Differences

This shows you the differences between two versions of the page.

--- computing:nextcloud [2019/08/03 05:16] – oemb1905
+++ computing:nextcloud [2024/04/13 21:18] (current) – oemb1905
@@ Line 11: / Line 11: @@
 -------------------------------------------
-This tutorial is for a Nextcloud instance on Debian GNU/Linux.  For why one would want such a thing, read: [[https://nextcloud.com/blog/the-issue-with-public-cloud/|The issue with Public Cloud]].  This tutorial assumes you have LAMP/FEMP and TLS encryption for your site already, and if not, go here:[[https://jonathanhaack.com/dokuwiki/doku.php?id=computing:apachesurvival|Apache Survivial]]. So we begin:
+This tutorial is for a Nextcloud instance on Debian GNU/Linux.  For why one would want such a thing, read: [[https://nextcloud.com/blog/the-issue-with-public-cloud/|The issue with Public Cloud]].  This tutorial assumes you have LAMP/FEMP and TLS encryption for your site already, and if not, go here:[[https://wiki.haacksnetworking.com/doku.php?id=computing:apachesurvival|Apache Survivial]]. So we begin:
-  sudo apt install apache2-utils php-xml php-curl php-gd php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm wget unzip
+  sudo apt install apache2-utils php-xml php-curl php-gd php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm php-apcu php-gmp php-imagick php-bcmath php-bz2 wget unzip
+Or ...
+  sudo apt-get install php-{xml,curl,gd,cgi,zip,mysql,mbstring,intl,fpm,apcu,gmp,imagick,bcmath,bz2}
 Once these are installed, make sure you can enable them and that you have no errors in your configurations:
@@ Line 21: / Line 25: @@
   sudo a2enmod proxy_fcgi
   sudo a2enmod setenvif
-  sudo a2enconf php7.3-fpm
+  sudo a2enconf php8.2-fpm
+  sudo a2enconf php8.2-cgi
   sudo sudo apache2ctl configtest
 There may be some others for your use case.  Assuming you left the webroot in /var/www/html, the next step is downloading nextcloud, moving it to webroot, and setting up proper permissions:
-  cd /var/www/html
+  cd /var/www/nextcloud.jonathanhaack.com/
-  sudo wget https://download.nextcloud.com/server/releases/nextcloud-16.0.3.zip
+  sudo wget https://download.nextcloud.com/server/releases/latest.zip
-  sudo unzip nextcloud-16.0.3.zip
+  sudo unzip latest.zip
-  sudo mv /var/www/html/nextcloud/* /var/www/html/
+  sudo rm latest.zip
-  sudo mv /var/www/html/nextcloud/.htaccess /var/www/html/.htaccess
+  sudo rm public_html
-  sudo mv /var/www/html/nextcloud/.user.ini /var/www/html/.user.ini
+  sudo mv nextcloud public_html
-  sudo rm -r nextcloud
+  cd public_html
-  sudo rm nextcloud-16.0.3.zip
+  sudo chown www-data:www-data -R /var/www/nextcloud.jonathanhaack.com/public_html/
-  sudo chown www-data:www-data -R /var/www/html/*
+  sudo mkdir /var/www/nextcloud.jonathanhaack.com/nextclouddata
-  sudo mkdir /var/www/nextclouddata
+  sudo chown www-data:www-data -R /var/www/nextcloud.jonathanhaack.com/nextclouddata
-  sudo chown www-data:www-data -R /var/www/nextclouddata
+  sudo chmod 750 -R /var/www/nextcloud.jonathanhaack.com/nextclouddata
-  sudo chmod 750 -R /var/www/nextclouddata
+  sudo mkdir -p /var/www/nextcloud.jonathanhaack.com/public_html/data
-  sudo mkdir data
   sudo chmod 0640 *.php *.txt *.html AUTHORS COPYING
   sudo chmod 0750 {3rdparty,apps,config,core,data,lib,ocm-provider,ocs,ocs-provider,resources,settings,themes,updater}
-  sudo chown root:www-data /var/www/html
+  sudo chown root:www-data /var/www/nextcloud.jonathanhaack.com/public_html/
   sudo chown www-data:www-data {apps,config,data,themes,updater}
-  sudo chmod 0755 /var/www/html/occ
+  sudo chmod 0755 /var/www/nextcloud.jonathanhaack.com/public_html/occ
-  sudo chmod 0644 /var/www/html/.htaccess
+  sudo chmod 0644 /var/www/nextcloud.jonathanhaack.com/public_html/.htaccess
-  sudo chown root:www-data /var/www/html/.htaccess
+  sudo chown root:www-data /var/www/nextcloud.jonathanhaack.com/public_html/.htaccess
   sudo systemctl restart mysql
   sudo systemctl restart mysqld
@@ Line 67: / Line 71: @@
 Enter your password for sudo and then for MySQL.  Once inside MySQL command mode, you will have a ">" prompt.  You will need to create a database for Nextcloud, a database user for Nextcloud, give that user permissions over the database as follows:
-  > CREATE DATABASE nextcloud;
+  CREATE DATABASE nextcloud;
-  > CREATE USER nextclouduser@localhost IDENTIFIED BY 'put-password-here';
+  CREATE USER nextclouduser@localhost IDENTIFIED BY 'put-password-here';
-  > GRANT ALL PRIVILEGES ON nextcloud.* to nextclouduser@localhost IDENTIFIED BY 'put-password-here';
+  GRANT ALL PRIVILEGES ON nextcloud.* to nextclouduser@localhost IDENTIFIED BY 'put-password-here';
-  > FLUSH PRIVILEGES;
+  FLUSH PRIVILEGES;
-  > EXIT;
+  EXIT;
 Let's first restart the web server, php, and mysql:
@@ Line 90: / Line 94: @@
 The first thing to do is to navigate to Settings, Overview.  Nextcloud has a built in system recommendation tool that will specify remaining set up optimizations, etc.  The first one I needed was to optimize opcache settings, so I opened the opcache file to adjust its settings:
-  sudo nano /etc/php/7.0/cli/conf.d/10-opcache.ini
+  sudo nano /etc/php/8.2/cli/conf.d/10-opcache.ini
 I entered the following settings, currently recommended by Nextcloud.  You should always check/verify this before copying and pasting:
@@ Line 96: / Line 100: @@
   opcache.enable=1
   opcache.enable_cli=1
-  opcache.interned_strings_buffer=8
+  opcache.interned_strings_buffer=16
   opcache.max_accelerated_files=10000
   opcache.memory_consumption=128
@@ Line 102: / Line 106: @@
   opcache.revalidate_freq=1
-Adjust the memory limit for php by finding the line `memory_limit = ` and changing it to 1G:
+To adjust php memory limit and post size, navigate to these locations and change the following parameters:
-  sudo nano /etc/php/7.0/apache2/php.ini
+  sudo nano /etc/php/7.3/cli/php.ini
+  sudo nano /etc/php/7.3/cgi/php.ini
-Find the `memory_limit = ` line and change the value to 1G.  Sometimes, the memory limit error persists, and you may need to also edit .user.ini inside the nextcloud directory with the following parameters:
+  sudo nano /etc/php/7.3/fpm/php.ini
+  sudo nano /etc/php/7.3/apache2/php.ini [if using libapache mod instead]
-  cd /var/www/html
+  upload_max_filesize=2G
-  sudo nano .user.ini
+  post_max_size=2G
+  memory_limit=512M
-Add these three lines to the configuration file there (the first two are optional for the memory limit problem, but super helpful for regular use):
+Next, adjust your max age header in your ssl vhost:
-  upload_max_filesize=10G
-  post_max_size=10G
-  memory_limit=512M
-Next, you may get a Header error for your SSL configuration.  To adjust that, either adjust your <VirtualHost *:443> as follows:
   sudo nano /etc/apache2/sites-enabled/default-ssl.conf
+  <Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains">
-Add the following Header parameter with the other parameters, or anywhere before the </IfModule> marker:
+Enable overrides so that cal/card dav will work without cumbersome vhost entries:
-  <IfModule mod_headers.c>
-    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
-  </IfModule>
-Lastly, Nextcloud uses an .htaccess file inside the webroot, and in order for that configuration to be utilized, Overrides must be enabled:
   sudo nano /etc/apache2/apache2.conf
+  <AllowOverride All>
-Scroll down to the web server root section and adjust it to read as follows:
+If you do not want to allow overrides, then manually set the redirects for cal/card dav as follows:
-  <Directory />
-        Options FollowSymLinks
-        AllowOverride All
-        Require all denied
-  </Directory>
-Also, your cal and card dav need redirects for some reasons a bit unclear to me, so adjust your ssl.conf as follows:
   sudo nano /etc/apache2/sites-enabled/default-ssl.conf
+  <Redirect 301 /.well-known/carddav /var/www/html/remote.php/dav>
