1. Install Ubuntu Server
https://ubuntu.com/download/server
2. Nextcloud
3. Install Postgres
❗ LinuxServer.io Nextcloud doesdoes not useuse PostgreSQL environmentenvironment variablesvariables to connect to the databasedatabase.
That’s the issueissue rightright therethere.
UnlikeUnlike the officialofficial
nextcloudimageimage,linuxserver/nextclouddoesdoes not readPOSTGRES_USER,POSTGRES_PASSWORD, etc. from the environmentenvironment.
InsteadInstead, it expects youyou to configureconfigure the databasedatabase entirelyentirely throughthrough the web UI.
services:
db:
image: postgres:16
container_name: nextcloud-postgres
environment:
POSTGRES_DB: nextclouddb
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: MyStrongPassword123!
volumes:
- /opt/nextcloud/postgres:/var/lib/postgresql/data
restart: unless-stopped
nextcloud:
image: lscr.io/linuxserver/nextcloud:latest
container_name: nextcloud
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- /opt/nextcloud/config:/config
- /opt/nextcloud/data:/data
ports:
- 443:443
depends_on:
- db
restart: unless-stopped3. Duck DNS
Errors:
Bad gateway: 
Because your Portainer HTTPS endpoint is using a self-signed certificate, Cloudflared (by default) will try to validate it—and fail—so you get a 502 even though curl -vk https://127.0.0.1:9443 works locally.
Here’s how to fix that when you’re using the Web Dashboard to manage your tunnel:
- Enable “Disable TLS Verification” on the Hostname In the Cloudflare dashboard go to Zero Trust → Access → Tunnels.
Click your tunnel, then open the Public hostnames tab.
Find the row for portainer.kimhungbui.com and click Edit.
Under Origin Connection you should see a toggle or checkbox labeled something like “Disable TLS verification” (or “Skip certificate validation”).
Enable that option and save.
This tells Cloudflared not to reject your Portainer’s self-signed cert.
It work:
