Difference between revisions of "NextCloud"
(remove bold/italic in syntax highlights) |
(→Configure NextCloud: cache chunked upload note) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 123: | Line 123: | ||
Then navigate to the URL in the browser to install (or run the NextCloud {{code | ./occ}} tool from the command line). | Then navigate to the URL in the browser to install (or run the NextCloud {{code | ./occ}} tool from the command line). | ||
+ | |||
+ | ;Note: Make sure that the directory used for {{code|cache_path}} exists and is writeable, or you will get weird seemingly unrelated 403 MKCOL errors to do with [https://docs.nextcloud.com/server/26/admin_manual/configuration_files/big_file_upload_configuration.html chunked uploads]. | ||
=== Clean URLs === | === Clean URLs === | ||
Line 134: | Line 136: | ||
Edit {{code|/etc/ImageMagick/policy.xml}} and remove this line to get PDF previews to work: | Edit {{code|/etc/ImageMagick/policy.xml}} and remove this line to get PDF previews to work: | ||
+ | <syntaxhighlight lang="xml"> | ||
<policy domain="coder" rights="none" pattern="PDF" /> <!-- remove this line --> | <policy domain="coder" rights="none" pattern="PDF" /> <!-- remove this line --> | ||
+ | </syntaxhighlight> | ||
Then add the following to {{code|config.php}} to get lots of other useful file previews: | Then add the following to {{code|config.php}} to get lots of other useful file previews: | ||
+ | |||
+ | <syntaxhighlight lang="php"> | ||
'enabledPreviewProviders' => [ | 'enabledPreviewProviders' => [ | ||
# ... | # ... | ||
Line 147: | Line 153: | ||
14 => 'OC\\Preview\\MSOffice2007', | 14 => 'OC\\Preview\\MSOffice2007', | ||
], | ], | ||
+ | </syntaxhighlight> | ||
=== Photos === | === Photos === | ||
Line 155: | Line 162: | ||
=== NextCloud Talk === | === NextCloud Talk === | ||
+ | |||
+ | '''''Note:''''' ''A TURN server can also be used for other things, like your own [https://matrix-org.github.io/synapse/v1.41/turn-howto.html Matrix] chat server.'' | ||
To be at all useful, you need a TURN server. This is easiest achieved by installing and correctly configuring coturn, which also acts as a STUN server. STUN is for clients to figure out their external IP address, and TURN is for relaying UDP packets, e.g. for WebRTC. | To be at all useful, you need a TURN server. This is easiest achieved by installing and correctly configuring coturn, which also acts as a STUN server. STUN is for clients to figure out their external IP address, and TURN is for relaying UDP packets, e.g. for WebRTC. | ||
Line 223: | Line 232: | ||
* Stack Overflow [https://stackoverflow.com/questions/42801361/install-rfc5766-turn-server-trying-to-bind-fd-to-ip-address-errno-99 1] | * Stack Overflow [https://stackoverflow.com/questions/42801361/install-rfc5766-turn-server-trying-to-bind-fd-to-ip-address-errno-99 1] | ||
* [https://ourcodeworld.com/articles/read/1526/how-to-test-online-whether-a-stun-turn-server-is-working-properly-or-not Testing STUN/TURN] | * [https://ourcodeworld.com/articles/read/1526/how-to-test-online-whether-a-stun-turn-server-is-working-properly-or-not Testing STUN/TURN] | ||
+ | |||
+ | === NextCloud Office === | ||
+ | |||
+ | Install Collabora Office Online (COOL) which emerged from the smoking ruins of LibreOffice Online (LOOL): | ||
+ | |||
+ | apt install coolwsd code-brand | ||
+ | |||
+ | Use an Apache reverse proxy to handle the host and SSL, disable SSL in WOPI setup; restrict NextCloud and coolwsd requests to their respective endpoints, IP addresses; see [https://c-nergy.be/blog/?p=18055 "Install CODE on NextCloud on Ubuntu 22.04"] | ||
== Maintenance == | == Maintenance == |
Latest revision as of 20:57, 23 October 2023
Assumes Ubuntu 20.04, stable20 branch, and installing in /var/www/nextcloud for a cloud.example.com URL (c. December 2020).
