User Tools

Site Tools


computing:nextcloud

  • Nextcloud
  • Jonathan Haack
  • Haack's Networking
  • netcmnd@jonathanhaack.com

Nextcloud


This tutorial is for a Nextcloud instance on Debian GNU/Linux. For why one would want such a thing, read: The issue with Public Cloud. This tutorial assumes you have LAMP/FEMP and TLS encryption for your site already, and if not, go here:Apache Survivial. So we begin:

sudo apt install apache2-utils php-xml php-curl php-gd php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-apcu php-gmp php-imagick php-bcmath php-bz2 wget unzip

Or …

sudo apt-get install php-{xml,curl,gd,cgi,zip,mysql,mbstring,intl,fpm,apcu,gmp,imagick,bcmath,bz2}

Once these are installed, make sure you can enable them and that you have no errors in your configurations:

sudo a2enmod ssl
sudo a2enmod headers
sudo a2enmod proxy_fcgi 
sudo a2enmod setenvif 
sudo a2enconf php8.2-fpm 
sudo a2enconf php8.2-cgi 
sudo sudo apache2ctl configtest

There may be some others for your use case. Assuming you left the webroot in /var/www/html, the next step is downloading nextcloud, moving it to webroot, and setting up proper permissions:

cd /var/www/nextcloud.jonathanhaack.com/
sudo wget https://download.nextcloud.com/server/releases/latest.zip
sudo unzip latest.zip
sudo rm latest.zip
sudo rm public_html
sudo mv nextcloud public_html
cd public_html
sudo chown www-data:www-data -R /var/www/nextcloud.jonathanhaack.com/public_html/ 
sudo mkdir /var/www/nextcloud.jonathanhaack.com/nextclouddata
sudo chown www-data:www-data -R /var/www/nextcloud.jonathanhaack.com/nextclouddata
sudo chmod 750 -R /var/www/nextcloud.jonathanhaack.com/nextclouddata
sudo mkdir -p /var/www/nextcloud.jonathanhaack.com/public_html/data
sudo chmod 0640 *.php *.txt *.html AUTHORS COPYING
sudo chmod 0750 {3rdparty,apps,config,core,data,lib,ocm-provider,ocs,ocs-provider,resources,settings,themes,updater} 
sudo chown root:www-data /var/www/nextcloud.jonathanhaack.com/public_html/
sudo chown www-data:www-data {apps,config,data,themes,updater}  
sudo chmod 0755 /var/www/nextcloud.jonathanhaack.com/public_html/occ
sudo chmod 0644 /var/www/nextcloud.jonathanhaack.com/public_html/.htaccess
sudo chown root:www-data /var/www/nextcloud.jonathanhaack.com/public_html/.htaccess
sudo systemctl restart mysql
sudo systemctl restart mysqld
sudo systemctl restart apache2
sudo systemctl restart php7.3-fpm.service

Prepare MariaDB server for 4-byte characters prior to creating database:

sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

Once inside that file, copy these configurations under the [mysqld] block and restart the service:

innodb_large_prefix=true
innodb_file_format=barracuda
innodb_file_per_table=1

It is now time to set up your database:

sudo mysql -u root -p

Enter your password for sudo and then for MySQL. Once inside MySQL command mode, you will have a “>” prompt. You will need to create a database for Nextcloud, a database user for Nextcloud, give that user permissions over the database as follows:

CREATE DATABASE nextcloud;
CREATE USER nextclouduser@localhost IDENTIFIED BY 'put-password-here';
GRANT ALL PRIVILEGES ON nextcloud.* to nextclouduser@localhost IDENTIFIED BY 'put-password-here';
FLUSH PRIVILEGES;
EXIT;

Let's first restart the web server, php, and mysql:

sudo systemctl restart mysql
sudo systemctl restart apache2
sudo systemctl restart php7.3-fpm.service

Now, visit test.com in your browser and then specify the following configuration options:

  • create new user name: adminname
  • create new user pass: password
  • specify data folder: /var/www/nextclouddata
  • database user name: nextclouduser
  • database name: nextcloud
  • database location: localhost

The first thing to do is to navigate to Settings, Overview. Nextcloud has a built in system recommendation tool that will specify remaining set up optimizations, etc. The first one I needed was to optimize opcache settings, so I opened the opcache file to adjust its settings:

sudo nano /etc/php/8.2/cli/conf.d/10-opcache.ini

I entered the following settings, currently recommended by Nextcloud. You should always check/verify this before copying and pasting:

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

To adjust php memory limit and post size, navigate to these locations and change the following parameters:

sudo nano /etc/php/7.3/cli/php.ini
sudo nano /etc/php/7.3/cgi/php.ini
sudo nano /etc/php/7.3/fpm/php.ini
sudo nano /etc/php/7.3/apache2/php.ini [if using libapache mod instead]
upload_max_filesize=2G
post_max_size=2G
memory_limit=512M

Next, adjust your max age header in your ssl vhost:

sudo nano /etc/apache2/sites-enabled/default-ssl.conf
<Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains">

Enable overrides so that cal/card dav will work without cumbersome vhost entries:

sudo nano /etc/apache2/apache2.conf
<AllowOverride All>

If you do not want to allow overrides, then manually set the redirects for cal/card dav as follows:

sudo nano /etc/apache2/sites-enabled/default-ssl.conf
<Redirect 301 /.well-known/carddav /var/www/html/remote.php/dav>
<Redirect 301 /.well-known/caldav /var/www/html/remote.php/dav>

Lastly, when upgraing you might get a big integers db error. If so, run this in web root:

sudo -u www-data php occ db:convert-filecache-bigint

To configure cron to refresh php every 5 minutes:

sudo crontab -e -u www-data

<MAILTO="email@email.com">
<*/5  *  *  *  * php -f /var/www/html/cron.php > /dev/null 2>&1>

To fine tune php:

sudo nano /etc/php/8.2/fpm/pool.d/www.conf
https://docs.nextcloud.com/server/16/admin_manual/installation/server_tuning.html

For a 4GB server:

pm = dynamic
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 18

For a 1GB server, use defaults:

pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

To reset permissions after an update:

cd /var/www/codetalkers.group/public_html/
sudo chown www-data:www-data -R /var/www/codetalkers.group/public_html/* 
sudo chown www-data:www-data -R /var/www/codetalkers.group/nextclouddata
sudo chmod 0640 *.php *.txt *.html AUTHORS COPYING
sudo chmod 0750 {3rdparty,apps,config,core,data,lib,ocm-provider,ocs,ocs-provider,resources,settings,themes,updater} 
sudo chown root:www-data /var/www/codetalkers.group/public_html
sudo chown www-data:www-data {apps,config,data,themes,updater}  
sudo chmod 0755 /var/www/codetalkers.group/public_html/occ
sudo chmod 0644 /var/www/codetalkers.group/public_html/.htaccess
sudo chown root:www-data /var/www/codetalkers.group/public_html/.htaccess
sudo systemctl restart mysql
sudo systemctl restart mysqld
sudo systemctl restart apache2pm = dynamic
sudo systemctl restart php7.3-fpm.service

Need to manually move files from an old NAS or elsewhere to Nextcloud:

sudo -u www-data php /var/www/html/nextcloud/occ files:scan --all
sudo -u www-data php occ files:scan --path=/oemb1905/files/Movies/Television/Twilight/
sudo -u www-data php occ files:scan --path=/heather/files/
sudo -u www-data php occ files:scan --help

Okay, and for Nextcloud Talk configuration, you need a Turn server for video chat to work:

sudo apt install coturn
sudo nano /etc/turnserver.conf
openssl rand -hex 32

The Nextcloud guide recommends these minimum values:

listening-port=3478
fingerprint
use-auth-secret
static-auth-secret=<use hex key from last step above>
realm=your.domain.org
total-quota=100
bps-capacity=0
stale-nonce
no-multicast-peers
systemctl restart coturn

