Difference between revisions of "Nextcloud"

From ArchWiki
Jump to navigation Jump to search
m (→‎Optimize your instance: - fix config typo)
 
(80 intermediate revisions by 32 users not shown)
Line 10: Line 10:
 
{{Related articles end}}
 
{{Related articles end}}
  
From [[Wikipedia:Nextcloud|Wikipedia]]:
+
From [[Wikipedia:Nextcloud]]:
  
 
:Nextcloud is a suite of client-server software for creating and using file hosting services. It is functionally similar to Dropbox, although Nextcloud is free and open-source, allowing anyone to install and operate it on a private server. In contrast to proprietary services like Dropbox, the open architecture allows adding additional functionality to the server in form of applications.
 
:Nextcloud is a suite of client-server software for creating and using file hosting services. It is functionally similar to Dropbox, although Nextcloud is free and open-source, allowing anyone to install and operate it on a private server. In contrast to proprietary services like Dropbox, the open architecture allows adding additional functionality to the server in form of applications.
  
Nextcloud is a fork of ownCloud. For differences between the two, see [[wikipedia:Nextcloud#Differences from ownCloud]].
+
Nextcloud is a fork of ownCloud. For differences between the two, see [[wikipedia:Nextcloud#Differences to ownCloud]].
  
 
== Prerequisites ==
 
== Prerequisites ==
Nextcloud requires several components:
+
 
 +
Nextcloud requires several components:[https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server]
 +
 
 
* A web server: [[Apache]] or [[nginx]]
 
* A web server: [[Apache]] or [[nginx]]
* A database: [[MariaDB]] or [[PostgreSQL]]
+
* A database: [[MariaDB]]/MySQL, [[PostgreSQL]], [[SQLite]] or [[Oracle]]
* [[PHP]] with [[#PHP_setup|additional modules]].
+
* [[PHP]] with [[#PHP setup|additional modules]]
  
 
These will be configured in [[#Setup]].
 
These will be configured in [[#Setup]].
Line 29: Line 31:
  
 
[[Install]] the {{Pkg|nextcloud}} package.
 
[[Install]] the {{Pkg|nextcloud}} package.
 
== Setup ==
 
 
As stated above, in order to setup Nextcloud, you must set up the appropriate PHP requirements;
 
additionally, you must configure a database and a webserver.
 
  
 
=== Pacman hook ===
 
=== Pacman hook ===
  
To do nextcloud database upgrade automatically you may set up pacman post upgrade hook based on following example:
+
To upgrade the Nextcloud database automatically on updates, you may want to create a [[pacman hook]]:
  
  # Update Nextcloud when core or -apps are touched
+
{{hc|/etc/pacman.d/hooks/nextcloud.hook|2=
 +
[Trigger]
 +
Operation = Install
 +
Operation = Upgrade
 +
Type = Package
 +
Target = nextcloud
 +
Target = nextcloud-app-*
 
    
 
    
  [Trigger]
+
[Action]
  Operation = Install
+
Description = Update Nextcloud installation
  Operation = Upgrade
+
When = PostTransaction
  Type = Package
+
Exec = /usr/bin/runuser -u http -- /usr/bin/php /usr/share/webapps/nextcloud/occ upgrade
  Target = nextcloud
+
}}
  Target = nextcloud-app-*
 
 
 
  [Action]
 
  Description = Updating Nextcloud installation
 
  When = PostTransaction
 
  Exec = /usr/bin/runuser -u http -- /usr/bin/php /usr/share/webapps/nextcloud/occ upgrade
 
  
You need to put it into /etc/pacman.d/hooks/nextcloud.hook if you did not customize HookDir in pacman.conf.
+
== Setup ==
  
See also [[Pacman#Hooks]]
+
As stated above, in order to setup Nextcloud, you must set up the appropriate PHP requirements;
 +
additionally, you must configure a database and a webserver.
  
 
=== PHP setup ===
 
=== PHP setup ===
  
{{Tip|For all prerequisite PHP modules, see upstream documentation: [https://docs.nextcloud.com/server/13/admin_manual/installation/source_installation.html#prerequisites-label Nextcloud 13.0].}}
+
{{Tip|For all prerequisite PHP modules, see [https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-label upstream documentation].}}
  
Install [[PHP#gd]] and {{pkg|php-intl}} as additional modules.
+
Install [[PHP#gd]] and {{pkg|php-intl}} as additional modules. Configure [[PHP#OPCache|OPcache]] as recommended by [https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache the documentation].
  
Some apps (''News'' for example) require the iconv extension, if you wish to use these apps, uncomment the extension in {{ic|/etc/php/php.ini}}.
+
Some apps (''News'' for example) require the {{ic|iconv}} extension, if you wish to use these apps, uncomment the extension in {{ic|/etc/php/php.ini}}.
  
 
Depending on which database backend will be used:
 
Depending on which database backend will be used:
 +
 
* For [[MySQL]], see [[PHP#MySQL/MariaDB]].
 
* For [[MySQL]], see [[PHP#MySQL/MariaDB]].
 
* For [[PostgreSQL]], see [[PHP#PostgreSQL]].
 
* For [[PostgreSQL]], see [[PHP#PostgreSQL]].
Line 71: Line 70:
  
 
Performance may be improved through the implementation of [[PHP#Caching|caching]], see
 
Performance may be improved through the implementation of [[PHP#Caching|caching]], see
[https://docs.nextcloud.com/server/13/admin_manual/configuration_server/caching_configuration.html Configuring Memory Caching]
+
[https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/caching_configuration.html Configuring Memory Caching]
 
on the official documentation for details.
 
on the official documentation for details.
  
Line 81: Line 80:
 
==== MariaDB ====
 
==== MariaDB ====
  
{{Accuracy|The binlog recommendation has been [https://github.com/nextcloud/documentation/commit/6ccd2c5678b85d35a8673d784bef5c6c89e7ecb9#diff-27b4245c9fd22feeaf62bee2e794d095 removed from the upstream documentation]. Is it still valid?}}
+
It is recommended to set up an own database and user when using [[MariaDB]]:
{{Note|It's is highly recommended to set {{ic|binlog_format}} to ''mixed'' [https://docs.nextcloud.com/server/11/admin_manual/configuration_database/linux_database_configuration.html#db-binlog-label] in {{ic|/etc/mysql/my.cnf}}.}}
 
 
 
The following is an example of setting up a [[MariaDB]] database and user:
 
  
 
{{hc|$ mysql -u root -p|2=
 
{{hc|$ mysql -u root -p|2=
mysql> CREATE DATABASE `'''nextcloud'''` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
+
mysql> CREATE DATABASE '''nextcloud''' DEFAULT CHARACTER SET 'utf8' COLLATE 'utf8_unicode_ci';
mysql> CREATE USER `'''nextcloud'''`@'localhost' IDENTIFIED BY ''''password'''';
+
mysql> GRANT ALL PRIVILEGES ON '''nextcloud'''.* TO ''''nextcloud''''@'localhost' IDENTIFIED BY ''''password'''';
mysql> GRANT ALL PRIVILEGES ON `'''nextcloud'''`.* TO `'''nextcloud'''`@`localhost`;
+
mysql> FLUSH PRIVILEGES;
 
mysql> \q
 
mysql> \q
 
}}
 
}}
 +
 +
{{Note|Create or convert the database with MySQL 4-byte support in order to use Emojis (textbased smilies) on your Nextcloud server [https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/mysql_4byte_support.html].}}
  
 
==== PostgreSQL ====
 
==== PostgreSQL ====
{{Warning|1=Nextcloud 12 is unable to do migration with PostgreSQL version 10 (currently in the repositories), as noted in this [https://bugs.archlinux.org/task/56302?project=5&string=nextcloud bug report].
 
While not officially supported, once the migration done, Nextcloud 12 seems to work as expected with PostgreSQL 10.}}
 
  
 
The following is an example of setting up a [[PostgreSQL]] user and database:
 
The following is an example of setting up a [[PostgreSQL]] user and database:
{{hc|1=$ sudo -u postgres createuser -h localhost -P nextcloud|2=
+
 
 +
{{hc|1=[postgres]$ createuser -h localhost -P nextcloud|2=
 
Enter password for new role:
 
Enter password for new role:
 
Enter it again:
 
Enter it again:
 
}}
 
}}
  
  $ sudo -u postgres createdb -O nextcloud nextcloud
+
  [postgres]$ createdb -O nextcloud nextcloud
  
=== Webserver setup ===
+
=== Web server setup ===
  
{{Warning|It is recommended to use TLS/SSL (HTTPS) over plain HTTP, see [[Apache#TLS/SSL]] or [[Nginx#TLS/SSL]] for examples and implement this in the examples given below.}}
+
{{Warning|It is recommended to use HTTPS instead of plain HTTP, see [[Apache#TLS]] or [[Nginx#TLS]] for examples and implement this in the examples given below.}}
  
Depending on which [[webserver]] you are using, further setup is required, indicated below.
+
Depending on which [[web server]] you are using, further setup is required, indicated below.
  
 
==== Apache ====
 
==== Apache ====
  
If you haven't already, install [[Apache]] and install and enable [[Apache#PHP|Apache's PHP module]]
+
If you have not already, install [[Apache]] and install and enable [[Apache#PHP|Apache's PHP module]]
  
 
Copy the Apache configuration file to the configuration directory:
 
Copy the Apache configuration file to the configuration directory:
Line 119: Line 116:
 
  # cp /etc/webapps/nextcloud/apache.example.conf /etc/httpd/conf/extra/nextcloud.conf
 
  # cp /etc/webapps/nextcloud/apache.example.conf /etc/httpd/conf/extra/nextcloud.conf
  
Modify the file according to your preferences. By default it includes an alias
+
Modify the file according to your preferences. By default it includes an alias for {{ic|/nextcloud}} pointing to {{ic|/usr/share/webapps/nextcloud}}.
for {{ic|/nextcloud}} pointing to {{ic|/usr/share/webapps/nextcloud}}.
 
  
 
And include it in {{ic|/etc/httpd/conf/httpd.conf}}:
 
And include it in {{ic|/etc/httpd/conf/httpd.conf}}:
 +
 
  Include conf/extra/nextcloud.conf
 
  Include conf/extra/nextcloud.conf
  
Line 130: Line 127:
  
 
===== WebDAV =====
 
===== WebDAV =====
 +
 
Nextcloud comes with its own [[WebDAV]] implementation enabled, which may conflict with the one shipped with Apache. If you have enabled WebDAV in Apache (not enabled by default), disable the modules {{ic|mod_dav}} and {{ic|mod_dav_fs}} in {{ic|/etc/httpd/conf/httpd.conf}}. See [https://forum.owncloud.org/viewtopic.php?f=17&t=7240] for details.
 
Nextcloud comes with its own [[WebDAV]] implementation enabled, which may conflict with the one shipped with Apache. If you have enabled WebDAV in Apache (not enabled by default), disable the modules {{ic|mod_dav}} and {{ic|mod_dav_fs}} in {{ic|/etc/httpd/conf/httpd.conf}}. See [https://forum.owncloud.org/viewtopic.php?f=17&t=7240] for details.
  
 
==== Nginx ====
 
==== Nginx ====
Create an empty directory to hold the cloud-specific config file:
 
# mkdir /etc/nginx/conf.d/
 
  
In {{ic|/etc/nginx/nginx.conf}}, add the following lines under the "http" section:
+
Make sure PHP-FPM has been configured correctly as described in [[Nginx#FastCGI]]. Uncomment {{ic|1=env[PATH]}} in {{ic|/etc/php/php-fpm.d/www.conf}} as it is required by Nextcloud.
 
http {
 
...
 
...
 
server_names_hash_bucket_size 64;
 
include conf.d/*.conf;
 
}
 
  
 +
Create a [[Nginx#Server_blocks|server block]] and add the content according to the [https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html Nextcloud documentation]:
  
Create a config file {{ic|/etc/nginx/conf.d/nextcloud.conf}} according to the [https://docs.nextcloud.com/server/13/admin_manual/installation/nginx.html documentation]. You will have to change the {{ic|root}} location, as the Arch package installs to {{ic|/usr/share/webapps/nextcloud}} instead of {{ic|/var/www/nextcloud}}.
+
{{Note|Use {{ic|/usr/share/webapps/nextcloud}} as {{ic|root}} location when using {{Pkg|nextcloud}}.}}
 +
{{Tip|See the [https://github.com/graysky2/configs/blob/master/nginx/nextcloud-initial.conf following template]{{Dead link|2019|12|11}} as initial configuration when setting up [[Let's Encrypt]].}}
  
Addtitionally, you change the php-handler block so it looks like this one
+
{{hc|/etc/nginx/sites-available/owncloud.conf|2=<nowiki>
 
+
upstream php-handler {
upstream php-handler {
 
 
     server unix:/run/php-fpm/php-fpm.sock;
 
     server unix:/run/php-fpm/php-fpm.sock;
}
+
}
  
in the {{ic|/etc/nginx/conf.d/nextcloud.conf}} file.
+
server {
 +
    listen 443 ssl http2;
 +
    listen [::]:443 ssl http2;
 +
    server_name cloud.example.com;
  
From this point on, it is recommended to obtain a secure-certificates using [[Let's Encrypt]], see [[#Security Hardening]].
+
    ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
 +
    ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
  
===== PHP-FPM configuration =====
+
    ..
  
