Docker Services — Nextcloud + Ollama
All projects
Homelab / Docker services

Self-hosted cloud & local AI —
Nextcloud + Ollama on Docker

Two privacy-first Docker deployments running on the same home server: Nextcloud (replacing Google’s productivity suite) and Ollama with Open WebUI running large language models locally with no data leaving the machine.

Nextcloud Self-hosted Ollama Open WebUI Docker Compose MariaDB Tailscale Funnel Privacy
Status
● Both active
Deployment
Docker Compose
Nextcloud DB
MariaDB
Nextcloud access
Tailscale Funnel
LLM model
Dolphin3
AI data leaves server
Never

Overview

Both of these projects share the same underlying motivation: keeping personal data under personal control. Nextcloud replaces the Google and Microsoft services that most people use without thinking: Drive, Photos, Calendar and Teams. With Nextcloud, I have self-hosted equivalents where every file and message stays on hardware I own. Ollama takes the same principle but to AI: instead of sending queries to OpenAI or Google’s servers, models run completely locally on the server’s CPU (currently working to enable GPU acceleration with an old graphics card I had to improve speed).

Both services run as separate Docker Compose stacks on the same Fedora Server, managed independently with their own networks and volumes. Nextcloud is exposed to the internet via Tailscale Funnel for convenient access from any device. Ollama and Open WebUI stay private (accessible only over the Tailnet) because a local AI assistant has no reason to be public-facing.

Part 1 — Nextcloud

Nextcloud is an open-source platform that covers everything Google Workspace provides. From file sync, to photo backups, to calendar and team messaging, all self-hosted on my own hardware. Running it in a RAID 1 array with a MariaDB backend means the data is both redundant and stored on a proper production-grade database rather than something like SQLite.

What Nextcloud replaces

// files
File sync
Desktop and mobile sync clients keep files up to date across all devices with versioning and selective sync support.
replaces Google Drive
// photos
Photo backup
Automatic camera roll backup from phone over Tailscale Funnel. All originals stored on the RAID array — never on a third-party server.
replaces Google Photos
// cal
Calendar & contacts
CalDAV and CardDAV sync with native apps on all devices. No Google account required anywhere in the chain.
replaces Google Calendar
// talk
Nextcloud Talk
Private messaging, voice and video calls, file sharing and channels, all hosted on my own hardware with no external relay.
replaces Slack / Teams

Nextcloud architecture

Any device browser / app HTTPS Tailscale Funnel TLS termination no open router ports *.ts.net public endpoint fedora server Nextcloud :8080 docker container MariaDB :3306 docker container nextcloud_data RAID 1 array db_data named volume
Nextcloud docker compose snippet
RAID setup

Tailscale Funnel for public access: Rather than opening a port on the router and managing SSL/TLS certificates manually, Tailscale Funnel proxies HTTPS traffic from a public *.ts.net subdomain directly to the Nextcloud container. TLS is handled automatically. The router has zero open ports: the server never directly accepts connections from the public internet.

Nextcloud dashboard
Part 2 — Ollama + Open WebUI

Ollama is an open source runtime for running large language models locally. It pulls models from a registry much like Docker pulls container images, and then serves them via a local API. Open WebUI sits on top of it, providing a polished ChatGPT-like interface that mirrors the experience of many popular chatbots but with one critical difference: every token is processed on the server’s hardware and never leaves my machine.

Running Dolphin3 locally means I can use an AI assistant for coding help, research and general conversation without any of that content going to a third-party API. For security work in particular (where queries might involve vulnerability details or sensitive configurations) keeping that inference local is the way to go.

Local vs cloud AI — the trade-off

Cloud AI (ChatGPT / Gemini)
  • Every query sent to third-party servers
  • Prompts may be used for model training
  • Sensitive content leaves your machine
  • Dependent on internet connectivity
  • Subject to rate limits and API costs
  • Provider can read conversation history
Local AI (Ollama on homelab)
  • All inference runs on local hardware
  • Zero data sent externally — ever
  • Safe to use with sensitive queries
  • Works fully offline once model is pulled
  • No usage limits or API costs
  • Complete control over model and history

Ollama + Open WebUI architecture

My devices via Tailscale only private fedora server — docker network: ollama_net Open WebUI chat interface :3000 docker container API calls Ollama model runtime :11434 docker container Model storage Dolphin3 ollama_models volume local filesystem no external API calls · all inference local · zero data leaves server

What I use it for

// chat
General assistant
Day-to-day questions, writing help and research, with the confidence that the conversation never leaves my server.
// code
Coding help
Debugging, code review and script generation. Particularly useful for security scripts and configs where you wouldn’t want to paste code into a public AI service.
// privacy
Privacy-first AI
For any query involving sensitive configurations, personal data or security research, local inference means zero exposure to third-party training pipelines or data retention policies.

Running LLMs on constrained hardware: The AMD FX-8320 is CPU-only — no GPU acceleration yet. This means inference is much slower than a cloud API, but perfectly usable for a personal assistant. Choosing the right model size is a balancing act between response quality and how much RAM and CPU the model consumes as there are other services like Wazuh and Nextcloud that need to keep running alongside it.

Open WebUI — chat interface

What I learned

01
Multi-container orchestration
Both stacks involve multiple containers communicating over internal Docker networks. Managing named volumes, environment variable injection via .env files and depends_on ordering built a solid understanding of how containerized applications are structured.
02
Data sovereignty in practice
Setting up both Nextcloud and Ollama made me think carefully about where data actually goes. When at rest, in transit and during processing. The decisions made here (RAID storage, Funnel vs private-only, local inference) are all threat-model decisions as much as they are technical ones.
03
LLM infrastructure
Understanding how Ollama serves models via a REST API (and how Open WebUI consumes that API) demystifies the infrastructure behind AI products. The same pattern (model server + frontend client) is how production AI services are built at scale.
Previous project
Homelab foundation
Next project
Penetration testing lab