RealStickman
32898d0bf3
Requires CSP and how I set it Podman command for Onlyoffice just sets the token Multiple links on Installation, integration and proxy configuration linked
297 lines
7.5 KiB
Markdown
297 lines
7.5 KiB
Markdown
---
|
|
title: Nextcloud
|
|
visible: true
|
|
---
|
|
|
|
[toc]
|
|
|
|
## Installation
|
|
|
|
Nextcloud will be using apache
|
|
|
|
```sh
|
|
apt install mlocate apache2 libapache2-mod-php mariadb-client mariadb-server wget unzip bzip2 curl php php-common php-curl php-gd php-mbstring php-mysql php-xml php-zip php-intl php-apcu php-redis php-bcmath php-gmp php-imagick
|
|
```
|
|
|
|
Not found: `php-http-request python-certbot-apache`
|
|
|
|
No password set
|
|
|
|
```sh
|
|
mariadb -u root -p
|
|
```
|
|
|
|
```sql
|
|
CREATE DATABASE nextcloud;
|
|
```
|
|
|
|
For UTF8 support use this instead:
|
|
|
|
```sql
|
|
CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
|
|
GRANT ALL ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY '{PASSWORD}';
|
|
FLUSH PRIVILEGES;
|
|
```
|
|
|
|
Exit the MariaDB prompt
|
|
|
|
Download Nextcloud into `/var/www`
|
|
|
|
```sh
|
|
wget https://download.nextcloud.com/server/releases/nextcloud-{VERSION}.tar.bz2
|
|
tar -xf nextcloud-{VERSION}.tar.bz2
|
|
```
|
|
|
|
Change owner to the apache user
|
|
|
|
```sh
|
|
chown -Rfv www-data:www-data /var/www/nextcloud
|
|
```
|
|
|
|
Create nextcloud configuration for apache
|
|
|
|
```sh
|
|
vi /etc/apache2/sites-available/nextcloud.conf
|
|
```
|
|
|
|
Configuration file
|
|
|
|
```apacheconf
|
|
<VirtualHost *:80> #specify listen ip addresses: {ADDRESS}:{PORT} for ipv4, [{ADDRESS}]:{PORT} vor ipv6, *:80 for all
|
|
ServerAdmin webmaster@localhost
|
|
DocumentRoot /var/www/nextcloud
|
|
Alias /nextcloud "/var/www/nextcloud/"
|
|
|
|
<Directory "/var/www/nextcloud/">
|
|
Options +FollowSymlinks
|
|
AllowOverride All
|
|
|
|
<IfModule mod_dav.c>
|
|
Dav off
|
|
</IfModule>
|
|
|
|
Require all granted
|
|
|
|
SetEnv HOME /var/www/nextcloud
|
|
SetEnv HTTP_HOME /var/www/nextcloud
|
|
</Directory>
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/nextcloud_error_log
|
|
CustomLog ${APACHE_LOG_DIR}/nextcloud_access_log common
|
|
</VirtualHost>
|
|
```
|
|
|
|
Enable nextcloud and disable the default site
|
|
|
|
```sh
|
|
a2ensite nextcloud.conf && a2dissite 000-default.conf
|
|
```
|
|
|
|
Edit `ports.conf` for apache2 to only bind the addresses you need
|
|
|
|
```sh
|
|
systemctl restart apache2
|
|
```
|
|
|
|
### Cron
|
|
|
|
To execute regular jobs, I personally use cron.
|
|
Edit `crontab` as the `www-data` user.
|
|
|
|
```sh
|
|
sudo -u www-data crontab -e
|
|
```
|
|
|
|
Add this following line:
|
|
|
|
```
|
|
*/5 * * * * php -f {NEXTCLOUD DIR}/cron.php
|
|
```
|
|
|
|
### Configuration
|
|
|
|
The main config file is `{NEXTCLOUD DIR}/config/config.php`
|
|
|
|
#### Automatic Trash clearing
|
|
|
|
> [See this page](https://bayton.org/docs/nextcloud/nextcloud-hoarding-trash-how-to-force-automatic-removal-of-deleted-items/) for more options
|
|
|
|
This settings keeps the files for 15 days, unless drive space is getting low.
|
|
In that case it delets them earlier.
|
|
|
|
```
|
|
'trashbin_retention_obligation' => 'auto, 15',
|
|
```
|
|
|
|
#### Trust Proxy
|
|
|
|
This disables the warning of untrusted proxy in the webinterface.
|
|
|
|
```
|
|
'trusted_proxies' =>
|
|
array (
|
|
0 => '{PROXY IP}',
|
|
),
|
|
```
|
|
|
|
#### Trusted Domains
|
|
|
|
Array of trusted domains.
|
|
|
|
```
|
|
'trusted_domains' =>
|
|
array (
|
|
0 => '{DOMAIN 1}',
|
|
1 => '{DOMAIN 2}',
|
|
),
|
|
```
|
|
|
|
## Maintenance
|
|
|
|
### Maintenance Mode
|
|
|
|
Enable maintenance mode to prevent data inconsistencies
|
|
|
|
```sh
|
|
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
|
|
```
|
|
|
|
To disable maintenance mode again, run the same command with `--off` instead of `--on`
|
|
|
|
### Upgrade with CLI
|
|
|
|
```sh
|
|
sudo -u www-data php /var/www/nextcloud/updater/updater.phar
|
|
```
|
|
|
|
### Backup Database
|
|
|
|
Dump database to file
|
|
|
|
_NOTE: The password needs to be inserted directly after `-p` without any space_
|
|
|
|
```sh
|
|
mysqldump --single-transaction -h {SERVER} -u {USERNAME} -p{PASSWORD} {DB NAME} > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
|
|
```
|
|
|
|
> [Official documentation](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html)
|
|
|
|
#### Backup Script
|
|
|
|
```sh
|
|
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
server=
|
|
username=
|
|
password=
|
|
db_name=
|
|
|
|
sudo mkdir -p /var/www/database-backup
|
|
|
|
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
|
|
|
|
mysqldump --single-transaction -h $server -u $username -p$password $db_name | sudo tee /var/www/database-backup/nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
|
|
|
|
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
|
|
```
|
|
|
|
### Restore Database
|
|
|
|
```sh
|
|
mariadb -h {SERVER} -u {USERNAME} -p{PASSWORD} -e "DROP DATABASE nextcloud"
|
|
mariadb -h {SERVER} -u {USERNAME} -p{PASSWORD} -e "CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci"
|
|
```
|
|
|
|
```sh
|
|
mariadb -h {SERVER} -u {USERNAME} -p{PASSWORD} {DB NAME} < nextcloud-sqlbkp.bak
|
|
```
|
|
|
|
> [Nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html)
|
|
|
|
## Collabora Online Container
|
|
|
|
> Unfinished
|
|
|
|
> [Docker Compose for Nextcloud + Collabora + Traefik?](https://help.nextcloud.com/t/docker-compose-for-nextcloud-collabora-traefik/127733/2)
|
|
> [Use HTTPS with Ubuntu 22.04, apache, Nextcloud and Collabora(Docker)](https://help.nextcloud.com/t/use-https-with-ubuntu-22-04-apache-nextcloud-and-collabora-docker/142880)
|
|
> [HowTo: Ubuntu + Docker + Nextcloud + Talk + Collabora](https://help.nextcloud.com/t/howto-ubuntu-docker-nextcloud-talk-collabora/76430)
|
|
|
|
```sh
|
|
podman run -t -d --name collabora-online -p 9980:9980 \
|
|
-e "extra_params=--o:ssl.enable=false --o:ssl.termination=true" \
|
|
--label "io.containers.autoupdate=image" \
|
|
docker.io/collabora/code:latest
|
|
```
|
|
|
|
```nginx
|
|
server {
|
|
listen 443 ssl;
|
|
server_name collabora.exu.li;
|
|
|
|
ssl_certificate_key /etc/acme-sh/collabora.exu.li/key.pem;
|
|
ssl_certificate /etc/acme-sh/collabora.exu.li/cert.pem;
|
|
|
|
# static files
|
|
location ^~ /browser {
|
|
proxy_pass http://172.18.50.101:9980;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
# WOPI discovery URL
|
|
location ^~ /hosting/discovery {
|
|
proxy_pass http://172.18.50.101:9980;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
# Capabilities
|
|
location ^~ /hosting/capabilities {
|
|
proxy_pass http://172.18.50.101:9980;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
# main websocket
|
|
location ~ ^/cool/(.*)/ws$ {
|
|
proxy_pass http://172.18.50.101:9980;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_set_header Host $http_host;
|
|
proxy_read_timeout 36000s;
|
|
}
|
|
|
|
# download, presentation and image upload
|
|
location ~ ^/(c|l)ool {
|
|
proxy_pass http://172.18.50.101:9980;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
# Admin Console websocket
|
|
location ^~ /cool/adminws {
|
|
proxy_pass http://172.18.50.101:9980;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_set_header Host $http_host;
|
|
proxy_read_timeout 36000s;
|
|
}
|
|
}
|
|
```
|
|
|
|
## Onlyoffice Container
|
|
|
|
Integrating onlyoffice, requires setting the correct Content Security Policy headers on the webserver. Using CSP also introduces blockages in Nextcloud that have to be fixed. The console view is your friend for finding every issue.
|
|
For my installation, the headers needed to be set like this.
|
|
|
|
```
|
|
Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: onlyoffice.exu.li;"
|
|
```
|
|
|
|
```sh
|
|
sudo podman run -itd --name onlyoffice -p 8080:80 \
|
|
-e JWT_SECRET={secret key} \
|
|
docker.io/onlyoffice/documentserver
|
|
```
|
|
|
|
> [Installing ONLYOFFICE Docs Community Edition for Docker on a local server](https://helpcenter.onlyoffice.com/installation/docs-community-install-docker.aspx)
|
|
> [About the ONLYOFFICE and Nextcloud integration](https://helpcenter.onlyoffice.com/integration/gettingstarted-nextcloud.aspx)
|
|
> [Using ONLYOFFICE Docs behind the proxy](https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx)
|