By wody in cloud

[Docker] OwnCloud on Synology NAS

[Docker] OwnCloud on Synology NAS

This guide shows how I deployed OwnCloud on a Synology NAS using Docker Compose, with MariaDB and Redis. We’ll store data on NAS volumes, run everything via Container Manager (the new Docker UI on Synology), and finally publish OwnCloud at oc.domain.com using Synology’s Reverse Proxy with HTTPS.

Prerequisites

Synology NAS with DSM 7.x

Container Manager package installed (a.k.a. Docker)

An admin account on DSM

A domain you control (e.g., domain.com) with DNS pointing to your NAS (public IP or behind your router with port-forwarding)

Optional but recommended: a dedicated DSM user and group for containers (PUID/PGID)

Folder Layout on Synology

Create persistent folders so data survives image updates:

/volume1/docker/owncloud/
├─ mariadb/ # MariaDB data
├─ redis/ # Redis data
└─ data/ # OwnCloud data

Tip: You can create these in File Station. Make sure your container user has read/write permissions.

docker-compose.yml for Synology

Below is the compose file I use. Sensitive values are masked; adjust paths to match your volume names. This works great via Container Manager → Projects or over SSH with docker compose.

services:
  # ── MariaDB for ownCloud ──────────────────────────────
  db:
    image: mariadb:12.0.1-ubi9-rc
    container_name: oc-mariadb
    command: >
      --transaction-isolation=READ-COMMITTED
      --binlog_format=ROW
      --innodb_file_per_table=1
      --character-set-server=utf8mb4
      --collation-server=utf8mb4_general_ci
    environment:
      MYSQL_ROOT_PASSWORD: ""        # ⚠️ Change to a strong root password
      MYSQL_DATABASE: "owncloud"
      MYSQL_USER: "owncloud"
      MYSQL_PASSWORD: ""             # ⚠️ Change to a strong DB password
    volumes:
      - /volume1/docker/owncloud/mariadb:/var/lib/mysql   # DB data directory
    restart: unless-stopped
    networks:
      - oc-net

  # ── Redis cache for ownCloud ──────────────────────────
  redis:
    image: redis:8.2.0-alpine
    container_name: oc-redis
    command: ["redis-server", "--appendonly", "yes"]       # Persistent AOF mode
    volumes:
      - /volume1/docker/owncloud/redis:/data               # Redis data directory
    restart: unless-stopped
    networks:
      - oc-net

  # ── ownCloud server ──────────────────────────────────
  owncloud:
    image: owncloud/server:latest
    container_name: owncloud
    ports:
      - "18080:8080"                        # LAN access → http://NAS-IP:18080
    depends_on:
      - db
      - redis
    environment:
      OWNCLOUD_DOMAIN: "oc.domain.com"      # Public host
      # Enable these when behind Synology Reverse Proxy + HTTPS
      OWNCLOUD_OVERWRITE_HOST: "oc.domain.com"
      OWNCLOUD_OVERWRITE_PROTOCOL: "https"

      OWNCLOUD_DB_TYPE: "mysql"
      OWNCLOUD_DB_NAME: "owncloud"
      OWNCLOUD_DB_USERNAME: "owncloud"
      OWNCLOUD_DB_PASSWORD: ""              # ⚠️ Change to match DB password
      OWNCLOUD_DB_HOST: "db"

      OWNCLOUD_ADMIN_USERNAME: "admin"      # ⚠️ Change admin username
      OWNCLOUD_ADMIN_PASSWORD: ""           # ⚠️ Change admin password

      OWNCLOUD_MYSQL_UTF8MB4: "true"

      OWNCLOUD_REDIS_ENABLED: "true"
      OWNCLOUD_REDIS_HOST: "redis"
      OWNCLOUD_REDIS_PORT: "6379"
    volumes:
      - /volume1/docker/owncloud/data:/mnt/data            # User data storage
    restart: unless-stopped
    networks:
      - oc-net

networks:
  oc-net:
    driver: bridge

Notes for Synology

  • Ports: I expose 18080:8080 for quick LAN testing. When the reverse proxy is set up, you can keep this or remove the external port mapping if you only want HTTPS via the proxy.
  • Permissions: If you use a non-admin user for containers, set folder ownership/ACLs accordingly (right-click folder → PropertiesPermissions).
  • Firewall: If DSM’s firewall is enabled, allow inbound on 18080 (temporary) and 80/443 for the reverse proxy.

