Difference between revisions of "NextCloud"
From Jon's Wiki
| Line 1: | Line 1: | ||
| − | Assumes Ubuntu 20.04, stable19 branch (c. September 2020). | + | Assumes Ubuntu 20.04, stable19 branch, and installing under {{code|/var/www}} for a cloud.'''example.com''' URL (c. September 2020). |
| − | == | + | == Prerequisites == |
| − | sudo apt install apache2 libapache2-mod- | + | Instal some stuff first. This NextCloud recipe uses PostgreSQL, Redis, Apache 2.4, FastCGI with PHP FPM, and Dehydrated for SSL certificate maangement. |
| − | php7.4-{bcmath,curl,gd,gmp,intl,json,mbstring,opcache,pgsql,tidy,xmlrpc,xsl,zip} | + | |
| + | sudo apt install apache2 libapache2-mod-fcgid \ | ||
| + | php7.4-{bcmath,bz2,curl,gd,fpm,gmp,intl,json,mbstring,opcache,pgsql,tidy,xmlrpc,xsl,zip} | ||
php-{imagick,redis} composer dehydrated postgresql redis-server | php-{imagick,redis} composer dehydrated postgresql redis-server | ||
| + | |||
| + | == Set up the webserver == | ||
| + | |||
| + | Running Apache with mod-php is old hat, incompatible with HTTP/2, slow, and horribly memory ineffient under load. Luckily these days we can use PHP-FPM which has been built-in to all versions of PHP since 5.4. | ||
| + | |||
| + | Add a global config to deny access to git repositories, in {{code|/etc/apache2/conf-available/deny-git.conf}}: | ||
| + | |||
| + | <FilesMatch "^\.git"> | ||
| + | Require all denied | ||
| + | </FilesMatch> | ||
| + | |||
| + | Then enable the Apache configs and required modules: | ||
| + | |||
| + | a2enconf deny-git php7.4-fpm | ||
| + | a2enmod proxy_fcgi mpm_worker setenvif rewrite ssl headers dir env | ||
| + | |||
| + | === Add virtual host for NextCloud === | ||
| + | |||
| + | Should look something like this: | ||
| + | |||
| + | <VirtualHost *:80> | ||
| + | ServerName cloud.'''example.com''' | ||
| + | RewriteEngine On | ||
| + | RedirectMatch 301 ^(?!/\.well-known/acme-challenge/).* <nowiki>https://</nowiki>cloud.'''example.com'''$0 | ||
| + | Alias "/.well-known/acme-challenge/" "/var/lib/dehydrated/acme-challenges/" | ||
| + | </VirtualHost> | ||
| − | + | <VirtualHost *:443> | |
| − | git clone https://github.com/nextcloud/server.git nextcloud | + | ServerName cloud.'''example.com''' |
| + | ServerAdmin webmaster@'''example.com''' | ||
| + | DocumentRoot /var/www/nextcloud | ||
| + | |||
| + | <Directory "/var/www/nexcloud"> | ||
| + | Options FollowSymLinks MultiViews | ||
| + | AllowOverride All | ||
| + | Require all granted | ||
| + | Satisfy Any | ||
| + | SetEnv HOME /var/www/nextcloud | ||
| + | SetEnv HTTP_HOME /var/www/nextcloud | ||
| + | <IfModule mod_dav.c> | ||
| + | Dav off | ||
| + | </IfModule> | ||
| + | </Directory> | ||
| + | |||
| + | SSLEngine On | ||
| + | SSLCertificateFile /var/lib/dehydrated/cloud.'''example.com'''/cert.pem | ||
| + | SSLCertificateChainFile /var/lib/dehydrated/cloud.'''example.com'''/chain.pem | ||
| + | SSLCertificateKeyFile /var/lib/dehydrated/cloud.'''example.com'''/privkey.pem | ||
| + | Header always set Strict-Transport-Security "max-age=63072000" | ||
| + | |||
| + | CustomLog "/var/log/websites/nextcloud/access.log" combined | ||
| + | ErrorLog "/var/log/sebsites/nextcloud/error.log" | ||
| + | </VirtualHost> | ||
| + | |||
| + | == Configure PHP == | ||
| + | |||
| + | PHP needs a few things: enable the opcache, increase the memory limit, and increase the maximum POST size so you can upload large files. Fiddle with these settings in {{code|php/7.4/fpm/php.ini}}: | ||
