User:Steffo/Nextcloud

From ArchWiki
Jump to navigation Jump to search

Category:File sharing Category:Web applications

From Wikipedia:Nextcloud:

Nextcloud is a suite of client-server software for creating and using file hosting services. It is functionally similar to Dropbox, although Nextcloud is free and open-source, allowing anyone to install and operate it on a private server. In contrast to proprietary services like Dropbox, the open architecture allows adding additional functionality to the server in form of applications.

Nextcloud is a fork of ownCloud. For differences between the two, see wikipedia:Nextcloud#Differences from ownCloud.

Prerequisites

Nextcloud requires several components:[1]

  • A PHP FastCGI implementation:

Make sure the required components are installed before proceeding.

Installation

Install the nextcloud package.

Database setup

An SQL database must be set up and used for your Nextcloud installation. After setting up the database here, you will be prompted for its information when you first create an administrator account.

MariaDB

Create the nextcloud database:

# mariadb
MariaDB [(none)]> CREATE DATABASE nextcloud DEFAULT CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_general_ci';

Then, create the nextcloud user and give it privileges to use the newly created database:

# mariadb
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nextcloud.* TO nextcloud IDENTIFIED BY 'YOUR_PASSWORD_HERE';
MariaDB [(none)]> FLUSH PRIVILEGES;

Configure the pdo_mysql and mysqli extensions

PostgreSQL

Create the nextcloud user:

# sudo -iu postgres
[postgres]$ createuser nextcloud

Then, create the nextcloud database owned by the newly created user:

# sudo -iu postgres
[postgres]$ createdb --owner=nextcloud nextcloud

Configure the pdo_pgsql and pgsql extensions (php-pgsql)

PHP setup

Ensure session.save_path is set:

/etc/php/php.ini
session.save_path = "/tmp"

Ensure the required, recommended and optional extensions are enabled:

/etc/php/php.ini
extension=gd
extension=intl
extension=zip

Enable the opcache extension, and configure it recommended by the documentation:

/etc/php/php.ini
zend_extension=opcache

opcache.enable=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

Increase the PHP memory limit to a value greater or equal to 512 MB:

/etc/php/php.ini
memory_limit = 512M

PHP-FPM setup

Add an additional process pool that runs as the nextcloud user and group:

/etc/php/php-fpm.d/nextcloud.conf
[nextcloud]
user = nextcloud
group = nextcloud
listen = /run/nextcloud/php-fpm.sock
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp

; should be accessible by your web server
listen.owner = http
listen.group = http

pm = dynamic
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 18

The php-fpm service runs with the system mounted as read-only for hardening purposes, so it is necessary to explicitly grant write permissions on the appropriate Nextcloud paths.

Create an override.conf for php-fpm:

# systemctl edit php-fpm.service
[Service]
ReadWritePaths=/var/lib/nextcloud/data
ReadWritePaths=/var/lib/nextcloud/apps
ReadWritePaths=/etc/webapps/nextcloud/config

Restart php-fpm.service.

Nextcloud setup

Note: This section requires having installed and configured the #Prerequisites and having completed the #Database setup, #PHP setup, and #PHP-FPM setup steps. They also must be running.

Paths configuration

The configuration files are stored in the /etc/webapps/nextcloud/config/ directory.

The config.php file contains the settings for the Nextcloud instance, and is prefilled with some Arch-specific settings:

/etc/webapps/nextcloud/config/config.php
<?php
$CONFIG = array (
'datadirectory' => '/var/lib/nextcloud/data',
'logfile' => '/var/log/nextcloud/nextcloud.log',
'apps_paths' => [
  [
    'path'=> '/usr/share/webapps/nextcloud/apps',
    'url' => '/apps',
    'writable' => false,
  ],
  [
    'path'=> '/var/lib/nextcloud/apps',
    'url' => '/wapps',
    'writable' => true,
  ],
],
);

The config.sample.php file contains all available config options: they should be copied to config.php as needed and possibly changed to match the desired behaviour.

The CAN_INSTALL file is a blank file that, if present, authorizes Nextcloud to begin a new installation if so is requested through the installation page.

Note: If you intent to change the default paths, see the #Optional steps section.

Setup

occ (OwnCloud Console) is a command-line tool that can be used to administrate Nextcloud. It is located in /usr/share/webapps/nextcloud/occ and should always be run as the nextcloud user. A wrapper is provided in /usr/bin/occ which will run the command using sudo.

To set up Nextcloud, you can use the # occ maintenance:install command. See documentation for more details.

For example, to set up Nextcloud with #PostgreSQL, using Unix sockets:

# occ maintenance:install --database "pgsql" --database-name "nextcloud" --database-user "nextcloud" --database-pass "password" --admin-user "admin" --admin-pass "password"

To set up Nextcloud with #MariaDB:

# occ maintenance:install --database "mysql" --database-name "nextcloud" --database-user "nextcloud" --database-pass "password" --admin-user "admin" --admin-pass "password"

Web server setup

Depending on which web server you are using, further setup is required.

