wiki-grav/pages/02.linux/nextcloud/default.en.md

476 lines
11 KiB
Markdown
Raw Normal View History

---
title: Nextcloud
visible: true
---
[toc]
2023-11-24 10:25:48 +01:00
Last modified: 2023-11-24
## Installation
2023-02-19 15:29:32 +01:00
Nextcloud will be using apache
2023-07-11 17:13:49 +02:00
[shroot]
2023-02-19 15:29:32 +01:00
```sh
apt install mlocate apache2 libapache2-mod-php mariadb-client mariadb-server wget unzip bzip2 curl php php-common php-curl php-gd php-mbstring php-mysql php-xml php-zip php-intl php-apcu php-redis php-bcmath php-gmp php-imagick
```
2023-07-11 17:13:49 +02:00
[/shroot]
2023-11-04 21:21:45 +01:00
Enter the MariaDB CLI as the root user
2023-11-02 19:44:49 +01:00
[shroot]
2023-02-19 15:29:32 +01:00
```sh
mariadb -u root -p
```
2023-11-02 19:44:49 +01:00
[/shroot]
2023-02-19 15:29:32 +01:00
```sql
CREATE DATABASE nextcloud;
```
2023-02-19 15:29:32 +01:00
For UTF8 support use this instead:
2023-02-19 15:29:32 +01:00
```sql
CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
2023-02-19 15:34:22 +01:00
GRANT ALL ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY '{PASSWORD}';
2023-02-19 15:29:32 +01:00
FLUSH PRIVILEGES;
```
2023-02-19 15:29:32 +01:00
Exit the MariaDB prompt
2023-02-19 15:29:32 +01:00
Download Nextcloud into `/var/www`
2023-07-11 17:13:49 +02:00
[shroot]
2023-02-19 15:29:32 +01:00
```sh
wget https://download.nextcloud.com/server/releases/nextcloud-[VERSION].tar.bz2
tar -xf nextcloud-[VERSION].tar.bz2
```
2023-02-19 15:29:32 +01:00
2023-07-11 17:13:49 +02:00
[/shroot]
2023-02-19 15:29:32 +01:00
Change owner to the apache user
2023-07-11 17:13:49 +02:00
[shroot]
2023-02-19 15:29:32 +01:00
```sh
chown -Rfv www-data:www-data /var/www/nextcloud
```
2023-07-11 17:13:49 +02:00
[/shroot]
2023-02-19 15:29:32 +01:00
Create nextcloud configuration for apache
2023-07-11 17:13:49 +02:00
[shroot]
2023-02-19 15:29:32 +01:00
```sh
vi /etc/apache2/sites-available/nextcloud.conf
```
2023-07-11 17:13:49 +02:00
[/shroot]
2023-02-19 15:29:32 +01:00
Configuration file
```apacheconf
<VirtualHost *:80> # specify listen ip addresses: ADDRESS:PORT for ipv4, [ADDRESS]:PORT vor ipv6, *:80 for all
2022-08-09 18:40:42 +02:00
ServerAdmin webmaster@localhost
DocumentRoot /var/www/nextcloud
Alias /nextcloud "/var/www/nextcloud/"
2022-08-09 18:40:42 +02:00
<Directory "/var/www/nextcloud/">
Options +FollowSymlinks
AllowOverride All
2022-08-09 18:40:42 +02:00
<IfModule mod_dav.c>
Dav off
</IfModule>
2022-08-09 18:40:42 +02:00
Require all granted
2022-08-09 18:40:42 +02:00
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
2022-08-09 18:40:42 +02:00
ErrorLog ${APACHE_LOG_DIR}/nextcloud_error_log
CustomLog ${APACHE_LOG_DIR}/nextcloud_access_log common
</VirtualHost>
```
2023-02-19 15:29:32 +01:00
Enable nextcloud and disable the default site
2023-07-11 17:13:49 +02:00
[shroot]
2023-02-19 15:29:32 +01:00
```sh
a2ensite nextcloud.conf && a2dissite 000-default.conf
```
2023-07-11 17:13:49 +02:00
[/shroot]
2023-02-19 15:29:32 +01:00
Edit `ports.conf` for apache2 to only bind the addresses you need
2023-07-11 17:13:49 +02:00
[shroot]
2023-02-19 15:29:32 +01:00
```sh
systemctl restart apache2
```
2023-07-11 17:13:49 +02:00
[/shroot]
### PHP Memory Cache
[shroot]
```sh
apt install php-apcu
```
[/shroot]
```php
'memcache.local' => '\OC\Memcache\APCu',
```
2024-01-10 20:15:54 +01:00
Enable APCu for the PHP CLI as well.
