Nextcloud: self-hosted file sync, calendar, contacts, and collaborative office

Install: AIO is the easiest path

The Nextcloud All-in-One project bundles everything (Nextcloud + Apache + Redis + Postgres + Collabora + Talk + backup + ClamAV) into a single mastercontainer that manages the rest. It's the most reliable install path for a homelab in 2026:

sudo docker run -d \
    --name nextcloud-aio-mastercontainer \
    --restart always \
    --publish 80:80 \
    --publish 8080:8080 \
    --publish 8443:8443 \
    --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
    --volume /var/run/docker.sock:/var/run/docker.sock:ro \
    nextcloud/all-in-one:latest

Browse to https://<host>:8443 — the AIO interface walks through:

1. Generate the initial admin password (shown once; save it).
2. Pick the domain (e.g. cloud.example.com).
3. Pick optional add-ons: Talk, Collabora Office, OnlyOffice, ClamAV, Whiteboard, Imaginary (image processing), full-text search.
4. Click "Start containers" — AIO pulls and configures everything (5-15 minutes).

After it's done, login to the actual Nextcloud at the configured domain.

The traditional path: docker compose

For more control:

# docker-compose.yml
services:
  db:
    image: postgres:16-alpine
    restart: unless-stopped
    volumes:
      - db-data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: nextcloud
      POSTGRES_USER: nextcloud
      POSTGRES_PASSWORD: ${DB_PASSWORD}

  redis:
    image: redis:7-alpine
    restart: unless-stopped

  app:
    image: nextcloud:30-apache
    restart: unless-stopped
    ports:
      - "127.0.0.1:8080:80"
    volumes:
      - nextcloud-data:/var/www/html
      - ./data:/var/www/html/data        # bulk user data on its own mount
    environment:
      POSTGRES_HOST: db
      POSTGRES_DB: nextcloud
      POSTGRES_USER: nextcloud
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      REDIS_HOST: redis
      NEXTCLOUD_TRUSTED_DOMAINS: cloud.example.com
      OVERWRITEPROTOCOL: https
      OVERWRITECLIWEBROOT: https://cloud.example.com
      PHP_UPLOAD_LIMIT: 16G
      PHP_MEMORY_LIMIT: 1G
    depends_on: [ db, redis ]

  cron:
    image: nextcloud:30-apache
    restart: unless-stopped
    volumes:
      - nextcloud-data:/var/www/html
      - ./data:/var/www/html/data
    entrypoint: /cron.sh
    depends_on: [ db, redis ]

volumes:
  db-data:
  nextcloud-data:

The separate cron container runs Nextcloud's background-job poller every 5 minutes (file scanning, federation sync, notification dispatch, app cron). Without it, Nextcloud falls back to "AJAX" cron which only runs when users are active — bad for unattended jobs.

Reverse proxy

# Caddy
cloud.example.com {
    reverse_proxy 127.0.0.1:8080

    # .well-known endpoints for CalDAV / CardDAV / Nodeinfo discovery
    redir /.well-known/carddav    /remote.php/dav/ 301
    redir /.well-known/caldav     /remote.php/dav/ 301
    redir /.well-known/webfinger  /index.php/.well-known/webfinger 301
    redir /.well-known/nodeinfo   /index.php/.well-known/nodeinfo 301

    request_body { max_size 16GB }
    header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}

The .well-known redirects matter for client auto-discovery: mobile CalDAV/CardDAV apps and webfinger consumers expect them at the root domain.

Performance tuning that pays off

1. Database — use Postgres or MySQL/MariaDB; never SQLite for >5 users. Postgres is the recommended default.
2. Redis — configure both file locking and memcache to use Redis. Without it, Nextcloud uses APCu (in-process) for memcache, which doesn't share state across PHP workers.
3. OPcache — set in php.ini: opcache.memory_consumption=256, opcache.interned_strings_buffer=32. The official docs flag warnings for both in Settings → Administration → Overview.
4. HTTP/2 + HTTPS — required for the desktop client's chunked uploads to perform well.
5. Background cron — via the separate cron container (above) or a systemd timer on the host.

Apps worth enabling

Settings → Administration → Apps. The standout picks:

• Calendar — CalDAV, syncs to iOS / macOS / Thunderbird / DAVx5 on Android.
• Contacts — CardDAV, same client list.
• Talk — chat, voice/video calls (WebRTC). For larger conferences (10+ participants), add a TURN server (coturn).
• Mail — an IMAP / SMTP web client. Lets users read their personal mailbox without leaving Nextcloud.
• Notes — per-user markdown notes that sync to the Joplin / iA Writer family of apps.
• Deck — kanban board for personal / shared task management.
• Photos — mobile-app auto-upload (the killer feature: photos snap, sync immediately to your server). For polish-equivalence with Immich (see that tutorial), Photos isn't there yet; for "I just want phone auto-backup," it works.
• Collabora Online or OnlyOffice — browser-based Word / Excel / PowerPoint with real-time collaborative editing.

Desktop and mobile clients

• Desktop sync clients for Windows, macOS, Linux at nextcloud.com/install. Pick which local folders sync to which remote folders; virtual files supported on Windows.
• Mobile apps on iOS and Android — file browser + auto-upload of photos + offline file access for marked files.
• WebDAV mount — any tool that speaks WebDAV (rclone, Finder, KDE's network browser) can mount Nextcloud files directly.

External storage

Nextcloud's "External Storage" app lets you mount S3, SFTP, FTP, NFS, SMB, WebDAV, or local filesystem mounts as folders inside the user's view. Useful for:

• Mounting an existing S3 / MinIO bucket as a Nextcloud folder (see MinIO).
• Sharing a NAS SMB mount through Nextcloud's permission system.
• Federated Nextcloud-to-Nextcloud folder sharing.

Backups

Three things:

• Postgres — pg_dump nightly.
• The data directory (/var/www/html/data in the container, mounted from ./data) — the actual user files. Often the biggest piece.
• The config directory (/var/www/html/config/) — config.php holds DB password, instance ID, encryption keys.

The AIO install includes a built-in BorgBackup target — configure once, it backs up nightly to a chosen path. For manual installs, restic (see that tutorial) on all three is the standard.

Always put Nextcloud in maintenance mode before backing up live data:

docker compose exec app php occ maintenance:mode --on
# do backup
docker compose exec app php occ maintenance:mode --off

occ: the CLI

occ is Nextcloud's command-line admin tool, run inside the container:

docker compose exec -u www-data app php occ <command>

# Common operations
occ user:add bob
occ user:resetpassword bob
occ files:scan --all                       # rescan filesystem (after manual file changes)
occ db:add-missing-indices
occ app:install talk
occ app:disable theming
occ config:system:set trusted_domains 1 --value=cloud.example.com

When Nextcloud is the wrong tool

• For pure file sync without the everything-app-store, Syncthing is lighter and runs without a server (peer-to-peer).
• For only photos, Immich (see that tutorial) has materially better photo UX than Nextcloud Photos.
• For team-wiki content, Outline (see that tutorial) is a more polished editor.
• Resource use is non-trivial — 2 GB RAM for a small instance, growing with users + apps. Less than Google Workspace, more than a single-purpose tool.

For "my family / small team needs Google Drive + Calendar + Contacts + Office on hardware I own," Nextcloud is still the most complete answer in 2026.