Blog on WordPress, Open LiteSpeed, CyberPanel, Linux, FreePBX

Your Private Cloud: Reclaiming Control of Your Data with Nextcloud and TrueNAS

Nextcloud TrueNAS

Autor:

Andrzej Majewski

w

, ,

In an era where our digital lives are scattered across the servers of tech giants, a growing number of people are seeking digital sovereignty. They want to decide where their most valuable data is stored, from family photos to confidential documents. The answer to this need is Nextcloud, a powerful open-source platform that allows you to create your own fully functional equivalent of Google Drive or Dropbox. When combined with a robust data storage system like TrueNAS, it becomes the foundation of a truly private cloud. Let’s walk through the process, from the initial decision to synchronising the final file.

The Foundation: A Solid Installation

Choosing a platform to host Nextcloud is crucial. TrueNAS SCALE, based on Linux, offers a solid environment for running applications in isolated containers, ensuring both security and stability. The installation process, though automated, presents the administrator with several important questions that will define the capabilities of the future cloud.

The first step is to enhance the basic installation with additional packages. These are not random add-ons, but tools that will breathe life into your stored files:

  • ffmpeg: A digital translator for video and audio files. Without it, your library of holiday films would be just a collection of silent icons. With it, Nextcloud generates thumbnails and previews, allowing you to quickly see the content.
  • libreoffice: Enables the generation of previews for office documents. Essential for glancing at the contents of a .docx or .xlsx file without having to download it.
  • ocrmypdf & Tesseract: A duo that transforms static scans into intelligent, searchable documents. After adding a language pack—in our case, the crucial Polish one—the system automatically recognises text in PDF files, turning Nextcloud into a powerful document archive.
  • smbclient: A bridge to the Windows world. It allows you to connect existing network shares to Nextcloud, integrating the cloud with the rest of your home infrastructure.

Each of these choices is an investment in future functionality. It is equally important to ensure the system runs like a well-oiled machine. This is where the background job mechanism, known as Cron, comes into play. Setting it to run cyclically every 5 minutes (*/5 * * * *) is an industry standard, guaranteeing that notifications arrive on time and temporary files are regularly cleared.

Configuration: The Digital Fortress and Its Address

After installing the basic components, it’s time to configure the network and data storage. This is where we decide how our cloud will be visible to the world and where our data will physically reside.

For most home applications, the default network settings are sufficient. However, the key element is security. Accessing the cloud via the unsecured http:// protocol is like leaving the door to a vault wide open. The solution is to enable HTTPS encryption by assigning an SSL certificate. TrueNAS offers simple tools for generating both self-signed certificates (ideal for testing on a local network) and fully trusted certificates from Let’s Encrypt, if you own a domain.

SSL Configuration for Nextcloud on TrueNAS using Cloudflare and Nginx Proxy Manager

Securing your Nextcloud instance with an SSL certificate is absolutely crucial. Not only does it protect your data in transit, but it also builds trust and enables the use of many client applications that require an encrypted HTTPS connection. In this guide, we will show you how to easily configure a completely free and automatically renewing SSL certificate for your domain using the powerful combination of Cloudflare and Nginx Proxy Manager.

Initial Assumptions

Before we begin, let’s ensure you have the following ready:

  • A working instance of Nextcloud on TrueNAS, accessible via a local IP address and port (e.g., 192.168.1.50:30027).
  • The Nginx Proxy Manager application installed and running on TrueNAS.
  • Your own registered domain (e.g., mydomain.com).
  • A free account on Cloudflare, with your domain connected to it.

Step 1: DNS Configuration in Cloudflare

The first step is to point the subdomain you want to use for Nextcloud (e.g., https://www.google.com/search?q=cloud.mydomain.com) to your home network’s public IP address.

  1. Log in to your Cloudflare dashboard and select your domain.
  2. Navigate to the DNS -> Records tab.
  3. Click Add record and create a new A record:
  • Type: A
  • Name: Enter the subdomain name, e.g., cloud.
  • IPv4 address: Enter your network’s public IP address.
  • Proxy status: Turn off the orange cloud (set to DNS only). This is crucial while generating the certificate so that Nginx Proxy Manager can verify the domain without issue. After a successful configuration, we can re-enable the Cloudflare proxy.
image 128

Step 2: Creating a Proxy Host in Nginx Proxy Manager

Now that the domain points to our server, it’s time to configure Nginx Proxy Manager to manage the traffic and the SSL certificate.

  1. Log in to the Nginx Proxy Manager web interface.
  2. Go to Hosts -> Proxy Hosts and click Add Proxy Host.
  3. Fill in the details in the Details tab:
  • Domain Names: Enter the full name of your subdomain, e.g., cloud.mydomain.com.
  • Scheme: http
  • Forward Hostname/IP: Enter the local IP address of your Nextcloud application, e.g., 192.168.1.50.
  • Forward Port: Enter the port your Nextcloud is listening on, e.g., 30027.
  • Tick the Block Common Exploits option to increase security.
  1. Navigate to the SSL tab:
  • From the SSL Certificate dropdown list, select “Request a new SSL Certificate”.
  • Enable the Force SSL option. This will automatically redirect all traffic from HTTP to secure HTTPS.
  • Enable HTTP/2 Support for better performance.
  • Accept the Let’s Encrypt Terms of Service by ticking “I Agree to the Let’s Encrypt Terms of Service”.
  1. Click the Save button.

At this point, Nginx Proxy Manager will connect to the Let’s Encrypt servers, automatically perform the verification of your domain, and if everything proceeds successfully, it will download and install the SSL certificate.