2024-01-10 19:53:46 +01:00
2024-01-10 20:15:54 +01:00
`/etc/php/8.2/cli/php.ini`
2024-01-10 19:53:46 +01:00
```
...
apc.enable_cli=1
```
### Redis memcache
[shroot]
```sh
apt install redis php-redis
```
[/shroot]
If Redis is installed on the same machine, unix sockets can be used to communicate.
2024-01-10 20:15:54 +01:00
Enable `unixsocket` in the redis config file located under `/etc/redis/redis.conf`
Uncomment the provided default value
Set `unixsocketperm` to `777`, so the `www-data` webserver user can access it.
_NOTE: There's probably a better way of doing this involving groups, but I wanted to get it working_
Add these lines to `config.php`
```php
'filelocking.enabled' => true,
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
2024-01-10 20:15:54 +01:00
'host' => '/run/redis/redis-server.sock',
'port' => 0,
'timeout' => 0.0,
),
```
2024-01-10 20:15:54 +01:00
Restart the Redis and Apache2 services
[shroot]
```sh
systemctl restart apache2
systemctl restart redis
```
[/shroot]
### Cron
2023-02-19 15:29:32 +01:00
To execute regular jobs, I personally use cron.
2023-02-19 15:29:32 +01:00
Edit `crontab` as the `www-data` user.
2023-07-21 13:17:01 +02:00
[shroot]
2023-07-11 17:13:49 +02:00
2023-02-19 15:29:32 +01:00
```sh
2023-07-21 13:17:01 +02:00
su -s /bin/sh -c 'crontab -e' www-data
2023-02-19 15:29:32 +01:00
```
2023-07-21 13:17:01 +02:00
[/shroot]
2023-07-11 17:13:49 +02:00
2023-02-19 15:29:32 +01:00
Add this following line:
```
*/5 * * * * php -f [NEXTCLOUD DIR]/cron.php
2023-02-19 15:29:32 +01:00
```
### Configuration
2023-02-19 15:29:32 +01:00
The main config file is `[NEXTCLOUD DIR]/config/config.php`
2023-02-19 15:29:32 +01:00
#### Automatic Trash clearing
2023-02-19 15:29:32 +01:00
> [See this page](https://bayton.org/docs/nextcloud/nextcloud-hoarding-trash-how-to-force-automatic-removal-of-deleted-items/) for more options
This settings keeps the files for 15 days, unless drive space is getting low.
2023-02-19 15:29:32 +01:00
In that case it delets them earlier.
2023-07-11 17:13:49 +02:00
```php
2023-02-19 15:29:32 +01:00
'trashbin_retention_obligation' => 'auto, 15',
```
#### Trust Proxy
2023-02-19 15:29:32 +01:00
This disables the warning of untrusted proxy in the webinterface.
2023-07-11 17:13:49 +02:00
```php
'trusted_proxies' =>
array (
0 => '[PROXY IP]',
),
```
#### Trusted Domains
2023-02-19 15:29:32 +01:00
Array of trusted domains.
