VeilNet
DownloadLogin

Nextcloud with VeilNet

Learn how to deploy Nextcloud with VeilNet for secure remote file access.

Prerequisites

  • Docker and Docker Compose installed
  • VeilNet registration token
  • Access to VeilNet Guardian service
  • Sufficient disk space for files

Overview

This guide shows you how to deploy Nextcloud, a self-hosted file sync and sharing platform, with VeilNet for secure remote access. Nextcloud provides file storage, synchronization, and collaboration features similar to Dropbox or Google Drive.

With VeilNet, you can securely access your Nextcloud instance from anywhere without exposing it to the public internet.

Step 1: Create Docker Compose Configuration

Create a docker-compose.yml file with the following configuration:

services:
  veilnet-conflux:
    container_name: veilnet-conflux
    restart: unless-stopped
    env_file:
      - .env
    image: veilnet/conflux:beta
    pull_policy: always
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    network_mode: host

  db:
    image: mariadb:10.11
    container_name: nextcloud-db
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=<DB_ROOT_PASSWORD>
      - MYSQL_PASSWORD=<DB_PASSWORD>
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    volumes:
      - nextcloud-db:/var/lib/mysql
    network_mode: "container:veilnet-conflux"
    depends_on:
      - veilnet-conflux

  redis:
    image: redis:alpine
    container_name: nextcloud-redis
    restart: unless-stopped
    command: redis-server --requirepass <REDIS_PASSWORD>
    network_mode: "container:veilnet-conflux"
    depends_on:
      - veilnet-conflux

  nextcloud:
    image: nextcloud:latest
    container_name: nextcloud
    restart: unless-stopped
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_HOST=localhost
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=<DB_PASSWORD>
      - REDIS_HOST=localhost
      - REDIS_HOST_PASSWORD=<REDIS_PASSWORD>
    network_mode: "container:veilnet-conflux"
    depends_on:
      - veilnet-conflux
      - db
      - redis

volumes:
  nextcloud:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: ./nextcloud
  nextcloud-db:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: ./nextcloud-db

Step 2: Create Environment File

Create a .env file in the same directory as your docker-compose.yml with the following variables:

VEILNET_REGISTRATION_TOKEN=<YOUR_REGISTRATION_TOKEN>
VEILNET_GUARDIAN=<YOUR_GUARDIAN_URL>
VEILNET_PORTAL=true
VEILNET_CONFLUX_TAG=<YOUR_CONFLUX_TAG>
VEILNET_CONFLUX_CIDR=<VEILNET_CIDR>

Replace the placeholders:

  • <YOUR_REGISTRATION_TOKEN>: Your VeilNet registration token (obtained from the VeilNet portal)
  • <YOUR_GUARDIAN_URL>: The URL of your VeilNet Guardian service (e.g., https://guardian.veilnet.app)
  • <YOUR_CONFLUX_TAG>: A tag to identify this Conflux instance (e.g., nextcloud-server)
  • <VEILNET_CIDR>: Any IP address (e.g., 10.128.0.5/16) in CIDR format that belongs to the realm subnet (e.g., 10.128.0.0/16)

Important: Also replace the database and Redis passwords in the docker-compose.yml:

  • <DB_ROOT_PASSWORD>: Strong password for MariaDB root user
  • <DB_PASSWORD>: Strong password for Nextcloud database user
  • <REDIS_PASSWORD>: Strong password for Redis

Step 3: Create Data Directories

Create the directories for persistent data storage:

mkdir -p nextcloud nextcloud-db

These directories will store:

  • nextcloud: Nextcloud application files and user data
  • nextcloud-db: MariaDB database files

Step 4: Deploy the Stack

Start all services:

docker-compose up -d

This will:

  • Pull the Nextcloud, MariaDB, Redis, and VeilNet Conflux images
  • Start all containers
  • Create persistent volumes for data storage
  • Automatically restart containers if they stop

Step 5: Verify Deployment

Check that all containers are running:

docker-compose ps

View the VeilNet Conflux logs to verify it's connecting:

docker logs veilnet-conflux -f

You should see logs indicating successful registration and connection to the VeilNet network.

Step 6: Initial Configuration

Local Access

  1. Open http://localhost:8080 in your browser
  2. Complete the Nextcloud setup wizard:
    • Create an administrator account
    • The database connection should be pre-configured (use db as the database host)
    • Click "Finish setup"
  3. Log in with your administrator account

Remote Access via VeilNet

  1. Find your host's VeilNet IP address:
ip addr show veilnet

Or check the VeilNet portal to see your assigned IP address.

  1. Access Nextcloud from anywhere using http://<veilnet-ip>:8080 (e.g., http://10.128.0.5:8080)

Step 7: Access Your Nextcloud

Local Access

Once the service is running, you can access it locally:

  • Web UI: http://localhost:8080

Remote Access via VeilNet

With VeilNet configured, you can access your Nextcloud instance remotely from anywhere in the world using the host's VeilNet IP address, as long as your device is also connected to the same VeilNet realm.

Access the web interface using:

  • Web UI: http://<veilnet-ip>:8080 (e.g., http://10.128.0.5:8080)

Step 8: Configure Nextcloud

  1. Log in to Nextcloud (locally or via VeilNet IP)
  2. Install apps from the Apps section:
    • Calendar
    • Contacts
    • Notes
    • Tasks
    • And many more
  3. Configure external storage if needed (Settings → Administration → External storage)
  4. Set up user accounts for family members or team members

Updating Services

To update to newer versions:

docker-compose pull
docker-compose up -d

This will pull the latest images and restart the containers with updated versions.

Stopping and Removing

To stop all services:

docker-compose down

To remove containers and volumes (this will delete all data):

docker-compose down -v

Warning: Removing volumes will delete all Nextcloud files, user data, and database. Make sure to back up important data before removing volumes.

FAQ

Can I use the Nextcloud mobile app with VeilNet?

Yes! The Nextcloud mobile app can connect to your instance using the VeilNet IP address. Configure the app to use http://<veilnet-ip>:8080 as the server URL. Since Nextcloud shares the network namespace with veilnet-conflux, it can also use the VeilNet TUN device for optimal network performance.

How do I sync files from my computer?

Install the Nextcloud desktop client and configure it to connect to http://<veilnet-ip>:8080. The client will sync files automatically, and you can access them from anywhere via VeilNet.

Can I share files with people who don't have VeilNet?

Yes! Nextcloud has built-in sharing features that generate share links. However, for those links to work, you'll need to either expose Nextcloud to the public internet or set up a reverse proxy. For secure access, it's recommended to add collaborators to your VeilNet realm.

How do I increase storage capacity?

Add more storage by mounting additional volumes or configuring external storage in Nextcloud settings. The nextcloud volume will grow as users upload files.

Can I use HTTPS with VeilNet?

While VeilNet provides encryption for the connection, you can also configure Nextcloud with HTTPS by adding a reverse proxy (like Nginx or Traefik) in front of Nextcloud. This provides end-to-end encryption.

Why use NET_ADMIN capability instead of privileged mode?

The NET_ADMIN capability provides only the necessary permissions for VeilNet to create and manage network interfaces, without granting full privileged access. This is more secure while still allowing VeilNet to function properly.

Home Assistant with VeilNet

Learn how to deploy Home Assistant with VeilNet for remote home automation access.

Password manager with VeilNet

Learn how to deploy Vaultwarden (Bitwarden-compatible) with VeilNet for secure password management.