User:Riviera/Setting up a nextcloud instance

From XPUB & Lens-Based wiki

Recently, I set up my own private cloud using Nextcloud. Cloud services are useful for syncing data across multiple devices. With Nextcloud I am able to sync photos, videos, files, calendars, notes and to-do lists between my android mobile device and laptop. I’m hosting it publicly at this domain.

How did I do this?

I flashed a hard drive with a Ubuntu Server 23.10 image and proceeded to install the Operating System on the device. I specifically wanted to take advantage of LXC/LXD in order to run containerised Linux machines on the server. Containerised Linux machines can be understood in contrast to Docker containers in one significant way: Docker containers do not have access to systemd, LXC/LXD does.

What is systemd?

Systemd is the Linux daemon process manager. The role of systemd is to look after a variety of tasks which the computer runs in the background. For example: bluetooth services, network interface management, vpns, the ssh server. Systemd replaced the SysV init system and ‘it is based around the notion of units’ (Poettering, 2010). There are seven different types of units: snapshot, target, automount, mount, device, socket and service.

Why is it useful to have access to systemd?

“Can I build this software and run it on my Computer?” is a question I often hasten to answer in practice, mostly out of curiosity[1]. Too often I have built (or attempted to build) software from source, like PostgreSQL, OpenProject or Koha as if my laptop were a server. I am often dissatisfied with the results of these experiments. Building software from source can be a messy process, especially when it comes to installing dependencies (software which a software itself relies on). That’s partly why I became interested in using Docker containers. Docker creates a secure environment in which to run something. Docker provides a lightweight virtual operating system which can be customised. However, Docker containers don’t have access to systemd. Projects like Podman have sought to address this by making containers systemd-compatible. However, it makes sense for Docker containers not to interact with systemd unless they can do so in a secure way.

LXC/LXD or Docker?

It makes sense to use Docker for running a standalone programme like SILE or Pandoc. One might create an alias that executes a Docker command for running the software on files. This is useful. However, I found docker images may be amiss for ARMv8.2-A processors[2]. Docker has a system in place for creating networked containers. A website set-up may have an nginx reverse proxy running in one container directing traffic to a mediawiki instance running in another container. However, it’s not easy to containerise applications such as Postfix with Docker. Yes, mailcow: dockerized is an all-in-one docker-based mail suite which uses Postfix. Perhaps it’s a viable solution. But if you want to try and set up a mail server from scratch I believe LXC/LXD is a better environment in which to do this. This is partly due to the integration of LXC/LXD with systemd in light of Postfix’s apparent reliance on systemd.

Having improved my understanding of Docker somewhat, I was thrown off a little by the familiar yet different language of lxc’s Command Line Interface. With LXC one can run a sort of sandboxed computer, it is assigned it’s own IP address, has it’s own systemd and networking capabilities. This is perhaps more flexible than Docker as a way of putting a Linux machine inside a Linux machine. However, this flexibility also entails a level of responsibility. The default login is root which means you can do everything. This level of freedom involves making mistakes so it’s advantageous to take snapshots of working setups. This is something I need to do whilst everything is working.

My LXC/LXD setup

Currently, on my server, I have a reverse proxy service (Nginx) running inside a virtual, containerised Linux machine. I have another virtual, containerised machine running an Apache server and a Nextcloud instance. Traffic can be reversed proxied to nextcloud.lxd. This entails some complexities, for example, it’s necessary to whitelist reverse proxies in the Nextcloud configuration. I’m hosting my Nextcloud instance on a subdomain of my personal website. It’s setup to work with HTTPS and I signed the SSL certificates using LetsEncrypt’s certbot. From this point, I hope I can set up another machine running a mail server and hook it into the network of virtual machines somehow.

Footnotes

  1. Along with the question “How can I do this in Emacs?”
  2. More software, it seems, can be found for X64 processors and processor differences need to be taken into account when creating software.

Bibliography

Poettering, L. (2010) ‘Rethinking PID 1’, http://0pointer.de/blog/projects/systemd.html [Online]. (Accessed 23 April 2024).