wiki-grav/pages/02.linux/nextcloud/default.en.md

---
title: Nextcloud
visible: true
---

[toc]

## Installation

Nextcloud will be using apache

```sh
apt install mlocate apache2 libapache2-mod-php mariadb-client mariadb-server wget unzip bzip2 curl php php-common php-curl php-gd php-mbstring php-mysql php-xml php-zip php-intl php-apcu php-redis php-bcmath php-gmp php-imagick
```

Not found: `php-http-request python-certbot-apache`

No password set

```sh
mariadb -u root -p
```

```sql
CREATE DATABASE nextcloud;
```

For UTF8 support use this instead:

```sql
CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY '{PASSWORD}';
FLUSH PRIVILEGES;
```

Exit the MariaDB prompt

Download Nextcloud into `/var/www`

```sh
wget https://download.nextcloud.com/server/releases/nextcloud-{VERSION}.tar.bz2
tar -xf nextcloud-{VERSION}.tar.bz2
```

Change owner to the apache user

```sh
chown -Rfv www-data:www-data /var/www/nextcloud
```

Create nextcloud configuration for apache

```sh
vi /etc/apache2/sites-available/nextcloud.conf
```

Configuration file

```apacheconf
<VirtualHost *:80> #specify listen ip addresses: {ADDRESS}:{PORT} for ipv4, [{ADDRESS}]:{PORT} vor ipv6, *:80 for all
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/nextcloud
        Alias /nextcloud "/var/www/nextcloud/"

        <Directory "/var/www/nextcloud/">
                Options +FollowSymlinks
                AllowOverride All

                <IfModule mod_dav.c>
                        Dav off
                </IfModule>

                Require all granted

                SetEnv HOME /var/www/nextcloud
                SetEnv HTTP_HOME /var/www/nextcloud
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/nextcloud_error_log
        CustomLog ${APACHE_LOG_DIR}/nextcloud_access_log common
</VirtualHost>
```

Enable nextcloud and disable the default site

```sh
a2ensite nextcloud.conf && a2dissite 000-default.conf
```

Edit `ports.conf` for apache2 to only bind the addresses you need

```sh
systemctl restart apache2
```

### Cron

To execute regular jobs, I personally use cron.  
Edit `crontab` as the `www-data` user.

```sh
sudo -u www-data crontab -e
```

Add this following line:

```
*/5 * * * * php -f {NEXTCLOUD DIR}/cron.php
```

### Configuration

The main config file is `{NEXTCLOUD DIR}/config/config.php`

#### Automatic Trash clearing

> [See this page](https://bayton.org/docs/nextcloud/nextcloud-hoarding-trash-how-to-force-automatic-removal-of-deleted-items/) for more options

This settings keeps the files for 15 days, unless drive space is getting low.  
In that case it delets them earlier.

```
'trashbin_retention_obligation' => 'auto, 15',
```

#### Trust Proxy

This disables the warning of untrusted proxy in the webinterface.

```
'trusted_proxies' =>
    array (
	      0 => '{PROXY IP}',
),
```

#### Trusted Domains

Array of trusted domains.

```
'trusted_domains' =>
    array (
        0 => '{DOMAIN 1}',
        1 => '{DOMAIN 2}',
),
```

## Maintenance

### Maintenance Mode

Enable maintenance mode to prevent data inconsistencies

```sh
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
```

To disable maintenance mode again, run the same command with `--off` instead of `--on`

### Upgrade with CLI

```sh
sudo -u www-data php /var/www/nextcloud/updater/updater.phar
```

### Backup Database

Dump database to file

_NOTE: The password needs to be inserted directly after `-p` without any space_

```sh
mysqldump --single-transaction -h {SERVER} -u {USERNAME} -p{PASSWORD} {DB NAME} > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
```

> [Official documentation](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html)

#### Backup Script

```sh
#!/bin/bash
set -euo pipefail

server=
username=
password=
db_name=

sudo mkdir -p /var/www/database-backup

sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on

mysqldump --single-transaction -h $server -u $username -p$password $db_name | sudo tee /var/www/database-backup/nextcloud-sqlbkp_`date +"%Y%m%d"`.bak

sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
```

### Restore Database

```sh
mariadb -h {SERVER} -u {USERNAME} -p{PASSWORD} -e "DROP DATABASE nextcloud"
mariadb -h {SERVER} -u {USERNAME} -p{PASSWORD} -e "CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci"
```

```sh
mariadb -h {SERVER} -u {USERNAME} -p{PASSWORD} {DB NAME} < nextcloud-sqlbkp.bak
```

> [Nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html)

## Collabora Online Container

> Unfinished

> [Docker Compose for Nextcloud + Collabora + Traefik?](https://help.nextcloud.com/t/docker-compose-for-nextcloud-collabora-traefik/127733/2)  
> [Use HTTPS with Ubuntu 22.04, apache, Nextcloud and Collabora(Docker)](https://help.nextcloud.com/t/use-https-with-ubuntu-22-04-apache-nextcloud-and-collabora-docker/142880)  
> [HowTo: Ubuntu + Docker + Nextcloud + Talk + Collabora](https://help.nextcloud.com/t/howto-ubuntu-docker-nextcloud-talk-collabora/76430)

```sh
podman run -t -d --name collabora-online -p 9980:9980 \
    -e "extra_params=--o:ssl.enable=false --o:ssl.termination=true" \
    --label "io.containers.autoupdate=image" \
    docker.io/collabora/code:latest
```

```nginx
server {
    listen 443 ssl;
    server_name  collabora.exu.li;

    ssl_certificate_key /etc/acme-sh/collabora.exu.li/key.pem;
    ssl_certificate /etc/acme-sh/collabora.exu.li/cert.pem;

    # static files
    location ^~ /browser {
      proxy_pass http://172.18.50.101:9980;
      proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
      proxy_pass http://172.18.50.101:9980;
      proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
      proxy_pass http://172.18.50.101:9980;
      proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/cool/(.*)/ws$ {
      proxy_pass http://172.18.50.101:9980;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $http_host;
      proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/(c|l)ool {
      proxy_pass http://172.18.50.101:9980;
      proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /cool/adminws {
      proxy_pass http://172.18.50.101:9980;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $http_host;
      proxy_read_timeout 36000s;
    }
}
```

## Onlyoffice Container

> Unfinished

```sh
podman run -it -d --name onlyoffice -p 9480:80 \
    --restart always \
    --label "io.containers.autoupdate=image" \
    docker.io/onlyoffice/documentserver:latest
```