| + | |||
| + | max_execution_time = 60 | ||
| + | memory_limit = 512M | ||
| + | post_max_size = 500M | ||
| + | upload_max_filesize = 500M | ||
| + | opcache.enable=1 | ||
| + | |||
| + | == Create a database == | ||
| + | |||
| + | Create a database in PostgreSQL: | ||
| + | |||
| + | sudo -u postgres createuser -SDRP ''<nextcloud-user>'' | ||
| + | sudo -u postgres createdb -E UTF8 -O ''<nextcloud-user>'' ''<nextcloud-dbname>'' | ||
| + | |||
| + | == Install NextCloud == | ||
| + | |||
| + | We can just clone it from git: | ||
| + | |||
| + | git clone <nowiki>https://</nowiki>github.com/nextcloud/server.git nextcloud | ||
| + | cd nextcloud | ||
| + | git checkout stable20 ''# or whatever the latest stable version is'' | ||
git submodule update --init --recursive | git submodule update --init --recursive | ||
chown www-data:www-data config apps .htaccess | chown www-data:www-data config apps .htaccess | ||
| − | |||
| − | mkdir /var/lib/nextcloud/data | + | Create a directory for the cache and user data, which should not reside under the web root: |
| − | chown -R www-data:www-data /var/lib/nextcloud | + | |
| + | mkdir -p /var/lib/nextcloud/data /var/cache/nextcloud | ||
| + | chown -R www-data:www-data /var/lib/nextcloud /var/cache/nextcloud | ||
| + | |||
| + | == Configuration of NextCloud == | ||
| + | |||
| + | Edit the configuration file in {{code|config/config.php}} and check or consider these settings, and add the database and SMTP connection details: | ||
| + | |||
| + | $config => [ | ||
| + | # ... | ||
| + | # | ||
| + | 'passwordsalt' => "''<very long random string>''", | ||
| + | 'secret' => "''<a different very long random string>''", | ||
| + | 'trusted_domains' => [ | ||
| + | 0 => "cloud.'''example.com'''", | ||
| + | ], | ||
| + | 'datadirectory' => '/var/lib/nextcloud/data', | ||
| + | 'overwrite.cli.url' => '<nowiki>https://</nowiki>cloud.'''example.com'''/', | ||
| + | 'htaccess.RewriteBase' => '/', | ||
| + | |||
| + | # Database connection details | ||
| + | 'dbtype' => 'pgsql', | ||
| + | 'dbhost' => 'localhost', | ||
| + | 'dbuser' => "''<nextcloud-dbuser>''", | ||
| + | 'dbpassword' => "''<password>''", | ||
| + | 'dbname' => "''<nextcloud-dbname>''", | ||
| + | 'dbtableprefix' => 'oc_', | ||
| + | |||
| + | # Force all URLs to use SSL or it may trip up things like OAuth | ||
| + | 'overwriteprotocol' => 'https', | ||
| − | + | # Use Redis and caching to make everything go faster | |
| + | 'memcache.local' => '\\OC\\Memcache\\Redis', | ||
| + | 'memcache.locking' => '\\OC\\Memcache\\Redis', | ||
| + | 'redis' => [ | ||
| + | 'host' => 'localhost', | ||
| + | 'port' => 6379, | ||
| + | ], | ||
| + | 'cache_path' => '/var/cache/nextcloud', | ||
| + | |||
| + | # Send email details | ||
| + | 'mail_smtpmode' => 'smtp', | ||
| + | 'mail_smtpsecure' => 'tls', | ||
| + | 'mail_sendmailmode' => 'smtp', | ||
| + | 'mail_from_address' => "nexcloud@'''example.com'''", | ||
| + | 'mail_domain' => "'''example.com'''", | ||
| + | 'mail_smtpauthtype' => 'PLAIN', | ||
| + | 'mail_smtpauth' => 1, | ||
| + | 'mail_smtphost' => ""mail.'''example.com'''", | ||
| + | 'mail_smtpport' => '587', | ||
| + | 'mail_smtpname' => '<emailuser>', | ||
| + | 'mail_smtppassword' => '<emailpassword>', | ||
