NextCloud Without Port Forwarding via Cloudflare Tunnels

Thank you so much for sharing this! You made my deployment way a lot easier. Appreciate your time and effort!

Man! Thank you so much for this video and all your knowledge! I have like 3 weeks fighting with NGINX, firewalls, stacks, etc... and now finally with this solution everythong is working as intended! I'm already a Patreon but is nothing for all the stuffs you do and teach us! Thank you again! (Sorry for my english, is my second language).

Man, you rock....have been messing with nextcloud for a while and though I like it, setup has always been hit or miss, this one finally has all the right markers and get to use it with tunnels. You are a champ as always.

Wow dude. Thank you. I was struggling so much deploying this. And your guide helped me out so so much. Thanks a ton mate. I learnt a bit too.

Thank you so much for the video, it helped me a lot. It's people like you that make the world a smarter place.

I was just looking for this last night, and you posted this today. Crazy! Obliterating that like button! 😃

I’m glad I watched enough of the video to hear this is a OMV video. I’ve been searching for this exact content. Thank you sir

Thanks for the video, I was struggling with this for an embarrassing amount of time. Thank you so much!

This is a great video, thank you very much. I struggled for days to get this working the way you go through it (makes it look easy). But my setup, which I thought was similar to yours, really was not because my home lab did not have the DSL router in bridge mode. I am using the Bell HH4000 and the only way I could figure to get it into bridge mode was to buy a NetGear pfsense firewall and configure my HH4000 with the DMZ advanced mode. I am hoping my days of struggling and learning helps someone. I also forgot to open the UFW port 8080 on my host.

Super great tutorial, I setup with just docker instead of portainer with it and still found this super helpful. Thanks!

This video was super helpful in getting my NextCloud setup with access through Cloudflare tunnels. Liked and tip sent.

You don't actually need to redeploy the container to change the restart policy. Just go into the container, find the restart policies section and change it, then hit update. For me, so far, this has always worked. But thanks for this great info, helped me out immensely!

I love that you made this video. It's a great practical demo of how to setup cloudflared tunnels!
However, I would like to warn you as well as people reading the comments that those Apache settings are dangerous! They're basically enabling a slow-loris attack, a very simple and affective DOS wherein the attacker bogs down your server by choking it it with a few long-running bogus requests.
If you wish to upload large files to your Nextcloud server, I recommend leaving the Apache settings as-is and using the desktop sync client, as it will break them intelligently into smaller chunks for upload. The browser client isn't setup to do this (AFAIK).

Hi David, longtime viewer, love your videos. Have you ever tried maximizing next cloud storage capacity to use external storage like say an attached storage on your OMV setup or even a network attached drive on the network?

Wow! I wasn't even aware that there is something called cloudflare tunnel. Seems like a great solution compared to port forwarding and lesser headaches! Thanks as always.

Thank you David. This video helped me a lot.

Hey David, thanks for this video. Can you please explain the "fixing caldav" part? I didn't understand what you do on this part. Thank you in advance.

Thanks for the guide, I got this one working over the other guide.
Though it seems like:
1. You get this prompt about HSTS which wasn't discussed: The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.
2. There are other issues that the redirects didn't resolve:
- Your web server is not properly set up to resolve "/.well-known/webfinger".
- Your web server is not properly set up to resolve "/.well-known/nodeinfo".

keep it up with these docker image tutorials!!!!!

Thank you for the video , has fixed some of my older problems .
for some reason the background jobs are not executing and uptimekoma is runnning and up

thanks for the info as always. how do you go about resolving the webfinger/nodeinfo redirects afterwards?

Do you have an example of what it looks like or to setup the docker volume share path? Example I would want to use my NAS. Thank you for your videos.

you are very smart, and have a lot of information, unfortunately your communication is tailored to "other" people that are not me, i've seen and re-seen your videos and still do not understand what your doing. thanks for sharing, and hopefully one day i can understand what you are saying

Hey! I've followed the steps in this video to setup a Nextcloud instance using Docker and Portainer. I'm using Cloudflare Tunnel to access it on the internet, but I'm unable to use video calls in Nextcloud Talk because it needs a Turn Server. Could you please make a video on how to set that up in Docker using Portainer?

