Nextcloud AIO Setup on Docker

By LK Wood IV · 2026-06-13 · ~13 min read · St. Louis County, MO

Nextcloud All-in-One is the officially supported Docker deployment. It handles the dependency stack — PostgreSQL, Redis, Apache, Collabora Office, signaling server, image processing — and keeps everything version-aligned automatically.

This guide deploys AIO with an external reverse proxy (Nginx Proxy Manager), sets up the desktop and mobile sync clients, and covers backup.

What you’ll have at the end

  • Nextcloud AIO running in Docker with PostgreSQL and Redis
  • Nextcloud Office (Collabora CODE) for editing DOCX/XLSX/PPTX in the browser
  • HTTPS at nextcloud.yourdomain.com via Nginx Proxy Manager
  • Desktop sync client configured on macOS/Windows/Linux
  • Automatic backup to your choice of local or B2 storage

Prerequisites

  • Docker on a Linux host
  • A proxy Docker network created: docker network create proxy
  • Nginx Proxy Manager running with a wildcard SSL cert
  • A domain pointing to your server (for LAN-only access, a local .lan domain with AdGuard Home DNS rewrites works)
  • Minimum 4GB RAM available for the Nextcloud stack

Step 1: Deploy the AIO master container

AIO uses a “master container” that manages all other containers via the Docker socket. The AIO web interface runs on port 8080 and lets you start/stop the entire stack.

mkdir -p /opt/stacks/nextcloud && cd /opt/stacks/nextcloud

Create the compose file:

# /opt/stacks/nextcloud/docker-compose.yml
services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    container_name: nextcloud-aio-mastercontainer
    restart: unless-stopped
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - 8080:8080    # AIO admin interface
    environment:
      APACHE_PORT: 11000               # The port Nextcloud's Apache will listen on
      APACHE_IP_BINDING: 0.0.0.0
      NEXTCLOUD_DATADIR: /mnt/ncdata   # Change to your NAS mount or large disk
      NEXTCLOUD_UPLOAD_LIMIT: 10G      # Max file upload size
      NEXTCLOUD_MAX_TIME: 3600         # PHP max execution time in seconds
      NEXTCLOUD_MEMORY_LIMIT: 512M     # PHP memory limit
      NEXTCLOUD_TRUSTED_CACERTS_DIR: /etc/ssl/certs  # Trust system CA bundle
      SKIP_DOMAIN_VALIDATION: "false"  # Set "true" only for purely local setups
    networks:
      - proxy

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

networks:
  proxy:
    external: true

Set NEXTCLOUD_DATADIR to the path where you want your Nextcloud files stored. This must be a directory the Docker container can write to:

mkdir -p /mnt/ncdata
chown -R 33:33 /mnt/ncdata   # www-data UID inside the container

Start the master container:

docker compose up -d
docker compose logs -f nextcloud-aio-mastercontainer

Step 2: Configure Nginx Proxy Manager for AIO

AIO’s Apache instance runs on port 11000 (as set by APACHE_PORT). NPM sits in front and handles TLS termination.

In NPM → Add Proxy Host:

  • Domain: nextcloud.yourdomain.com
  • Scheme: http
  • Forward hostname: host machine IP (or 172.17.0.1 — Docker bridge gateway to reach the host from inside NPM’s container)
  • Port: 11000
  • Websockets Support: ON (required for Talk and Office)
  • SSL: wildcard cert, Force SSL on, HTTP/2 support on

In the Advanced tab, add:

client_max_body_size 10G;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;

The client_max_body_size must match your NEXTCLOUD_UPLOAD_LIMIT. The extended timeouts are required for large file uploads that take longer than the default 60s.

Step 3: AIO initial setup

Access the AIO admin interface at http://your-host-ip:8080:

  1. AIO password — you’ll be shown a passphrase on first visit; copy it
  2. Enter your domain — type nextcloud.yourdomain.com
  3. AIO validates that it can reach itself at the domain (it makes an outbound HTTP check)
  4. Click Start containers — AIO spins up: Nextcloud, PostgreSQL, Redis, Imaginary, Apache

Initial container startup takes 3–5 minutes. Watch the logs:

docker logs -f nextcloud-aio-mastercontainer

Once all containers show green, access Nextcloud at https://nextcloud.yourdomain.com.

AIO generates an admin username and initial password — copy them from the AIO interface before your first login.