Make sure PHP-FPM has been configured correctly as described in [[Nginx#FastCGI]].
+
    # Path to the root of your installation
 +
    root /usr/share/webapps/nextcloud/;
  
Uncomment {{ic|1=env[PATH] = /usr/local/bin:/usr/bin:/bin}} in {{ic|/etc/php/php-fpm.d/www.conf}} and [[restart]] {{ic|php-fpm.service}} to apply the changes.
+
    ..
  
== Initialize ==
+
    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
 +
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
 +
        try_files $fastcgi_script_name =404;
 +
        include fastcgi_params;
 +
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 +
        fastcgi_param PATH_INFO $fastcgi_path_info;
 +
        fastcgi_param HTTPS on;
 +
        #Avoid sending the security headers twice
 +
        fastcgi_param modHeadersAvailable true;
 +
        fastcgi_param front_controller_active true;
 +
        fastcgi_pass php-handler;
 +
        fastcgi_intercept_errors on;
 +
        fastcgi_request_buffering off;
 +
    }
 +
}
 +
</nowiki>}}
  
Open the address where you have installed Nextcloud in a web browser (e.g., https://www.example.com/nextcloud).
+
==== lighttpd ====
  
=== Create storage directories ===
+
Enable [[lighttpd#FastCGI]], e.g. by adding {{ic|code=server.modules += ( "mod_fastcgi" )}} to {{ic|/etc/lighttpd/lighttpd.conf}}.
  
You will now see "Cannot write into "apps" directory". This is because Arch packages Nextcloud in a way where the ''apps'' folder only has the webserver as a group without web permissions and the ''data'' folder is nonexistent.
+
Create a link to {{ic|/usr/share/webapps/nextcloud}} in your {{ic|/srv/http/}} directory (or configured root).
  
The easiest non-conflicting way is to create a new writable folder for apps and also create a writable data folder. Replace the http group with the group your webserver uses if needed.
+
=== Create data storage directory ===
  
# mkdir -p /usr/share/webapps/nextcloud/data
+
Nextcloud needs a directory to store all user files, which has to be writable for the web server. It is recommended to put this directory somewhere outside of {{ic|/usr}}, e.g. {{ic|/var/nextcloud}}.
# mkdir -p /usr/share/webapps/nextcloud/apps2
 
# chown http:http /usr/share/webapps/nextcloud/data
 
# chown http:http /usr/share/webapps/nextcloud/apps2
 
# chmod 700 /usr/share/webapps/nextcloud/data
 
# chmod 700 /usr/share/webapps/nextcloud/apps2
 
  
Next edit the configuration file at {{ic|/etc/webapps/nextcloud/config/config.php}} and add following lines before the closing {{ic|);}} of the file.
+
{{Note|Replace {{ic|http}} when using a different [[user]]/[[user group]] for the web server.}}
  
{{hc|/etc/webapps/nextcloud/config/config.php|2=
+
# mkdir /var/nextcloud
  'apps_paths' =>
+
# chown http:http /var/nextcloud
  array (
+
# chmod 750 /var/nextcloud
    0 =>
 
    array (
 
      'path' => '/usr/share/webapps/nextcloud/apps',
 
      'url' => '/apps',
 
      'writable' => false,
 
    ),
 
    1 =>
 
    array (
 
      'path' => '/usr/share/webapps/nextcloud/apps2',
 
      'url' => '/apps2',
 
      'writable' => true,
 
    ),
 
  ),
 
  'datadirectory' => '/usr/share/webapps/nextcloud/data'
 
}}
 
  
Refresh the page and the error should be gone.
+
=== Fix apps directory permissions ===
  
From there follow the instructions in adding an administrator account as well as selecting the database you created earlier.
+
To give the web server read/write access to the ''apps'' directory (e.g. on "Cannot write into "apps" directory"), setup the correct permissions:
  
=== Optimize your instance ===
+
{{Note|Replace {{ic|http}} when using a different [[user]]/[[user group]] for the web server.}}
  
By now you should have a working Nextcloud instance, but if you navigate to your instance settings (e.g, https://cloud.example.com/settings/admin), you will see that a lot of errors and notices are given. This section should fix all of them on a default install.
+
  # chown -R http:http /usr/share/webapps/nextcloud/apps
 +
# chmod 750 /usr/share/webapps/nextcloud/apps
  
To get rid of OPcache warnings, uncomment/edit the following extension and lines in /etc/php/php.ini [https://docs.nextcloud.com/server/13/go.php?to=admin-php-opcache as per Nextcloud documentation]:
+
=== Explicitly permit Nextcloud directories for php-fpm ===
 +
Since version 7.4 php-fpm is hardened per default and revokes read/write access on {{ic|/usr}} (and sub-directories). Therefore it is also necessary to explicitly give permissions on {{ic|/usr/share/webapps/nextcloud}} directories and the Nextcloud data directory ({{ic|/var/nextcloud}} in the example above).
  
  zend_extension=opcache.so
+
Create an {{ic|override.conf}} for {{ic|php-fpm}}:
  opcache.enable=1
+
# systemctl edit php-fpm.service
  opcache.enable_cli=1
 
  opcache.interned_strings_buffer=8
 
  opcache.max_accelerated_files=10000
 
  opcache.memory_consumption=128
 
  opcache.save_comments=1
 
  opcache.revalidate_freq=1
 
  
To get rid of memory cache warnings, you need to implement a memory cache - [https://docs.nextcloud.com/server/13/admin_manual/configuration_server/caching_configuration.html#id3 this example will use Redis as per documentation]:
+
Add and save following content.
 +
{{hc|/etc/systemd/system/php-fpm.service.d/override.conf|2=
 +
[Service]
 +
ReadWritePaths = /usr/share/webapps/nextcloud/apps
 +
ReadWritePaths = /etc/webapps/nextcloud/config
  
Install {{Pkg|redis}} and {{AUR|php-redis}}, and then in {{ic|/etc/php/conf.d/redis.ini}} uncomment {{ic|1=extension=redis.so}}.
+
# Replace the following path with the Nextcloud data directory
Then in {{ic|config.php}} add the following changes(with your own secure password):
+
ReadWritePaths = /var/nextcloud
 +
}}
  
  'memcache.local' => '\OC\Memcache\Redis',
+
Afterwards [[restart]] the {{ic|php-fpm}} service.
  'redis' => array(
 
      'host' => '/run/redis/redis.sock',
 
      'port' => 0,
 
      'dbindex' => 0,
 
      'password' => 'supersecretpassword',
 
      'timeout' => 1.5,
 
        ),
 
  'memcache.locking' => '\OC\Memcache\Redis',
 
  
Add group redis to your webserver user
+
== Initialize ==
  
  usermod -a -G redis http
+
Open the address where you have installed Nextcloud in a web browser (e.g., https://www.example.com/nextcloud). Enter the database details and the location of the data directory (e.g. {{ic|/var/nextcloud}}) set up above.
  
And edit the redis config file /etc/redis/redis.conf
+
If you get the error message "Cannot write into "apps" directory", make sure you followed [[#Fix apps directory permissions]] above.
  port 0
 
  unixsocket /run/redis/redis.sock
 
  unixsocketperm 770
 
  requirepass supersecretpassword
 
  
and finally [[start/enable]] {{ic|redis.service}}, and restart {{ic|php-fpm.service}} if you use nginx.
+
=== Configure caching ===
  
To get rid of HSTS warnings, [https://docs.nextcloud.com/server/13/admin_manual/configuration_server/harden_server.html#enable-http-strict-transport-security follow the documentation] (for nginx the config is already there just commented out). Make absolutely sure you understand the ramifications of HSTS before implementing it.
+
It is recommended to [https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/caching_configuration.html enable caching]. The Nextcloud documentation provides instructions on [[Redis]], Memcached and [[PHP#APCu|APCu]].
 
 
To get rid of warnings about environment variables, uncomment the following line in /etc/php/php-fpm.d/www.conf [https://docs.nextcloud.com/server/13/go.php?to=admin-php-fpm as per Nextcloud documentation]:
 
  env[PATH] = /usr/local/bin:/usr/bin:/bin
 
  
 
== Security Hardening ==
 
== Security Hardening ==
  
The [https://docs.nextcloud.com/server/13/admin_manual/configuration_server/harden_server.html Nextcloud Hardening and Security]
+
See the [https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/harden_server.html Nextcloud documentation] and [[Security]]. Nextcloud additionally provides a [https://scan.nextcloud.com/ Security scanner].
article guides along generic topics. See also the project's [https://scan.nextcloud.com/ Security scanner].
 
 
 
=== Let's Encrypt ===
 
==== nginx ====
 
{{Move|Let's Encrypt|A simple example of configuring an 'empty' domain for Let's Encrypt should be created. The example file given is too big and could be far easier.}}
 
1. Create the cloud configuration {{ic|/etc/nginx/conf.d/cloud-initial.conf}} using [https://github.com/graysky2/configs/blob/master/nginx/nextcloud-initial.conf this initial file] as a template. Substitute the literal "@@FQDN@@" in the template file with the actual [[wikipedia:Fully_qualified_domain_name|FQDN]] to be used. The certs for the server need to be generated using this unencrypted configuration initially. Follow the steps outlined on [[Let’s Encrypt]] to generate the server encryption certificates.
 
 
 
2. Upon successfully generating certificates, replace {{ic|/etc/nginx/conf.d/cloud-initial.conf}} (it may be safely renamed so long as it does not end in ".conf" or simply deleted) with a new file, {{ic|/etc/nginx/conf.d/cloud.conf}} using [https://github.com/graysky2/configs/blob/master/nginx/nextcloud.conf this file] as a template.  Again, substitute the literal "@@FQDN@@" in the template file with the actual [[wikipedia:Fully_qualified_domain_name|FQDN]] to be used. [[Start]] and optionally [[enable]] {{ic|nginx.service}}.
 
  
 
=== uWSGI ===
 
=== uWSGI ===
Line 269: Line 237:
 
You can run Nextcloud in its own process and service by using the [[uWSGI]] application server with {{pkg|uwsgi-plugin-php}}. This allows you to define a [[PHP#Configuration|PHP  configuration]] only for this instance of PHP, without the need to edit the global {{ic|php.ini}} and thus keeping your web application configurations compartmentalized. ''uWSGI'' itself has a wealth of features to limit the resource use and to harden the security of the application, and by being a separate process it can run under its own user.
 
You can run Nextcloud in its own process and service by using the [[uWSGI]] application server with {{pkg|uwsgi-plugin-php}}. This allows you to define a [[PHP#Configuration|PHP  configuration]] only for this instance of PHP, without the need to edit the global {{ic|php.ini}} and thus keeping your web application configurations compartmentalized. ''uWSGI'' itself has a wealth of features to limit the resource use and to harden the security of the application, and by being a separate process it can run under its own user.
  
The only part that differs from [[#php-fpm configuration]]{{Broken section link}} is the {{ic|<nowiki>location ~ \.php(?:$|/) {}</nowiki>}} block:
+
The only part that differs from [[#Nginx]] is the {{ic|<nowiki>location ~ \.php(?:$|/) {}</nowiki>}} block:
 +
 
 
{{bc|<nowiki>
 
{{bc|<nowiki>
 
   location ~ \.php(?:$|/) {
 
   location ~ \.php(?:$|/) {
Line 373: Line 342:
 
php-set = apc.ttl=7200
 
php-set = apc.ttl=7200
 
php-set = apc.enable_cli=1
 
php-set = apc.enable_cli=1
 +
 +
; web server is already handling URL rewriting, so tell NextCloud not to repeat this
 +
env = front_controller_active=true
  
 
cron2 = minute=-15,unique=1 /usr/bin/php -f /usr/share/webapps/nextcloud/cron.php 1>/dev/null
 
cron2 = minute=-15,unique=1 /usr/bin/php -f /usr/share/webapps/nextcloud/cron.php 1>/dev/null
Line 380: Line 352:
 
* Do not forget to set your timezone and uncomment the required database connector in the uWSGI config file
 
* Do not forget to set your timezone and uncomment the required database connector in the uWSGI config file
 
* The [[PHP#Configuration|open_basedir]] directive is optional and commented out. You can uncomment to harden security. Be aware that it may [https://github.com/owncloud/core/search?q=open_basedir&type=Issues occasionally break things].
 
* The [[PHP#Configuration|open_basedir]] directive is optional and commented out. You can uncomment to harden security. Be aware that it may [https://github.com/owncloud/core/search?q=open_basedir&type=Issues occasionally break things].
* Use {{ic|1=php-docroot = /usr/share/webapps}} if placing nextcloud in /nextcloud subdirectory. }}
+
* Use {{ic|1=php-docroot = /usr/share/webapps}} if placing nextcloud in /nextcloud subdirectory.
 +
}}
  
{{Warning|The way the [https://docs.nextcloud.com/server/13/admin_manual/configuration_server/background_jobs_configuration.html Nextcloud background job] is currently set up with [https://uwsgi-docs.readthedocs.org/en/latest/Cron.html uWSGI cron] will make use of the default global configuration from {{ic|/etc/php/php.ini}}. This means that none of the specific parameters defined (e.g. required modules) will be enabled, [https://github.com/owncloud/core/issues/12678#issuecomment-66114448 leading to various issues]. One solution is to copy {{ic|/etc/php/php.ini}} to e.g. {{ic|/etc/uwsgi/cron-php.ini}}, make the required modifications there (mirroring {{ic|/etc/uwsgi/nextcloud.ini}} parameters) and referencing it in the cron directive by adding the {{ic|-c /etc/uwsgi/cron-php.ini}} option to ''php'' invocation.}}
+
{{Warning|The way the [https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html Nextcloud background job] is currently set up with [https://uwsgi-docs.readthedocs.org/en/latest/Cron.html uWSGI cron] will make use of the default global configuration from {{ic|/etc/php/php.ini}}. This means that none of the specific parameters defined (e.g. required modules) will be enabled, [https://github.com/owncloud/core/issues/12678#issuecomment-66114448 leading to various issues]. One solution is to copy {{ic|/etc/php/php.ini}} to e.g. {{ic|/etc/uwsgi/cron-php.ini}}, make the required modifications there (mirroring {{ic|/etc/uwsgi/nextcloud.ini}} parameters) and referencing it in the cron directive by adding the {{ic|-c /etc/uwsgi/cron-php.ini}} option to ''php'' invocation.}}
  
 
==== Activation ====
 
==== Activation ====
  
[[uWSGI]] provides a [[Systemd#Using_units|template unit]] that allows to start and enable application using their configuration file name as instance identifier. For example:
+
[[uWSGI]] provides a [[Systemd#Using_units|template unit]] that allows to start and enable application using their configuration file name as instance identifier. For example, [[start]]ing {{ic|uwsgi@nextcloud.socket}} would start it on demand referencing the configuration file {{ic|/etc/uwsgi/nextcloud.ini}}.  
# systemctl start uwsgi@nextcloud.socket
 
would start it on demand referencing the configuration file {{ic|/etc/uwsgi/nextcloud.ini}}.  
 
  
To enable the uwsgi service by default at start-up, run:
+
To enable the uwsgi service by default at start-up, [[enable]] {{ic|uwsgi@nextcloud.socket}}.
# systemctl enable uwsgi@nextcloud.socket
 
  
 
{{Note|Here we make use of [http://0pointer.de/blog/projects/socket-activation.html systemd socket activation] to prevent unnecessary resources consumption when no connections are made to the instance. If you would rather have it constantly active, simply remove the {{ic|.socket}} part to start and enable the service instead.}}
 
{{Note|Here we make use of [http://0pointer.de/blog/projects/socket-activation.html systemd socket activation] to prevent unnecessary resources consumption when no connections are made to the instance. If you would rather have it constantly active, simply remove the {{ic|.socket}} part to start and enable the service instead.}}
  
See also [[UWSGI#Starting service]]{{Broken section link}}.
+
See also [[UWSGI#Running uWSGI]].
  
 
=== Setting strong permissions for the filesystem ===
 
=== Setting strong permissions for the filesystem ===
  
You should set the permissions for {{ic|config/}}, {{ic|data/}} and {{ic|apps/}} as strict as possible. That means that your HTTP user (''http'' in case of {{pkg|apache}}) should own them, and the should have {{ic|700}} permissions. You can use the following script to achieve this.
+
You should set the permissions for {{ic|config/}}, {{ic|data/}} and {{ic|apps/}} as strict possible. That means that your HTTP user (''http'' in case of {{pkg|apache}}) should own them, and the should have {{ic|700}} permissions. You can use the following script to achieve this.
  
 
{{Style|Complex script for trivial one-time task.}}
 
{{Style|Complex script for trivial one-time task.}}
Line 448: Line 418:
 
=== Desktop ===
 
=== Desktop ===
  
The official client can be installed with the {{Pkg|owncloud-client}} or {{aur|nextcloud-client}} package.
+
The official client can be installed with the {{Pkg|owncloud-client}} or {{Pkg|nextcloud-client}} package.
 
Alternative versions are available in the [[AUR]]: {{AUR|owncloud-client-git}}.
 
Alternative versions are available in the [[AUR]]: {{AUR|owncloud-client-git}}.
  
Line 461: Line 431:
 
  <nowiki>https://ADDRESS/remote.php/caldav</nowiki>
 
  <nowiki>https://ADDRESS/remote.php/caldav</nowiki>
  
For details see the [https://docs.nextcloud.com/server/13/user_manual/pim/index.html official documentation].
+
For details see the [https://docs.nextcloud.com/server/latest/user_manual/pim/index.html official documentation].
  
 
==== Contacts ====
 
==== Contacts ====
  
To sync contacts with [[Thunderbird]], see [https://docs.nextcloud.com/server/13/user_manual/pim/sync_thunderbird.html these instructions] from the official doc.
+
To sync contacts with [[Thunderbird]], see [https://docs.nextcloud.com/server/latest/user_manual/pim/sync_thunderbird.html these instructions] from the official doc.
  
 
==== Mounting files with davfs2 ====
 
==== Mounting files with davfs2 ====
Line 493: Line 463:
 
=== Android ===
 
=== Android ===
  
Download the official Nextcloud app from [https://play.google.com/store/apps/details?id=com.nextcloud.client Google Play].
+
Download the official Nextcloud app from [https://play.google.com/store/apps/details?id=com.nextcloud.client Google Play] or [https://f-droid.org/packages/com.nextcloud.client/ F-Droid].
  
 
To enable contacts and calendar sync (Android 4+):
 
To enable contacts and calendar sync (Android 4+):
# download [https://davdroid.bitfire.at/ DAVdroid] ([https://play.google.com/store/apps/details?id=at.bitfire.davdroid Play Store], [https://f-droid.org/app/at.bitfire.davdroid F-Droid])
+
# download [https://www.davx5.com/ DAVx<sup>5</sup>] ([https://play.google.com/store/apps/details?id=at.bitfire.davdroid Play Store], [https://f-droid.org/app/at.bitfire.davdroid F-Droid])
 
# Enable mod_rewrite.so in httpd.conf
 
# Enable mod_rewrite.so in httpd.conf
 
# create a new DAVdroid account in the ''Account'' settings, and specify your "short" server address and login/password couple, e.g. {{ic|<nowiki>https://cloud.example.com</nowiki>}} (there is no need for the {{ic|<nowiki>/remote.php/{carddav,webdav}</nowiki>}} part if you configured your web server with the proper redirections, as illustrated previously in the article; ''DAVdroid'' will find itself the right URLs)
 
# create a new DAVdroid account in the ''Account'' settings, and specify your "short" server address and login/password couple, e.g. {{ic|<nowiki>https://cloud.example.com</nowiki>}} (there is no need for the {{ic|<nowiki>/remote.php/{carddav,webdav}</nowiki>}} part if you configured your web server with the proper redirections, as illustrated previously in the article; ''DAVdroid'' will find itself the right URLs)
Line 504: Line 474:
 
Download the official Nextcloud app from the [https://itunes.apple.com/us/app/nextcloud/id1125420102 App Store].
 
Download the official Nextcloud app from the [https://itunes.apple.com/us/app/nextcloud/id1125420102 App Store].
  
=== SABnzbd ===
+
== Tips and tricks ==
 
 
When using [[SABnzbd]], you might want to set
 
folder_rename 0
 
in your sabnzbd.ini file, because ownCloud will scan the files as soon as they get uploaded, preventing SABnzbd from removing UNPACKING prefixes etc.
 
 
 
== Troubleshooting ==
 
{{Out of date|A lot of references to OwnCloud, are these still valid with Nextcloud?}}
 
 
 
=== Self-signed certificate not accepted ===
 
 
 
ownCloud uses [[Wikipedia:cURL]] and [[Wikipedia:SabreDAV]] to check if WebDAV is enabled.
 
If you use SSL/TLS with a self-signed certificate, e.g. as shown in [[LAMP]], and access ownCloud's admin panel, you will see the following error message:
 
 
 
Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken.
 
 
 
Assuming that you followed the [[LAMP]] tutorial, execute the following steps:
 
 
 
Create a local directory for non-distribution certificates and copy [[LAMP]]s certificate there. This will prevent {{ic|ca-certificates}}-updates from overwriting it.
 
 
 
# cp /etc/httpd/conf/server.crt /usr/share/ca-certificates/''WWW.EXAMPLE.COM.crt''
 
 
 
Add ''WWW.EXAMPLE.COM.crt'' to {{ic|/etc/ca-certificates.conf}}:
 
 
 
''WWW.EXAMPLE.COM.crt''
 
 
 
Now, regenerate your certificate store:
 
 
 
# update-ca-certificates
 
 
 
Restart the httpd service to activate your certificate.
 
 
 
=== Self-signed certificate for Android devices ===
 
 
 
Once you have followed the setup for SSL, as on [[LAMP#TLS.2FSSL|LAMP]]{{Broken section link}} for example, early versions of DAVdroid will
 
reject the connection because the certificate is not trusted. A certificate can be made as follows on your server:
 
 
 
  # openssl x509 -req -days 365 -in /etc/httpd/conf/server.csr -signkey /etc/httpd/conf/server.key -extfile android.txt -out CA.crt
 
  # openssl x509 -inform PEM -outform DER -in CA.crt -out CA.der.crt
 
 
 
The file {{ic|android.txt}} should contain the following:
 
 
 
  basicConstraints=CA:true
 
 
 
Then import {{ic|CA.der.crt}} to your Android device:
 
 
 
Put the {{ic|CA.der.crt}} file onto the sdcard of your Android device (usually to the internal one, e.g. save from a mail attachment).
 
It should be in the root directory. Go to ''Settings > Security > Credential storage'' and select ''Install from device storage''.
 
The {{ic|.crt}} file will be detected and you will be prompted to enter a certificate name. After importing the certificate,
 
you will find it in ''Settings > Security > Credential storage > Trusted credentials > User''.
 
 
 
Thanks to: [http://www.leftbrainthings.com/2013/10/13/creating-and-importing-self-signed-certificate-to-android-device/]
 
 
 
Another way is to import the certificate directly from your server via [https://play.google.com/store/apps/details?id=at.bitfire.cadroid CAdroid] and follow the instructions there.
 
 
 
=== Cannot write into config directory! ===
 
 
 
If you have set {{ic|open_basedir}} in your PHP/web server configuration file (e.g. {{ic|/etc/httpd/conf/extra/nextcloud.conf}}), make sure that it includes {{ic|/etc/webapps}}.
 
 
 
Restart the web server to apply the change.
 
 
 
=== Cannot create data directory ===
 
 
 
If you have set {{ic|open_basedir}} in your PHP/web server configuration file (e.g. {{ic|/etc/httpd/conf/extra/nextcloud.conf}}), make sure that it includes the data directory.
 
 
 
Restart the web server to apply the change.
 
 
 
=== CSync failed to find a specific file. ===
 
 
 
This is most likely a certificate issue. Recreate it, and do not leave the common name empty or you will see the error again.
 
 
 
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt
 
 
 
=== Seeing white page after login ===
 
 
 
The cause is probably a new app that you installed. To fix that, you can use the occ command as described
 
[https://docs.nextcloud.com/server/13/admin_manual/configuration_server/occ_command.html here]. So with
 
sudo -u http php /usr/share/webapps/nextcloud/occ app:list
 
you can list all apps (if you installed nextcloud in the standard directory), and with
 
sudo -u http php /usr/share/webapps/nextcloud/occ app:disable <nameOfExtension>
 
you can disable the troubling app.
 
