Nextcloud: Difference between revisions
(use https links) |
Romangeber (talk | contribs) m (added hint on how to use occ) |
||
(9 intermediate revisions by 4 users not shown) | |||
Line 2: | Line 2: | ||
= Installation = | = Installation = | ||
{{pkg|nextcloud}} is available | {{pkg|nextcloud}} is available in Alpine 3.5 and greater. | ||
Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your {{path|/etc/apk/repositories}} file, then: | Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your {{path|/etc/apk/repositories}} file, then: | ||
Line 20: | Line 20: | ||
Next thing is to configure and start the database: | Next thing is to configure and start the database: | ||
{{cmd| | {{cmd|rc-service postgresql setup | ||
rc-service postgresql start}} | |||
Next, you need to create a user and temporarily grant the CREATEDB privilege: | Next, you need to create a user and temporarily grant the CREATEDB privilege: | ||
Line 30: | Line 30: | ||
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}} | {{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}} | ||
Set postgresql to start on boot: | Set postgresql to start on boot/: | ||
{{cmd|rc-update add postgresql}} | {{cmd|rc-update add postgresql}} | ||
Line 58: | Line 58: | ||
== Webserver == | == Webserver == | ||
Next thing is to choose, install, and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}} | Next thing is to choose, install, and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}}. You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. Generating an SSL certificate for your webserver is outside of the scope of this document. | ||
{{pkg|nextcloud-initscript}} facilitates running the webserver with php-fpm. | {{pkg|nextcloud-initscript}} facilitates running the webserver with php-fpm. | ||
Line 66: | Line 66: | ||
=== Nginx === | === Nginx === | ||
Install the needed packages: | Install the needed packages: | ||
{{cmd|apk add nginx | {{cmd|apk add nginx}} | ||
Delete the default nginx website configuration: | Delete the default nginx website configuration: | ||
Line 188: | Line 188: | ||
Start up the webserver: | Start up the webserver: | ||
{{cmd| | {{cmd|rc-service lighttpd start}} | ||
{{tip|You might want to follow the [[Lighttpd_Advanced_security#Https_access|Lighttpd_Https_access]] doc in order to configure lighttpd to use https ''(securing your connections to your nextcloud server)''.}} | {{tip|You might want to follow the [[Lighttpd_Advanced_security#Https_access|Lighttpd_Https_access]] doc in order to configure lighttpd to use https ''(securing your connections to your nextcloud server)''.}} | ||
Line 215: | Line 215: | ||
...}} | ...}} | ||
Restart {{pkg|lighttpd}} to activate the changes: | Restart {{pkg|lighttpd}} to activate the changes: | ||
{{cmd| | {{cmd|rc-service lighttpd restart}} | ||
=== Additional packages === | === Additional packages === | ||
Line 268: | Line 268: | ||
</pre> | </pre> | ||
== | == Enable opcache for nginx/php81 == | ||
To increase performace install | To increase performace install | ||
{{cmd|apk add php81-opcache}} | {{cmd|apk add php81-opcache}} | ||
Line 287: | Line 287: | ||
Restart php-fpm81 | Restart php-fpm81 | ||
{{cmd|rc-service php-fpm81 restart}} | {{cmd|rc-service php-fpm81 restart}} | ||
== Enable thumbnail for video == | |||
To be able to generate thumbnails for videos, besides [https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/previews_configuration.html configuring] nextcloud, you will need to unlist <code>proc_open</code> from php's disabled functions. PHP relies on that function to call ffmpeg to generate the thumbnails, without that it will fail to do so even if you have it enabled on config.php. | |||
Remove <code>proc_open</code> from the disabled function in {{path|/etc/php81/php-fpm.d/nextcloud.conf}}: | |||
<pre> | |||
; Disable certain functions for security reasons. | |||
; http://php.net/disable-functions | |||
php_admin_value[disable_functions] = exec,passthru,shell_exec,system,curl_multi_exec,show_source | |||
</pre> | |||
Now add <code>'OC\\Preview\\Movie'</code> to the list of <code>'enabledPreviewProviders'</code> and have ffmpeg installed: | |||
{{cmd|apk add ffmpeg}} | |||
After restarting the fpm service it should start generating thumbnails for videos. | |||
== Clients == | == Clients == | ||
There are clients available for many platforms, Android included: | There are clients available for many platforms, Android included: | ||
* https://nextcloud.org/sync-clients/{{dead link}} ''(nextcloud Sync clients)'' | * https://nextcloud.org/sync-clients/{{dead link}} ''(nextcloud Sync clients)'' | ||
* https://nextcloud. | * https://nextcloud.com/install/ ''(Android client)'' | ||
{{pkg|nextcloud-client}} is currently available in the community repo. | {{pkg|nextcloud-client}} is currently available in the community repo. | ||
Line 345: | Line 363: | ||
Install the ''Spreed video calls'' app in Nextcloud and enjoy your private video calls. | Install the ''Spreed video calls'' app in Nextcloud and enjoy your private video calls. | ||
= Nextcloud CLI occ = | |||
Access to nextcloud's CLI tool occ: | |||
{{cmd|sudo -u nextcloud php82 /usr/share/webapps/nextcloud/occ}} | |||
= Upgrading = | = Upgrading = | ||
If you're using alpine stable, rather than edge, be aware when an upgrade skips a major release version: Nextcloud doesn't support skipping a major release version in its upgrade path. For this reason, alpine also packages the previous nextcloud release as a separate package. | If you're using alpine stable, rather than edge, be aware when an upgrade skips a major release version: Nextcloud doesn't support skipping a major release version in its upgrade path. For this reason, alpine also packages the previous nextcloud release as a separate package. | ||
== See also == | |||
* [https://wiki.archlinux.org/title/Nextcloud Nextcloud - Archwiki] | |||
[[Category:Server]] |
Latest revision as of 19:31, 30 September 2024
Nextcloud is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. Nextcloud is a fork of ownCloud with enterprise features included.
