DEV Community: R. Quazi

Purelymail – The Most Cost-Effective Email Provider for Custom Domains

R. Quazi — Sun, 31 Aug 2025 08:44:39 +0000

When I was searching for a cost-effective email provider, I noticed that most providers bundle a single mailbox with strict storage limits. As someone starting a new venture, I didn’t want to mix personal emails with business ones, and I wanted the flexibility to create separate mailboxes for different apps and domains right from the beginning.

My Journey Before Purelymail

Self-hosted email: I tried this route, but most ISPs block outbound ports to fight spam. AWS also requires opening a support ticket, providing justifications, and waiting for approval. In short—too much hassle.
Zoho Mail: They once offered 5 free mailboxes, but that plan is gone for new users. Even then, the 5 GB storage and mailbox cap quickly felt restrictive.
Mainstream providers (Google Workspace, GoDaddy, Hostinger, etc.): All are overpriced and inflexible for startups. Paying per mailbox gets ridiculous when you want multiple admin addresses.

Why Multiple Emails Matter

I prefer compartmentalization. For example:

bizops@domain.com for operations
clouds@domain.com for infrastructure
vault@domain.com for sensitive data
finance@domain.com for bookkeeping
marketing@domain.com for campaigns
social@domain.com for social platforms

This way, if one account gets compromised, the rest of my business isn’t automatically exposed.

Enter Purelymail

Purelymail offers a simple, transparent pricing model:

\$10/year for infinite mailboxes.

Pay-as-you-go billing once you cross certain thresholds (storage, sending/receiving limits).
Full support for IMAP, POP3, and SMTP, meaning you can configure it in Gmail, Outlook, Thunderbird, etc.
You can also use their own webmail client (though, honestly, the UI is quite outdated).

Here’s a snapshot from my monthly usage report:

Cost this month: \$0.65
Under advanced pricing, it could have been even lower.
Storage: practically free unless you hoard huge attachments.
Sending & receiving costs: negligible.

The best part? Unlimited domains and unlimited users. This is a dream for startups that want flexibility without breaking the bank.

Downsides (the reality check)

Single-person operation: From what I’ve read on Reddit, Purelymail is largely run by one individual. That’s impressive, but also risky if the bus factor = 1.
UI/UX is barebones: Don’t expect the polish of Gmail or Outlook. It’s functional, not pretty.
Not mainstream: No huge brand recognition or corporate backing. If reliability and long-term continuity are a concern, always keep backups of your emails.
No big ecosystem: Unlike Google or Microsoft, you don’t get extras like calendar, storage, or docs. This is just email.

Verdict

If you’re a startup, indie hacker, or small business that just needs cheap, reliable, custom-domain email with multiple mailboxes, Purelymail is unbeatable in terms of cost.

If you need enterprise-grade support, integrations, or guaranteed longevity, you might still prefer Google Workspace or Microsoft 365.

For me, Purelymail has been a hidden gem. It’s not flashy, but it just works—and for \$10/year, that’s hard to beat.

👉 Check it out here: https://purelymail.com

About me: I’m Quazi, with 5 years of experience in AWS Cloud, IT & Infrastructure, DevOps, and DevSecOps. I enjoy exploring cost-effective tools and sharing honest reviews to help startups, solo founders, and small teams make better tech decisions. Feel free to connect with me on LinkedIn : https://www.linkedin.com/in/r-quazi/

Take Control of Your Data- Self-host NextCloud.

R. Quazi — Fri, 20 Sep 2024 14:30:14 +0000

Take Control of Your Data- Self-Hosting NextCloud with MariaDB, Redis, with Let's Encrypt SSL and Securely Access via TailScale VPN

[! Table of Contents]

Introduction

1.1. Preface

1.2. Architecture

Initial Setup

2.1. Get a Domain Name

2.2. Tailscale VPN Setup

2.3. Installing Docker

2.4. Pointing DNS to the Server's Private IP Address

NextCloud Deployment

3.1. SSL Request with Let's Encrypt

3.2. Using a .env File to Manage Configuration Variables

3.3. NextCloud Configuration in config.php

3.4. Creating the Apache Configuration File

3.5. Setting Request Limits in Apache

3.6. Script to Enable SSL and Headers Module in NextCloud Container

Docker Compose

4.1. Creating a Docker Compose File

4.2. Running Docker Services

Accessing NextCloud on a Private IP

5.1. Accessing via Private IP

5.2. Resolving Untrusted Domain Error

1 Introduction :

1.1 Preface

In today's digital age, data is the new currency. But with popular collaboration tools like Slack and Microsoft Teams, there's a growing concern about data privacy and security. These platforms may collect user data, potentially using it to train AI models or fix bugs, leaving organizations vulnerable.

That's why self-hosting has become an attractive option for businesses seeking control over their data. In this article, we'll guide you through setting up NextCloud, a powerful collaboration platform, using MariaDB as our database and Redis for caching. We'll also use Let's Encrypt SSL certificates using Certbot and accessing it securely via TailScale VPN.

The Best Part?

Flexibility: This setup will run entirely in Docker containers, making it easy to deploy on any platform with Docker installed.
Security: We'll use TailScale to establish secure, encrypted connections from client devices, ensuring NextCloud is only accessible via private IP.