 
 
Alternatively, you can either use [[phpMyAdmin]] to edit the {{ic|oc_appconfig}} table (if you got lucky and the table has an edit option), or do it by hand with mysql:
 
 
 
mysql -u root -p owncloud
 
MariaDB [owncloud]> '''delete from''' oc_appconfig '''where''' appid='<nameOfExtension>' '''and''' configkey='enabled' '''and''' configvalue='yes';
 
MariaDB [owncloud]> '''insert into''' oc_appconfig (appid,configkey,configvalue) '''values''' ('<nameOfExtension>','enabled','no');
 
 
 
This should delete the relevant configuration from the table and add it again.
 
 
 
=== GUI sync client fails to connect ===
 
 
 
If using HTTP basic authentication, make sure to exclude "status.php", which must be publicly accessible. [https://github.com/owncloud/mirall/issues/734]
 
 
 
=== Some files upload, but give an error 'Integrity constraint violation...' ===
 
 
 
You may see the following error in the ownCloud sync client:
 
 
 
    SQLSTATE[23000]: Integrity constraint violation: ... Duplicate entry '...' for key 'fs_storage_path_hash')...
 
 
 
This is caused by an issue with the File Locking app, which is often not sufficient to keep conflicts from occurring on some webserver configurations.
 
A more complete [https://docs.nextcloud.com/server/13/admin_manual/configuration_files/files_locking_transactional.html Transactional File Locking]
 
is available that rids these errors, but you must be using the Redis php-caching method. Install {{Pkg|redis}} and {{AUR|php-redis}}, comment out
 
your current php-cache mechanism, and then in {{ic|/etc/php/conf.d/redis.ini}} uncomment {{ic|1=extension=redis}}.
 
Then in {{ic|config.php}} make the following changes:
 
 
 
    'memcache.local' => '\OC\Memcache\Redis',
 
    'filelocking.enabled' => 'true',
 
    'memcache.locking' => '\OC\Memcache\Redis',
 
    'redis' => array(
 
        'host' => 'localhost',
 
        'port' => 6379,
 
        'timeout' => 0.0,
 
          ),
 
 
 
and [[start/enable]] {{ic|redis.service}}.
 
 
 
Finally, disable the File Locking App, as the Transational File Locking will take care of it (and would conflict).
 
 
 
If everything is working, you should see 'Transactional File Locking Enabled' under Server Status on the Admin page, and syncs should no longer cause issues.
 
 
 
=== "Cannot write into apps directory" ===
 
 
 
As mentioned in the [https://docs.nextcloud.com/server/13/admin_manual/installation/apps_management_installation.html official admin manual],
 
either you need an apps directory that is writable by the http user, or you need to set {{ic|appstoreenabled}} to {{ic|false}}.
 
 
 
=== Installed apps get blocked because of MIME type error ===
 
 
 
If you're putting your apps folder outside of the nextcloud installation directory make sure your webserver serves it properly.
 
 
 
In nginx this is accomplished by adding a location block to the nginx configuration as the folder will not be included in it by default.
 
 
 
location ~ /apps2/(.*)$ {
 
    alias /var/www/nextcloud/apps/$1;
 
}
 
 
 
=== Security warnings even though the recommended settings have been included in nginx.conf ===
 
 
 
At the top of the admin page there might be a warning to set the {{ic|Strict-Transport-Security}}, {{ic|X-Content-Type-Options}},
 
{{ic|X-Frame-Options}}, {{ic|X-XSS-Protection}} and {{ic|X-Robots-Tag}} according to https://docs.nextcloud.com/server/13/admin_manual/configuration_server/harden_server.html
 
even though they are already set like that.
 
 
 
A possible cause could be that because owncloud sets those settings, uwsgi passed them along and nginx added them again:
 
 
 
{{hc|$ curl -I https://domain.tld|
 
<nowiki>...
 
X-XSS-Protection: 1; mode=block
 
X-Content-Type-Options: nosniff
 
X-Frame-Options: Sameorigin
 
X-Robots-Tag: none
 
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;
 
X-Content-Type-Options: nosniff
 
X-Frame-Options: SAMEORIGIN
 
X-XSS-Protection: 1; mode=block
 
X-Robots-Tag: none</nowiki>}}
 
 
 
While the fast_cgi sample config has a parameter to avoid that ( {{ic|fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice}} ), when using uwsgi and nginx the following modification of the uwsgi part in nginx.conf could help:
 
 
 
{{hc| /etc/nginx/nginx.conf|
 
<nowiki>...
 
        # pass all .php or .php/path urls to uWSGI
 
        location ~ ^(.+\.php)(.*)$ {
 
            include uwsgi_params;
 
            uwsgi_modifier1 14;
 
            # hode following headers received from uwsgi, because otherwise we would send them twice since we already add them in nginx itself
 
            uwsgi_hide_header X-Frame-Options;
 
            uwsgi_hide_header X-XSS-Protection;
 
            uwsgi_hide_header X-Content-Type-Options;
 
            uwsgi_hide_header X-Robots-Tag;
 
            uwsgi_hide_header X-Frame-Options;
 
            #Uncomment line below if you get connection refused error. Remember to commet out line with "uwsgi_pass 127.0.0.1:3001;" below
 
            uwsgi_pass unix:/run/uwsgi/owncloud.sock;
 
            #uwsgi_pass 127.0.0.1:3001;
 
        }
 
...</nowiki>}}
 
 
 
=== "Reading from keychain failed with error: 'No keychain service available'" ===
 
 
 
Can be fixed for Gnome by installing the following 2 packages, {{Pkg|libgnome-keyring}} and {{Pkg|gnome-keyring}}.
 
Or the following for KDE, {{Pkg|libgnome-keyring}} and {{Pkg|qtkeychain}}.
 
 
 
=== FolderSync: "Method Not Allowed" ===
 
 
 
FolderSync needs access to  {{ic|/owncloud/remote.php/webdav}}, so you could create another alias for owncloud in your  {{ic|/etc/httpd/conf/extra/nextcloud.conf}}
 
  <IfModule mod_alias.c>
 
    Alias /nextcloud /usr/share/webapps/nextcloud/
 
    Alias /owncloud /usr/share/webapps/nextcloud/
 
  </IfModule>
 
 
 
=== Nextcloud 13 : "Unable to load dynamic library 'mcrypt.so" ===
 
 
 
Starting with php 7.2 the extension mcrypt was removed.[https://wiki.php.net/rfc/mcrypt-viking-funeral]
 
 
 
To fix the error about mcrypt in Nextcloud logs, a version of this extension compatible with php 7.2 can be installed via PECL.
 
 
 
1. Install [https://wiki.php.net/rfc/mcrypt-viking-funeral/ php-pear] if you don't have it already
 
 
 
2. Update PECL channels
 
# pecl channel-update pecl.php.net
 
  
3. Install mcrypt 1.0.1
+
=== Running NextCloud in a subdirectory ===
# pecl install mcrypt-1.0.1
 
  
4. Uncomment this line in /etc/php/php.conf
+
By including the default {{ic|nextcloud.conf}} in {{ic|httpd.conf}}, nextCloud will take control of port 80 and your localhost domain.
  
;extension=mcrypt.so
+
If you would like to have nextCloud run in a subdirectory, then
  
== Tips and tricks ==
+
For apache,edit the {{ic|/etc/httpd/conf/extra/nextcloud.conf}} you included and comment out the {{ic|<nowiki><VirtualHost *:80> ... </VirtualHost></nowiki>}} part of the include file.
  
=== Running ownCloud in a subdirectory ===
+
For nginx, you can use the following config when using nextcloud with uwsgi:
  
By including the default {{ic|owncloud.conf}} in {{ic|httpd.conf}}, ownCloud will take control of port 80 and your localhost domain.
+
{{hc|head=/etc/nginx/conf.d/nextcloud.conf|output=<nowiki>
 
 
If you would like to have ownCloud run in a subdirectory, then edit the {{ic|/etc/httpd/conf/extra/owncloud.conf}}
 
you included and comment out the {{ic|<nowiki><VirtualHost *:80> ... </VirtualHost></nowiki>}} part of the include file.
 
 
 
You can use the following nginx config when using owncloud with uwsgi:
 
{{hc|head=/etc/nginx/conf.d/owncloud.conf|output=<nowiki>
 
 
location = /.well-known/carddav {
 
location = /.well-known/carddav {
   return 301 $scheme://$host/owncloud/remote.php/dav;
+
   return 301 $scheme://$host/nextcloud/remote.php/dav;
 
}
 
}
  
 
location = /.well-known/caldav {
 
location = /.well-known/caldav {
   return 301 $scheme://$host/owncloud/remote.php/dav;
+
   return 301 $scheme://$host/nextcloud/remote.php/dav;
 
}
 
}
  
 
location /.well-known/acme-challenge { }
 
location /.well-known/acme-challenge { }
  
location ^~ /owncloud {
+
location ^~ /nextcloud {
  
 
   root /usr/share/webapps;
 
   root /usr/share/webapps;
Line 747: Line 512:
 
   #pagespeed off;
 
   #pagespeed off;
  
   location /owncloud {
+
   location /nextcloud {
     rewrite ^ /owncloud/index.php$uri;
+
     rewrite ^ /nextcloud/index.php$uri;
 
   }
 
   }
  
   location ~ ^/owncloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+
   location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
 
     deny all;
 
     deny all;
 
   }
 
   }
  
   location ~ ^/owncloud/(?:\.|autotest|occ|issue|indie|db_|console) {
+
   location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
 
     deny all;
 
     deny all;
 
   }
 
   }
  
   location ~ ^/owncloud/(?:updater|ocs-provider)(?:$|/) {
+
   location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
 
     try_files $uri/ =404;
 
     try_files $uri/ =404;
 
     index index.php;
 
     index index.php;
 
   }
 
   }
  
   location ~ ^/owncloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
+
   location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
 
     include uwsgi_params;
 
     include uwsgi_params;
 
     uwsgi_modifier1 14;
 
     uwsgi_modifier1 14;
Line 778: Line 543:
 
   # Make sure it is BELOW the PHP block
 
   # Make sure it is BELOW the PHP block
 
   location ~* \.(?:css|js) {
 
   location ~* \.(?:css|js) {
     try_files $uri /owncloud/index.php$uri$is_args$args;
+
     try_files $uri /nextcloud/index.php$uri$is_args$args;
 
     add_header Cache-Control "public, max-age=7200";
 
     add_header Cache-Control "public, max-age=7200";
 
     # Add headers to serve security related headers  (It is intended
 
     # Add headers to serve security related headers  (It is intended
Line 792: Line 557:
 
     add_header X-Download-Options noopen;
 
     add_header X-Download-Options noopen;
 
     add_header X-Permitted-Cross-Domain-Policies none;
 
     add_header X-Permitted-Cross-Domain-Policies none;
     # Optional: Don't log access to assets
+
     # Optional: Do not log access to assets
 
     access_log off;
 
     access_log off;
 
   }
 
   }
  
 
   location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg) {
 
   location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg) {
     try_files $uri /owncloud/index.php$uri$is_args$args;
+
     try_files $uri /nextcloud/index.php$uri$is_args$args;
     # Optional: Don't log access to other assets
+
     # Optional: Do not log access to other assets
 
     access_log off;
 
     access_log off;
 
   }
 
   }
Line 805: Line 570:
  
 
=== Docker ===
 
=== Docker ===
 +
 
See the [https://hub.docker.com/_/owncloud/ ownCloud] or [https://github.com/nextcloud/docker Nextcloud] repository for [[Docker]].
 
See the [https://hub.docker.com/_/owncloud/ ownCloud] or [https://github.com/nextcloud/docker Nextcloud] repository for [[Docker]].
  
 
=== Upload and share from File Manager ===
 
=== Upload and share from File Manager ===
 +
 
[https://github.com/schiesbn/shareLinkCreator shareLinkCreator] provides the ability to upload a file to
 
[https://github.com/schiesbn/shareLinkCreator shareLinkCreator] provides the ability to upload a file to
 
OwnCloud via a supported file manager and receive a link to the uploaded file which can then be emailed or shared in another way.
 
OwnCloud via a supported file manager and receive a link to the uploaded file which can then be emailed or shared in another way.
Line 816: Line 583:
 
however AJAX is the least reliable method, and it is recommended to use [[Cron]] instead. However,
 
however AJAX is the least reliable method, and it is recommended to use [[Cron]] instead. However,
 
ArchLinux ships with {{Pkg|systemd}}, so the preferred way of executing scheduled tasks is a [[Systemd#Timers|systemd timer]].  
 