Any idea how to make Nextckoud Office or OpenOffice to work with this setup ? "Collabora Online - Built-in CODE Serve" or "Community Document Server " refuse to work.

I'm facing an issue, my public hostname gets me no where and just times out.
My setup is: nextcloud running as a plugin on truenas. Installed the cloudflare agent on a VM running docker inside the truenas.
Any ideias? I have tried everything

Hi! Thanks for this video. Will all the customisations done to the container remain after image update?

That 'overwriteprotocol' setting saved my day, many thanks, sir!

Hi
Are you planning for updating this for Nextcloud All in One? It is quite different than this version and it is recommended installation method. Thanks for your videos

I can confirm the 100mb limitation is there. For some reason if you upload via web interface it works but if you use the nextcloud client or WebDAV it stops as soon as the file hits 100mb. More investigation is needed.
P.s. I confirmed with cloudflare documentation. All HTTP POST request size is limited to 100mb on the free plan..So if you use the desktop client ( WebDAV based) or any other WebDAV client , and need to upload large files this method is not for you. If you only use the web interface you should be fine !

how to access home assistant from outside local network running home assistant on a docker container with no add ons

I am trying to set up the cardav part in my truenas scale thru its shell but for reason the config wont save

Very helpful, thank you very much!!

Thank you every time!

Thanks for the great video! I'm kind of new to all this and was wondering why you don't need to specify PUID and PGID in the docker compose? I've seen in all the linuxserver docker stacks that they use 1000 for "easy user mappings"

I have a similar setting with cloudflare tunnel, but I can not get the real IP addresses when someone tries to logging into my cloud. So it's a security issue. There is a way to fix it without reverseproxymanager?

9:46 When you installed recommended app, will it make nextcloud container same as nextcloud/all-in-one docker images?

Excellent video, only one thing, I did everything but I still got the HTTPS warning, even though I can access my site via a domain, the Nextcloud App stills marks it as insecure and somehow I'm unable to get the menu to display...

I was hoping I could find a solution to my problem. I have Nextcloud running behind a reverse proxy and no exposed ports on the container. I'm able to get to it through the internal domain I set up the proxy rule for but using my Cloudflare tunnel external domain causes it to redirect to the internal one which means I can't access it from outside my network. I don't have an issue with the other services I have running through a Cloudflare tunnel and it seems to be something specific with Nextcloud that I'd like to either disable or configure to work with Cloudflare. I was hoping this video would help but DBTech isn't running behind a reverse proxy and in fact I never even get the error about an untrusted domain.

Editing the file for caldav was good but when I updated, obviously, nextcloud wiped what I did in this file. I don't want to update this file everytime so I don' t know if there's a definitive solution.

Hi, nice tutorial, only have one problem, I set everything up and it works fine but upload speeds are terrible, it uploads everything, no matter the size, at less than 50 KB/s, the thing is that only happens if I use it through cloudflare tunnels, if I open my ports to access it directly (which I only did for testing, it's not something I'd like doing), the upload speeds are much higher, just what they should be, any ideas?

Anybody knows how to edit the 000-default.conf file in a Unraid instance? no matter what I tried in command line I get permission denied to try to nano edit the file and file is only mounted when container is running

THANK YOU !!!! I was googling for hours on how to address the "trusted _domains" issue. Love you content David

Just found this amazing video but my issue is that I can now access my Nextcloud through Cloudflare tunnel, but the desktop and mobile app cannot. Do you know why that would be case?

FYI to anyone, when you set up your cloudflare and put force policy HTTP to HTTPs, do not put overwriteprotocol to HTTPS in config.ini. It would cause infinite loop of redirect.

You are the best!! Thanksss

So if I follow all these steps mentioned in the video, I should able to to access my nextcloud setup on mobile app outside my home network?
is cloudflare is same like twingate?

have you had the issue?:
"Your data directory and files are probably accessible from the internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root."
if so, how did you fix it?

