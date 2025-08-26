Manually deploying Nextcloud on a Yandex Compute Cloud VM or in a VM group, integrated with Yandex Object Storage
In this tutorial, you will connect an Object Storage bucket to a Nextcloud solution deployed on a Compute Cloud VM instance with a database in a Yandex Managed Service for MySQL® cluster. To ensure fault tolerance and redundancy of your Nextcloud infrastructure, you will scale Nextcloud across an instance group and implement L7 load balancing with Yandex Application Load Balancer. In the fault-tolerant configuration, Nextcloud will be available via a domain name, for which a TLS certificate will be issued in Yandex Certificate Manager.
Note
To implement a fault-tolerant Nextcloud configuration, you will need a domain for the L7 load balancer.
Fault-tolerant solution diagram:
Where:
example.com: Your domain for which a certificate is issued in Yandex Certificate Manager, connected to the L7 load balancer.
nextcloud-alb: L7 load balancer to evenly distribute incoming user traffic across instance group hosts.
nextcloud-instance-group: Instance group with hosts the Nextcloud solution is deployed on.
nextcloud-db-cluster: Yandex Managed Service for MySQL® cluster with the Nextcloud service database.
my-nextcloud-bucket: Yandex Object Storage bucket connected to the Nextcloud solution.
To deploy Nextcloud in Yandex Cloud and connect an Object Storage bucket:
-
-
-
Deploy Nextcloud in a fault-tolerant configuration:
- Scale the Managed Service for MySQL® cluster.
- Complete Nextcloud setup and create a VM disk snapshot.
- Add a TLS certificate to Yandex Certificate Manager.
- Deploy an instance group.
- Create an L7 load balancer.
- Create an A resource record in your domain’s public DNS zone.
- Test the solution in the fault-tolerant configuration.
If you no longer need the resources you created, delete them.
Getting started
Sign up for Yandex Cloud and create a billing account:
- Navigate to the management console and log in to Yandex Cloud or create a new account.
- On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the
ACTIVEor
TRIAL_ACTIVEstatus. If you do not have a billing account, create one and link a cloud to it.
If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure.
Learn more about clouds and folders here.
Required paid resources
The cost of the proposed solution includes:
- Fee for disks, disk snapshots, and continuously running VMs (see Yandex Compute Cloud pricing).
- Fee for using public IP addresses and NAT gateways (see Yandex Virtual Private Cloud pricing).
- Fee for data storage in Object Storage and data operations (see Yandex Object Storage pricing).
- Fee for using a MySQL® managed DB (see Managed Service for MySQL® pricing).
- If using Yandex Cloud DNS, the fee for DNS zones and public DNS queries (see Cloud DNS pricing).
- If using a load balancer, the fee for the amount of L7 load balancer resource units (see Yandex Application Load Balancer pricing).
- If using a log group for load balancer logging, the fee for writing and storing data (see Yandex Cloud Logging pricing).
Deploy Nextcloud in a basic configuration
You will deploy the basic Nextcloud configuration on a single VM with the Nextcloud service database created in a single-host Managed Service for MySQL® cluster or directly on the Nexcloud VM.
Set up a cloud network
-
Create a cloud network and subnets for your new cloud infrastructure:Management console
- In the management console, select the folder where you are going to create your infrastructure.
- In the list of services, select Virtual Private Cloud.
- In the top-right corner, click Create network.
- In the Name field, enter a name for the network:
nextcloud-network.
- Make sure the Create subnets option is enabled and click Create network.
-
Create a security group that allows the traffic required for your Nextcloud infrastructure:Management console
-
In the management console, select the folder where you are deploying your infrastructure.
-
In the list of services, select Virtual Private Cloud.
-
In the left-hand panel, select Security groups.
-
Click Create security group.
-
In the Name field, enter
nextcloud-sgfor name.
-
In the Network field, select
nextcloud-networkyou created earlier.
-
Under Rules, create the following traffic management rules:
Traffic
direction
Description Port range Protocol Source /
Destination name
CIDR blocks /
Security group
Inbound
http
80
TCP
CIDR
0.0.0.0/0
Inbound
https
443
TCP
CIDR
0.0.0.0/0
Inbound
ssh
22
TCP
CIDR
0.0.0.0/0
Inbound
self
All
Any
Security group
Current
Inbound
healthchecks
All
Any
Load balancer healthchecks
–
Outbound
any
All
Any
CIDR
0.0.0.0/0
-
Click Create.
