User Tools

Site Tools


computing:nextcloud

  • Nextcloud
  • Jonathan Haack
  • Haack's Networking
  • netcmnd@jonathanhaack.com

Nextcloud


This tutorial is for a Nextcloud instance on Debian GNU/Linux. For why one would want such a thing, read: The issue with Public Cloud. This tutorial assumes you have LAMP/FEMP and TLS encryption for your site already, and if not, go here:Apache Survivial. So we begin:

sudo apt install apache2-utils php-xml php-curl php-gd php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-fpm wget unzip

Or …

sudo apt-get install php7.4-{bcmath,bz2,zip,xml,curl,gd,cgi,cli,mysql,mbstring,intl,fpm}

Once these are installed, make sure you can enable them and that you have no errors in your configurations:

sudo a2enmod ssl
sudo a2enmod headers
sudo a2enmod proxy_fcgi 
sudo a2enmod setenvif 
sudo a2enconf php7.3-fpm 
sudo sudo apache2ctl configtest

There may be some others for your use case. Assuming you left the webroot in /var/www/html, the next step is downloading nextcloud, moving it to webroot, and setting up proper permissions:

cd /var/www/nextcloud.jonathanhaack.com/
sudo wget https://download.nextcloud.com/server/releases/nextcloud-16.0.3.zip
sudo unzip nextcloud-16.0.3.zip
sudo rm nextcloud-16.0.3.zip
sudo mv nextcloud public_html
cd public_html
sudo chown www-data:www-data -R /var/www/nextcloud.jonathanhaack.com/public_html/ 
sudo mkdir /var/www/nextcloud.jonathanhaack.com/nextclouddata
sudo chown www-data:www-data -R /var/www/nextcloud.jonathanhaack.com/nextclouddata
sudo chmod 750 -R /var/www/nextcloud.jonathanhaack.com/nextclouddata
sudo mkdir -p /var/www/nextcloud.jonathanhaack.com/public_html/data
sudo chmod 0640 *.php *.txt *.html AUTHORS COPYING
sudo chmod 0750 {3rdparty,apps,config,core,data,lib,ocm-provider,ocs,ocs-provider,resources,settings,themes,updater} 
sudo chown root:www-data /var/www/nextcloud.jonathanhaack.com/public_html/
sudo chown www-data:www-data {apps,config,data,themes,updater}  
sudo chmod 0755 /var/www/nextcloud.jonathanhaack.com/public_html/occ
sudo chmod 0644 /var/www/nextcloud.jonathanhaack.com/public_html/.htaccess
sudo chown root:www-data /var/www/nextcloud.jonathanhaack.com/public_html/.htaccess
sudo systemctl restart mysql
sudo systemctl restart mysqld
sudo systemctl restart apache2
sudo systemctl restart php7.3-fpm.service

Prepare MariaDB server for 4-byte characters prior to creating database:

sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

Once inside that file, copy these configurations under the [mysqld] block and restart the service:

innodb_large_prefix=true
innodb_file_format=barracuda
innodb_file_per_table=1

It is now time to set up your database:

sudo mysql -u root -p

Enter your password for sudo and then for MySQL. Once inside MySQL command mode, you will have a “>” prompt. You will need to create a database for Nextcloud, a database user for Nextcloud, give that user permissions over the database as follows:

CREATE DATABASE nextcloud;
CREATE USER nextclouduser@localhost IDENTIFIED BY 'put-password-here';
GRANT ALL PRIVILEGES ON nextcloud.* to nextclouduser@localhost IDENTIFIED BY 'put-password-here';
FLUSH PRIVILEGES;
EXIT;

Let's first restart the web server, php, and mysql:

sudo systemctl restart mysql
sudo systemctl restart apache2
sudo systemctl restart php7.3-fpm.service

Now, visit test.com in your browser and then specify the following configuration options:

  • create new user name: adminname
  • create new user pass: password
  • specify data folder: /var/www/nextclouddata
  • database user name: nextclouduser
  • database name: nextcloud
  • database location: localhost

The first thing to do is to navigate to Settings, Overview. Nextcloud has a built in system recommendation tool that will specify remaining set up optimizations, etc. The first one I needed was to optimize opcache settings, so I opened the opcache file to adjust its settings:

sudo nano /etc/php/7.0/cli/conf.d/10-opcache.ini

I entered the following settings, currently recommended by Nextcloud. You should always check/verify this before copying and pasting:

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

Find the `memory_limit = ` line and change the value to 1G. Sometimes, the memory limit error persists, and you may need to also edit .user.ini inside the nextcloud directory with the following parameters:

cd /var/www/html
sudo nano .user.ini

Add these three lines to the configuration file there (the first two are optional for the memory limit problem, but super helpful for regular use):

  
upload_max_filesize=10G
post_max_size=10G
memory_limit=512M

You may also need to adjust the memory limit for php by to 1G in these locations also:

sudo nano /etc/php/7.3/cli/php.ini
sudo nano /etc/php/7.3/apache2/php.ini

Next, you may get a Header error for your SSL configuration. To adjust that, either adjust your <VirtualHost *:443> as follows:

sudo nano /etc/apache2/sites-enabled/default-ssl.conf

Add the following Header parameter with the other parameters, or anywhere before the </IfModule> marker:

<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>

Lastly, Nextcloud uses an .htaccess file inside the webroot, and in order for that configuration to be utilized, Overrides must be enabled:

sudo nano /etc/apache2/apache2.conf

Scroll down to the web server root section and adjust it to read as follows:

<Directory />
      Options FollowSymLinks
      AllowOverride All
      Require all denied
</Directory>

Also, your cal and card dav need redirects for some reasons a bit unclear to me, so adjust your ssl.conf as follows:

sudo nano /etc/apache2/sites-enabled/default-ssl.conf

Place the following redirects after <VirtualHost> and before any <IfModules>. If you are using a directory called nextcloud for your instance, change the path to reflect that location instead of the web-root as my configuration utilizes:

Redirect 301 /.well-known/carddav /remote.php/dav
Redirect 301 /.well-known/caldav /remote.php/dav

Okay, that is the majority of fundamental configuration details required to have it running smoothly. Here are a few more optional configurations. The first of those is enabling memcache:

sudo apt install php7.0-apcu

After installing the package, make sure to adjust your config.php as follows:

sudo nano /var/www/html/config/config.php

Add the following line to the config file so that Nextcloud knows which program is handling your caching:

'memcache.local' => '\OC\Memcache\APCu',

Lastly, I ran into an error that stated that the database I created above was not set to handle “13 big integers” which are used to “store identifiers and auto-increment keys in the database.” First, disable the apache and php services and take your instance offline:

sudo systemctl stop apache2
sudo systemctl stop php7.0-fpm

Now that your services are stopped, you can safely run Netcloud's “occ” program which will identify the tables that require updating and prompt you to adjust them (> v.12). They do warn this can take some time, so I recommend doing this on your fresh instance before you have accumulated lots of data (if not, email me as I did find the solution for manually altering the db and tables):

sudo -u www-data php occ db:convert-filecache-bigint

Follow the prompts, and then run it again once it completes in order to verify that “All tables are already up to date!” Ok …, almost done, but some apps require a cron job to update cron.php instead of ajax running, so in that case

sudo crontab -e -u www-data
<*/5  *  *  *  * php -f /var/www/codetalkers.group/public_html/cron.php>

Ok, now you can run the News app and others … phew! Fine tuning server

sudo nano /etc/php/7.2/fpm/pool.d/www.conf
https://docs.nextcloud.com/server/16/admin_manual/installation/server_tuning.html

For a 4GB server:

pm = dynamic
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 18

For a 1GB server, use defaults:

pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

Time to restart services …

sudo systemctl restart mysql

sudo systemctl restart mysqld
sudo systemctl restart apache2
sudo systemctl restart php7.0-fpm.service
sudo reboot

To reset permissions after an update:

cd /var/www/codetalkers.group/public_html/
sudo chown www-data:www-data -R /var/www/codetalkers.group/public_html/* 
sudo chown www-data:www-data -R /var/www/codetalkers.group/nextclouddata
sudo chmod 0640 *.php *.txt *.html AUTHORS COPYING
sudo chmod 0750 {3rdparty,apps,config,core,data,lib,ocm-provider,ocs,ocs-provider,resources,settings,themes,updater} 
sudo chown root:www-data /var/www/codetalkers.group/public_html
sudo chown www-data:www-data {apps,config,data,themes,updater}  
sudo chmod 0755 /var/www/codetalkers.group/public_html/occ
sudo chmod 0644 /var/www/codetalkers.group/public_html/.htaccess
sudo chown root:www-data /var/www/codetalkers.group/public_html/.htaccess
sudo systemctl restart mysql
sudo systemctl restart mysqld
sudo systemctl restart apache2pm = dynamic
sudo systemctl restart php7.3-fpm.service

Need to manually move files from an old NAS or elsewhere to Nextcloud:

sudo -u www-data php /var/www/html/nextcloud/occ files:scan --all
sudo -u www-data php occ files:scan --path=/heather/files/
sudo -u www-data php occ files:scan --help

And to update,

cd /var/www/nextcloud.jonathanhaack.com/public_html/updater/
sudo -u www-data php updater.phar

Okay, and for Nextcloud Talk configuration, you need a Turn server for video chat to work:

sudo apt install coturn
sudo nano /etc/turnserver.conf
openssl rand -hex 32

The Nextcloud guide recommends these minimum values:

listening-port=3478
fingerprint
use-auth-secret
static-auth-secret=<use hex key from last step above>
realm=your.domain.org
total-quota=100
bps-capacity=0
stale-nonce
no-multicast-peers
systemctl restart coturn

After doing this, go to Nextcloud / Settings / Talk, and enter localhost:3478 for the TURN server, and put the same hex key from above in for the secret key field. Restart all your services and test - should work. Some apps, like the Community Document Server, take too long to download for the default php settings. In this case, extend the execution time:

sudo nano /etc/php/7.3/cli/php.ini
sudo nano /etc/php/7.3/apache2/php.ini
sudo nano /etc/php/7.3/fpm/php.ini
sudo nano /var/www/html/.user.ini
max_excution_time = 240 (for all of them)

Now, try to down the server again and it should not time out.

oemb1905 2020/05/02 15:02

computing/nextcloud.txt · Last modified: 2020/08/23 14:26 by oemb1905