OpenCloud with Docker Compose + Integrated Traefik
Install an internet-facing OpenCloud instance with automatic SSL certificates using Docker Compose's integrated Traefik reverse proxy.
This is the recommended deployment path for most new OpenCloud installations. Traefik automatically manages Let's Encrypt SSL certificates, eliminating the need to manage a separate reverse proxy.
This installation guide is written for Ubuntu and Debian systems. The software can also be installed on other Linux distributions, but commands and package managers may differ.
If you already have an external reverse proxy (Nginx, HAProxy, etc.) or prefer to manage it separately, see Deploy Behind External Proxy instead.
Prerequisites
-
Four domains pointing to your server:
cloud.YOUR.DOMAIN→ OpenCloud frontendcollabora.YOUR.DOMAIN→ Collabora Online Serverwopiserver.YOUR.DOMAIN→ WOPI server for document editingtraefik.YOUR.DOMAIN→ Traefik dashboard
Alternatively, you can use a wildcard domain (
*.YOUR.DOMAIN) -
A hosted server (e.g., Hetzner, AWS, or your own VPS) with Linux and SSH access
Connect to Your Server
Log into your server via SSH:
ssh root@YOUR.SERVER.IP
Install Docker
Update your system and install Docker.
First, perform an update and upgrade:
apt update && apt upgrade -y
Install Docker following the official Docker guide
Once Docker is installed, enable and start the service:
systemctl enable docker && systemctl start docker
Clone the OpenCloud Repository
Download the necessary configuration files:
git clone https://github.com/opencloud-eu/opencloud-compose.git
Configure the .env File for Staging Certificates
Before requesting real SSL certificates, it is recommended to test the setup using Let's Encrypt's staging environment.
Navigate to the OpenCloud configuration folder
cd opencloud-compose
Create environment file
cp .env.example .env
The repository includes .env.example as a template with default settings and documentation. Your actual .env file is excluded from version control (via .gitignore) to prevent accidentally committing sensitive information like passwords and domain-specific settings.
Modify these settings
Edit the .env file with the editor of your choice
In our example we use nano
nano .env
Disable insecure mode
# INSECURE=true
Set your domain names
TRAEFIK_DOMAIN=traefik.YOUR.DOMAIN
OC_DOMAIN=cloud.YOUR.DOMAIN
COLLABORA_DOMAIN=collabora.YOUR.DOMAIN
WOPISERVER_DOMAIN=wopiserver.YOUR.DOMAIN
Set your admin password
INITIAL_ADMIN_PASSWORD=YourSecurePassword
Set your email for SSL certification
TRAEFIK_ACME_MAIL=your@email.com
Use Let's Encrypt staging certificates (for testing)
TRAEFIK_ACME_CASERVER=https://acme-staging-v02.api.letsencrypt.org/directory
Set your deployment options
Example configuration without Collabora:
COMPOSE_FILE=docker-compose.yml:traefik/opencloud.yml
Save the file and exit the editor.
Start OpenCloud
Launch OpenCloud using Docker Compose:
docker compose up -d
This will start all required services in the background.
Verify Your Deployment
After starting OpenCloud, verify that services are running and SSL certificates were issued:
- Check the TLS/SSL certificates are valid
- Log in to OpenCloud:
https://cloud.YOUR.DOMAIN- Username:
admin - Password: (the password you set in
.env)
- Username:
Next Steps
- Verify TLS Certificates – Validate staging certificates and switch to production
- Production Setup Considerations – Persistent storage, backups, and production best practices
- Configure Keycloak (optional) – Add Keycloak for enterprise identity management
- Configure Authentication – User management and identity provider integration
Troubleshooting
If you encounter issues:
- Check Docker logs:
docker compose logs - Verify domain DNS records point to your server
- Ensure firewall allows HTTP (80) and HTTPS (443)
- See Common Issues & Help