| − | + | Then navigate to the URL in the browser to install (or run the NextCloud {{code | ./occ}} tool from the command line). | |
| − | + | === Clean URLs === | |
| − | + | For clean URLs, make sure {{code | AllowOverride All}} is set for the parent directory; the {{code | /var/www}} definition is in the main {{code | /etc/apache2/apache.conf}}. Then run the follwing OCC command to enable the rewrite rules: | |
| − | + | sudo -u www-data ./occ maintenance:update:htaccess | |
| − | Edit /etc/ImageMagick/policy.xml and remove this line to get PDF previews:' | + | === Previews of other file types === |
| + | |||
| + | Edit /etc/ImageMagick/policy.xml and remove this line to get PDF previews to work:' | ||
<policy domain="coder" rights="none" pattern="PDF" /> <!-- remove this line --> | <policy domain="coder" rights="none" pattern="PDF" /> <!-- remove this line --> | ||
| − | + | Then add the following to {{code|config.php}} to get lots of other useful file previews: | |
| + | 'enabledPreviewProviders' => [ | ||
| + | 0 => 'OC\\Preview\\PNG', | ||
| + | 1 => 'OC\\Preview\\JPEG', | ||
| + | 2 => 'OC\\Preview\\GIF', | ||
| + | 3 => 'OC\\Preview\\HEIC', | ||
| + | 4 => 'OC\\Preview\\BMP', | ||
| + | 5 => 'OC\\Preview\\XBitmap', | ||
| + | 6 => 'OC\\Preview\\MP3', | ||
| + | 7 => 'OC\\Preview\\TXT', | ||
| + | 8 => 'OC\\Preview\\MarkDown', | ||
| + | 9 => 'OC\\Preview\\Movie', | ||
| + | 10 => 'OC\\Preview\\PDF', | ||
| + | 11 => 'OC\\Preview\\OpenDocument', | ||
| + | 12 => 'OC\\Preview\\MSOfficeDoc', | ||
| + | 13 => 'OC\\Preview\\MSOffice2003', | ||
| + | 14 => 'OC\\Preview\\MSOffice2007', | ||
| + | ], | ||
| + | |||
| + | === Photos === | ||
| + | |||
| + | Photos replaces the Gallery app, and is installed separately through the NC store or you can use git to manage it as a submodule. If it doesn't work you might need to build its JavaScript resources by running {{code|make}} in its {{apps/photos}} directory. Alternatively you can resuscitate the Gallery app, which stopped working after NextCloud version 17, by updating its JavaScript dompurify library to a [[https://raw.githubusercontent.com/nextcloud/gallery/ecb26a812f30a3f516964808ccfa6430be09b45e/js/vendor/dompurify/src/purify.js newer version] and bumping the app max version in {{code|apps/galleryappinfo/info.xml}} as follows (See also [https://github.com/nextcloud/gallery/pull/570/ pull request #570]): | ||
| + | |||
| + | <nextcloud min-version="17" max-version="20"/> | ||
| + | |||
| + | == Cron job == | ||
| + | |||
| + | In the administrator settings select cron rather than other methods, and put this in {{code|/etc/cron.d/nextcloud}} | ||
| − | + | */5 * * * * www-data /usr/bin/php /var/www/nextcloud/cron.php | |
Revision as of 04:40, 8 December 2020
Assumes Ubuntu 20.04, stable19 branch, and installing under /var/www for a cloud.example.com URL (c. September 2020).
Prerequisites
Instal some stuff first. This NextCloud recipe uses PostgreSQL, Redis, Apache 2.4, FastCGI with PHP FPM, and Dehydrated for SSL certificate maangement.
sudo apt install apache2 libapache2-mod-fcgid \
php7.4-{bcmath,bz2,curl,gd,fpm,gmp,intl,json,mbstring,opcache,pgsql,tidy,xmlrpc,xsl,zip}
php-{imagick,redis} composer dehydrated postgresql redis-server
Set up the webserver
Running Apache with mod-php is old hat, incompatible with HTTP/2, slow, and horribly memory ineffient under load. Luckily these days we can use PHP-FPM which has been built-in to all versions of PHP since 5.4.
