A key driver for me blogging these tech guides is to allow me to recall things down the lane that I may need to do again. I’m using the blog as the platform to do that instead of say a bookmarks manager, in case it’s of interest to anyone else. This one’s a short and sweet set of steps required to install Docker Compose. Well documented and very standard stuff, but for some reason I’ve come across needlessly convoluted instructions a few time in the past, especially for Compose.

I’ve been keen to give Nextcloud a spin after hearing the products name come up quite often in discussions concerning open source solutions that people find to be absolute game changers. For those unaware, Nextcloud is a platform not unlike Google Workspace or O365, and allows admin to make various productivity tools available such as email or calendar clients, file management, and document editing. Being self hosted, it’s a way to break away from the big players in the space and deploy a solution where you solely own the data. I haven’t used Nextcloud enough to say whether it is actually worth your time or something I can replace those other commercial suites with, but did feel compelled to document the steps required to set the product up.

In this guide I’ll be deploying Nextcloud using the All-In-One (AIO) install method, which is a newer docker based approach that is presented nowadays as the recommended means to install Nextcloud. Direct install to the OS is still available. Nextcloud is being setup to be externally accessible and not just limited to a local network.

Along with the installation of Nextcloud, I’ll be looking at the steps taken to secure aspects of the administrative interface. The AIO installer will install Nextcloud itself as well as an Admin UI for managing containers etc that I believe to be unique to this deployment method. It’s this secondary interface that many recommend not be published to the internet (it allows changing of some low level stuff), however it was a bit of a struggle to find information on how to achieve this in a manner where the frontend could be accessed from anywhere and the backend on demand without relaxing firewalls constantly. I ultimately added a Wireguard VPN to the setup and then restricted the admin UI to access via the VPN. I’ll go over that here.

Chances are you’ll know your VPS IPv4 address if your plan has one as your provider will email it to you on signup and it’ll feature prominently in your accounts control panel. Identifying your servers IPv6 address can be a bit more involved, but necessary if you’d like to configure an AAAA record for your domain’s DNS to allow connectivity by IPv6.

The quick answer is to run the following command and then select the output on ETH0 (or ETHn), with a ‘global’ scope that is valid (valid_lft) ‘forever’.

ip -6 a

The above command, while filtering out those without the correct scope or validity period, will get you the IPv6 address for public access.

If you’re hosting a web page that you intend for anyone else to access, you really should make sure you have an SSL certificate. Nowadays any major web browser is going present a warning to users if they browse to a page without https, and users in many cases will click away or may not know how to proceed. Fortunately, adding a certificate with Lets Encrypt is both free and painless.

After setting up MinIO on a public facing web server, one of the first things you will want to do is to secure the web frontend. Out of the box MinIO does not support multi factor authentication. Instead, the product allows you to use a third party authentication service. In this guide we’ll explore the process to do this with Google Cloud Apps and OpenID Connect. It’s relatively painless and I believe should all be doable under Google Clouds free tier.