Hello, just on this I have no issue getting your set up however I cant get this working with the app? It says theres a malformed server config, I dont knnow what that refers to althoguh

If I got it right you can use a cloudflare tunnel not only to access your services running on a server with their own domain without opening ports, but you can also get access to your own Home LAN to use, i.g, RDP, to fetch your files as you would do via a VPN like Wireguard and OpenVPN. It seems that you need such a WARP app and set another service on your cloudflare account. Any chance to get a new video tutorial about that? Thanks

I'm currently trying to run this, but when I try to connect to my nextcloud using the cloudflare tunnel, it runs so slow. I runs perfectly when I use the my.local.ip:port locally. please help!

Can you get talk working while using a Cloudflare tunnel on NextCloud? I mean it works but no audio or video can make it off the network. I can not seem to find any docs on this.

Great job, even in 2024 this is still relevant. Worked perfect with all the latest versions. Can you explain how one would add my unraid shares, array or even a pool disk? I have a large doc file already on my array and would like to access them from nextcloud. Thanks again.

First - Excellent RUclips Channel. Did you really quick your day job to do RUclips? Kudos to your vidio editor too. 🙂 My question is. I currently expose a random port on my firewall and then use Cloudflare Origin rule to rewrite 443 to the random rule that I have open on my firewall - then port Forward from random port to 443 to my Nginx proxy server. And now for the question. With CloudflarD Tunnels, do I still need Nginx? Cuz the last two times I installed this on my Docker it broke my RPI. Thank you and keep up the good work.
Chris

Hi, would there be any issues with cloudflare tunnel t&c if I mainly used nextcloud to backup photos & videos?

Thank you!
But how about the 100mb cloudflare size limit? Can i do anything on server side? To upload big files with browser...?
Instead of using nextcloud client and set chunksizes ...

Any chance this video can be rebuilt for NextCloud All in One? The docker compose file isn't the same and it runs an https validation before component install. Also, once NextCloud is up and running, how do you add more storage after the fact?

Thanks for the tutorial.

HELPPPP! I get an error after creating my tunnel saying "Your data directory is readable by other users.
Please change the permissions to 0770 so that the directory cannot be listed by other users." I tried chmod, chown, recreating a user... it was intalled on root user with OMV6 on external drive. I don't know what to do :( can you please help me...?

do you have video for the update with nextcloud aio docker compose?

Has anyone been able to make this work with collabora document server? Doesn't seem to work for me.

Cool, exactly what I was looking to learn today. Please tell me the mail passwords have been amended since this from config.php though?

How do you deal with cloudflare shutting down your account for violating the ToS? The user agreement specifically states that cloudflare is to be used to host web pages etc. and file transfer, as well as streaming via cloudflare will result in them suspending your account.

Did you try Talk function? Because cloudflare is not allowing traffic for STUN ports..

how do i add additional storage via a usb drive?

Will those setting stay persistent if you update your NextCloud container??

Hi David love the tutorial... I have more questions than answers... I noticed that you had 2 instances of next-cloud running, of which they did not have the standard portainer IP schema. Did you use a MAC Vlan or did you just create a new IP schema for your docker containers. I'm asking because i have followed your instructions to the "T" and i am unable to get my cloud flare tunnel to successfully connect to my next-cloud. It works for a few of my other containers like grafana, and i IOT device i use to monitor the temp in my network room. I even went as far as changing my port from 8443 to 8080 and still the same error.
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

at 8:56 in the video you say "Click here" and poof the nextcloud login screen is presented. What did you click to make that happen? I am not sure if you clicked on nextcloud-app or nextcloud-db and whether you clicked an icon or the 8080:80. Nothing I clicked seems to give the same result

Could you please hit ctrl+ a few times to increase the zoom level of your browser shots.

I have a question. You live in USA and you edit the config file with default_phone_region=US. What should you do, if you don't live in US, e.g.: default_phone_region=AT for Austria or default_phone_region=DE for Germany?