Bring It Up

You can deploy in either of these ways:

Option A — Container Manager (GUI)

  1. Open Container Manager → Projects → Create.
  2. Upload/paste the docker-compose.yml.
  3. Click Next → Deploy.

Option B — SSH

ssh admin@<NAS-IP>
cd /volume1/docker/owncloud
docker compose up -d

Then test locally: http://<NAS-IP>:18080

Publish at oc.domain.com via Synology Reverse Proxy (HTTPS)

We’ll front OwnCloud with Synology’s built-in Nginx reverse proxy and a Let’s Encrypt certificate.

1) Create / Assign the Certificate

  1. Control Panel → Security → Certificate.
  2. Click AddAdd a new certificateGet a certificate from Let’s Encrypt.
  3. Domain name: oc.domain.com
    Email: your email
    Subject Alternative Name: (optional; leave empty or add more hostnames)
  4. Complete the challenge (make sure oc.domain.com resolves to your NAS’s public IP, and port 80 is reachable from the internet).

2) Set Up the Reverse Proxy

  1. Control Panel → Login Portal → Advanced → Reverse ProxyCreate.
  2. Description: OwnCloud
  3. Source
    • Protocol: HTTPS
    • Hostname: oc.domain.com
    • Port: 443
    • Certificate: choose the Let’s Encrypt cert for oc.domain.com
  4. Destination
    • Protocol: HTTP
    • Hostname: 127.0.0.1 (or your NAS LAN IP)
    • Port: 18080 (the container’s published port)
  5. Click Save.
If you removed the external port mapping and are only exposing the container internally, point the destination to the container’s bridge IP/port 8080 instead. Using 127.0.0.1:18080 is simplest when you keep the mapping in compose.

3) Tell OwnCloud It’s Behind HTTPS

You already set these in the compose file:

OWNCLOUD_OVERWRITE_HOST: "oc.domain.com"
OWNCLOUD_OVERWRITE_PROTOCOL: "https"

This ensures links and redirects use https://oc.domain.com.

4) Test

Open: https://oc.domain.com
You should see the OwnCloud login page, secured by your Let’s Encrypt certificate.

Maintenance & Upgrades

  • Update images: docker compose pull docker compose up -d
  • Backups: snapshot or back up /volume1/docker/owncloud/ (all three subfolders) regularly.
  • Logs: docker compose logs -f owncloud docker compose logs -f db docker compose logs -f redis

Troubleshooting (Synology-Specific)

  • Certificate issuance fails: Verify DNS (A record for oc.domain.com) and that your router forwards port 80 to the NAS.
  • Reverse proxy loops or wrong URL: Double-check OWNCLOUD_OVERWRITE_HOST and OWNCLOUD_OVERWRITE_PROTOCOL in the environment.
  • Permissions errors on volumes: Fix folder permissions in File Station → Properties → Permissions, or via SSH with chown/chmod.
  • Firewall blocks: If DSM firewall is on, allow 80/443 (reverse proxy) and 18080 (if you still test via port mapping).

Final Thoughts

With Synology’s Container Manager, OwnCloud runs smoothly alongside MariaDB and Redis, with data safely persisted on NAS volumes. The built-in reverse proxy plus Let’s Encrypt makes it straightforward to publish a clean, secure URL—https://oc.domain.com—without exposing random high ports to the internet.

Previous

[Docker] Code-server on Synology NAS

 Next

[Docker] Joplin Server on Synology NAS

You might also like...