[GUIDE] Nextcloud on WD My Cloud

Official website

Demo: https://demo.nextcloud.com

In this guide I’ll provide a complete and secure Nextcloud setup for the WD My Cloud NAS.
Benefits:

  • Cloud access directly to your box, not via WD servers
  • Better integration with multiple apps available for any platform (so it’s a valid replacement for the deprecated PC suite)
  • Modern look and feel
  • Many extensions available
  • Automatic HTTPS certificates with LetsEncrypt

Problems:

  • The WD web interface must be disabled to run Nextcloud. You can switch it back on, but its either WD web or Nextcloud, not both.
  • Only static public IP addresses supported for now… feel free to setup DynDNS / NoIP
  • Use at your own risk. WD support won’t help you here. You need SSH access to set it up.

Step 1: Get Docker and Docker Compose
Docker is available here. Install it with the WD web interface.
Docker Compose can be installed on all WD platforms with python pip.
Get Entware from wdcommunity.com and install it with the WD web interface.

opkg install python-pip
pip install setuptools 
pip install docker-compose

Verify it worked

# which docker-compose
/opt/bin/docker-compose

Step 2: Get a domain
You really need a domain name, otherwise you’ll have to deal with big security warnings in your browser.
Just google for a free one if you don’t want to pay for it.

Let’s assume we registered mycloud.domain.com to point to our IP address.
Warning: getting your domain name activated may take a couple of hours.

Step 3: Open up port 80 and 443 in your home router. I’m assuming you’re connected to your ISP behind a router here. Forward port 80 and 443 of the IP of your NAS to the public WAN.

Step 4: Stop the WD web interface
Open up an SSH session to your My Cloud NAS and stop the apache service.

kill $(pidof httpd)

Ensure ports 80 and 443 are free. No process may occupy these ports.

netstat -tulpn | grep 80
netstat -tulpn | grep 443

Step 5: Prepare a working directory

cd /shares/Volume_1
mkdir nextcloud && cd nextcloud

Step 6: Get the Docker Compose yaml and run the whole stack

opkg install git-http

Pick the set of instructions that applies to your NAS.

Instructions for WD MyCloud PRx100 or DLx100 NAS
git clone https://github.com/nextcloud/docker
cd docker/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache

Step 7: Edit the config
Edit the database variables

vi db.env

Press i to enter editing mode.
Generate a strong password for mysql user.
Press ESC and type :wq to save and quit.

Edit the compose file

vi docker-compose.yml

Press i to enter editing mode.
Set a strong password for MYSQL_ROOT_PASSWORD, fill in your domain name (see step 2)

- VIRTUAL_HOST=mycloud.domain.com
- LETSENCRYPT_HOST=mycloud.domain.com
- LETSENCRYPT_EMAIL=some.valid@email.com    # used for expiration warnings

Press ESC and type :wq to save and quit.

Now simply bring up the whole stack

docker-compose up -d

And now your site should be available in a few minutes…

Ignore the instructions for ARM below.

Instructions for other ARM based My Cloud NAS

Build and run the nginx proxy service for ARM. This may take a while.

git clone https://github.com/stefaang/multiarch-letsencrypt-nginx-proxy
cd multiarch-letsencrypt-nginx-proxy/nginx-proxy-2containers
docker-compose up -d

Now prepare the Nextcloud app.

cd ../..

It’s hard to find a Mariadb / Mysql (InnoDB) / Postgres database for ARMv7. I’ve tested many images from docker hub and almost none of them were compatible with Nextcloud.

TODO: add beercan1989/arm-mysql + redis + cron

Create a docker-compose.yml with the following content (and update the environment values)

version: '3.1'

volumes:
  nextcloud:
  
services:
  app:
    image: nextcloud
    restart: always
    environment:
      NEXTCLOUD_ADMIN_USER: admin
      NEXTCLOUD_ADMIN_PASSWORD: verysecretpassword
      VIRTUAL_HOST: mycloud.domain.com
      LETSENCRYPT_HOST: mycloud.domain.com
      LETSENCRYPT_EMAIL: some.valid@email.com
    volumes:
      - nextcloud:/var/www/html
      - /shares/Public:/mnt/Public  # add any share you want

networks:
  default:
    external:
      name: webproxy

Start the Nextcloud app. The nginx proxy helper should generate a LetsEncrypt certificate automatically for your domain.

export COMPOSE_HTTP_TIMEOUT=300
docker-compose up -d

Open up your domain in the browser and enjoy your personal cloud!

Extras

Add existing WD shares as External Storage

Your existing shares are normally not available in the Nextcloud container.
Edit the docker-compose.yml and add the full share path (e.g. /shares/Public) to the nextcloud app with a mountpoint (e.g. /mnt/Public).

services:
  app:
    ...
    volumes:
      - nextcloud:/var/www/html
      - /shares/Public:/mnt/Public  # add any share you want

In the Nextcloud menu, go to apps and install the External Storage application.
In the Nextcloud configuration menu, in the admin tab, select External Storage.
Add a source with type Local and path /mnt/Public.
Now you can access the Public share from within your cloud.

Restore WD web UI

If you wish to start the WD web interface again later, ensure ports 80 and 443 are free by stopping the apps

 docker-compose down

and then start apache again

httpd -f /usr/local/apache2/conf/httpd.conf -k graceful
Nextcloud command line

You can setup this alias for the docker command line

 alias occ="docker-compose exec --user www-data app php occ"
occ status
  - installed: true
  - version: 15.0.0.10
  - versionstring: 15.0.0
  - edition: 
Trusted domain access

If you get an error about access denied for untrusted domain, you’ll need to add your domain to the trusted domains. This can be done with the Nextcloud command line.
List the domains

occ config:system:get trusted_domains

Add your domain

occ config:system:set trusted_domains 1 --value=mycloud.domain.com

Alternative solution: edit config.php in the nextcloud data volume manually.
Here’s how to look it up.

# cdnp && cd _docker/volumes
# find . -wholename "*/config/config.php"
./nextcloud_nextcloud/_data/config/config.php

Edit the file

vi ./nextcloud_nextcloud/_data/config/config.php

Press / and type trust to go to the section with trusted domains, press i to enter text mode and fill in your hostname

'trusted_domains' =>
array (
  0 => 'mycloud.mooo.com',
)

Press ESC, type :wq to write and quit.
Now reload the website in your browser.

Debugging tips

Show running containers

docker ps

Show logs for the nextcloud_db container

docker logs nextcloud_db

Good luck and enjoy!

3 Likes

EDIT: doesn’t work in the latest firmware release

The WD web interface runs at ports 80 and 443 by default.
This is defined in /usr/local/apache2/conf/extra/ports.conf.

Listen 80

<IfModule ssl_module>
        Listen 443 https
</IfModule>

To move it to another port, e.g. 8080 and 8443, you may use these commands.

PORTCFG=/usr/local/apache2/conf/extra/ports.conf
sed -i 's# 80^# 8080#' ${PORTCFG}
sed -i 's# 443 https# 8443 https#' ${PORTCFG}
kill -HUP $(pidof httpd)

Add these lines to your docker start.sh to run this automatically on boot.
This keeps the ports 80 and 443 free for your Nextcloud setup.

1 Like

Thank you for this easy step-by-step tutorial.

Do you know how the performance of Nextcloud on an ARM WD MyCloud will be?
Especially looking at gallery and thumbnail creation.

I am using a WD MyCloud EX2 Ultra.

The database options are limited on ARM platforms so you’re forced to use sqlite3. It’s okay for a personal backup and easy sharing but I wouldn’t use it for a whole school.
The major benefit is the 100 pct uptime and better app support, which you don’t have via mycloud.com

Sounds good! How are your experiences with spin down of the hard drives when they are not in use? I installed Docker on the NAS a while ago and I was not sure if it would go to sleep.

Many processes could keep the drives awake.
Docker runs in debug mode, you may want to turn that off by removing -D here.
The docker containers may be spamming a lot of logs that get saved to disk too…
I’d consider turning off the logging an exercise for the experienced reader as it makes debugging a bit harder. Tune your application configs properly and the disks will spin down.

You could use iotop or dstat to monitor who is using the md0 raid array.

dstat -tdD md0

Get it via entware (opkg install dstat iotop) or docker)

Thanks for your help so far.

When I tried moving the Web Interface to different ports, it was not able to login anymore… When I moved it back, it started working again.

Have you experienced this problem before? I will look into it and tell you if I find a solution.

Yeah I’ve seen it too… it interferes with the 4 and 60 second reset so I’d recommend to not use the custom port yet. There’s no reset for 3rd apps I guess…

Have you seen the “503 Temporary not available” error of nginx before? Certificate works, everything is up, except I cannot reach nextcloud over the proxy…

Tried looking at this summary page for the error, but haven’t been able to fix it yet
https://groups.google.com/forum/#!topic/nginx-proxy/aY1FJJXNq0k

Any ideas?

Ermmm I’m afraid I forgot to upload my changes to my fork of buchdags branch…
I based my work on Evert Ramos repo.
However, that repo doesn’t work on ARM, so I used this to build the thing from scratch.

You’ll need to remove the networkmode: bridge fields and append this instead

networks:
 default:
   external:
     name: webproxy

This will connect all your containers (both from the nginx proxy and the nextcloud docker compose files) to a single webproxy network. You can then easily append any other service to this webproxy with the proxy companion (I recommend reading the documentation in Evert’s repo).

