Nextcloud Setup: What Broke and What I Did Instead

What I Was Building — and Why Nextcloud Looked Right

I was paying ₹1,300/month for Google One. My Raspberry Pi 4 (4 GB) had a 1 TB USB drive attached and was doing nothing. I wanted self-hosted cloud storage accessible from my phone and laptop — no big-tech scanning, no subscription creep.

Nextcloud kept coming up everywhere: on r/selfhosted, in self-hosting YouTube channels, in privacy forums. Its reputation as "the" open-source Google Drive replacement is well-earned — calendar, contacts, video calls, file sync, AI assistant, all on hardware you own.

My goal was narrow: files accessible anywhere, occasional sharing, video playback. Nextcloud handles all of that. The official installation docs looked manageable. I had no reason not to try.

Step 1: PHP — The First Two Evenings of Nextcloud Setup Problems

Nextcloud installation failed: missing PHP modules

Nextcloud requires PHP 8.1 or 8.2 with specific extensions. Raspberry Pi OS Lite ships PHP 8.2 via Debian Bookworm in 2026, so the version itself wasn't the problem — the modules were. After the standard LAMP install, navigating to the setup wizard produced this immediately:

Error: Your PHP version is missing the following modules:
  imagick, bcmath, gmp

None are installed by default. Each is a separate apt install. The Nextcloud docs list these requirements but in a different section from the installation steps — so first-timers miss them entirely. Run the full install before launching the wizard:

# Install all required PHP modules at once — do this BEFORE the wizard
$ sudo apt install php8.2-imagick php8.2-bcmath php8.2-gmp \
    php8.2-curl php8.2-gd php8.2-mbstring php8.2-xml php8.2-zip \
    php8.2-mysql php8.2-mysqlnd

The module that wasn't what it said it was

After installing everything the health check flagged, the setup wizard still errored during database configuration with "database connection failed." The actual cause: I had installed php8.2-mysqlnd but not php8.2-mysql. They are not the same package, and the error message doesn't tell you which one is missing. The fix is to install both explicitly — which is why the command above includes both. This specific issue has a thread on the Nextcloud community forum from 2021 that is still accurate today.

Step 2: MariaDB — The Permissions Trap

The host binding that fails silently

The official Nextcloud install guide says "create a database and user." What it doesn't say is that the host binding in your GRANT statement matters significantly.

This pattern fails silently on most Pi setups:

-- DON'T do this — @'%' causes host-not-allowed errors
CREATE USER 'nextcloud'@'%' IDENTIFIED BY 'yourpassword';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'%';

This works correctly:

-- DO this instead — @'localhost' is required
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'yourpassword';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
FLUSH PRIVILEGES;

The @'%' wildcard means "from any host." MariaDB on localhost often rejects this for security reasons, producing a "host not allowed" error that looks like a password problem. Took me 40 minutes to find. Changing to @'localhost' fixes it immediately.

Step 3: HTTPS and Let's Encrypt — The Circular Dependency

Why you can't skip HTTPS in your Nextcloud setup

Nextcloud's Android and iOS apps refuse to connect over plain HTTP. So even if your local setup is working, you're locked out from your phone until you have a valid SSL certificate. To get a free certificate from Let's Encrypt, you need: a domain name pointing at your home IP, port 80 open and forwarded from your router, and certbot able to reach that domain from the public internet.

The NGINX config that broke 20 minutes after it worked

After getting a certificate (using my phone's mobile data as an external test), I configured NGINX to serve Nextcloud over HTTPS. It worked. I closed the terminal. Twenty minutes later: 504 Gateway Timeout.

The cause: NGINX was pointing at the wrong PHP-FPM socket path. Raspberry Pi OS creates the socket at /run/php/php8.2-fpm.sock, but the config template I copied used /var/run/php/php8.2-fpm.sock. Check the actual socket location and update your config to match:

# Find the correct socket path
$ ls /run/php/

# Then update your NGINX config's fastcgi_pass to match exactly:
fastcgi_pass unix:/run/php/php8.2-fpm.sock;  # use what ls shows

Step 4: Port Forwarding — Where the Whole Thing Stopped

I was behind CGNAT and didn't know it

After setting up port forwarding, I tested from my phone on mobile data. Nothing loaded. I checked my external IP at whatismyip.com, then tested port accessibility at canyouseeme.org. Ports were closed — the requests weren't reaching my router at all.

