Differences

This shows you the differences between two versions of the page.

--- computing:nextcloud [2019/06/15 23:17] – oemb1905
+++ computing:nextcloud [2025/10/25 18:56] (current) – oemb1905
@@ Line 11: / Line 11: @@
 -------------------------------------------
-This tutorial is for users of Debian GNU/Linux seeking to set up a basic self-hosted or VPS Nextcloud instance.  Before you start, you should read [[https://nextcloud.com/blog/the-issue-with-public-cloud/|The issue with Public Cloud]], which covers a little more about the value of hosting your own content/cloud instance.  Also, do not proceed with this tutorial until you have a LAMP stack set up and until you have properly configured TLS encryption for your site.  If you need help with doing that, please see the [[https://jonathanhaack.com/dokuwiki/doku.php?id=computing:apachesurvival|Apache Survivial]] tutorial. Now that your webserver is set up and securely accessed, proceed:
+This tutorial is for a Nextcloud instance on Debian GNU/Linux.  For why one would want such a thing, read: [[https://nextcloud.com/blog/the-issue-with-public-cloud/|The issue with Public Cloud]].  This tutorial assumes you have LAMP/FEMP and TLS encryption for your site already, and if not, go here:[[https://wiki.haacksnetworking.com/doku.php?id=computing:apachesurvival|Apache Survivial]]. So we begin:
+  sudo apt install apache2-utils php-xml php-curl php-gd php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-apcu php-gmp php-imagick php-bcmath php-bz2 wget unzip
+Or ...
+  sudo apt-get install php-{xml,curl,gd,cgi,zip,mysql,mbstring,intl,fpm,apcu,gmp,imagick,bcmath,bz2}
+Once these are installed, make sure you can enable them and that you have no errors in your configurations:
+  sudo a2enmod ssl
+  sudo a2enmod headers
+  sudo a2enmod proxy_fcgi
+  sudo a2enmod setenvif
+  sudo a2enconf php8.2-fpm
+  sudo a2enconf php8.2-cgi
+  sudo sudo apache2ctl configtest
+There may be some others for your use case.  Assuming you left the webroot in /var/www/html, the next step is downloading nextcloud, moving it to webroot, and setting up proper permissions:
-  cd /var/www/html
+  cd /var/www/nextcloud.jonathanhaack.com/
-  sudo wget https://download.nextcloud.com/server/releases/nextcloud-15.0.8.zip
+  sudo wget https://download.nextcloud.com/server/releases/latest.zip
-  sudo unzip nextcloud-15.0.8.zip
+  sudo unzip latest.zip
-  sudo mv /var/www/html/nextcloud/* /var/www/html/
+  sudo rm latest.zip
-  sudo mv /var/www/html/nextcloud/.htaccess /var/www/html/.htaccess
+  sudo rm public_html
-  sudo mv /var/www/html/nextcloud/.user.ini /var/www/html/.user.ini
+  sudo mv nextcloud public_html
-  sudo rm -r nextcloud
+  cd public_html
-  sudo rm nextcloud-15.0.8.zip
+  sudo chown www-data:www-data -R /var/www/nextcloud.jonathanhaack.com/public_html/
-  sudo chown www-data:www-data -R /var/www/html/*
+  sudo mkdir /var/www/nextcloud.jonathanhaack.com/nextclouddata
-  sudo mkdir /var/www/nextclouddata
+  sudo chown www-data:www-data -R /var/www/nextcloud.jonathanhaack.com/nextclouddata
-  sudo chown www-data:www-data -R /var/www/nextclouddata
+  sudo chmod 750 -R /var/www/nextcloud.jonathanhaack.com/nextclouddata
-  sudo mkdir assets
+  sudo mkdir -p /var/www/nextcloud.jonathanhaack.com/public_html/data
-  sudo mkdir data
   sudo chmod 0640 *.php *.txt *.html AUTHORS COPYING
-  sudo chmod 0750 {3rdparty,apps,assets,config,core,data,lib,ocm-provider,ocs,ocs-provider,resources,settings,themes,updater}
+  sudo chmod 0750 {3rdparty,apps,config,core,data,lib,ocm-provider,ocs,ocs-provider,resources,settings,themes,updater}
-  sudo chown root:www-data /var/www/html
+  sudo chown root:www-data /var/www/nextcloud.jonathanhaack.com/public_html/
-  sudo chown www-data:www-data {apps,assets,config,data,themes,updater}