2023-07-11 17:13:49 +02:00
```php
2023-02-19 15:29:32 +01:00
'trusted_domains' =>
array (
0 => '[DOMAIN 1]',
1 => '[DOMAIN 2]',
),
```
## Maintenance
2023-02-19 15:29:32 +01:00
### Maintenance Mode
2023-02-19 15:29:32 +01:00
Enable maintenance mode to prevent data inconsistencies
2023-07-21 13:17:01 +02:00
[shroot]
2023-07-11 17:13:49 +02:00
2023-02-19 15:29:32 +01:00
```sh
2023-07-21 13:17:01 +02:00
su -s /bin/sh -c 'php /var/www/nextcloud/occ maintenance:mode --on' www-data
2023-02-19 15:29:32 +01:00
```
2023-07-21 13:17:01 +02:00
[/shroot]
2023-07-11 17:13:49 +02:00
2023-02-19 15:29:32 +01:00
To disable maintenance mode again, run the same command with `--off` instead of `--on`
### Upgrade with CLI
2023-02-19 15:29:32 +01:00
2023-07-21 13:17:01 +02:00
[shroot]
2023-07-11 17:13:49 +02:00
2023-02-19 15:29:32 +01:00
```sh
2023-07-21 13:17:01 +02:00
su -s /bin/sh -c 'php /var/www/nextcloud/updater/updater.phar' www-data
2023-02-19 15:29:32 +01:00
```
2023-07-21 13:17:01 +02:00
[/shroot]
2023-07-11 17:13:49 +02:00
Always check the admin status page after an upgrade. Sometimes additional steps are needed to fully complete the upgrade
#### Missing indices in database
The missing indices can be added using `occ`
2023-07-21 13:17:01 +02:00
[shroot]
```sh
2023-07-21 13:17:01 +02:00
su -s /bin/sh -c 'php /var/www/nextcloud/occ db:add-missing-indices' www-data
```
2023-07-21 13:17:01 +02:00
[/shroot]
### Backup Database
2023-02-19 15:29:32 +01:00
Dump database to file
2023-02-19 15:34:22 +01:00
_NOTE: The password needs to be inserted directly after `-p` without any space_
2023-02-19 15:29:32 +01:00
```sh
mysqldump --single-transaction -h [SERVER] -u [USERNAME] -p[PASSWORD] [DB NAME] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
```
2023-02-19 15:29:32 +01:00
> [Official documentation](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html)
#### Backup Script
```sh
#!/bin/bash
set -euo pipefail
server=
username=
password=
db_name=
sudo mkdir -p /var/www/database-backup
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
mysqldump --single-transaction -h $server -u $username -p$password $db_name | sudo tee /var/www/database-backup/nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
```
### Restore Database
2023-02-19 15:29:32 +01:00
```sh
mariadb -h [SERVER] -u [USERNAME] -p[PASSWORD] -e "DROP DATABASE nextcloud"
mariadb -h [SERVER] -u [USERNAME] -p[PASSWORD] -e "CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci"
```
2023-02-19 15:29:32 +01:00
```sh
mariadb -h [SERVER] -u [USERNAME] -p[PASSWORD] [DB NAME] < nextcloud-sqlbkp.bak
2023-02-19 15:29:32 +01:00
```
2022-05-27 16:05:08 +02:00
> [Nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html)
2024-01-10 20:15:54 +01:00
### Plugins
#### Memories
Install `ffmpeg` to enable thumbnail generation for video files.