ArchLinux ships with {{Pkg|systemd}}, so the preferred way of executing scheduled tasks is a [[Systemd#Timers|systemd timer]].  
 +
 +
==== Manual install ====
  
 
First create a service:
 
First create a service:
Line 845: Line 614:
 
WantedBy=timers.target
 
WantedBy=timers.target
 
</nowiki>}}
 
</nowiki>}}
 +
 +
==== Activate timer ====
  
 
[[Start/enable]] {{ic|nextcloudcron.timer}}.
 
[[Start/enable]] {{ic|nextcloudcron.timer}}.
  
 
Confirm that it is running by running
 
Confirm that it is running by running
 +
 
  # systemctl list-timers
 
  # systemctl list-timers
 +
 +
==== AUR package ====
 +
 +
Install {{AUR|nextcloud-systemd-timers}}.
 +
 +
Provided services can be checked with:
 +
$ pacman -Ql nextcloud-systemd-timers
 +
 +
For instance, to run the <code>cron.php</code> script every 15 minutes:
 +
# systemctl start nextcloud-cron.timer
 +
# systemctl enable nextcloud-cron.timer
  
 
=== Collabora Online Office integration ===
 
=== Collabora Online Office integration ===
 +
 +
{{Expansion|What is the correct {{ic|domain}} (or {{ic|server_name}} in the config) when [[#Running NextCloud in a subdirectory|Nextcloud runs in a subdirectory]]?}}
 +
 
'''Solution with Docker: ''CODE backend using the official Docker image'''''
 
'''Solution with Docker: ''CODE backend using the official Docker image'''''
  
 
The first, install a {{Pkg|docker}} package to provide collabora files and setup a Collabora server.
 
The first, install a {{Pkg|docker}} package to provide collabora files and setup a Collabora server.
  
[[Start/enable]] docker.service
+
[[Start/enable]] {{ic|docker.service}}.
 
 
# systemctl enable docker.service
 
# systemctl start docker.service
 
  
 
Then, download the required binares :
 
Then, download the required binares :
Line 869: Line 652:
 
  # docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=cloud\\.example\\.com' --restart always --cap-add MKNOD collabora/code
 
  # docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=cloud\\.example\\.com' --restart always --cap-add MKNOD collabora/code
  
Also make sure to escape all dots with double backslashes (\), since this string will be evaluated as a regular expression (and your bash 'eats' the first backslash.) If you want to use the docker container with more than one Nextcloud, you'll need to use 'domain=cloud\\.example\\.com\|second\\.example\\.com' instead. (All hosts are separated by \|.) When using `localhost` as domain for testing you need to add {ic|--net host}} to ensure the docker container can access your Nextcloud server.  
+
Also make sure to escape all dots with double backslashes (\), since this string will be evaluated as a regular expression (and your bash 'eats' the first backslash.) If you want to use the docker container with more than one Nextcloud, you will need to use 'domain=cloud\\.example\\.com\|second\\.example\\.com' instead. (All hosts are separated by \|.) When using `localhost` as domain for testing you need to add {{ic|--net host}} to ensure the docker container can access your Nextcloud server.  
  
 
If you need to delete or reinstall Collabora server use:
 
If you need to delete or reinstall Collabora server use:
  
 
For recognition CONTAINER_ID of server
 
For recognition CONTAINER_ID of server
 +
 
  # docker ps
 
  # docker ps
  
 
Stop and delete
 
Stop and delete
 +
 
  # docker stop CONTAINER_ID
 
  # docker stop CONTAINER_ID
 
  # docker rm CONTAINER_ID
 
  # docker rm CONTAINER_ID
Line 884: Line 669:
 
'''Nginx setup example:'''
 
'''Nginx setup example:'''
  
Add following to your nextcloud domain config or add new config file in /etc/nginx/conf.d/ directory, (Don't forget to change {{ic|office.example.com}} and {{ic|ssl_certificate}} to the right values:
+
Add following to your nextcloud domain config or add new config file in /etc/nginx/conf.d/ directory, (Do not forget to change {{ic|office.example.com}} and {{ic|ssl_certificate}} to the right values. If you are using docker image, change {{ic|http}} to {{ic|https}}.)
  
 
{{hc|/etc/nginx/conf.d/example.conf|<nowiki>
 
{{hc|/etc/nginx/conf.d/example.conf|<nowiki>
Line 940: Line 725:
  
 
  # nginx -s reload
 
  # nginx -s reload
or
+
 
# systemctl restart nginx.service
+
or [[restart]] {{ic|nginx.service}}.
  
 
'''Apache setup example:'''
 
'''Apache setup example:'''
  
Add following to nextcloud config file. Don't forget to change to the right values
+
Add following to nextcloud config file. Do not forget to change to the right values
  
 
{{hc|/etc/httpd/conf/extra/nextcloud.conf|<nowiki>
 
{{hc|/etc/httpd/conf/extra/nextcloud.conf|<nowiki>
Line 993: Line 778:
 
</nowiki>}}
 
</nowiki>}}
  
After configuring these do restart your apache:
+
After configuring these do restart your apache by [[restart]]ing {{ic|httpd.service}}.
# systemctl restart httpd
 
  
 
'''Install the Nextcloud app'''
 
'''Install the Nextcloud app'''
Line 1,004: Line 788:
 
The {{AUR|collabora-online-server-nodocker}} package brings to your Archlinux installation 1º Collabora Office (the desktop suite), and 2º the “CODE” (Collabora Online Development Edition) server, which is based on “lool” (LibreOffice OnLine).
 
The {{AUR|collabora-online-server-nodocker}} package brings to your Archlinux installation 1º Collabora Office (the desktop suite), and 2º the “CODE” (Collabora Online Development Edition) server, which is based on “lool” (LibreOffice OnLine).
  
Alter the `/etc/loolwsd/loolwsd.xml` file, so that:
+
Alter the {{ic|/etc/loolwsd/loolwsd.xml}} file, so that:
 +
 
 
* `config > server_name` contains the host and port of the public Nextcloud address, separated by a colon (eg. `example.org:443`),
 
* `config > server_name` contains the host and port of the public Nextcloud address, separated by a colon (eg. `example.org:443`),
 
* `config > ssl > enable` is false (ie. web browser —HTTPS→ proxy —HTTP→ loolwsd),
 
* `config > ssl > enable` is false (ie. web browser —HTTPS→ proxy —HTTP→ loolwsd),
Line 1,012: Line 797:
  
 
Then:
 
Then:
* start and enable `loolwsd.service`;
+
 
* configure Nginx as showed in /usr/share/doc/loolwsd/example.nginx.conf, and restart it.
+
* [[start]] and [[enable]] {{ic|loolwsd.service}};
 +
* configure Nginx as showed in {{ic|/usr/share/doc/loolwsd/example.nginx.conf}}, and restart it.
 +
 
 +
== Troubleshooting ==
 +
{{Out of date|A lot of references to OwnCloud, are these still valid with Nextcloud?}}
 +
 
 +
=== Environment variables not available ===
 +
 
 +
Uncomment the line in {{ic|/etc/php/php-fpm.d/www.conf}} as per [https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#php-fpm-tips-label Nextcloud documentation]:
 +
  env[PATH] = /usr/local/bin:/usr/bin:/bin
 +
 
 +
=== Self-signed certificate not accepted ===
 +
 
 +
ownCloud uses [[Wikipedia:cURL]] and [[Wikipedia:SabreDAV]] to check if WebDAV is enabled.
 +
If you use SSL/TLS with a self-signed certificate, e.g. as shown in [[LAMP]], and access ownCloud's admin panel, you will see the following error message:
 +
 
 +
Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken.
 +
 
 +
Assuming that you followed the [[LAMP]] tutorial, execute the following steps:
 +
 
 +
Create a local directory for non-distribution certificates and copy [[LAMP]]s certificate there. This will prevent {{ic|ca-certificates}}-updates from overwriting it.
 +
 
 +
# cp /etc/httpd/conf/server.crt /usr/share/ca-certificates/''WWW.EXAMPLE.COM.crt''
 +
 
 +
Add ''WWW.EXAMPLE.COM.crt'' to {{ic|/etc/ca-certificates.conf}}:
 +
 
 +
''WWW.EXAMPLE.COM.crt''
 +
 
 +
Now, regenerate your certificate store:
 +
 
 +
# update-ca-certificates
 +
 
 +
Restart the httpd service to activate your certificate.
 +
 
 +
=== Self-signed certificate for Android devices ===
 +
 
 +
Once you have followed the setup for SSL, as on [[Apache HTTP Server#TLS]] for example, early versions of DAVdroid will
 +
reject the connection because the certificate is not trusted. A certificate can be made as follows on your server:
 +
 
 +
# openssl x509 -req -days 365 -in /etc/httpd/conf/server.csr -signkey /etc/httpd/conf/server.key -extfile android.txt -out CA.crt
 +
# openssl x509 -inform PEM -outform DER -in CA.crt -out CA.der.crt
 +
 
 +
The file {{ic|android.txt}} should contain the following:
 +
 
 +
basicConstraints=CA:true
 +
 
 +
Then import {{ic|CA.der.crt}} to your Android device:
 +
 
 +
Put the {{ic|CA.der.crt}} file onto the sdcard of your Android device (usually to the internal one, e.g. save from a mail attachment).
 +
It should be in the root directory. Go to ''Settings > Security > Credential storage'' and select ''Install from device storage''.
 +
The {{ic|.crt}} file will be detected and you will be prompted to enter a certificate name. After importing the certificate,
 +
you will find it in ''Settings > Security > Credential storage > Trusted credentials > User''.
 +
 
 +
Thanks to: [http://www.leftbrainthings.com/2013/10/13/creating-and-importing-self-signed-certificate-to-android-device/]
 +
 
 +
Another way is to import the certificate directly from your server via [https://play.google.com/store/apps/details?id=at.bitfire.cadroid CAdroid] and follow the instructions there.
 +
 
 +
=== Cannot write into config directory! ===
 +
 
 +
If you have set {{ic|open_basedir}} in your PHP/web server configuration file (e.g. {{ic|/etc/httpd/conf/extra/nextcloud.conf}}), make sure that it includes {{ic|/etc/webapps}}.
 +
 
 +
Restart the web server to apply the change.
 +
 
 +
=== Cannot create data directory ===
 +
 
 +
If you have set {{ic|open_basedir}} in your PHP/web server configuration file (e.g. {{ic|/etc/httpd/conf/extra/nextcloud.conf}}), make sure that it includes the data directory.
 +
 
 +
Restart the web server to apply the change.
 +
 
 +
=== CSync failed to find a specific file. ===
 +
 
 +
This is most likely a certificate issue. Recreate it, and do not leave the common name empty or you will see the error again.
 +
 
 +
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt
 +
 
 +
=== Seeing white page after login ===
 +
 
 +
The cause is probably a new app that you installed. To fix that, you can use the occ command as described
 +
[https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html here]. So with
 +
 
 +
sudo -u http php /usr/share/webapps/nextcloud/occ app:list
 +
 
 +
you can list all apps (if you installed nextcloud in the standard directory), and with
 +
 
 +
sudo -u http php /usr/share/webapps/nextcloud/occ app:disable <nameOfExtension>
 +
 
 +
you can disable the troubling app.
 +
 
 +
Alternatively, you can either use [[phpMyAdmin]] to edit the {{ic|oc_appconfig}} table (if you got lucky and the table has an edit option), or do it by hand with mysql:
 +
 
 +
mysql -u root -p owncloud
 +
MariaDB [owncloud]> '''delete from''' oc_appconfig '''where''' appid='<nameOfExtension>' '''and''' configkey='enabled' '''and''' configvalue='yes';
 +
MariaDB [owncloud]> '''insert into''' oc_appconfig (appid,configkey,configvalue) '''values''' ('<nameOfExtension>','enabled','no');
 +
 
 +
This should delete the relevant configuration from the table and add it again.
 +
 
 +
=== GUI sync client fails to connect ===
 +
 
 +
If using HTTP basic authentication, make sure to exclude "status.php", which must be publicly accessible. [https://github.com/owncloud/mirall/issues/734]
 +
 
 +
=== GUI tray icon disappears, but client still running in the background ===
 +
 
 +
After waking up from a suspended state, the Nextcloud client tray icon may disappear from the system tray. A workaround is to delay the startup of the client, as noted [https://github.com/nextcloud/desktop/issues/203#issuecomment-463957811 here]. This can be done with the .desktop file, for example:
 +
 
 +
{{hc|.local/share/applications/nextcloud.desktop|<nowiki>
 +
...
 +
Exec=bash -c 'sleep 5 && nextcloud'
 +
...
 +
</nowiki>}}
 +
 
 +
=== Some files upload, but give an error 'Integrity constraint violation...' ===
 +
 
