[GUIDE] Nextcloud on WD My Cloud

Official website

Demo: https://demo.nextcloud.com

In this guide I’ll provide a complete and secure Nextcloud setup for the WD My Cloud NAS.
Benefits:

• Cloud access directly to your box, not via WD servers
• Better integration with multiple apps available for any platform (so it’s a valid replacement for the deprecated PC suite)
• Modern look and feel
• Many extensions available
• Automatic HTTPS certificates with LetsEncrypt

Problems:

• The WD web interface must be disabled to run Nextcloud. You can switch it back on, but its either WD web or Nextcloud, not both.
• Only static public IP addresses supported for now… feel free to setup DynDNS / NoIP
• Use at your own risk. WD support won’t help you here. You need SSH access to set it up.

Step 1: Get Docker and Docker Compose
Docker is available here. Install it with the WD web interface.
Docker Compose can be installed on all WD platforms with python pip.
Get Entware from wdcommunity.com and install it with the WD web interface.

opkg install python-pip
pip install setuptools 
pip install docker-compose

Verify it worked

# which docker-compose
/opt/bin/docker-compose

Step 2: Get a domain
You really need a domain name, otherwise you’ll have to deal with big security warnings in your browser.
Just google for a free one if you don’t want to pay for it.

Let’s assume we registered mycloud.domain.com to point to our IP address.
Warning: getting your domain name activated may take a couple of hours.

Step 3: Open up port 80 and 443 in your home router. I’m assuming you’re connected to your ISP behind a router here. Forward port 80 and 443 of the IP of your NAS to the public WAN.

Step 4: Stop the WD web interface
Open up an SSH session to your My Cloud NAS and stop the apache service.

kill $(pidof httpd)

Ensure ports 80 and 443 are free. No process may occupy these ports.

netstat -tulpn | grep 80
netstat -tulpn | grep 443

Step 5: Prepare a working directory

cd /shares/Volume_1
mkdir nextcloud && cd nextcloud

Step 6: Get the Docker Compose yaml and run the whole stack

opkg install git-http

Pick the set of instructions that applies to your NAS.

git clone https://github.com/nextcloud/docker
cd docker/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache

vi db.env

vi docker-compose.yml

- VIRTUAL_HOST=mycloud.domain.com
- LETSENCRYPT_HOST=mycloud.domain.com
- LETSENCRYPT_EMAIL=some.valid@email.com    # used for expiration warnings

docker-compose up -d

git clone https://github.com/stefaang/multiarch-letsencrypt-nginx-proxy
cd multiarch-letsencrypt-nginx-proxy/nginx-proxy-2containers
docker-compose up -d

cd ../..

version: '3.1'

volumes:
  nextcloud:
  
services:
  app:
    image: nextcloud
    restart: always
    environment:
      NEXTCLOUD_ADMIN_USER: admin
      NEXTCLOUD_ADMIN_PASSWORD: verysecretpassword
      VIRTUAL_HOST: mycloud.domain.com
      LETSENCRYPT_HOST: mycloud.domain.com
      LETSENCRYPT_EMAIL: some.valid@email.com
    volumes:
      - nextcloud:/var/www/html
      - /shares/Public:/mnt/Public  # add any share you want

networks:
  default:
    external:
      name: webproxy

export COMPOSE_HTTP_TIMEOUT=300
docker-compose up -d

Extras

services:
  app:
    ...
    volumes:
      - nextcloud:/var/www/html
      - /shares/Public:/mnt/Public  # add any share you want

 docker-compose down

httpd -f /usr/local/apache2/conf/httpd.conf -k graceful

 alias occ="docker-compose exec --user www-data app php occ"

occ status
  - installed: true
  - version: 15.0.0.10
  - versionstring: 15.0.0
  - edition: 

occ config:system:get trusted_domains

occ config:system:set trusted_domains 1 --value=mycloud.domain.com

# cdnp && cd _docker/volumes
# find . -wholename "*/config/config.php"
./nextcloud_nextcloud/_data/config/config.php

vi ./nextcloud_nextcloud/_data/config/config.php

'trusted_domains' =>
array (
  0 => 'mycloud.mooo.com',
)

docker ps

docker logs nextcloud_db

Good luck and enjoy!

