How to Install Nextcloud Using Docker

If you want full control over your personal cloud on a Synology NAS, installing Nextcloud with Docker gives you flexibility without much overhead. You’ll decide between the All-in-One container or a modular Docker Compose stack, prepare DSM properly, and set up secure access with HTTPS and a reverse proxy. Before you start pulling images and mapping volumes, there’s one key choice that shapes everything that follows.

Choose Between AIO and Docker Compose on Synology

Although both methods run Nextcloud in Docker on your Synology NAS, the choice between AIO and a Docker Compose–based stack mainly depends on how much control you need and how much complexity you're prepared to handle.

With Nextcloud AIO, you deploy a single “master” container that orchestrates the rest. You need to meet the documented minimum resources (4 GB RAM and 2 CPU cores), map /var/run/docker.sock and the nextcloud_aio_mastercontainer volume, then access the web interface at https://NAS-IP:8080. AIO can automatically obtain TLS certificates, provides checkboxes to enable components such as Collabora and Talk, and manages most configuration tasks for you. This reduces manual setup but also limits low‑level customization.

With a Synology Docker Compose stack, you explicitly define multiple containers (for example, app, database, web server/proxy, Redis, and optional services) and map individual volumes for configuration, data, database, web root (html), and Redis. This approach requires more initial work and a better understanding of Docker and networking, but it offers finer control over image versions, container settings, update strategies, and integration with other services running on your NAS.

Check Your Synology NAS Requirements and Prepare DSM

Before deciding between Nextcloud AIO and a custom Docker Compose setup on Synology, first confirm that your NAS and DSM meet the basic requirements for running containers reliably. Proper preparation at this stage can help avoid performance issues, networking conflicts, and permission problems later during deployment.

You should be using DSM 7.0 or later, have at least 4 GB of RAM available, and be running on a compatible Intel, AMD, or ARM64 CPU. Users planning a larger private cloud environment with multiple users, media synchronization, or collaborative apps may benefit from additional memory and SSD caching to improve responsiveness.

Then, open Control Panel and check that your firewall rules allow inbound TCP connections on ports 80, 443, and 8082. These ports are commonly required for web access, HTTPS encryption, and container-related services. If remote access is planned, reviewing router port forwarding and reverse proxy settings in DSM can also simplify external connectivity.

Create a dedicated shared folder, such as docker/nextcloud, on a volume with sufficient free space to accommodate application data and growth. Organizing persistent storage early makes backups, migrations, and maintenance much easier over time. This is especially important for users planning a long-term Nextcloud docker installation, since containers typically rely on properly mapped persistent volumes for database files, uploaded documents, and configuration data.

Finally, verify that a trusted TLS certificate (for example, a synology.me wildcard certificate) is installed and can be used for HTTPS access. Secure HTTPS configuration not only protects user traffic but also improves compatibility with mobile apps, WebDAV synchronization, and external integrations that may reject self-signed certificates.

Install Docker (And Portainer) on Synology and Verify

Once your Synology NAS meets the basic requirements, the next step is to install Docker and set up Portainer to manage your containers through a web interface. In DSM, open Package Center, search for Docker, and install it. After installation, open Docker and pull the official Portainer image from the Registry tab.

Create a new container from the Portainer image, map TCP port 9000 from the container to the NAS, and start the container. Then open a browser and go to http://<NAS-IP>:9000, create the initial Portainer administrator account, and connect it to the local Docker environment. Confirm that the setup is working by reviewing the containers list, images, and system status from the Portainer dashboard.

Deploy Nextcloud AIO on Synology With Docker

With Docker and Portainer running on your Synology NAS, you can deploy Nextcloud AIO as a managed stack. First, create the directory /Docker/nextcloud with the subfolders config, custom_apps, data, db, html, redis, and themes.

Remove inherited permissions for the “Everyone” group, then set directory permissions to 0770 to restrict access to authorized users and services.

