Nextcloud: Difference between revisions
(typo) |
Romangeber (talk | contribs) m (added hint on how to use occ) |
||
(58 intermediate revisions by 20 users not shown) | |||
Line 1: | Line 1: | ||
[https://nextcloud.com/ Nextcloud] is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. [https://karlitschek.de/2016/06/nextcloud/ Nextcloud is a fork of ownCloud with enterprise features included]. | |||
[ | |||
= Installation = | = Installation = | ||
{{pkg|nextcloud}} is available | {{pkg|nextcloud}} is available in Alpine 3.5 and greater. | ||
Before you start installing anything, make sure you have latest packages available. Make sure you are using | Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your {{path|/etc/apk/repositories}} file, then: | ||
{{cmd|apk update}} | {{cmd|apk update}} | ||
{{tip|Detailed information is found in [[Include:Upgrading_to_latest_release|this]] doc.}} | {{tip|Detailed information is found in [[Include:Upgrading_to_latest_release|this]] doc.}} | ||
== Database == | == Database == | ||
First you have to decide which database to use. | First you have to decide which database to use. Use one of the databases listed below. | ||
=== | |||
All you need to do is to install the package | === Sqlite === | ||
All you need to do is to install the package: | |||
{{cmd|apk add nextcloud-sqlite}} | {{cmd|apk add nextcloud-sqlite}} | ||
=== | === PostgreSQL === | ||
Install the package | Install the package: | ||
{{cmd|apk add nextcloud-pgsql}} | {{cmd|apk add nextcloud-pgsql postgresql postgresql-client}} | ||
Next thing is to configure and start the database | Next thing is to configure and start the database: | ||
{{cmd| | {{cmd|rc-service postgresql setup | ||
rc-service postgresql start}} | |||
Next you need to create a user | Next, you need to create a user and temporarily grant the CREATEDB privilege: | ||
{{cmd|psql -U postgres | {{cmd|psql -U postgres | ||
CREATE USER mycloud WITH PASSWORD 'test123'; | CREATE USER mycloud WITH PASSWORD 'test123'; | ||
ALTER ROLE mycloud CREATEDB; | ALTER ROLE mycloud CREATEDB; | ||
\q}} | \q}} | ||
{{Note|Replace the above username 'mycloud' and password 'test123' | {{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}} | ||
Set postgresql to start on boot/: | |||
{{cmd|rc-update add postgresql}} | |||
{{cmd| | |||
=== MariaDB === | |||
{{cmd| | Install the package: | ||
{{cmd|apk add nextcloud-mysql mariadb mariadb-client}} | |||
Next you need to create a user | Now configure and start {{pkg|mariadb}}: | ||
{{cmd|<nowiki>mysql_install_db --user=mysql --datadir=/var/lib/mysql</nowiki> | |||
service mariadb start | |||
rc-update add mariadb | |||
mysql_secure_installation}} | |||
Follow the wizard to setup passwords, etc. | |||
{{Note|Remember the usernames/passwords that you set using the wizard. You will need them later.}} | |||
Next, you need to create a user and database and set permissions: | |||
{{cmd|mysql -u root -p | {{cmd|mysql -u root -p | ||
CREATE DATABASE nextcloud; | CREATE DATABASE nextcloud; | ||
Line 49: | Line 52: | ||
FLUSH PRIVILEGES; | FLUSH PRIVILEGES; | ||
EXIT}} | EXIT}} | ||
{{Note|Replace the above username 'mycloud' and password 'test123' | {{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You will need them later when setting up nextcloud.}} | ||
{{pkg| | {{pkg|mariadb-client}} is not needed anymore. Let's uninstall it: | ||
{{cmd|apk del | {{cmd|apk del mariadb-client}} | ||
== Webserver == | == Webserver == | ||
Next thing is to choose, install and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}} | Next thing is to choose, install, and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}}. You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. Generating an SSL certificate for your webserver is outside of the scope of this document. | ||
{{pkg|nextcloud-initscript}} facilitates running the webserver with php-fpm. | |||