Apache

Ensure the Apache HTTP Server is enabled, and that php-fpm is correctly configured.

Create a new Apache virtual host for Nextcloud:

/etc/httpd/conf/vhosts
<VirtualHost *:443>

    ServerName nextcloud.example.com

    SSLEngine on
    SSLCertificateFile      "/path/to/your/chain"
    SSLCertificateKeyFile   "/path/to/your/privatekey"

    DocumentRoot /usr/share/webapps/nextcloud
    DirectoryIndex index.php index.html

    <Directory /usr/share/webapps/nextcloud>
        Require all granted
    </Directory>

    <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/nextcloud/php-fpm.sock|fcgi://localhost/"
    </FilesMatch>

</VirtualHost>

Change the localhost in the trusted_domains key of the Nextcloud config to your virtual host ServerName:

/etc/webapps/nextcloud/config/config.php
'trusted_domains' =>
  array (
    0 => 'nextcloud.example.org',
  ),

Do the same to the overwrite.cli.url key:

/etc/webapps/nextcloud/config/config.php
'overwrite.cli.url' => 'http://nextcloud.example.org',

Restart httpd.service.

Nginx

Make sure #PHP-FPM setup has been followed correctly.

Create /etc/nginx/conf.d/nextcloud.conf and add the content according to the Nextcloud documentation.

Set the php-handler block according to you php-fpm socket:

/etc/nginx/conf.d/nextcloud.conf
upstream php-handler {
    server unix:/run/nextcloud/php-fpm.sock;
}

Make sure to include your configuration file in nginx:

/etc/nginx/nginx.conf
include conf.d/*.conf;

Optional steps

Customize Nextcloud paths

Data directory

By default, data is stored in /var/lib/nextcloud/data/, a directory accessible only from the Nextcloud application.

This location can be configured by changing the datadirectory config key:

'datadirectory' => '/var/lib/nextcloud/data',
Note: The datadirectory needs to be writable by the nextcloud user.

System apps directory

Some Nextcloud apps are distributed as Arch packages:

They are installed in the /usr/share/webapps/nextcloud/apps directory.

Note: This directory should not be writable by the nextcloud, and should be owned by root instead.

This path should be present as an entry of the apps_paths config key:

[
  'path'=> '/usr/share/webapps/nextcloud/apps',
  'url' => '/apps',
  'writable' => false,
],

Writable apps directory

Other Nextcloud apps can be downloaded from the internal app store.

By default, they are installed through the /usr/share/webapps/nextcloud/wapps symlink in /var/lib/nextcloud/apps, a directory accessible only from the Nextcloud application.

This location can be configured by changing the writable path in the apps_paths default config key:

[
  'path'=> '/var/lib/nextcloud/apps',
  'url' => '/wapps',
  'writable' => true,
],
Note: This directory needs to be writable by the nextcloud user, and a symlink pointing to it should be available in /usr/share/webapps/nextcloud/wapps.

Log directory

Nextcloud keeps an internal logfile where various events (such as errors) are logged.

By default, logs are created in /var/log/nextcloud/nextcloud.log.

This location can be configured by changing the logfile config key.

'logfile' => '/var/log/nextcloud/nextcloud.log',

Optional php modules

Optionally, you may want to install and configure other recommended and optional PHP extensions. For all prerequisite PHP modules, see the upstream documentation.

Cache setup

To improve speed, caching can be configured using of the three supported backends.

Redis cache setup

Comment: I didn't get it to work yet.

Ensure that PHP#Redis is installed and configured.

Add the following lines to the Nextcloud config (uncomment the password if it is required):

/etc/webapps/nextcloud/config/config.php
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
     'host'     => '/var/run/redis/redis.sock',
     'port'     => 0,
     'dbindex'  => 0,
     # 'password' => 'secret',
],

Background tasks

Nextcloud by default a single background task every time one of its pages is visited.

This behaviour is for compatibility and is not recommended; it is recommended to configure a systemd timer that runs the tasks independently from the users visiting the website.

To do so, create and enable the nextcloud-cron service:

/etc/systemd/system/nextcloud-cron.service
[Unit]
Description=Nextcloud cron.php job

[Service]
User=nextcloud
ExecStart=/usr/bin/php -f /usr/share/webapps/nextcloud/cron.php
KillMode=process

Then, create and enable the nextcloud-cron timer:

/etc/systemd/system/nextcloud-cron.timer
[Unit]
Description=Run nextcloud-cron every 5 minutes

[Timer]
OnBootSec=5min
OnUnitActiveSec=5min
Unit=nextcloud-cron.service

[Install]
WantedBy=timers.target

Finally, enable the Cron background tasks mode:

# occ background:cron