Wireguard and NextCloud
Synchronizing, saving, and sharing data, emails, and contacts under our control based on open-source software? Securely accessing our home network from everywhere in the world based on the most modern Virtual private Network technology? With just a Raspberry Pi? Yes, we want it! Today we will install NextCloud and Wireguard on our Raspberry Pi and make it work together.
You will save a lot of time using the tricks presented in the next few minutes. And we will use IOTstack.
First we have to install Raspberry OS on an SSD and udate it as usual.
Next we install IOTstack with this command:
git clone https://github.com/SensorsIot/IOTstack.git IOTstack
cd IOTstackNow we install Docker using the menu of IOTstack
./menu.sh
Next create compose-override.yml and copy-paste the content from Google drive: https://drive.google.com/file/d/1ja5Gzzwhkfz2IMq4nHFjsefGJe4nGBTj/view?usp=sharing
nano compose-override.ymlThis file will be merged every time you start menu.sh. So make sure to restart menu.sh every time you change this compose-override.yml.
Customize Wireguard
•Add a domain in duckDNS
Go to https://www.duckdns.org/ and create a domain.
Next we have to add the token and the domain in file duck.sh
nano ~/IOTstack/duck/duck.sh
Next we have to schedule a task to call DuckDNS
crontab -eAdd this line at the bottom of the file:
*/5 * * * * sudo ~/IOTstack/duck/duck.sh >/dev/null 2>&1
Now you have to foreward port 51820 for UDP:
Now you can test the script to make sure it workssudo ~/IOTstack/duck/duck.sh then cat /var/log/duck.log. If you get KO then something has gone wrong and you should check out your settings in the script.
Add url to compose-override.yml
nano compose-override.yml
Decide how many “tunnels” you need and adjust the “PEERS” parameter.
If you build now a stack using menu.sh with at least Wireguard ticked your Wireguard server should run.
Add Wireguard client on Smartphone or PC
Now you can install the Smartphone app on Android or IOS and to create a tunnel for each device.
Display the respective .png file in directory :~/IOTstack/services/wireguard/config/peerXXX and add a tunnel with your Smartphone camera.
If you switch your tunnel on, you should be connected to your home network.
Install NextCloud
We have to change the passwords in compose-override.yaml. You can leave them for a test. They have to match as in the example below.
nano compose-override.yml
Now we can build the final docker-compose.yml file using
./menu.sh tick at least Portainer-CE (the new community edition of Portainer), MariaDB, Nextcloud, and Wireguard. Of course you can select additional containers if needed.
If we start docker again, also nextCloud should run on the server and we can configure it using the browser. NexCloud answers on port 9321:
Becasue we use the recommended MariaDB we have to enter the names and credentials:
The password comes from MYSQL_PASSWORD in compose-override.yml
Add a data disk to NextCloud
You have to add this line to override-compose.yml
and mount a disk. I use gparted on the Raspberry desktop to format a disk using ext4.
Next mount the disk by creating a directory:
mkdir /Disk1Now you have to find out the PARTUUID of your new disk:
sudo blkid
And add a line into fstab
sudo nano /etc/fstab
PARTUUID=dab6f534-01 dev/Disk1 ext4 defaults,auto,users,rw,nofail 0 0
Now the disk should be mounted after the next reboot. Just add the owner and the permissions:
sudo chown -R www-data:www-data /Disk1
sudo chmod -R 0750 /Disk1And you should be ready to go
Start your Stack
Now you can re-run the ./menu.sh and start docker.
./menu.sh
docker-compose -f docker-compose.yml up -dIf you go to port 9002 of your Raspberry you should see Portainer.
24. November 2020 @ 16:05
I was getting 502 errors from DuckDNS when cron was running every 5 minutes, but the script work fine when I just ran it ad hoc. I think what is happening is a whole bunch of time sync’ed PC in the world are waking up at the same time and overwhelming duckdns with update requests. I put a sleep 22 (any random time would work) in the script before the curl to make sure I wasn’t running exactly at 0 seconds past the minute, and now I’m getting OKs back. I’ve changed my crontab so it runs at 2,7,12,17,22,27,32,37,42,47,52,57 past the hour just to get the requests off the “popular” update times. BTW, I’ve been working on Linux for about 25 years, and this is the first time I’ve seen the */5 construct in crontab; you learn something new every day.
24. November 2020 @ 23:52
Good idea. 5 minutes anyway is quite often, I think. Fortunately, I did not experience these issues. I am also not the “inventor” of the */5, I am a Linux noob 🙁
4. December 2020 @ 0:55
Hi Andreas!