-Place the following redirects after <VirtualHost> and before any <IfModules>.  If you are using a directory called nextcloud for your instance, change the path to reflect that location instead of the web-root as my configuration utilizes:
+  <Redirect 301 /.well-known/caldav /var/www/html/remote.php/dav>
-  Redirect 301 /.well-known/carddav /remote.php/dav
+Lastly, when upgraing you might get a big integers db error. If so, run this in web root:
-  Redirect 301 /.well-known/caldav /remote.php/dav
-Okay, that is the majority of fundamental configuration details required to have it running smoothly.  Here are a few more optional configurations.  The first of those is enabling memcache:
-  sudo apt install php7.0-apcu
-After installing the package, make sure to adjust your config.php as follows:
-  sudo nano /var/www/html/config/config.php
-Add the following line to the config file so that Nextcloud knows which program is handling your caching:
-  'memcache.local' => '\OC\Memcache\APCu',
-Lastly, I ran into an error that stated that the database I created above was not set to handle "13 big integers" which are used to "store identifiers and auto-increment keys in the database."  First, disable the apache and php services and take your instance offline:
-  sudo systemctl stop apache2
-  sudo systemctl stop php7.0-fpm
-Now that your services are stopped, you can safely run Netcloud's "occ" program which will identify the tables that require updating and prompt you to adjust them (> v.12).  They do warn this can take some time, so I recommend doing this on your fresh instance before you have accumulated lots of data (if not, email me as I did find the solution for manually altering the db and tables):
   sudo -u www-data php occ db:convert-filecache-bigint
-Follow the prompts, and then run it again once it completes in order to verify that "All tables are already up to date!"  Ok ..., almost done, but some apps require a cron job to update cron.php instead of ajax running, so in that case
+To configure cron to refresh php every 5 minutes:
   sudo crontab -e -u www-data
-  <*/5  *  *  *  * php -f /var/www/codetalkers.group/public_html/cron.php>
+  <MAILTO="email@email.com">
+  <*/5  *  *  *  * php -f /var/www/html/cron.php > /dev/null 2>&1>
-Ok, now you can run the News app and others ... phew!  Fine tuning server
+To fine tune php:
-  sudo nano /etc/php/7.2/fpm/pool.d/www.conf
+  sudo nano /etc/php/8.2/fpm/pool.d/www.conf
   https://docs.nextcloud.com/server/16/admin_manual/installation/server_tuning.html
@@ Line 194: / Line 162: @@
   pm.min_spare_servers = 1
   pm.max_spare_servers = 3
-Time to restart services ...
-  sudo systemctl restart mysql
-  sudo systemctl restart mysqld
-  sudo systemctl restart apache2
-  sudo systemctl restart php7.0-fpm.service
-  sudo reboot
 To reset permissions after an update:
@@ Line 221: / Line 181: @@
 Need to manually move files from an old NAS or elsewhere to Nextcloud:
-  cp -ar /place/where/files/are/examplefile.txt /var/www/nextclouddata/user/files/examplefile.txt
+  sudo -u www-data php /var/www/html/nextcloud/occ files:scan --all
-  sudo -u www-data ./occ files:scan --all
+  sudo -u www-data php occ files:scan --path=/oemb1905/files/Movies/Television/Twilight/
+  sudo -u www-data php occ files:scan --path=/heather/files/
+  sudo -u www-data php occ files:scan --help
+Okay, and for Nextcloud Talk configuration, you need a Turn server for video chat to work:
+  sudo apt install coturn
+  sudo nano /etc/turnserver.conf
+  openssl rand -hex 32
+The Nextcloud [[https://nextcloud-talk.readthedocs.io/en/latest/TURN/|guide]] recommends these minimum values:
+  listening-port=3478
+  fingerprint
+  use-auth-secret
+  static-auth-secret=<use hex key from last step above>
+  realm=your.domain.org
+  total-quota=100
+  bps-capacity=0
+  stale-nonce
+  no-multicast-peers
+  systemctl restart coturn