1.2 Architecture :

This self-hosted NextCloud setup is designed with security, privacy, and performance in mind. The architecture ensures that services remains private and secure ( Considering you have enabled RBAC , followed Zero Trust Principles and best practices for shared security model if you have Virtual Machine/Server in public cloud . )

The NextCloud server is accessible only through Tailscale VPN, which establishes secure, encrypted communication between employee devices and the server. Access control (ACLs) is strictly enforced, allowing only approved employees (e.g., Employee 1 and Employee 2) to connect, while denying access to others (e.g., Employee 3..even if he connected to VPN and external users trying to connect to nextcloud without VPN).

The NextCloud service itself is containerized and runs within a Docker container. The key services include:

Let's Encrypt: Ensuring secure communication between clients and the server using Let's Encrypt SSL/TLS certificates.
NextCloud: The core collaboration platform, running alongside Apache2 as the web server (Apache2 running in same nextcloud container. If you are using nextcloud:fpm docker image you may need to setup apache or traefik container. In this article have used nextcloud:apache-stable docker image).
Redis: Handling caching duties to improve performance.
MariaDB: Serving as the primary database for storing sensitive data.

This containerized approach offers modularity, ease of management, and scalability, all while maintaining a high level of security and performance.

2 Initial Setup :

2.1 Get a Domain name:

[!NOTE]
If you already have a domain name, you can skip this step.

For those who need to purchase a domain, there are several providers to choose from, including:

Namecheap
GoDaddy
Hostinger
Google Domains

Please note, I am not promoting any specific platform, and these links are not affiliate links. You are free to select any domain provider that suits your needs.

2.2 Tailscale :

Tailscale is a modern VPN service that simplifies connecting devices and applications over a secure network. It leverages the WireGuard protocol to create a peer-to-peer mesh network, known as TailNet, which allows devices within the same private network to communicate directly. This is different from traditional VPNs, which route all traffic through a central gateway.

Tailscale can be used for various purposes, including:

SSH Access: Securely connect to remote machines.
File Access and Sharing: Access and share files across devices.
Private Website Access: Reach privately hosted websites.
Database and Kubernetes Clusters: Connect to databases and Kubernetes clusters securely.

2.2.1 Key Differences from Traditional VPNs

Traditional VPNs create a central tunnel for all network traffic, routing it through a single gateway. In contrast, Tailscale establishes a peer-to-peer or point-to-point mesh network, which they refer to as TailNet, enabling direct communication between devices.

2.2.2 Setting Up Tailscale

2.2.3 Sign Up and Access the Admin Dashboard

Sign Up: Create an account at Tailscale.
Admin Dashboard: After signing up, you will be directed to the Tailscale Admin Dashboard.

2.2.4 Install Tailscale on Linux

Open your Linux terminal and run:

curl -fsSL https://tailscale.com/install.sh | sh

Check the status of the Tailscale service:
```
sudo systemctl status tailscaled
```

Enable and start the Tailscale service:

sudo systemctl enable tailscaled
sudo systemctl start tailscaled

2.2.5 Install Tailscale on Windows

Download the Tailscale installer for Windows from here.
Once Installed login to tailscale.

2.2.6 Configure Tailscale

Generate an Auth Key:

Return to the Tailscale Admin Dashboard.
Navigate to Settings to generate an authentication key. (I have used Ubuntu 24.04 Linux as WSL. )

Authenticate and Connect:

Return to your Linux terminal.
Run the following command to authenticate and connect:

sudo tailscale up --auth-key=YOUR_AUTH_KEY --ssh

Replace YOUR_AUTH_KEY with the key you generated.

Congratulations! Your Linux is now configured for remote SSH access over a private IP. Both your Windows machine and the Linux instance should be connected to Tailscale to access resources or applications and to perform SSH.

2.2.7 SSH Using Tailscale Browser-Based Access

Access Tailscale Admin Portal:

Go to the Tailscale Admin Portal.
Select the machine you want to SSH into and choose the option to SSH into the machine.

Select User:
- Choose the user you want to log in as.

Confirm Identity:

Confirm your identity by logging in to Tailscale.
You are now connected to WSL / Linux through your browser.

2.2.8 Get Private IP :

To obtain the private IP address of your machine, you can use the following command in the terminal:

tailscale ip -4

Alternatively, you can also find the private IP address through the Tailscale admin portal. Be sure to note this IP, as we will need it for subsequent configuration steps.

2.3 Installing Docker :

-- Steps For ubuntu 24 :

2.3.1 Install using the `apt` repository

Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.

Set up Docker's apt repository.

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

To install the latest version, run:

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Verify that the Docker Engine installation is successful by running :

sudo docker ps
sudo docker info

-- For Other Machines :
Docker Installation Guide for :

Windows : https://docs.docker.com/desktop/install/windows-install/
Mac : https://docs.docker.com/desktop/install/mac-install/

Ubuntu : https://docs.docker.com/engine/install/ubuntu/
Debian : https://docs.docker.com/engine/install/debian/
RHEL : https://docs.docker.com/engine/install/rhel/
Fedora : https://docs.docker.com/engine/install/fedora/
Raspberry Pi : https://docs.docker.com/engine/install/raspberry-pi-os/
CentOS : https://docs.docker.com/engine/install/centos/
SLES : https://docs.docker.com/engine/install/centos/

2.4 Pointing DNS to the Server's Private IP Address :

To configure your DNS to point to the private IP of your server, follow these steps. In this example, I have used Cloudflare as the domain provider:

Log in to your domain provider's dashboard.
Navigate to the Website section and select your domain.

