Alpine Linux - User contributions [en]

Odoo

2022-11-19T10:54:24Z

Lee Kimber: /* Also see */

= Introduction =
[https://www.odoo.com/ Odoo] is an all-in-one business software including CRM, website/e-commerce, billing, accounting, manufacturing, warehouse - and project management, and inventory.

= Preparing Alpine =
After installation and the usual repo update/upgrade add user for odoo (does not have to be named odoo)
{{Cmd|adduser odoo
echo "odoo ALL{{=}}(ALL) ALL" >> /etc/sudoers
addgroup sudo
adduser odoo sudo
su - odoo}}

= Installing dependencies =
{{Cmd|sudo apk add sudo nano less python3 py-pip py3-lxml py3-greenlet py3-gevent py3-psutil py3-pillow py3-psycopg2 py3-reportlab postgresql-dev postgresql git gcc g++ py3-pyldap
sudo pip3 install --upgrade pip}}

Clone Odoo git repository
{{Cmd|cd ~
git clone https://github.com/odoo/odoo.git
cd odoo}}

Install python dependencies
{{Cmd|sudo pip3 install -r requirements.txt}}

= Postgres installation =
Create, configure and start database
{{Cmd|sudo /etc/init.d/postgresql setup
sudo /etc/init.d/postgresql start
sudo rc-update add postgresql}}

Create new database user (Odoo will not run under default postgres user)
{{Cmd|sudo su - postgres -c "createuser -s odoo"}}

= Running Odoo =
This will serve Odoo on localhost:8069 and connect to odoo DB using Unix socket
{{Cmd|./odoo-bin}}

= Also see =
[https://www.odoo.com/documentation/16.0/administration/install.html|Odoo Odoo's installation instructions]

[[Category:Server]]

Odoo

2022-11-19T10:51:27Z

Lee Kimber: /* Also see */

= Introduction =
[https://www.odoo.com/ Odoo] is an all-in-one business software including CRM, website/e-commerce, billing, accounting, manufacturing, warehouse - and project management, and inventory.

= Preparing Alpine =
After installation and the usual repo update/upgrade add user for odoo (does not have to be named odoo)
{{Cmd|adduser odoo
echo "odoo ALL{{=}}(ALL) ALL" >> /etc/sudoers
addgroup sudo
adduser odoo sudo
su - odoo}}

= Installing dependencies =
{{Cmd|sudo apk add sudo nano less python3 py-pip py3-lxml py3-greenlet py3-gevent py3-psutil py3-pillow py3-psycopg2 py3-reportlab postgresql-dev postgresql git gcc g++ py3-pyldap
sudo pip3 install --upgrade pip}}

Clone Odoo git repository
{{Cmd|cd ~
git clone https://github.com/odoo/odoo.git
cd odoo}}

Install python dependencies
{{Cmd|sudo pip3 install -r requirements.txt}}

= Postgres installation =
Create, configure and start database
{{Cmd|sudo /etc/init.d/postgresql setup
sudo /etc/init.d/postgresql start
sudo rc-update add postgresql}}

Create new database user (Odoo will not run under default postgres user)
{{Cmd|sudo su - postgres -c "createuser -s odoo"}}

= Running Odoo =
This will serve Odoo on localhost:8069 and connect to odoo DB using Unix socket
{{Cmd|./odoo-bin}}

= Also see =
[https://www.odoo.com/documentation/16.0/administration/install.html](Odoo installation instructions)

[[Category:Server]]

Odoo

2022-11-19T10:50:49Z

Lee Kimber: /* Also see */

= Introduction =
[https://www.odoo.com/ Odoo] is an all-in-one business software including CRM, website/e-commerce, billing, accounting, manufacturing, warehouse - and project management, and inventory.

= Preparing Alpine =
After installation and the usual repo update/upgrade add user for odoo (does not have to be named odoo)
{{Cmd|adduser odoo
echo "odoo ALL{{=}}(ALL) ALL" >> /etc/sudoers
addgroup sudo
adduser odoo sudo
su - odoo}}

= Installing dependencies =
{{Cmd|sudo apk add sudo nano less python3 py-pip py3-lxml py3-greenlet py3-gevent py3-psutil py3-pillow py3-psycopg2 py3-reportlab postgresql-dev postgresql git gcc g++ py3-pyldap
sudo pip3 install --upgrade pip}}

Clone Odoo git repository
{{Cmd|cd ~
git clone https://github.com/odoo/odoo.git
cd odoo}}

Install python dependencies
{{Cmd|sudo pip3 install -r requirements.txt}}

= Postgres installation =
Create, configure and start database
{{Cmd|sudo /etc/init.d/postgresql setup
sudo /etc/init.d/postgresql start
sudo rc-update add postgresql}}

Create new database user (Odoo will not run under default postgres user)
{{Cmd|sudo su - postgres -c "createuser -s odoo"}}

= Running Odoo =
This will serve Odoo on localhost:8069 and connect to odoo DB using Unix socket
{{Cmd|./odoo-bin}}

= Also see =
[https://www.odoo.com/documentation/16.0/administration/install.html]{{Odoo installation instructions}}

[[Category:Server]]

Odoo

2022-11-19T10:49:42Z

Lee Kimber: /* Also see */ Updates dead Odoo install link to current Odoo install link. Odoo doc URIs seem to change with Odoo version number.

Setting up Zaptel/Asterisk on Alpine

2022-03-01T10:46:46Z

Lee Kimber: /* Resources */ Article links updated. Now point to four still-extant articles of the original six-part series

Asterisk is an open-source voip server. It can be used both with sip-clients as with phones and/or phonesystems.

''Note:''
We used Alpine version 1.1.3-beta8

== Installation ==

Booted from CD

Log in as root, no password needed
$ setup-alpine

Set hostname, network settngs and root-password
$ apk_add openssh asterisk

Make ssh run at bootup:
$ rc_add sshd

Configure asterisk, we copied settings from our previous install, on
Debian Sarge. The only change we had to make to our previous asterisk
config was:
$ vi modules.conf

under [modules], make sure
load => “res_musiconhold.so”
is loaded before other modules

Make asterisk run at bootup:
$ rc_add asterisk

== Zaptel ==

We use an isdn card to connect to our phone-center. It uses the zaptel
driver. To load all the needed modules we had to make the following
changes:
$ vi /etc/modules

Add the following modules:
zaphfc
zaptel
af_packet

$vi /etc/modules.conf

Add:
options torisa base=0xd0000
alias char-major-196 torisa
alias wctdm wcfxs
alias wct2xxp wct4xxp

== Wrapping up ==

Commit to floppy
$ lbu co floppy

Reboot to make sure you made no mistakes, done.

I prefer to reboot staright after installation. If I made a mistake, I rather find out now then in a couple of monts, when I will for sure have forgotton how I set it all up.

== Permissions ==

To run asterisk as user asterisk, we had to add asterisk to the dialout group:
$ grep asterisk /etc/group

dialout:x:20:root,asterisk

To be able to support sip dial-in clients, we run asterisk as root:
$ vi /etc/conf.d/asterisk

And set:
ASTERISK_USER="root:root"

See also issues

== Issues ==

For sip clients to call in we had have to run Asterisk as root, this needs to be fixed. Asterisk on alpine runs as root out of the box.

== Memory-usage ==

$ free

<pre>
total used free shared buffers

Mem: 185824 51772 34052 0 184

Swap: 0 0 0

Total: 185824 51772 134052
</pre>

==Call logging==

To log phonecalls to a csv-file, edit : /etc/asterisk/modules.conf
$ vi /etc/asterisk/modules.conf

And add load => cdr_csv.so:
<pre>
;
; Asterisk configuration file
;
; Module Loader configuration file
;

[modules]
autoload=no

load => cdr_csv.so
etc
</pre>

Now your logs will be in ''/var/log/asterisk/cdr-csv/Master.csv''

For other forms of logging, see [[http://www.voip-info.org/wiki/view/Asterisk+billing here]]

This box is running the following services:
Ssh, asterisk, tinc and openvpn All this would fit in 64mb.

= Resources =

A very nice series of articles called "VoIPowering Your Office with Asterisk: SOHO VoIP" can be found below:

* Intro, How to connect an Asterisk server to legacy phones and phone service, [[https://www.smallbusinesscomputing.com/software/voipowering-your-office-with-asterisk-soho-voip/ Part 1]]
* Set up a connection to the outside world and set up internal extensions, [[https://www.smallbusinesscomputing.com/hardware/voipowering-your-office-with-asterisk-soho-voip-part-2/ Part 2]]
* Configure outbound calling, [[https://www.smallbusinesscomputing.com/software/voipowering-your-office-with-asterisk-soho-voip-part-3/ Part 3]]
* Voicemail, [[https://www.smallbusinesscomputing.com/networking/voipowering-your-office-with-asterisk-soho-voip-part-4/ Part 4]]

= See also =

* [[FaxServer using Asterisk]]

[[Category:Telephony]]

Nextcloud

2022-01-27T12:15:47Z

Lee Kimber: /* How To Install and Set Up Auto-Renewing LetsEncrypt SSL Certificate */

[https://nextcloud.com/ Nextcloud] is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. [http://karlitschek.de/2016/06/nextcloud/ Nextcloud is a fork of ownCloud with enterprise features included].

= Installation =
{{pkg|nextcloud}} is available from Alpine 3.5 and greater.

Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your {{path|/etc/apk/repositories}} file, then:
{{cmd|apk update}}
{{tip|Detailed information is found in [[Include:Upgrading_to_latest_release|this]] doc.}}

== Database ==
First you have to decide which database to use. Use one of the databases listed below.

=== Sqlite ===
All you need to do is to install the package:
{{cmd|apk add nextcloud-sqlite}}

=== PostgreSQL ===
Install the package:
{{cmd|apk add nextcloud-pgsql postgresql postgresql-client}}

Next thing is to configure and start the database:
{{cmd|/etc/init.d/postgresql setup
/etc/init.d/postgresql start}}

Next, you need to create a user and temporarily grant the CREATEDB privilege:
{{cmd|psql -U postgres
CREATE USER mycloud WITH PASSWORD 'test123';
ALTER ROLE mycloud CREATEDB;
\q}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

Set postgresql to start on boot:
{{cmd|rc-update add postgresql}}

=== MariaDB ===
Install the package:
{{cmd|apk add nextcloud-mysql mariadb mariadb-client}}

Now configure and start {{pkg|mariadb}}:
{{cmd|<nowiki>mysql_install_db --user=mysql --datadir=/var/lib/mysql</nowiki>
service mariadb start
rc-update add mariadb
mysql_secure_installation}}
Follow the wizard to setup passwords, etc.
{{Note|Remember the usernames/passwords that you set using the wizard. You will need them later.}}

Next, you need to create a user and database and set permissions:
{{cmd|mysql -u root -p
CREATE DATABASE nextcloud;
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123';
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123';
FLUSH PRIVILEGES;
EXIT}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

{{pkg|mariadb-client}} is not needed anymore. Let's uninstall it:
{{cmd|apk del mariadb-client}}

== Webserver ==
Next thing is to choose, install, and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}}. ''Nginx'' is preferred over ''Lighttpd'' since the latter will consume a lot of memory when working with large files (see [http://redmine.lighttpd.net/issues/1283 lighty bug #1283]). You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. Generating an SSL certificate for your webserver is outside of the scope of this document.

{{pkg|nextcloud-initscript}} facilitates running the webserver with php-fpm.

{{cmd|apk add nextcloud-initscript}}

=== Nginx ===
Install the needed packages:
{{cmd|apk add nginx php8-fpm}}

Delete the default nginx website configuration:
{{cmd|rm /etc/nginx/http.d/default.conf}}

Create a configuration file for your site in {{path|/etc/nginx/http.d/mysite.mydomain.com.conf}}:
{{Cat|/etc/nginx/http.d/mysite.mydomain.com.conf|server {
#listen [::]:80; #uncomment for IPv6 support
listen 80;
return 301 https://$host$request_uri;
server_name mysite.mydomain.com;
}

server {
#listen [::]:443 ssl; #uncomment for IPv6 support
listen 443 ssl;
server_name mysite.mydomain.com;

root /usr/share/webapps/nextcloud;
index index.php index.html index.htm;
disable_symlinks off;

ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_timeout 5m;

#Enable Perfect Forward Secrecy and ciphers without known vulnerabilities
#Beware! It breaks compatibility with older OS and browsers (e.g. Windows XP, Android 2.x, etc.)
#ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA;
#ssl_prefer_server_ciphers on;

location / {
try_files $uri $uri/ /index.html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/run/php-fpm/socket;
fastcgi_pass unix:/run/nextcloud/fastcgi.sock; # From the nextcloud-initscript package
fastcgi_index index.php;
include fastcgi.conf;
}

# Help pass nextcloud's configuration checks after install:
# Per https://docs.nextcloud.com/server/22/admin_manual/issues/general_troubleshooting.html#service-discovery
location ^~ /.well-known/carddav { return 301 /remote.php/dav/; }
location ^~ /.well-known/caldav { return 301 /remote.php/dav/; }
location ^~ /.well-known/webfinger { return 301 /index.php/.well-known/webfinger; }
location ^~ /.well-known/nodeinfo { return 301 /index.php/.well-known/nodeinfo; }
}
}}

If you plan to enable uploads - and you probably do) - then you need to modify the default:
<pre>
client_max_body_size 1m;'
</pre>
setting in {{path|/etc/nginx/nginx.conf}}. For testing purposes, I disabled the limit by changing it to:

<pre>
client_max_body_size 0;
</pre>

This enabled large file uploads and auto-uploads to work. Note, this is a file-size restriction in addition to the restriction set in {{path|/etc/php8/php-fpm.d/nextcloud.conf}}. That second restriction defaults to:

<pre>
; Maximal size of a file that can be uploaded via web interface.
php_admin_value[memory_limit] = 512M
php_admin_value[post_max_size] = 513M
php_admin_value[upload_max_filesize] = 513M
</pre>

Another setting that may limit file-size is in configuration file {{path|/etc/php8/php.ini}}, where I set the restriction to to:
<pre>
upload_max_filesize = 513M
</pre>
to match the {{path|/etc/php8/php-fpm.d/nextcloud.conf}} file-size restriction.