 +
You may see the following error in the ownCloud sync client:
 +
 
 +
    SQLSTATE[23000]: Integrity constraint violation: ... Duplicate entry '...' for key 'fs_storage_path_hash')...
 +
 
 +
This is caused by an issue with the File Locking app, which is often not sufficient to keep conflicts from occurring on some webserver configurations.
 +
A more complete [https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/files_locking_transactional.html Transactional File Locking]
 +
is available that rids these errors, but you must be using the Redis php-caching method. Install {{Pkg|redis}} and {{Pkg|php-redis}}, comment out
 +
your current php-cache mechanism, and then in {{ic|/etc/php/conf.d/redis.ini}} uncomment {{ic|1=extension=redis}}.
 +
Then in {{ic|config.php}} make the following changes:
 +
 
 +
    'memcache.local' => '\OC\Memcache\Redis',
 +
    'filelocking.enabled' => 'true',
 +
    'memcache.locking' => '\OC\Memcache\Redis',
 +
    'redis' => array(
 +
        'host' => 'localhost',
 +
        'port' => 6379,
 +
        'timeout' => 0.0,
 +
          ),
 +
 
 +
and [[start/enable]] {{ic|redis.service}}.
 +
 
 +
Finally, disable the File Locking App, as the Transational File Locking will take care of it (and would conflict).
 +
 
 +
If everything is working, you should see 'Transactional File Locking Enabled' under Server Status on the Admin page, and syncs should no longer cause issues.
 +
 
 +
=== "Cannot write into apps directory" ===
 +
 
 +
As mentioned in the [https://docs.nextcloud.com/server/latest/admin_manual/apps_management.html official admin manual],
 +
either you need an apps directory that is writable by the http user, or you need to set {{ic|appstoreenabled}} to {{ic|false}}.
 +
 
 +
If you have set {{ic|open_basedir}} in your PHP/web server configuration file (e.g. {{ic|/etc/httpd/conf/extra/nextcloud.conf}}), it may be necessary to add your ''/path/to/data'' directory to the string on the line starting with {{ic|php_admin_value open_basedir }}:
 +
 
 +
{{hc|/etc/httpd/conf/extra/nextcloud.conf|2=
 +
 
 +
  php_admin_value open_basedir "''/path/to/data/'':/srv/http/:/dev/urandom:/tmp/:/usr/share/pear/:/usr/share/webapps/nextcloud/:/etc/webapps/nextcloud"
 +
}}
 +
 
 +
=== Installed apps get blocked because of MIME type error ===
 +
 
 +
If you are putting your apps folder outside of the nextcloud installation directory make sure your webserver serves it properly.
 +
 
 +
In nginx this is accomplished by adding a location block to the nginx configuration as the folder will not be included in it by default.
 +
 
 +
location ~ /apps2/(.*)$ {
 +
    alias /var/www/nextcloud/apps/$1;
 +
}
 +
 
 +
=== Security warnings even though the recommended settings have been included in nginx.conf ===
 +
 
 +
At the top of the admin page there might be a warning to set the {{ic|Strict-Transport-Security}}, {{ic|X-Content-Type-Options}},
 +
{{ic|X-Frame-Options}}, {{ic|X-XSS-Protection}} and {{ic|X-Robots-Tag}} according to https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/harden_server.html
 +
even though they are already set like that.
 +
 
 +
A possible cause could be that because owncloud sets those settings, uwsgi passed them along and nginx added them again:
 +
 
 +
{{hc|$ curl -I https://domain.tld|<nowiki>
 +
...
 +
X-XSS-Protection: 1; mode=block
 +
X-Content-Type-Options: nosniff
 +
X-Frame-Options: Sameorigin
 +
X-Robots-Tag: none
 +
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;
 +
X-Content-Type-Options: nosniff
 +
X-Frame-Options: SAMEORIGIN
 +
X-XSS-Protection: 1; mode=block
 +
X-Robots-Tag: none
 +
</nowiki>}}
 +
 
 +
While the fast_cgi sample config has a parameter to avoid that ( {{ic|fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice}} ), when using uwsgi and nginx the following modification of the uwsgi part in nginx.conf could help:
 +
 
 +
{{hc| /etc/nginx/nginx.conf|<nowiki>
 +
...
 +
        # pass all .php or .php/path urls to uWSGI
 +
        location ~ ^(.+\.php)(.*)$ {
 +
            include uwsgi_params;
 +
            uwsgi_modifier1 14;
 +
            # hode following headers received from uwsgi, because otherwise we would send them twice since we already add them in nginx itself
 +
            uwsgi_hide_header X-Frame-Options;
 +
            uwsgi_hide_header X-XSS-Protection;
 +
            uwsgi_hide_header X-Content-Type-Options;
 +
            uwsgi_hide_header X-Robots-Tag;
 +
            uwsgi_hide_header X-Frame-Options;
 +
            #Uncomment line below if you get connection refused error. Remember to commet out line with "uwsgi_pass 127.0.0.1:3001;" below
 +
            uwsgi_pass unix:/run/uwsgi/owncloud.sock;
 +
            #uwsgi_pass 127.0.0.1:3001;
 +
        }
 +
...
 +
</nowiki>}}
 +
 
 +
=== "Reading from keychain failed with error: 'No keychain service available'" ===
 +
 
 +
Can be fixed for Gnome by installing the following 2 packages, {{Pkg|libgnome-keyring}} and {{Pkg|gnome-keyring}}.
 +
Or the following for KDE, {{Pkg|libgnome-keyring}} and {{Pkg|qtkeychain}}.
 +
 
 +
=== FolderSync: "Method Not Allowed" ===
 +
 
 +
FolderSync needs access to  {{ic|/owncloud/remote.php/webdav}}, so you could create another alias for owncloud in your  {{ic|/etc/httpd/conf/extra/nextcloud.conf}}
 +
 
 +
  <IfModule mod_alias.c>
 +
    Alias /nextcloud /usr/share/webapps/nextcloud/
 +
    Alias /owncloud /usr/share/webapps/nextcloud/
 +
  </IfModule>
  
 
== See also ==
 
== See also ==
* [https://docs.nextcloud.com/ nextcloud official website]
+
 
* [https://docs.nextcloud.com/server/13/admin_manual/ nextcloud 13.0 Admin Documentation]
+
* [https://docs.nextcloud.com/ Nextcloud Documentation Overview]
 +
* [https://docs.nextcloud.com/server/latest/admin_manual/ Nextcloud Admin Manual]

Latest revision as of 21:39, 10 January 2020

From Wikipedia:Nextcloud:

Nextcloud is a suite of client-server software for creating and using file hosting services. It is functionally similar to Dropbox, although Nextcloud is free and open-source, allowing anyone to install and operate it on a private server. In contrast to proprietary services like Dropbox, the open architecture allows adding additional functionality to the server in form of applications.

Nextcloud is a fork of ownCloud. For differences between the two, see wikipedia:Nextcloud#Differences to ownCloud.

Contents

Prerequisites

Nextcloud requires several components:[1]

These will be configured in #Setup.

Make sure the required components are installed before proceeding.

Installation

Install the nextcloud package.

Pacman hook

To upgrade the Nextcloud database automatically on updates, you may want to create a pacman hook:

/etc/pacman.d/hooks/nextcloud.hook
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = nextcloud
Target = nextcloud-app-*
  
[Action]
Description = Update Nextcloud installation
When = PostTransaction
Exec = /usr/bin/runuser -u http -- /usr/bin/php /usr/share/webapps/nextcloud/occ upgrade

Setup

As stated above, in order to setup Nextcloud, you must set up the appropriate PHP requirements; additionally, you must configure a database and a webserver.

PHP setup

Tip: For all prerequisite PHP modules, see upstream documentation.

Install PHP#gd and php-intl as additional modules. Configure OPcache as recommended by the documentation.

Some apps (News for example) require the iconv extension, if you wish to use these apps, uncomment the extension in /etc/php/php.ini.

Depending on which database backend will be used:

Performance may be improved through the implementation of caching, see Configuring Memory Caching on the official documentation for details.

Database setup

An SQL database must be setup and used for your Nextcloud installation. After setting up the database here, you will be prompted for its information when you first create an administrator account.

MariaDB

It is recommended to set up an own database and user when using MariaDB:

$ mysql -u root -p
mysql> CREATE DATABASE nextcloud DEFAULT CHARACTER SET 'utf8' COLLATE 'utf8_unicode_ci';
mysql> GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'password';
mysql> FLUSH PRIVILEGES;
mysql> \q
Note: Create or convert the database with MySQL 4-byte support in order to use Emojis (textbased smilies) on your Nextcloud server [2].

PostgreSQL

The following is an example of setting up a PostgreSQL user and database:

[postgres]$ createuser -h localhost -P nextcloud
Enter password for new role:
Enter it again:
[postgres]$ createdb -O nextcloud nextcloud

Web server setup

Warning: It is recommended to use HTTPS instead of plain HTTP, see Apache#TLS or Nginx#TLS for examples and implement this in the examples given below.

Depending on which web server you are using, further setup is required, indicated below.

Apache

If you have not already, install Apache and install and enable Apache's PHP module

Copy the Apache configuration file to the configuration directory:

# cp /etc/webapps/nextcloud/apache.example.conf /etc/httpd/conf/extra/nextcloud.conf

Modify the file according to your preferences. By default it includes an alias for /nextcloud pointing to /usr/share/webapps/nextcloud.

And include it in /etc/httpd/conf/httpd.conf:

Include conf/extra/nextcloud.conf

Ensure that the root location of your Nextcloud installation (e.g., /usr/share/webapps/nextcloud) is accessible by the webserver's user http.

Now restart Apache (httpd.service).

WebDAV

Nextcloud comes with its own WebDAV implementation enabled, which may conflict with the one shipped with Apache. If you have enabled WebDAV in Apache (not enabled by default), disable the modules mod_dav and mod_dav_fs in /etc/httpd/conf/httpd.conf. See [3] for details.

Nginx

Make sure PHP-FPM has been configured correctly as described in Nginx#FastCGI. Uncomment env[PATH] in /etc/php/php-fpm.d/www.conf as it is required by Nextcloud.

Create a server block and add the content according to the Nextcloud documentation:

Note: Use /usr/share/webapps/nextcloud as root location when using nextcloud.
Tip: See the following template[dead link 2019-12-11] as initial configuration when setting up Let's Encrypt.
/etc/nginx/sites-available/owncloud.conf
upstream php-handler {
    server unix:/run/php-fpm/php-fpm.sock;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example.com;

    ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
    ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

    ..

    # Path to the root of your installation
    root /usr/share/webapps/nextcloud/;

    ..

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }
}

lighttpd

Enable lighttpd#FastCGI, e.g. by adding server.modules += ( "mod_fastcgi" ) to /etc/lighttpd/lighttpd.conf.

Create a link to /usr/share/webapps/nextcloud in your /srv/http/ directory (or configured root).

Create data storage directory

Nextcloud needs a directory to store all user files, which has to be writable for the web server. It is recommended to put this directory somewhere outside of /usr, e.g. /var/nextcloud.

Note: Replace http when using a different user/user group for the web server.
# mkdir /var/nextcloud
# chown http:http /var/nextcloud
# chmod 750 /var/nextcloud

Fix apps directory permissions

To give the web server read/write access to the apps directory (e.g. on "Cannot write into "apps" directory"), setup the correct permissions:

Note: Replace http when using a different user/user group for the web server.
# chown -R http:http /usr/share/webapps/nextcloud/apps
# chmod 750 /usr/share/webapps/nextcloud/apps

Explicitly permit Nextcloud directories for php-fpm

Since version 7.4 php-fpm is hardened per default and revokes read/write access on /usr (and sub-directories). Therefore it is also necessary to explicitly give permissions on /usr/share/webapps/nextcloud directories and the Nextcloud data directory (/var/nextcloud in the example above).

Create an override.conf for php-fpm:

# systemctl edit php-fpm.service

Add and save following content.

/etc/systemd/system/php-fpm.service.d/override.conf
[Service]
ReadWritePaths = /usr/share/webapps/nextcloud/apps
ReadWritePaths = /etc/webapps/nextcloud/config

# Replace the following path with the Nextcloud data directory
ReadWritePaths = /var/nextcloud

Afterwards restart the php-fpm service.

Initialize

Open the address where you have installed Nextcloud in a web browser (e.g., https://www.example.com/nextcloud). Enter the database details and the location of the data directory (e.g. /var/nextcloud) set up above.

If you get the error message "Cannot write into "apps" directory", make sure you followed #Fix apps directory permissions above.

Configure caching

It is recommended to enable caching. The Nextcloud documentation provides instructions on Redis, Memcached and APCu.