First thank you very much for the excellent tutorial. I am only a little fluent in Linux and Docker and you made it possible to get this project going for me. I had a couple of issues I thought I’d share in case anyone else runs into them:
1. The Raspberry Pi OS Lite does not seem to include the kernel headers needed for wireguard to operate in the docker container. The docker log files complained
“**** Kernel headers don’t seem to be available, can’t compile the module. Sleeping now. . . ****
The container started but things like the QR Codes did not generate, After consulting my friend Google I installed/re-installed the stable kernel headers in the parent OS by doing the following and restarting the container and voilà:
sudo apt install –reinstall libraspberrypi0 libraspberrypi-{bin,dev,doc} raspberrypi-bootloader raspberrypi-kernel
2. The compose-override.yml and docker-compose.yml do not like special characters like “$” in the passwords. If you want to use them you might have to escape them with an additional $. Or don’t use them in your passwords and relax.
Thanks again!
14. December 2020 @ 17:03
You create a directory /Disk1 but mount the new disk to /dev/Disk1 (in fstab).
Is this really correct?
In the compose-override.yml the extra line for Disk1 means
name of disk to use in nextclound : physical place of directory?
Thank you.
22. December 2020 @ 9:29
Maybe you go to the discord channel for support?
20. January 2022 @ 7:52
I ran in to this question/issue as well. After initially following the video, my RPi quickly ran out of space because the Nextcloud media is being saved locally on the /Disk1 directory instead of a mounting point.
I found this video (https://www.youtube.com/watch?v=A7xH74o6kY0) explained fstab very well.
In the end, after adding the PARTUUID of my harddrive I entered /Disk1 (instead of /dev/Disk1). This seemed to work for me.
Good luck!
20. December 2020 @ 19:17
Hi There,
Many Thanks. Most of this worked like a charm for me. But there seems to be a mistake in the compose-override.yml, no? Nexcloud_db does not need „volumes:“, does ist?
I have a question: „Are all commands performed on the PI, or are some to be issued in a container?“ I don‘t get the external data folder working :/
In nextcloud UI, it simply says there is no external drive available or I do not have the permissions …
Any idea?
Best regards
Oliver
22. December 2020 @ 9:28
Maybe you go to the discord channel for support?
4. January 2021 @ 20:20
Thanks for the tutorial!
It took me a while to realize why whenever I ran ‘docker-compose down’ to stop the full stack and then put it up with ‘docker-compose up -d’, Nextcloud service was not showing the login page but an ‘Internal error’.
I had to add an additional volume to ‘docker-compose.yml’ to map /config folder for nextcloud_db container section:
volumes:
– ./volumes/nextcloud/db:/var/lib/mysql
– ./volumes/nextcloud/data:/config
Otherwise docker was creating each time volumes in /var/lib/docker folder loosing my original nextcloud configuration.
9. March 2021 @ 21:09
Hi Andreas,
Thank you for the Guide.
I am afraid that doesn’t not work for me:
I keep on getting this error:
Fehler
Error while trying to create admin user: Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [1045] Access denied for user ‘nextcloud’@’nextcloud.IOTstack_NextCloud’ (using password: YES)
Can’t figure out why – I did everything like you. The passowords match as a left them like in your compose-override.yml
I only want the NextCloud part – VPN is already set for me.
10. March 2021 @ 9:03
Please go to the discord channel of the project to get help. There are the specialists.
12. March 2021 @ 20:48
Hi Andreas,
I figured it out.
The password actually has to match at a third place in docker-comopse.yml
1) nextcloud
-> environment
-> MYSQL_PASSWORD=type-your-password
2) nextcloud_db
-> environment
-> MYSQL_PASSWORD=type-your-password
3) mariadb
-> environment
-> MYSQL_PASSWORD=type-your-password
Another issue seems to be the old MySQL versions:
“Es wird die MariaDB-Version “10.1.47-MariaDB-0ubuntu0.18.04.1″ verwendet. Nextcloud 21 wird diese Version nicht mehr unterstützen und benötigt MariaDB 10.2 oder höher.”
I will bring this up on discord
Thanks again!!
18. March 2021 @ 13:14
Thank you for sharing your learnings!
8. April 2021 @ 12:19
Grüezi Andreas,
thanks a lot for your awesome videos! It would be super cool to really have a most easy way to setup and run an intelligent Alexa alternative with Rhasspy, Home assistant, MQTT and the other components you already described in your other videos. If you could tinker that in one of your next videos, I’m super sure, that a lot of us would be really greatful for that.
All the best for you and keem ’em coming 😉
Robert
4. June 2021 @ 14:10
Mr. Spiess,
I never had any idea what a Swiss accent sound like (being a citizen of the land of the free :)), so thank you for the enlightenment.
I have a question that has nothing to do with electronics or your post here if I may.
Being the proud Swiss citizen you are, and since your country is not as gigantic as the US or China for example, do you have any idea if there are any descendants of either the Bernoulli’s or Leonard Euler who are known to the public these days? (the latter is almost a god for me).
I can not imagine how proud you must be for forefathers like those.
How big is Euler in public and in education in your country?
BTW, thank you for the years of very useful, down-to-earth, and very non-commercial videos that you have produced, I hope that the crumbs that google pays and our donations help making enough incentive for all the effort.
22. June 2021 @ 8:48
Thank you for your kind words. I think both are not known to the general public outside higher education. These days, history is less important, and living people which create a lot of noise are much more important.
BTW: I also like your country (I assume it is the USA) and hope to return to it soon for a trip.
6. August 2021 @ 8:57
So, have you ever met someone with the last name Euler or Bernoulli in your life? It just sounds logical or more probable for you. For example, if I meet a single woman with such a last name, I’ll probably leave my wife for her. I don’t have a wife, but it’s a joke.
The whole continent west of the pond will be privileged and honored for visits from smart and nice people from the land of Euler. We are struggling these days (like many other places in the world, with the exception that we have guns and our start was some kind of miracle 250 years ago) with tyranny and communism and stolen elections…etc.. The events here are identical to what happened in Germany in the 1930’s after they made up the burning of the parliament incident and in less than a decade ended up massacring tens of millions of beautiful people (one of my favorite was Wilhelm Cauer, the young German engineer who added a lot to the theory of circuit synthesis and ended up in a mass grave made by the Soviet Red Army, google him). It is frustrating!
24. October 2021 @ 14:02
Roger that. Your country had an amazing history/people (i.e. after it’s apes decided to convert to people trillions of years ago, after the big bang, you know) until it was destroyed (physically and mentally) by the elites (corrupt and/or brain washed politicians, who are still living, and make a lot of noise) in the last few decades. I’m pretty confident that there are descendants from Euler and the Bernoulli’s but they have probably changed their names to abdul-euler or bin-bernoulli, lol, to get a fancy dish-washing job to avoid becoming homeless bums or apply for refugee status (i.e. bribing some evil entity that was formed by those same elites) to china/cuba/n. korea/venezuela/iran/…etc, or may be it’s just the curse of the famous that makes their descendants decide to hide for personal safety (hiding place could be the dark side of the moon or the belarusian/polish border where afghans and iraqis somehow showed up at!!!).
I (and many people I know) still very much enjoy and learn from your internet presence. Thank you, sir.
3. April 2022 @ 1:02
I love finding you and the other people collaborating. I will begin studying the fundamentals first. I have lots of time hours in learning all the operating systems available but nothing no zero, time in coding or innovation. I am naturally good at science, math, music, creating home or family products needed or wanted. Is learning this a more than two year internship? I have searched for ways to cut out the internet middlecrooks with only slight hope in 6G opening the opportunity. Anybody have experience with WeLink fiber/radio/mesh internet services that detail any incompatibility to LIFX, HUE, NEST…SMART LIGHTS PLUS DEVICES? Thank you so much. Sincerely Teresa
10. May 2022 @ 11:14
Hello,
I’ve had issue with the nextcloud login, so I’m going back Step-by-Step and I’ve noticed a slight error in this websites instructions. When you tell people to display the wireguard png you tell them to go to `~/IOTstack/services/wireguard` but your compose file tells wirguard to install to `.volume`.
Therefore I could not find the png until I `cd` to `~/IOTstack/volumes/wireguard`.
11. May 2022 @ 11:41
And onto Nextcloud. Here be dragons. I don’t know if this is the right place to say this but I’m happy to write this elsewhere, perhaps I’ll look at putting this on the IOTstack github page too.
Anyway, I couldn’t log into nextcloud as I was getting `SQLSTATE[HY000] [1045] Access denied for user ‘nextcloud’@‘nextcloud_db’ (using password: YES)`.
I `docker exec -it` into the mariadb container to reset the password using the suggestion by many online with
“`
/usr/local/mysql/bin/mysqladmin -u root password ‘new-password’ /usr/local/mysql/bin/mysqladmin -u root -h password ‘new-password’
Alternatively you can run: /usr/local/mysql/bin/mysql_secure_installation
“`
Alas it turns out this container does not place mysql at /usr/local but instead in /etc. Even this did not work.
I didn’t want to delete the container and start afresh as it was a part of a script that had “hooks” in place. Not that I couldn’t recreate them, but I thought if I did that then I be back at square one.
Well having a deep dive into the docker-compose file, after the compose-override.yml merger I noticed that the instructions here don’t tell you enough information – because in the screenshot the nextcloud part of compose isn’t as fully fleshed out as it is in the real compose file.
The real compose file will have environment variables in it which has a default `MYSQL_PASSWORD` of `IOtSt4ckmySqlDbPw` which is not changed when doing the merge. After changing this and using IOTstack’s github docs for MariaDB to;
“`
Stop the container and remove the persistent storage area:
cd ~/IOTstack
docker-compose rm –force –stop -v mariadb
sudo rm -rf ./volumes/mariadb
Edit docker-compose.yml and change the variables.
Bring up the container:
docker-compose up -d mariadb
“`
but also doing the same for the nextcloud container (I DID NOT do it to the nextcloud_db container as well), amending nextcloud’s `MYSQL_PASSWORD` environment variable to have the same password as the others….
I HAVE A WORKING NEXTCLOUD INSTALLATION!!!!
Now I know what the Ashai Linux devs (and prob all devs) feel like when they spend hours looking for a solution and it’s a really simple one line fix!!