If you are running from RAM and you're dealing with large files you might need to move the FastCGI temp file from {{path|/tmp}} to {{path|/var/tmp}} or to a directory that is mounted on hdd:
<pre>
fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;
</pre>

Large file uploads take some time to be processed by php-fpm, so you need to bump the Nginx default read timeout:

<pre>
fastcgi_read_timeout 300s;
</pre>

{{Note|If you are serving several users make sure to tune the *''pm.max_children'' setting in {{path|/etc/php8/php-fpm.d/nextcloud.conf}}}}

{{path|/etc/nginx/nginx.conf}} should already be configured to load your site config from this directory:
<pre>
...
# Includes virtual hosts configs.
include /etc/nginx/http.d/*;
...
</pre>

Start services:
{{cmd|service nginx start
service nextcloud start}}

Enable automatic startup of services:
{{cmd|rc-update add nginx
rc-update add nextcloud}}

=== Lighttpd ===
Install the package:
{{cmd|apk add lighttpd php5-cgi}}

Make sure you have FastCGI enabled in {{pkg|lighttpd}}:
{{cat|/etc/lighttpd/lighttpd.conf|...
include "mod_fastcgi.conf"
...}}

Start up the webserver:
{{cmd|/etc/init.d/lighttpd start}}

{{tip|You might want to follow the [http://wiki.alpinelinux.org/wiki/Lighttpd_Https_access Lighttpd_Https_access] doc in order to configure lighttpd to use https ''(securing your connections to your nextcloud server)''.}}

Link {{pkg|nextcloud}} installation to web server directory:
{{cmd|ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs}}

== Other settings ==
=== Hardening ===
Consider updating the variable <code>url.access-deny</code> in {{path|/etc/lighttpd/lighttpd.conf}} for additional security. Add <code>"config.php"</code> to the variable ''(that's where the database is stored)'' so it looks something like this:
{{cat|/etc/lighttpd/lighttpd.conf|...
url.access-deny {{=}} ("~", ".inc", "config.php")
...}}
Restart {{pkg|lighttpd}} to activate the changes:
{{cmd|/etc/init.d/lighttpd restart}}

=== Additional packages ===
Some large apps, such as pdfviewer, texteditor, notifications and videoplayer are in separate packages:
{{cmd|apk add nextcloud-pdfviewer nextcloud-texteditor nextcloud-notifications nextcloud-videoplayer}}

=== How To Create a Self-Signed SSL Certificate ===
Install openssl:
{{cmd|apk add openssl}}
Generate your self signed certificate and its private key:
{{cmd|<nowiki>openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl1.1/private/nextcloud-selfsigned.key -out /etc/ssl1.1/certs/nextcloud-selfsigned.crt</nowiki>}}
Edit your nginx configuration:
{{cat|/etc/nginx/http.d/mysite.mydomain.com.conf|
ssl_certificate /etc/ssl1.1/certs/nextcloud-selfsigned.crt;
ssl_certificate_key /etc/ssl1.1/private/nextcloud-selfsigned.key;
}}

=== How To Install and Set Up Auto-Renewing LetsEncrypt SSL Certificate ===
After first setting up the Nextcloud server using the instructions in the 'Configure and use Nextcloud' section below, I then followed the SSL-setup instructions at: [[https://techjogging.com/create-letsencrypt-certificate-alpine-nginx.html Tech Jogging]].

I also had to add my Nextcloud servers Fully Qualified Domain Name (FQDN) to the list of trusted domains in /etc/nextcloud/config.php. In the section labelled: 'trusted_domains':

<pre>
'trusted_domains' =>
array (
0 => '<machine's local IP address>',
1 => 'nextcloud.mydomain.com',
),
}}
</pre>

= Configure and use Nextcloud =

== Configure ==
Point your browser at <code><nowiki>https://mysite.mydomain.com</nowiki></code> and follow the on-screen instructions to complete the installation, supplying the database user and password created before.

== Hardening PostgreSQL ==
If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:
{{cmd|psql -U postgres
ALTER ROLE mycloud NOCREATEDB;
\q}}

== Increase upload size ==
{{path|/etc/php/php-fpm.d/nextcloud.conf}} has overridden default file sizes, but they can be modified further to suit your needs:
<pre>
; Maximal size of a file that can be uploaded via web interface.
php_admin_value[memory_limit] = 512M
php_admin_value[post_max_size] = 513M
php_admin_value[upload_max_filesize] = 513M
</pre>

== enable opcache for nginx/php7 ==
To increase performace install
{{cmd|apk add php7-opcache}}

Now uncomment/edit lines in /etc/php7/php.ini:
<pre>
...
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
...
</pre>

Restart php-fpm7
{{cmd|rc-service php-fpm7 restart}}

== Clients ==
There are clients available for many platforms, Android included:
* http://nextcloud.org/sync-clients/ ''(nextcloud Sync clients)''
* http://nextcloud.org/support/android/ ''(Android client)''

[http://pkgs.alpinelinux.org/packages?name=nextcloud-client&branch=&repo=&arch=&maintainer= nextcloud-client] is currently available in the testing repo.

= Video Communication =
One of the major features of Nextcloud 11, available on Alpine 3.6 (currently edge) is a [https://nextcloud.com/webrtc/ WebRTC app], which relies on Spreed WebRTC server, which is available in the Alpine testing repository. Everything is still beta, so be aware of it :-). If you want a private video conferencing server install Nextcloud using Nginx and do the following (you can use Apache as well and follow the ''Apache config'' instructions [https://nextcloud.com/webrtc/ nextcloud.com]):

Put the following config in the ''server'' section of Nginx:
<pre>
# Spreed WebRTC
location ^~ /webrtc {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_buffering on;
proxy_ignore_client_abort off;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
}
</pre>

Put the following section in the ''http'' section of Nginx:
<pre>
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
</pre>

Reload Nginx:
{{cmd|rc-service nginx reload}}

Install Spreed WedRTC server (make sure you have the testing [https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Packages_and_Repositories repository] enabled):
{{cmd|apk add spreed-web-server}}

Using the configuration file in ''/etc/spreed-webrtc/spreed-webrtc-server.conf'' follow the instructions at [https://nextcloud.com/webrtc/ nextcloud.com] to configure Spreed WebRTC server. Then start the server:
{{cmd|rc-service spreed-web-server start}}
{{cmd|rc-update add spreed-web-server}}

Install the ''Spreed video calls'' app in Nextcloud and enjoy your private video calls.

[[Category:Server]]

Nextcloud

2022-01-27T12:13:15Z

Lee Kimber: /* How To Install and Set Up Auto-Renewing LetsEncrypt SSL Certificate */

[https://nextcloud.com/ Nextcloud] is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. [http://karlitschek.de/2016/06/nextcloud/ Nextcloud is a fork of ownCloud with enterprise features included].

= Installation =
{{pkg|nextcloud}} is available from Alpine 3.5 and greater.

Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your {{path|/etc/apk/repositories}} file, then:
{{cmd|apk update}}
{{tip|Detailed information is found in [[Include:Upgrading_to_latest_release|this]] doc.}}

== Database ==
First you have to decide which database to use. Use one of the databases listed below.

=== Sqlite ===
All you need to do is to install the package:
{{cmd|apk add nextcloud-sqlite}}

=== PostgreSQL ===
Install the package:
{{cmd|apk add nextcloud-pgsql postgresql postgresql-client}}

Next thing is to configure and start the database:
{{cmd|/etc/init.d/postgresql setup
/etc/init.d/postgresql start}}

Next, you need to create a user and temporarily grant the CREATEDB privilege:
{{cmd|psql -U postgres
CREATE USER mycloud WITH PASSWORD 'test123';
ALTER ROLE mycloud CREATEDB;
\q}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

Set postgresql to start on boot:
{{cmd|rc-update add postgresql}}

=== MariaDB ===
Install the package:
{{cmd|apk add nextcloud-mysql mariadb mariadb-client}}

Now configure and start {{pkg|mariadb}}:
{{cmd|<nowiki>mysql_install_db --user=mysql --datadir=/var/lib/mysql</nowiki>
service mariadb start
rc-update add mariadb
mysql_secure_installation}}
Follow the wizard to setup passwords, etc.
{{Note|Remember the usernames/passwords that you set using the wizard. You will need them later.}}

Next, you need to create a user and database and set permissions:
{{cmd|mysql -u root -p
CREATE DATABASE nextcloud;
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123';
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123';
FLUSH PRIVILEGES;
EXIT}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

{{pkg|mariadb-client}} is not needed anymore. Let's uninstall it:
{{cmd|apk del mariadb-client}}

== Webserver ==
Next thing is to choose, install, and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}}. ''Nginx'' is preferred over ''Lighttpd'' since the latter will consume a lot of memory when working with large files (see [http://redmine.lighttpd.net/issues/1283 lighty bug #1283]). You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. Generating an SSL certificate for your webserver is outside of the scope of this document.

{{pkg|nextcloud-initscript}} facilitates running the webserver with php-fpm.

{{cmd|apk add nextcloud-initscript}}

=== Nginx ===
Install the needed packages:
{{cmd|apk add nginx php8-fpm}}

Delete the default nginx website configuration:
{{cmd|rm /etc/nginx/http.d/default.conf}}

Create a configuration file for your site in {{path|/etc/nginx/http.d/mysite.mydomain.com.conf}}:
{{Cat|/etc/nginx/http.d/mysite.mydomain.com.conf|server {
#listen [::]:80; #uncomment for IPv6 support
listen 80;
return 301 https://$host$request_uri;
server_name mysite.mydomain.com;
}

server {
#listen [::]:443 ssl; #uncomment for IPv6 support
listen 443 ssl;
server_name mysite.mydomain.com;

root /usr/share/webapps/nextcloud;
index index.php index.html index.htm;
disable_symlinks off;

ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_timeout 5m;

#Enable Perfect Forward Secrecy and ciphers without known vulnerabilities
#Beware! It breaks compatibility with older OS and browsers (e.g. Windows XP, Android 2.x, etc.)
#ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA;
#ssl_prefer_server_ciphers on;

location / {
try_files $uri $uri/ /index.html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/run/php-fpm/socket;
fastcgi_pass unix:/run/nextcloud/fastcgi.sock; # From the nextcloud-initscript package
fastcgi_index index.php;
include fastcgi.conf;
}

# Help pass nextcloud's configuration checks after install:
# Per https://docs.nextcloud.com/server/22/admin_manual/issues/general_troubleshooting.html#service-discovery
location ^~ /.well-known/carddav { return 301 /remote.php/dav/; }
location ^~ /.well-known/caldav { return 301 /remote.php/dav/; }
location ^~ /.well-known/webfinger { return 301 /index.php/.well-known/webfinger; }
location ^~ /.well-known/nodeinfo { return 301 /index.php/.well-known/nodeinfo; }
}
}}

If you plan to enable uploads - and you probably do) - then you need to modify the default:
<pre>
client_max_body_size 1m;'
</pre>
setting in {{path|/etc/nginx/nginx.conf}}. For testing purposes, I disabled the limit by changing it to:

<pre>
client_max_body_size 0;
</pre>

This enabled large file uploads and auto-uploads to work. Note, this is a file-size restriction in addition to the restriction set in {{path|/etc/php8/php-fpm.d/nextcloud.conf}}. That second restriction defaults to:

<pre>
; Maximal size of a file that can be uploaded via web interface.
php_admin_value[memory_limit] = 512M
php_admin_value[post_max_size] = 513M
php_admin_value[upload_max_filesize] = 513M
</pre>

Another setting that may limit file-size is in configuration file {{path|/etc/php8/php.ini}}, where I set the restriction to to:
<pre>
upload_max_filesize = 513M
</pre>
to match the {{path|/etc/php8/php-fpm.d/nextcloud.conf}} file-size restriction.

If you are running from RAM and you're dealing with large files you might need to move the FastCGI temp file from {{path|/tmp}} to {{path|/var/tmp}} or to a directory that is mounted on hdd:
<pre>
fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;
</pre>

Large file uploads take some time to be processed by php-fpm, so you need to bump the Nginx default read timeout:

<pre>
fastcgi_read_timeout 300s;
</pre>

{{Note|If you are serving several users make sure to tune the *''pm.max_children'' setting in {{path|/etc/php8/php-fpm.d/nextcloud.conf}}}}

{{path|/etc/nginx/nginx.conf}} should already be configured to load your site config from this directory:
<pre>
...
# Includes virtual hosts configs.
include /etc/nginx/http.d/*;
...
</pre>

Start services:
{{cmd|service nginx start
service nextcloud start}}

Enable automatic startup of services:
{{cmd|rc-update add nginx
rc-update add nextcloud}}

=== Lighttpd ===
Install the package:
{{cmd|apk add lighttpd php5-cgi}}

Make sure you have FastCGI enabled in {{pkg|lighttpd}}:
{{cat|/etc/lighttpd/lighttpd.conf|...
include "mod_fastcgi.conf"
...}}

Start up the webserver:
{{cmd|/etc/init.d/lighttpd start}}

{{tip|You might want to follow the [http://wiki.alpinelinux.org/wiki/Lighttpd_Https_access Lighttpd_Https_access] doc in order to configure lighttpd to use https ''(securing your connections to your nextcloud server)''.}}

Link {{pkg|nextcloud}} installation to web server directory:
{{cmd|ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs}}

== Other settings ==
=== Hardening ===
Consider updating the variable <code>url.access-deny</code> in {{path|/etc/lighttpd/lighttpd.conf}} for additional security. Add <code>"config.php"</code> to the variable ''(that's where the database is stored)'' so it looks something like this:
{{cat|/etc/lighttpd/lighttpd.conf|...
url.access-deny {{=}} ("~", ".inc", "config.php")
...}}
Restart {{pkg|lighttpd}} to activate the changes:
{{cmd|/etc/init.d/lighttpd restart}}

=== Additional packages ===
Some large apps, such as pdfviewer, texteditor, notifications and videoplayer are in separate packages:
{{cmd|apk add nextcloud-pdfviewer nextcloud-texteditor nextcloud-notifications nextcloud-videoplayer}}

=== How To Create a Self-Signed SSL Certificate ===
Install openssl:
{{cmd|apk add openssl}}
Generate your self signed certificate and its private key:
{{cmd|<nowiki>openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl1.1/private/nextcloud-selfsigned.key -out /etc/ssl1.1/certs/nextcloud-selfsigned.crt</nowiki>}}
Edit your nginx configuration:
{{cat|/etc/nginx/http.d/mysite.mydomain.com.conf|
ssl_certificate /etc/ssl1.1/certs/nextcloud-selfsigned.crt;
ssl_certificate_key /etc/ssl1.1/private/nextcloud-selfsigned.key;
}}

=== How To Install and Set Up Auto-Renewing LetsEncrypt SSL Certificate ===
After first setting up the Nextcloud server using the instructions in the 'Configure and use Nextcloud' section below, I then followed the SSL-setup instructions at: [[https://techjogging.com/create-letsencrypt-certificate-alpine-nginx.html| Tech Jogging]].

I also had to add my Nextcloud servers Fully Qualified Domain Name (FQDN) to the list of trusted domains in /etc/nextcloud/config.php. In the section labelled: 'trusted_domains':

<pre>
'trusted_domains' =>
array (
0 => '<machine's local IP address>',
1 => 'nextcloud.mydomain.com',
),
}}
</pre>

= Configure and use Nextcloud =

== Configure ==
Point your browser at <code><nowiki>https://mysite.mydomain.com</nowiki></code> and follow the on-screen instructions to complete the installation, supplying the database user and password created before.

== Hardening PostgreSQL ==
If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:
{{cmd|psql -U postgres
ALTER ROLE mycloud NOCREATEDB;
\q}}

== Increase upload size ==
{{path|/etc/php/php-fpm.d/nextcloud.conf}} has overridden default file sizes, but they can be modified further to suit your needs:
<pre>
; Maximal size of a file that can be uploaded via web interface.
php_admin_value[memory_limit] = 512M
php_admin_value[post_max_size] = 513M
php_admin_value[upload_max_filesize] = 513M
</pre>

== enable opcache for nginx/php7 ==
To increase performace install
{{cmd|apk add php7-opcache}}

Now uncomment/edit lines in /etc/php7/php.ini:
<pre>
...
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
...
</pre>

Restart php-fpm7
{{cmd|rc-service php-fpm7 restart}}

== Clients ==
There are clients available for many platforms, Android included:
* http://nextcloud.org/sync-clients/ ''(nextcloud Sync clients)''
* http://nextcloud.org/support/android/ ''(Android client)''

[http://pkgs.alpinelinux.org/packages?name=nextcloud-client&branch=&repo=&arch=&maintainer= nextcloud-client] is currently available in the testing repo.

= Video Communication =
One of the major features of Nextcloud 11, available on Alpine 3.6 (currently edge) is a [https://nextcloud.com/webrtc/ WebRTC app], which relies on Spreed WebRTC server, which is available in the Alpine testing repository. Everything is still beta, so be aware of it :-). If you want a private video conferencing server install Nextcloud using Nginx and do the following (you can use Apache as well and follow the ''Apache config'' instructions [https://nextcloud.com/webrtc/ nextcloud.com]):

Put the following config in the ''server'' section of Nginx:
<pre>
# Spreed WebRTC
location ^~ /webrtc {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_buffering on;
proxy_ignore_client_abort off;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
}
</pre>

Put the following section in the ''http'' section of Nginx:
<pre>
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
</pre>

Reload Nginx:
{{cmd|rc-service nginx reload}}

Install Spreed WedRTC server (make sure you have the testing [https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Packages_and_Repositories repository] enabled):
{{cmd|apk add spreed-web-server}}

Using the configuration file in ''/etc/spreed-webrtc/spreed-webrtc-server.conf'' follow the instructions at [https://nextcloud.com/webrtc/ nextcloud.com] to configure Spreed WebRTC server. Then start the server:
{{cmd|rc-service spreed-web-server start}}
{{cmd|rc-update add spreed-web-server}}

Install the ''Spreed video calls'' app in Nextcloud and enjoy your private video calls.

[[Category:Server]]

Nextcloud

2022-01-22T13:01:05Z

Lee Kimber: /* Nginx */ More details file-size restrictions conf file locations.

[https://nextcloud.com/ Nextcloud] is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. [http://karlitschek.de/2016/06/nextcloud/ Nextcloud is a fork of ownCloud with enterprise features included].

= Installation =
{{pkg|nextcloud}} is available from Alpine 3.5 and greater.

Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your {{path|/etc/apk/repositories}} file, then:
{{cmd|apk update}}
{{tip|Detailed information is found in [[Include:Upgrading_to_latest_release|this]] doc.}}

== Database ==
First you have to decide which database to use. Use one of the databases listed below.

=== Sqlite ===
All you need to do is to install the package:
{{cmd|apk add nextcloud-sqlite}}

=== PostgreSQL ===
Install the package:
{{cmd|apk add nextcloud-pgsql postgresql postgresql-client}}

Next thing is to configure and start the database:
{{cmd|/etc/init.d/postgresql setup
/etc/init.d/postgresql start}}

Next, you need to create a user and temporarily grant the CREATEDB privilege:
{{cmd|psql -U postgres
CREATE USER mycloud WITH PASSWORD 'test123';
ALTER ROLE mycloud CREATEDB;
\q}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

Set postgresql to start on boot:
{{cmd|rc-update add postgresql}}

=== MariaDB ===
Install the package:
{{cmd|apk add nextcloud-mysql mariadb mariadb-client}}

Now configure and start {{pkg|mariadb}}:
{{cmd|<nowiki>mysql_install_db --user=mysql --datadir=/var/lib/mysql</nowiki>
service mariadb start
rc-update add mariadb
mysql_secure_installation}}
Follow the wizard to setup passwords, etc.
{{Note|Remember the usernames/passwords that you set using the wizard. You will need them later.}}

Next, you need to create a user and database and set permissions:
{{cmd|mysql -u root -p
CREATE DATABASE nextcloud;
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123';
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123';
FLUSH PRIVILEGES;
EXIT}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

{{pkg|mariadb-client}} is not needed anymore. Let's uninstall it:
{{cmd|apk del mariadb-client}}

== Webserver ==
Next thing is to choose, install, and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}}. ''Nginx'' is preferred over ''Lighttpd'' since the latter will consume a lot of memory when working with large files (see [http://redmine.lighttpd.net/issues/1283 lighty bug #1283]). You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. Generating an SSL certificate for your webserver is outside of the scope of this document.

{{pkg|nextcloud-initscript}} facilitates running the webserver with php-fpm.

{{cmd|apk add nextcloud-initscript}}

=== Nginx ===
Install the needed packages:
{{cmd|apk add nginx php8-fpm}}

Delete the default nginx website configuration:
{{cmd|rm /etc/nginx/http.d/default.conf}}

Create a configuration file for your site in {{path|/etc/nginx/http.d/mysite.mydomain.com.conf}}:
{{Cat|/etc/nginx/http.d/mysite.mydomain.com.conf|server {
#listen [::]:80; #uncomment for IPv6 support
listen 80;
return 301 https://$host$request_uri;
server_name mysite.mydomain.com;
}

server {
#listen [::]:443 ssl; #uncomment for IPv6 support
listen 443 ssl;
server_name mysite.mydomain.com;

root /usr/share/webapps/nextcloud;
index index.php index.html index.htm;
disable_symlinks off;

ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_timeout 5m;

#Enable Perfect Forward Secrecy and ciphers without known vulnerabilities
#Beware! It breaks compatibility with older OS and browsers (e.g. Windows XP, Android 2.x, etc.)
#ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA;
#ssl_prefer_server_ciphers on;

location / {
try_files $uri $uri/ /index.html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/run/php-fpm/socket;
fastcgi_pass unix:/run/nextcloud/fastcgi.sock; # From the nextcloud-initscript package
fastcgi_index index.php;
include fastcgi.conf;
}

# Help pass nextcloud's configuration checks after install:
# Per https://docs.nextcloud.com/server/22/admin_manual/issues/general_troubleshooting.html#service-discovery
location ^~ /.well-known/carddav { return 301 /remote.php/dav/; }
location ^~ /.well-known/caldav { return 301 /remote.php/dav/; }
location ^~ /.well-known/webfinger { return 301 /index.php/.well-known/webfinger; }
location ^~ /.well-known/nodeinfo { return 301 /index.php/.well-known/nodeinfo; }
}
}}

If you plan to enable uploads - and you probably do) - then you need to modify the default:
<pre>
client_max_body_size 1m;'
</pre>
setting in {{path|/etc/nginx/nginx.conf}}. For testing purposes, I disabled the limit by changing it to:

<pre>
client_max_body_size 0;
</pre>

This enabled large file uploads and auto-uploads to work. Note, this is a file-size restriction in addition to the restriction set in {{path|/etc/php8/php-fpm.d/nextcloud.conf}}. That second restriction defaults to:

<pre>
; Maximal size of a file that can be uploaded via web interface.
php_admin_value[memory_limit] = 512M
php_admin_value[post_max_size] = 513M
php_admin_value[upload_max_filesize] = 513M
</pre>

Another setting that may limit file-size is in configuration file {{path|/etc/php8/php.ini}}, where I set the restriction to to:
<pre>
upload_max_filesize = 513M
</pre>
to match the {{path|/etc/php8/php-fpm.d/nextcloud.conf}} file-size restriction.

If you are running from RAM and you're dealing with large files you might need to move the FastCGI temp file from {{path|/tmp}} to {{path|/var/tmp}} or to a directory that is mounted on hdd:
<pre>
fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;
</pre>

Large file uploads take some time to be processed by php-fpm, so you need to bump the Nginx default read timeout:

<pre>
fastcgi_read_timeout 300s;
</pre>

{{Note|If you are serving several users make sure to tune the *''pm.max_children'' setting in {{path|/etc/php8/php-fpm.d/nextcloud.conf}}}}

{{path|/etc/nginx/nginx.conf}} should already be configured to load your site config from this directory:
<pre>
...
# Includes virtual hosts configs.
include /etc/nginx/http.d/*;
...
</pre>

Start services:
{{cmd|service nginx start
service nextcloud start}}

Enable automatic startup of services:
{{cmd|rc-update add nginx
rc-update add nextcloud}}

=== Lighttpd ===
Install the package:
{{cmd|apk add lighttpd php5-cgi}}

Make sure you have FastCGI enabled in {{pkg|lighttpd}}:
{{cat|/etc/lighttpd/lighttpd.conf|...
include "mod_fastcgi.conf"
...}}

Start up the webserver:
{{cmd|/etc/init.d/lighttpd start}}

{{tip|You might want to follow the [http://wiki.alpinelinux.org/wiki/Lighttpd_Https_access Lighttpd_Https_access] doc in order to configure lighttpd to use https ''(securing your connections to your nextcloud server)''.}}

Link {{pkg|nextcloud}} installation to web server directory:
{{cmd|ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs}}

== Other settings ==
=== Hardening ===
Consider updating the variable <code>url.access-deny</code> in {{path|/etc/lighttpd/lighttpd.conf}} for additional security. Add <code>"config.php"</code> to the variable ''(that's where the database is stored)'' so it looks something like this:
{{cat|/etc/lighttpd/lighttpd.conf|...
url.access-deny {{=}} ("~", ".inc", "config.php")
...}}
Restart {{pkg|lighttpd}} to activate the changes:
{{cmd|/etc/init.d/lighttpd restart}}

=== Additional packages ===
Some large apps, such as pdfviewer, texteditor, notifications and videoplayer are in separate packages:
{{cmd|apk add nextcloud-pdfviewer nextcloud-texteditor nextcloud-notifications nextcloud-videoplayer}}

=== How To Create a Self-Signed SSL Certificate ===
Install openssl:
{{cmd|apk add openssl}}
Generate your self signed certificate and its private key:
{{cmd|<nowiki>openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl1.1/private/nextcloud-selfsigned.key -out /etc/ssl1.1/certs/nextcloud-selfsigned.crt</nowiki>}}
Edit your nginx configuration:
{{cat|/etc/nginx/http.d/mysite.mydomain.com.conf|
ssl_certificate /etc/ssl1.1/certs/nextcloud-selfsigned.crt;
ssl_certificate_key /etc/ssl1.1/private/nextcloud-selfsigned.key;
}}

=== How To Install and Set Up Auto-Renewing LetsEncrypt SSL Certificate ===
After first setting up the Nextcloud server using the instructions in the 'Configure and use Nextcloud' section below, I followed the instructions at: [[https://techjogging.com/create-letsencrypt-certificate-alpine-nginx.html| Tech Jogging]].

