This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
computing:nextcloud [2019/06/15 23:17] – oemb1905 | computing:nextcloud [2024/07/13 04:12] (current) – oemb1905 | ||
---|---|---|---|
Line 11: | Line 11: | ||
------------------------------------------- | ------------------------------------------- | ||
- | This tutorial is for users of Debian GNU/ | + | This tutorial is for a Nextcloud instance on Debian GNU/ |
+ | |||
+ | sudo apt install apache2-utils php-xml php-curl php-gd php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-apcu php-gmp php-imagick php-bcmath php-bz2 wget unzip | ||
+ | |||
+ | Or ... | ||
+ | |||
+ | sudo apt-get install php-{xml, | ||
+ | |||
+ | Once these are installed, make sure you can enable them and that you have no errors in your configurations: | ||
+ | |||
+ | sudo a2enmod ssl | ||
+ | sudo a2enmod headers | ||
+ | sudo a2enmod proxy_fcgi | ||
+ | sudo a2enmod setenvif | ||
+ | sudo a2enconf php8.2-fpm | ||
+ | sudo a2enconf php8.2-cgi | ||
+ | sudo sudo apache2ctl configtest | ||
+ | |||
+ | There may be some others for your use case. Assuming you left the webroot in / | ||
| | ||
- | cd /var/www/html | + | cd /var/www/nextcloud.jonathanhaack.com/ |
- | sudo wget https:// | + | sudo wget https:// |
- | sudo unzip nextcloud-15.0.8.zip | + | sudo unzip latest.zip |
- | sudo mv / | + | sudo rm latest.zip |
- | sudo mv / | + | sudo rm public_html |
- | sudo mv / | + | sudo mv nextcloud |
- | | + | |
- | sudo rm nextcloud-15.0.8.zip | + | sudo chown www-data: |
- | sudo chown www-data: | + | sudo mkdir /var/www/ |
- | sudo mkdir / | + | sudo chown www-data: |
- | sudo chown www-data: | + | sudo chmod 750 -R / |
- | sudo mkdir assets | + | sudo mkdir -p / |
- | sudo mkdir data | + | |
sudo chmod 0640 *.php *.txt *.html AUTHORS COPYING | sudo chmod 0640 *.php *.txt *.html AUTHORS COPYING | ||
- | sudo chmod 0750 {3rdparty, | + | sudo chmod 0750 {3rdparty, |
- | sudo chown root: | + | sudo chown root: |
- | sudo chown www-data: | + | sudo chown www-data: |
- | sudo chmod 0755 /var/www/html/occ | + | sudo chmod 0755 /var/www/nextcloud.jonathanhaack.com/ |
- | sudo chmod 0644 /var/www/html/ | + | sudo chmod 0644 /var/www/nextcloud.jonathanhaack.com/ |
- | sudo chown root: | + | sudo chown root: |
sudo systemctl restart mysql | sudo systemctl restart mysql | ||
sudo systemctl restart mysqld | sudo systemctl restart mysqld | ||
sudo systemctl restart apache2 | sudo systemctl restart apache2 | ||
- | sudo systemctl restart php7.0-fpm.service | + | sudo systemctl restart php7.3-fpm.service |
- | Prepate | + | Prepare |
- | sudo nano mariadb.conf.d/ | + | sudo nano /etc/mysql/mariadb.conf.d/ |
| | ||
Once inside that file, copy these configurations under the [mysqld] block and restart the service: | Once inside that file, copy these configurations under the [mysqld] block and restart the service: | ||
Line 52: | Line 69: | ||
sudo mysql -u root -p | sudo mysql -u root -p | ||
- | Enter your password for sudo and then for MySQL. | + | Enter your password for sudo and then for MySQL. |
- | | + | CREATE DATABASE nextcloud; |
- | | + | CREATE USER nextclouduser@localhost IDENTIFIED BY ' |
- | | + | GRANT ALL PRIVILEGES ON nextcloud.* to nextclouduser@localhost IDENTIFIED BY ' |
- | | + | FLUSH PRIVILEGES; |
- | | + | EXIT; |
- | Okay, you can now proceed to the website test.com and make finish the remaining set up using the Nextcloud website that is now active. | + | Let's first restart the web server, php, and mysql: |
| | ||
sudo systemctl restart mysql | sudo systemctl restart mysql | ||
sudo systemctl restart apache2 | sudo systemctl restart apache2 | ||
+ | sudo systemctl restart php7.3-fpm.service | ||
- | Ok, now that those services are restarted, you should be able to access your website. | + | Now, visit test.com in your browser |
- | * create new user name: < | + | * create new user name: adminname |
