested in it too
Click on your tunnel > Configure > Public Hostname > add public hostname
Just don't work.. I can't see why is it. But i did it very simirlaly to you (not using portainer but the plain docker run from the docker hub.) And the page that opens say that the cloudfare is working but Host is in Error even though I can access it locally and i know its running. Will be testing the connection between the docker containers as I think that is the problem..
Hello! I have a problem. I can´t run the portainer console. Portainer have a error: Unable to retrieve image details. Do you know what is the problem? Thanks!
it seems an issue with docker itself I logged in to debian and used this command
sudo apt install --allow-downgrades docker-ce=5:25.0.5-1~debian.12~bookworm
i spent 3 hours looking for a fix and that's the solution so far
I'm currently trying to run this, but when I try to connect to my nextcloud using the cloudflare tunnel, it runs so slow. I runs perfectly when I use the my.local.ip:port locally. please help!
Has anyone gotten a 502 bad gateway error? I followed everything in the video but still getting the 502. I'm using a raspberry pi.
same here. not sure what Im doing wrong lol
Thanks for the tutorial.
So if I follow all these steps mentioned in the video, I should able to to access my nextcloud setup on mobile app outside my home network?
is cloudflare is same like twingate?
Nice vid. I tried this with a cloudflare tunnel on unRAID. All my other Dockers work with my tunnel but I get a 400 error when using next cloud with the tunnel set to https and a 502 when using it with http.
Has anyone ran into this issue and have a solution?
I'm Having the same issue, please let me know if you found a solution, I've been working at this for a couple days now, running on TrueNAS Scale
@@Joe1038hsame issue, also on truenas scale. ever find a solution?
I have something hundred percent running perfect never fails ...best ever BUT i need to change it around to something pretty complicated...
This isn't any more complicated and port forwarding and using a reverse proxy. And you don't have to port forward using this method, making your network a bit more secure from outside intruders
Hi! Thanks for this video. Will all the customisations done to the container remain after image update?
Thank you!
Excellent video, only one thing, I did everything but I still got the HTTPS warning, even though I can access my site via a domain, the Nextcloud App stills marks it as insecure and somehow I'm unable to get the menu to display...
If I got it right you can use a cloudflare tunnel not only to access your services running on a server with their own domain without opening ports, but you can also get access to your own Home LAN to use, i.g, RDP, to fetch your files as you would do via a VPN like Wireguard and OpenVPN. It seems that you need such a WARP app and set another service on your cloudflare account. Any chance to get a new video tutorial about that? Thanks
9:46 When you installed recommended app, will it make nextcloud container same as nextcloud/all-in-one docker images?
Just found this amazing video but my issue is that I can now access my Nextcloud through Cloudflare tunnel, but the desktop and mobile app cannot. Do you know why that would be case?
Hi David love the tutorial... I have more questions than answers... I noticed that you had 2 instances of next-cloud running, of which they did not have the standard portainer IP schema. Did you use a MAC Vlan or did you just create a new IP schema for your docker containers. I'm asking because i have followed your instructions to the "T" and i am unable to get my cloud flare tunnel to successfully connect to my next-cloud. It works for a few of my other containers like grafana, and i IOT device i use to monitor the temp in my network room. I even went as far as changing my port from 8443 to 8080 and still the same error.
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Having a similar issue did you ever find a fix?
Which volume do I want for storage ?. I want to direct the storage to my 2TB drive but not sure which volume that would be for the stack ?.
I see there's this volume directory: /home/docker/nextcloud/db:/var/lib/mysql
then there's a bunch of other ones but I would guess you don't want to mess with those ?.
You're going to have to mount the 2TB drive on your system. I don't know what you're using, so you're going to have to sort that part first. Once you have the drive mounted, you can mount the volumes to that drive in whatever folder you want
Starting at 16:00, modifying config file doesn't seem to be the best solution for this. Isn't the image going to be rebuilt when a new version comes out? Meaning your config changes will be overwritten by the default values after updating nextcloud?
That's absolutely a concern. If you want to prevent your config customizations from being overwritten, you can create your own config file somewhere on the server and then map its location to the location of the config file in the container via the volumes section.
Something like:
- /path/to/custom/config.php:/path/to/config/in/the/container/config.php
I'm facing an issue, my public hostname gets me no where and just times out.
My setup is: nextcloud running as a plugin on truenas. Installed the cloudflare agent on a VM running docker inside the truenas.
Any ideias? I have tried everything
I am stuck in a constant loop of redirects after connecting it to my domain and accessing them remotely. Local access using my domain has no issues whatsoever. I don’t understand what is going on, I have followed the steps exactly using the tunnel, and everything else works like Plex and truenas web ui the only thing that doesn’t work is nextcloud. Any ideas?