Now click DNS --> Records --> Add record :

To set up access to your Nextcloud instance via a custom subdomain, you need to create an A record with your domain provider.

Choose a subdomain name, such as nextcloud-server, so your Nextcloud instance will be accessible at nextcloud-server.domain.com.

In the DNS settings, point this subdomain to the Tailscale IP address you copied earlier in step 2.2.8 .

keep this tab open we may need to add TXT record for Let's Encrypt SSL .

3 Nextcloud Deployment :

3.1 SSL request :

In this section, we’ll walk through how to request a free SSL certificate from Let's Encrypt using Certbot. This SSL certificate will secure your domain, and the process is simple with Docker.

Step 1: Running Certbot to Generate an SSL Certificate

To begin, open your terminal and run the following Docker command. This will start the Certbot client, which will guide you through the process of generating a free SSL certificate:

docker run -it --rm \ -v "/etc/letsencrypt:/etc/letsencrypt" \ -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \ certbot/certbot certonly --manual --preferred-challenges dns

This command will initiate Certbot in interactive mode, prompting you for details like your domain name and email address.

Step 2: Input Required Information

After running the command, Certbot will ask for several pieces of information. Follow the prompts as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): email@example.com

Please read the Terms of Service at:
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree to continue.
(Y)es/(N)o: Y

Would you like to receive email updates from Let's Encrypt and the EFF?
(Y)es/(N)o: Y

Next, you will be prompted to enter the domain name for which you want the SSL certificate:

Please enter the domain name(s) you would like on your certificate (comma and/or space separated) (Enter 'c' to cancel):

nextcloud-server.domain.com

Step 3: Deploying DNS TXT Record

Certbot will now ask you to deploy a DNS TXT record for domain validation. You need to add a specific TXT record to your domain's DNS configuration:


Please deploy a DNS TXT record under the name:
_acme-challenge.nextcloud-server.domain.com.

With the following value:
D1eW0MaeV4L61WsvJJHniuUBAuj3aoggwF2-mXad21KaF-x

Go to your domain provider's DNS management interface and add a new TXT record:

Type: TXT
Name: _acme-challenge.nextcloud-server.domain.com
Value: D1eW0MaeV4L61WsvJJHniuUBAuj3aoggwF2-mXad21KaF-x

Step 4: Verifying the DNS Record

Before continuing, ensure the DNS record has been successfully deployed. You can verify this using online tools like the Google Admin Toolbox.

Once the record is visible, return to your terminal and press Enter to proceed.

Step 5: SSL Certificate Issuance

Once the DNS record is verified, Certbot will complete the certificate generation. You will see a message like this:

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/nextcloud-server.domain.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/nextcloud-server.domain.com/privkey.pem
This certificate expires on 2024-12-15.

Important Notes:

This certificate is valid for 90 days, and you will need to renew it before it expires.
For manual DNS-based certificates, renewal requires repeating this process unless you configure automated renewal using Certbot hooks.

( I will cover SSL Autorenewal in next article. )

We have successfully obtained an SSL certificate for your domain. Now, your connection will be secured with HTTPS!

3.2 Utilizing a .env File to Manage Configuration Variables

When deploying applications using Docker, it’s important to manage the configuration effectively. One of the best practices is to use a .env file to store environment variables instead of hardcoding values directly in your docker-compose.yml file. This approach not only keeps your configuration organized but also simplifies the process of making changes in the future.

To create a .env file, open your terminal and use the following command:

nano .env

In the .env file, you can define your environment variables like this:

NEXTCLOUD_ADMIN_USER=email@example.com
NEXTCLOUD_ADMIN_PASSWORD=YOUR_SECURE_PASSWORD
NEXTCLOUD_PORT=80
NEXTCLOUD_PORT_HTTPS=443
PRIVATE_IP=YOUR_TAILSCALE_IP_HERE
REDIS_HOST=redis
REDIS_HOST_PORT=6379
REDIS_HOST_PASSWORD=YOUR_SECURE_PASSWORD
MYSQL_HOST=db
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextclouddb
MYSQL_PASSWORD=YOUR_SECURE_PASSWORD
MYSQL_ROOT_PASSWORD=YOUR_SECURE_ROOT_PASSWORD
MYSQL_HOST_PORT=3379
NEXTCLOUD_SSL_KEY_PATH=/etc/letsencrypt/live/nextcloud-server.domain.com/privkey.pem
NEXTCLOUD_SSL_CERT_PATH=/etc/letsencrypt/live/nextcloud-server.domain.com/fullchain.pem
NEXTCLOUD_APACHE_CONFIG_PATH=./000-default.conf
NEXTCLOUD_APACHE_LIMIT_PATH=./apache-limits.conf

3.3 Nextcloud Configuration in config.php

[!NOTE]

!! SKIP this step if you are deploying nextcloud first time.

Next, you'll need to configure Nextcloud itself. The configuration settings for Nextcloud are typically stored in the /var/www/html/config/config.php file in nextcloud docker container. Below is a sample configuration that you can adapt to your setup:

To create a config.php file, open your terminal and use the following command:

nano config.php

In the config.php file, you can add configurations like this:

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'redis',
    'password' => '',
    'port' => 6379,
  ),
  'upgrade.disable-web' => true,
  'passwordsalt' => 'NSOLqCOL3s+8JyIaFtz6Xw0guUC7Vf',
  'secret' => 'nLg9bkVKY4HV4fOkop6vmJ5/DyqdOUo21545JQTpmzWQSGe3',
  'trusted_domains' => 
  array (
    0 => 'nextcloud-server.domain.com',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '29.0.6.1',
  'overwrite.cli.url' => 'http://localhost',
  'dbname' => 'nextcloud',
  'dbhost' => 'db',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextclouddb',
  'dbpassword' => 'YOUR_SECURE_PASSWORD',
  'installed' => true,
  'instanceid' => 'ocuijn9xg681',
);

Mounting an Existing config.php File

If you already have a config.php file and want to mount it to your Nextcloud Docker container, make sure to uncomment the following line in your docker-compose.yml file:

# 3 - ./config.php:/var/www/html/config/config.php

By doing so, you can easily manage your Nextcloud configuration without modifying the Docker image itself.

3.4 Creating the Apache Configuration File

To set up your Apache web server, you’ll need to create a configuration file. Start by opening your terminal and running the following command:

nano 000-default.conf

In this apache.conf file, you will define your server settings. Below is a sample configuration for a Nextcloud server, which includes both HTTP and HTTPS settings:

Sample Apache2 Configuration File

<VirtualHost *:80>
    ServerName nextcloud-server.domain.com
    Redirect permanent / https://nextcloud-server.domain.com/
</VirtualHost>

<VirtualHost *:443>
    ServerName nextcloud-server.domain.com

    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    # Enable SSL
    SSLEngine on
    SSLProtocol TLSv1.2 TLSv1.3

    # Specify the certificate files
    SSLCertificateFile /etc/ssl/certs/fullchain.pem
    SSLCertificateKeyFile /etc/ssl/private/privkey.pem

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

3.5 Setting Request Limits in Apache

To enhance the performance and security of your Apache server, you can set limits on the size of the request body. This helps prevent abuse by limiting the maximum size of uploaded files. To do this, create or modify the apache-limits.conf file. Open your terminal and enter the following command:

nano apache-limits.conf

In the apache-limits.conf file, add the following line:

LimitRequestBody 104857600

This configuration sets the maximum allowed size of the request body to 100 MB (104,857,600 bytes).

3.6 Script to Enable SSL and Headers Module in Nextcloud Container :

The official Nextcloud Docker image (nextcloud:apache-stable) does not come with SSL enabled by default. To enable SSL support and necessary headers in your Nextcloud container, you can use the following script. This script ensures that the SSL module and headers are properly configured.

Create a new script file, for example enable_ssl.sh, and add the following content:


#!/bin/bash

# 4 Enable SSL module and configure Apache SSL
docker exec ncapp-nextcloud-server /bin/bash -c "a2enmod ssl"
docker exec ncapp-nextcloud-server /bin/bash -c "a2ensite 000-default"
docker exec ncapp-nextcloud-server /bin/bash -c "a2enmod headers"

# 5 Restart Apache to apply changes
docker exec ncapp-nextcloud-server /bin/bash -c "service apache2 reload"

Make sure to give the script execution permissions before running it:

chmod +x enable_ssl.sh

4 Docker Compose :

At this stage, we have gathered the essential files required for our setup, including the SSL certificates, config.php, 000-default.conf, apache-limits.conf, and the necessary script.

Now, let's move forward by creating a Docker Compose file. This file will serve as the backbone of our deployment, orchestrating the various services and configurations we've prepared.

To create our Docker Compose file, open a terminal and enter the following command:

nano docker-compose.yml

This command will open the Nano text editor, where we can define our services and configurations. Below is a sample configuration to get you started:

#   Docker compose file for Nextcloud setup with Redis and Mariadb

services:
  nc:
    image: nextcloud:stable-apache
    restart: unless-stopped
    container_name: ncapp-nextcloud-server
    ports:
      - ${PRIVATE_IP}:${NEXTCLOUD_PORT}:80
      - ${PRIVATE_IP}:${NEXTCLOUD_PORT_HTTPS}:443
    volumes:
      - ${NEXTCLOUD_SSL_KEY_PATH}:/etc/ssl/private/privkey.pem
      - ${NEXTCLOUD_SSL_CERT_PATH}:/etc/ssl/certs/fullchain.pem
      - ${NEXTCLOUD_APACHE_CONFIG_PATH}:/etc/apache2/sites-enabled/000-default.conf
      - ${NEXTCLOUD_APACHE_LIMIT_PATH}:/etc/apache2/conf-enabled/apache-limits.conf
      # - ./config.php:/var/www/html/config/config.php
      - nc_data:/var/www/html      
      - nc_apache2:/etc/apache2/
    depends_on:
      - redis
      - db
    links:
      - db
      - redis
    networks:
      - redisnet
      - dbnet
    healthcheck:
      test: [CMD-SHELL, curl -f http://localhost]
      interval: 1m
      timeout: 10s
      retries: 3
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 2048M      
    # labels:
    #   maintainer: "Your Name <your@email.com>"
    #   org.label-schema.version: "latest"
    #   org.label-schema.name: "Nextcloud-NC-APP"
    #   org.label-schema.description: "Self-hosted file sharing and collaboration platform"
    #   org.label-schema.url: "https://nextcloud.com"
    #   org.label-schema.documentation: "https://docs.nextcloud.com"
    #   org.label-schema.source: "https://github.com/nextcloud/docker"
    #   org.label-schema.issues: "https://github.com/nextcloud/docker/issues"
    environment: 
      - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}  
      - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}    
      - REDIS_HOST=${REDIS_HOST}
      - REDIS_HOST_PORT=${REDIS_HOST_PORT}
      # - REDIS_HOST_PASSWORD=${REDIS_HOST_PASSWORD}  # Cant login to nexcloud if enabled
      - MYSQL_HOST=${MYSQL_HOST}
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}


  redis:
    image: redis@sha256:6a5130174e14177c3777ea34f4989a91bb5a7d7562dd48578cbfa3ad8cd53743
    restart: unless-stopped
    container_name: ncapp-redis-server
    networks:
      - redisnet
    deploy:
      resources:
        limits:
          cpus: '1'
          memory: 1024M
    volumes:
       - rd_data:/data
    healthcheck:
      test: [CMD-SHELL, redis-cli PING]
      interval: 1m
      timeout: 10s
      retries: 3  
    # labels:
    #   maintainer: "Your Name <your@email.com>"
    #   org.label-schema.version: "latest"
    #   org.label-schema.name: "Nextcloud-REDIS"
    #   org.label-schema.description: "Self-hosted file sharing and collaboration platform"
    #   org.label-schema.url: "https://nextcloud.com"
    #   org.label-schema.documentation: "https://docs.nextcloud.com"
    #   org.label-schema.source: "https://github.com/nextcloud/docker"
    #   org.label-schema.issues: "https://github.com/nextcloud/docker/issues"
    environment:
      - REDIS_HOST=${REDIS_HOST}
      - REDIS_HOST_PORT=${REDIS_HOST_PORT}
      # - REDIS_PASSWORD=${REDIS_HOST_PASSWORD}
    expose:
      - ${REDIS_HOST_PORT}

  db:
    image: mariadb:10.5
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    # if getting this error : 4047 InnoDB refuses to write tables with ROW_FORMAT=COMPRESSED or KEY_BLOCK_SIZE.
    # More details here : https://techoverflow.net/2021/08/17/how-to-fix-nextcloud-4047-innodb-refuses-to-write-tables-with-row_formatcompressed-or-key_block_size/
    # Comment the above command and use the below :
    # command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
    restart: unless-stopped
    container_name: ncapp-db-server
    volumes:
      - db_data:/var/lib/mysql
    healthcheck:
      test: [CMD-SHELL, mysqladmin ping -h localhost]
      interval: 1m
      timeout: 10s
      retries: 3
    networks:
      - dbnet
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 4096M

    # labels:
    #   maintainer: "Your Name <your@email.com>"
    #   org.label-schema.version: "latest"
    #   org.label-schema.name: "Nextcloud-MARIADB"
    #   org.label-schema.description: "Self-hosted file sharing and collaboration platform"
    #   org.label-schema.url: "https://nextcloud.com"
    #   org.label-schema.documentation: "https://docs.nextcloud.com"
    #   org.label-schema.source: "https://github.com/nextcloud/docker"
    #   org.label-schema.issues: "https://github.com/nextcloud/docker/issues"
    environment:
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
    expose:
      - ${MYSQL_HOST_PORT}

volumes:
  db_data:
  nc_data:
  rd_data:
  nc_apache2:

networks:
  dbnet:
    driver: bridge
  redisnet:
    driver: bridge

Once you have saved your docker-compose.yml file, you can start your services in detached mode using the following command:

docker-compose up -d

This command will pull the necessary images (if not already available) and start the containers in the background, allowing you to continue using your terminal for other tasks.

After running above command , wait for about 5 to 10 seconds to ensure that all services are properly initialized. Once the waiting period is over, you can enable SSH by running the script:

./enable-ssh.sh

This script will configure SSH access, allowing you to manage your services remotely and securely.

If you are getting output similar to this , then please wait for 5 more seconds and rerun the script :
ERROR :

Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  service apache2 restart
Site 000-default already enabled
Module headers already enabled
Reloading Apache httpd web server: apache2 failed!
Apache2 is not running ... (warning).

EXPECTED OUTPUT :

$ ./enable-ssl.sh
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled
Site 000-default already enabled
Module headers already enabled
Reloading Apache httpd web server: apache2.