+  sudo chown www-data:www-data {apps,config,data,themes,updater}
-  sudo chmod 0755 /var/www/html/occ
+  sudo chmod 0755 /var/www/nextcloud.jonathanhaack.com/public_html/occ
-  sudo chmod 0644 /var/www/html/.htaccess
+  sudo chmod 0644 /var/www/nextcloud.jonathanhaack.com/public_html/.htaccess
-  sudo chown root:www-data /var/www/html/.htaccess
+  sudo chown root:www-data /var/www/nextcloud.jonathanhaack.com/public_html/.htaccess
   sudo systemctl restart mysql
   sudo systemctl restart mysqld
   sudo systemctl restart apache2
-  sudo systemctl restart php7.0-fpm.service
+  sudo systemctl restart php7.3-fpm.service
-Prepate MariaDB server for 4-byte characters prior to creating database:
+Prepare MariaDB server for 4-byte characters prior to creating database:
-  sudo nano mariadb.conf.d/50-server.cnf
+  sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf
 Once inside that file, copy these configurations under the [mysqld] block and restart the service:
@@ Line 52: / Line 69: @@
   sudo mysql -u root -p
-Enter your password for sudo and then for MySQL.  Once inside MySQL command mode, you will have a ">" prompt.  You will need to create a separate database for Nextcloud, a dedidcated database user for Nextcloud, and establish proper permissions for the dedicated database user.  Here goes:
+Enter your password for sudo and then for MySQL.  Once inside MySQL command mode, you will have a ">" prompt.  You will need to create a database for Nextcloud, a database user for Nextcloud, give that user permissions over the database as follows:
-  > CREATE DATABASE nextcloud;
+  CREATE DATABASE nextcloud;
-  > CREATE USER nextclouduser@localhost IDENTIFIED BY 'put-password-here';
+  CREATE USER nextclouduser@localhost IDENTIFIED BY 'put-password-here';
-  > GRANT ALL PRIVILEGES ON nextcloud.* to nextclouduser@localhost IDENTIFIED BY 'put-password-here';
+  GRANT ALL PRIVILEGES ON nextcloud.* to nextclouduser@localhost IDENTIFIED BY 'put-password-here';
-  > FLUSH PRIVILEGES;
+  FLUSH PRIVILEGES;
-  > EXIT;
+  EXIT;
-Okay, you can now proceed to the website test.com and make finish the remaining set up using the Nextcloud website that is now active.  Let's first restart the web server and mysql services:
+Let's first restart the web server, php, and mysql:
   sudo systemctl restart mysql
   sudo systemctl restart apache2
+  sudo systemctl restart php7.3-fpm.service
-Ok, now that those services are restarted, you should be able to access your website.  Visit test.com in your browser, or if you are not using a domain, then visit localhost in your web browser of choice. When you do that you are given the following choices that match the configuration options above:
+Now, visit test.com in your browser and then specify the following configuration options:
-  * create new user name: <yourchoice, but do not use root, admin, etc., since this is public facing>
+  * create new user name: adminname
-  * create new user pass: <this is public facing and is the admin user, so make it a bit beefy>
+  * create new user pass: password
-  * specify data folder: /var/www/test.com/nextclouddata
+  * specify data folder: /var/www/nextclouddata
-  * database user name: nextcloud
+  * database user name: nextclouduser
   * database name: nextcloud
   * database location: localhost
-Once you are done, you can now use Nextcloud at will.  Make sure you have a good backup in place, however, before you put significant time into migrating your files, calendars, contacts, and other workflow into it.  With regard to backups, visit my [[https://jonathanhaack.com/dokuwiki/doku.php?id=computing:raid|RAID tutorial]], or my [[https://jonathanhaack.com/dokuwiki/doku.php?id=computing:raid|rsync and rsnapshot tutorial]].  Happy clouding.
