Self-hosting OpenCloud on a Hetzner Ubuntu Server

Want full control over your files without relying on Google Drive or OneDrive? By self-hosting OpenCloud on an Ubuntu server, you get a privacy-focused file sharing platform with predictable costs and full ownership of your data.

Follow along this easy-to-understand guide to learn how you can deploy your own OpenCloud instance using Docker and Caddy web server for automatic HTTPS.

For this post, we're using an affordable server from Hetzner. Hetzner is known to provide great service at an exceptional price/performance ratio, making it an excellent choice for hosting OpenCloud.

Prerequisites

Before we start, make sure you have a Hetzner Cloud account (or be ready to create one).

Step 1: Setup Your Hetzner Server

If you don't have a Hetzner server yet, follow these steps to create one:

1. Go to the Hetzner Cloud Console, choose a project or create a new one, then navigate to Servers → Add Server

2. Follow Hetzner's guidelines to choose:
   • Server type: Select a server type that fits your needs.

• Location: Choose a data center location closest to you or your users.

• Image: Select Ubuntu (latest LTS version recommended).

3. Add SSH key: Add your SSH public key for secure access. If you don't have an SSH key yet, you can generate one using ssh-keygen:

ssh-keygen -t ed25519 -C "your_email@example.com"

Check it out with cat ~/.ssh/id_ed25519.pub and paste it into your server.

4. Configure networking if needed, then click Create & Pay to provision your server

Once your server is created, note down its IP address. You'll use this to connect via SSH in the next step.

Step 2: Update Your Server

Open your terminal and log into your Ubuntu server via SSH:

ssh root@your-server-ip

and update the system to ensure it has the latest security patches and updates:

sudo apt-get update
sudo apt-get upgrade -y

Once finished, your server is ready for installing the software.

Step 3: Install and Configure UFW Firewall

Only keep necessary ports open: SSH (22), HTTP (80), HTTPS (443).

Install UFW and configure the firewall as follows:

sudo apt install ufw -y
sudo ufw allow 22    # SSH
sudo ufw allow 80    # HTTP
sudo ufw allow 443   # HTTPS
sudo ufw enable

Check your firewall configuration:

sudo ufw status verbose

Step 4: Docker Installation

Docker will run OpenCloud in a container. Install Docker by running these commands:

Setup dependencies and Docker's GPG key:

sudo apt-get update
sudo apt-get install ca-certificates curl gnupg

sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
| sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

Add Docker repository:

echo \
  "deb [arch=$(dpkg --print-architecture) \
signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo $VERSION_CODENAME) stable" \
| sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update

Install Docker Engine and compose-plugin:

sudo apt-get install docker-ce docker-ce-cli \
containerd.io docker-buildx-plugin docker-compose-plugin -y

Check installation:

sudo docker run hello-world

If you see the "hello-world" message, Docker is ready.

Step 5: Install Caddy for Automatic HTTPS

Caddy simplifies HTTPS configuration since it handles SSL certificates automatically from Let's Encrypt.

Install Caddy:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl

curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' \
| sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg

curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' \
| sudo tee /etc/apt/sources.list.d/caddy-stable.list

sudo apt update
sudo apt install caddy -y

Before configuring Caddy, you need to point your domain to your server's IP address. If you haven't configured DNS yet, follow these steps:

Configure DNS for Your Domain

1. Log into your domain registrar's dashboard (where you purchased your domain)
2. Navigate to the DNS settings or DNS management section
3. Add an A record with the following settings:
   • Type: A
   • Name: @ (for root domain) or a subdomain like cloud (for cloud.yourdomain.com)
   • Value/Target: Your Hetzner server's IPv4 address
4. Add an AAAA record for IPv6 support:
   • Type: AAAA
   • Name: @ (for root domain) or the same subdomain you used for the A record
   • Value/Target: Your Hetzner server's IPv6 address

Configure Caddy

Edit the Caddyfile configuration file:

sudo nano /etc/caddy/Caddyfile

Enter your domain and configure reverse proxy. Replace "yourdomain.com" with your actual domain name:

yourdomain.com {
    reverse_proxy localhost:9200
}

If no domain yet, use this temporarily:

:80 {
    reverse_proxy localhost:9200
}

Restart Caddy to load the config:

sudo systemctl restart caddy

Step 6: Run OpenCloud with Docker Compose

We're going to use Docker Compose for easier setup.

First create a directory for OpenCloud, then navigate to it and create the compose file:

mkdir -p ~/opencloud
cd ~/opencloud
sudo nano compose.yml

Copy/paste the following content into compose.yml:

services:
  opencloud:
    image: opencloudeu/opencloud:4.0.3
    container_name: opencloud
    restart: unless-stopped
    entrypoint:
      - /bin/sh
    command: ["-c", "opencloud init || true; opencloud server"]
    ports:
      - "9200:9200"
    environment:
      IDM_ADMIN_PASSWORD: "ChangeMeToASecurePassword"
      PROXY_TLS: "false"
      OC_INSECURE: "true"
      OC_URL: "https://yourdomain.com"
    volumes:
      - opencloud-config:/etc/opencloud
      - opencloud-data:/var/lib/opencloud

volumes:
  opencloud-config: {}
  opencloud-data: {}

Start OpenCloud:

sudo docker compose up -d

Docker pulls the OpenCloud image, initializes the config on first run, and starts the server in background mode using port 9200.

Step 7: Access Your Self-Hosted OpenCloud Instance

Your OpenCloud instance should now load successfully at https://yourdomain.com. If you're using a temporary HTTP setup, open http://your-server-ip:9200.

OpenCloud's default login is:

• Username: admin
• Password: the value you set in IDM_ADMIN_PASSWORD

Security Recommendations

Public servers should always be secure. The following practises are recommended:

• Regularly apply updates and security patches.
• Set a strong IDM_ADMIN_PASSWORD and control user access.
• Monitor server logs for suspicious activity.
• Install tools like Fail2ban for extra security.

Updating Your OpenCloud Installation

When you want to update your OpenCloud instance, first check the latest version on Docker Hub, then update the image version in your compose.yml file and run:

cd ~/opencloud
sudo docker compose pull
sudo docker compose up -d

Docker will download updated versions automatically and replace your current containers.

Cost Comparison with Other Providers

Self-hosting OpenCloud typically results in lower costs compared to third-party managed hosting (which starts at ~€39/month):

Conclusion

You now have a self-hosted OpenCloud instance on Hetzner with Docker and HTTPS. If you want less maintenance and faster setup, Sliplane gets you there in minutes without the server overhead.