{{ | |||
{{cmd|apk add nextcloud-initscript}} | |||
{{ | |||
}} | |||
=== Nginx === | |||
{{ | Install the needed packages: | ||
{{cmd|apk add nginx}} | |||
}} | |||
Delete the default nginx website configuration: | |||
{{cmd| | {{cmd|rm /etc/nginx/http.d/default.conf}} | ||
Create a configuration file for your site in /etc/nginx/ | Create a configuration file for your site in {{path|/etc/nginx/http.d/mysite.mydomain.com.conf}}: | ||
{{Cat|/etc/nginx/http.d/mysite.mydomain.com.conf|server { | |||
server { | |||
#listen [::]:80; #uncomment for IPv6 support | #listen [::]:80; #uncomment for IPv6 support | ||
listen 80; | listen 80; | ||
Line 93: | Line 84: | ||
server_name mysite.mydomain.com; | server_name mysite.mydomain.com; | ||
root / | root /usr/share/webapps/nextcloud; | ||
index index.php index.html index.htm; | index index.php index.html index.htm; | ||
disable_symlinks off; | disable_symlinks off; | ||
Line 99: | Line 90: | ||
ssl_certificate /etc/ssl/cert.pem; | ssl_certificate /etc/ssl/cert.pem; | ||
ssl_certificate_key /etc/ssl/key.pem; | ssl_certificate_key /etc/ssl/key.pem; | ||
ssl_session_timeout 5m; | ssl_session_timeout 5m; | ||
Line 114: | Line 103: | ||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 | ||
location ~ [^/]\.php(/ | location ~ [^/]\.php(/|$) { | ||
fastcgi_split_path_info ^(.+?\.php)(/.*)$; | fastcgi_split_path_info ^(.+?\.php)(/.*)$; | ||
if (!-f $document_root$fastcgi_script_name) { | if (!-f $document_root$fastcgi_script_name) { | ||
return 404; | return 404; | ||
} | } | ||
fastcgi_pass 127.0.0.1:9000; | #fastcgi_pass 127.0.0.1:9000; | ||
#fastcgi_pass unix: | #fastcgi_pass unix:/run/php-fpm/socket; | ||
fastcgi_pass unix:/run/nextcloud/fastcgi.sock; # From the nextcloud-initscript package | |||
fastcgi_index index.php; | fastcgi_index index.php; | ||
include fastcgi.conf; | include fastcgi.conf; | ||
} | } | ||
# Help pass nextcloud's configuration checks after install: | |||
# Per https://docs.nextcloud.com/server/22/admin_manual/issues/general_troubleshooting.html#service-discovery | |||
location ^~ /.well-known/carddav { return 301 /remote.php/dav/; } | |||
location ^~ /.well-known/caldav { return 301 /remote.php/dav/; } | |||
location ^~ /.well-known/webfinger { return 301 /index.php/.well-known/webfinger; } | |||
location ^~ /.well-known/nodeinfo { return 301 /index.php/.well-known/nodeinfo; } | |||
} | } | ||
}} | |||
If you plan to enable uploads - and you probably do) - then you need to modify the default: | |||
<pre> | |||
client_max_body_size 1m;' | |||
</pre> | |||
setting in {{path|/etc/nginx/nginx.conf}}. For testing purposes, I disabled the limit by changing it to: | |||
<pre> | |||
client_max_body_size 0; | |||
</pre> | |||
This enabled large file uploads and auto-uploads to work. Note, this is a file-size restriction in addition to the restriction set in {{path|/etc/php81/php-fpm.d/nextcloud.conf}}. That second restriction defaults to: | |||
<pre> | |||
; Maximal size of a file that can be uploaded via web interface. | |||
php_admin_value[memory_limit] = 512M | |||
php_admin_value[post_max_size] = 513M | |||
php_admin_value[upload_max_filesize] = 513M | |||
</pre> | |||
Another setting that may limit file-size is in configuration file {{path|/etc/php81/php.ini}}, where I set the restriction to to: | |||
<pre> | |||
upload_max_filesize = 513M | |||
</pre> | </pre> | ||
to match the {{path|/etc/php81/php-fpm.d/nextcloud.conf}} file-size restriction. | |||
If you are running | If you are running from RAM and you're dealing with large files you might need to move the FastCGI temp file from {{path|/tmp}} to {{path|/var/tmp}} or to a directory that is mounted on hdd: | ||
<pre> | <pre> | ||
fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2; | fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2; | ||
</pre> | </pre> | ||
Large | Large file uploads take some time to be processed by php-fpm, so you need to bump the Nginx default read timeout: | ||
<pre> | <pre> | ||
Line 138: | Line 160: | ||
</pre> | </pre> | ||
{{Note|If you are serving several users make sure to tune the *''pm.max_children'' setting in {{path|/etc/php81/php-fpm.d/nextcloud.conf}}}} | |||
{{path|/etc/nginx/nginx.conf}} should already be configured to load your site config from this directory: | |||
<pre> | <pre> | ||
... | ... | ||
# Includes virtual hosts configs. | |||
include /etc/nginx/http.d/*; | |||
... | ... | ||
</pre> | </pre> | ||
{{ | Start services: | ||
{{cmd|service nginx start | |||
service nextcloud start}} | |||
Enable automatic startup of services: | |||
{{cmd|rc-update add nginx | |||
rc-update add nextcloud}} | |||
{{cmd|rc- | |||
rc- | |||
=== Lighttpd === | === Lighttpd === | ||
Install the package | Install the package: | ||
{{cmd|apk add lighttpd | {{cmd|apk add lighttpd php5-cgi}} | ||
Make sure you have FastCGI enabled in {{pkg|lighttpd}}: | Make sure you have FastCGI enabled in {{pkg|lighttpd}}: | ||
Line 167: | Line 187: | ||
...}} | ...}} | ||
Start up the webserver | Start up the webserver: | ||
{{cmd| | {{cmd|rc-service lighttpd start}} | ||
{{tip|You might want to follow the [ | {{tip|You might want to follow the [[Lighttpd_Advanced_security#Https_access|Lighttpd_Https_access]] doc in order to configure lighttpd to use https ''(securing your connections to your nextcloud server)''.}} | ||
Link {{pkg|nextcloud}} installation to web server directory: | Link {{pkg|nextcloud}} installation to web server directory: | ||
{{cmd|ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs}} | {{cmd|ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs}} | ||
== Firewall == | |||
Next up, open the desired port for the webserver in the firewall. You can use the following snippet as a reference for an nftable rule in a new file{{path|/etc/nftables.d/50-https.nft}}: | |||
{{Cat|/etc/nftables.d/50-https.nft| | |||
#!/usr/sbin/nft -f | |||
table inet filter { | |||
chain input { | |||
# allow https | |||
tcp dport 443 accept comment "accept HTTPS" | |||
} | |||
} | |||
}} | |||
== Other settings == | == Other settings == | ||
Line 181: | Line 214: | ||
url.access-deny {{=}} ("~", ".inc", "config.php") | url.access-deny {{=}} ("~", ".inc", "config.php") | ||
...}} | ...}} | ||
Restart {{pkg|lighttpd}} to activate the changes | Restart {{pkg|lighttpd}} to activate the changes: | ||
{{cmd| | {{cmd|rc-service lighttpd restart}} | ||
=== Additional packages === | === Additional packages === | ||
Some large apps, such as texteditor, | Some large apps, such as pdfviewer, texteditor, notifications and videoplayer are in separate packages: | ||
{{cmd|apk add nextcloud- | {{cmd|apk add nextcloud-files_pdfviewer nextcloud-text nextcloud-notifications nextcloud-files_videoplayer nextcloud-files_external}} | ||
You can also install the {{pkg|nextcloud-default-apps}} meta-package which installs all 30 core Nextcloud apps (listed as dependencies under aforementioned link): | |||
{{cmd|apk add nextcloud-default-apps}} | |||
=== How To Create a Self-Signed SSL Certificate === | |||
Install openssl: | |||
{{cmd|apk add openssl}} | |||
Generate your self signed certificate and its private key: | |||
{{cmd|<nowiki>openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl1.1/private/nextcloud-selfsigned.key -out /etc/ssl1.1/certs/nextcloud-selfsigned.crt</nowiki>}} | |||
Edit your nginx configuration: | |||
{{cat|/etc/nginx/http.d/mysite.mydomain.com.conf| | |||
ssl_certificate /etc/ssl1.1/certs/nextcloud-selfsigned.crt; | |||
ssl_certificate_key /etc/ssl1.1/private/nextcloud-selfsigned.key; | |||
}} | |||
=== How To Install and Set Up Auto-Renewing LetsEncrypt SSL Certificate === | |||
After first setting up the Nextcloud server using the instructions in the 'Configure and use Nextcloud' section below, I then followed the SSL-setup instructions at: [[https://techjogging.com/create-letsencrypt-certificate-alpine-nginx.html Tech Jogging]]. | |||
I also had to add my Nextcloud servers Fully Qualified Domain Name (FQDN) to the list of trusted domains in /etc/nextcloud/config.php. In the section labelled: 'trusted_domains': | |||
<pre> | |||
'trusted_domains' => | |||
array ( | |||
0 => '<machine's local IP address>', | |||
1 => 'nextcloud.mydomain.com', | |||
), | |||
}} | |||
</pre> | |||
= Configure and use Nextcloud = | |||
== Configure == | == Configure == | ||
Point your browser at <code><nowiki>https://mysite.mydomain.com</nowiki></code> and follow the on-screen instructions to complete the installation, supplying the database user and password created before. | Point your browser at <code><nowiki>https://mysite.mydomain.com</nowiki></code> and follow the on-screen instructions to complete the installation, supplying the database user and password created before. | ||
== Hardening | == Hardening PostgreSQL == | ||
If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user: | If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user: | ||
{{cmd|psql -U postgres | {{cmd|psql -U postgres | ||
Line 199: | Line 260: | ||
== Increase upload size == | == Increase upload size == | ||
{{path|/etc/php81/php-fpm.d/nextcloud.conf}} has overridden default file sizes, but they can be modified further to suit your needs: | |||
<pre> | |||
; Maximal size of a file that can be uploaded via web interface. | |||
php_admin_value[memory_limit] = 512M | |||
php_admin_value[post_max_size] = 513M | |||
php_admin_value[upload_max_filesize] = 513M | |||
</pre> | |||
== Enable opcache for nginx/php81 == | |||
To increase performace install | |||
{{cmd|apk add php81-opcache}} | |||
Now uncomment/edit lines in /etc/php81/php.ini: | |||
<pre> | |||
... | |||
opcache.enable=1 | |||
opcache.enable_cli=1 | |||
opcache.interned_strings_buffer=8 | |||
opcache.max_accelerated_files=10000 | |||
opcache.memory_consumption=128 //you can reduce this slightly when short on RAM | |||
opcache.save_comments=1 | |||
opcache.revalidate_freq=1 | |||
... | |||
</pre> | |||
Restart php-fpm81 | |||
{{cmd|rc-service php-fpm81 restart}} | |||
== Enable thumbnail for video == | |||
To be able to generate thumbnails for videos, besides [https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/previews_configuration.html configuring] nextcloud, you will need to unlist <code>proc_open</code> from php's disabled functions. PHP relies on that function to call ffmpeg to generate the thumbnails, without that it will fail to do so even if you have it enabled on config.php. | |||
Remove <code>proc_open</code> from the disabled function in {{path|/etc/php81/php-fpm.d/nextcloud.conf}}: | |||
<pre> | <pre> | ||
; Disable certain functions for security reasons. | |||
; http://php.net/disable-functions | |||
php_admin_value[disable_functions] = exec,passthru,shell_exec,system,curl_multi_exec,show_source | |||
</pre> | </pre> | ||
Now add <code>'OC\\Preview\\Movie'</code> to the list of <code>'enabledPreviewProviders'</code> and have ffmpeg installed: | |||
{{cmd|apk add ffmpeg}} | |||
After restarting the fpm service it should start generating thumbnails for videos. | |||
== Clients == | == Clients == | ||
There are clients available for many platforms, Android included: | There are clients available for many platforms, Android included: | ||
* | * https://nextcloud.org/sync-clients/{{dead link}} ''(nextcloud Sync clients)'' | ||
* | * https://nextcloud.com/install/ ''(Android client)'' | ||
{{pkg|nextcloud-client}} is currently available in the community repo. | |||
= Video Communication = | |||
One of the major features of Nextcloud 11, available on Alpine 3.6 (currently edge) is a [https://nextcloud.com/webrtc/ WebRTC app], which relies on Spreed WebRTC server, which is available in the Alpine testing repository. Everything is still beta, so be aware of it :-). If you want a private video conferencing server install Nextcloud using Nginx and do the following (you can use Apache as well and follow the ''Apache config'' instructions [https://nextcloud.com/webrtc/ nextcloud.com]): | |||
Put the following config in the ''server'' section of Nginx: | |||
<pre> | |||
# Spreed WebRTC | |||
location ^~ /webrtc { | |||
proxy_pass http://127.0.0.1:8080; | |||
proxy_http_version 1.1; | |||
proxy_set_header Upgrade $http_upgrade; | |||
proxy_set_header Connection $connection_upgrade; | |||
proxy_set_header X-Forwarded-Proto $scheme; | |||
proxy_set_header Host $http_host; | |||
proxy_set_header X-Real-IP $remote_addr; | |||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
proxy_buffering on; | |||
proxy_ignore_client_abort off; | |||
proxy_redirect off; | |||
proxy_connect_timeout 90; | |||
proxy_send_timeout 90; | |||
proxy_read_timeout 90; | |||
proxy_buffer_size 4k; | |||
proxy_buffers 4 32k; | |||
proxy_busy_buffers_size 64k; | |||
proxy_temp_file_write_size 64k; | |||
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504; | |||
} | |||
</pre> | |||
Put the following section in the ''http'' section of Nginx: | |||
<pre> | |||
map $http_upgrade $connection_upgrade { | |||
default upgrade; | |||
'' close; | |||
} | |||
</pre> | |||
Reload Nginx: | |||
{{cmd|rc-service nginx reload}} | |||
Install Spreed WedRTC server (make sure you have the testing [https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Packages_and_Repositories repository] enabled): | |||
{{cmd|apk add spreed-web-server}} | |||
Using the configuration file in ''/etc/spreed-webrtc/spreed-webrtc-server.conf'' follow the instructions at [https://nextcloud.com/webrtc/ nextcloud.com] to configure Spreed WebRTC server. Then start the server: | |||
{{cmd|rc-service spreed-web-server start}} | |||
{{cmd|rc-update add spreed-web-server}} | |||
Install the ''Spreed video calls'' app in Nextcloud and enjoy your private video calls. | |||
= Nextcloud CLI occ = | |||
Access to nextcloud's CLI tool occ: | |||
{{cmd|sudo -u nextcloud php82 /usr/share/webapps/nextcloud/occ}} | |||
= Upgrading = | |||
If you're using alpine stable, rather than edge, be aware when an upgrade skips a major release version: Nextcloud doesn't support skipping a major release version in its upgrade path. For this reason, alpine also packages the previous nextcloud release as a separate package. | |||
== See also == | |||
* [https://wiki.archlinux.org/title/Nextcloud Nextcloud - Archwiki] | |||
[[Category:Server]] | [[Category:Server]] |
Latest revision as of 19:31, 30 September 2024
Nextcloud is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. Nextcloud is a fork of ownCloud with enterprise features included.
Installation
nextcloud is available in Alpine 3.5 and greater.
Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your /etc/apk/repositories file, then:
apk update
Database
First you have to decide which database to use. Use one of the databases listed below.
Sqlite
All you need to do is to install the package:
apk add nextcloud-sqlite
PostgreSQL
Install the package:
apk add nextcloud-pgsql postgresql postgresql-client
Next thing is to configure and start the database:
rc-service postgresql setup rc-service postgresql start
Next, you need to create a user and temporarily grant the CREATEDB privilege:
psql -U postgres CREATE USER mycloud WITH PASSWORD 'test123'; ALTER ROLE mycloud CREATEDB; \q
Set postgresql to start on boot/:
rc-update add postgresql
MariaDB
Install the package:
apk add nextcloud-mysql mariadb mariadb-client
Now configure and start mariadb:
mysql_install_db --user=mysql --datadir=/var/lib/mysql service mariadb start rc-update add mariadb mysql_secure_installation
Follow the wizard to setup passwords, etc.
Next, you need to create a user and database and set permissions:
mysql -u root -p CREATE DATABASE nextcloud; GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123'; GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123'; FLUSH PRIVILEGES; EXIT
mariadb-client is not needed anymore. Let's uninstall it:
apk del mariadb-client
Webserver
Next thing is to choose, install, and configure a webserver. In this example we will install nginx or lighttpd. You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. Generating an SSL certificate for your webserver is outside of the scope of this document.
nextcloud-initscript facilitates running the webserver with php-fpm.
apk add nextcloud-initscript
Nginx
Install the needed packages:
apk add nginx
Delete the default nginx website configuration:
rm /etc/nginx/http.d/default.conf
Create a configuration file for your site in /etc/nginx/http.d/mysite.mydomain.com.conf:
Contents of /etc/nginx/http.d/mysite.mydomain.com.conf
If you plan to enable uploads - and you probably do) - then you need to modify the default:
client_max_body_size 1m;'
setting in /etc/nginx/nginx.conf. For testing purposes, I disabled the limit by changing it to:
client_max_body_size 0;
This enabled large file uploads and auto-uploads to work. Note, this is a file-size restriction in addition to the restriction set in /etc/php81/php-fpm.d/nextcloud.conf. That second restriction defaults to:
; Maximal size of a file that can be uploaded via web interface. php_admin_value[memory_limit] = 512M php_admin_value[post_max_size] = 513M php_admin_value[upload_max_filesize] = 513M
Another setting that may limit file-size is in configuration file /etc/php81/php.ini, where I set the restriction to to:
upload_max_filesize = 513M
to match the /etc/php81/php-fpm.d/nextcloud.conf file-size restriction.
If you are running from RAM and you're dealing with large files you might need to move the FastCGI temp file from /tmp to /var/tmp or to a directory that is mounted on hdd:
fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;
Large file uploads take some time to be processed by php-fpm, so you need to bump the Nginx default read timeout:
fastcgi_read_timeout 300s;
/etc/nginx/nginx.conf should already be configured to load your site config from this directory:
... # Includes virtual hosts configs. include /etc/nginx/http.d/*; ...
Start services:
service nginx start service nextcloud start
Enable automatic startup of services:
rc-update add nginx rc-update add nextcloud
Lighttpd
Install the package:
apk add lighttpd php5-cgi
Make sure you have FastCGI enabled in lighttpd:
Contents of /etc/lighttpd/lighttpd.conf
Start up the webserver:
rc-service lighttpd start
Link nextcloud installation to web server directory:
ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs
Firewall
Next up, open the desired port for the webserver in the firewall. You can use the following snippet as a reference for an nftable rule in a new file/etc/nftables.d/50-https.nft:
Contents of /etc/nftables.d/50-https.nft
Other settings
Hardening
Consider updating the variable url.access-deny
in /etc/lighttpd/lighttpd.conf for additional security. Add "config.php"
to the variable (that's where the database is stored) so it looks something like this:
Contents of /etc/lighttpd/lighttpd.conf
Restart lighttpd to activate the changes:
rc-service lighttpd restart
Additional packages
Some large apps, such as pdfviewer, texteditor, notifications and videoplayer are in separate packages:
apk add nextcloud-files_pdfviewer nextcloud-text nextcloud-notifications nextcloud-files_videoplayer nextcloud-files_external
You can also install the nextcloud-default-apps meta-package which installs all 30 core Nextcloud apps (listed as dependencies under aforementioned link):
apk add nextcloud-default-apps
How To Create a Self-Signed SSL Certificate
Install openssl:
apk add openssl
Generate your self signed certificate and its private key:
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl1.1/private/nextcloud-selfsigned.key -out /etc/ssl1.1/certs/nextcloud-selfsigned.crt
Edit your nginx configuration:
Contents of /etc/nginx/http.d/mysite.mydomain.com.conf
How To Install and Set Up Auto-Renewing LetsEncrypt SSL Certificate
After first setting up the Nextcloud server using the instructions in the 'Configure and use Nextcloud' section below, I then followed the SSL-setup instructions at: [Tech Jogging].
I also had to add my Nextcloud servers Fully Qualified Domain Name (FQDN) to the list of trusted domains in /etc/nextcloud/config.php. In the section labelled: 'trusted_domains':
'trusted_domains' => array ( 0 => '<machine's local IP address>', 1 => 'nextcloud.mydomain.com', ), }}
Configure and use Nextcloud
Configure
Point your browser at https://mysite.mydomain.com
and follow the on-screen instructions to complete the installation, supplying the database user and password created before.
Hardening PostgreSQL
If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:
psql -U postgres ALTER ROLE mycloud NOCREATEDB; \q
Increase upload size
/etc/php81/php-fpm.d/nextcloud.conf has overridden default file sizes, but they can be modified further to suit your needs:
; Maximal size of a file that can be uploaded via web interface. php_admin_value[memory_limit] = 512M php_admin_value[post_max_size] = 513M php_admin_value[upload_max_filesize] = 513M
Enable opcache for nginx/php81
To increase performace install
apk add php81-opcache
Now uncomment/edit lines in /etc/php81/php.ini:
... opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 //you can reduce this slightly when short on RAM opcache.save_comments=1 opcache.revalidate_freq=1 ...
Restart php-fpm81
rc-service php-fpm81 restart
Enable thumbnail for video
To be able to generate thumbnails for videos, besides configuring nextcloud, you will need to unlist proc_open
from php's disabled functions. PHP relies on that function to call ffmpeg to generate the thumbnails, without that it will fail to do so even if you have it enabled on config.php.
Remove proc_open
from the disabled function in /etc/php81/php-fpm.d/nextcloud.conf:
; Disable certain functions for security reasons. ; http://php.net/disable-functions php_admin_value[disable_functions] = exec,passthru,shell_exec,system,curl_multi_exec,show_source
Now add 'OC\\Preview\\Movie'
to the list of 'enabledPreviewProviders'
and have ffmpeg installed:
apk add ffmpeg
After restarting the fpm service it should start generating thumbnails for videos.
Clients
There are clients available for many platforms, Android included:
- https://nextcloud.org/sync-clients/[Dead Link] (nextcloud Sync clients)
- https://nextcloud.com/install/ (Android client)
nextcloud-client is currently available in the community repo.
Video Communication
One of the major features of Nextcloud 11, available on Alpine 3.6 (currently edge) is a WebRTC app, which relies on Spreed WebRTC server, which is available in the Alpine testing repository. Everything is still beta, so be aware of it :-). If you want a private video conferencing server install Nextcloud using Nginx and do the following (you can use Apache as well and follow the Apache config instructions nextcloud.com):
Put the following config in the server section of Nginx:
# Spreed WebRTC location ^~ /webrtc { proxy_pass http://127.0.0.1:8080; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_buffering on; proxy_ignore_client_abort off; proxy_redirect off; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_next_upstream error timeout invalid_header http_502 http_503 http_504; }
Put the following section in the http section of Nginx:
map $http_upgrade $connection_upgrade { default upgrade; '' close; }
Reload Nginx:
rc-service nginx reload
Install Spreed WedRTC server (make sure you have the testing repository enabled):
apk add spreed-web-server
Using the configuration file in /etc/spreed-webrtc/spreed-webrtc-server.conf follow the instructions at nextcloud.com to configure Spreed WebRTC server. Then start the server:
rc-service spreed-web-server start
rc-update add spreed-web-server
Install the Spreed video calls app in Nextcloud and enjoy your private video calls.
Nextcloud CLI occ
Access to nextcloud's CLI tool occ:
sudo -u nextcloud php82 /usr/share/webapps/nextcloud/occ
Upgrading
If you're using alpine stable, rather than edge, be aware when an upgrade skips a major release version: Nextcloud doesn't support skipping a major release version in its upgrade path. For this reason, alpine also packages the previous nextcloud release as a separate package.