Nextcloud: Difference between revisions
| m (added mariadb package to installation) |  (changed php version for nginx to 7 also added $path uncommenting) | ||
| Line 58: | Line 58: | ||
| === Nginx === | === Nginx === | ||
| Install the needed packages | Install the needed packages | ||
| {{cmd|apk add nginx  | {{cmd|apk add nginx php7-fpm}} | ||
| '''Remove/comment''' any section like this in | '''Remove/comment''' any section like this in | ||
| Line 137: | Line 137: | ||
| </pre> | </pre> | ||
| Set user and group for php-fpm in /etc/ | Set user and group for php-fpm in /etc/php7/php-fpm.d/www.conf | ||
| <pre> | <pre> | ||
| ... | ... | ||
| Line 145: | Line 145: | ||
| </pre> | </pre> | ||
| {{Note|If you are serving serveral users make sure to tune the *''children'' settings in /etc/ | {{Note|If you are serving serveral users make sure to tune the *''children'' settings in /etc/php7/php-fpm.d/www.conf}} | ||
| Also enable $PATH by uncommenting the following lines in /etc/php7/php-fpm.d/www.conf | |||
| <pre> | |||
| ... | |||
| env[HOSTNAME] = $HOSTNAME | |||
| env[PATH] = /usr/local/bin:/usr/bin:/bin | |||
| env[TMP] = /tmp | |||
| env[TMPDIR] = /tmp | |||
| env[TEMP] = /tmp | |||
| ... | |||
| </pre> | |||
| Make nginx user member of www-data group | Make nginx user member of www-data group | ||
Revision as of 10:52, 12 August 2018
Nextcloud is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. Nextcloud is a fork of ownCloud with enterprise features included.
Installation
nextcloud is available from Alpine 3.5 and greater.
Before you start installing anything, make sure you have latest packages available. Make sure you are using a 'http' repository in your /etc/apk/repositories and then run:
apk update
Database
First you have to decide which database to use. Follow one of the below database alternatives.
Sqlite
All you need to do is to install the package
apk add nextcloud-sqlite
PostgreSQL
Install the package
apk add nextcloud-pgsql
Next thing is to configure and start the database
/etc/init.d/postgresql setup /etc/init.d/postgresql start
Next you need to create a user, and temporary grant CREATEDB privilege.
psql -U postgres CREATE USER mycloud WITH PASSWORD 'test123'; ALTER ROLE mycloud CREATEDB; \q
MariaDB
Install the package
apk add nextcloud-mysql mariadb mariadb-client
Now configure and start mariadb
/etc/init.d/mariadb setup /etc/init.d/mariadb start /usr/bin/mysql_secure_installation
Follow the wizard to setup passwords etc.
Next you need to create a user, database and set permissions.
mysql -u root -p CREATE DATABASE nextcloud; GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123'; GRANT ALL ON nextcloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123'; FLUSH PRIVILEGES; EXIT
mariadb-client is not needed anymore. Let's uninstall it:
apk del mariadb-client
Webserver
Next thing is to choose, install and configure a webserver. In this example we will install nginx or lighttpd. Nginx is preferred over Lighttpd since the latter when working with large files will consume a lot of memory (see lighty bug #1283). You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. We're not explaining how to generate an SSL certificate for your webserver.
Nginx
Install the needed packages
apk add nginx php7-fpm
Remove/comment any section like this in
Contents of /etc/nginx/nginx.conf
Include the following directive in
Contents of /etc/nginx/nginx.conf
Create a directory for your websites
mkdir /etc/nginx/sites-available
Create a configuration file for your site in /etc/nginx/sites-available/mysite.mydomain.com
server {
        #listen       [::]:80; #uncomment for IPv6 support
        listen       80;
	return 301 https://$host$request_uri;
	server_name mysite.mydomain.com;
}
server {
        #listen       [::]:443 ssl; #uncomment for IPv6 support
        listen       443 ssl;
        server_name  mysite.mydomain.com;
	root /var/www/vhosts/mysite.mydomain.com/www;
        index  index.php index.html index.htm;
	disable_symlinks off;
        ssl_certificate      /etc/ssl/cert.pem;
        ssl_certificate_key  /etc/ssl/key.pem;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        #Enable Perfect Forward Secrecy and ciphers without known vulnerabilities
        #Beware! It breaks compatibility with older OS and browsers (e.g. Windows XP, Android 2.x, etc.)