I followed the tutorial and I was able to get it up and running on a Orange Pi 5 with Ubuntu server and M 2 SSD

Thanks for the great content again David. I took this a step forward and added the cloud flare tunnel as a container in my stack using the same network. here is the snippet that I got working with leantime as an app:
version: '3.3'
services:
leantime_tunnel:
container_name: leantime_tunnel
image: 'cloudflare/cloudflared:latest'
restart: unless-stopped
command: tunnel run
networks:
- leantime-net
environment:
- TUNNEL_TOKEN=XXXXXX
networks:
leantime-net:
external: false

Dude, Thank you, finally got this working. Have the transactional file locking error, but I don't care. if ya care to suggest a way to solve it, with out having to redo everything, that woudl be great, but if not, Oh well!! Thanks again!!
p.s. you move fast!! Only thing I have issue with is the php upload size did not change. limits at 586 mb or something like that, I did not use the same composer file as you tho and I don't think I am running the same database either!!! I don't know, I just know that I built a great composer file and you helped me get it all working. So there, as we say down south.... nevermind, I'll refrain and keep plugging at it. I am running progrese or something like that so if ya have any idea why the php upload size might not be changing with the .htaccess edit let me know, and thanks again. Great Vid!!!

Which volume do I want for storage ?. I want to direct the storage to my 2TB drive but not sure which volume that would be for the stack ?.
I see there's this volume directory: /home/docker/nextcloud/db:/var/lib/mysql
then there's a bunch of other ones but I would guess you don't want to mess with those ?.

Please show us how to enable ssl on nextcloud with cloudflare ssl certificates.

Hi David, great tutorial
How does this work with Navidrome, inparticular the app I have on my phone (symphonium). Or would I need to specify different rules specific to navidrome whic hallows the apps to connect?

Starting at 16:00, modifying config file doesn't seem to be the best solution for this. Isn't the image going to be rebuilt when a new version comes out? Meaning your config changes will be overwritten by the default values after updating nextcloud?

Hello, great video. Is anyone else for the Network (eth0) getting Speed:10 Gbps (Duplex:full)? how do i change that to 1000 Gbps?

This is Great, David! I have a cloudflared tunnel with full (strict) with origin certs downloaded that I’ve confirmed can get to my Rpi4 and have installed Nextcloudpi through the install script. My Rpi4 is Raspbian OS 64 Bullseye. The ddns site is registered to a .ml domain, as the config of the tunnel differs with this domain type.
I could be persuaded to install the nextcloudpi through the docker image method, as I now have an SSD in the pi and don’t need to have the data directory on the storage USB drive (not an option in docker image) and I can arrange for the external drive to backup data from connected devices through the nextcloud interface.
The main issue that I’m having is that I cannot seem to have the ddns direct to the nextcloud instance and I keep getting the redirect error message that doesn’t allow it to securely bring up the page.
Apache2 site redacted below:
ServerName 192.168.1.XX
Redirect permanent / sub.domain.com/

ServerName sub.domain.com
DocumentRoot /var/www/nextcloud
CustomLog /var/log/apache2/nc-access.log combined
ErrorLog /var/log/apache2/nc-error.log
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /home/$USER/Documents/sub.domain.com.pem
SSLCertificateKeyFile /home/$USER/Documents/sub.domain.com.key
# For notify_push app in NC21
ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ 127.0.0.1:7867/
ProxyPassReverse /push/ 127.0.0.1:7867/
Options +FollowSymlinks
AllowOverride All
Dav off
LimitRequestBody 0
SSLRenegBufferSize 10486000

Header always set Strict-Transport-Security "max-age=15768000; includeSubDo>
And my Cloudflare Tunnel redacted is:
tunnel: $tunnel-ID
credentials-file: /home/$USER/.cloudflared/$tunnel-ID.json
ingress:
- hostname: sub.domain.com
service: 192.168.1.XX
- service: http_status:404

Has anyone gotten a 502 bad gateway error? I followed everything in the video but still getting the 502. I'm using a raspberry pi.

hello DBtech good video, I tried to do it but it is giving me the error "internal server error" already tried everything, delete the folder, fresh install and it does not work and if it works it comes out sql error

Was going smooth till the apt update, i'm using unraid and when i open the terminal for nextcloud i don't know the root password to run any apt update
Anyone?

