Service Name | Description |
---|---|
Bunkerized Nginx | Provides a proxy service, as well as sane security rules and auto-certificates |
MariaDB | Primary DB leveraged by nextcloud for users, and administrative data |
Nextcloud | Web service for rolling your own cloud, can provide access to local storage over the internet |
The above services are deployed as podman containers, all of which exist within a single pod to allow for container-to-container communication. Only the nextcloud container itself is presented towards LAN. A systemd service is generated for managing the pod as well as individual containers.
- Rocky Linux 8.X
- Rocky Linux 9.X
- Clone git repo
- Install podman
- Install podman ansible collection (ansible-galaxy collection install containers.podman)
- Fill out all.yml and hosts file
Prior to running the playbook the following fields in all.yml are required:
Name | Description |
---|---|
GENERATE_SELF_SIGNED | If using a self signed certificate, not issued by a valid CA set this as yes, otherwise mark as no |
AUTO_LETS_ENCRYPT | If using nextcloud with a dedicated domain name set to yes, otherwise mark as no |
server_name | Provide either your public IP, or domain name depending on what will be utilized for nextcloud |
Port forwarding is necessary for this process, the following rule setup is needed:
Source Port | Destination IP | Destination Port |
---|---|---|
443 | [server_ip] | 8443 |
80 | [server_ip] | 8080 |
Port 80 can be closed after initial deployment, it is only needed to negotiate the certificate request.