Add a global config to deny access to git repositories, in /etc/apache2/conf-available/deny-git.conf:
<FilesMatch "^\.git"> Require all denied </FilesMatch>
Then enable the Apache configs and required modules:
a2enconf deny-git php7.4-fpm a2enmod proxy_fcgi mpm_worker setenvif rewrite ssl headers dir env
Add virtual host for NextCloud
Should look something like this:
<VirtualHost *:80>
ServerName cloud.example.com
RewriteEngine On
RedirectMatch 301 ^(?!/\.well-known/acme-challenge/).* https://cloud.example.com$0
Alias "/.well-known/acme-challenge/" "/var/lib/dehydrated/acme-challenges/"
</VirtualHost>
<VirtualHost *:443>
ServerName cloud.example.com
ServerAdmin webmaster@example.com
DocumentRoot /var/www/nextcloud
<Directory "/var/www/nexcloud">
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
Satisfy Any
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
SSLEngine On
SSLCertificateFile /var/lib/dehydrated/cloud.example.com/cert.pem
SSLCertificateChainFile /var/lib/dehydrated/cloud.example.com/chain.pem
SSLCertificateKeyFile /var/lib/dehydrated/cloud.example.com/privkey.pem
Header always set Strict-Transport-Security "max-age=63072000"
CustomLog "/var/log/websites/nextcloud/access.log" combined
ErrorLog "/var/log/sebsites/nextcloud/error.log"
</VirtualHost>
Configure PHP
PHP needs a few things: enable the opcache, increase the memory limit, and increase the maximum POST size so you can upload large files. Fiddle with these settings in php/7.4/fpm/php.ini:
max_execution_time = 60 memory_limit = 512M post_max_size = 500M upload_max_filesize = 500M opcache.enable=1
Create a database
Create a database in PostgreSQL:
sudo -u postgres createuser -SDRP <nextcloud-user> sudo -u postgres createdb -E UTF8 -O <nextcloud-user> <nextcloud-dbname>
Install NextCloud
We can just clone it from git:
git clone https://github.com/nextcloud/server.git nextcloud cd nextcloud git checkout stable20 # or whatever the latest stable version is git submodule update --init --recursive chown www-data:www-data config apps .htaccess
Create a directory for the cache and user data, which should not reside under the web root:
mkdir -p /var/lib/nextcloud/data /var/cache/nextcloud chown -R www-data:www-data /var/lib/nextcloud /var/cache/nextcloud
Configuration of NextCloud
Edit the configuration file in config/config.php and check or consider these settings, and add the database and SMTP connection details:
$config => [
# ...
#
'passwordsalt' => "<very long random string>",
'secret' => "<a different very long random string>",
'trusted_domains' => [
0 => "cloud.example.com",
],
'datadirectory' => '/var/lib/nextcloud/data',
'overwrite.cli.url' => 'https://cloud.example.com/',
'htaccess.RewriteBase' => '/',
# Database connection details
'dbtype' => 'pgsql',
'dbhost' => 'localhost',
'dbuser' => "<nextcloud-dbuser>",
'dbpassword' => "<password>",
'dbname' => "<nextcloud-dbname>",
'dbtableprefix' => 'oc_',
# Force all URLs to use SSL or it may trip up things like OAuth
'overwriteprotocol' => 'https',
# Use Redis and caching to make everything go faster
'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => [
'host' => 'localhost',
'port' => 6379,
],
'cache_path' => '/var/cache/nextcloud',
# Send email details
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'tls',
'mail_sendmailmode' => 'smtp',
'mail_from_address' => "nexcloud@example.com",
'mail_domain' => "example.com",
'mail_smtpauthtype' => 'PLAIN',
'mail_smtpauth' => 1,
'mail_smtphost' => ""mail.example.com",
'mail_smtpport' => '587',
'mail_smtpname' => '<emailuser>',
'mail_smtppassword' => '<emailpassword>',
Then navigate to the URL in the browser to install (or run the NextCloud ./occ tool from the command line).
Clean URLs
For clean URLs, make sure AllowOverride All is set for the parent directory; the /var/www definition is in the main /etc/apache2/apache.conf. Then run the follwing OCC command to enable the rewrite rules:
sudo -u www-data ./occ maintenance:update:htaccess
Previews of other file types
Edit /etc/ImageMagick/policy.xml and remove this line to get PDF previews to work:'
<policy domain="coder" rights="none" pattern="PDF" />
Then add the following to config.php to get lots of other useful file previews:
'enabledPreviewProviders' => [
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\HEIC',
4 => 'OC\\Preview\\BMP',
5 => 'OC\\Preview\\XBitmap',
6 => 'OC\\Preview\\MP3',
7 => 'OC\\Preview\\TXT',
8 => 'OC\\Preview\\MarkDown',
9 => 'OC\\Preview\\Movie',
10 => 'OC\\Preview\\PDF',
11 => 'OC\\Preview\\OpenDocument',
12 => 'OC\\Preview\\MSOfficeDoc',
13 => 'OC\\Preview\\MSOffice2003',
14 => 'OC\\Preview\\MSOffice2007',
],
Photos
Photos replaces the Gallery app, and is installed separately through the NC store or you can use git to manage it as a submodule. If it doesn't work you might need to build its JavaScript resources by running make in its Template:Apps/photos directory. Alternatively you can resuscitate the Gallery app, which stopped working after NextCloud version 17, by updating its JavaScript dompurify library to a [newer version and bumping the app max version in apps/galleryappinfo/info.xml as follows (See also pull request #570):
<nextcloud min-version="17" max-version="20"/>
Cron job
In the administrator settings select cron rather than other methods, and put this in /etc/cron.d/nextcloud
*/5 * * * * www-data /usr/bin/php /var/www/nextcloud/cron.php