EDIT: doesn’t work in the latest firmware release

The WD web interface runs at ports 80 and 443 by default.
This is defined in /usr/local/apache2/conf/extra/ports.conf.

Listen 80

<IfModule ssl_module>
        Listen 443 https
</IfModule>

To move it to another port, e.g. 8080 and 8443, you may use these commands.

PORTCFG=/usr/local/apache2/conf/extra/ports.conf
sed -i 's# 80^# 8080#' ${PORTCFG}
sed -i 's# 443 https# 8443 https#' ${PORTCFG}
kill -HUP $(pidof httpd)

Add these lines to your docker start.sh to run this automatically on boot.
This keeps the ports 80 and 443 free for your Nextcloud setup.

Thank you for this easy step-by-step tutorial.

Do you know how the performance of Nextcloud on an ARM WD MyCloud will be?
Especially looking at gallery and thumbnail creation.

I am using a WD MyCloud EX2 Ultra.

The database options are limited on ARM platforms so you’re forced to use sqlite3. It’s okay for a personal backup and easy sharing but I wouldn’t use it for a whole school.
The major benefit is the 100 pct uptime and better app support, which you don’t have via mycloud.com…

Sounds good! How are your experiences with spin down of the hard drives when they are not in use? I installed Docker on the NAS a while ago and I was not sure if it would go to sleep.

Many processes could keep the drives awake.
Docker runs in debug mode, you may want to turn that off by removing -D here.
The docker containers may be spamming a lot of logs that get saved to disk too…
I’d consider turning off the logging an exercise for the experienced reader as it makes debugging a bit harder. Tune your application configs properly and the disks will spin down.

You could use iotop or dstat to monitor who is using the md0 raid array.

dstat -tdD md0

Get it via entware (opkg install dstat iotop) or docker)

Thanks for your help so far.

When I tried moving the Web Interface to different ports, it was not able to login anymore… When I moved it back, it started working again.

Have you experienced this problem before? I will look into it and tell you if I find a solution.

Yeah I’ve seen it too… it interferes with the 4 and 60 second reset so I’d recommend to not use the custom port yet. There’s no reset for 3rd apps I guess…

Have you seen the “503 Temporary not available” error of nginx before? Certificate works, everything is up, except I cannot reach nextcloud over the proxy…

Tried looking at this summary page for the error, but haven’t been able to fix it yet
https://groups.google.com/forum/#!topic/nginx-proxy/aY1FJJXNq0k

Any ideas?

Ermmm I’m afraid I forgot to upload my changes to my fork of buchdags branch…
I based my work on Evert Ramos repo.
However, that repo doesn’t work on ARM, so I used this to build the thing from scratch.

You’ll need to remove the networkmode: bridge fields and append this instead

networks:
 default:
   external:
     name: webproxy

This will connect all your containers (both from the nginx proxy and the nextcloud docker compose files) to a single webproxy network. You can then easily append any other service to this webproxy with the proxy companion (I recommend reading the documentation in Evert’s repo).

Fixed: Use webproxy network · stefaang/multiarch-letsencrypt-nginx-proxy@7ed723f · GitHub

Thanks for the quick reply.

BIG EDIT: It was a DNS configuration issue.

BTW: beercan1989/arm-mysql works fine for me on ARM

You have no idea how many zillions of database configurations and docker hub examples I’ve tried… I’m looking forward to test this one!

Hello, were you guys able to get the interface running without interfering with the WD My Cloud interface?

You can choose a self-signed certificate instead of letsencrypt and run Nextcloud on another port, but then you get the annoying browser warnings (like for the https version of the wd web interface).