Installation
nextcloud is available in Alpine 3.5 and greater.
Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your /etc/apk/repositories file, then:
apk update
Database
First you have to decide which database to use. Use one of the databases listed below.
Sqlite
All you need to do is to install the package:
apk add nextcloud-sqlite
PostgreSQL
Install the package:
apk add nextcloud-pgsql postgresql postgresql-client
Next thing is to configure and start the database:
rc-service postgresql setup rc-service postgresql start
Next, you need to create a user and temporarily grant the CREATEDB privilege:
psql -U postgres CREATE USER mycloud WITH PASSWORD 'test123'; ALTER ROLE mycloud CREATEDB; \q
Set postgresql to start on boot/:
rc-update add postgresql
MariaDB
Install the package:
apk add nextcloud-mysql mariadb mariadb-client
Now configure and start mariadb:
mysql_install_db --user=mysql --datadir=/var/lib/mysql service mariadb start rc-update add mariadb mysql_secure_installation
Follow the wizard to setup passwords, etc.
Next, you need to create a user and database and set permissions:
mysql -u root -p CREATE DATABASE nextcloud; GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123'; GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123'; FLUSH PRIVILEGES; EXIT
mariadb-client is not needed anymore. Let's uninstall it:
apk del mariadb-client
Webserver
Next thing is to choose, install, and configure a webserver. In this example we will install nginx or lighttpd. You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. Generating an SSL certificate for your webserver is outside of the scope of this document.
nextcloud-initscript facilitates running the webserver with php-fpm.
apk add nextcloud-initscript
Nginx
Install the needed packages:
apk add nginx
Delete the default nginx website configuration:
rm /etc/nginx/http.d/default.conf
Create a configuration file for your site in /etc/nginx/http.d/mysite.mydomain.com.conf:
Contents of /etc/nginx/http.d/mysite.mydomain.com.conf
If you plan to enable uploads - and you probably do) - then you need to modify the default:
client_max_body_size 1m;'
setting in /etc/nginx/nginx.conf. For testing purposes, I disabled the limit by changing it to:
client_max_body_size 0;
This enabled large file uploads and auto-uploads to work. Note, this is a file-size restriction in addition to the restriction set in /etc/php81/php-fpm.d/nextcloud.conf. That second restriction defaults to:
; Maximal size of a file that can be uploaded via web interface. php_admin_value[memory_limit] = 512M php_admin_value[post_max_size] = 513M php_admin_value[upload_max_filesize] = 513M
Another setting that may limit file-size is in configuration file /etc/php81/php.ini, where I set the restriction to to:
upload_max_filesize = 513M
to match the /etc/php81/php-fpm.d/nextcloud.conf file-size restriction.
If you are running from RAM and you're dealing with large files you might need to move the FastCGI temp file from /tmp to /var/tmp or to a directory that is mounted on hdd:
fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;
Large file uploads take some time to be processed by php-fpm, so you need to bump the Nginx default read timeout:
fastcgi_read_timeout 300s;
/etc/nginx/nginx.conf should already be configured to load your site config from this directory:
... # Includes virtual hosts configs. include /etc/nginx/http.d/*; ...
Start services:
service nginx start service nextcloud start
Enable automatic startup of services:
rc-update add nginx rc-update add nextcloud
Lighttpd
Install the package:
apk add lighttpd php5-cgi
Make sure you have FastCGI enabled in lighttpd:
Contents of /etc/lighttpd/lighttpd.conf
Start up the webserver:
rc-service lighttpd start
Link nextcloud installation to web server directory:
ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs
Firewall
Next up, open the desired port for the webserver in the firewall. You can use the following snippet as a reference for an nftable rule in a new file/etc/nftables.d/50-https.nft:
Contents of /etc/nftables.d/50-https.nft
Other settings
Hardening
Consider updating the variable url.access-deny
in /etc/lighttpd/lighttpd.conf for additional security. Add "config.php"
to the variable (that's where the database is stored) so it looks something like this:
Contents of /etc/lighttpd/lighttpd.conf
Restart lighttpd to activate the changes:
rc-service lighttpd restart
Additional packages
Some large apps, such as pdfviewer, texteditor, notifications and videoplayer are in separate packages:
apk add nextcloud-files_pdfviewer nextcloud-text nextcloud-notifications nextcloud-files_videoplayer nextcloud-files_external
You can also install the nextcloud-default-apps meta-package which installs all 30 core Nextcloud apps (listed as dependencies under aforementioned link):
apk add nextcloud-default-apps
How To Create a Self-Signed SSL Certificate
Install openssl:
apk add openssl
Generate your self signed certificate and its private key:
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl1.1/private/nextcloud-selfsigned.key -out /etc/ssl1.1/certs/nextcloud-selfsigned.crt
Edit your nginx configuration:
Contents of /etc/nginx/http.d/mysite.mydomain.com.conf
How To Install and Set Up Auto-Renewing LetsEncrypt SSL Certificate
After first setting up the Nextcloud server using the instructions in the 'Configure and use Nextcloud' section below, I then followed the SSL-setup instructions at: [Tech Jogging].
I also had to add my Nextcloud servers Fully Qualified Domain Name (FQDN) to the list of trusted domains in /etc/nextcloud/config.php. In the section labelled: 'trusted_domains':
'trusted_domains' => array ( 0 => '<machine's local IP address>', 1 => 'nextcloud.mydomain.com', ), }}
Configure and use Nextcloud
Configure
Point your browser at https://mysite.mydomain.com
and follow the on-screen instructions to complete the installation, supplying the database user and password created before.
Hardening PostgreSQL
If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:
psql -U postgres ALTER ROLE mycloud NOCREATEDB; \q
Increase upload size
/etc/php81/php-fpm.d/nextcloud.conf has overridden default file sizes, but they can be modified further to suit your needs:
; Maximal size of a file that can be uploaded via web interface. php_admin_value[memory_limit] = 512M php_admin_value[post_max_size] = 513M php_admin_value[upload_max_filesize] = 513M
Enable opcache for nginx/php81
To increase performace install
apk add php81-opcache
Now uncomment/edit lines in /etc/php81/php.ini:
... opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 //you can reduce this slightly when short on RAM opcache.save_comments=1 opcache.revalidate_freq=1 ...
Restart php-fpm81
rc-service php-fpm81 restart
Enable thumbnail for video
To be able to generate thumbnails for videos, besides configuring nextcloud, you will need to unlist proc_open
from php's disabled functions. PHP relies on that function to call ffmpeg to generate the thumbnails, without that it will fail to do so even if you have it enabled on config.php.
Remove proc_open
from the disabled function in /etc/php81/php-fpm.d/nextcloud.conf:
; Disable certain functions for security reasons. ; http://php.net/disable-functions php_admin_value[disable_functions] = exec,passthru,shell_exec,system,curl_multi_exec,show_source
Now add 'OC\\Preview\\Movie'
to the list of 'enabledPreviewProviders'
and have ffmpeg installed:
apk add ffmpeg
After restarting the fpm service it should start generating thumbnails for videos.
Clients
There are clients available for many platforms, Android included:
- https://nextcloud.org/sync-clients/[Dead Link] (nextcloud Sync clients)
- https://nextcloud.com/install/ (Android client)
nextcloud-client is currently available in the community repo.
Video Communication
One of the major features of Nextcloud 11, available on Alpine 3.6 (currently edge) is a WebRTC app, which relies on Spreed WebRTC server, which is available in the Alpine testing repository. Everything is still beta, so be aware of it :-). If you want a private video conferencing server install Nextcloud using Nginx and do the following (you can use Apache as well and follow the Apache config instructions nextcloud.com):
Put the following config in the server section of Nginx:
# Spreed WebRTC location ^~ /webrtc { proxy_pass http://127.0.0.1:8080; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_buffering on; proxy_ignore_client_abort off; proxy_redirect off; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_next_upstream error timeout invalid_header http_502 http_503 http_504; }
Put the following section in the http section of Nginx:
map $http_upgrade $connection_upgrade { default upgrade; '' close; }
Reload Nginx:
rc-service nginx reload
Install Spreed WedRTC server (make sure you have the testing repository enabled):
apk add spreed-web-server
Using the configuration file in /etc/spreed-webrtc/spreed-webrtc-server.conf follow the instructions at nextcloud.com to configure Spreed WebRTC server. Then start the server:
rc-service spreed-web-server start
rc-update add spreed-web-server
Install the Spreed video calls app in Nextcloud and enjoy your private video calls.
Nextcloud CLI occ
Access to nextcloud's CLI tool occ:
sudo -u nextcloud php82 /usr/share/webapps/nextcloud/occ
Upgrading
If you're using alpine stable, rather than edge, be aware when an upgrade skips a major release version: Nextcloud doesn't support skipping a major release version in its upgrade path. For this reason, alpine also packages the previous nextcloud release as a separate package.