Security Hardening

See the Nextcloud documentation and Security. Nextcloud additionally provides a Security scanner.

uWSGI

You can run Nextcloud in its own process and service by using the uWSGI application server with uwsgi-plugin-php. This allows you to define a PHP configuration only for this instance of PHP, without the need to edit the global php.ini and thus keeping your web application configurations compartmentalized. uWSGI itself has a wealth of features to limit the resource use and to harden the security of the application, and by being a separate process it can run under its own user.

The only part that differs from #Nginx is the location ~ \.php(?:$|/) {} block:

  location ~ \.php(?:$|/) {
    include uwsgi_params;
    uwsgi_modifier1 14;
    # Avoid duplicate headers confusing OC checks
    uwsgi_hide_header X-Frame-Options;
    uwsgi_hide_header X-XSS-Protection;
    uwsgi_hide_header X-Content-Type-Options;
    uwsgi_hide_header X-Robots-Tag;
    uwsgi_pass unix:/run/uwsgi/nextcloud.sock;
    }

Then create a config file for uWSGI:

/etc/uwsgi/nextcloud.ini
[uwsgi]
; load the required plugins
plugins = php
; force the sapi name to 'apache', this will enable the opcode cache  
php-sapi-name = apache

; set master process name and socket
; '%n' refers to the name of this configuration file without extension
procname-master = uwsgi %n
master = true
socket = /run/uwsgi/%n.sock

; drop privileges
uid    = http
gid    = http
umask  = 027

; run with at least 1 process but increase up to 4 when needed
processes = 4
cheaper = 1

; reload whenever this config file changes
; %p is the full path of the current config file
touch-reload = %p

; disable uWSGI request logging
;disable-logging = true

; enforce a DOCUMENT_ROOT
php-docroot     = /usr/share/webapps/%n
; limit allowed extensions
php-allowed-ext = .php
; and search for index.php if required
php-index = index.php

; set php configuration for this instance of php, no need to edit global php.ini
php-set = date.timezone=Etc/UTC
;php-set = open_basedir=/tmp/:/usr/share/webapps/nextcloud:/etc/webapps/nextcloud:/dev/urandom
php-set = expose_php=false
; avoid security risk of leaving sessions in world-readable /tmp
php-set = session.save_path=/usr/share/webapps/nextcloud/data

; port of php directives set upstream in /usr/share/webapps/nextcloud/.user.ini for use with PHP-FPM
php-set = upload_max_filesize=513M
php-set = post_max_size=513M
php-set = memory_limit=512M
php-set = output_buffering=off

; load all extensions only in this instance of php, no need to edit global php.ini
;; required core modules
php-set = extension=gd
php-set = extension=iconv
;php-set = extension=zip     # enabled by default in global php.ini

;; database connectors
;; uncomment your selected driver
;php-set = extension=pdo_sqlite
;php-set = extension=pdo_mysql
;php-set = extension=pdo_pgsql

;; recommended extensions
;php-set = extension=curl    # enabled by default in global php.ini
php-set = extension=bz2
php-set = extension=intl

;; required for specific apps
;php-set = extension=ldap    # for LDAP integration
;php-set = extension=ftp     # for FTP storage / external user authentication
;php-set = extension=imap    # for external user authentication, requires php-imap

;; recommended for specific apps
;php-set = extension=exif    # for image rotation in pictures app, requires exiv2
;php-set = extension=gmp     # for SFTP storage

;; for preview generation
;; provided by packages in AUR
; php-set = extension=imagick

; opcache
php-set = zend_extension=opcache

; user cache
; provided by php-acpu, to be enabled **either** here **or** in /etc/php/conf.d/apcu.ini
php-set = extension=apcu
; per https://github.com/krakjoe/apcu/blob/simplify/INSTALL
php-set = apc.ttl=7200
php-set = apc.enable_cli=1

; web server is already handling URL rewriting, so tell NextCloud not to repeat this
env = front_controller_active=true

cron2 = minute=-15,unique=1 /usr/bin/php -f /usr/share/webapps/nextcloud/cron.php 1>/dev/null
Note: * Do not forget to set your timezone and uncomment the required database connector in the uWSGI config file
  • The open_basedir directive is optional and commented out. You can uncomment to harden security. Be aware that it may occasionally break things.
  • Use php-docroot = /usr/share/webapps if placing nextcloud in /nextcloud subdirectory.
Warning: The way the Nextcloud background job is currently set up with uWSGI cron will make use of the default global configuration from /etc/php/php.ini. This means that none of the specific parameters defined (e.g. required modules) will be enabled, leading to various issues. One solution is to copy /etc/php/php.ini to e.g. /etc/uwsgi/cron-php.ini, make the required modifications there (mirroring /etc/uwsgi/nextcloud.ini parameters) and referencing it in the cron directive by adding the -c /etc/uwsgi/cron-php.ini option to php invocation.

Activation

uWSGI provides a template unit that allows to start and enable application using their configuration file name as instance identifier. For example, starting uwsgi@nextcloud.socket would start it on demand referencing the configuration file /etc/uwsgi/nextcloud.ini.

To enable the uwsgi service by default at start-up, enable uwsgi@nextcloud.socket.

Note: Here we make use of systemd socket activation to prevent unnecessary resources consumption when no connections are made to the instance. If you would rather have it constantly active, simply remove the .socket part to start and enable the service instead.

See also UWSGI#Running uWSGI.

Setting strong permissions for the filesystem

You should set the permissions for config/, data/ and apps/ as strict possible. That means that your HTTP user (http in case of apache) should own them, and the should have 700 permissions. You can use the following script to achieve this.

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements. See Help:Style for reference.Tango-edit-clear.png

Reason: Complex script for trivial one-time task. (Discuss in Talk:Nextcloud#)
oc-perms
#!/bin/bash
ocpath='/usr/share/webapps/nextcloud'
htuser='http'
htgroup='http'
rootuser='root'

printf "Creating possible missing Directories\n"
mkdir -p $ocpath/data
mkdir -p $ocpath/assets

printf "chmod Files and Directories\n"
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750

printf "chown Directories\n"
chown -R ${rootuser}:${htgroup} ${ocpath}/
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
chown -R ${htuser}:${htgroup} ${ocpath}/assets/
chown -R ${htuser}:${htgroup} ${ocpath}/config/
chown -R ${htuser}:${htgroup} ${ocpath}/data/
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
chown -R ${htuser}:${htgroup} ${ocpath}/updater/

chmod +x ${ocpath}/occ

printf "chmod/chown .htaccess\n"
if [ -f ${ocpath}/.htaccess ]
 then
  chmod 0644 ${ocpath}/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
fi
if [ -f ${ocpath}/data/.htaccess ]
 then
  chmod 0644 ${ocpath}/data/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
fi

If you have customized your Nextcloud installation and your filepaths are different than the standard installation, then modify this script accordingly.

Synchronization

Desktop

The official client can be installed with the owncloud-client or nextcloud-client package. Alternative versions are available in the AUR: owncloud-client-gitAUR.

Calendar

To access your Nextcloud calendars using Mozilla Thunderbird's Lightning calendar you would use the following URL:

https://ADDRESS/remote.php/caldav/calendars/USERNAME/CALENDARNAME

To access your Nextcloud calendars using CalDAV-compatible programs like Kontact or Evolution, you would use the following URL:

https://ADDRESS/remote.php/caldav

For details see the official documentation.

Contacts

To sync contacts with Thunderbird, see these instructions from the official doc.

Mounting files with davfs2

If you want to mount your ownCloud permanently install davfs2 (as described in davfs2) first.

Considering your ownCloud were at https://own.example.com, your WebDAV URL would be https://own.example.com/remote.php/webdav (as of ownCloud 6.0).

To mount your ownCloud, use:

# mount -t davfs https://own.example.com/remote.php/webdav /path/to/mount

You can also create an entry for this in /etc/fstab

/etc/fstab
https://own.example.com/remote.php/webdav /path/to/mount davfs rw,user,noauto 0 0
Tip: In order to allow automount you can also store your username (and password if you like) in a file as described in davfs2#Storing credentials.
Note: If creating/copying files is not possible, while the same operations work on directories, see davfs2#Creating/copying files not possible and/or freezes.

Mounting files in GNOME Files (Nautilus)

You can access the files directly in Nautilus ('+ Other Locations') through WebDAV protocol - use the link as shown in your Nextcloud installation Web GUI (typically: https://example.org/remote.php/webdav/) but replace the protocol name from 'https' to 'davs'. Nautilus will ask for user name and password when trying to connect.

Android

Download the official Nextcloud app from Google Play or F-Droid.

To enable contacts and calendar sync (Android 4+):

  1. download DAVx5 (Play Store, F-Droid)
  2. Enable mod_rewrite.so in httpd.conf
  3. create a new DAVdroid account in the Account settings, and specify your "short" server address and login/password couple, e.g. https://cloud.example.com (there is no need for the /remote.php/{carddav,webdav} part if you configured your web server with the proper redirections, as illustrated previously in the article; DAVdroid will find itself the right URLs)

iOS

Download the official Nextcloud app from the App Store.

Tips and tricks

Running NextCloud in a subdirectory

By including the default nextcloud.conf in httpd.conf, nextCloud will take control of port 80 and your localhost domain.

If you would like to have nextCloud run in a subdirectory, then

For apache,edit the /etc/httpd/conf/extra/nextcloud.conf you included and comment out the <VirtualHost *:80> ... </VirtualHost> part of the include file.

For nginx, you can use the following config when using nextcloud with uwsgi:

/etc/nginx/conf.d/nextcloud.conf
location = /.well-known/carddav {
  return 301 $scheme://$host/nextcloud/remote.php/dav;
}

location = /.well-known/caldav {
  return 301 $scheme://$host/nextcloud/remote.php/dav;
}

location /.well-known/acme-challenge { }

location ^~ /nextcloud {

  root /usr/share/webapps;

  # set max upload size
  client_max_body_size 512M;
  fastcgi_buffers 64 4K;

  # Disable gzip to avoid the removal of the ETag header
  gzip off;

  # Uncomment if your server is build with the ngx_pagespeed module
  # This module is currently not supported.
  #pagespeed off;

  location /nextcloud {
    rewrite ^ /nextcloud/index.php$uri;
  }

  location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
  }

  location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
  }

  location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
    try_files $uri/ =404;
    index index.php;
  }

  location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
    include uwsgi_params;
    uwsgi_modifier1 14;
    # Avoid duplicate headers confusing OC checks
    uwsgi_hide_header X-Frame-Options;
    uwsgi_hide_header X-XSS-Protection;
    uwsgi_hide_header X-Content-Type-Options;
    uwsgi_hide_header X-Robots-Tag;
    uwsgi_pass unix:/run/uwsgi/owncloud.sock;
  }

  # Adding the cache control header for js and css files
  # Make sure it is BELOW the PHP block
  location ~* \.(?:css|js) {
    try_files $uri /nextcloud/index.php$uri$is_args$args;
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers  (It is intended
    # to have those duplicated to the ones above)
    # Before enabling Strict-Transport-Security headers please read
    # into this topic first.
    # add_header Strict-Transport-Security "max-age=15768000;
    # includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Do not log access to assets
    access_log off;
  }

  location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg) {
    try_files $uri /nextcloud/index.php$uri$is_args$args;
    # Optional: Do not log access to other assets
    access_log off;
  }
}

Docker

See the ownCloud or Nextcloud repository for Docker.

Upload and share from File Manager

shareLinkCreator provides the ability to upload a file to OwnCloud via a supported file manager and receive a link to the uploaded file which can then be emailed or shared in another way.

Defining Background Jobs

Nextcloud requires scheduled execution of some tasks, and by default it achieves this by using AJAX, however AJAX is the least reliable method, and it is recommended to use Cron instead. However, ArchLinux ships with systemd, so the preferred way of executing scheduled tasks is a systemd timer.

Manual install

First create a service:

/etc/systemd/system/nextcloudcron.service
[Unit]
Description=Nextcloud cron.php job

[Service]
User=http
ExecStart=/usr/bin/php -f /usr/share/webapps/nextcloud/cron.php

[Install]
WantedBy=basic.target

Then create a timer for that service:

/etc/systemd/system/nextcloudcron.timer
[Unit]
Description=Run Nextcloud cron.php every 15 minutes

[Timer]
OnBootSec=5min
OnUnitActiveSec=15min
Unit=nextcloudcron.service

[Install]
WantedBy=timers.target

Activate timer

Start/enable nextcloudcron.timer.

Confirm that it is running by running

# systemctl list-timers

AUR package

Install nextcloud-systemd-timersAUR.

