Hi!
I have nextcloud running with a domain pointing to my tailscale address. Sometimes I want to share something with friends though and so I want to make the sharing link accessible through pangolin.
This works flawlessly with immich. Now I wanted to add nextcloud, but am at a loss which port I should enter to the pangolin resource, since the nixos module is not providing any access through a port as far as I understand? If I enter 80 or 443 as ports, adguard shows up.
https://wiki.nixos.org/wiki/Nextcloud
Does the âChange default listening portâ section under âTips and Tricksâ help?
services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [ { addr = "127.0.0.1"; port = 8080; } ];
You can set nginx expose a custom port from necxtcloud.
Ive then used traefik as a reverse proxy to expose nextcloud to my tailnet. https://codeberg.org/BlastboomStrice/dotfiles/src/commit/de45684fb6d8df3cf423aa88667247ef789db80b/.config/nixos-config/modules/nixos/nextcloud-server-custom.nix
Yeah this also makes sense to me. However the behavior is very strange. I edited the nginx config:
services.nginx = {
enable = mkDefault true;
virtualHosts = {
"nextcloud.<domain>.com" = {
forceSSL = true;
useACMEHost = "<domain>.com";
listen = [{ addr = "127.0.0.1"; port = 8185; ssl = false; }];
};
And now nextcloud.<domain>.com points to adguard. If I remove the listen line it goes back to accessing nextcloud.
Yeah I think this seems to go beyond my knowledge for nowđ Good luck:)
The reason why nextcloud is different is that it - unlike most modern webservices - isnât a service itself. It predates modern web technologies, including widespread use of reverse proxies, and as such itâs a pile of PHP.
PHP isnât like other languages. Itâs a templating language, and is usually executed by a webserver on page load to produce the HTML you see. Nextcloud kinda only does half of what normal web services do.
The NixOS module for nextcloud uses nginxâ native php support. In other words, nextcloud itself simply doesnât run on a port; there is only nginx rendering nextcloudâs php templates directly.
This on the other hand is a quirk of nginx and the NixOS module system. If you lack a matching host block, nginx will serve the first host. This apparently happens to be adguard on your system.
Why is there no matching host block? Well, by default the nextcloud module doesnât set a listen. This leads to the nginx module using the defaults here. However, if you do set a listen block, that default is overridden, and the host no longer listens on the default port, so your normal access stops working.
This is what youâre telling nginx to listen on, after all. 127.0.0.1:8185, and you expect that socket to be accessed with the hostname you specify.
I think if you used curl -H 'Host: nextcloud.<domain>.com' http://127.0.0.1:8185 youâd get it to serve nextcloud. Maybe. Depends on how your ssl settings interfere.
From a more meta perspective, php needs to die, and I think nextcloud has passed its best days. Iâm still looking for a service to replace it, might just build my own at this rate.
Edit: Yeah, looking into this again, owncloud (now dubbed âocisâ) might have finally eclipsed the fork, despite the initial community/enterprise schism. It was rewritten from scratch in go. Also seafile is an option. Other alternatives have been sprouting like mushrooms, but they seem to be universally slopgineered one-man-wonder shows.
There is also Opencloud which is a fork of ownClouds ocis whereabouts of the ocis developers went so that might even be the better alternative.
Agreed @eblechschmidt 
From FOSDEM some 9 years ago I know that Nextcloud was started because the original author of owncloud forked; Iâm hazy on the details about why, but Iâm use it has something to do with the Gmbh behind owncloud.
Nextcloud became the de-facto community project, and has more contributors, as well as a free-er license. But it looks like owncloud ended up making better technical decisions in the long term.
As far as I understood owncloud formerly was a German GmbH and was acquired by an American company not so long ago. Especially the direction of ocis was under debate hence several devs left and are now working on Opencloud as part of a new German company owned by the Heinlein Group (known for mailbox.org). They seem to have good values so currently that would probably be the best bet if you want to get rid of the php legacy.
Thanks for the detailed info!
So the gist is: What I want to achieve is not really/easily possible with the existing nextcloud architecture and I should look for another solution to do occasional file sharing with my friends?
All this convo made me rethink my selfhosting plan and after some discussion in nixos offtopic matrix room I might use copy party or filestash instead of nextcloud:)
edit: I think Iâll stick to nextcloud lol
No, it is possible, and youâre doing it kinda right. You just need to manually add back the default listen settings as well as your additional one, and configure tailscale to send a host header.
Depending on how you use tailscale you could probably also stop using nginx as a reverse proxy. Hard to give you exact instructions without knowing more about how you set up tailscale.