	#ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA;
        #ssl_prefer_server_ciphers  on;
        location / {
            try_files $uri $uri/ /index.html;
        }
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        location ~ [^/]\.php(/|$) {
                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                if (!-f $document_root$fastcgi_script_name) {
                        return 404;
                }
                fastcgi_pass 127.0.0.1:9000;
		#fastcgi_pass unix:/run/php-fpm/socket;
                fastcgi_index index.php;
                include fastcgi.conf;
	}
}
If you are running-from-RAM and you're dealing with large files you might need to move the FastCGI temp file from /tmp to /var/tmp or to a directory that is mounted on hdd
fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;
Large files upload takes sometime to be processed by php-fpm. So you need to bump the Nginx read default timeout:
fastcgi_read_timeout 300s;
Set user and group for php-fpm in /etc/php7/php-fpm.d/www.conf
... user = nginx group = www-data ...
Also enable $PATH by uncommenting the following lines in /etc/php7/php-fpm.d/www.conf
... env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp ...
Make nginx user member of www-data group
addgroup nginx www-data
Enable your website
ln -s ../sites-available/mysite.mydomain.com /etc/nginx/sites-enabled/mysite.mydomain.com
Start services
rc-service php-fpm start rc-service nginx start
Lighttpd
Install the package
apk add lighttpd php5-cgi
Make sure you have FastCGI enabled in lighttpd:
Contents of /etc/lighttpd/lighttpd.conf
Start up the webserver
/etc/init.d/lighttpd start
Link nextcloud installation to web server directory:
ln -s /usr/share/webapps/nextcloud /var/www/localhost/htdocs
Other settings
Hardening
Consider updating the variable url.access-deny in /etc/lighttpd/lighttpd.conf for additional security. Add "config.php" to the variable (that's where the database is stored) so it looks something like this:
Contents of /etc/lighttpd/lighttpd.conf
Restart lighttpd to activate the changes
/etc/init.d/lighttpd restart
Additional packages
Some large apps, such as pdfviewer, texteditor, notifications and videoplayer are in separate package:
apk add nextcloud-pdfviewer nextcloud-texteditor nextcloud-notifications nextcloud-videoplayer
Configure and use Nextcloud
Configure
Point your browser at https://mysite.mydomain.com and follow the on-screen instructions to complete the installation, supplying the database user and password created before.
Hardening PostgreSQL
If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:
psql -U postgres ALTER ROLE mycloud NOCREATEDB; \q
Increase upload size
Default configuration for php is limited to 2Mb file size. You might want to increase that size by editing the /etc/php/php.ini and change the following values to something that suits you:
upload_max_filesize = 2M post_max_size = 8M
Clients
There are clients available for many platforms, Android included:
- http://nextcloud.org/sync-clients/ (nextcloud Sync clients)
- http://nextcloud.org/support/android/ (Android client)
nextcloud-client is currently available in the testing repo.
Video Communication
One of the major features of Nextcloud 11, available on Alpine 3.6 (currently edge) is a WebRTC app, which relies on Spreed WebRTC server, which is available in the Alpine testing repository. Everything is still beta, so be aware of it :-). If you want a private video conferencing server install Nextcloud using Nginx and do the following (you can use Apache as well and follow the Apache config instructions nextcloud.com):
Put the following config in the server section of Nginx:
# Spreed WebRTC
location ^~ /webrtc {
  proxy_pass http://127.0.0.1:8080;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_buffering             on;
  proxy_ignore_client_abort   off;
  proxy_redirect              off;
  proxy_connect_timeout       90;
  proxy_send_timeout          90;
  proxy_read_timeout          90;
  proxy_buffer_size           4k;
  proxy_buffers               4 32k;
  proxy_busy_buffers_size     64k;
  proxy_temp_file_write_size  64k;
  proxy_next_upstream         error timeout invalid_header http_502 http_503 http_504;
}
Put the following section in the http section of Nginx:
map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}
Reload Nginx:
rc-service nginx reload
Install Spreed WedRTC server (make sure you have the testing repository enabled):
apk add spreed-web-server
Using the configuration file in /etc/spreed-webrtc/spreed-webrtc-server.conf follow the instructions at nextcloud.com to configure Spreed WebRTC server. Then start the server:
rc-service spreed-web-server start
rc-update add spreed-web-server
Install the Spreed video calls app in Nextcloud and enjoy your private video calls.