After doing this, go to Nextcloud / Settings / Talk, and enter localhost:3478 for the TURN server, and put the same hex key from above in for the secret key field. Restart all your services and test - should work. Some apps, like the Community Document Server, take too long to download for the default php settings. In this case, extend the execution time:

sudo nano /etc/php/7.3/cli/php.ini
sudo nano /etc/php/7.3/apache2/php.ini
sudo nano /etc/php/7.3/fpm/php.ini
sudo nano /var/www/html/.user.ini
max_excution_time = 240 (for all of them)

If you get the missing indexes error on an upgrade, use:

sudo -u www-data php occ db:add-missing-indices

Brute force won't permit log in

select database;
delete FROM oc_bruteforce_attempts;
flush privileges;
exit;

Log in normally after that. My latest command is for Stubborn files that won't delete from trashbin:

sudo -u www-data php occ trashbin:cleanup --all-users

Phone region issue

sudo nano /var/www/nextcloud/config/config.php
'default_phone_region' => 'GB',

New weird error about svg support for phpimagick

sudo apt install libmagickcore-6.q16-6-extra

Upgrade & Update:

cd /var/www/html/nextcloud/
sudo -u www-data php occ upgrade
cd /var/www/html/nextcloud/updater/
sudo -u www-data php updater.phar

Use redis for everything except local memcache which uses apcu. Also, in this configuration, redis is on the same machine as nextcloud. First, install needed packages. Adjust versions to your needs.

sudo apt install  php-{apcu,redis,memcache,memcached} redis memcached redis-server
sudo apt install  php8.3-{apcu,redis,memcache,memcached} redis memcached redis-server
sudo apt-get install php-{xml,curl,gd,cgi,zip,mysql,mbstring,intl,fpm,apcu,gmp,imagick,bcmath,bz2}
sudo apt-get install php8.3-{xml,curl,gd,cgi,zip,mysql,mbstring,intl,fpm,apcu,gmp,imagick,bcmath,bz2}

Then, right underneath the 'filelocking.enabled' ⇒ true, line, enter the following:

'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
   'host' => 'localhost',
   'port' => 6379,
],

Configure apcu in php mods:

sudo nano /etc/php/7.x/mods-available/apcu.ini
<apc.enable_cli=1>

To get Social working, these rewrite rules are needed. However, these need to actually point to a .well-known directory which is configured properly. If, however, override All did not make that or your instance was upgraded and does not have it, these rewrites in .htaccess will not be enough on their own.

RewriteRule ^\.well-known/webfinger /index.php/.well-known/webfinger [R=301,L]
RewriteRule ^\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]

Enable rotation of logs

'log_rotate_size' => 100 * 1024 * 1024,

Delete the log contents (removes errors from admin settings GUI)

sudo -u www-data truncate nextcloud.log  --size 0

This will put the logs on a schedule and remove old errors in due time. When I put Nextcloud behind a reverse proxy, I had to change the following in the primary config:

sudo nano /var/www/inside.outsidebox.vip/public_html/config/config.php
'trusted_domains' =>
  array (
    0 => 'inside.outsidebox.vip',
    1 => '10.13.13.33',
  ),
'overwritehost' => 'inside.outsidebox.vip',
'overwriteprotocol' => 'https',

This ensures that the upstream subnet and node is trusted and that external url requests don't try to access the subnet directly. There are other notes in the proxmox tutorial since that is when I set up the reverse proxy setup. There is now a recommended maintenance window setting:

'maintenance_window_start' => 1,

Mimetype migrations

sudo -u www-data php occ maintenance:repair --include-expensive

oemb1905 2024/04/13 21:17

computing/nextcloud.txt · Last modified: 2024/07/13 04:12 by oemb1905