+After doing this, go to Nextcloud / Settings / Talk, and enter localhost:3478 for the TURN server, and put the same hex key from above in for the secret key field.  Restart all your services and test - should work.  Some apps, like the Community Document Server, take too long to download for the default php settings.  In this case, extend the execution time:
+  sudo nano /etc/php/7.3/cli/php.ini
+  sudo nano /etc/php/7.3/apache2/php.ini
+  sudo nano /etc/php/7.3/fpm/php.ini
+  sudo nano /var/www/html/.user.ini
+  max_excution_time = 240 (for all of them)
+If you get the missing indexes error on an upgrade, use:
+  sudo -u www-data php occ db:add-missing-indices
+Brute force won't permit log in
+  select database;
+  delete FROM oc_bruteforce_attempts;
+  flush privileges;
+  exit;
+Log in normally after that.  My latest command is for Stubborn files that won't delete from trashbin:
+  sudo -u www-data php occ trashbin:cleanup --all-users
+Phone region issue
+  sudo nano /var/www/nextcloud/config/config.php
+  'default_phone_region' => 'GB',
+New weird error about svg support for phpimagick
+  sudo apt install libmagickcore-6.q16-6-extra
+Upgrade & Update:
+  cd /var/www/html/nextcloud/
+  sudo -u www-data php occ upgrade
+  cd /var/www/html/nextcloud/updater/
+  sudo -u www-data php updater.phar
+Use redis for everything except local memcache which uses apcu. Also, in this configuration, redis is on the same machine as nextcloud. First, install needed packages. Adjust versions to your needs.
+  sudo apt install  php-{apcu,redis,memcache,memcached} redis memcached redis-server
+  sudo apt install  php8.3-{apcu,redis,memcache,memcached} redis memcached redis-server
+  sudo apt-get install php-{xml,curl,gd,cgi,zip,mysql,mbstring,intl,fpm,apcu,gmp,imagick,bcmath,bz2}
+  sudo apt-get install php8.3-{xml,curl,gd,cgi,zip,mysql,mbstring,intl,fpm,apcu,gmp,imagick,bcmath,bz2}
+Then, right underneath the '''filelocking.enabled' => true,'' line, enter the following:
+  'memcache.local' => '\OC\Memcache\APCu',
+  'memcache.distributed' => '\OC\Memcache\Redis',
+  'memcache.locking' => '\OC\Memcache\Redis',
+  'redis' => [
+     'host' => 'localhost',
+     'port' => 6379,
+  ],
+Configure apcu in php mods:
+  sudo nano /etc/php/7.x/mods-available/apcu.ini
+  <apc.enable_cli=1>
+To get Social working, these rewrite rules are needed. However, these need to actually point to a .well-known directory which is configured properly. If, however, override All did not make that or your instance was upgraded and does not have it, these rewrites in .htaccess will not be enough on their own.
+  RewriteRule ^\.well-known/webfinger /index.php/.well-known/webfinger [R=301,L]
+  RewriteRule ^\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]
+Enable rotation of logs
+  'log_rotate_size' => 100 * 1024 * 1024,
+Delete the log contents (removes errors from admin settings GUI)
+  sudo -u www-data truncate nextcloud.log  --size 0
+This will put the logs on a schedule and remove old errors in due time. When I put Nextcloud behind a reverse proxy, I had to change the following in the primary config:
-That's it!  Should be good ...
+  sudo nano /var/www/inside.outsidebox.vip/public_html/config/config.php
+  'trusted_domains' =>
+    array (
+=> 'inside.outsidebox.vip',
+=> '10.13.13.33',
+    ),
+  'overwritehost' => 'inside.outsidebox.vip',
+  'overwriteprotocol' => 'https',
--- -- -- -- --
+This ensures that the upstream subnet and node is trusted and that external url requests don't try to access the subnet directly. There are other notes in the proxmox tutorial since that is when I set up the reverse proxy setup. There is now a recommended maintenance window setting:
-This tutorial is a designated "Invariant Section" of the "Technotronic" section of Haack's Wiki as described on the [[https://jonathanhaack.com/dokuwiki/doku.php?id=start|Start Page]].
+  'maintenance_window_start' => 1,
- --- //[[oemb1905@jonathanhaack.com|oemb1905]] 2019/08/03 05:13//
+ --- //[[webmaster@haacksnetworking.org|oemb1905]] 2024/04/13 21:17//

Haack's Wiki

User Tools

Site Tools

Differences

Page Tools