Nextcloud install on a Qnap

This post is also available in: Italiano (Italian)

As crazy it may sounds, I managed to install NextCloud on Qnap. Let’s see how and with what limits.

Nextcloud installs easily on Ubuntu Server, an installation on a “normal” server would not have benefited from the data protection that Qnap provides natively. Qnap is as a device dedicated containing backups and protect data. 

In the most recent version, it also implements “** snapshot” functions guaranteeing an additional resilience in case of attack by ransomware. For a home user it is exactly the right place to install something on which he will then put his own  private data, being shared or not.

Qnap, in the simple 2-disk version (I own the 251+), supports Raid1 and supports “** differential backup” of itself, making possible to restore the situation of some days before in case someone attacked the file system trying to alter data encrypting them or some else even worse.

Installation of NextCloud on Qnap is however a challenge. Qnap has its own proprietary OS, not open, which despite being a fork of Linux follows the logic of a private Chinese company, devoted to the market. Support exists but is basically via User Blog or similar.

Result obtained with certain difficulty was excellent for me.

Let’s see how I made and what choices I have done.

My 251+ is equipped with a 4Core Intel processor 2.2 Ghz, original 2 Gb ram memory can be brought up to 16 Gb using nonQnap-certified Kingston modules, these can be purchased at an affordable price separately. The 4Core and the 16 Gb of ram make the Qnap 251+ usable as storage, cloud server and much more, up to groups of 10/15 people of which 4 to 5 also concurrently. The “** snapshotting” functions are available starting 1 Gb of RAM to up, while NextCloud itself claims from 4 to 6 Gb of RAM depending on the features implemented.

2. Other minimum application requirements are:

    a. An widely configurable good quality router, I use a FritzBox 7490.

    b. An internet line with a minimum 20/30 Mbit upload.

    c. A clear idea of ​​the Qnap configuration and the needs of NextCloud in terms of open ports and which services to enable.

    d. Your own domain name with some mailboxes, the configuration of a DDNS for those who do not have a fixed public address and the related record in the domain’s DNS.

    e. The choice between installing on Docker or on VM, I chose the VM to feel more free and to be able to take advantage of the native snapshot function even the virtualization software, on which will run the VM with Ubuntu and Nextcloud, has.

    6. The choice of a good supplier of the VM, its availability and its presence on the net. I tried: The third-party app on the Qnap Store EU (various ..), a Docker instance(some), Daniel Hansoon’s VM. I chose https://www.hanssonit.se and I’m happy. Daniel has proven to be a serious professional who is always present and always patient. His VM and installation scripting are super professional, very flexible and well cared for. Great job Daniel.

    7. Patient reading of all the documentation between Qnap and NextCloud to understand the architectural and application requirements and be able to get away with just two or three attempts … before starting …

What should you pay attention to?

Who buys a Qnap probably does not have in mind virtualization as main feature (which according to many is not very stable). Qnap is used for backup and for the shared file system within an office or on the local network at home. Time Machine support for Mac users is good and I’ve been using it for years. Qnap soul is therefore to be a NAS above all. In terms of management, it can now also be accessed from the outside via the proprietary DDns service and the related mobile utilities from smartphones.

Its limit is that the more features and app you install and you want to access from tinternet, the more you need to correctly address requests to the services and IPs of the internal network. This part of the configuration requires in-depth knowledge.

My router, although good, displays on the internet a public and dynamic address assigned to me by my operator and from this it reports the assigned and open ports inside using NAT and similar stuff.

Remember obviously basic security rule initially all doors are completely closed, always open only the bare minimum.

When applications are hosted on different IPs, things get complicated. The IP address of the Qnap services cannot be the same as the VM on which Ubuntu and NextCloud run, therefore a new one must be assigned during the configuration phase, I strongly suggest static. 

In addition, some ports must be opened on this new IP before even installing the VM because the “install” script claims to download libraries and updates from various public repositories and must therefore be connected to the internet.

Here in the absence of a Reverse Proxy (the Qnap does not have it native) it must be possible to assign to single external ports unique redirections on the internal network. 

In practice, two internal services on different IPs cannot insist on the same ports, outside they can and must be requested only on different ports. If one exposes (and this is the case) two web servers on different IP must distinguish them out on different ports. Therefore the NextCloud web server and other services that may overlap must be on different ports. This is perhaps the strongest architectural requirement and limitation to consider in a day by day usage.

If we were in a non-domestic IT environment we would have a reverse proxy or we would have different public IPs for the different internal IPs, but in a SOHO environment it is not really easy to have all these resources.

Daniel’s script is extremely rich and allows during the “Install” phase to do many things, assign a static IP address on the private network, install the part of TLS / Https and the relative certificates, with also the update services from Letsencrypt to the quarterly renewal. Install various third-party applications to increase system security, (e.g. Failban). Configure the Ubuntu and Nextcloud update with Cron and in the case of the VM reboot.

NextCloud allows the installation of dozens of apps even later but the installation on Qnap is not very friendly so I suggest to those who try to install the minimum and then only after having delivered a workingenvironment and having established a snapshot policy to proceed with other functions

Things to stay away from:

1. If you choose the same VM that I chose, DO NOT change the layout of the keyboard on the VM (English) and run the script with the certainty of being able to correctly type the characters. Change the one of your client …

2. For a production and shared installation, you need a domain and a little understanding of the configuration of DNS, DDNS if you have dynamic WAN IP and mail.

3. DO NOT do too many installation tests certified with Letsencrypt, there is a non-abuse policy so do not overdo it or you will stand still for a ride (it happened to me)

4. Ports 80 and 443 open on the external router and check UPNP and what you are already asking to do at Qnap, there must be no overlaps.

5. Have enough Ram, that’s why go to the 16 Gb even if not officially supported by the 251+, my VM will drink 6 of it by itself !.

NextCloud supports much more than what appears, from the password manager up to an online version of Office Libra with Groupware functions, go step by step and not everything in my opinion is congruous turns on the QNAP VM.

Some links on which you can find other references.

My Qnap, the rate limits of Letsencrypt, the suite office of Nextcloud Collabora Online, the Ram memory that I used to go to 16 Gb 2 blocks of 8 not certified by Qnap and not guaranteed by me, do not blame me if then installed on the vs Qnap does not work, also look for confirmations on the net. My Fritz Router with internal Gigabit connectivity, what is a reverse proxy.