- Регистрация
- 1 Мар 2015
- Сообщения
- 11,730
- Баллы
- 155
Introduction
Nextcloud is an open-source data storage solution that you can self-host at home. This article shows how I deployed Nextcloud on my home Kubernetes cluster.
Prerequisites
I used FluxCD to manage my YAML files in Git, following the GitOps approach. However, you can also use standard Helm commands for the HelmRelease.
I set up the environment variables for Nextcloud's user credentials, SMTP mail server, and MinIO credentials:
```bash
export NEXTCLOUD_ADMIN_USER=harry
export NEXTCLOUD_ADMIN_PASSWORD=$(openssl rand -base64 32)
export SMTP_HOST=smtp.eu.mailgun.org
export SMTP_USER=nextcloud@notify.harrytang.com
export SMTP_PASSWORD=YOUR_SMTP_PASSWORD
export MINIO_ACCESS_KEY=YOUR_MINIO_ACCESS_KEY
export MINIO_SECRET_KEY=YOUR_MINIO_SECRET_KEY
```
kubectl -n nextcloud create secret generic nextcloud-secrets --dry-run=client --from-literal=nextcloud-password=$NEXTCLOUD_ADMIN_PASSWORD \
--from-literal=nextcloud-username=$NEXTCLOUD_ADMIN_USER \
--from-literal=smtp-host=$SMTP_HOST \
--from-literal=smtp-username=$SMTP_USER \
--from-literal=smtp-password=$SMTP_PASSWORD \
--from-literal=minio-access-key=$MINIO_ACCESS_KEY \
--from-literal=minio-secret-key=$MINIO_SECRET_KEY \
-o yaml | kubeseal --format=yaml > sealed-secret.yaml
Running Nextcloud on your home lab Kubernetes cluster provides a secure and private way to store your data. You can store unlimited photos and videos for yourself and your family while accessing them from anywhere.
References
Nextcloud is an open-source data storage solution that you can self-host at home. This article shows how I deployed Nextcloud on my home Kubernetes cluster.
Prerequisites
- A Kubernetes cluster.
- MariaDB (see ).
- MinIO (see ).
- FluxCD.
- Sealed Secrets.
- SMTP provider.
- Cert Manager.
- CloudFlare Tunnel.
I used FluxCD to manage my YAML files in Git, following the GitOps approach. However, you can also use standard Helm commands for the HelmRelease.
- Prepare the ENVs
I set up the environment variables for Nextcloud's user credentials, SMTP mail server, and MinIO credentials:
```bash
export NEXTCLOUD_ADMIN_USER=harry
export NEXTCLOUD_ADMIN_PASSWORD=$(openssl rand -base64 32)
export SMTP_HOST=smtp.eu.mailgun.org
export SMTP_USER=nextcloud@notify.harrytang.com
export SMTP_PASSWORD=YOUR_SMTP_PASSWORD
export MINIO_ACCESS_KEY=YOUR_MINIO_ACCESS_KEY
export MINIO_SECRET_KEY=YOUR_MINIO_SECRET_KEY
```
- Create Sealed Secrets
kubectl -n nextcloud create secret generic nextcloud-secrets --dry-run=client --from-literal=nextcloud-password=$NEXTCLOUD_ADMIN_PASSWORD \
--from-literal=nextcloud-username=$NEXTCLOUD_ADMIN_USER \
--from-literal=smtp-host=$SMTP_HOST \
--from-literal=smtp-username=$SMTP_USER \
--from-literal=smtp-password=$SMTP_PASSWORD \
--from-literal=minio-access-key=$MINIO_ACCESS_KEY \
--from-literal=minio-secret-key=$MINIO_SECRET_KEY \
-o yaml | kubeseal --format=yaml > sealed-secret.yaml
Create the Certificate
I use a wildcard certificate to access Nextcloud both from home and remotely via the domains homecloud.harrytang.com and nextcloud.harrytang.com, respectively.
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: harrytang-com
namespace: nextcloud
spec:
secretName: harrytang-com-tls
dnsNames:
- 'harrytang.com'
- '*.harrytang.com'
issuerRef:
name: letsencrypt
kind: ClusterIssuer
Deploy Ingress
I use Nginx Ingress to expose Nextcloud within my home network (by adding an A record to my domain):
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nextcloud
namespace: nextcloud
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 100G
nginx.ingress.kubernetes.io/proxy-read-timeout: '86400'
nginx.ingress.kubernetes.io/proxy-send-timeout: '86400'
nginx.ingress.kubernetes.io/proxy-connect-timeout: '86400'
spec:
tls:
- hosts:
- homecloud.harrytang.com
secretName: harrytang-com-tls
rules:
- host: homecloud.harrytang.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nextcloud
port:
number: 8080
Config CloudFlare Tunnel
Configure Cloudflare Tunnel to acess your Nextcloud remotely and securely:
...
ingress: #
- hostname: nextcloud.harrytang.com
service:
...
Deploy Nextcloud
Finally, after setting everything up, I deployed Nextcloud:
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: nextcloud
namespace: nextcloud
spec:
interval: 24h
url:
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: nextcloud
namespace: nextcloud
spec:
interval: 24h
chart:
spec:
chart: nextcloud
version: '~6.6.4'
sourceRef:
kind: HelmRepository
name: nextcloud
namespace: nextcloud
interval: 24h
values:
replicaCount: 1
livenessProbe:
initialDelaySeconds: 180
readinessProbe:
initialDelaySeconds: 180
nextcloud:
update: true
host: nextcloud.harrytang.com
trustedDomains:
- nextcloud.harrytang.com
- homecloud.harrytang.com
existingSecret:
enabled: true
secretName: nextcloud-secrets
mail:
enabled: true
fromAddress: noreply
domain: harrytang.com
objectStore:
s3:
enabled: true
bucket: nextcloud
usePathStyle: true
host: minio.nextcloud.svc.cluster.local
existingSecret: nextcloud-secrets
secretKeys:
accessKey: minio-access-key
secretKey: minio-secret-key
ssl: false
port: 80
configs:
proxy.config.php: |-
<?php
$CONFIG = array (
'trusted_proxies' => array(
0 => '127.0.0.1',
1 => '10.0.0.0/8',
),
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
);
zz.config.php: |-
<?php
$CONFIG = array (
'trusted_domains' => array(
0 => 'localhost',
1 => 'nextcloud.harrytang.com',
2 => 'homecloud.harrytang.com',
),
);
phpConfigs:
zz-custom.ini: |-
memory_limit=1024M
upload_max_filesize=100G
post_max_size=100G
max_execution_time=86400
max_input_time=86400
extraVolumes:
- name: private-ca
configMap:
name: private-ca
items:
- key: private-ca.pem
path: private-ca.crt
extraVolumeMounts:
- name: private-ca
mountPath: /usr/local/share/ca-certificates
readOnly: true
lifecycle:
postStartCommand:
- update-ca-certificates
persistence:
enabled: true
accessMode: ReadWriteMany
phpClientHttpsFix:
enabled: true
cronjob:
enabled: false
internalDatabase:
enabled: false
externalDatabase:
enabled: true
type: mysql
host: maxscale-galera.nextcloud.svc.cluster.local
database: nextcloud
existingSecret:
enabled: true
secretName: mariadb
usernameKey: mariadb-username
passwordKey: mariadb-password
Running Nextcloud on your home lab Kubernetes cluster provides a secure and private way to store your data. You can store unlimited photos and videos for yourself and your family while accessing them from anywhere.
References
- .
- .