Provided services can be checked with:

$ pacman -Ql nextcloud-systemd-timers

For instance, to run the cron.php script every 15 minutes:

# systemctl start nextcloud-cron.timer
# systemctl enable nextcloud-cron.timer

Collabora Online Office integration

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: What is the correct domain (or server_name in the config) when Nextcloud runs in a subdirectory? (Discuss in Talk:Nextcloud#)

Solution with Docker: CODE backend using the official Docker image

The first, install a docker package to provide collabora files and setup a Collabora server.

Start/enable docker.service.

Then, download the required binares :

# docker pull collabora/code

And, installing a Collabora server. Make sure cloud//.example//.com is your nextcloud's domain, not a collabora :

# docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=cloud\\.example\\.com' --restart always --cap-add MKNOD collabora/code

Also make sure to escape all dots with double backslashes (\), since this string will be evaluated as a regular expression (and your bash 'eats' the first backslash.) If you want to use the docker container with more than one Nextcloud, you will need to use 'domain=cloud\\.example\\.com\|second\\.example\\.com' instead. (All hosts are separated by \|.) When using `localhost` as domain for testing you need to add --net host to ensure the docker container can access your Nextcloud server.

If you need to delete or reinstall Collabora server use:

For recognition CONTAINER_ID of server

# docker ps

Stop and delete

# docker stop CONTAINER_ID
# docker rm CONTAINER_ID

Futher, follow the instruction of webserver you are using:

Nginx setup example:

Add following to your nextcloud domain config or add new config file in /etc/nginx/conf.d/ directory, (Do not forget to change office.example.com and ssl_certificate to the right values. If you are using docker image, change http to https.)

/etc/nginx/conf.d/example.conf
 upstream office.example.com {
    server 127.0.0.1:9980;
}

server {
    listen 443 ssl;
    server_name office.example.com;
 
    ssl_certificate /etc/letsencrypt/live/office.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/office.example.com/privkey.pem;

    # static files
    location ^~ /loleaflet {
        proxy_pass http://127.0.0.1:9980;
        proxy_set_header Host $host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass http://127.0.0.1:9980;
        proxy_set_header Host $host;
    }

    # Main websocket
    location ~ /lool/(.*)/ws$ {
        proxy_pass http://127.0.0.1:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
        proxy_read_timeout 36000s;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
	proxy_buffering off;
        proxy_pass http://127.0.0.1:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ /lool {
        proxy_pass http://127.0.0.1:9980;
        proxy_set_header Host $host;
    }
}

Restart a nginx:

# nginx -s reload

or restart nginx.service.

Apache setup example:

Add following to nextcloud config file. Do not forget to change to the right values

/etc/httpd/conf/extra/nextcloud.conf
<VirtualHost *:443>
ServerName office.nextcloud.com:443

# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /path/to/signed_certificate
SSLCertificateChainFile /path/to/intermediate_certificate
SSLCertificateKeyFile /path/to/private/key
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder     on

# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode

# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off

# keep the host
ProxyPreserveHost On

# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

# WOPI discovery URL
ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

# Admin Console websocket
ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

# Download as, Fullscreen presentation and Image upload operations
ProxyPass           /lool https://127.0.0.1:9980/lool
ProxyPassReverse    /lool https://127.0.0.1:9980/lool
</VirtualHost>

After configuring these do restart your apache by restarting httpd.service.

Install the Nextcloud app

Go to the Apps section and choose “Office & Text”, install the “Collabora Online” app. In admin panel select Collabora Online tab and specific the server's domain you have setup before.

Solution without Docker: CODE backend using an Archlinux package

The collabora-online-server-nodockerAUR package brings to your Archlinux installation 1º Collabora Office (the desktop suite), and 2º the “CODE” (Collabora Online Development Edition) server, which is based on “lool” (LibreOffice OnLine).

Alter the /etc/loolwsd/loolwsd.xml file, so that:

  • `config > server_name` contains the host and port of the public Nextcloud address, separated by a colon (eg. `example.org:443`),
  • `config > ssl > enable` is false (ie. web browser —HTTPS→ proxy —HTTP→ loolwsd),
  • `config > ssl > termination` is true (I suppose you’ll manage TLS at the proxy level),
  • `config > storage > wopi > host` reflects the actual hostname (or pattern) of the proxy server (eg. `(?:.*\.)?example\.org`),
  • `config > admin_console > username` and `config > admin_console > password` are set to values of your choice.

Then:

  • start and enable loolwsd.service;
  • configure Nginx as showed in /usr/share/doc/loolwsd/example.nginx.conf, and restart it.

Troubleshooting

Tango-view-refresh-red.pngThis article or section is out of date.Tango-view-refresh-red.png

Reason: A lot of references to OwnCloud, are these still valid with Nextcloud? (Discuss in Talk:Nextcloud#)

Environment variables not available

Uncomment the line in /etc/php/php-fpm.d/www.conf as per Nextcloud documentation:

 env[PATH] = /usr/local/bin:/usr/bin:/bin

Self-signed certificate not accepted

ownCloud uses Wikipedia:cURL and Wikipedia:SabreDAV to check if WebDAV is enabled. If you use SSL/TLS with a self-signed certificate, e.g. as shown in LAMP, and access ownCloud's admin panel, you will see the following error message:

Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken.

Assuming that you followed the LAMP tutorial, execute the following steps:

Create a local directory for non-distribution certificates and copy LAMPs certificate there. This will prevent ca-certificates-updates from overwriting it.

# cp /etc/httpd/conf/server.crt /usr/share/ca-certificates/WWW.EXAMPLE.COM.crt

Add WWW.EXAMPLE.COM.crt to /etc/ca-certificates.conf:

WWW.EXAMPLE.COM.crt

Now, regenerate your certificate store:

# update-ca-certificates

Restart the httpd service to activate your certificate.

Self-signed certificate for Android devices

Once you have followed the setup for SSL, as on Apache HTTP Server#TLS for example, early versions of DAVdroid will reject the connection because the certificate is not trusted. A certificate can be made as follows on your server:

# openssl x509 -req -days 365 -in /etc/httpd/conf/server.csr -signkey /etc/httpd/conf/server.key -extfile android.txt -out CA.crt
# openssl x509 -inform PEM -outform DER -in CA.crt -out CA.der.crt 

The file android.txt should contain the following:

basicConstraints=CA:true

Then import CA.der.crt to your Android device:

Put the CA.der.crt file onto the sdcard of your Android device (usually to the internal one, e.g. save from a mail attachment). It should be in the root directory. Go to Settings > Security > Credential storage and select Install from device storage. The .crt file will be detected and you will be prompted to enter a certificate name. After importing the certificate, you will find it in Settings > Security > Credential storage > Trusted credentials > User.

Thanks to: [4]

Another way is to import the certificate directly from your server via CAdroid and follow the instructions there.

Cannot write into config directory!

If you have set open_basedir in your PHP/web server configuration file (e.g. /etc/httpd/conf/extra/nextcloud.conf), make sure that it includes /etc/webapps.

Restart the web server to apply the change.

Cannot create data directory

If you have set open_basedir in your PHP/web server configuration file (e.g. /etc/httpd/conf/extra/nextcloud.conf), make sure that it includes the data directory.

Restart the web server to apply the change.

CSync failed to find a specific file.

This is most likely a certificate issue. Recreate it, and do not leave the common name empty or you will see the error again.

# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt

Seeing white page after login

The cause is probably a new app that you installed. To fix that, you can use the occ command as described here. So with

sudo -u http php /usr/share/webapps/nextcloud/occ app:list

you can list all apps (if you installed nextcloud in the standard directory), and with

sudo -u http php /usr/share/webapps/nextcloud/occ app:disable <nameOfExtension>

you can disable the troubling app.

Alternatively, you can either use phpMyAdmin to edit the oc_appconfig table (if you got lucky and the table has an edit option), or do it by hand with mysql:

mysql -u root -p owncloud
MariaDB [owncloud]> delete from oc_appconfig where appid='<nameOfExtension>' and configkey='enabled' and configvalue='yes';
MariaDB [owncloud]> insert into oc_appconfig (appid,configkey,configvalue) values ('<nameOfExtension>','enabled','no');

This should delete the relevant configuration from the table and add it again.

GUI sync client fails to connect

If using HTTP basic authentication, make sure to exclude "status.php", which must be publicly accessible. [5]

GUI tray icon disappears, but client still running in the background

After waking up from a suspended state, the Nextcloud client tray icon may disappear from the system tray. A workaround is to delay the startup of the client, as noted here. This can be done with the .desktop file, for example:

.local/share/applications/nextcloud.desktop
...
Exec=bash -c 'sleep 5 && nextcloud'
...

Some files upload, but give an error 'Integrity constraint violation...'

You may see the following error in the ownCloud sync client:

   SQLSTATE[23000]: Integrity constraint violation: ... Duplicate entry '...' for key 'fs_storage_path_hash')...

This is caused by an issue with the File Locking app, which is often not sufficient to keep conflicts from occurring on some webserver configurations. A more complete Transactional File Locking is available that rids these errors, but you must be using the Redis php-caching method. Install redis and php-redis, comment out your current php-cache mechanism, and then in /etc/php/conf.d/redis.ini uncomment extension=redis. Then in config.php make the following changes:

   'memcache.local' => '\OC\Memcache\Redis',
   'filelocking.enabled' => 'true',
   'memcache.locking' => '\OC\Memcache\Redis',
   'redis' => array(
        'host' => 'localhost',
        'port' => 6379,
        'timeout' => 0.0,
         ),

and start/enable redis.service.

Finally, disable the File Locking App, as the Transational File Locking will take care of it (and would conflict).

If everything is working, you should see 'Transactional File Locking Enabled' under Server Status on the Admin page, and syncs should no longer cause issues.

"Cannot write into apps directory"

As mentioned in the official admin manual, either you need an apps directory that is writable by the http user, or you need to set appstoreenabled to false.

If you have set open_basedir in your PHP/web server configuration file (e.g. /etc/httpd/conf/extra/nextcloud.conf), it may be necessary to add your /path/to/data directory to the string on the line starting with php_admin_value open_basedir :

/etc/httpd/conf/extra/nextcloud.conf
php_admin_value open_basedir "/path/to/data/:/srv/http/:/dev/urandom:/tmp/:/usr/share/pear/:/usr/share/webapps/nextcloud/:/etc/webapps/nextcloud"

Installed apps get blocked because of MIME type error

If you are putting your apps folder outside of the nextcloud installation directory make sure your webserver serves it properly.

In nginx this is accomplished by adding a location block to the nginx configuration as the folder will not be included in it by default.

location ~ /apps2/(.*)$ {
    alias /var/www/nextcloud/apps/$1;
}

Security warnings even though the recommended settings have been included in nginx.conf

At the top of the admin page there might be a warning to set the Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection and X-Robots-Tag according to https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/harden_server.html even though they are already set like that.

A possible cause could be that because owncloud sets those settings, uwsgi passed them along and nginx added them again:

$ curl -I https://domain.tld
...
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: Sameorigin
X-Robots-Tag: none
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none

While the fast_cgi sample config has a parameter to avoid that ( fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice ), when using uwsgi and nginx the following modification of the uwsgi part in nginx.conf could help:

 /etc/nginx/nginx.conf
...
        # pass all .php or .php/path urls to uWSGI
        location ~ ^(.+\.php)(.*)$ {
            include uwsgi_params;
            uwsgi_modifier1 14;
            # hode following headers received from uwsgi, because otherwise we would send them twice since we already add them in nginx itself
            uwsgi_hide_header X-Frame-Options;
            uwsgi_hide_header X-XSS-Protection;
            uwsgi_hide_header X-Content-Type-Options;
            uwsgi_hide_header X-Robots-Tag;
            uwsgi_hide_header X-Frame-Options;
            #Uncomment line below if you get connection refused error. Remember to commet out line with "uwsgi_pass 127.0.0.1:3001;" below
            uwsgi_pass unix:/run/uwsgi/owncloud.sock;
            #uwsgi_pass 127.0.0.1:3001;
        }
...

"Reading from keychain failed with error: 'No keychain service available'"

Can be fixed for Gnome by installing the following 2 packages, libgnome-keyring and gnome-keyring. Or the following for KDE, libgnome-keyring and qtkeychain.

FolderSync: "Method Not Allowed"

FolderSync needs access to /owncloud/remote.php/webdav, so you could create another alias for owncloud in your /etc/httpd/conf/extra/nextcloud.conf

  <IfModule mod_alias.c>
    Alias /nextcloud /usr/share/webapps/nextcloud/
    Alias /owncloud /usr/share/webapps/nextcloud/
  </IfModule>

See also