Did you edit the config.php file to allow for multiple domains? ua-cam.com/video/p0I8pikm2P4/v-deo.htmlsi=Ll-e7xIJWq2gq07T&t=960
Hi, nice tutorial, only have one problem, I set everything up and it works fine but upload speeds are terrible, it uploads everything, no matter the size, at less than 50 KB/s, the thing is that only happens if I use it through cloudflare tunnels, if I open my ports to access it directly (which I only did for testing, it's not something I'd like doing), the upload speeds are much higher, just what they should be, any ideas?
Can you get talk working while using a Cloudflare tunnel on NextCloud? I mean it works but no audio or video can make it off the network. I can not seem to find any docs on this.
What an awesome tutorial.. Sorry to be late... but.. how can i update nextcloud properly? Pulling latest image version from STACK or CONTAINER..? thankyou!
If you're using portainer, check out this video and it will give you an idea of how to easily update your containers. Just make sure you have a good backup strategy in place in case anything goes wrong.
@@DBTechYT Thanks for the tip! I will check!
I was hoping I could find a solution to my problem. I have Nextcloud running behind a reverse proxy and no exposed ports on the container. I'm able to get to it through the internal domain I set up the proxy rule for but using my Cloudflare tunnel external domain causes it to redirect to the internal one which means I can't access it from outside my network. I don't have an issue with the other services I have running through a Cloudflare tunnel and it seems to be something specific with Nextcloud that I'd like to either disable or configure to work with Cloudflare. I was hoping this video would help but DBTech isn't running behind a reverse proxy and in fact I never even get the error about an untrusted domain.
I have a similar setting with cloudflare tunnel, but I can not get the real IP addresses when someone tries to logging into my cloud. So it's a security issue. There is a way to fix it without reverseproxymanager?
Any idea how to make Nextckoud Office or OpenOffice to work with this setup ? "Collabora Online - Built-in CODE Serve" or "Community Document Server " refuse to work.
You rock!
I am trying to set up the cardav part in my truenas scale thru its shell but for reason the config wont save
how to access home assistant from outside local network running home assistant on a docker container with no add ons
Hi David, great tutorial
How does this work with Navidrome, inparticular the app I have on my phone (symphonium). Or would I need to specify different rules specific to navidrome whic hallows the apps to connect?
Streaming is a violation of TOS for Cloudflare Tunnels. Symphonium will work great with Tailscale on your phone and media server, as long as you're not running a different VPN on your phone at the same time, which I think is not possible. Tailscale is also way easier to set up and connect than cloudflare tunnels. Just use the IP created in Tailscale for your server and add port for Navidrome as a media source in Symphonium.
Hi, thank you very much for the tutorial! However, I always get the warning that the Strict-Transport-Security HTTP header is not configured to at least “15552000” and that I should enable HSTS. I already tried some tips involving the default-ssl.conf, but (probably because I'm using a cloudflare tunnel) it is not working. Do you know how to fix this problem?
I am having this same issue and I am looking for a solution as well. Apparently I need to add something that looks like this: add_header Strict-Transport-Security "max-age=15552000"; to some config somewhere but still searching for the answer for now.
@@CozyTek I already tried something like that, but the problem appears to be that the container is without SSL. However, I was able to fix this problem by enabling HSTS in the Cloudflare SSL settings. So far, it seems to work as the error message is gone.
Hello, just on this I have no issue getting your set up however I cant get this working with the app? It says theres a malformed server config, I dont knnow what that refers to althoguh
Editing the file for caldav was good but when I updated, obviously, nextcloud wiped what I did in this file. I don't want to update this file everytime so I don' t know if there's a definitive solution.
hello DBtech good video, I tried to do it but it is giving me the error "internal server error" already tried everything, delete the folder, fresh install and it does not work and if it works it comes out sql error
do you have video for the update with nextcloud aio docker compose?
Hi, would there be any issues with cloudflare tunnel t&c if I mainly used nextcloud to backup photos & videos?
Will those setting stay persistent if you update your NextCloud container??
Did you try Talk function? Because cloudflare is not allowing traffic for STUN ports..
Cloudflare tunnels not showing anymore.
This is an old video. It's still in the dashboard under a different header in the menu
Hey, im facing difficulty logging in using local access, meaning when i open next cloud using its local address, i can see the login page and when i try to login it doesnt work. any idea why?
By default, Nextcloud is only accessible on the URL you configured it on. Likely you'll need to edit the Nextcloud config file in the container to add the local address as an allowed URL. I don't remember all the proper terms as it's been a long time since I've touched Nextcloud, but I'm almost 100% sure this is the issue.