I called my ISP. "Sir, you are on shared IP. Port forwarding is not possible on this plan."

This is CGNAT — Carrier Grade NAT. My router's "public" IP wasn't public at all. It was a private address on my ISP's internal network, shared with dozens of other customers. There is no direct path from the internet to my device. Port forwarding is architecturally impossible on a CGNAT connection. This is one of the most common and least-documented Nextcloud setup problems for Indian users specifically.

The Cloudflare Tunnel workaround — real, but another project

The standard fix is Cloudflare Tunnel. It creates an outbound encrypted connection from your device to Cloudflare's edge — bypassing CGNAT completely because the connection goes outward, not inward. It works, but it requires a Cloudflare account, a domain with DNS managed through Cloudflare, installing and authenticating cloudflared on your Pi, configuring a tunnel in the dashboard, and updating your NGINX config. That is another 2–3 hours. By this point I was four evenings in.

Taking Stock — and What I Switched To

At this point I asked an honest question: what am I actually trying to do? I wanted files accessible from my phone away from home, the ability to share an occasional folder, and video playback. Not calendar. Not contacts. Not video calls. Not real-time document editing.

I had spent four evenings fighting infrastructure to enable file access. The infrastructure was winning.

Searching for "nextcloud alternative without port forwarding" turned up Gavety — a self-hosted file storage alternative that runs on any Linux device and handles the remote access tunneling automatically. The install:

# Single command — works on Raspberry Pi, x86, ARM64
$ curl -fsSL install.gavety.com | bash

→ Detecting system... Pi 4 / arm64
→ Downloading gavety-agent v2.4.1
→ Installing systemd service
→ /dev/sda1 → /mnt/gavety_storage
→ Connecting to app.gavety.com... linked

✓ Setup complete in 90 seconds

No NGINX config. No PHP modules. No database. No port forwarding. No CGNAT problem — because Gavety's agent creates an outbound tunnel using the same architectural approach as Cloudflare Tunnel, but built into the product rather than bolted on afterward. See how outbound tunneling works in self-hosted storage if you want the technical detail.

The Most Common Nextcloud Setup Problems — Quick-Reference Fix List

If you're partway through a broken install, one of these is almost certainly your problem. Each fix below is the minimum change that resolves it.

When to Keep Going vs When to Stop

If you've spent more than four hours and still can't access Nextcloud from outside your network, the remaining problem is almost certainly CGNAT or the Cloudflare Tunnel configuration. Both are solvable — but they're a separate 2–3 hour project each. Whether to continue depends entirely on what you need.

For a full side-by-side comparison of Nextcloud against simpler alternatives — Gavety, Synology, OpenMediaVault, TrueNAS — with a feature matrix and CGNAT compatibility column, see: Best Nextcloud Alternatives in 2026.

The Honest Takeaway

Nextcloud is genuinely powerful software. The support forum community is patient and thorough. Every Nextcloud setup problem I hit has a documented fix. The complexity isn't a bug — it's the consequence of what the software does. A platform that replaces Google Workspace requires infrastructure that reflects that ambition.

If you need what Nextcloud does, the setup investment is worth it. Work through the Cloudflare Tunnel path and you'll have a private collaboration suite that rivals anything on the market.

If your goal is "private files, accessible anywhere, on hardware I own" — the complexity is optional. That narrower problem is solved in 90 seconds without four evenings of infrastructure work.

Self-hosting shouldn't require a sysadmin certificate. The best setup is the one that actually runs.

This post is part of Gavety's Self-hosting made simple series. We build Gavety to solve the exact CGNAT and complexity problems described above. All Nextcloud fixes are sourced from official documentation and community threads, verified as of May 2026.