- | * create new user pass: <this is public facing and is the admin user, so make it a bit beefy> | + | * create new user pass: password |
- | * specify data folder: /var/www/test.com/ | + | * specify data folder: / |
- | * database user name: nextcloud | + | * database user name: nextclouduser |
* database name: nextcloud | * database name: nextcloud | ||
* database location: localhost | * database location: localhost | ||
- | Once you are done, you can now use Nextcloud at will. | + | The first thing to do is to navigate to Settings, Overview. |
+ | |||
+ | sudo nano /etc/php/8.2/cli/conf.d/10-opcache.ini | ||
| | ||
- | Nextcloud | + | I entered the following settings, currently recommended by Nextcloud. You should always check/ |
| | ||
- | sudo find /var/www/codetalkers.group/public_html/ -type f -print0 | xargs -0 chmod 0640 | + | |
- | sudo find /var/www/codetalkers.group/public_html/ -type d -print0 | xargs -0 chmod 0750 | + | opcache.enable_cli=1 |
+ | opcache.interned_strings_buffer=16 | ||
+ | opcache.max_accelerated_files=10000 | ||
+ | opcache.memory_consumption=128 | ||
+ | opcache.save_comments=1 | ||
+ | opcache.revalidate_freq=1 | ||
+ | |||
+ | To adjust php memory limit and post size, navigate to these locations and change the following parameters: | ||
+ | |||
+ | | ||
+ | sudo nano /etc/php/7.3/cgi/php.ini | ||
+ | sudo nano / | ||
+ | sudo nano / | ||
+ | upload_max_filesize=2G | ||
+ | post_max_size=2G | ||
+ | memory_limit=512M | ||
| | ||
- | But that gives me errors, so I developed this (also two lines), from within ServerRoot... | + | Next, adjust your max age header in your ssl vhost: |
+ | |||
+ | sudo nano / | ||
+ | <Header always set Strict-Transport-Security " | ||
+ | |||
+ | Enable overrides | ||
+ | |||
+ | sudo nano / | ||
+ | < | ||
| | ||
+ | If you do not want to allow overrides, then manually set the redirects for cal/card dav as follows: | ||
+ | |||
+ | sudo nano / | ||
+ | < | ||
+ | < | ||
+ | |||
+ | Lastly, when upgraing you might get a big integers db error. If so, run this in web root: | ||
+ | |||
+ | sudo -u www-data php occ db: | ||
+ | |||
+ | To configure cron to refresh php every 5 minutes: | ||
+ | |||
+ | sudo crontab -e -u www-data | ||
+ | < | ||
+ | < | ||
+ | | ||
+ | To fine tune php: | ||
+ | |||
+ | sudo nano / | ||
+ | https:// | ||
+ | | ||
+ | For a 4GB server: | ||
+ | | ||
+ | pm = dynamic | ||
+ | pm.max_children = 120 | ||
+ | pm.start_servers = 12 | ||
+ | pm.min_spare_servers = 6 | ||
+ | pm.max_spare_servers = 18 | ||
+ | | ||
+ | For a 1GB server, use defaults: | ||
+ | |||
+ | pm = dynamic | ||
+ | pm.max_children = 5 | ||
+ | pm.start_servers = 2 | ||
+ | pm.min_spare_servers = 1 | ||
+ | pm.max_spare_servers = 3 | ||
+ | |||
+ | To reset permissions after an update: | ||
cd / | cd / | ||
+ | sudo chown www-data: | ||
+ | sudo chown www-data: | ||
sudo chmod 0640 *.php *.txt *.html AUTHORS COPYING | sudo chmod 0640 *.php *.txt *.html AUTHORS COPYING | ||
- | sudo chmod 0750 {3rdparty, | + | sudo chmod 0750 {3rdparty, |
- | sudo chown -R root: | + | sudo chown root: |
- | sudo chown www-data: | + | sudo chown www-data: |
sudo chmod 0755 / | sudo chmod 0755 / | ||
sudo chmod 0644 / | sudo chmod 0644 / | ||
sudo chown root: | sudo chown root: | ||
+ | sudo systemctl restart mysql | ||
+ | sudo systemctl restart mysqld | ||
+ | sudo systemctl restart apache2pm = dynamic | ||
+ | sudo systemctl restart php7.3-fpm.service | ||
- | And finally you have an instance ... [[https:// | + | Need to manually move files from an old NAS or elsewhere to Nextcloud: |
- | Update: | + | sudo -u www-data php / |
+ | sudo -u www-data | ||
+ | sudo -u www-data php occ files:scan --path=/ | ||
+ | sudo -u www-data | ||
- | | + | Okay, and for Nextcloud Talk configuration, |
+ | |||
+ | sudo apt install coturn | ||
+ | sudo nano /etc/turnserver.conf | ||
+ | openssl rand -hex 32 | ||
| | ||
- | The settings below are currently recommended by Nextcloud, but always check/verify this before copying and pasting: | + | The Nextcloud |
+ | |||
+ | listening-port=3478 | ||
+ | fingerprint | ||
+ | use-auth-secret | ||
+ | static-auth-secret=< | ||
+ | realm=your.domain.org | ||
+ | total-quota=100 | ||
+ | bps-capacity=0 | ||
+ | stale-nonce | ||
+ | no-multicast-peers | ||
+ | systemctl restart coturn | ||
| | ||
- | opcache.enable=1 | + | After doing this, go to Nextcloud / Settings / Talk, and enter localhost: |
- | opcache.enable_cli=1 | + | |
- | opcache.interned_strings_buffer=8 | + | |
- | opcache.max_accelerated_files=10000 | + | |
- | opcache.memory_consumption=128 | + | |
- | opcache.save_comments=1 | + | |
- | opcache.revalidate_freq=1 | + | |
- | Adjust the memory limit for php by finding the line `memory_limit | + | sudo nano /etc/php/ |
+ | sudo nano / | ||
+ | sudo nano / | ||
+ | sudo nano / | ||
+ | max_excution_time | ||
- | sudo nano / | + | If you get the missing indexes error on an upgrade, use: |
- | Find the `memory_limit = ` line and change the value to 1G. Next, you may get a Header error for your SSL configuration. | + | sudo -u www-data php occ db:add-missing-indices |
- | sudo nano / | + | Brute force won't permit log in |
- | Add the following Header parameter with the other parameters, or anywhere before the </ | + | select database; |
+ | delete FROM oc_bruteforce_attempts; | ||
+ | flush privileges; | ||
+ | exit; | ||
+ | |||
+ | Log in normally after that. My latest command is for Stubborn files that won't delete from trashbin: | ||
- | | + | |
+ | |||
+ | Phone region issue | ||
- | Lastly, Nextcloud uses an .htaccess file inside the webroot, and in order for that configuration to be utilized, Overrides must be enabled: | + | sudo nano / |
+ | ' | ||
- | | + | New weird error about svg support for phpimagick |
+ | |||
+ | | ||
| | ||
- | Scroll down to the web server root section and adjust it to read as follows: | + | Upgrade & Update: |
- | | + | |
- | | + | sudo -u www-data php occ upgrade |
- | | + | cd / |
- | | + | sudo -u www-data php updater.phar |
- | | + | |
+ | Use redis for everything except local memcache which uses apcu. Also, in this configuration, | ||
- | Also, your cal and card dav need redirects for some reasons a bit unclear to me, so adjust your ssl.conf as follows: | + | sudo apt install |
+ | sudo apt install | ||
+ | sudo apt-get install php-{xml, | ||
+ | sudo apt-get install php8.3-{xml, | ||
- | | + | Then, right underneath the ''' |
- | | + | |
- | Place the following redirects after <VirtualHost> | + | ' |
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ], | ||
+ | |||
+ | |||
+ | Configure apcu in php mods: | ||
+ | |||
+ | | ||
+ | <apc.enable_cli=1> | ||
+ | |||
+ | To get Social working, these rewrite rules are needed. However, these need to actually point to a .well-known | ||
- | | + | |
- | | + | |
| | ||
- | Okay, that is the majority | + | Enable rotation |
+ | ' | ||
+ | Delete the log contents (removes errors from admin settings GUI) | ||
| | ||
- | sudo systemctl restart mysql | + | sudo -u www-data truncate nextcloud.log --size 0 |
- | sudo systemctl restart mysqld | + | |
- | sudo systemctl restart apache2 | + | |
- | sudo systemctl restart php7.0-fpm.service | + | |
- | sudo reboot | + | |
- | Happy clouding ... | + | This will put the logs on a schedule and remove old errors in due time. When I put Nextcloud behind a reverse proxy, I had to change the following in the primary config: |
- | -- -- -- -- -- | + | sudo nano / |
+ | ' | ||
+ | array ( | ||
+ | 0 => ' | ||
+ | 1 => ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
- | This tutorial is a designated " | + | This ensures that the upstream subnet and node is trusted and that external url requests don't try to access |
- | --- // | + | ' |
| | ||
+ | Mimetype migrations | ||
+ | |||
+ | sudo -u www-data php occ maintenance: | ||
+ | --- // |