Introduction
This page describes how Alexis Huxley installed the Nextcloud (a fork of ownCloud) server software on his own systems.
Prologue
- On the backend webserver, since I cloned a machine, I needed to reset the snakeoil certificate by running:
make-ssl-cert generate-default-snakeoil --force-overwrite c_rehash
Basic Apache installation
- Run:
apt-get -y install apache2
- Set up the SSL server as follows:
rm /etc/apache2/sites-available/* sed -r -i 's/^(Listen 80)/#\1/' /etc/apache2/ports.conf vi /etc/apache2/sites-available/$(hostname -f)-ssl.conf
containing:
<VirtualHost *:443> ServerName capellini.pasta.net.pasta.net DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/capellini.pasta.net.pasta.net-error.log CustomLog ${APACHE_LOG_DIR}/capellini.pasta.net.pasta.net-access.log combined LogLevel warn ServerSignature Off SSLEngine On SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key </VirtualHost> - Run:
a2enmod ssl a2ensite $(hostname -f)-ssl service apache2 restart
- Test by running:
date > /var/www/html/index.html
- Visit https://backend/ and verify that the data is shown (after accepting self-signed certificate).
- Remove /var/www/html/index.html and verify that that directory is now empty (including no dot files).
Basic Nextcloud installation
- On the backend webserver run:
apt-get -y install mariadb-server libapache2-mod-php7.0 php7.0-gd \ php7.0-json php7.0-mysql php7.0-curl php7.0-mbstring php7.0-intl \ php7.0-mcrypt php-imagick php7.0-xml php7.0-zip - Edit /etc/php/7.0/apache2/php.ini and add:
[opcache] opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1
and run:
systemctl reload apache2
- Go to https://nextcloud.com/install/, under the ‘Get Nextcloud Server’ section click ‘Download’, then click ‘Details and Download options’ and copy the link for the ‘.tar.bz2’ download.
- On the backend webserver run:
wget <link> tar xjf ~/nextcloud-*.tar.bz2 --strip-components=1 --directory=/var/www/html chown -R www-data:www-data /var/www/html
- Configure pretty URLs within Nextcloud by adding to /var/www/html/config/config.php:
'overwrite.cli.url' => 'https://nextcloud.pasta.freemyip.com', 'htaccess.RewriteBase' => '/',
(This must be done before accessing the web wizard.)
Apache Web server configuration
- Configure pretty URLs within Apache by running:
a2enmod env a2enmod rewrite
- Get Apache to call Nextcloud by editing /etc/apache2/sites-available/$(hostname -f).conf and inside the VirtualHost stanza, add:
<Directory /var/www/html/> Options +FollowSymlinks AllowOverride All <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /var/www/html SetEnv HTTP_HOME /var/www/html </Directory> - Run:
service apache2 restart
Database
- Create a database as follows:
mysql create database nextcloud; create user 'nextcloud'@localhost identified by '<set-a-password>'; grant all on nextcloud.* to 'nextcloud'; \q
Web wizard
- Go to https://<nextcloud-server>/nextcloud/.
- set the admin’s login to admin
- set the admin’s password
- Expand the ‘Storage & database’ section.
- leave the default data folder
- There is probably no option except to use MariaDB/Mysql, but if there is then set the database type to MySQL/MariaDB.
- click ‘Finish Setup’ and wait.
- Dismiss the popup that appears about client software.
Configuration
- For security run:
a2enmod headers
and add the following to the vhost config:
<IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" </IfModule>
- For performance run:
apt-get -y install php-apcu
and edit /var/www/html/config/config.php and add to it:
'memcache.local' => '\OC\Memcache\APCu',
- Run:
service apache2 restart
- Set the admin’s full name (‘Nextcloud Administrator’) and email address (alexishuxley@…)
- Delete all admin-owned files within nextcloud.
- Create a group called ‘users’ (Nextcloud’s native groups support different cases, which are used to select from a pulldown menu and to show in the left panel, but admin-created groups do not; hence calling the group ‘users’ and not ‘Users’).
- Create users as required and place them in that group.
- Disable apps: Activity, Spreed (it conflicts with Talk, which we’ll install shortly), Mindmaps
- Enable apps: GpxEdit, Music, Talk, Contacts, Deck, Mindmaps, Tasks, Weather
Proxy
- On the frontend webserver add a vhost like this:
<IfModule mod_ssl.c> <VirtualHost *:443> ServerName nextcloud.pasta.freemyip.com ServerAdmin webmaster@dont-use-this-address CustomLog /var/log/apache2/nextcloud.pasta.freemyip.com-access.log combined2 ErrorLog /var/log/apache2/nextcloud.pasta.freemyip.com-error.log LogLevel warn ServerSignature Off SSLProxyEngine on Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/nextcloud.pasta.freemyip.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.pasta.freemyip.com/privkey.pem SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ProxyPass / https://capellini.pasta.net/ ProxyPassReverse / https://capellini.pasta.net/ </VirtualHost> </IfModule> - On the backend server edit /var/www/html/config/config.php and add a line like:
array ( ... 1 => 'nextcloud.pasta.freemyip.com', ),
- Configure the logging of client IPs.
Testing #2
- Connect as a normal user.
- Connect as the admin and go to: N–>Settings–>Administration–>Basic Settings; there should be no warnings.
- Go to https://scan.nextcloud.com/ and enter the server URL.
Nextcloud client
- PCMS should have done this automatically. Users should see Configuring desktop environment.
Maintenance commands
su - www-data -s /bin/bash -c '~/nextcloud/occ upgrade'
su - www-data -s /bin/bash -c '~/nextcloud/occ maintenance:mode --off'