I also had to add my Nextcloud servers Fully Qualified Domain Name (FQDN) to the existing local IP-based trusted domain in /etc/nextcloud/config.php. In the section labelled: 'trusted_domains':

<pre>
'trusted_domains' =>
array (
0 => '<machine's local IP address>',
1 => 'nextcloud.mydomain.com',
),
}}
</pre>

= Configure and use Nextcloud =

== Configure ==
Point your browser at <code><nowiki>https://mysite.mydomain.com</nowiki></code> and follow the on-screen instructions to complete the installation, supplying the database user and password created before.

== Hardening PostgreSQL ==
If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:
{{cmd|psql -U postgres
ALTER ROLE mycloud NOCREATEDB;
\q}}

== Increase upload size ==
{{path|/etc/php/php-fpm.d/nextcloud.conf}} has overridden default file sizes, but they can be modified further to suit your needs:
<pre>
; Maximal size of a file that can be uploaded via web interface.
php_admin_value[memory_limit] = 512M
php_admin_value[post_max_size] = 513M
php_admin_value[upload_max_filesize] = 513M
</pre>

== enable opcache for nginx/php7 ==
To increase performace install
{{cmd|apk add php7-opcache}}

Now uncomment/edit lines in /etc/php7/php.ini:
<pre>
...
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
...
</pre>

Restart php-fpm7
{{cmd|rc-service php-fpm7 restart}}

== Clients ==
There are clients available for many platforms, Android included:
* http://nextcloud.org/sync-clients/ ''(nextcloud Sync clients)''
* http://nextcloud.org/support/android/ ''(Android client)''

[http://pkgs.alpinelinux.org/packages?name=nextcloud-client&branch=&repo=&arch=&maintainer= nextcloud-client] is currently available in the testing repo.

= Video Communication =
One of the major features of Nextcloud 11, available on Alpine 3.6 (currently edge) is a [https://nextcloud.com/webrtc/ WebRTC app], which relies on Spreed WebRTC server, which is available in the Alpine testing repository. Everything is still beta, so be aware of it :-). If you want a private video conferencing server install Nextcloud using Nginx and do the following (you can use Apache as well and follow the ''Apache config'' instructions [https://nextcloud.com/webrtc/ nextcloud.com]):

Put the following config in the ''server'' section of Nginx:
<pre>
# Spreed WebRTC
location ^~ /webrtc {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_buffering on;
proxy_ignore_client_abort off;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
}
</pre>

Put the following section in the ''http'' section of Nginx:
<pre>
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
</pre>

Reload Nginx:
{{cmd|rc-service nginx reload}}

Install Spreed WedRTC server (make sure you have the testing [https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Packages_and_Repositories repository] enabled):
{{cmd|apk add spreed-web-server}}

Using the configuration file in ''/etc/spreed-webrtc/spreed-webrtc-server.conf'' follow the instructions at [https://nextcloud.com/webrtc/ nextcloud.com] to configure Spreed WebRTC server. Then start the server:
{{cmd|rc-service spreed-web-server start}}
{{cmd|rc-update add spreed-web-server}}

Install the ''Spreed video calls'' app in Nextcloud and enjoy your private video calls.

[[Category:Server]]

Nextcloud

2022-01-22T12:30:02Z

Lee Kimber: /* Webserver */ Adds nginx.conf change to enable file uploads.

[https://nextcloud.com/ Nextcloud] is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. [http://karlitschek.de/2016/06/nextcloud/ Nextcloud is a fork of ownCloud with enterprise features included].

= Installation =
{{pkg|nextcloud}} is available from Alpine 3.5 and greater.

Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your {{path|/etc/apk/repositories}} file, then:
{{cmd|apk update}}
{{tip|Detailed information is found in [[Include:Upgrading_to_latest_release|this]] doc.}}

== Database ==
First you have to decide which database to use. Use one of the databases listed below.

=== Sqlite ===
All you need to do is to install the package:
{{cmd|apk add nextcloud-sqlite}}

=== PostgreSQL ===
Install the package:
{{cmd|apk add nextcloud-pgsql postgresql postgresql-client}}

Next thing is to configure and start the database:
{{cmd|/etc/init.d/postgresql setup
/etc/init.d/postgresql start}}

Next, you need to create a user and temporarily grant the CREATEDB privilege:
{{cmd|psql -U postgres
CREATE USER mycloud WITH PASSWORD 'test123';
ALTER ROLE mycloud CREATEDB;
\q}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

Set postgresql to start on boot:
{{cmd|rc-update add postgresql}}

=== MariaDB ===
Install the package:
{{cmd|apk add nextcloud-mysql mariadb mariadb-client}}

Now configure and start {{pkg|mariadb}}:
{{cmd|<nowiki>mysql_install_db --user=mysql --datadir=/var/lib/mysql</nowiki>
service mariadb start
rc-update add mariadb
mysql_secure_installation}}
Follow the wizard to setup passwords, etc.
{{Note|Remember the usernames/passwords that you set using the wizard. You will need them later.}}

Next, you need to create a user and database and set permissions:
{{cmd|mysql -u root -p
CREATE DATABASE nextcloud;
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123';
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123';
FLUSH PRIVILEGES;
EXIT}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

{{pkg|mariadb-client}} is not needed anymore. Let's uninstall it:
{{cmd|apk del mariadb-client}}

== Webserver ==
Next thing is to choose, install, and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}}. ''Nginx'' is preferred over ''Lighttpd'' since the latter will consume a lot of memory when working with large files (see [http://redmine.lighttpd.net/issues/1283 lighty bug #1283]). You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. Generating an SSL certificate for your webserver is outside of the scope of this document.

{{pkg|nextcloud-initscript}} facilitates running the webserver with php-fpm.

{{cmd|apk add nextcloud-initscript}}

=== Nginx ===
Install the needed packages:
{{cmd|apk add nginx php8-fpm}}

Delete the default nginx website configuration:
{{cmd|rm /etc/nginx/http.d/default.conf}}

Create a configuration file for your site in {{path|/etc/nginx/http.d/mysite.mydomain.com.conf}}:
{{Cat|/etc/nginx/http.d/mysite.mydomain.com.conf|server {
#listen [::]:80; #uncomment for IPv6 support
listen 80;
return 301 https://$host$request_uri;
server_name mysite.mydomain.com;
}

server {
#listen [::]:443 ssl; #uncomment for IPv6 support
listen 443 ssl;
server_name mysite.mydomain.com;

root /usr/share/webapps/nextcloud;
index index.php index.html index.htm;
disable_symlinks off;

ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_timeout 5m;

#Enable Perfect Forward Secrecy and ciphers without known vulnerabilities
#Beware! It breaks compatibility with older OS and browsers (e.g. Windows XP, Android 2.x, etc.)
#ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA;
#ssl_prefer_server_ciphers on;

location / {
try_files $uri $uri/ /index.html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/run/php-fpm/socket;
fastcgi_pass unix:/run/nextcloud/fastcgi.sock; # From the nextcloud-initscript package
fastcgi_index index.php;
include fastcgi.conf;
}

# Help pass nextcloud's configuration checks after install:
# Per https://docs.nextcloud.com/server/22/admin_manual/issues/general_troubleshooting.html#service-discovery
location ^~ /.well-known/carddav { return 301 /remote.php/dav/; }
location ^~ /.well-known/caldav { return 301 /remote.php/dav/; }
location ^~ /.well-known/webfinger { return 301 /index.php/.well-known/webfinger; }
location ^~ /.well-known/nodeinfo { return 301 /index.php/.well-known/nodeinfo; }
}
}}

If you are running from RAM and you're dealing with large files you might need to move the FastCGI temp file from {{path|/tmp}} to {{path|/var/tmp}} or to a directory that is mounted on hdd:
<pre>
fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;
</pre>

Large file uploads take some time to be processed by php-fpm, so you need to bump the Nginx default read timeout:

<pre>
fastcgi_read_timeout 300s;
</pre>

{{Note|If you are serving several users make sure to tune the *''pm.max_children'' setting in {{path|/etc/php8/php-fpm.d/nextcloud.conf}}}}

{{path|/etc/nginx/nginx.conf}} should already be configured to load your site config from this directory:
<pre>
...
# Includes virtual hosts configs.
include /etc/nginx/http.d/*;
...
</pre>

If you plan to enable uploads - and you probably do) - then you need to modify the default 'client_max_body_size 1m;' setting in {{path|/etc/nginx/nginx.conf}}. For testing purposes, I disabled the limit by changing it to:

<pre>
client_max_body_size 0;
</pre>

This enabled large file uploads and auto-uploads to work.

Start services:
{{cmd|service nginx start
service nextcloud start}}

Enable automatic startup of services:
{{cmd|rc-update add nginx
rc-update add nextcloud}}

=== Lighttpd ===
Install the package:
{{cmd|apk add lighttpd php5-cgi}}

Make sure you have FastCGI enabled in {{pkg|lighttpd}}:
{{cat|/etc/lighttpd/lighttpd.conf|...
include "mod_fastcgi.conf"
...}}

Start up the webserver:
{{cmd|/etc/init.d/lighttpd start}}

{{tip|You might want to follow the [http://wiki.alpinelinux.org/wiki/Lighttpd_Https_access Lighttpd_Https_access] doc in order to configure lighttpd to use https ''(securing your connections to your nextcloud server)''.}}

Link {{pkg|nextcloud}} installation to web server directory:
{{cmd|ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs}}

== Other settings ==
=== Hardening ===
Consider updating the variable <code>url.access-deny</code> in {{path|/etc/lighttpd/lighttpd.conf}} for additional security. Add <code>"config.php"</code> to the variable ''(that's where the database is stored)'' so it looks something like this:
{{cat|/etc/lighttpd/lighttpd.conf|...
url.access-deny {{=}} ("~", ".inc", "config.php")
...}}
Restart {{pkg|lighttpd}} to activate the changes:
{{cmd|/etc/init.d/lighttpd restart}}

=== Additional packages ===
Some large apps, such as pdfviewer, texteditor, notifications and videoplayer are in separate packages:
{{cmd|apk add nextcloud-pdfviewer nextcloud-texteditor nextcloud-notifications nextcloud-videoplayer}}

=== How To Create a Self-Signed SSL Certificate ===
Install openssl:
{{cmd|apk add openssl}}
Generate your self signed certificate and its private key:
{{cmd|<nowiki>openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl1.1/private/nextcloud-selfsigned.key -out /etc/ssl1.1/certs/nextcloud-selfsigned.crt</nowiki>}}
Edit your nginx configuration:
{{cat|/etc/nginx/http.d/mysite.mydomain.com.conf|
ssl_certificate /etc/ssl1.1/certs/nextcloud-selfsigned.crt;
ssl_certificate_key /etc/ssl1.1/private/nextcloud-selfsigned.key;
}}

=== How To Install and Set Up Auto-Renewing LetsEncrypt SSL Certificate ===
After first setting up the Nextcloud server using the instructions in the 'Configure and use Nextcloud' section below, I followed the instructions at: [[https://techjogging.com/create-letsencrypt-certificate-alpine-nginx.html| Tech Jogging]].

I also had to add my Nextcloud servers Fully Qualified Domain Name (FQDN) to the existing local IP-based trusted domain in /etc/nextcloud/config.php. In the section labelled: 'trusted_domains':

<pre>
'trusted_domains' =>
array (
0 => '<machine's local IP address>',
1 => 'nextcloud.mydomain.com',
),
}}
</pre>

= Configure and use Nextcloud =

== Configure ==
Point your browser at <code><nowiki>https://mysite.mydomain.com</nowiki></code> and follow the on-screen instructions to complete the installation, supplying the database user and password created before.