Fixed: https://github.com/stefaang/multiarch-letsencrypt-nginx-proxy/commit/7ed723fd665bff86823c338c7027896b1a462aaf#diff-b579103e2aeeb1d024a2e64ee352eb9f

Thanks for the quick reply.

BIG EDIT: It was a DNS configuration issue.

BTW: beercan1989/arm-mysql works fine for me on ARM :slight_smile:

1 Like

You have no idea how many zillions of database configurations and docker hub examples I’ve tried… I’m looking forward to test this one!

Hello, were you guys able to get the interface running without interfering with the WD My Cloud interface?

You can choose a self-signed certificate instead of letsencrypt and run Nextcloud on another port, but then you get the annoying browser warnings (like for the https version of the wd web interface).

Thanks! Do you have any idea what would be required to avoid the annoying browser warnings. I’m not intimately familiar with the nuances of certificates. Perhaps if you create a certificate for the server to use, while sshed into it, and then trust the certificate when attempting to visit it?

Letsencrypt must use the standardized ports 80 and 443 to be certified authority (CA). If they wouldn’t follow the standard practices, their certificates would no longer be trusted by other CAs and your users will get browser warnings about untrusted certificates. See here.
It’s literally the definition of a certificate: proof of trust by multiple authorities.

Problem
The WD web interface occupies port 80 and 443.
Solution A
Stop the WD web interface so you can use Letsencrypt and automatic certificate renewal and browser comfort. Enable WD web interface again when you need it after stopping the nginx proxy service.
Solution B
Don’t use Letsencrypt and live with a bit less comfort. You’ll need to do your own research on how to use a custom port. Surf to https://{yournasIP} to get a taste.
Solution C
Don’t use this guide at all and live happily ever after without Nextcloud.

The level of required comfort depends a bit on your user base: is it just for you or do you want to serve other people as well… Do you use many different browser instances or not (you’ll have to accept the certificate on all of them).

Hi, thanks again for the input. I’m ok with accepting the certificate in multiple places (generally only use one browser anyways), and it is only me who will be accessing the device, for 99% of the time at least.

I’m looking to set up something like the following on the My Cloud device:
MySQL - NextCloud
NextCloud
GitLab
JIRA
MySQL - Custom DB
WebServer
VPN

Currently considering docker as a means to achieve at least most of these items, since it seems fairly straightforward, but have never used docker either, I found this video a little earlier, which was great but still am lacking confidence:


They use nginex and letsencrypt sort of like you’re suggesting, I think…

Edit: Apparently you were the one who made that original post.


Your posts have been super helpful!

Hello, I’m trying to install Nextcloud on My PR4100, but getting following error:
root@MyCloudPR4100 nextcloud # git clone https://github.com/nextcloud/docker

-sh: git: not found

root@MyCloudPR4100 nextcloud # /opt/bin/opkg install git

Package git (2.21.0-1) installed in root is up to date.

DO you have any sudgestion?
Thank you.

/opt/bin is not in your PATH by default. Either login again over SSH to activate /etc/profile from the freshly installed entware package or source the file.

. /etc/profile

Important issue!

  1. Downloaded and successfully installed docker,
  2. Downloaded and successfully installed Entware
  3. Install python, setuptools and pip.
    **4. Can’t install docker-compose with pip.
    I’m getting following error:
    unable to execute ’x86_64-openwrt-linux-gnu-gcc’: No such file or directory
    error: command ’x86_64-openwrt-linux-gnu-gcc’ failed with exit status 1

ERROR: Command “/opt/bin/python2 -u -c ’import setuptools,
tokenize;file=’”’"’/tmp/pip-install-BYwYn3/cffi/setup.py’"’"’;f=getattr(tokenize,
’"’"’open’"’"’, open)(file);code=f.read().replace(’"’"’\r\n’"’"’,
’"’"’\n’"’"’);f.clos
e();exec(compile(code, file, ’"’"’exec’"’"’))’ install --record
/tmp/pip-record-QUJKxq/install-record.txt
–single-version-externally-managed --prefix
/tmp/pip-build-env-LTNu8A/overlay --compile" failed with error code 1
in /tmp/pip-
install-BYwYn3/cffi/

ERROR: Command “/opt/bin/python2 /opt/lib/python2.7/site-packages/pip
install --ignore-installed --no-user --prefix
/tmp/pip-build-env-LTNu8A/overlay --no-warn-script-location
–no-binary :none: --only-binary :none: -i https://pypi.org/simple
’setuptools>=18.5’ wheel ’cffi>=1.8,!=1.11.3; python_implementation !=
’”’"’PyPy’"’"’’" failed with error code 1 in None

Do you have any solution for this??