This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
computing:nextcloud [2020/04/29 08:31] – oemb1905 | computing:nextcloud [2024/07/13 04:12] (current) – oemb1905 | ||
---|---|---|---|
Line 13: | Line 13: | ||
This tutorial is for a Nextcloud instance on Debian GNU/ | This tutorial is for a Nextcloud instance on Debian GNU/ | ||
- | sudo apt install apache2-utils php-xml php-curl php-gd php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm wget unzip | + | sudo apt install apache2-utils php-xml php-curl php-gd php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm |
| | ||
Or ... | Or ... | ||
| | ||
- | sudo apt-get install | + | sudo apt-get install |
| | ||
Once these are installed, make sure you can enable them and that you have no errors in your configurations: | Once these are installed, make sure you can enable them and that you have no errors in your configurations: | ||
Line 25: | Line 25: | ||
sudo a2enmod proxy_fcgi | sudo a2enmod proxy_fcgi | ||
sudo a2enmod setenvif | sudo a2enmod setenvif | ||
- | sudo a2enconf | + | sudo a2enconf |
+ | sudo a2enconf php8.2-cgi | ||
sudo sudo apache2ctl configtest | sudo sudo apache2ctl configtest | ||
Line 31: | Line 32: | ||
| | ||
cd / | cd / | ||
- | sudo wget https:// | + | sudo wget https:// |
- | sudo unzip nextcloud-16.0.3.zip | + | sudo unzip latest.zip |
- | sudo rm nextcloud-16.0.3.zip | + | sudo rm latest.zip |
+ | sudo rm public_html | ||
sudo mv nextcloud public_html | sudo mv nextcloud public_html | ||
cd public_html | cd public_html | ||
Line 69: | Line 71: | ||
Enter your password for sudo and then for MySQL. | Enter your password for sudo and then for MySQL. | ||
- | | + | CREATE DATABASE nextcloud; |
- | | + | CREATE USER nextclouduser@localhost IDENTIFIED BY ' |
- | | + | GRANT ALL PRIVILEGES ON nextcloud.* to nextclouduser@localhost IDENTIFIED BY ' |
- | | + | FLUSH PRIVILEGES; |
- | | + | EXIT; |
Let's first restart the web server, php, and mysql: | Let's first restart the web server, php, and mysql: | ||
Line 92: | Line 94: | ||
The first thing to do is to navigate to Settings, Overview. | The first thing to do is to navigate to Settings, Overview. | ||
- | sudo nano /etc/php/7.0/ | + | sudo nano /etc/php/8.2/ |
| | ||
I entered the following settings, currently recommended by Nextcloud. | I entered the following settings, currently recommended by Nextcloud. | ||
Line 98: | Line 100: | ||
opcache.enable=1 | opcache.enable=1 | ||
opcache.enable_cli=1 | opcache.enable_cli=1 | ||
- | opcache.interned_strings_buffer=8 | + | opcache.interned_strings_buffer=16 |
opcache.max_accelerated_files=10000 | opcache.max_accelerated_files=10000 | ||
opcache.memory_consumption=128 | opcache.memory_consumption=128 | ||
Line 104: | Line 106: | ||
opcache.revalidate_freq=1 | opcache.revalidate_freq=1 | ||
- | Find the `memory_limit = ` line and change the value to 1G. Sometimes, the memory limit error persists, and you may need to also edit .user.ini inside the nextcloud directory with the following parameters: | + | To adjust php memory limit and post size, navigate to these locations |
- | | + | |
- | sudo nano .user.ini | + | sudo nano /etc/php/7.3/cgi/php.ini |
- | + | | |
- | Add these three lines to the configuration file there (the first two are optional for the memory limit problem, but super helpful for regular use): | + | sudo nano / |
- | | + | upload_max_filesize=2G |
- | upload_max_filesize=10G | + | post_max_size=2G |
- | post_max_size=10G | + | |
memory_limit=512M | memory_limit=512M | ||
- | |||
- | You may also need to adjust the memory limit for php by to 1G in these locations also: | ||