Step 4: Enable Nextcloud Office

Back in the AIO interface at http://your-host-ip:8080:

  • Click the Nextcloud Office toggle → Enable
  • Restart the container stack

After restart, in the Nextcloud web UI → Admin → Office:

  • The Collabora CODE server URL should auto-detect as https://nextcloud.yourdomain.com/
  • Click Save and test by opening a DOCX file — it should load in the browser editor

What Nextcloud Office does: Opens Microsoft Office formats (DOCX, XLSX, PPTX, ODP, ODS, ODT) in-browser using Collabora’s LibreOffice engine. Multiple users can co-edit the same document. This is the self-hosted Google Docs analog.

Step 5: Desktop sync client

Download the Nextcloud desktop client for your OS from nextcloud.com/install — select the appropriate client for Windows, macOS, or Linux.

Setup:

  1. Open the client → Server URL: https://nextcloud.yourdomain.com
  2. Log in with your Nextcloud account credentials
  3. Choose what to sync locally — you can sync everything or pick specific folders

The desktop client creates a local folder that stays in sync with your Nextcloud instance. Changes made on any device (web, mobile, or desktop) appear everywhere within seconds.

Mobile clients:

  • iOS: “Nextcloud” in the App Store
  • Android: “Nextcloud” in Play Store or F-Droid

Mobile clients support automatic photo/video backup — configure in the app under “Auto Upload.” This is the Dropbox/iCloud analog. Unlike Immich (which does ML-powered face detection and search), Nextcloud’s photo backup is simple file sync — good for documents and photos you want to access from anywhere, not a replacement for a photo management app.

Step 6: Calendar and contacts sync

Nextcloud includes CalDAV (calendar) and CardDAV (contacts) sync out of the box.

iOS/macOS:

  • Settings → Calendar → Accounts → Add Account → Other → Add CalDAV Account
  • Server: https://nextcloud.yourdomain.com/remote.php/dav/principals/users/your-username/
  • Username + password: your Nextcloud credentials
  • Same setup for CardDAV under Contacts → Accounts

Android:

  • Install DAVx⁵ (F-Droid or Play Store — requires a one-time purchase on Play Store)
  • Add your Nextcloud account in DAVx⁵ → it discovers both CalDAV and CardDAV endpoints automatically

Thunderbird/other desktop clients:

  • CalDAV URL: https://nextcloud.yourdomain.com/remote.php/dav/calendars/username/personal/
  • CardDAV URL: https://nextcloud.yourdomain.com/remote.php/dav/addressbooks/users/username/contacts/

Step 7: Configure AIO backups

AIO has a built-in backup system that archives all containers’ data (including PostgreSQL and Redis) to a local or remote Borgbackup repository.

In the AIO interface at http://your-host-ip:8080:

  1. Backup location — set to a path on a separate disk from your main data (or a NAS mount):
    /mnt/backups/nextcloud
  2. Backup schedule — enable daily automated backups; AIO stops the stack briefly (1–2 min) during backup
  3. Optional: Borg remote — AIO supports Borg remote repositories (SSH-based off-site). For B2-style object storage, use the restic approach in the restic guide instead of AIO’s native backup.

The AIO backup includes everything: the Nextcloud files, database, Redis state, and config. A restore from AIO backup brings back the full working stack.

Resource usage

With Nextcloud Office enabled, on a Debian host with no active users:

ComponentRAM
Nextcloud (PHP-FPM workers)~400 MB
PostgreSQL~120 MB
Redis~25 MB
Apache~80 MB
Nextcloud Office (Collabora)~700 MB
Imaginary~50 MB
Total~1.4 GB

Under active use (users uploading files, editing documents), expect 2–3GB. This is higher than most single-service containers — Nextcloud AIO is a full office stack, not just a file sync daemon.

Limiting external network access

Nextcloud doesn’t need to be exposed to the internet to function as a personal file server. For LAN + Tailscale-only access:

  1. In NPM, add an access list to nextcloud.yourdomain.com:

    • Allow 192.168.1.0/24 (your LAN)
    • Allow 100.64.0.0/10 (Tailscale IP range)
    • Deny all

  2. In AdGuard Home, add a DNS rewrite: nextcloud.yourdomain.com → your host’s LAN IP. This ensures the domain resolves locally even when Tailscale isn’t active.

For access on mobile data without Tailscale, you’d need to expose NPM publicly. For purely personal use, Tailscale is the simpler and more secure choice.

Nextcloud handles files, calendar, and contacts — but for photos with face recognition and semantic search, run Immich alongside it. They share a host without conflict. For the full picture of what’s worth self-hosting, see the 12 best self-hosted apps guide.