Nextcloud HPB ALL-IN-ONE Docker

Nextcloud High Performance Backend Stack entirely packed up in one docker container aims to give you that boost you need in under one minute, with hardly any work needed on your end.

I have automated the entire process taking care of all the heavy lifting for you.

The Dockerfile and the automation scripts are my proprietary, and anyone is free to use them as long as it’s linked back to my page.

Furthermore, besides having spent hours putting this stack together with maximum level of automation as well as addressing all kinds of issues along the way, I have also tested the stack on both Linode and Vultr VPS Clouds and was able to get 7 users with video on a conference with absolute smoothness. 

AWS and GCP will be a bit different, since they NAT to the VM, which complicates things a little, but should be doable with minor changes in Janus


    1. Super User-friendly configuration
    2. Automation Scripts and Dockerfile Source code on my Git (not a fan of github)
    3. Up and running under a min
    4. Zero Configuration required on your end
    5. Tested on Both Centos 7 and Ubuntu 20.04 and should work on Centos 8 and succeeding Ubuntu Versions.

Things you should know .. before going any further

While this is quite safe, the container image is built on top of Base Ubuntu 20.04 with systemd, which means it has to be run as root, in order for systemd to work.

If you do not know how to run your systems securely, or not sure what that means for you, then stop and get out of here.

If you still want to try it out, but you’re not sure about server hardening and other network security measures, then give it a whirl on a newly spun up cloud VM.

NOTE: this container is no different than running on a VM in a sense, so there should be hardly any difference there in terms of security, you’d manage it similarly to a VM.

Use Cases

Nextcloud HPB ALL-in-ONE Docker is intended for home and small office use with instant up time, and while scalability is doable, it’d require some minor changes within the different service componenets.

Also note that scalability requires a micro-services approach as opposed to a monolithic one that is. 


You’ll need a server on Vultr or Linode a $5 instance is more than enough to get you up and running.

Note: if you click the Vultr Link above, I’ll consider it a beer for all my hard-work here, as Vultr referral program gives a few bucks on those.


Getting Started

NOTE: if you wish to get started immediately, I have a prebuilt image here, and all you have to do is change the env vars to your settings.

Let’s Get Started! Grab the docker file here:

git clone

or if you do not have git:


Build it:

 docker build --rm --no-cache -t nc_hpb:latest .

Alternatively, you can pull my latest image (built on 10/25/2021)

 docker pull

Now you will need a few Env Variables to fire it up:
Get the output of the command “ip address”

root@hpb:~# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
    link/ether 56:00:03:a4:9f:b9 brd ff:ff:ff:ff:ff:ff
    inet brd scope global dynamic enp1s0
       valid_lft 68379sec preferred_lft 68379sec
    inet6 2001:19f0:7001:466e:5400:3ff:fea4:9fb9/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 2591621sec preferred_lft 604421sec
    inet6 fe80::5400:3ff:fea4:9fb9/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:96:e4:97:52 brd ff:ff:ff:ff:ff:ff
    inet brd scope global docker0
       valid_lft forever preferred_lft forever

Fire it up with the ONE liner

docker run --privileged --net host \
--name hpbb3 \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-v /etc/hosts:/etc/hosts \
-e CLD_REALM='' \
-e CLD_JANUSRTPPORTRANGE='20000-40000' \
-e CLD_ICEINTERFACE='enp1s0' \

Note: if you have built the image following the above steps, the replace the docker image with the one you just created (eg: nc_hpb:latest

Once the Container is up, get the generated credentials:

# docker exec hpbb3 cat /root/keys.txt

# docker exec hpbb3 cat /root/keys.txt
NextCloudHPBSecret: f9f2b5210db558e96cfa27cd97f42265
TurnSecret: e023e3cd2e27d1794ba084b5f8d70087dc890da38bef63292fb00937fc37acbb

You’ll need those to plug it into nextcloud

The Variables:

CLD_CLOUDURL: Is the Full URL of your nextcloud instance

CLD_COTURNLISTENERIP: should be the Public IP of the instance, if you set this to localhost, you wont be able to use it as a TUN server for talk.

CLD_COTURNMINPORT: Coturn UDP port range (min port)

CLD_COTURNMAXPORT: Coturn UDP port range (max port)

CLD_REALM: is server DNS REALM hostname ex:


CLD_ICEINTERFACE: The interface with the public IP or where traffic will be coming from.


You will need to expose the UDP port ranges for both Coturn and Janus and Nginx TCP, assuming you’re going straight with my settings

  1. 40001-60000/UDP
  2. 20000-40000/UDP
  3. 3478/UDP-TCP
  4. 5349/UDP-TCP
  5. 80 and 443/TCP
Nginx Config:
Simply slap this in your Nginx (Based on official repo)

upstream signaling.peter.lan {


server {
        listen 80;
        listen [::]:80;
        return 301 https://$host;

server {
        listen 443 ssl;
        listen [::]:443 ssl;

       include /letsencrypt/ssl/conf;

        access_log /var/log/nginx/;
        error_log /var/log/nginx/;

    client_max_body_size 0;
    underscores_in_headers on;

        location /standalone-signaling/ {
                proxy_pass http://signaling.peter.lan/;
                proxy_http_version 1.1;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        location /standalone-signaling/spreed {
                proxy_pass http://signaling.peter.lan/spreed;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


Updates are made easy, to get the latest everything, either pull my pre-built docker image or better yet, rebuild it again, and run the same “docker run” command you ran first time, ideally just repeat the two steps above.

That’s it, you’re all set.

Please do NOT forget to comment and leave a feedback if this saves you a good number of hours.