-
-
Create a NAT gateway:
Your VMs need internet access to connect to Object Storage buckets. To avoid assigning public IP addresses to VM instances in the group, use a NAT gateway to enable internet access.
Note
You can also configure VM access to the bucket using service connections.
This feature is in the Preview stage.Management console
- In the management console, select the folder where you are deploying your infrastructure.
- In the list of services, select Virtual Private Cloud.
- In the left-hand panel, select Gateways and click Create gateway.
- In the Name field, specify
nextcloud-gatewayas the gateway name.
- In the Type field, select
Egress NATand click Save.
-
Create a route table:Management console
-
In the management console, select the folder where you are deploying your infrastructure.
-
In the list of services, select Virtual Private Cloud.
-
In the left-hand panel, select Routing tables and click Create routing table.
-
In the Name field, specify
nextcloud-rt-table.
-
In the Network field, select
nextcloud-network.
-
Click Add, and in the window that opens:
- In the Next hop field, select
Gateway.
- In the Gateway field, select the NAT gateway you created. The destination prefix will apply automatically.
- Click Add.
- In the Next hop field, select
-
Click Create routing table.
-
-
Link the route table to all subnets in
nextcloud-networkto route their outgoing traffic via the NAT gateway:Management console
- In the management console, select the folder where you are deploying your infrastructure.
- In the list of services, select Virtual Private Cloud.
- In the left-hand panel, select Subnets.
- In the subnet row, click and select Link routing table in the context menu.
- In the window that opens, select the route table you created in the previous step and click Link.
Make sure the Routing table field for each listed subnet displays the name of the route table linked to it.
Create a service account and static access key
To enable access from Nextcloud to the Object Storage bucket, create a service account and static access key.
-
Create a service account:Management console
- In the management console, select the folder where you are deploying your infrastructure.
- In the list of services, select Identity and Access Management.
- Click Create service account.
- Enter a name for the service account:
nextcloud-sa.
- Click Add role and select
editor.
- Click Create.
-
Create a static access key:Management console
-
In the management console, select the folder where you are deploying your infrastructure.
-
In the list of services, select Identity and Access Management.
-
In the left-hand panel, select Service accounts and select the
nextcloud-saservice account you created earlier.
-
In the top panel, click Create new key and select Create static access key.
-
Click Create.
-
Save the ID and secret key.
Alert
After you close this dialog, the key value will no longer be available.
-
Create an Object Storage bucket
Create the Object Storage bucket you will connect to Nextcloud:
- In the management console, select the folder where you are deploying your infrastructure.
- In the list of services, select Object Storage.
- At the top right, click Create bucket.
- In the ** Name** field, enter a name for the bucket, e.g.,
my-nextcloud-bucket. The bucket name must be unique within Yandex Object Storage.
- In the Max size field, specify the bucket size you need or enable No limit.
- Leave all the other parameters unchanged and click Create bucket.
Create a VM
Create the VM to deploy Nextcloud on:
-
In the management console, select the folder to create the infrastructure in.
-
In the list of services, select Compute Cloud.
-
In the left-hand panel, select Virtual machines and click Create virtual machine.
-
Under Boot disk image, in the Product search field, type
Ubuntu 24.04 LTSand select a public Ubuntu 24.04 LTS image.
-
Under Location, select the
ru-central1-aavailability zone.
-
Under Computing resources, select the
2 vCPU 4 GB RAMconfiguration.
-
Under Network settings:
- In the Subnet field, select
nextcloud-networkand the subnet in the VM availability zone,
nextcloud-network-ru-central1-a.
- In the Public IP address field, leave the
Autovalue to assign the VM a random public IP address from the Yandex Cloud pool.
- In the Security groups field, select
nextcloud-sg.
- In the Subnet field, select
-
Under Access, select SSH key and specify the VM access credentials:
- In the Login field, enter a username, e.g.,
yc-user. Do not use
rootor other reserved usernames. To perform operations requiring root privileges, use the
sudocommand.
-
In the SSH key field, select the SSH key saved in your organization user profile.
If there are no SSH keys in your profile or you want to add a new key:
-
Click Add key.
