Proxmox: Nextcloud into an unprivileged LCX container with a mounted SMB as Data folder

/ December 30, 2023/ Smart Home

Disclaimer: I am a noob doing complex stuff in Proxmox here.Do this at your own risk. I give no warranty. DO A BACKUP FIRST! 😬

Step 1: Create the Nextcloud LXC container

This is the easy part, Proxmox already has a Nextcloud LXC template container. Just to be 100% sure we have it, we will update the templates list going to the host shell and running:

pveam update

Now we can go to the Proxmox storage where our templates are saved (usually local-pve), there select CT Templates -> Templates, search and download the Nextcloud template.

With the template downloaded, we can proceed to create the new container, remember to write the root password in a secure place!

The rest of the options had to be adjusted to your requirements, check the server requirements for Nextcloud on the official website. If you give a manual IP write it down.

Now start the container and open the shell, put root as the user and the password you set for the container.

After the installation of the updates, put the IP of your container (or the hostname if using one) in the domain field in the Nextcloud installation setup. You can always add other hostnames, even external ones, later. Also the required passwords. After reboot, your Nextcloud instance should be running on the given IP/hostname.

Step 2: Mount the SMB/CIFS storage

We can not use the Proxmox UI for this because we do not get any option as to what to choose for the uid and gid. They are always mapped to the proxmox’s root user, and we need to map it to the Nexcloud container’s www-data user.

On the Node Proxmox shell, create a file for the credentials. I will use .nextcloud_smb_credentials

touch ~/.nextcloud_smb_credentials

With the editor of your preference (vi or maybe nano), write your smb storage credentials:

username=nextcloud_user
password=super_secret_password_123

As extra security, set it the read/write access for just the root user:

chmod 700 ~/.nextcloud_smb_credentials

We also need to create the folder that will serve as a mount point, in my case, the mount folder will be inside nas-one and named nextcloud.

mkdir /mnt/nas-one
mkdir /mnt/nas-one/nextcloud

Now we are ready to update our fstab file with the needed information to mount our SMB storage assigning the uid and gid to the www-data user. In my installation, www-data had the uid 33, which mapped to the host container would translate to 100033 (Guest UID/GID + 100000) . Also it is important to set the permissions to 770, otherwise it will not work.

nano /etc/fstab

//x.x.x.x/path-to-my-smb-folder /mnt/nas-one/nextcloud cifs credentials=/root/.nextcloud_smb_credentials,uid=100033,gid=100033,dir_mode=0770,file_mode=0770 0 0

Here a description of this command:

• //x.x.x.x/path-to-my-smb-folder: This is the network location (SMB/CIFS share) you want to mount. Replace x.x.x.x with the actual IP address, and path-to-my-smb-folder with the specific path to the shared folder.
• /mnt/nas-one/nextcloud: This is the local mount point where the remote SMB/CIFS share will be mounted. Adjust the path according to your system’s directory structure.
• cifs: This specifies the filesystem type, indicating that it’s a Common Internet File System (CIFS) share, which is a network file-sharing protocol.
• credentials=/root/.nextcloud_smb_credentials: This option specifies the location of a file containing the credentials (username and password) required to access the SMB/CIFS share. In this case, the credentials file is located at /root/.nextcloud_smb_credentials. Make sure this file has appropriate security permissions to protect sensitive information.
• uid=100033,gid=100033: These options set the user and group ownership of the mounted files and directories. In this example, both the user (uid) and group (gid) are set to the numeric identifier 100033. Adjust these values based on your system’s user and group IDs.
• dir_mode=0770,file_mode=0770: These options set the permissions for directories (dir_mode) and files (file_mode) on the mounted share. The octal values 0770 indicate that the owner and group have read, write, and execute permissions, while others have no permissions.
• 0 0: These are the options for dump and pass. In most cases, these are set to 0, indicating that the filesystem should not be backed up and should not be checked during system boot.

Finally, we bind it to our Nextcloud LXC container editing the container config

nano /etc/pve/lxc/<container_id>.conf

adding:

mp0: /mnt/nas-one/nextcloud,mp=/mnt/nas-one/nextcloud

Do not forget to activate the new mount using:

systemctl daemon-reload && mount -a

Step 3: Move the data folder to your NAS.

On the LXC Container shell run the following commands:

# go to maintenance mode
runuser -u www-data -- php /var/www/nextcloud/occ maintenance:mode --on

# copy the existing data to it’s new location

runuser -u www-data --  cp -r /var/www/nextcloud/data/. /mnt/nas-one/nextcloud/data

# create an .ocdata file
runuser -u www-data -- touch /mnt/nas-one/nextcloud/data/.ocdata

# set your new data location.

runuser -u www-data --  php /var/www/nextcloud/occ config:system:set datadirectory --value=/mnt/nas-one/nextcloud/data

# disable maintenance

runuser -u www-data --  php /var/www/nextcloud/occ maintenance:mode --off

Check your Nextcloud instance. It should work as expected.

Optional: You can now delete /var/www/nextcloud/data if you are 100% sure all the data was transferred correctly.

Step 4:

Profit.