Nextcloud server: my new setup

For the past year or so, I’ve been running a personal Nextcloud instance which ran off of a Raspberry Pi 3B+. When I got it set up, I used NextCloudPi, a super easy way to get a Nextcloud server up and running in no time. I’ve been using the image for the past year and I’ve loved it, but did still have a few issues. First off, performance was pretty poor, and second, when things broke (which they sometimes did), I didn’t know enough about the initial setup to fix it on my own.

So, I’ve built a new server, which has the following improvements over my previous server:

I’ll outline the rationale of the new technology choices below:

1 nginx replaces Apache

Quoting them, “NGINX was written specifically to address the performance limitations of Apache web servers”. The research that I did online seemed to back this up; nginx should outperform Apache on for my tiny Nextcloud.

2 PostgreSQL replaces MariaDB

There’s no great reason for this other than after asking people on irc channels and in forums, I was urged to try out PostgreSQL, again with the promise of better performance.

3 Arch Linux ARM replaces Raspbian

This is a big change. As mentioned earlier, my Raspberry Pi is a model 3B+. Its BCM2837B0 chip brings support for the ARMv8 architecture, which is 64 bit (AArch64). Despite this, Raspbian and indeed most distributions that tend to be run on the Raspberry Pi are only 32-bit, and so don’t benefit from the improvements ARMv8 brings (which admittedly are not that noticeable considering the Raspberry Pi 3B+ only supports a maximum of 1GB of RAM).

That being said, since I use Arch on my main PC (btw I use Arch) and have done so for a couple years at this point, I made the switch to using Arch on the rPi as well. Arch Linux ARM has support for ARMv8, and so it was settled.

The move to Arch Linux ARM was not painless; whilst I prefer the OS, I’ve had a large number of issues with Wi-Fi drivers. I’ll go into more detail with these issues in a later post.

Final thing to note here is that the rPi’s drive is now fully encrypted as well, which is nice.

4 Everything now runs in Docker containers

Whilst I didn’t initially plan on this, during the install process for nginx I was reading the Arch Wiki which recommended a chroot based install for added security. The point of this isn’t that chroot is particularly more secure than any other container system, but instead that simply using any container system has added security benefits. So, after more suggestions on irc, I set up the server using Docker.

Nextcloud already have a git repository containing examples of possible setups. As mentioned before I’m using nginx, this is done using their php-fpm image. My certificates are auto-generated, and it uses nginx-proxy to add a proxy layer (added security). Note that part of their setup uses jrcs/docker-letsencrypt-nginx-proxy-companion, which only has an image on Docker Hub for x86_64. There is a way around this though; I’ll detail that in another post.

5 Conclusion

I have another Raspberry Pi and plan on linking it to the main one, hosting them in Docker’s “swarm mode”. Apart from that, though, I really like this setup and consider it an improvement over my previous setup.