Could you please hit ctrl+ a few times to increase the zoom level of your browser shots.
thats a proxying over cloudflare limit, if you access our nextcloud locally its fine, and also if you get a cloudflare cert and use that in nginx proxy manager without proxying through cloudflare, should bypass 100mb limit
What 100 mb limit I have been using both cloudflare proxy and cloudflare Argo tunnels and transferred over 300 gbs in a month
@@ozgur5117 100mb per connection, not file, so a single threaded upload over 100mb, will time out, but only if using proxied connection
Was going smooth till the apt update, i'm using unraid and when i open the terminal for nextcloud i don't know the root password to run any apt update
Anyone?
Seems nextcloud is a crap. I could not get the data directory changed to my ZFS pool. I tried the docker way and had the same problem; worse could not even stop the containers. Who will put all the files in /var?
This is Great, David! I have a cloudflared tunnel with full (strict) with origin certs downloaded that I’ve confirmed can get to my Rpi4 and have installed Nextcloudpi through the install script. My Rpi4 is Raspbian OS 64 Bullseye. The ddns site is registered to a .ml domain, as the config of the tunnel differs with this domain type.
I could be persuaded to install the nextcloudpi through the docker image method, as I now have an SSD in the pi and don’t need to have the data directory on the storage USB drive (not an option in docker image) and I can arrange for the external drive to backup data from connected devices through the nextcloud interface.
The main issue that I’m having is that I cannot seem to have the ddns direct to the nextcloud instance and I keep getting the redirect error message that doesn’t allow it to securely bring up the page.
Apache2 site redacted below:
ServerName 192.168.1.XX
Redirect permanent / sub.domain.com/
ServerName sub.domain.com
DocumentRoot /var/www/nextcloud
CustomLog /var/log/apache2/nc-access.log combined
ErrorLog /var/log/apache2/nc-error.log
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /home/$USER/Documents/sub.domain.com.pem
SSLCertificateKeyFile /home/$USER/Documents/sub.domain.com.key
# For notify_push app in NC21
ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ 127.0.0.1:7867/
ProxyPassReverse /push/ 127.0.0.1:7867/
Options +FollowSymlinks
AllowOverride All
Dav off
LimitRequestBody 0
SSLRenegBufferSize 10486000
Header always set Strict-Transport-Security "max-age=15768000; includeSubDo>
And my Cloudflare Tunnel redacted is:
tunnel: $tunnel-ID
credentials-file: /home/$USER/.cloudflared/$tunnel-ID.json
ingress:
- hostname: sub.domain.com
service: 192.168.1.XX
- service: http_status:404
HELPPPP! I get an error after creating my tunnel saying "Your data directory is readable by other users.
Please change the permissions to 0770 so that the directory cannot be listed by other users." I tried chmod, chown, recreating a user... it was intalled on root user with OMV6 on external drive. I don't know what to do :( can you please help me...?
Hey David, I am having issue with cronjobs as it says some jobs hav'nt run since ~5 days. Have you check your nextcloud if everything is working fine there?
here's what I would recommend for cron jobs. Set up an Uptime Kuma container. Then get your NextCloud cron job URL and have Uptime Kuma ping it periodically and that will run the cron jobs for you and keep things working better. I made a video talking about this technique at one point, but I don't remember what video it was in. You might check this video? ua-cam.com/video/rj7DZdWMK2k/v-deo.html
@@DBTechYT yes here is the problem. As on the first day when I set it up, it was working as I followed your whole video including uptimekuma. Even now, the uptimekuma shows no errors but when I go to the Basic settings in nextcloud, there it says some jobs did not run since 6 days( the number of days since I installed the nextcloud). Is this just a message in raspberry pi or, is it really not working?
I mean, after couple of days it just start showing me that error everytime I install nextcloud. I use cron for cron jobs. Even though, if I try to change it to Ajax or webcron, it still give the same warning.
Then I would assume that something isn't running. I would look into your container logs and make sure that you have the right cron job setting configured in NextCloud and that you're using the right URL to ping periodically.
@@DBTechYT Alright. Then where should I share my logs with you?
Hey! Greate video, I have loved watching clouflare tunnel stuff from you! I have a quick question though, whenever I set up my tunnel for Nextcloud I always get 502 on the connection, however if I change it to another service it works fine. I even tried to change the port of the nextcloud service but this issue still persists, do you have any idea what could be happening?
I have this same issue.
did you ever find a fix?
Anybody knows how to edit the 000-default.conf file in a Unraid instance? no matter what I tried in command line I get permission denied to try to nano edit the file and file is only mounted when container is running
TNX MAN VERY BEST NEXTCLOUD SETUP CLOUDFLARE CONFİGURE VİDEO TNX TNX TNX ♫ ♥