5 Accessing Nextcloud on a Private IP

To successfully access your Nextcloud instance running on a private IP, ensure that Tailscale is active on both the server hosting Nextcloud and the machine you are using for access.

Open Your Browser: Navigate to the private IP address of your Nextcloud server.
Login Credentials: Enter your administrator username and password. Upon logging in, you may encounter the following error:

   ## Access through untrusted domain

   Please contact your administrator. If you are an administrator, edit the "trusted_domains" setting in config/config.php like the example in config.sample.php.

   Further information on how to configure this can be found in the [documentation](https://docs.nextcloud.com/server/29/go.php?to=admin-trusted-domains).

Resolving the Untrusted Domain Error

To resolve the untrusted domain issue, you need to update the trusted domains in your Nextcloud configuration:

Access the Docker Container: Execute the following command to enter your Nextcloud Docker container:

   docker exec -it ncapp-nextcloud-server /bin/bash

Install a Text Editor: If not already installed, you can install nano by running:

   apt update && apt install nano

Edit the Configuration File: Open the configuration file using:

   nano /var/www/html/config/config.php

Locate the Trusted Domains Section: Use Ctrl + W to initiate a search and type trusted_domains, then hit Enter.

Modify the Trusted Domains: You can either edit the existing localhost entry or add your domain. Your configuration block should look like this:

   array (
       0 => 'localhost',
       1 => 'nextcloud-server.domain.com',
   ),

Save and Exit: Save your changes in nano by pressing Ctrl + X, then confirm with Y and press Enter.

Now, you should be able to access your Nextcloud instance at https://nextcloud-server.domain.com.

Congratulations! You've successfully configured your Nextcloud server to recognize your domain.

As we come to the end of this guide, we hope you've gained valuable insights and practical steps to take control of your data by self-hosting NextCloud with MariaDB, Redis, and secure access via Tailscale VPN. By following these steps, you've not only set up a powerful collaboration platform but also enhanced your data security and privacy.

Remember, self-hosting isn't just about functionality—it's about owning your infrastructure and safeguarding sensitive information. Whether you're managing it for personal use or for a team, always prioritize regular backups, updates, and monitoring to maintain the integrity of your setup.

If you found this guide helpful and have any questions or feedback, feel free to reach out. For more insights on technology and to stay updated with my latest content, connect with me on LinkedIn and you can support open source community by buying a coffee here.

*Email *: hi@plexio.cloud
*Linkedin *: LinkedIn

Thank you for following along, and best of luck with your self-hosting journey!

Install Ubuntu 24.04 or Any Linux Flavor on Windows 11 and Access It via SSH Using Tailscale Private IP

R. Quazi — Sun, 15 Sep 2024 08:06:58 +0000

1 Introduction

In today's tech-driven world, many professionals and hobbyists need to work across both Windows and Linux environments. Whether you're a developer or a small business owner relying on Windows for daily tasks but needing Linux-based applications, the challenge is to efficiently run Linux applications without disrupting your primary Windows setup.

Linux environments are often preferred for running applications like Nginx, Apache, Jenkins, Docker, Kubernetes, and MongoDB, as many software tools are optimized for Linux. However, since most computers come with Windows pre-installed, finding an efficient way to run Linux applications is important.

Image Credit : Ubuntu

1.1 Common Methods to Run Linux on Windows:

Dual Boot: Windows + Linux. This method requires rebooting to switch between operating systems, which can be inconvenient and consumes more resources.
Cloud VM/VPS: Effective but potentially costly. Even when not in active use, you might incur charges for storage and uptime/IP etc.
VirtualBox: Provides a portable solution without altering the host system directly. But, it requires allocating CPU cores RAM and storage, which can impact system performance.
LXC/LXD Containers: Containers share the host’s kernel but have their own filesystem, processes, and network stack. They may not always integrate seamlessly with host applications.
Docker Containers: Similar to LXC containers, Docker containers share the host’s kernel and might be restrictive in GUI support and file system access.

Each of these methods has its trade-offs. Dual booting requires frequent reboots, virtual machines can consume significant resources, and containers may be limiting in terms of file access and GUI support.

To find a balance between efficiency, convenience, and functionality, you need a solution that bridges the gap between Windows and Linux environments.

2 WSL (Windows Subsystem for Linux)

WSL is a compatibility layer that allows you to run a Linux distribution directly on Windows. It provides a Linux-like environment within Windows, making it ideal for developers who need Linux tools and utilities. WSL supports various development, scripting, and testing tasks and can even run DevOps tools like Kubernetes , docker and jenkins etc.

"To master technology, we must learn to integrate it, not just use it in isolation."

2.1 WSL Advantages

Direct Integration: Seamlessly interacts with the Windows filesystem.
Software Compatibility: Works well with Windows software (e.g., Docker Desktop , VS code).
Full Linux Kernel: Utilizes a complete Linux kernel in WSL 2.
Interoperability: Facilitates interaction between Windows and Linux applications.
Convenience: Easier setup and use compared to dual boot or traditional VMs.
Developer-Friendly: Streamlined for development tasks.
Easier Maintenance: Simpler to manage than dual boot systems or VMs.

2.2 WSL Limitations

Performance: Not as performant as a native Linux installation.
GUI Support: Limited support for graphical applications.
Kernel Limitations: Not suitable for all use cases, especially those requiring specific kernel modules or low-level hardware access.

3 Installation

3.1 System Requirements

Before installing WSL, ensure your system meets the following requirements:

Enable Virtualization in your BIOS settings.
Windows 10 version 2004 or higher (Build 19041 or higher)
- For x64 systems: Version 1903 or later, Build 18362.1049 or later.
- For ARM64 systems: Version 2004 or later, Build 19041 or later.
Windows 11 is fully compatible.
Minimum 4 GB RAM.

3.2 Opening PowerShell as Administrator

To install WSL, you need to open PowerShell with administrative privileges. Follow one of these methods:

3.2.1 Option 1: Using the Start Menu

Press the Windows key or click the Start menu.
Type PowerShell in the search bar.
Right-click Windows PowerShell from the search results.
Select Run as administrator.

3.2.2 Option 2: Using the Run Dialog

Press Windows Key + R to open the Run dialog.
Type powershell in the text box.
Press Ctrl + Shift + Enter to run PowerShell as an administrator. Avoid pressing Enter alone, as this will open PowerShell in normal user mode.

3.3 Enabling WSL and Installing a Linux Distribution

3.3.1 Enable the Required Features

First, enable the "Windows Subsystem for Linux" feature and the Virtual Machine Platform feature:

Enable "Windows Subsystem for Linux"



dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart

Output:



Deployment Image Servicing and Management tool
Version: 10.0.22621.2792

Image Version: 10.0.22631.3880

Enabling feature(s)
[==========================100.0%==========================]
The operation completed successfully.

Enable "Virtual Machine Platform"



dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart

Output:



Deployment Image Servicing and Management tool
Version: 10.0.22621.2792

Image Version: 10.0.22631.3880

Enabling feature(s)
[==========================100.0%==========================]
The operation completed successfully.

After running these commands, restart your computer to apply the changes.

3.3.2 Install the Linux Kernel Update Package

To download and install the latest Linux kernel update package:

For x64: ```PowerShell

wsl.exe --install


- For ARM 64 :
Download the package : https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_arm64.msi

Double click to install the WSL.

> [!NOTE]
> > If you dont know the type of system you are using you can run this command : ``systeminfo | find "System Type"``
> > Output : `System Type:               x64-based PC`
> 
> 


Output:

...
...
...
Launching Ubuntu...
Installing, this may take a few minutes...
Please create a default UNIX user account. The username does not need to match your Windows username.
For more information visit: https://aka.ms/wslusers
Enter new UNIX username:


### 3.3.3    Set WSL Version 2 as the Default

Ensure that WSL version 2 is set as the default version:
```PowerShell


wsl --set-default-version 2

Output:



For information on key differences with WSL 2 please visit https://aka.ms/wsl2
The operation completed successfully.

3.3.4 Install Your Preferred Linux Distribution

Install your favorite Linux distribution. For example, to install Ubuntu 24.04:



wsl --install -d Ubuntu-24.04

Or you can install any distro of your choice :

Linux Distribution	WSL Installation Command
Ubuntu 18.04 LTS	`wsl --install -d Ubuntu-18.04`
Ubuntu 20.04 LTS	`wsl --install -d Ubuntu-20.04`
Ubuntu 22.04 LTS	`wsl --install -d Ubuntu-22.04`
openSUSE Leap 15.1	`wsl --install -d openSUSE-Leap-15.1`
SUSE Linux Enterprise Server 12 SP5	`wsl --install -d SLES-12-SP5`
SUSE Linux Enterprise Server 15 SP1	`wsl --install -d SLES-15-SP1`
Kali Linux	`wsl --install -d Kali-Linux`
Debian GNU/Linux	`wsl --install -d Debian`
Fedora Remix for WSL	`wsl --install -d Fedora-Remix-for-WSL`
Pengwin	`wsl --install -d Pengwin`
Pengwin Enterprise	`wsl --install -d WLinux-Enterprise`
Alpine WSL	`wsl --install -d Alpine`
Raft (Free Trial)	`wsl --install -d Raft`
AlmaLinux	`wsl --install -d AlmaLinux`

3.3.5 Set Up Your Linux Distribution

Once the installation is complete, open your Linux distribution (e.g., Ubuntu 24.04) and create a username and password when prompted.

3.3.6 Verify Installation and Check WSL Version

To check the installed distributions and their WSL versions, use:



wsl -l -v

Output:



  NAME            STATE           VERSION
* Ubuntu-24.04    Stopped         2
  Ubuntu          Stopped         2

3.3.7 Launch Your Linux Distribution

You can launch Ubuntu (or any installed Linux distribution) using either of the following commands:

Using the distribution executable:



ubuntu2404.exe

Using WSL command:

wsl

4 Tailscale

Tailscale can be used for various purposes, including:

SSH Access: Securely connect to remote machines.
File Access and Sharing: Access and share files across devices.
Private Website Access: Reach privately hosted websites.
Database and Kubernetes Clusters: Connect to databases and Kubernetes clusters securely. ## 4.1 Key Differences from Traditional VPNs

4.2 Setting Up Tailscale

4.2.1 Sign Up and Access the Admin Dashboard

Sign Up: Create an account at Tailscale.
Admin Dashboard: After signing up, you will be directed to the Tailscale Admin Dashboard.

4.2.2 Install Tailscale on WSL

Open your WSL terminal and run: ```bash

curl -fsSL https://tailscale.com/install.sh | sh

2. Check the status of the Tailscale service:
   ```bash


