Now that the Nextcloud MariaDB is up and running, I can deploy a new workload for the Nextcloud FPM container into the Nextcloud namespace. There are a few pre-requisites to take care of first.

Redis

Redis is an in-memory key value store. Nextcloud uses it to prevent file locking problems. It doesn't require persistent storage or any special configuration. If I wanted to customize the Redis configuration, I would do that with a Config Map mounted at /etc/redis/redis.conf.

Deploy by going to Project..Default..Workloads..Deploy:

  • Name - nextcloud-redis
  • Docker Image - redis:5.0.8 (as of this post)
  • Namespace - nextcloud
  • Port - redis, 6379, TCP, ClusterIP (Internal Only)

Nextcloud FPM

I need to create a new persistent volume which will be mounted at /var/www/html on both the Nextcloud FPM container as well as the NGINX container by going to create new volume at Global..Cluster..Persistent Volumes:

  • Name - nextcloudfpm-www
  • Volume Plugin- ¬†NFS Share
  • Capacity - 100 GiB (still don't know what this does, it doesn't seem to reserve anything, but making this larger to accomodate file sharing)
  • Path - /Container/nextcloud-www
  • Server - 192.168.x.x
  • Read Only - No
  • Access modes - Many Nodes Read-Write

I'm going to get away from my bad habit of storing both secrets and configuration values into the same secret. I need a secret nextcloudfpm-secret for actual secrets like passwords and a Config Map called nextcloudfpm-config for everything else. They will both be brought into the workload as environment variables. I need the following keys and values:

  • MYSQL_DATABASE - nextclouddb
  • MYSQL_USER - nextcloud
  • MYSQL_PASSWORD - <same password used in nextclouddb-secret>
  • MYSQL_HOST - nextclouddb.nextcloud.svc.cluster.local
  • NEXTCLOUD_ADMIN_USER - admin
  • NEXTCLOUD_ADMIN_PASSWORD - <new password for admin>
  • REDIS_HOST - nextcloud-redis-nextcloud.svc.cluster.local
  • SMTP_HOST- mail.domain.tld
  • SMTP_SECURE - ssl
  • SMTP_PORT - 465 (for SSL)
  • SMTP_NAME - nextcloud@domain.tld
  • SMTP_PASSWORD - <new password>
  • MAIL_FROM_ADDRESS - nextcloud@domain.tld
  • MAIL_DOMAIN - domain.tld

Next, deploy the Nextcloud FPM workload into the nextcloud namespace with Project..Default..Workloads..Deploy:

  • Name - nextcloud-fpm
  • Docker Image - nextcloud:18.0.3-fpm-alpine (as of this post)
  • Port Mapping - fpm,9000,tcp,ClusterIP (internal only)
  • Environment Variables - Inject from nextcloudfpm-secret and nextcloudfrpm-config
  • Volumes (add new persistent volume claim) - nextcloudfrpm-www-vol from nextcloudfpm-www using Many Nodes Read-Write which is mounted at /var/www/html

After deploying, checking the logs shows it was successful:

Configuring Redis as session handler

[11-Apr-2020 11:25:51] NOTICE: fpm is running, pid 1

[11-Apr-2020 11:25:51] NOTICE: ready to handle connections

At this point, Nextcloud still not usable. I still need to set up the nginx reverse proxy to handle the static content and configure nginx-ingress for external access and Let's Encrypt.

UPDATE: I had a problem getting OnlyOffice and the companion documentserver_community app to work. I tracked the problem down to a binary that's used for document conversion, x2t, requires glibc which isn't available in the alpine version of the nextcloud-fpm Docker image. Once I switched to nextcloud:18.0.3-fpm and changed ownership of the files on the volume (www-data uses a different uid/gid in the two images), it all worked properly.

# chown -R www-data:root /var/www
# chmod -R g=u /var/www