2023-11-04 21:21:57 +01:00
## Migration
### Tips
- Allow login to the original host as root user
### Steps
- (New host) Install dependencies
- (Original host) Enable maintenance mode
- (Original host) Create database backup
- (New host) Restore database backup
- (New host) Recreate Nextcloud database user
- (New host) Copy full Nextcloud folder
- Preserve the permissions as much as possible (see rsync command below)
- `sudo rsync -a --progress root@172.18.50.101:/var/www/nextcloud /var/www/`
- (New host) Copy apache2 configuration file
- (New host) Enable apache2 Nextcloud site and disable default site
- (New host) Redo php limits configuration
- (New host) Upgrade Nextcloud (required for php 8.2 compatibility)
### Notes on configuration files
#### PHP
##### Apache2: `/etc/php/8.2/apache2/php.ini`
Change `memory_limit` to `1G`
Disable `post_max_size` by setting `0`
Previously used `20G` in the old Nextcloud installation
Change `upload_max_filesize` to `20G`
##### CLI: `/etc/php/8.2/cli/php.ini`
Disable `post_max_size` by setting `0`
Previously used `20G` in the old Nextcloud installation
Change `upload_max_filesize` to `20G`
## Collabora Online Container
2023-02-19 15:29:32 +01:00
2023-07-11 17:20:05 +02:00
! This chapter is unfinished
2022-05-27 16:05:08 +02:00
2023-03-11 20:36:04 +01:00
> [Docker Compose for Nextcloud + Collabora + Traefik?](https://help.nextcloud.com/t/docker-compose-for-nextcloud-collabora-traefik/127733/2)
> [Use HTTPS with Ubuntu 22.04, apache, Nextcloud and Collabora(Docker)](https://help.nextcloud.com/t/use-https-with-ubuntu-22-04-apache-nextcloud-and-collabora-docker/142880)
2023-07-11 17:13:49 +02:00
> [HowTo: Ubuntu + Docker + Nextcloud + Talk + Collabora](https://help.nextcloud.com/t/howto-ubuntu-docker-nextcloud-talk-collabora/76430)
> [Collabora - Installation Guide](https://sdk.collaboraonline.com/docs/installation/index.html)
[shroot]
2023-03-11 20:36:04 +01:00
2023-02-19 15:29:32 +01:00
```sh
podman run -t -d --name collabora-online -p 9980:9980 \
2023-03-16 08:52:19 +01:00
-e "extra_params=--o:ssl.enable=false --o:ssl.termination=true" \
--label "io.containers.autoupdate=image" \
docker.io/collabora/code:latest
```
2023-07-11 17:13:49 +02:00
[/shroot]
2023-03-11 20:36:04 +01:00
```nginx
server {
listen 443 ssl;
server_name collabora.exu.li;
ssl_certificate_key /etc/acme-sh/collabora.exu.li/key.pem;
ssl_certificate /etc/acme-sh/collabora.exu.li/cert.pem;
# static files
location ^~ /browser {
proxy_pass http://172.18.50.101:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://172.18.50.101:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://172.18.50.101:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://172.18.50.101:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass http://172.18.50.101:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass http://172.18.50.101:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
```
## Onlyoffice Container
2023-02-19 15:29:32 +01:00
2023-11-24 10:25:48 +01:00
> This procedure is incomplete. See these links for the additional configurations necessary.
> [jiriks74 Docker-DocumentServer](https://gitea.stefka.eu/jiriks74/Docker-DocumentServer#setting-up-secret-key-with-nextcloud)
> [Onlyoffice-Nextcloud issue 601](https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/601#issuecomment-1089929204)
> [Onlyoffice-Nextcloud issue 153](https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/153#issuecomment-544900501)
Integrating onlyoffice, requires setting the correct Content Security Policy headers on the webserver. Using CSP also introduces blockages in Nextcloud that have to be fixed. The console view is your friend for finding every issue.
For my installation, the headers needed to be set like this.
```
2023-07-11 17:13:49 +02:00
Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: [ONLYOFFICE DOMAIN NAME];"
```
2022-05-27 16:05:08 +02:00
2023-07-11 17:13:49 +02:00
[shroot]
2023-02-19 15:29:32 +01:00
```sh
2023-07-11 17:13:49 +02:00
podman run -itd --name onlyoffice -p 8080:80 \
2023-11-24 10:25:48 +01:00
-e JWT_ENABLED="true" \
-e JWT_SECRET="[SECRET KEY]" \
-e JWT_HEADER="AuthorizationJwt" \
docker.io/onlyoffice/documentserver
2022-05-27 16:05:08 +02:00
```
2023-07-11 17:13:49 +02:00
[/shroot]
> [Installing ONLYOFFICE Docs Community Edition for Docker on a local server](https://helpcenter.onlyoffice.com/installation/docs-community-install-docker.aspx)
> [About the ONLYOFFICE and Nextcloud integration](https://helpcenter.onlyoffice.com/integration/gettingstarted-nextcloud.aspx)
> [Using ONLYOFFICE Docs behind the proxy](https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx)