This project lets me run a fully self-hosted, private cloud storage and monitoring stack on macOS using Colima, Docker Compose, with secure remote access through Tailscale’s MagicDNS, HTTPS via Caddy, and real-time monitoring using Prometheus + Grafana. It’s secure, private, and entirely within my control.
I wanted a private Google Drive alternative where I controlled my files completely. I also wanted to learn:
-
Docker containerization
-
VPN-based secure access using Tailscale
-
Configuring HTTPS with reverse proxies (Caddy)
-
Observability using Grafana and Prometheus
-
Nextcloud – cloud file syncing and collaboration
-
MariaDB – database backend
-
Redis – caching for Nextcloud performance
-
Caddy – reverse proxy with automatic HTTPS
-
Prometheus – metrics collection
-
Grafana – visual dashboards for system health
-
Tailscale – private VPN with MagicDNS
-
Colima – Docker on macOS with Linux networking
Configure Grafana to monitor your container metrics and Nextcloud performance.
Set up Prometheus to scrape Docker and system metrics for monitoring.
When I first set up Nextcloud, the login page was completely blank. Here's what fixed it:
-
Database not running or misconfigured
-
Incorrect
config.phpsettings -
File permission issues
-
Services not restarted after changes
-
Cached browser errors
-
Checked MariaDB service
-
Verified
config/config.phpdatabase fields -
Ensured correct file permissions for web user
-
Restarted containers
-
Cleared browser cache and cookies
After doing all of the above, the login page loaded correctly.
When Grafana didn’t load its login/dashboard:
-
Grafana not connected to its DB (SQLite or external)
-
Misconfigured
grafana.ini(root URL or port) -
Reverse proxy or firewall blocking access
-
Checked
docker logsand confirmed Grafana is running -
Verified
grafana.iniconfig (port, URLs) -
Cleared browser cache
-
Restarted Grafana container
Prometheus showed empty dashboards because it wasn’t scraping correctly.
-
Misconfigured
prometheus.yml -
Scrape targets unreachable
-
Network or firewall blocking port 9090
-
Checked Prometheus container logs
-
Validated scrape target URLs in
prometheus.yml -
Restarted Prometheus after edits
-
Cleared cache in browser
-
Docker Compose for multi-service orchestration
-
Linux-based networking with Colima
-
Reverse proxies and automatic TLS with Caddy
-
VPN routing and access control using Tailscale
-
Real-time monitoring using Prometheus and Grafana
-
Debugging blank pages, database issues, config problems
-
Automated Nextcloud backups
-
Email configuration for password resets
-
Add Grafana alerts for system health
-
Enable 2FA in Nextcloud for better security
-
Explore external storage backends for Nextcloud
- Clone the repo:
git clone https://github.com/100dollarguy/tailscale-nextcloud-docker.git
cd tailscale-nextcloud-docker
- Start Colima (Docker for macOS):
colima start
- Start all containers:
docker compose up -d
- Access services:
- 📂 Nextcloud:
http://your-magicdns-name.ts.net
- 📊 Grafana:
http://your-magicdns-name.ts.net:3000
- 🔍 Prometheus:
http://your-magicdns-name.ts.net:9090This setup is intended for private use within a Tailscale VPN. Do not expose it publicly without adding extra security measures.
If you have any questions or want help extending or customizing this setup, feel free to open issues or reach out!
Happy self-hosting!
This project is licensed under the MIT License. You're free to use, modify, and share it — personally or commercially.
Feel free to fork it, improve it for your own setup, or share with others!