Thanks! Do you have any idea what would be required to avoid the annoying browser warnings. I’m not intimately familiar with the nuances of certificates. Perhaps if you create a certificate for the server to use, while sshed into it, and then trust the certificate when attempting to visit it?

Letsencrypt must use the standardized ports 80 and 443 to be certified authority (CA). If they wouldn’t follow the standard practices, their certificates would no longer be trusted by other CAs and your users will get browser warnings about untrusted certificates. See here.
It’s literally the definition of a certificate: proof of trust by multiple authorities.

Problem
The WD web interface occupies port 80 and 443.
Solution A
Stop the WD web interface so you can use Letsencrypt and automatic certificate renewal and browser comfort. Enable WD web interface again when you need it after stopping the nginx proxy service.
Solution B
Don’t use Letsencrypt and live with a bit less comfort. You’ll need to do your own research on how to use a custom port. Surf to https://{yournasIP} to get a taste.
Solution C
Don’t use this guide at all and live happily ever after without Nextcloud.

The level of required comfort depends a bit on your user base: is it just for you or do you want to serve other people as well… Do you use many different browser instances or not (you’ll have to accept the certificate on all of them).

Hi, thanks again for the input. I’m ok with accepting the certificate in multiple places (generally only use one browser anyways), and it is only me who will be accessing the device, for 99% of the time at least.

I’m looking to set up something like the following on the My Cloud device:
MySQL - NextCloud
NextCloud
GitLab
JIRA
MySQL - Custom DB
WebServer
VPN

Currently considering docker as a means to achieve at least most of these items, since it seems fairly straightforward, but have never used docker either, I found this video a little earlier, which was great but still am lacking confidence:

They use nginex and letsencrypt sort of like you’re suggesting, I think…

Edit: Apparently you were the one who made that original post.

Your posts have been super helpful!

Hello, I’m trying to install Nextcloud on My PR4100, but getting following error:
root@MyCloudPR4100 nextcloud # git clone GitHub - nextcloud/docker: ⛴ Docker image of Nextcloud

-sh: git: not found

root@MyCloudPR4100 nextcloud # /opt/bin/opkg install git

Package git (2.21.0-1) installed in root is up to date.

DO you have any sudgestion?
Thank you.

/opt/bin is not in your PATH by default. Either login again over SSH to activate /etc/profile from the freshly installed entware package or source the file.

. /etc/profile

Important issue!

1. Downloaded and successfully installed docker,
2. Downloaded and successfully installed Entware
3. Install python, setuptools and pip.
   **4. Can’t install docker-compose with pip.
   I’m getting following error:
   unable to execute ’x86_64-openwrt-linux-gnu-gcc’: No such file or directory
   error: command ’x86_64-openwrt-linux-gnu-gcc’ failed with exit status 1

ERROR: Command “/opt/bin/python2 -u -c ’import setuptools,
tokenize;file=’”’“’/tmp/pip-install-BYwYn3/cffi/setup.py’”’“’;f=getattr(tokenize,
’”’“’open’”’“’, open)(file);code=f.read().replace(’”’“’\r\n’”’“’,
’”’“’\n’”’“’);f.clos
e();exec(compile(code, file, ’”’“’exec’”’“’))’ install --record
/tmp/pip-record-QUJKxq/install-record.txt
–single-version-externally-managed --prefix
/tmp/pip-build-env-LTNu8A/overlay --compile” failed with error code 1
in /tmp/pip-
install-BYwYn3/cffi/

ERROR: Command “/opt/bin/python2 /opt/lib/python2.7/site-packages/pip
install --ignore-installed --no-user --prefix
/tmp/pip-build-env-LTNu8A/overlay --no-warn-script-location
–no-binary :none: --only-binary :none: -i Simple index –
’setuptools>=18.5’ wheel ’cffi>=1.8,!=1.11.3; python_implementation !=
’”’“’PyPy’”’“’’” failed with error code 1 in None

Do you have any solution for this??