== Hardening PostgreSQL ==
If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:
{{cmd|psql -U postgres
ALTER ROLE mycloud NOCREATEDB;
\q}}

== Increase upload size ==
{{path|/etc/php/php-fpm.d/nextcloud.conf}} has overridden default file sizes, but they can be modified further to suit your needs:
<pre>
; Maximal size of a file that can be uploaded via web interface.
php_admin_value[memory_limit] = 512M
php_admin_value[post_max_size] = 513M
php_admin_value[upload_max_filesize] = 513M
</pre>

== enable opcache for nginx/php7 ==
To increase performace install
{{cmd|apk add php7-opcache}}

Now uncomment/edit lines in /etc/php7/php.ini:
<pre>
...
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
...
</pre>

Restart php-fpm7
{{cmd|rc-service php-fpm7 restart}}

== Clients ==
There are clients available for many platforms, Android included:
* http://nextcloud.org/sync-clients/ ''(nextcloud Sync clients)''
* http://nextcloud.org/support/android/ ''(Android client)''

[http://pkgs.alpinelinux.org/packages?name=nextcloud-client&branch=&repo=&arch=&maintainer= nextcloud-client] is currently available in the testing repo.

= Video Communication =
One of the major features of Nextcloud 11, available on Alpine 3.6 (currently edge) is a [https://nextcloud.com/webrtc/ WebRTC app], which relies on Spreed WebRTC server, which is available in the Alpine testing repository. Everything is still beta, so be aware of it :-). If you want a private video conferencing server install Nextcloud using Nginx and do the following (you can use Apache as well and follow the ''Apache config'' instructions [https://nextcloud.com/webrtc/ nextcloud.com]):

Put the following config in the ''server'' section of Nginx:
<pre>
# Spreed WebRTC
location ^~ /webrtc {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_buffering on;
proxy_ignore_client_abort off;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
}
</pre>

Put the following section in the ''http'' section of Nginx:
<pre>
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
</pre>

Reload Nginx:
{{cmd|rc-service nginx reload}}

Install Spreed WedRTC server (make sure you have the testing [https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Packages_and_Repositories repository] enabled):
{{cmd|apk add spreed-web-server}}

Using the configuration file in ''/etc/spreed-webrtc/spreed-webrtc-server.conf'' follow the instructions at [https://nextcloud.com/webrtc/ nextcloud.com] to configure Spreed WebRTC server. Then start the server:
{{cmd|rc-service spreed-web-server start}}
{{cmd|rc-update add spreed-web-server}}

Install the ''Spreed video calls'' app in Nextcloud and enjoy your private video calls.

[[Category:Server]]

Nextcloud

2022-01-20T14:30:42Z

Lee Kimber: /* Nginx */ Adds nginx redirects for nextcloud's post-install service discovery checks

[https://nextcloud.com/ Nextcloud] is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. [http://karlitschek.de/2016/06/nextcloud/ Nextcloud is a fork of ownCloud with enterprise features included].

= Installation =
{{pkg|nextcloud}} is available from Alpine 3.5 and greater.

Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your {{path|/etc/apk/repositories}} file, then:
{{cmd|apk update}}
{{tip|Detailed information is found in [[Include:Upgrading_to_latest_release|this]] doc.}}

== Database ==
First you have to decide which database to use. Use one of the databases listed below.

=== Sqlite ===
All you need to do is to install the package:
{{cmd|apk add nextcloud-sqlite}}

=== PostgreSQL ===
Install the package:
{{cmd|apk add nextcloud-pgsql postgresql postgresql-client}}

Next thing is to configure and start the database:
{{cmd|/etc/init.d/postgresql setup
/etc/init.d/postgresql start}}

Next, you need to create a user and temporarily grant the CREATEDB privilege:
{{cmd|psql -U postgres
CREATE USER mycloud WITH PASSWORD 'test123';
ALTER ROLE mycloud CREATEDB;
\q}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

Set postgresql to start on boot:
{{cmd|rc-update add postgresql}}

=== MariaDB ===
Install the package:
{{cmd|apk add nextcloud-mysql mariadb mariadb-client}}

Now configure and start {{pkg|mariadb}}:
{{cmd|<nowiki>mysql_install_db --user=mysql --datadir=/var/lib/mysql</nowiki>
service mariadb start
rc-update add mariadb
mysql_secure_installation}}
Follow the wizard to setup passwords, etc.
{{Note|Remember the usernames/passwords that you set using the wizard. You will need them later.}}

Next, you need to create a user and database and set permissions:
{{cmd|mysql -u root -p
CREATE DATABASE nextcloud;
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123';
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123';
FLUSH PRIVILEGES;
EXIT}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

{{pkg|mariadb-client}} is not needed anymore. Let's uninstall it:
{{cmd|apk del mariadb-client}}

== Webserver ==
Next thing is to choose, install, and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}}. ''Nginx'' is preferred over ''Lighttpd'' since the latter will consume a lot of memory when working with large files (see [http://redmine.lighttpd.net/issues/1283 lighty bug #1283]). You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. Generating an SSL certificate for your webserver is outside of the scope of this document.

{{pkg|nextcloud-initscript}} facilitates running the webserver with php-fpm.

{{cmd|apk add nextcloud-initscript}}

=== Nginx ===
Install the needed packages:
{{cmd|apk add nginx php8-fpm}}

Delete the default nginx configuration:
{{cmd|rm /etc/nginx/http.d/default.conf}}

Create a configuration file for your site in {{path|/etc/nginx/http.d/mysite.mydomain.com.conf}}:
{{Cat|/etc/nginx/http.d/mysite.mydomain.com.conf|server {
#listen [::]:80; #uncomment for IPv6 support
listen 80;
return 301 https://$host$request_uri;
server_name mysite.mydomain.com;
}

server {
#listen [::]:443 ssl; #uncomment for IPv6 support
listen 443 ssl;
server_name mysite.mydomain.com;

root /usr/share/webapps/nextcloud;
index index.php index.html index.htm;
disable_symlinks off;

ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_timeout 5m;

#Enable Perfect Forward Secrecy and ciphers without known vulnerabilities
#Beware! It breaks compatibility with older OS and browsers (e.g. Windows XP, Android 2.x, etc.)
#ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA;
#ssl_prefer_server_ciphers on;

location / {
try_files $uri $uri/ /index.html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/run/php-fpm/socket;
fastcgi_pass unix:/run/nextcloud/fastcgi.sock; # From the nextcloud-initscript package
fastcgi_index index.php;
include fastcgi.conf;
}

# Help pass nextcloud's configuration checks after install:
# Per https://docs.nextcloud.com/server/22/admin_manual/issues/general_troubleshooting.html#service-discovery
location ^~ /.well-known/carddav { return 301 /remote.php/dav/; }
location ^~ /.well-known/caldav { return 301 /remote.php/dav/; }
location ^~ /.well-known/webfinger { return 301 /index.php/.well-known/webfinger; }
location ^~ /.well-known/nodeinfo { return 301 /index.php/.well-known/nodeinfo; }
}
}}

If you are running from RAM and you're dealing with large files you might need to move the FastCGI temp file from {{path|/tmp}} to {{path|/var/tmp}} or to a directory that is mounted on hdd:
<pre>
fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;
</pre>

Large file uploads take some time to be processed by php-fpm, so you need to bump the Nginx default read timeout:

<pre>
fastcgi_read_timeout 300s;
</pre>

{{Note|If you are serving serveral users make sure to tune the *''pm.max_children'' setting in {{path|/etc/php8/php-fpm.d/nextcloud.conf}}}}

{{path|/etc/nginx/nginx.conf}} should already be configured to load your site config from this directory:
<pre>
...
# Includes virtual hosts configs.
include /etc/nginx/http.d/*;
...
</pre>

Start services:
{{cmd|service nginx start
service nextcloud start}}

Enable automatic startup of services:
{{cmd|rc-update add nginx
rc-update add nextcloud}}

=== Lighttpd ===
Install the package:
{{cmd|apk add lighttpd php5-cgi}}

Make sure you have FastCGI enabled in {{pkg|lighttpd}}:
{{cat|/etc/lighttpd/lighttpd.conf|...
include "mod_fastcgi.conf"
...}}

Start up the webserver:
{{cmd|/etc/init.d/lighttpd start}}

{{tip|You might want to follow the [http://wiki.alpinelinux.org/wiki/Lighttpd_Https_access Lighttpd_Https_access] doc in order to configure lighttpd to use https ''(securing your connections to your nextcloud server)''.}}

Link {{pkg|nextcloud}} installation to web server directory:
{{cmd|ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs}}

== Other settings ==
=== Hardening ===
Consider updating the variable <code>url.access-deny</code> in {{path|/etc/lighttpd/lighttpd.conf}} for additional security. Add <code>"config.php"</code> to the variable ''(that's where the database is stored)'' so it looks something like this:
{{cat|/etc/lighttpd/lighttpd.conf|...
url.access-deny {{=}} ("~", ".inc", "config.php")
...}}
Restart {{pkg|lighttpd}} to activate the changes:
{{cmd|/etc/init.d/lighttpd restart}}

=== Additional packages ===
Some large apps, such as pdfviewer, texteditor, notifications and videoplayer are in separate packages:
{{cmd|apk add nextcloud-pdfviewer nextcloud-texteditor nextcloud-notifications nextcloud-videoplayer}}

=== How To Create a Self-Signed SSL Certificate ===
Install openssl:
{{cmd|apk add openssl}}
Generate your self signed certificate and its private key:
{{cmd|<nowiki>openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl1.1/private/nextcloud-selfsigned.key -out /etc/ssl1.1/certs/nextcloud-selfsigned.crt</nowiki>}}
Edit your nginx configuration:
{{cat|/etc/nginx/http.d/mysite.mydomain.com.conf|
ssl_certificate /etc/ssl1.1/certs/nextcloud-selfsigned.crt;
ssl_certificate_key /etc/ssl1.1/private/nextcloud-selfsigned.key;
}}

=== How To Install and Set Up Auto-Renewing LetsEncrypt SSL Certificate ===
After first setting up the Nextcloud server using the instructions in the 'Configure and use Nextcloud' section below, I followed the instructions at: [[https://techjogging.com/create-letsencrypt-certificate-alpine-nginx.html| Tech Jogging]].

I also had to add my Nextcloud servers Fully Qualified Domain Name (FQDN) to the existing local IP-based trusted domain in /etc/nextcloud/config.php. In the section labelled: 'trusted_domains':

<pre>
'trusted_domains' =>
array (
0 => '<machine's local IP address>',
1 => 'nextcloud.mydomain.com',
),
}}
</pre>

= Configure and use Nextcloud =

== Configure ==
Point your browser at <code><nowiki>https://mysite.mydomain.com</nowiki></code> and follow the on-screen instructions to complete the installation, supplying the database user and password created before.

== Hardening PostgreSQL ==
If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:
{{cmd|psql -U postgres
ALTER ROLE mycloud NOCREATEDB;
\q}}

== Increase upload size ==
{{path|/etc/php/php-fpm.d/nextcloud.conf}} has overridden default file sizes, but they can be modified further to suit your needs:
<pre>
; Maximal size of a file that can be uploaded via web interface.
php_admin_value[memory_limit] = 512M
php_admin_value[post_max_size] = 513M
php_admin_value[upload_max_filesize] = 513M
</pre>

== enable opcache for nginx/php7 ==
To increase performace install
{{cmd|apk add php7-opcache}}

Now uncomment/edit lines in /etc/php7/php.ini:
<pre>
...
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
...
</pre>

Restart php-fpm7
{{cmd|rc-service php-fpm7 restart}}

== Clients ==
There are clients available for many platforms, Android included:
* http://nextcloud.org/sync-clients/ ''(nextcloud Sync clients)''
* http://nextcloud.org/support/android/ ''(Android client)''

[http://pkgs.alpinelinux.org/packages?name=nextcloud-client&branch=&repo=&arch=&maintainer= nextcloud-client] is currently available in the testing repo.

= Video Communication =
One of the major features of Nextcloud 11, available on Alpine 3.6 (currently edge) is a [https://nextcloud.com/webrtc/ WebRTC app], which relies on Spreed WebRTC server, which is available in the Alpine testing repository. Everything is still beta, so be aware of it :-). If you want a private video conferencing server install Nextcloud using Nginx and do the following (you can use Apache as well and follow the ''Apache config'' instructions [https://nextcloud.com/webrtc/ nextcloud.com]):

Put the following config in the ''server'' section of Nginx:
<pre>
# Spreed WebRTC
location ^~ /webrtc {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_buffering on;
proxy_ignore_client_abort off;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
}
</pre>

Put the following section in the ''http'' section of Nginx:
<pre>
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
</pre>

Reload Nginx:
{{cmd|rc-service nginx reload}}

Install Spreed WedRTC server (make sure you have the testing [https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Packages_and_Repositories repository] enabled):
{{cmd|apk add spreed-web-server}}

Using the configuration file in ''/etc/spreed-webrtc/spreed-webrtc-server.conf'' follow the instructions at [https://nextcloud.com/webrtc/ nextcloud.com] to configure Spreed WebRTC server. Then start the server:
{{cmd|rc-service spreed-web-server start}}
{{cmd|rc-update add spreed-web-server}}

Install the ''Spreed video calls'' app in Nextcloud and enjoy your private video calls.

[[Category:Server]]

Nextcloud

2022-01-20T14:21:37Z

Lee Kimber: /* PostgreSQL */

[https://nextcloud.com/ Nextcloud] is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. [http://karlitschek.de/2016/06/nextcloud/ Nextcloud is a fork of ownCloud with enterprise features included].

= Installation =
{{pkg|nextcloud}} is available from Alpine 3.5 and greater.

Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your {{path|/etc/apk/repositories}} file, then:
{{cmd|apk update}}
{{tip|Detailed information is found in [[Include:Upgrading_to_latest_release|this]] doc.}}

== Database ==
First you have to decide which database to use. Use one of the databases listed below.

=== Sqlite ===
All you need to do is to install the package:
{{cmd|apk add nextcloud-sqlite}}

=== PostgreSQL ===
Install the package:
{{cmd|apk add nextcloud-pgsql postgresql postgresql-client}}

Next thing is to configure and start the database:
{{cmd|/etc/init.d/postgresql setup
/etc/init.d/postgresql start}}

Next, you need to create a user and temporarily grant the CREATEDB privilege:
{{cmd|psql -U postgres
CREATE USER mycloud WITH PASSWORD 'test123';
ALTER ROLE mycloud CREATEDB;
\q}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

Set postgresql to start on boot:
{{cmd|rc-update add postgresql}}

=== MariaDB ===
Install the package:
{{cmd|apk add nextcloud-mysql mariadb mariadb-client}}

Now configure and start {{pkg|mariadb}}:
{{cmd|<nowiki>mysql_install_db --user=mysql --datadir=/var/lib/mysql</nowiki>
service mariadb start
rc-update add mariadb
mysql_secure_installation}}
Follow the wizard to setup passwords, etc.
{{Note|Remember the usernames/passwords that you set using the wizard. You will need them later.}}

Next, you need to create a user and database and set permissions:
{{cmd|mysql -u root -p
CREATE DATABASE nextcloud;
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123';
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123';
FLUSH PRIVILEGES;
EXIT}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

{{pkg|mariadb-client}} is not needed anymore. Let's uninstall it:
{{cmd|apk del mariadb-client}}

== Webserver ==
Next thing is to choose, install, and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}}. ''Nginx'' is preferred over ''Lighttpd'' since the latter will consume a lot of memory when working with large files (see [http://redmine.lighttpd.net/issues/1283 lighty bug #1283]). You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. Generating an SSL certificate for your webserver is outside of the scope of this document.

{{pkg|nextcloud-initscript}} facilitates running the webserver with php-fpm.

{{cmd|apk add nextcloud-initscript}}

=== Nginx ===
Install the needed packages:
{{cmd|apk add nginx php8-fpm}}

Delete the default nginx configuration:
{{cmd|rm /etc/nginx/http.d/default.conf}}

Create a configuration file for your site in {{path|/etc/nginx/http.d/mysite.mydomain.com.conf}}:
{{Cat|/etc/nginx/http.d/mysite.mydomain.com.conf|server {
#listen [::]:80; #uncomment for IPv6 support
listen 80;
return 301 https://$host$request_uri;
server_name mysite.mydomain.com;
}

server {
#listen [::]:443 ssl; #uncomment for IPv6 support
listen 443 ssl;
server_name mysite.mydomain.com;

root /usr/share/webapps/nextcloud;
index index.php index.html index.htm;
disable_symlinks off;

ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_timeout 5m;

#Enable Perfect Forward Secrecy and ciphers without known vulnerabilities
#Beware! It breaks compatibility with older OS and browsers (e.g. Windows XP, Android 2.x, etc.)
#ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA;
#ssl_prefer_server_ciphers on;

location / {
try_files $uri $uri/ /index.html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/run/php-fpm/socket;
fastcgi_pass unix:/run/nextcloud/fastcgi.sock; # From the nextcloud-initscript package
fastcgi_index index.php;
include fastcgi.conf;
}
}
}}

If you are running from RAM and you're dealing with large files you might need to move the FastCGI temp file from {{path|/tmp}} to {{path|/var/tmp}} or to a directory that is mounted on hdd:
<pre>
fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;
</pre>

Large file uploads take some time to be processed by php-fpm, so you need to bump the Nginx default read timeout:

<pre>
fastcgi_read_timeout 300s;
</pre>

{{Note|If you are serving serveral users make sure to tune the *''pm.max_children'' setting in {{path|/etc/php8/php-fpm.d/nextcloud.conf}}}}

{{path|/etc/nginx/nginx.conf}} should already be configured to load your site config from this directory:
<pre>
...
# Includes virtual hosts configs.
include /etc/nginx/http.d/*;
...
</pre>

Start services:
{{cmd|service nginx start
service nextcloud start}}

Enable automatic startup of services:
{{cmd|rc-update add nginx
rc-update add nextcloud}}

=== Lighttpd ===
Install the package:
{{cmd|apk add lighttpd php5-cgi}}

Make sure you have FastCGI enabled in {{pkg|lighttpd}}:
{{cat|/etc/lighttpd/lighttpd.conf|...
include "mod_fastcgi.conf"
...}}

Start up the webserver:
{{cmd|/etc/init.d/lighttpd start}}

{{tip|You might want to follow the [http://wiki.alpinelinux.org/wiki/Lighttpd_Https_access Lighttpd_Https_access] doc in order to configure lighttpd to use https ''(securing your connections to your nextcloud server)''.}}

Link {{pkg|nextcloud}} installation to web server directory:
{{cmd|ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs}}

== Other settings ==
=== Hardening ===
Consider updating the variable <code>url.access-deny</code> in {{path|/etc/lighttpd/lighttpd.conf}} for additional security. Add <code>"config.php"</code> to the variable ''(that's where the database is stored)'' so it looks something like this:
{{cat|/etc/lighttpd/lighttpd.conf|...
url.access-deny {{=}} ("~", ".inc", "config.php")
...}}
Restart {{pkg|lighttpd}} to activate the changes:
{{cmd|/etc/init.d/lighttpd restart}}

=== Additional packages ===
Some large apps, such as pdfviewer, texteditor, notifications and videoplayer are in separate packages:
{{cmd|apk add nextcloud-pdfviewer nextcloud-texteditor nextcloud-notifications nextcloud-videoplayer}}

=== How To Create a Self-Signed SSL Certificate ===
Install openssl:
{{cmd|apk add openssl}}
Generate your self signed certificate and its private key:
{{cmd|<nowiki>openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl1.1/private/nextcloud-selfsigned.key -out /etc/ssl1.1/certs/nextcloud-selfsigned.crt</nowiki>}}
Edit your nginx configuration:
{{cat|/etc/nginx/http.d/mysite.mydomain.com.conf|
ssl_certificate /etc/ssl1.1/certs/nextcloud-selfsigned.crt;
ssl_certificate_key /etc/ssl1.1/private/nextcloud-selfsigned.key;
}}

=== How To Install and Set Up Auto-Renewing LetsEncrypt SSL Certificate ===
After first setting up the Nextcloud server using the instructions in the 'Configure and use Nextcloud' section below, I followed the instructions at: [[https://techjogging.com/create-letsencrypt-certificate-alpine-nginx.html| Tech Jogging]].

I also had to add my Nextcloud servers Fully Qualified Domain Name (FQDN) to the existing local IP-based trusted domain in /etc/nextcloud/config.php. In the section labelled: 'trusted_domains':

<pre>
'trusted_domains' =>
array (
0 => '<machine's local IP address>',
1 => 'nextcloud.mydomain.com',
),
}}
</pre>

= Configure and use Nextcloud =

== Configure ==
Point your browser at <code><nowiki>https://mysite.mydomain.com</nowiki></code> and follow the on-screen instructions to complete the installation, supplying the database user and password created before.

== Hardening PostgreSQL ==
If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:
{{cmd|psql -U postgres
ALTER ROLE mycloud NOCREATEDB;
\q}}

== Increase upload size ==
{{path|/etc/php/php-fpm.d/nextcloud.conf}} has overridden default file sizes, but they can be modified further to suit your needs:
<pre>
; Maximal size of a file that can be uploaded via web interface.
php_admin_value[memory_limit] = 512M
php_admin_value[post_max_size] = 513M
php_admin_value[upload_max_filesize] = 513M
</pre>

== enable opcache for nginx/php7 ==
To increase performace install
{{cmd|apk add php7-opcache}}

Now uncomment/edit lines in /etc/php7/php.ini:
<pre>
...
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
...
</pre>

Restart php-fpm7
{{cmd|rc-service php-fpm7 restart}}

== Clients ==
There are clients available for many platforms, Android included:
* http://nextcloud.org/sync-clients/ ''(nextcloud Sync clients)''
* http://nextcloud.org/support/android/ ''(Android client)''

[http://pkgs.alpinelinux.org/packages?name=nextcloud-client&branch=&repo=&arch=&maintainer= nextcloud-client] is currently available in the testing repo.

= Video Communication =
One of the major features of Nextcloud 11, available on Alpine 3.6 (currently edge) is a [https://nextcloud.com/webrtc/ WebRTC app], which relies on Spreed WebRTC server, which is available in the Alpine testing repository. Everything is still beta, so be aware of it :-). If you want a private video conferencing server install Nextcloud using Nginx and do the following (you can use Apache as well and follow the ''Apache config'' instructions [https://nextcloud.com/webrtc/ nextcloud.com]):

Put the following config in the ''server'' section of Nginx:
<pre>
# Spreed WebRTC
location ^~ /webrtc {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_buffering on;
proxy_ignore_client_abort off;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
}
</pre>

Put the following section in the ''http'' section of Nginx:
<pre>
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
</pre>

Reload Nginx:
{{cmd|rc-service nginx reload}}

Install Spreed WedRTC server (make sure you have the testing [https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Packages_and_Repositories repository] enabled):
{{cmd|apk add spreed-web-server}}

Using the configuration file in ''/etc/spreed-webrtc/spreed-webrtc-server.conf'' follow the instructions at [https://nextcloud.com/webrtc/ nextcloud.com] to configure Spreed WebRTC server. Then start the server:
{{cmd|rc-service spreed-web-server start}}
{{cmd|rc-update add spreed-web-server}}

Install the ''Spreed video calls'' app in Nextcloud and enjoy your private video calls.

[[Category:Server]]

Nextcloud

2022-01-20T14:21:17Z

Lee Kimber: /* PostgreSQL */

[https://nextcloud.com/ Nextcloud] is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. [http://karlitschek.de/2016/06/nextcloud/ Nextcloud is a fork of ownCloud with enterprise features included].

= Installation =
{{pkg|nextcloud}} is available from Alpine 3.5 and greater.

Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your {{path|/etc/apk/repositories}} file, then:
{{cmd|apk update}}
{{tip|Detailed information is found in [[Include:Upgrading_to_latest_release|this]] doc.}}

== Database ==
First you have to decide which database to use. Use one of the databases listed below.

=== Sqlite ===
All you need to do is to install the package:
{{cmd|apk add nextcloud-sqlite}}

=== PostgreSQL ===
Install the package:
{{cmd|apk add nextcloud-pgsql postgresql postgresql-client}}

Next thing is to configure and start the database:
{{cmd|/etc/init.d/postgresql setup
/etc/init.d/postgresql start}}

Next, you need to create a user and temporarily grant the CREATEDB privilege:
{{cmd|psql -U postgres
CREATE USER mycloud WITH PASSWORD 'test123';
ALTER ROLE mycloud CREATEDB;
\q}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

Set postgresql to start on boot:
{{cmd|/rc-update add postgresql}}

=== MariaDB ===
Install the package:
{{cmd|apk add nextcloud-mysql mariadb mariadb-client}}

Now configure and start {{pkg|mariadb}}:
{{cmd|<nowiki>mysql_install_db --user=mysql --datadir=/var/lib/mysql</nowiki>
service mariadb start
rc-update add mariadb
mysql_secure_installation}}
Follow the wizard to setup passwords, etc.
{{Note|Remember the usernames/passwords that you set using the wizard. You will need them later.}}

Next, you need to create a user and database and set permissions:
{{cmd|mysql -u root -p
CREATE DATABASE nextcloud;
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123';
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123';
FLUSH PRIVILEGES;
EXIT}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

{{pkg|mariadb-client}} is not needed anymore. Let's uninstall it:
{{cmd|apk del mariadb-client}}

== Webserver ==
Next thing is to choose, install, and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}}. ''Nginx'' is preferred over ''Lighttpd'' since the latter will consume a lot of memory when working with large files (see [http://redmine.lighttpd.net/issues/1283 lighty bug #1283]). You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. Generating an SSL certificate for your webserver is outside of the scope of this document.

{{pkg|nextcloud-initscript}} facilitates running the webserver with php-fpm.