Prerequisites
Install some stuff first. This NextCloud recipe uses PostgreSQL, Redis, Apache 2.4, FastCGI with PHP FPM, and Dehydrated for Letsencrypt SSL certificate maangement.
sudo apt install apache2 libapache2-mod-fcgid \ php7.4-{bcmath,bz2,curl,gd,fpm,gmp,intl,json,mbstring,opcache,pgsql,tidy,xmlrpc,xsl,zip} php-{imagick,redis} composer dehydrated postgresql redis-server
- NOTE
- NextCloud works fine under nginx, I just can't be bothered maintaining what goes in .htaccess which NextCloud expects to be writeable to keep itself updated.
Configuring Apache and PHP
- See the PHP page for setting up PHP with Apache, FPM and Event MPM.
Add a virtual host for NextCloud
It should look something like this:
<VirtualHost *:443>
ServerName cloud.example.com
DocumentRoot /var/www/nextcloud
<Directory "/var/www/nexcloud">
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
Satisfy Any
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
SSLEngine On
SSLCertificateFile ...
</VirtualHost>
PHP settings
Enable the opcache, increase the memory limit, and increase the maximum POST and file upload size so you can upload large files.
Create a database
Create a database in PostgreSQL:
sudo -u postgres createuser -SDRP <nextcloud-user> sudo -u postgres createdb -E UTF8 -O <nextcloud-user> <nextcloud-dbname>
Install NextCloud
We can just clone it from git:
git clone https://github.com/nextcloud/server.git nextcloud cd nextcloud git checkout stable20 # or whatever the latest stable version is git submodule update --init --recursive chown www-data:www-data config apps .htaccess
Create a directory for the cache and user data, which should not reside under the web root:
mkdir -p /var/lib/nextcloud/data /var/cache/nextcloud chown -R www-data:www-data /var/lib/nextcloud /var/cache/nextcloud
Configure NextCloud
Edit the configuration file in config/config.php and check or consider these settings, and add the database and SMTP connection details:
$config => [
# ...
#
'passwordsalt' => "<very long random string>",
'secret' => "<a different very long random string>",
'trusted_domains' => [
0 => "cloud.example.com",
],
'datadirectory' => '/var/lib/nextcloud/data',
'overwrite.cli.url' => '<nowiki>https://</nowiki>cloud.example.com/',
'htaccess.RewriteBase' => '/',
# Database connection details
'dbtype' => 'pgsql',
'dbhost' => 'localhost',
'dbuser' => "<nextcloud-dbuser>",
'dbpassword' => "<password>",
'dbname' => "<nextcloud-dbname>",
'dbtableprefix' => 'oc_',
# Force all URLs to use SSL or it may trip up things like OAuth
'overwriteprotocol' => 'https',
# Use Redis and caching to make everything go faster
'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => [
'host' => 'localhost',
'port' => 6379,
],
'cache_path' => '/var/cache/nextcloud',
# Send email details
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'tls',
'mail_sendmailmode' => 'smtp',
'mail_from_address' => "nexcloud@example.com",
'mail_domain' => "example.com",
'mail_smtpauthtype' => 'PLAIN',
'mail_smtpauth' => 1,
'mail_smtphost' => "mail.example.com",
'mail_smtpport' => 587,
'mail_smtpname' => "<emailuser>",
'mail_smtppassword' => "<emailpassword>",
# ...
]
Then navigate to the URL in the browser to install (or run the NextCloud ./occ tool from the command line).
- Note
- Make sure that the directory used for cache_path exists and is writeable, or you will get weird seemingly unrelated 403 MKCOL errors to do with chunked uploads.
Clean URLs
For clean URLs, make sure AllowOverride All is set for the parent directory; the /var/www definition is in the main /etc/apache2/apache.conf. Then run the follwing OCC command to enable the rewrite rules:
sudo -u www-data ./occ maintenance:update:htaccess
Previews of other file types
Edit /etc/ImageMagick/policy.xml and remove this line to get PDF previews to work:
<policy domain="coder" rights="none" pattern="PDF" /> <!-- remove this line -->
Then add the following to config.php to get lots of other useful file previews:
'enabledPreviewProviders' => [
# ...
8 => 'OC\\Preview\\MarkDown',
9 => 'OC\\Preview\\Movie',
10 => 'OC\\Preview\\PDF',
11 => 'OC\\Preview\\OpenDocument',
12 => 'OC\\Preview\\MSOfficeDoc',
13 => 'OC\\Preview\\MSOffice2003',
14 => 'OC\\Preview\\MSOffice2007',
],
Photos
Photos replaces the Gallery app, and is installed separately through the NC store or you can use git to manage it as a submodule. If it doesn't work you might need to build its JavaScript resources by running make in its apps/photos directory. Alternatively you can resuscitate the Gallery app, which stopped working after NextCloud version 17, by updating its JavaScript dompurify library to a newer version and bumping the app max version in apps/galleryappinfo/info.xml as follows (See also pull request #570):
<nextcloud min-version="17" max-version="20"/>
NextCloud Talk
Note: A TURN server can also be used for other things, like your own Matrix chat server.
To be at all useful, you need a TURN server. This is easiest achieved by installing and correctly configuring coturn, which also acts as a STUN server. STUN is for clients to figure out their external IP address, and TURN is for relaying UDP packets, e.g. for WebRTC.
sudo apt install coturn
For it to actually do anything (it is disabled by default!) you need to edit /etc/default/coturn and make sure it contains the following, and is not commented out:
TURNSERVER_ENABLED=1
Then in /etc/turnserver.conf you need to configure its domain name, IP addresses and ports, SSL certificate, and how TURN authenticates. See GitHub for a fully documented example turnserver.conf file. This example uses the same domain as the NextCloud instance, on the standard STUN and TURN ports, but if you want to host it on port 443 to support people behind restrictive firewalls, you will need a different subdomain and/or IP address:
server-name=cloud.example.com
realm=cloud.example.com
# When hosted on an internal LAN or DMZ, it might look like this:
listening-ip=192.168.1.100
relay-ip=192.168.1.100
external-ip=123.45.67.8
# Or use the short-hand:
external-ip=123.45.67.8/192.168.1.100
# Specify listening ports; originally 3478 was unencrypted, and 5349 was TLS,
# but now TLS is supported on both. It is possible to listen on 443, which will
# help to provide connectivity for people behind port-limited firewalls; this will
# conflict with any HTTPS web hosting on the same server though, unless you set
# up a second IP address for it.
listening-port=3478
tls-listening-port=5349
#tls-listening-port=443
# Specify a UDP port range and ensure they are exposed through the firewall/router
min-port=53490
max-port=59999
# SSL setup;
cert=/path/to/cloud.example.com/fullchain.cert
pkey=/path/to/cloud.example.com/privkey.pem
no-tlsv1
no-tlsv1_1
# To use with NextCloud, set a shared secret here.
use-auth-secret
static-auth-secret=your-shared-secret-string-here
stale-nonce=600
# Limit STUN amplification/gain attacks (coturn 4.5.2+)
no-stun-backward-compatibility
response-origin-only-with-rfc5780
# RFC-5780 support requires two listening IP addresses and is for serious-cat
# usage, so you can safely disable it for a small home NextCloud instance.
no-rfc5780
In your NextCloud Administration section, you can now configure Talk to use the STUN/TURN server, using your server URLs, and provide the same shared secret you configured above. For maximum compatibility, use both UDP and TCP, and both turn and turns (TLS) connections:
stun: cloud.example.com:5349 turn and turns: cloud.example.com:5349
Test your server here. If STUN is working, you should get srflx candidates, and relay candidates if TURN is working.
Sources and further reading:
NextCloud Office
Install Collabora Office Online (COOL) which emerged from the smoking ruins of LibreOffice Online (LOOL):
apt install coolwsd code-brand
Use an Apache reverse proxy to handle the host and SSL, disable SSL in WOPI setup; restrict NextCloud and coolwsd requests to their respective endpoints, IP addresses; see "Install CODE on NextCloud on Ubuntu 22.04"
Maintenance
Keep the git checkout of NextCloud and its submodules up to date with git, and run the OCC upgrade command:
cd /var/www/nextcloud git pull git submodule update --init --recursive sudo -u www-data ./occ upgrade
Cron job
In the administrator settings select cron rather than other methods, and put this in /etc/cron.d/nextcloud
*/5 * * * * www-data /usr/bin/php /var/www/nextcloud/cron.php