According to nextcloud documentation, to update to the next version you have to remove the previous nextcloud container, and doing so you lose the apache configuration (caldav etc.). Is there some way to make this configuration persistent or to embend it in the compose file?

Hey Thanks for this tutorial.
Followed it but I still have some warnings.
1. Strict Transport Security HTTP header is not set to at least "15552000" seconds
2. Your web server is not properly set up to resolve "/.well-known/webfinger"
3. Your web server is not properly set up to resolve "/.well-known/nodeinfo"
I don't know why it's throwing out this issue, I saw the right commands on the config.php file and when you visit the url it works.

Great video. can you show how to use multiple apps on the same cloudflare tunnel? Thank you.

What an awesome tutorial.. Sorry to be late... but.. how can i update nextcloud properly? Pulling latest image version from STACK or CONTAINER..? thankyou!

Thank you!

Hello! I have a problem. I can´t run the portainer console. Portainer have a error: Unable to retrieve image details. Do you know what is the problem? Thanks!

Hi, thank you very much for the tutorial! However, I always get the warning that the Strict-Transport-Security HTTP header is not configured to at least “15552000” and that I should enable HSTS. I already tried some tips involving the default-ssl.conf, but (probably because I'm using a cloudflare tunnel) it is not working. Do you know how to fix this problem?

Hey, im facing difficulty logging in using local access, meaning when i open next cloud using its local address, i can see the login page and when i try to login it doesnt work. any idea why?

Hello, I am using portainer and when I run the docker command to download and run the cloudflare docker image. It does but does not show up in portainer - only docker.
I have setup cloudflare but cannot access the CF url in docker so I am thinking there is some diosconnect between Docker and Portainer.
So is there a way to run the docker cli command to create a conatiner?
I am using linux mint ....

Hey! Greate video, I have loved watching clouflare tunnel stuff from you! I have a quick question though, whenever I set up my tunnel for Nextcloud I always get 502 on the connection, however if I change it to another service it works fine. I even tried to change the port of the nextcloud service but this issue still persists, do you have any idea what could be happening?

Hello! Thanks so much for the tutorial!
About the passwords, it sort of concerns me to have the mariadb key also printed on the dockercompose file. Is it possible to do it in a safer way? I guess if someone gets to peek my portainer/docker settings could hack into my db... or am I being too paranoid?

Nice vid. I tried this with a cloudflare tunnel on unRAID. All my other Dockers work with my tunnel but I get a 400 error when using next cloud with the tunnel set to https and a 502 when using it with http.
Has anyone ran into this issue and have a solution?

I am not too sure if anyone would have an idea how to achieve this. I want to keep local access available to the nextcloud instance to take advantages of local routing speed.

Thanks for this. Quick question. I have set next cloud up on my TruNas Scale server. Would the cloud flare tunnel access work for this.

Hi, i was following your guide and was very clear however i am not able to connect next cloud with cloudeflare tunnel , i got all the time " argo tunnel 400 bad request the plain http request was sent to https port" i also tried to reinstall next cloud .
It is very strange because is perfectly working with NiginxProxyManage. I would like to close the port open for it
Do you have any suggestion how to solve ?

I tried different solutions with nextcloud, I tried the snap version on Raspberry Pi OS, I tried it on docker always on rapsberry pi4, I tried it on nuc 11 using proxmox and in all cases Upload speed does not exceed 10-20M with cloudflare and 50M using local IP directly....I don't know what to change anymore.... I have a 2.5Gbit connection and the devices are always connected in the Cloud.... What could be done?

Seems nextcloud is a crap. I could not get the data directory changed to my ZFS pool. I tried the docker way and had the same problem; worse could not even stop the containers. Who will put all the files in /var?

i can get this to work with no issues though a browser but i cant through the phone app or desktop app. Thoughts?