Step 3: Verification and Final Steps

After a few moments, you should be able to access your domain https://cloud.mydomain.com in your browser. If everything has been configured correctly, you will see the Nextcloud login page with a green padlock in the address bar, indicating that your connection is fully encrypted.

The final step is to return to your Cloudflare dashboard (Step 1) and enable the orange cloud (Proxied) for your DNS record. This will give you an additional layer of protection and performance offered by the Cloudflare CDN.

Congratulations! Your Nextcloud instance is now secure and accessible from anywhere in the world under your own professional-looking domain.

The next pillar is data storage. The default option, ixVolume, allows the TrueNAS system to automatically manage dedicated spaces for application files, user data, and the database. This approach ensures order and security. The temptation to mount an entire data pool as an “additional storage” is great, but it is a path to nowhere—it leads to organisational chaos and potential security vulnerabilities. A much better practice is to only mount specific, existing datasets, such as media or music.

Even with the best configuration, an obstacle may appear. The most common one is the “Access through untrusted domain” message. This is not an error, but a testament to Nextcloud’s commitment to security. The system demands that we explicitly declare which addresses (IPs or domains) we will use to connect to it. The solution requires some detective work: finding the config.php file and adding the trusted addresses to it. In newer versions of TrueNAS, this file is often hidden in a non-standard location, such as /mnt/.ix-apps/, which requires patience and familiarity with the system console.

image 129
image 130

The Gateway to the Cloud: Synchronisation at Your Fingertips

Once the server is ready, it’s time to open the doors to it from our devices. Nextcloud offers clients for all popular platforms: from desktop computers to smartphones. In the world of Linux, we face a choice: download the universal AppImage file directly from the creators or use the modern Flatpak package system.

image 131

Although AppImage offers simplicity and portability, Flatpak wins in daily use. It provides full system integration, automatic updates, and, most importantly, runs in an isolated environment (sandbox), which significantly increases the level of security.

The client authorisation process is a model of the modern approach. Instead of entering a password directly into the application, we are redirected to a browser, where we log in on our own trusted site. After a successful login, the server sends a special token back to the application, which authorises the connection. It’s simple, fast, and secure.

The final step is to decide what to synchronise. We can choose to fully synchronise all data or, if disk space is limited, select only the most important folders. After clicking “Connect,” the magic happens—files from the server begin to flow to our local drive, and an icon in the system tray informs us of the progress.

Configuring the Nextcloud Desktop Client

After installing the Nextcloud client application on your computer, the next step is to connect it to your account on the server. This process is simple and secure, as it uses your web browser for authorisation, meaning your password is not entered directly into the application.

Step 1: Initiating the Connection and Authorising in the Browser

  1. When you launch the client for the first time, you will be prompted to enter the address of your Nextcloud server (e.g., https://cloud.mydomain.com).
  2. After entering it, the application will automatically open a new tab in your default web browser.
  3. You will see a screen asking you to connect to your account. This is a security mechanism that informs you that an application (in this case, Desktop Client – Linux) is trying to access your account.
  4. Click the blue “Log in” button to continue.
  5. You will then be redirected to the standard Nextcloud login window. Enter your username (or email) and password, just as you do when logging in through the website.
  6. After a successful login, Nextcloud will confirm that the authorisation was successful and the client has been successfully connected to your account.
  7. You can now close this browser window and return to the client application.

Step 2: Local Synchronisation Settings

The desktop application will now display the final configuration screen, where you can define how files should be synchronised. Pay attention to the following options:

  • Remote Account: Ensure the account name and server address are correct.
  • Local Folder: By default, the client will create a Nextcloud folder in your home directory. You can choose a different location by clicking “Choose different folder”.
  • Sync Options:
  • Synchronize everything from server: The default and recommended option, which will download all files and folders from the server.
  • Choose what to sync: Allows for selective synchronisation. You can choose only the folders you want to have on your computer.

After making your selection, click the “Connect” button.

Step 3: Completion and Working with the Client

That’s it! Your client is now configured. The initial synchronisation process will begin, and its progress will be visible in the main application window and via the icon in the system tray.

In the main application window, you can now view recent activity, server notifications, and manually force a synchronisation by clicking “Sync now”. From now on, any file you add or modify in the local Nextcloud folder will be automatically synchronised with the server and other connected devices.

More Than Just Files: An Ecosystem of Applications

The true power of Nextcloud lies not just in file synchronisation. It lies in its ecosystem, which allows you to transform a simple data storage into a comprehensive platform for work and communication. The built-in app store offers hundreds of free extensions. Here are a few worth installing right from the start:

image 132
  • Nextcloud Office: Thanks to integration with Collabora Online or ONLYOFFICE, Nextcloud gains the ability to edit text documents, spreadsheets, and presentations in real-time, becoming a viable alternative to Google Docs or Microsoft 365.
  • Deck: A simple but powerful project management tool in the style of Kanban boards. Ideal for organising personal tasks and teamwork.
  • Calendar & Contacts: A fully-fledged calendar and address book with the ability to synchronise via standard CalDAV and CardDAV protocols.
  • Photos: Much more than a simple photo viewer. The application can automatically categorise images based on recognised objects, create albums, and display photos on a map.
  • Notes: A minimalist application for creating and synchronising notes in Markdown format.
image 133

Installing and configuring your own Nextcloud is a journey that requires attention and making a few key decisions. However, the reward is priceless: full control over your own data, independence from external providers, and a platform that you can shape and expand as you wish. This is not just technology—it is a manifesto of digital freedom.

KATEGORIE

Inne wpisy

Komentarze

Leave a Reply

Your email address will not be published. Required fields are marked *

Więcej wpisów