In Portainer, define a stack that includes MariaDB 11.8-noble for the database, a Redis container with a health check for caching and locking, the main Nextcloud container mapped to host port 8082, and an Apache cron container configured to restart on failure to ensure scheduled tasks are executed reliably.

Configure the environment variables NEXTCLOUD_TRUSTED_DOMAINS, TRUSTED_PROXIES, OVERWRITEHOST, and OVERWRITEPROTOCOL=https to match your nextcloud.yourname.synology.me DDNS hostname and your NAS IP address. This configuration helps ensure correct URL generation, secure HTTPS access behind a reverse proxy, and proper handling of incoming requests.

Deploy Nextcloud on Synology With Docker Compose or Portainer

On a Synology NAS, you can deploy a complete Nextcloud Hub 26 stack using either a Docker Compose file or a Portainer stack definition based on the official nextcloud:33.0.3 image.

The setup typically includes four containers: a MariaDB 11.8-noble database, a Redis instance with a health check, the main Nextcloud container mapped to host port 8082, and a separate Nextcloud Apache cron container.

Before deployment, create persistent directories under docker/nextcloud for config, custom_apps, data, db, html, redis, and themes, and set their permissions to 0770 to control access while allowing the containers to read and write.

In the stack configuration, define environment variables such as NEXTCLOUD_ADMIN_USER, NEXTCLOUD_ADMIN_PASSWORD, TRUSTED_DOMAINS, TRUSTED_PROXIES, OVERWRITEHOST, and OVERWRITEPROTOCOL. These variables help ensure correct initial configuration, proper handling of reverse proxies, and secure access to the instance.

Secure Synology Nextcloud With HTTPS and Reverse Proxy

A secure Nextcloud deployment on a Synology NAS relies on terminating HTTPS at the built‑in reverse proxy and forwarding traffic to the Nextcloud Docker container over HTTP.

In Control Panel → Login Portal → Reverse Proxy, create a rule that maps your synology.me DDNS on HTTPS port 443 to the Nextcloud container’s internal HTTP port 8082.

Attach your wildcard synology.me certificate to this rule to ensure end‑to‑end TLS between clients and the NAS.

In the reverse proxy rule, enable HSTS to enforce HTTPS for subsequent client connections and activate WebSocket support in the advanced settings if required by your setup.

Within the Nextcloud container configuration, set OVERWRITEHOST to your DDNS hostname and set OVERWRITEPROTOCOL to https so that generated links and redirects use the correct external URL.

Add your NAS IP address to the trusted proxies list and include the DDNS hostname in NEXTCLOUD_TRUSTED_DOMAINS to prevent host header issues and to ensure that Nextcloud accepts requests for that domain.

Maintain and Troubleshoot Your Nextcloud Docker Stack on Synology

Once HTTPS terminates at Synology’s reverse proxy, you need a consistent method to keep the Nextcloud Docker stack functional and updated. Portainer can be used to manage a stack that includes MariaDB 11.8-noble, Redis with a health check, a main Nextcloud container exposed on host port 8082, and a separate Nextcloud Apache cron container configured with a “restart on failure” policy.

Configure trusted domains, trusted proxies, overwritehost, and overwriteprotocol in config.php so they reflect your DDNS hostname, the NAS IP address, and HTTPS usage. In Synology’s Reverse Proxy settings, map external port 443 to localhost:8082, enable HSTS and WebSockets, and increase both timeout values to 600 seconds to accommodate longer-running requests.

For upgrades, enable maintenance mode by editing config.php inside the container, then run runuser (or the equivalent Nextcloud upgrade commands as the web server user) within the Nextcloud container. After the upgrade completes, disable maintenance mode in config.php.

Conclusion

You’ve seen how to run Nextcloud on your Synology NAS with either AIO or a Docker Compose stack, configure storage, and secure everything behind HTTPS. Now you can pick the approach that fits your skills, then expand with apps, external storage, and automations. As you monitor, back up, and update your containers, you’ll keep your private cloud fast, resilient, and fully under your control—without relying on third‑party services.