I would like some ideas or suggestions as I am not sure how to continue with self hosting.
I want to self host images and caldav, maybe documents later as well. These would need to be continuously available to PC clients and Android. There would be a handful of users maximum.
The obvious (?) solution would be Nextcloud, which would do everything I need.
My problem is that I have only one public IP address and the HTTP and HTTPS ports are already in use by Apache.
The second problem is that I already use wireguard to another location, and Android cannot connect simultaneously to several wireguard endpoints. At least as far as I know.
Below, I list the approaches I have considered and the problems / drawbacks I see.
Please comment if I am wrong about something here.
At the moment I am looking at option 4.
Any comments are welcome!
Option 1. Nextcloud AIO publicly available through HTTPS
It needs the HTTP & HTTPS ports which are in use. Otherwise, this would be the go-to for me.
Option 2. Nextcloud AIO through wireguard
I would have to switch between two wireguard instances on Android. There would probably be continuous connection errors and sync problems on apps that try to connect to either location (nextcloud and davx5 for example).
Setup would be a bit compilated for me. AFAIK, I would have to set up a local DNS, self made certificates and a reverse proxy for the Apache server.
Setup would be complicated for all other users as well and require wireguard and manually installed certificates.
Option 3. Nextcloud AIO with tailscale
Setup complicated like #2 and then some?
I have no idea if it works while using the android wireguard app for the other connection I need.
Option 4. Radicale and Ente publicly available
As far as I know, these run on special ports that are not 80 or 443.
Server setup would be slightly complicated.
Client setup would be simple.
Document sync I would have to figure out later (maybe just syncthing or otter setup?).
Can’t you just use Apache as a reverse proxy and configure it to proxy to Nextcloud?
I understood NC needs ports 80 and 443, at least from the nextcloud aio installation doc
With a reverse proxy you can route connections to arbitrary ports. Just remap the ports in the docker containers if they run on the same machine, otherwise they’ll refuse to start when the conflict is detected.
I have it set up like this. music.mydomain.net redirects to navidrome, video.mydomain.net to jellyfin, news.mydomain.net to miniflux, cloud.mydomain.net to Nextcloud (this one is on a VPS tho), and so on; those are all on different ports, but I never need to input it as it always goes over https 443.
Thank you and everyone else! Now I need to get a domain that allows subdomains
Thanks for this. I have been looking for a replacement for an old subsonic fork that was long ago abandoned. Navidrome looks like a great option!
Mine doesn’t have 80, it has a reverse proxy on 443 when I’m using a subdomain, but there is an option to use a subfolder instead. (This is with nginx, not apache, but I would assume it’s similar)
The thing that doesn’t yet work for me is the redirect back after authentik login. (The login works, but just doesn’t do it as seamlessly as I expect and I think it’s a config issue)
I understood from here it shouldnt work
Maybe you use another flavor and not the aio?
Edit oh you have 443 though, nvm!
OK forget about the ports. Use the docker image of nextcloud, whatever flavor you want.
In the docker compose you change 80:80 and 443:443 to 81:80 and 444:443.
Then, you configure your already available apache to redirect https://nextcloud.yourdomain.com/ to yourip:444.
That’s it. You just launched nextcloud with an arbitrary port which is not the default because it suits your needs, a’d configured apache to redirect to that port.
Edit : you don’t even need to expose 81:80 if you don’t need it :-)
I had understood it has to be 443 and 80 for it to work, but this was wrong I guess. Maybe it was only a limitation of Nextcloud AIO which I would have used otherwise…?
In fact 80 and 443 refer to http and https, those are default ports.
You can in fact use the ports you want for the service you want. I have multiple web services behind the ports 80 and 443, you need one service that is able to get the request at the correct port. This is the role of the reverse proxy.
Apache can assume that role, you go to anything.yourdomain.com and apache will then redirect “anything” to the correct service (with the internal ip and port). So say you want to put nextcloud at 7777 you can tell docker to expose 7777 and redirect it to 443 on nextcloud.
The chain is like that in the case : nextcloud.yourdomain.com > apache > nextcloud is at ip:7777 > redirect the request to 7777 > nextcloud homepage is shown
According to this it is not supported?
However, I should learn how to do subdomains and the reverse proxy then… Which is another question.
I have until now a free domain which is somethig like mysubdomain.ddns.net. So I presume I need to get a paid domain for this so I can do subdomains
Fwiw: I use a reverse proxy (caddy). Maybe you are interested in that
Your existing Apache setup can be used as a reverse proxy. The idea is, you setup those other services (eg, next cloud or radicale) on other systems, or on the same system with different ports. Then when you access some URL, eg https://yourhomenetwork.com/radicale, Apache acts as an intermediary and returns the service at http://127.0.0.1:8080/radicale. No additional open ports needed. No additional certificates needed.
Apache can even be configured to respond to requests differently if they’re coming from the internet or from wireguard. Say if you wanted to deny all traffic from the internet and only access it from your VPN, or if you wanted to conditionally apply a password.
You can also use Apache to host multiple domain names, or sub domains, from the same IP address and ports (the feature is called “vhost”). That may require multiple SSL certificates though. (EDIT: If youre using a wildcard certificate, you can host multiple sub domains from that one certificate)
You’ve got options though, and you don’t need to break what you’ve already got :)
Can’t you use a wildcard SSL cert for subdomains? (*.mydomain.com)
Absolutely! Yes you can :) Good point, and I will now change my comment for greater accuracy.
How I’m doing it: setup nginx-proxy-manager as frontend and put all services behind it, using different names (cloud.home, media.home, etc) but with the same IP (the proxy IP).
yunohost to configure nextcloud and all the apps you want
For WebDav I would look at https://github.com/sabre-io/Baikal
Unless you want all the other parts of Nextcloud and need the big package.