   sudo systemctl status tailscaled

Enable and start the Tailscale service: ```bash

sudo systemctl enable tailscaled
sudo systemctl start tailscaled


### 4.2.3    Install Tailscale on Windows
1. Download the Tailscale installer for Windows from [here](https://pkgs.tailscale.com/stable/tailscale-setup-latest.exe).
2. Once Installed login to tailscale.

### 4.2.4    Configure Tailscale
1. **Generate an Auth Key**:
   - Return to the Tailscale Admin Dashboard.
   - Navigate to **Settings** to generate an authentication key.


![Image description](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/2ywgb6cwtwbog9p15dbk.png)






2. **Authenticate and Connect**:
   - Return to your WSL terminal.
   - Run the following command to authenticate and connect:
     ```bash


     sudo tailscale up --auth-key=YOUR_AUTH_KEY --ssh

Replace YOUR_AUTH_KEY with the key you generated.

Congratulations! Your WSL is now configured for remote SSH access over a private IP. Both your Windows machine and the WSL instance should be connected to Tailscale to access resources or applications and to perform SSH.

4.2.5 SSH Using Tailscale Browser-Based Access

Access Tailscale Admin Portal:
- Go to the Tailscale Admin Portal.
- Select the machine you want to SSH into and choose the option to SSH into the machine.

Select User:
- Choose the user you want to log in as.

Confirm Identity:
- Confirm your identity by logging in to Tailscale.

You are now connected to WSL through your browser.

Congratulations! You have successfully set up Ubuntu 24.04 on Windows 11 using WSL and configured it for secure SSH access via Tailscale. This setup allows you to leverage the power of Linux applications seamlessly within your Windows environment while ensuring secure, private connectivity from anywhere and using any device.

Connect with me : hi@plexio.cloud

Thank you for reading!

References:

DEV Community: R. Quazi

Purelymail – The Most Cost-Effective Email Provider for Custom Domains

My Journey Before Purelymail

Why Multiple Emails Matter

Enter Purelymail

Downsides (the reality check)

Verdict

Take Control of Your Data- Self-host NextCloud.

Take Control of Your Data- Self-Hosting NextCloud with MariaDB, Redis, with Let's Encrypt SSL and Securely Access via TailScale VPN

1 Introduction :

1.1 Preface

1.2 Architecture :

2 Initial Setup :

2.1 Get a Domain name:

2.2 Tailscale :

2.2.1 Key Differences from Traditional VPNs

2.2.2 Setting Up Tailscale

2.2.3 Sign Up and Access the Admin Dashboard

2.2.4 Install Tailscale on Linux

2.2.5 Install Tailscale on Windows

2.2.6 Configure Tailscale

2.2.7 SSH Using Tailscale Browser-Based Access

2.2.8 Get Private IP :

2.3 Installing Docker :

2.3.1 Install using the apt repository

2.4 Pointing DNS to the Server's Private IP Address :

3 Nextcloud Deployment :

3.1 SSL request :

Step 1: Running Certbot to Generate an SSL Certificate

Step 2: Input Required Information

Step 3: Deploying DNS TXT Record

Step 4: Verifying the DNS Record

Step 5: SSL Certificate Issuance

Important Notes:

3.2 Utilizing a .env File to Manage Configuration Variables

3.3 Nextcloud Configuration in config.php

Mounting an Existing config.php File

3.4 Creating the Apache Configuration File

Sample Apache2 Configuration File

3.5 Setting Request Limits in Apache

3.6 Script to Enable SSL and Headers Module in Nextcloud Container :

4 Docker Compose :

5 Accessing Nextcloud on a Private IP

Resolving the Untrusted Domain Error

Install Ubuntu 24.04 or Any Linux Flavor on Windows 11 and Access It via SSH Using Tailscale Private IP

1 Introduction

1.1 Common Methods to Run Linux on Windows:

2 WSL (Windows Subsystem for Linux)

2.1 WSL Advantages

2.2 WSL Limitations

3 Installation

3.1 System Requirements

3.2 Opening PowerShell as Administrator

3.2.1 Option 1: Using the Start Menu

3.2.2 Option 2: Using the Run Dialog

3.3 Enabling WSL and Installing a Linux Distribution

3.3.1 Enable the Required Features

3.3.2 Install the Linux Kernel Update Package

3.3.4 Install Your Preferred Linux Distribution

3.3.5 Set Up Your Linux Distribution

3.3.6 Verify Installation and Check WSL Version

3.3.7 Launch Your Linux Distribution

4 Tailscale

4.2 Setting Up Tailscale

4.2.1 Sign Up and Access the Admin Dashboard

4.2.2 Install Tailscale on WSL

4.2.5 SSH Using Tailscale Browser-Based Access

2.3.1 Install using the `apt` repository