{{cmd|apk add nextcloud-initscript}}

=== Nginx ===
Install the needed packages:
{{cmd|apk add nginx php8-fpm}}

Delete the default nginx configuration:
{{cmd|rm /etc/nginx/http.d/default.conf}}

Create a configuration file for your site in {{path|/etc/nginx/http.d/mysite.mydomain.com.conf}}:
{{Cat|/etc/nginx/http.d/mysite.mydomain.com.conf|server {
#listen [::]:80; #uncomment for IPv6 support
listen 80;
return 301 https://$host$request_uri;
server_name mysite.mydomain.com;
}

server {
#listen [::]:443 ssl; #uncomment for IPv6 support
listen 443 ssl;
server_name mysite.mydomain.com;

root /usr/share/webapps/nextcloud;
index index.php index.html index.htm;
disable_symlinks off;

ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_timeout 5m;

#Enable Perfect Forward Secrecy and ciphers without known vulnerabilities
#Beware! It breaks compatibility with older OS and browsers (e.g. Windows XP, Android 2.x, etc.)
#ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA;
#ssl_prefer_server_ciphers on;

location / {
try_files $uri $uri/ /index.html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/run/php-fpm/socket;
fastcgi_pass unix:/run/nextcloud/fastcgi.sock; # From the nextcloud-initscript package
fastcgi_index index.php;
include fastcgi.conf;
}
}
}}

If you are running from RAM and you're dealing with large files you might need to move the FastCGI temp file from {{path|/tmp}} to {{path|/var/tmp}} or to a directory that is mounted on hdd:
<pre>
fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;
</pre>

Large file uploads take some time to be processed by php-fpm, so you need to bump the Nginx default read timeout:

<pre>
fastcgi_read_timeout 300s;
</pre>

{{Note|If you are serving serveral users make sure to tune the *''pm.max_children'' setting in {{path|/etc/php8/php-fpm.d/nextcloud.conf}}}}

{{path|/etc/nginx/nginx.conf}} should already be configured to load your site config from this directory:
<pre>
...
# Includes virtual hosts configs.
include /etc/nginx/http.d/*;
...
</pre>

Start services:
{{cmd|service nginx start
service nextcloud start}}

Enable automatic startup of services:
{{cmd|rc-update add nginx
rc-update add nextcloud}}

=== Lighttpd ===
Install the package:
{{cmd|apk add lighttpd php5-cgi}}

Make sure you have FastCGI enabled in {{pkg|lighttpd}}:
{{cat|/etc/lighttpd/lighttpd.conf|...
include "mod_fastcgi.conf"
...}}

Start up the webserver:
{{cmd|/etc/init.d/lighttpd start}}

{{tip|You might want to follow the [http://wiki.alpinelinux.org/wiki/Lighttpd_Https_access Lighttpd_Https_access] doc in order to configure lighttpd to use https ''(securing your connections to your nextcloud server)''.}}

Link {{pkg|nextcloud}} installation to web server directory:
{{cmd|ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs}}

== Other settings ==
=== Hardening ===
Consider updating the variable <code>url.access-deny</code> in {{path|/etc/lighttpd/lighttpd.conf}} for additional security. Add <code>"config.php"</code> to the variable ''(that's where the database is stored)'' so it looks something like this:
{{cat|/etc/lighttpd/lighttpd.conf|...
url.access-deny {{=}} ("~", ".inc", "config.php")
...}}
Restart {{pkg|lighttpd}} to activate the changes:
{{cmd|/etc/init.d/lighttpd restart}}

=== Additional packages ===
Some large apps, such as pdfviewer, texteditor, notifications and videoplayer are in separate packages:
{{cmd|apk add nextcloud-pdfviewer nextcloud-texteditor nextcloud-notifications nextcloud-videoplayer}}

=== How To Create a Self-Signed SSL Certificate ===
Install openssl:
{{cmd|apk add openssl}}
Generate your self signed certificate and its private key:
{{cmd|<nowiki>openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl1.1/private/nextcloud-selfsigned.key -out /etc/ssl1.1/certs/nextcloud-selfsigned.crt</nowiki>}}
Edit your nginx configuration:
{{cat|/etc/nginx/http.d/mysite.mydomain.com.conf|
ssl_certificate /etc/ssl1.1/certs/nextcloud-selfsigned.crt;
ssl_certificate_key /etc/ssl1.1/private/nextcloud-selfsigned.key;
}}

=== How To Install and Set Up Auto-Renewing LetsEncrypt SSL Certificate ===
After first setting up the Nextcloud server using the instructions in the 'Configure and use Nextcloud' section below, I followed the instructions at: [[https://techjogging.com/create-letsencrypt-certificate-alpine-nginx.html| Tech Jogging]].

I also had to add my Nextcloud servers Fully Qualified Domain Name (FQDN) to the existing local IP-based trusted domain in /etc/nextcloud/config.php. In the section labelled: 'trusted_domains':

<pre>
'trusted_domains' =>
array (
0 => '<machine's local IP address>',
1 => 'nextcloud.mydomain.com',
),
}}
</pre>

= Configure and use Nextcloud =

== Configure ==
Point your browser at <code><nowiki>https://mysite.mydomain.com</nowiki></code> and follow the on-screen instructions to complete the installation, supplying the database user and password created before.

== Hardening PostgreSQL ==
If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:
{{cmd|psql -U postgres
ALTER ROLE mycloud NOCREATEDB;
\q}}

== Increase upload size ==
{{path|/etc/php/php-fpm.d/nextcloud.conf}} has overridden default file sizes, but they can be modified further to suit your needs:
<pre>
; Maximal size of a file that can be uploaded via web interface.
php_admin_value[memory_limit] = 512M
php_admin_value[post_max_size] = 513M
php_admin_value[upload_max_filesize] = 513M
</pre>

== enable opcache for nginx/php7 ==
To increase performace install
{{cmd|apk add php7-opcache}}

Now uncomment/edit lines in /etc/php7/php.ini:
<pre>
...
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
...
</pre>

Restart php-fpm7
{{cmd|rc-service php-fpm7 restart}}

== Clients ==
There are clients available for many platforms, Android included:
* http://nextcloud.org/sync-clients/ ''(nextcloud Sync clients)''
* http://nextcloud.org/support/android/ ''(Android client)''

[http://pkgs.alpinelinux.org/packages?name=nextcloud-client&branch=&repo=&arch=&maintainer= nextcloud-client] is currently available in the testing repo.

= Video Communication =
One of the major features of Nextcloud 11, available on Alpine 3.6 (currently edge) is a [https://nextcloud.com/webrtc/ WebRTC app], which relies on Spreed WebRTC server, which is available in the Alpine testing repository. Everything is still beta, so be aware of it :-). If you want a private video conferencing server install Nextcloud using Nginx and do the following (you can use Apache as well and follow the ''Apache config'' instructions [https://nextcloud.com/webrtc/ nextcloud.com]):

Put the following config in the ''server'' section of Nginx:
<pre>
# Spreed WebRTC
location ^~ /webrtc {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_buffering on;
proxy_ignore_client_abort off;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
}
</pre>

Put the following section in the ''http'' section of Nginx:
<pre>
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
</pre>

Reload Nginx:
{{cmd|rc-service nginx reload}}

Install Spreed WedRTC server (make sure you have the testing [https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Packages_and_Repositories repository] enabled):
{{cmd|apk add spreed-web-server}}

Using the configuration file in ''/etc/spreed-webrtc/spreed-webrtc-server.conf'' follow the instructions at [https://nextcloud.com/webrtc/ nextcloud.com] to configure Spreed WebRTC server. Then start the server:
{{cmd|rc-service spreed-web-server start}}
{{cmd|rc-update add spreed-web-server}}

Install the ''Spreed video calls'' app in Nextcloud and enjoy your private video calls.

[[Category:Server]]

Nextcloud

2022-01-20T11:53:43Z

Lee Kimber: /* How To Create a Self-Signed SSL Certificate */

[https://nextcloud.com/ Nextcloud] is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. [http://karlitschek.de/2016/06/nextcloud/ Nextcloud is a fork of ownCloud with enterprise features included].

= Installation =
{{pkg|nextcloud}} is available from Alpine 3.5 and greater.

Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your {{path|/etc/apk/repositories}} file, then:
{{cmd|apk update}}
{{tip|Detailed information is found in [[Include:Upgrading_to_latest_release|this]] doc.}}

== Database ==
First you have to decide which database to use. Use one of the databases listed below.

=== Sqlite ===
All you need to do is to install the package:
{{cmd|apk add nextcloud-sqlite}}

=== PostgreSQL ===
Install the package:
{{cmd|apk add nextcloud-pgsql postgresql postgresql-client}}

Next thing is to configure and start the database:
{{cmd|/etc/init.d/postgresql setup
/etc/init.d/postgresql start}}

Next, you need to create a user and temporarily grant the CREATEDB privilege:
{{cmd|psql -U postgres
CREATE USER mycloud WITH PASSWORD 'test123';
ALTER ROLE mycloud CREATEDB;
\q}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

Set the database to start on boot:
{{cmd|/rc-update add postgresql}

=== MariaDB ===
Install the package:
{{cmd|apk add nextcloud-mysql mariadb mariadb-client}}

Now configure and start {{pkg|mariadb}}:
{{cmd|<nowiki>mysql_install_db --user=mysql --datadir=/var/lib/mysql</nowiki>
service mariadb start
rc-update add mariadb
mysql_secure_installation}}
Follow the wizard to setup passwords, etc.
{{Note|Remember the usernames/passwords that you set using the wizard. You will need them later.}}

Next, you need to create a user and database and set permissions:
{{cmd|mysql -u root -p
CREATE DATABASE nextcloud;
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123';
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123';
FLUSH PRIVILEGES;
EXIT}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

{{pkg|mariadb-client}} is not needed anymore. Let's uninstall it:
{{cmd|apk del mariadb-client}}

== Webserver ==
Next thing is to choose, install, and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}}. ''Nginx'' is preferred over ''Lighttpd'' since the latter will consume a lot of memory when working with large files (see [http://redmine.lighttpd.net/issues/1283 lighty bug #1283]). You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. Generating an SSL certificate for your webserver is outside of the scope of this document.

{{pkg|nextcloud-initscript}} facilitates running the webserver with php-fpm.

{{cmd|apk add nextcloud-initscript}}

=== Nginx ===
Install the needed packages:
{{cmd|apk add nginx php8-fpm}}

Delete the default nginx configuration:
{{cmd|rm /etc/nginx/http.d/default.conf}}

Create a configuration file for your site in {{path|/etc/nginx/http.d/mysite.mydomain.com.conf}}:
{{Cat|/etc/nginx/http.d/mysite.mydomain.com.conf|server {
#listen [::]:80; #uncomment for IPv6 support
listen 80;
return 301 https://$host$request_uri;
server_name mysite.mydomain.com;
}

server {
#listen [::]:443 ssl; #uncomment for IPv6 support
listen 443 ssl;
server_name mysite.mydomain.com;

root /usr/share/webapps/nextcloud;
index index.php index.html index.htm;
disable_symlinks off;

ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_timeout 5m;

#Enable Perfect Forward Secrecy and ciphers without known vulnerabilities
#Beware! It breaks compatibility with older OS and browsers (e.g. Windows XP, Android 2.x, etc.)
#ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA;
#ssl_prefer_server_ciphers on;

location / {
try_files $uri $uri/ /index.html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/run/php-fpm/socket;
fastcgi_pass unix:/run/nextcloud/fastcgi.sock; # From the nextcloud-initscript package
fastcgi_index index.php;
include fastcgi.conf;
}
}
}}

If you are running from RAM and you're dealing with large files you might need to move the FastCGI temp file from {{path|/tmp}} to {{path|/var/tmp}} or to a directory that is mounted on hdd:
<pre>
fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;
</pre>

Large file uploads take some time to be processed by php-fpm, so you need to bump the Nginx default read timeout:

<pre>
fastcgi_read_timeout 300s;
</pre>

{{Note|If you are serving serveral users make sure to tune the *''pm.max_children'' setting in {{path|/etc/php8/php-fpm.d/nextcloud.conf}}}}

{{path|/etc/nginx/nginx.conf}} should already be configured to load your site config from this directory:
<pre>
...
# Includes virtual hosts configs.
include /etc/nginx/http.d/*;
...
</pre>

Start services:
{{cmd|service nginx start
service nextcloud start}}

Enable automatic startup of services:
{{cmd|rc-update add nginx
rc-update add nextcloud}}

=== Lighttpd ===
Install the package:
{{cmd|apk add lighttpd php5-cgi}}

Make sure you have FastCGI enabled in {{pkg|lighttpd}}:
{{cat|/etc/lighttpd/lighttpd.conf|...
include "mod_fastcgi.conf"
...}}

Start up the webserver:
{{cmd|/etc/init.d/lighttpd start}}

{{tip|You might want to follow the [http://wiki.alpinelinux.org/wiki/Lighttpd_Https_access Lighttpd_Https_access] doc in order to configure lighttpd to use https ''(securing your connections to your nextcloud server)''.}}

Link {{pkg|nextcloud}} installation to web server directory:
{{cmd|ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs}}

== Other settings ==
=== Hardening ===
Consider updating the variable <code>url.access-deny</code> in {{path|/etc/lighttpd/lighttpd.conf}} for additional security. Add <code>"config.php"</code> to the variable ''(that's where the database is stored)'' so it looks something like this:
{{cat|/etc/lighttpd/lighttpd.conf|...
url.access-deny {{=}} ("~", ".inc", "config.php")
...}}
Restart {{pkg|lighttpd}} to activate the changes:
{{cmd|/etc/init.d/lighttpd restart}}

=== Additional packages ===
Some large apps, such as pdfviewer, texteditor, notifications and videoplayer are in separate packages:
{{cmd|apk add nextcloud-pdfviewer nextcloud-texteditor nextcloud-notifications nextcloud-videoplayer}}

=== How To Create a Self-Signed SSL Certificate ===
Install openssl:
{{cmd|apk add openssl}}
Generate your self signed certificate and its private key:
{{cmd|<nowiki>openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl1.1/private/nextcloud-selfsigned.key -out /etc/ssl1.1/certs/nextcloud-selfsigned.crt</nowiki>}}
Edit your nginx configuration:
{{cat|/etc/nginx/http.d/mysite.mydomain.com.conf|
ssl_certificate /etc/ssl1.1/certs/nextcloud-selfsigned.crt;
ssl_certificate_key /etc/ssl1.1/private/nextcloud-selfsigned.key;
}}

=== How To Install and Set Up Auto-Renewing LetsEncrypt SSL Certificate ===
After first setting up the Nextcloud server using the instructions in the 'Configure and use Nextcloud' section below, I followed the instructions at: [[https://techjogging.com/create-letsencrypt-certificate-alpine-nginx.html| Tech Jogging]].

I also had to add my Nextcloud servers Fully Qualified Domain Name (FQDN) to the existing local IP-based trusted domain in /etc/nextcloud/config.php. In the section labelled: 'trusted_domains':

<pre>
'trusted_domains' =>
array (
0 => '<machine's local IP address>',
1 => 'nextcloud.mydomain.com',
),
}}
</pre>

= Configure and use Nextcloud =

== Configure ==
Point your browser at <code><nowiki>https://mysite.mydomain.com</nowiki></code> and follow the on-screen instructions to complete the installation, supplying the database user and password created before.

== Hardening PostgreSQL ==
If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:
{{cmd|psql -U postgres
ALTER ROLE mycloud NOCREATEDB;
\q}}

== Increase upload size ==
{{path|/etc/php/php-fpm.d/nextcloud.conf}} has overridden default file sizes, but they can be modified further to suit your needs:
<pre>
; Maximal size of a file that can be uploaded via web interface.
php_admin_value[memory_limit] = 512M
php_admin_value[post_max_size] = 513M
php_admin_value[upload_max_filesize] = 513M
</pre>

== enable opcache for nginx/php7 ==
To increase performace install
{{cmd|apk add php7-opcache}}

Now uncomment/edit lines in /etc/php7/php.ini:
<pre>
...
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
...
</pre>

Restart php-fpm7
{{cmd|rc-service php-fpm7 restart}}

== Clients ==
There are clients available for many platforms, Android included:
* http://nextcloud.org/sync-clients/ ''(nextcloud Sync clients)''
* http://nextcloud.org/support/android/ ''(Android client)''

[http://pkgs.alpinelinux.org/packages?name=nextcloud-client&branch=&repo=&arch=&maintainer= nextcloud-client] is currently available in the testing repo.

= Video Communication =
One of the major features of Nextcloud 11, available on Alpine 3.6 (currently edge) is a [https://nextcloud.com/webrtc/ WebRTC app], which relies on Spreed WebRTC server, which is available in the Alpine testing repository. Everything is still beta, so be aware of it :-). If you want a private video conferencing server install Nextcloud using Nginx and do the following (you can use Apache as well and follow the ''Apache config'' instructions [https://nextcloud.com/webrtc/ nextcloud.com]):

Put the following config in the ''server'' section of Nginx:
<pre>
# Spreed WebRTC
location ^~ /webrtc {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_buffering on;
proxy_ignore_client_abort off;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
}
</pre>

Put the following section in the ''http'' section of Nginx:
<pre>
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
</pre>

Reload Nginx:
{{cmd|rc-service nginx reload}}

Install Spreed WedRTC server (make sure you have the testing [https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Packages_and_Repositories repository] enabled):
{{cmd|apk add spreed-web-server}}

Using the configuration file in ''/etc/spreed-webrtc/spreed-webrtc-server.conf'' follow the instructions at [https://nextcloud.com/webrtc/ nextcloud.com] to configure Spreed WebRTC server. Then start the server:
{{cmd|rc-service spreed-web-server start}}
{{cmd|rc-update add spreed-web-server}}

Install the ''Spreed video calls'' app in Nextcloud and enjoy your private video calls.

[[Category:Server]]

Nextcloud

2022-01-20T11:29:48Z

Lee Kimber: /* PostgreSQL */ Set postgresql to start on boot to avoid hard-to-troubleshoot 'Internal Server Error'

[https://nextcloud.com/ Nextcloud] is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. [http://karlitschek.de/2016/06/nextcloud/ Nextcloud is a fork of ownCloud with enterprise features included].

= Installation =
{{pkg|nextcloud}} is available from Alpine 3.5 and greater.

Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your {{path|/etc/apk/repositories}} file, then:
{{cmd|apk update}}
{{tip|Detailed information is found in [[Include:Upgrading_to_latest_release|this]] doc.}}

== Database ==
First you have to decide which database to use. Use one of the databases listed below.

=== Sqlite ===
All you need to do is to install the package:
{{cmd|apk add nextcloud-sqlite}}

=== PostgreSQL ===
Install the package:
{{cmd|apk add nextcloud-pgsql postgresql postgresql-client}}

Next thing is to configure and start the database:
{{cmd|/etc/init.d/postgresql setup
/etc/init.d/postgresql start}}

Next, you need to create a user and temporarily grant the CREATEDB privilege:
{{cmd|psql -U postgres
CREATE USER mycloud WITH PASSWORD 'test123';
ALTER ROLE mycloud CREATEDB;
\q}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

Set the database to start on boot:
{{cmd|/rc-update add postgresql}

=== MariaDB ===
Install the package:
{{cmd|apk add nextcloud-mysql mariadb mariadb-client}}

Now configure and start {{pkg|mariadb}}:
{{cmd|<nowiki>mysql_install_db --user=mysql --datadir=/var/lib/mysql</nowiki>
service mariadb start
rc-update add mariadb
mysql_secure_installation}}
Follow the wizard to setup passwords, etc.
{{Note|Remember the usernames/passwords that you set using the wizard. You will need them later.}}

Next, you need to create a user and database and set permissions:
{{cmd|mysql -u root -p
CREATE DATABASE nextcloud;
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123';
GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123';
FLUSH PRIVILEGES;
EXIT}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}}

{{pkg|mariadb-client}} is not needed anymore. Let's uninstall it:
{{cmd|apk del mariadb-client}}

== Webserver ==
Next thing is to choose, install, and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}}. ''Nginx'' is preferred over ''Lighttpd'' since the latter will consume a lot of memory when working with large files (see [http://redmine.lighttpd.net/issues/1283 lighty bug #1283]). You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. Generating an SSL certificate for your webserver is outside of the scope of this document.

{{pkg|nextcloud-initscript}} facilitates running the webserver with php-fpm.

{{cmd|apk add nextcloud-initscript}}

=== Nginx ===
Install the needed packages:
{{cmd|apk add nginx php8-fpm}}

Delete the default nginx configuration:
{{cmd|rm /etc/nginx/http.d/default.conf}}

Create a configuration file for your site in {{path|/etc/nginx/http.d/mysite.mydomain.com.conf}}:
{{Cat|/etc/nginx/http.d/mysite.mydomain.com.conf|server {
#listen [::]:80; #uncomment for IPv6 support
listen 80;
return 301 https://$host$request_uri;
server_name mysite.mydomain.com;
}

server {
#listen [::]:443 ssl; #uncomment for IPv6 support
listen 443 ssl;
server_name mysite.mydomain.com;

root /usr/share/webapps/nextcloud;
index index.php index.html index.htm;
disable_symlinks off;

ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_timeout 5m;

#Enable Perfect Forward Secrecy and ciphers without known vulnerabilities
#Beware! It breaks compatibility with older OS and browsers (e.g. Windows XP, Android 2.x, etc.)
#ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA;
#ssl_prefer_server_ciphers on;

location / {
try_files $uri $uri/ /index.html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/run/php-fpm/socket;
fastcgi_pass unix:/run/nextcloud/fastcgi.sock; # From the nextcloud-initscript package
fastcgi_index index.php;
include fastcgi.conf;
}
}
}}

If you are running from RAM and you're dealing with large files you might need to move the FastCGI temp file from {{path|/tmp}} to {{path|/var/tmp}} or to a directory that is mounted on hdd:
<pre>
fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;
</pre>

Large file uploads take some time to be processed by php-fpm, so you need to bump the Nginx default read timeout:

<pre>
fastcgi_read_timeout 300s;
</pre>

{{Note|If you are serving serveral users make sure to tune the *''pm.max_children'' setting in {{path|/etc/php8/php-fpm.d/nextcloud.conf}}}}

{{path|/etc/nginx/nginx.conf}} should already be configured to load your site config from this directory:
<pre>
...
# Includes virtual hosts configs.
include /etc/nginx/http.d/*;
...
</pre>

Start services:
{{cmd|service nginx start
service nextcloud start}}

Enable automatic startup of services:
{{cmd|rc-update add nginx
rc-update add nextcloud}}

=== Lighttpd ===
Install the package:
{{cmd|apk add lighttpd php5-cgi}}

Make sure you have FastCGI enabled in {{pkg|lighttpd}}:
{{cat|/etc/lighttpd/lighttpd.conf|...
include "mod_fastcgi.conf"
...}}

Start up the webserver:
{{cmd|/etc/init.d/lighttpd start}}

{{tip|You might want to follow the [http://wiki.alpinelinux.org/wiki/Lighttpd_Https_access Lighttpd_Https_access] doc in order to configure lighttpd to use https ''(securing your connections to your nextcloud server)''.}}

Link {{pkg|nextcloud}} installation to web server directory:
{{cmd|ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs}}

== Other settings ==
=== Hardening ===
Consider updating the variable <code>url.access-deny</code> in {{path|/etc/lighttpd/lighttpd.conf}} for additional security. Add <code>"config.php"</code> to the variable ''(that's where the database is stored)'' so it looks something like this:
{{cat|/etc/lighttpd/lighttpd.conf|...
url.access-deny {{=}} ("~", ".inc", "config.php")
...}}
Restart {{pkg|lighttpd}} to activate the changes:
{{cmd|/etc/init.d/lighttpd restart}}

=== Additional packages ===
Some large apps, such as pdfviewer, texteditor, notifications and videoplayer are in separate packages:
{{cmd|apk add nextcloud-pdfviewer nextcloud-texteditor nextcloud-notifications nextcloud-videoplayer}}

=== How To Create a Self-Signed SSL Certificate ===
Install openssl:
{{cmd|apk add openssl}}
Generate your self signed certificate and its private key:
{{cmd|<nowiki>openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl1.1/private/nextcloud-selfsigned.key -out /etc/ssl1.1/certs/nextcloud-selfsigned.crt</nowiki>}}
Edit your nginx configuration:
{{cat|/etc/nginx/http.d/mysite.mydomain.com.conf|
ssl_certificate /etc/ssl1.1/certs/nextcloud-selfsigned.crt;
ssl_certificate_key /etc/ssl1.1/private/nextcloud-selfsigned.key;
}}

= Configure and use Nextcloud =
== Configure ==
Point your browser at <code><nowiki>https://mysite.mydomain.com</nowiki></code> and follow the on-screen instructions to complete the installation, supplying the database user and password created before.

== Hardening PostgreSQL ==
If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:
{{cmd|psql -U postgres
ALTER ROLE mycloud NOCREATEDB;
\q}}

== Increase upload size ==
{{path|/etc/php/php-fpm.d/nextcloud.conf}} has overridden default file sizes, but they can be modified further to suit your needs:
<pre>
; Maximal size of a file that can be uploaded via web interface.
php_admin_value[memory_limit] = 512M
php_admin_value[post_max_size] = 513M
php_admin_value[upload_max_filesize] = 513M
</pre>

== enable opcache for nginx/php7 ==
To increase performace install
{{cmd|apk add php7-opcache}}

Now uncomment/edit lines in /etc/php7/php.ini:
<pre>
...
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
...
</pre>

Restart php-fpm7
{{cmd|rc-service php-fpm7 restart}}

== Clients ==
There are clients available for many platforms, Android included:
* http://nextcloud.org/sync-clients/ ''(nextcloud Sync clients)''
* http://nextcloud.org/support/android/ ''(Android client)''

[http://pkgs.alpinelinux.org/packages?name=nextcloud-client&branch=&repo=&arch=&maintainer= nextcloud-client] is currently available in the testing repo.

= Video Communication =
One of the major features of Nextcloud 11, available on Alpine 3.6 (currently edge) is a [https://nextcloud.com/webrtc/ WebRTC app], which relies on Spreed WebRTC server, which is available in the Alpine testing repository. Everything is still beta, so be aware of it :-). If you want a private video conferencing server install Nextcloud using Nginx and do the following (you can use Apache as well and follow the ''Apache config'' instructions [https://nextcloud.com/webrtc/ nextcloud.com]):

Put the following config in the ''server'' section of Nginx:
<pre>
# Spreed WebRTC
location ^~ /webrtc {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_buffering on;
proxy_ignore_client_abort off;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
}
</pre>

Put the following section in the ''http'' section of Nginx:
<pre>
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
</pre>

Reload Nginx:
{{cmd|rc-service nginx reload}}

Install Spreed WedRTC server (make sure you have the testing [https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Packages_and_Repositories repository] enabled):
{{cmd|apk add spreed-web-server}}

Using the configuration file in ''/etc/spreed-webrtc/spreed-webrtc-server.conf'' follow the instructions at [https://nextcloud.com/webrtc/ nextcloud.com] to configure Spreed WebRTC server. Then start the server:
{{cmd|rc-service spreed-web-server start}}
{{cmd|rc-update add spreed-web-server}}

Install the ''Spreed video calls'' app in Nextcloud and enjoy your private video calls.

[[Category:Server]]