-
Enter a name for the SSH key.
-
Select one of the following:
-
Enter manually: Paste the contents of the public SSH key. You need to create an SSH key pair on your own.
-
Load from file: Upload the public part of the SSH key. You need to create an SSH key pair on your own.
-
Generate key: Automatically create an SSH key pair.
When adding a new SSH key, an archive containing the key pair will be created and downloaded. In Linux or macOS-based operating systems, unpack the archive to the
/home/<user_name>/.sshdirectory. In Windows, unpack the archive to the
C:\Users\<user_name>/.sshdirectory. You do not need additionally enter the public key in the management console.
-
-
Click Add.
The system will add the SSH key to your organization user profile. If the organization has disabled the ability for users to add SSH keys to their profiles, the added public SSH key will only be saved in the user profile inside the newly created resource.
-
- In the Login field, enter a username, e.g.,
-
Under General information, specify the VM name:
nextcloud-vm.
-
Click Create VM.
Create a Managed Service for MySQL® cluster
Nextcloud uses a MySQL® database to store service information. In this tutorial, you will deploy the Nextcloud database in a Yandex Managed Service for MySQL® cluster.
Note
You can create the MySQL® database on the same host as Nextcloud, but this is less reliable and does not provide fault tolerance. If you are not going to deploy a fault-tolerant configuration, you may skip the cluster creation step and create the database later on the Nextcloud host.
To create a Managed Service for MySQL® cluster:
-
In the management console, select the folder where you are deploying your infrastructure.
-
In the list of services, select Managed Service for MySQL and click Create cluster.
-
In the Cluster name field, enter
nextcloud-db-cluster.
-
Under Database:
- In the DB name field, enter
nextcloud.
- In the Username field, enter
user.
- In the Password field, select
Enter manuallyand enter a password you will use to access the database.
- In the DB name field, enter
-
Under Network settings, select
nextcloud-networkand the
nextcloud-sgsecurity group.
-
Under Hosts, make sure the cluster is going to have one host within the same availability zone you created the VM in.
Note
To test Nextcloud in its basic configuration, a single-host cluster would be enough. Later, when deploying a fault-tolerant configuration, you will scale the cluster you created across the remaining availability zones.
-
Under DBMS settings, click Settings, and in the window that opens:
- In the character_set_server field, select
utf8mb4.
- In the collation_server field, select
utf8mb4_general_ci.
- Leave all the other parameters unchanged and click Save.
- In the character_set_server field, select
-
Click Create cluster.
It may take a few minutes to create a cluster.
Install and configure Nextcloud on the VM
-
Install Nextcloud on
nextcloud-vm:
-
Connect to
nextcloud-vmover SSH. You will perform all further actions under this step in the VM terminal.
-
Upgrade the versions of the packages installed on the VM:
sudo apt update && sudo apt upgrade
-
Install the required software packages and dependencies:
sudo apt install \ apache2 mariadb-server libapache2-mod-php php-gd php-mysql php-curl php-mbstring \ php-intl php-gmp php-bcmath php-xml php-imagick php-zip php-fpm unzip
-
Optionally, if you want to create the database on the same host as Nextcloud:
If you did not create a MySQL® cluster and are not going to deploy a fault-tolerant solution:
-
Run MySQL:
sudo mysql
-
Run these commands to create the database and user and grant the user the permissions to work with the database:
CREATE USER 'user'@'localhost' IDENTIFIED BY '<password>'; CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; GRANT ALL PRIVILEGES ON nextcloud.* TO 'user'@'localhost'; FLUSH PRIVILEGES; quit;
Where
<password>is the password you will use to access the database.
-
-
Download the archive with the latest Nextcloud version:
wget https://download.nextcloud.com/server/releases/latest.zip
-
Unpack the archive to the
/var/wwwdirectory:
sudo unzip latest.zip -d /var/www
-
Edit access permissions for the Nextcloud directory:
sudo chown -R www-data:www-data /var/www/nextcloud sudo chmod -R 755 /var/www/nextcloud/
-
Configure the default virtual host:
-
Open the configuration file of the default virtual host:
sudo nano /etc/apache2/sites-available/000-default.conf
-
Replace the contents of
000-default.confwith the following:
<VirtualHost *:80> DocumentRoot /var/www/nextcloud/ <Directory /var/www/nextcloud/> Require all granted AllowOverride All Options FollowSymLinks MultiViews <IfModule mod_dav.c> Dav off </IfModule> </Directory> </VirtualHost>
-
-
Enable the required Apache web server modules:
sudo a2enmod rewrite sudo a2enmod headers a2enmod env a2enmod dir a2enmod mime
-
Increase the amount of RAM available to the PHP interpreter for processing requests to Nextcloud to
512 MB.
-
Open the
.htaccessfile in the Nextcloud installation directory:
sudo nano /var/www/nextcloud/.htaccess
-
Add the following line to the end of the file:
php_value memory_limit 512M
Make sure to save your changes.
-
-
Restart the web server:
sudo systemctl restart apache2
-
-
Configure Nextcloud in the GUI:
-
Open your local computer browser and enter the following in the address bar:
http://<VM_public_IP_address>
You can look up the VM's public IP address in the management console by checking the Network section's Public IPv4 address field on the VM information page.
-
In the Create an administrator account form that opens:
-
In the New administrator account name and New administrator password fields, set the Nextcloud administrator credentials you will use to log in to the system.
-
In the Database account field, enter
user, i.e., the database user name you specified when creating the MySQL® cluster or local database.
-
In the Database password field, enter the database user password you specified when creating the MySQL® cluster or local database.
-
In the Database name field, enter
nextcloud, i.e., the database name you specified when creating the MySQL® cluster or local database.
-
In the Database host field, specify the FQDN of the cluster’s current master host and port in this format:
c-<cluster_ID>.rw.mdb.yandexcloud.net:3306
You can look up the cluster ID in the management console by checking the ID field on the cluster information page.
Note
If it is not your intention to deploy a fault-tolerant solution and you did not create a MySQL® cluster, but created a database on
nextcloud-vminstead, leave
localhostin the Database host field.
-
Click Install.
This will start the deployment of the Nextcloud database in the MySQL® cluster. Wait for this process to complete.
-
-
After the installation is over, click Skip in the window with recommended applications that opens. You can get back to installing the applications you need at a later time.
-
Close the window with information on updates in the current Nextcloud version.
-
Open the application management menu. Do it by clicking the user icon in the top-right corner and selecting Applications in the context menu that pops open.
-
In the window that opens, select Your applications in the left-hand panel.
-
In the list that opens, find the
External storage supportapplication and click Enable in the row with it.
If needed, enter your Nextcloud administrator password in the pop-up window to confirm the operation.
-
Open the main settings menu. Do it by clicking the user icon in the top-right corner and selecting Server parameters in the context menu that pops open.
-
In the window that opens, select External storage in the left-hand panel under Server parameters and specify Object Storage integration settings under External storage in the window that opens:
-
In the External storage section, select
Amazon S3.
-
In the Authorization method section, select
Access key.
-
Under Configuration:
- In the Bucket field, enter a name for the bucket you created earlier, e.g.,
my-nextcloud-bucket.
- In the Hostname field, specify
storage.yandexcloud.net.
- In the Port field, specify
443.
- In the Access key field, paste the ID of the static access key you created earlier.
- In the Secret key field, paste the secret key of the static access key you created earlier.
- In the Bucket field, enter a name for the bucket you created earlier, e.g.,
-
Under Available to, enable All.
-
On the right side of the section you are editing, click the icon to save your changes.
Enter your Nextcloud administrator password in the pop-up window to confirm the operation.
-
-
Test the solution in the basic configuration
To test Yandex Object Storage integration with Nextcloud on a single host:
-
Open your local computer browser and enter the public IPv4 address of the Nextcloud VM in the address bar:
http://<VM_public_IP_address>
-
Get authenticated in Nextcloud using the login and password created when configuring the solution in the previous step.
-
In the left part of the top menu, select Files.
-
In the left-hand menu, select External storage and then AmazonS3.
-
Click New and select Upload files to upload a file from your local computer to the storage.
-
Select a file on your local computer and upload it to the storage.
The uploaded file will now appear in the Nextcloud storage named
AmazonS3.
-
In Yandex Object Storage, make sure the file was uploaded to the bucket.
The deployment of the Nextcloud basic configuration is now complete. If you used a MySQL® cluster in the basic configuration, you can now proceed to deploy a fault-tolerant configuration.
Deploy Nextcloud in a fault-tolerant configuration
You will deploy a fault-tolerant Nextcloud configuration in a group of three VMs, the load on Nextcloud hosts distributed with the help of an L7 Yandex Application Load Balancer. The service database will reside in a three-host MySQL® cluster. Hosts of the instance group, load balancer, and MySQL® cluster will be evenly distributed across three availability zones. Nextcloud will be available via the domain name, for which a TLS certificate will be issued in Certificate Manager.
Scale the Managed Service for MySQL® cluster
To add more hosts to a Managed Service for MySQL® cluster:
-
In the management console, select the folder where you are deploying your infrastructure.
-
In the list of services, select Managed Service for MySQL and then select
nextcloud-db-cluster.
-
In the left-hand menu, select Hosts.
-
Use the Create host button to add more hosts to have three hosts in the cluster, one per availability zone.
Do not enable Public access when creating hosts.
Warning
Before adding the third host, wait until the second one goes
ALIVE. You cannot add a new host to the cluster until the operation of adding the previous one is over.
Complete Nextcloud setup and create a VM disk snapshot
Before you create a VM snapshot to proceed with the instance group deployment, add your domain to the list of trusted addresses and Nextcloud domains:
-
Connect to
nextcloud-vmover SSH.
-
Add your domain to the array of trusted addresses and Nextcloud domains:
-
In the VM terminal, open the Nextcloud configuration file:
sudo nano /var/www/nextcloud/config/config.php
-
In the
trusted_domainsarray, replace the host IP address with your domain name.
Here is an example:
'trusted_domains' => array ( 0 => 'example.com', ),
The
trusted_domainsarray allows you to restrict the range of IP addresses and/or domains you can use to access Nextcloud and ensures additional protection from unauthorized access. You can specify multiple addresses and/or domains, and you can also reduce or remove this restriction using wildcard characters:Example 1Example 2
'trusted_domains' => array ( 0 => '*.example.com', 1 => '198.168.*.*', ),
In this example, access is allowed from any subdomains of the
example.comdomain and the IP addresses of the
192.168.0.0-
192.168.255.255range.
'trusted_domains' => array ( 0 => '*', ),
In this example, access is allowed from any domains and IP addresses.
-
Delete the
'overwrite.cli.url' => 'http://<VM_IP_address>',line.
-
Save the changes and close the
nanoeditor.
-
-
Stop the
nextcloud-vmvirtual machine.
-
After the VM stops, create a snapshot of its disk:Management console
-
In the management console, select the folder to create the infrastructure in.
-
In the list of services, select Compute Cloud.
-
In the left-hand panel, select Disks.
-
In the line with the disk, click and select Create snapshot.
-
In the Name field, specify
nextcloud-vm-snapshotas the snapshot name.
-
Click Create.
-
Wait until the snapshot creation process is over.
To track the snapshot status, select Snapshots in the left-hand panel.
-
Add a TLS certificate to Yandex Certificate Manager
To enable access to Nextcloud over HTTPS, issue a TLS certificate for your domain:
-
Add a Let's Encrypt® certificate for your domain to Certificate Manager:Management console
- In the management console, select the folder where you are deploying your infrastructure.
- In the list of services, select Certificate Manager.
- Click Add certificate and select Let's Encrypt certificate.
- In the window that opens, specify
mymanagedcertin the Name field.
- In the Domains field, enter a name for your domain, e.g.,
example.com.
- In the Check type field, select
DNSand click Create.
A new certificate with the
Validatingstatus will appear in the certificate list. This status means that a Let's Encrypt® certificate was requested and you need to pass a domain ownership check for the request to be successfully processed.
-
For the certificate to be issued successfully, pass a domain ownership check:Management console
-
In the management console, select the folder where you are deploying your infrastructure.
-
In the list of services, select Certificate Manager.
-
From the list of certificates, select
mymanagedcert.
-
In the window that opens, under Check rights for domains, select
CNAME record.
-
Add a CNAME record required for the domain ownership check to your domain’s public DNS zone. This step's further actions will depend on whether your domain is managed by Yandex Cloud DNS or a third-party DNS provider:Yandex Cloud DNSThird-party DNS provider
Under Check rights for domains, in the
CNAMErecord section, click Create record. In the window that opens:
- If the current folder contains an appropriate DNS zone, it will be automatically inserted into the Zone field. If there is no appropriate DNS zone, click Create zone and set its parameters to create a new zone.
- Click Create.
-
Under Check rights for domains, in the
CNAMErecord section, check out the record value for the domain in the Value field.
-
Add a
CNAMErecord to your DNS provider or to your own DNS server to delegate management privileges to the DNS zone used for the check:
_acme-challenge.example.com CNAME <value>
The
<value>string is formatted as follows:
<certificate_ID>.cm.yandexcloud.net.
Note
For a successful DNS domain rights check based on a
CNAMErecord, make sure the
_acme-challengesubdomain of the domain name you are checking has no other resource records except
CNAME. For example, for the
_acme-challenge.example.com.domain name, there should only be a CNAME record and no TXT record.
The domain ownership check may take from a few minutes to a few days. Wait until it is complete. As a result, the certificate will be issued and get the
Issuedstatus.
-
Deploy an instance group
For a fault-tolerant Nextcloud solution, scale it across an instance group:
-
In the management console, select the folder to create the infrastructure in.
-
In the list of services, select Compute Cloud.
-
In the left-hand panel, select Instance groups.
-
Click Create group of virtual machines.
-
In the Name field, specify
nextcloud-instance-groupas the group name.
-
In the Service account field, select the
nextcloud-saservice account.
-
Under Allocation, select all availability zones for maximum fault tolerance.
-
Under Instance template, click Define and in the form that opens:
-
Under Boot disk image, navigate to the Custom tab and click Select.
In the window that opens, select the
nextcloud-vm-snapshotsnapshot you created earlier and click Add disk.
-
Under Computing resources, select the
2 vCPU 4 GB RAMconfiguration.
-
Under Network settings:
- In the Network field, select
nextcloud-network.
- In the Public address field, select
No address.
- In the Security groups field, select
nextcloud-sg.
- In the Network field, select
-
Under Access, select SSH key and specify the VM access credentials:
- In the Login field, enter a username, e.g.,
yc-user. Do not use
rootor other reserved usernames. To perform operations requiring root privileges, use the
sudocommand.
-
In the SSH key field, select the SSH key saved in your organization user profile.
If there are no SSH keys in your profile or you want to add a new key:
-
Click Add key.
-
Enter a name for the SSH key.
-
Select one of the following:
-
Enter manually: Paste the contents of the public SSH key. You need to create an SSH key pair on your own.
-
Load from file: Upload the public part of the SSH key. You need to create an SSH key pair on your own.
-
Generate key: Automatically create an SSH key pair.
When adding a new SSH key, an archive containing the key pair will be created and downloaded. In Linux or macOS-based operating systems, unpack the archive to the
/home/<user_name>/.sshdirectory. In Windows, unpack the archive to the
C:\Users\<user_name>/.sshdirectory. You do not need additionally enter the public key in the management console.
-
-
Click Add.
The system will add the SSH key to your organization user profile. If the organization has disabled the ability for users to add SSH keys to their profiles, the added public SSH key will only be saved in the user profile inside the newly created resource.
-
- In the Login field, enter a username, e.g.,
-
Click Save.
-
-
Under Scaling, specify
3in the Size field.
-
Under Integration with Application Load Balancer, enable Create target group and specify
nextcloud-target-groupin the Name of the target group field that appears.
-
Under Health checks:
- Enable Activate.
- In the Type field, select
TCP.
-
Click Create and wait for the instance group to be created and started.
Create an L7 load balancer
Create an application-level load balancer for traffic distribution between the hosts of the future Nextcloud instance group:
-
Create a backend group:Management console
-
In the management console, select the folder where you are deploying your infrastructure.
-
In the list of services, select Application Load Balancer.
-
In the left-hand panel, select Backend groups and click Create backend group.
-
In the Name field, enter a name for the group:
nextcloud-bg.
-
Enable Session affinity and select
By IP addressin the Affinity mode field that appears.
-
Under Backends, click Add and do the following in the New backend form that opens:
- In the Name field, specify
nextcloud-backend.
- In the Target groups field, select the
nextcloud-target-grouptarget group you created earlier.
- Expand the Load balancing settings section and select
MAGLEV_HASHin the Balancing mode field.
- In the HTTP health check, click and select Delete.
- In the Name field, specify
-
Click Create.
-
-
Create an HTTP router:Management console
-
In the management console, select the folder where you are deploying your infrastructure.
-
In the list of services, select Application Load Balancer.
-
In the left-hand panel, select HTTP routers and click Create HTTP router.
-
In the Name field, enter a name for the HTTP router:
nextcloud-router.
-
Under Virtual hosts, click Add virtual host and do the following in the New virtual host form that opens:
- In the Name field, enter
nextcloud-vhfor the virtual host's name and click Add route.
- In the New route form that opens, enter
nextcloud-routeas the route's name in the Name field.
- In the Backend group field, select the
nextcloud-bgbackend group created in the previous step.
- Leave all the other parameters unchanged and click Create at the bottom of the page.
- In the Name field, enter
-
-
Create an L7 load balancer:Management console
-
In the management console, select the folder where you are deploying your infrastructure.
-
In the list of services, select Application Load Balancer.
-
Click Create L7 load balancer and select Manual.
-
In the Name field, enter a name for the load balancer:
nextcloud-alb.
-
In the Network field, select
nextcloud-network.
-
In the Security groups field, select
From listand then the
nextcloud-sgsecurity group from the list that opens.
-
Under Allocation, make sure all availability zones are selected.
-
If you do not want load balancer logs saved to a log group, disable Write logs.
-
In the Listeners section, click Add listener and in the form that opens:
- In the Name field, enter a name for the listener:
nextcloud-listener.
- In the Protocol field, select
HTTPS.
- In the Certificates field, select the
mymanagedcertcertificate you created earlier.
- In the HTTP router field, select the
nextcloud-routerHTTP router you created earlier.
- In the Name field, enter a name for the listener:
-
Leave all the other parameters unchanged and click Create at the bottom of the page.
Wait for the load balancer status to change to
Activeand copy its IP address from the IP addresses field.
-
Create an A resource record in your domain’s public DNS zone
To route your domain's incoming requests to an L7 load balancer, in your DNS zone, create an A resource record pointing to the load balancer's IP address you got in the previous step. Further steps to follow will depend on whether your domain is managed by Yandex Cloud DNS or a third-party DNS provider.
If your domain is managed by Yandex Cloud DNS
-
In the management console, select the folder where you are deploying your infrastructure.
-
In the list of services, select Cloud DNS.
-
Select the DNS zone you need, click Create record, and do the following in the window that opens:
- In the Name field, select
Matches zone name (@).
- In the Type field, select
A.
- In the Data field, specify the load balancer IP address you saved in the previous step.
- Keep the other settings unchanged and click Create.
- In the Name field, select
If your domain is managed by an external DNS provider
Add an A resource record with the following properties to your DNS provider or your own DNS server:
- Host:
@
- Type:
A
- Value:
<load_balancer_IP_address>
Test the solution in the fault-tolerant configuration
To test Yandex Object Storage integration with Nextcloud in a fault-tolerant configuration:
-
Open your local computer browser and enter your domain name in the address bar, e.g.:
https://example.com
-
Get authenticated in Nextcloud using the login and password created when configuring the solution.
-
In the left part of the top menu, select Files.
-
In the left-hand menu, select External storage and then AmazonS3.
-
Make sure you see the file uploaded in the previous step.
-
Download the file you uploaded earlier. Do this by clicking and selecting Download in the line with the filename.
-
Delete the file. Do this by clicking and selecting Delete file in the line with the filename.
-
In Yandex Object Storage, make sure the file was deleted from the bucket.
How to delete the resources you created
- If you had created an L7 load balancer, delete it and then delete the HTTP router, backend group, and the load balancer's target group one by one.
- If you had created an instance group, delete it.
- If you had created resource records, delete them in Yandex Cloud DNS or in your domain registrar’s account.
- If you created a DNS zone, delete it in Yandex Cloud DNS or in your domain registrar's account.
- If you had left the L7 load balancer logging feature on, delete the log group.
- Delete the VM.
- Delete the MySQL® cluster database.
- Delete the objects you created in the bucket, then delete the bucket itself.
- Delete the disk snapshot.
- Delete the service account.
- Delete the subnets, security group, route table, NAT gateway, and cloud network one by one.
- Optionally, delete the TLS certificate if you created one.