- | |||
- | sudo nano / | ||
- | sudo nano / | ||
| | ||
- | Next, you may get a Header error for your SSL configuration. | + | Next, adjust |
sudo nano / | sudo nano / | ||
+ | <Header always set Strict-Transport-Security " | ||
- | Add the following Header parameter with the other parameters, or anywhere before the </IfModule> | + | Enable overrides so that cal/card dav will work without cumbersome vhost entries: |
- | + | ||
- | < | + | |
- | Header always set Strict-Transport-Security " | + | |
- | </ | + | |
- | + | ||
- | Lastly, Nextcloud uses an .htaccess file inside the webroot, and in order for that configuration to be utilized, Overrides must be enabled: | + | |
sudo nano / | sudo nano / | ||
+ | < | ||
| | ||
- | Scroll down to the web server root section and adjust it to read as follows: | + | If you do not want to allow overrides, then manually set the redirects for cal/card dav as follows: |
- | + | ||
- | < | + | |
- | Options FollowSymLinks | + | |
- | AllowOverride All | + | |
- | Require all denied | + | |
- | </ | + | |
- | + | ||
- | Also, your cal and card dav need redirects for some reasons a bit unclear to me, so adjust your ssl.conf | + | |
sudo nano / | sudo nano / | ||
- | | + | <Redirect 301 / |
- | Place the following redirects after <VirtualHost> and before any <IfModules> | + | |
- | Redirect 301 / | + | Lastly, when upgraing you might get a big integers |
- | Redirect 301 / | + | |
- | + | ||
- | Okay, that is the majority of fundamental configuration details required to have it running smoothly. | + | |
- | + | ||
- | sudo apt install php7.0-apcu | + | |
- | + | ||
- | After installing the package, make sure to adjust your config.php as follows: | + | |
- | + | ||
- | sudo nano / | + | |
- | + | ||
- | Add the following line to the config file so that Nextcloud knows which program is handling your caching: | + | |
- | + | ||
- | ' | + | |
- | + | ||
- | Lastly, I ran into an error that stated that the database I created above was not set to handle " | + | |
- | + | ||
- | sudo systemctl stop apache2 | + | |
- | sudo systemctl stop php7.0-fpm | + | |
- | + | ||
- | Now that your services are stopped, you can safely | + | |
sudo -u www-data php occ db: | sudo -u www-data php occ db: | ||
- | Follow the prompts, and then run it again once it completes in order to verify that "All tables are already up to date!" | + | To configure |
+ | |||
sudo crontab -e -u www-data | sudo crontab -e -u www-data | ||
- | < | + | |
+ | | ||
| | ||
- | Ok, now you can run the News app and others ... phew! Fine tuning server | + | To fine tune php: |
- | sudo nano /etc/php/7.2/ | + | sudo nano /etc/php/8.2/ |
https:// | https:// | ||
| | ||
Line 197: | Line 162: | ||
pm.min_spare_servers = 1 | pm.min_spare_servers = 1 | ||
pm.max_spare_servers = 3 | pm.max_spare_servers = 3 | ||
- | | ||
- | Time to restart services ... | ||
- | | ||
- | sudo systemctl restart mysql | ||
- | sudo systemctl restart mysqld | ||
- | sudo systemctl restart apache2 | ||
- | sudo systemctl restart php7.0-fpm.service | ||
- | sudo reboot | ||
To reset permissions after an update: | To reset permissions after an update: | ||
Line 224: | Line 181: | ||
Need to manually move files from an old NAS or elsewhere to Nextcloud: | Need to manually move files from an old NAS or elsewhere to Nextcloud: | ||
- | cp -ar / | ||
- | sudo -u www-data ./occ files:scan --all | ||
sudo -u www-data php / | sudo -u www-data php / | ||
+ | sudo -u www-data php occ files:scan --path=/ | ||
sudo -u www-data php occ files:scan --path=/ | sudo -u www-data php occ files:scan --path=/ | ||
sudo -u www-data php occ files:scan --help | sudo -u www-data php occ files:scan --help | ||
+ | |||
+ | Okay, and for Nextcloud Talk configuration, | ||
+ | |||
+ | sudo apt install coturn | ||
+ | sudo nano / | ||
+ | openssl rand -hex 32 | ||
| | ||
- | And to update, | + | The Nextcloud [[https:// |
+ | |||
+ | listening-port=3478 | ||
+ | fingerprint | ||
+ | use-auth-secret | ||
+ | static-auth-secret=< | ||
+ | realm=your.domain.org | ||
+ | total-quota=100 | ||
+ | bps-capacity=0 | ||
+ | stale-nonce | ||
+ | no-multicast-peers | ||
+ | systemctl restart coturn | ||
| | ||
- | cd / | + | After doing this, go to Nextcloud / Settings / Talk, and enter localhost: |
+ | |||
+ | sudo nano / | ||
+ | sudo nano / | ||
+ | sudo nano / | ||
+ | sudo nano / | ||
+ | max_excution_time = 240 (for all of them) | ||
+ | |||
+ | If you get the missing indexes error on an upgrade, use: | ||
+ | |||
+ | sudo -u www-data php occ db: | ||
+ | |||
+ | Brute force won't permit log in | ||
+ | |||
+ | select database; | ||
+ | delete FROM oc_bruteforce_attempts; | ||
+ | flush privileges; | ||
+ | exit; | ||
+ | |||
+ | Log in normally after that. My latest command is for Stubborn files that won't delete from trashbin: | ||
+ | |||
+ | sudo -u www-data php occ trashbin: | ||
+ | |||
+ | Phone region issue | ||
+ | |||
+ | sudo nano / | ||
+ | ' | ||
+ | |||
+ | New weird error about svg support for phpimagick | ||
+ | |||
+ | sudo apt install libmagickcore-6.q16-6-extra | ||
+ | |||
+ | Upgrade & Update: | ||
+ | |||
+ | cd /var/ | ||
+ | sudo -u www-data php occ upgrade | ||
+ | cd / | ||
sudo -u www-data php updater.phar | sudo -u www-data php updater.phar | ||
+ | | ||
+ | Use redis for everything except local memcache which uses apcu. Also, in this configuration, | ||
+ | |||
+ | sudo apt install | ||
+ | sudo apt install | ||
+ | sudo apt-get install php-{xml, | ||
+ | sudo apt-get install php8.3-{xml, | ||
+ | |||
+ | Then, right underneath the ''' | ||
+ | |||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ], | ||
+ | |||
+ | |||
+ | Configure apcu in php mods: | ||
+ | |||
+ | sudo nano / | ||
+ | < | ||
+ | |||
+ | To get Social working, these rewrite rules are needed. However, these need to actually point to a .well-known directory which is configured properly. If, however, override All did not make that or your instance was upgraded and does not have it, these rewrites in .htaccess will not be enough on their own. | ||
+ | |||
+ | RewriteRule ^\.well-known/ | ||
+ | RewriteRule ^\.well-known/ | ||
+ | | ||
+ | Enable rotation of logs | ||
+ | |||
+ | ' | ||
+ | |||
+ | Delete the log contents (removes errors from admin settings GUI) | ||
+ | | ||
+ | sudo -u www-data truncate nextcloud.log | ||
+ | |||
+ | This will put the logs on a schedule and remove old errors in due time. When I put Nextcloud behind a reverse proxy, I had to change the following in the primary config: | ||
+ | |||
+ | sudo nano / | ||
+ | ' | ||
+ | array ( | ||
+ | 0 => ' | ||
+ | 1 => ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | |||
+ | This ensures that the upstream subnet and node is trusted and that external url requests don't try to access the subnet directly. There are other notes in the proxmox tutorial since that is when I set up the reverse proxy setup. There is now a recommended maintenance window setting: | ||
+ | |||
+ | ' | ||
+ | | ||
+ | Mimetype migrations | ||
- | That's it! Should be good ... | + | sudo -u www-data php occ maintenance: |
- | --- //[[jonathan@haacksnetworking.com|oemb1905]] | + | --- //[[webmaster@haacksnetworking.org|oemb1905]] |