+The first thing to do is to navigate to Settings, Overview.  Nextcloud has a built in system recommendation tool that will specify remaining set up optimizations, etc.  The first one I needed was to optimize opcache settings, so I opened the opcache file to adjust its settings:
+  sudo nano /etc/php/8.2/cli/conf.d/10-opcache.ini
-Nextcloud offered this:
+I entered the following settings, currently recommended by Nextcloud.  You should always check/verify this before copying and pasting:
-  sudo find /var/www/codetalkers.group/public_html/ -type f -print0 | xargs -0 chmod 0640
+  opcache.enable=1
-  sudo find /var/www/codetalkers.group/public_html/ -type d -print0 | xargs -0 chmod 0750
+  opcache.enable_cli=1
+  opcache.interned_strings_buffer=16
+  opcache.max_accelerated_files=10000
+  opcache.memory_consumption=128
+  opcache.save_comments=1
+  opcache.revalidate_freq=1
+To adjust php memory limit and post size, navigate to these locations and change the following parameters:
+  sudo nano /etc/php/7.3/cli/php.ini
+  sudo nano /etc/php/7.3/cgi/php.ini
+  sudo nano /etc/php/7.3/fpm/php.ini
+  sudo nano /etc/php/7.3/apache2/php.ini [if using libapache mod instead]
+  upload_max_filesize=2G
+  post_max_size=2G
+  memory_limit=512M
-But that gives me errors, so I developed this (also two lines), from within ServerRoot...
+Next, adjust your max age header in your ssl vhost:
+  sudo nano /etc/apache2/sites-enabled/default-ssl.conf
+  <Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains">
+Enable overrides so that cal/card dav will work without cumbersome vhost entries:
+  sudo nano /etc/apache2/apache2.conf
+  <AllowOverride All>
+If you do not want to allow overrides, then manually set the redirects for cal/card dav as follows:
+  sudo nano /etc/apache2/sites-enabled/default-ssl.conf
+  <Redirect 301 /.well-known/carddav /var/www/html/remote.php/dav>
+  <Redirect 301 /.well-known/caldav /var/www/html/remote.php/dav>
+Lastly, when upgraing you might get a big integers db error. If so, run this in web root:
+  sudo -u www-data php occ db:convert-filecache-bigint
+To configure cron to refresh php every 5 minutes:
+  ''sudo crontab -e -u www-data''
+  <MAILTO="email@email.com">
+  <*/5  *  *  *  * php -f /var/www/html/cron.php > /dev/null 2>&1>
+To fine tune php:
+  sudo nano /etc/php/8.2/fpm/pool.d/www.conf
+  https://docs.nextcloud.com/server/16/admin_manual/installation/server_tuning.html
+For a 4GB server:
+  pm = dynamic
+  pm.max_children = 120
+  pm.start_servers = 12
+  pm.min_spare_servers = 6
+  pm.max_spare_servers = 18
+For a 1GB server, use defaults:
+  pm = dynamic
+  pm.max_children = 5
+  pm.start_servers = 2
+  pm.min_spare_servers = 1
+  pm.max_spare_servers = 3
+To reset permissions after an update:
   cd /var/www/codetalkers.group/public_html/
+  sudo chown www-data:www-data -R /var/www/codetalkers.group/public_html/*
+  sudo chown www-data:www-data -R /var/www/codetalkers.group/nextclouddata
   sudo chmod 0640 *.php *.txt *.html AUTHORS COPYING
-  sudo chmod 0750 {3rdparty,apps,assets,config,core,data,lib,ocm-provider,ocs,ocs-provider,resources,settings,themes,updater}
+  sudo chmod 0750 {3rdparty,apps,config,core,data,lib,ocm-provider,ocs,ocs-provider,resources,settings,themes,updater}
-  sudo chown -R root:www-data /var/www/codetalkers.group/public_html
+  sudo chown root:www-data /var/www/codetalkers.group/public_html
-  sudo chown www-data:www-data {apps,assets,config,data,themes,updater}
+  sudo chown www-data:www-data {apps,config,data,themes,updater}
   sudo chmod 0755 /var/www/codetalkers.group/public_html/occ
   sudo chmod 0644 /var/www/codetalkers.group/public_html/.htaccess
   sudo chown root:www-data /var/www/codetalkers.group/public_html/.htaccess
+  sudo systemctl restart mysql
+  sudo systemctl restart mysqld
+  sudo systemctl restart apache2pm = dynamic
+  sudo systemctl restart php7.3-fpm.service
-And finally you have an instance ... [[https://codetalkers.group|Haack's Cloud]].
+Need to manually move files from an old NAS or elsewhere to Nextcloud:
-Update:  I was having trouble getting Nextcloud to recognize my opcache settings when I used the default php.ini, so I located the php.ini specifically for opcache in the daemon directory provided on Debian and put the changes there, and then it worked:
+  sudo -u www-data php /var/www/html/nextcloud/occ files:scan --all
+  sudo -u www-data php occ files:scan --path=/oemb1905/files/Movies/Television/Twilight/
+  sudo -u www-data php occ files:scan --path=/heather/files/
+  sudo -u www-data php occ files:scan --help
-  nano /etc/php/7.0/cli/conf.d/10-opcache.ini
+Okay, and for Nextcloud Talk configuration, you need a Turn server for video chat to work:
+  sudo apt install coturn
+  sudo nano /etc/turnserver.conf
+  openssl rand -hex 32
-The settings below are currently recommended by Nextcloud, but always check/verify this before copying and pasting:
+The Nextcloud [[https://nextcloud-talk.readthedocs.io/en/latest/TURN/|guide]] recommends these minimum values:
+  listening-port=3478
+  fingerprint
+  use-auth-secret
+  static-auth-secret=<use hex key from last step above>
+  realm=your.domain.org
+  total-quota=100
+  bps-capacity=0
+  stale-nonce
+  no-multicast-peers
+  systemctl restart coturn
-  opcache.enable=1
+After doing this, go to Nextcloud / Settings / Talk, and enter localhost:3478 for the TURN server, and put the same hex key from above in for the secret key field.  Restart all your services and test - should work.  Some apps, like the Community Document Server, take too long to download for the default php settings.  In this case, extend the execution time:
-  opcache.enable_cli=1
-  opcache.interned_strings_buffer=8
-  opcache.max_accelerated_files=10000
-  opcache.memory_consumption=128
-  opcache.save_comments=1
-  opcache.revalidate_freq=1
-Adjust the memory limit for php by finding the line `memory_limit = ` and changing it to 1G:
+  sudo nano /etc/php/7.3/cli/php.ini
+  sudo nano /etc/php/7.3/apache2/php.ini
+  sudo nano /etc/php/7.3/fpm/php.ini
+  sudo nano /var/www/html/.user.ini
+  max_excution_time = 240 (for all of them)
-  sudo nano /etc/php/7.2/apache2/php.ini
+If you get the missing indexes error on an upgrade, use:
-Find the `memory_limit = ` line and change the value to 1G.  Next, you may get a Header error for your SSL configuration.  To adjust that, either adjust your <VirtualHost *:443> or adjust your snippet for ssl settings (which is what I use for SSL) as follows:
+  sudo -u www-data php occ db:add-missing-indices
-  sudo nano /etc/apache2/conf-available/ssl-params.conf
+Brute force won't permit log in
-Add the following Header parameter with the other parameters, or anywhere before the </IfModule> marker:
+  select database;
+  delete FROM oc_bruteforce_attempts;
+  flush privileges;
+  exit;
+Log in normally after that.  My latest command is for Stubborn files that won't delete from trashbin:
-  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+  sudo -u www-data php occ trashbin:cleanup --all-users
+Phone region issue
-Lastly, Nextcloud uses an .htaccess file inside the webroot, and in order for that configuration to be utilized, Overrides must be enabled:
+  sudo nano /var/www/nextcloud/config/config.php
+  'default_phone_region' => 'GB',
-  sudo nano /etc/apache2/apache2.conf
+New weird error about svg support for phpimagick
+  sudo apt install libmagickcore-6.q16-6-extra
-Scroll down to the web server root section and adjust it to read as follows:
+Upgrade & Update:
-  <Directory />
+  cd /var/www/html/nextcloud/
-        Options FollowSymLinks
+  sudo -u www-data php occ upgrade
-        AllowOverride All
+  cd /var/www/html/nextcloud/updater/
-        Require all denied
+  sudo -u www-data php updater.phar
-  </Directory>
+Use redis for everything except local memcache which uses apcu. Also, in this configuration, redis is on the same machine as nextcloud. First, install needed packages. Adjust versions to your needs.
-Also, your cal and card dav need redirects for some reasons a bit unclear to me, so adjust your ssl.conf as follows:
+  sudo apt install  php-{apcu,redis,memcache,memcached} redis memcached redis-server
+  sudo apt install  php8.3-{apcu,redis,memcache,memcached} redis memcached redis-server
+  sudo apt-get install php-{xml,curl,gd,cgi,zip,mysql,mbstring,intl,fpm,apcu,gmp,imagick,bcmath,bz2}
+  sudo apt-get install php8.3-{xml,curl,gd,cgi,zip,mysql,mbstring,intl,fpm,apcu,gmp,imagick,bcmath,bz2}
-  sudo nano /etc/apache2/sites-enabled/default-ssl.conf
+Then, right underneath the '''filelocking.enabled' => true,'' line, enter the following:
-Place the following redirects after <VirtualHost> and before any <IfModules>.  If you are using a directory called nextcloud for your instance, change the path to reflect that location instead of the web-root as my configuration utilizes:
+  'memcache.local' => '\OC\Memcache\APCu',
+  'memcache.distributed' => '\OC\Memcache\Redis',
+  'memcache.locking' => '\OC\Memcache\Redis',
+  'redis' => [
+     'host' => 'localhost',
+     'port' => 6379,
+  ],
+Configure apcu in php mods:
+  sudo nano /etc/php/7.x/mods-available/apcu.ini
+  <apc.enable_cli=1>
+To get Social working, these rewrite rules are needed. However, these need to actually point to a .well-known directory which is configured properly. If, however, override All did not make that or your instance was upgraded and does not have it, these rewrites in .htaccess will not be enough on their own.
-  Redirect 301 /.well-known/carddav /remote.php/dav
+  RewriteRule ^\.well-known/webfinger /index.php/.well-known/webfinger [R=301,L]
-  Redirect 301 /.well-known/caldav /remote.php/dav
+  RewriteRule ^\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]
-Okay, that is the majority of fundamental configuration details required to have it running smoothly.  Here are a few more optional configurations:
+Enable rotation of logs
+  'log_rotate_size' => 100 * 1024 * 1024,
+Delete the log contents (removes errors from admin settings GUI)
-  sudo systemctl restart mysql
+  sudo -u www-data truncate nextcloud.log  --size 0
-  sudo systemctl restart mysqld
-  sudo systemctl restart apache2
-  sudo systemctl restart php7.0-fpm.service
-  sudo reboot
-Happy clouding ...
+This will put the logs on a schedule and remove old errors in due time. When I put Nextcloud behind a reverse proxy, I had to change the following in the primary config:
--- -- -- -- --
+  sudo nano /var/www/inside.outsidebox.vip/public_html/config/config.php
+  'trusted_domains' =>
+    array (
+=> 'inside.outsidebox.vip',
+=> '10.13.13.33',
+    ),
+  'overwritehost' => 'inside.outsidebox.vip',
+  'overwriteprotocol' => 'https',
-This tutorial is a designated "Invariant Section" of the "Technotronic" section of Haack's Wiki as described on the [[https://jonathanhaack.com/dokuwiki/doku.php?id=start|Start Page]].
+This ensures that the upstream subnet and node is trusted and that external url requests don't try to access the subnet directly. There are other notes in the proxmox tutorial since that is when I set up the reverse proxy setup. There is now a recommended maintenance window setting:
- --- //[[netcmnd@jonathanhaack.com|oemb1905]] 2019/06/15 16:33//
+  'maintenance_window_start' => 1,
+Mimetype migrations
+  sudo -u www-data php occ maintenance:repair --include-expensive
+On recent versions, you cannot set up smtp on the gui. Use the following adjust as needed:
+  'mail_smtpmode' => 'smtp',
+  'mail_sendmailmode' => 'smtp',
+  'mail_smtphost' => 'mail.example.com',
+  'mail_smtpport' => '465',
+  'mail_smtpauth' => 1,
+  'mail_smtptimeout' => 30,
+  'mail_from_address' => 'noreply',
+  'mail_smtpname' => 'noreply',
+  'mail_smtppassword' => 'hackmehard123!@',
+  'mail_smtpsecure' => 'ssl',
+ --- //[[alerts@haacksnetworking.org|oemb1905]] 2025/03/24 22:22//

Haack's Wiki

User Tools

Site Tools

Differences

Page Tools