[Guide] How I finally got Nextcloud AIO working on Windows + Tailscale (No Port Forwarding, No VPS)

[islemliaz]

I've spent days trying to get Nextcloud All-In-One (AIO) running on Windows 11 using Docker. My ISP uses CGNAT (so I can't open ports), and I wanted to use Tailscale for secure access.

I kept hitting the same wall: The Nextcloud Setup Wizard would demand a domain, but using my Tailscale domain (machine.tailxxx.ts.net) would cause infinite redirect loops or "Connection Refused" errors.

I finally found a "clean" method that works perfectly using the tailscale serve command. Here is the full tutorial so you don't have to suffer like I did.

The Problem
Nextcloud AIO expects to handle its own SSL (HTTPS). Tailscale also wants to handle SSL. When you mix them, they fight, and you get locked out.

The Solution: "The Tailscale Bridge"
Instead of fighting the configuration files, we tell Tailscale to act as a "Bridge" (Reverse Proxy) before we even install Nextcloud.

Step 1: Prepare the Bridge
Install Tailscale on your Windows PC and log in.

Enable MagicDNS and HTTPS Certificates in your Tailscale Admin Console.

Open PowerShell (Admin) on Windows.

Run this command to forward your Tailscale traffic to port 11000 (where Apache will live): PowerShelltailscale serve --bg http://localhost:11000/ // (This tells Tailscale: "Take any traffic coming to https://my-machine.tailnet.ts.net/ and secretly pass it to local port 11000.")

Step 2: The Docker Command
Run the standard AIO installer, but mapped to port 11000. Important: Replace D:\Cloud\NextCloudData with your own empty folder path.

PowerShell

docker run ^
--sig-proxy=false ^
--name nextcloud-aio-mastercontainer ^
--restart always ^
--publish 8080:8080 ^
--env APACHE_PORT=11000 ^
--env APACHE_IP_BINDING=0.0.0.0 ^
--env SKIP_DOMAIN_VALIDATION=true ^
--env NEXTCLOUD_DATADIR="D:\Cloud\NextCloudData" ^
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
--volume /var/run/docker.sock:/var/run/docker.sock:ro ^
nextcloud/all-in-one:latest
Step 3: The Setup Wizard
Open https://localhost:8080/

Domain: Enter your full Tailscale domain (e.g., my-pc.tailxxx.ts.net).

Submit. (It will pass immediately because of SKIP_DOMAIN_VALIDATION).

Select your addons (Collabora, etc.) and click Download and Start.

Step 4: Success
Once the containers are green, you don't need to access it via IP. Just click your secure link:

👉 https://my-machine.tailnet.ts.net/

It works with the Lock Icon 🔒, and the mobile app connects instantly (as long as your phone is running Tailscale).

TL;DR: Don't mess with overwritehost config hacks. Just use tailscale serve --bg before installing, and make sure your data folder is empty!

[luisalourenco]

Interesting, does this mean we don't need Caddy or any other rever proxy to handle the SSL and redirects to Nextcloud container?

I was trying this setup #5439 on macOS (had to tweak /var/run/docker.sock.raw as instructed in the official documentation) with caddy and tailscale but perhaps this one is simpler and introduces less overhead.

Does NextCloud Office work well in this setup? I'm struggling to have it working on the one I mentioned above.