KL Tech Videos Watch on YouTube

EP 2 Deploy Defend Expose Nextcloud Uncomplicated Firewall Fail2ban Nginx Reverse Proxy Access Lists

3 min read 3 hours ago
Published on Sep 15, 2025 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

In this tutorial, we will guide you through the process of securing your Nextcloud server by implementing several key components: the Uncomplicated Firewall (UFW), Fail2ban, Nginx as a reverse proxy, and access lists. By the end of this guide, your Nextcloud instance will be fortified against common security threats and optimized for performance.

Step 1: Install Uncomplicated Firewall

  1. Update your system:

    sudo apt update
sudo apt upgrade

  2. Install UFW:

    sudo apt install ufw

  3. Enable UFW:

    sudo ufw enable

  4. Set default policies:

    • Deny all incoming connections:
      sudo ufw default deny incoming
    • Allow all outgoing connections:
      sudo ufw default allow outgoing

Step 2: Install Docker on Ubuntu Server

  1. Install required packages:

    sudo apt install apt-transport-https ca-certificates curl software-properties-common

  2. Add Docker’s official GPG key:

    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

  3. Set up the stable repository:

    sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

  4. Install Docker:

    sudo apt update
sudo apt install docker-ce

Step 3: Install Docker Compose

  1. Download the latest version of Docker Compose:

    sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

  2. Set permissions:

    sudo chmod +x /usr/local/bin/docker-compose

  3. Verify installation:

    docker-compose --version

Step 4: Install Nginx Proxy Manager

  1. Create a Docker network:

    docker network create nginx-proxy

  2. Run Nginx Proxy Manager container:

    docker run -d -p 80:80 -p 443:443 --name npm --restart=always \
  -v /path/to/npm/data:/data \
  -v /path/to/npm/letsencrypt:/etc/letsencrypt \
  --network nginx-proxy \
  jc21/nginx-proxy-manager

Step 5: Obtain an SSL Certificate for Nginx Proxy Manager

  1. Access the Nginx Proxy Manager interface via your browser.
  2. Follow the prompts to request an SSL certificate for your domain.

Step 6: Create a Proxy Host and Internal Domain

  1. In Nginx Proxy Manager, navigate to the "Proxy Hosts" section.
  2. Add a new Proxy Host with:
    • Domain Names
    • Forward Hostname/IP
    • Forward Port
    • SSL options

Step 7: Configure Custom DNS Resolution

  1. Edit your local DNS settings to point to your internal domain.
  2. Verify that the DNS resolution works by pinging the domain.

Step 8: Set Up UFW Rules for Nginx Proxy Manager

  1. Allow HTTP and HTTPS traffic:
    sudo ufw allow 'Nginx Full'

Step 9: Implement Access Lists in Nginx Proxy Manager

  1. Navigate to the Access Lists section in Nginx Proxy Manager.
  2. Create access rules for your proxy hosts to restrict unauthorized access.

Step 10: Setup Nextcloud AIO

  1. Run the Nextcloud AIO Docker container:

    docker run -d -p 80:80 -p 443:443 --name nextcloud-aio \
  -v /path/to/nextcloud:/var/www/html \
  --network nginx-proxy \
  nextcloud/all-in-one

  2. Follow the setup instructions in the Nextcloud interface to complete the installation.

Conclusion

You have successfully secured your Nextcloud instance using UFW, Fail2ban, Nginx as a reverse proxy, and access lists. These steps not only enhance the security of your server but also improve its performance. For further enhancements, consider configuring Fail2ban to protect against brute-force attacks and regularly updating your system.

Table of Contents

Recent