Configuring Nextcloud (revision 2.2)

Introduction

This page describes how Alexis Huxley installed the Nextcloud (a fork of ownCloud) server software on his own systems.

The basic procedure is:

1. install Apache as a dumb back-end webserver
2. configure Apache on the front-end webserver as a proxy
3. install Nextcloud on the back-end webserver
4. install Nextcloud plugins
5. review security

Apache installation on the back-end

1. Run:

   apt -y install apache2

2. Disable default sites and ports by running:

   rm /etc/apache2/sites-available/*
   sed -r -i 's/^(Listen 80)/#\1/' /etc/apache2/ports.conf

3. Set some environment varialbes needed in the rest of the procedure:

   FQHN=$(hostname -f)

4. Create /etc/apache2/sites-available/$FQHN-ssl.conf, containing:

   <VirtualHost *:443>
       ServerName FQHN
       CustomLog ${APACHE_LOG_DIR}/FQHN-access.log combined
       ErrorLog ${APACHE_LOG_DIR}/FQHN-error.log
       LogLevel warn
       ServerSignature Off  
   
       SSLEngine On
       SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
       SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
   
       DocumentRoot /var/www/html
   </VirtualHost>

   and substitute the markers by running:

   sed -i "s/FQHN/$FQHN/g" /etc/apache2/sites-available/$FQHN-ssl.conf

5. Run:

   a2enmod ssl
   a2ensite $FQHN-ssl
   systemctl restart apache2

6. Test by running:

   date > /var/www/html/index.html
   w3m -dump https://$FQHN/
   rm /var/www/html/index.html

Configuring Apache on the front-end as a proxy

1. See the section ‘Heavyweight web services: proxying to a backend webserver’ of Configuring web services (revision 2).

Nextcloud installation

1. On the backend webserver run:

   PHP_VER=7.4
   PKGS=(
       php$PHP_VER
       php$PHP_VER-common # provides php-ctype
       php$PHP_VER-curl
       php$PHP_VER-xml  #   provides php-dom
       php$PHP_VER-gd
       php$PHP_VER-common  # provides php-iconf
       php$PHP_VER-json
       php$PHP_VER-xml
       php$PHP_VER-mbstring
       #  php/openssl not identified
       #  php/posix not identified
       #  php/session not identified
       php$PHP_VER-xml # contains SimpleXML
       # php/xmlreader not identified
       # php/xmlwriter not identified
       php$PHP_VER-zip
       php-db php$PHP_VER-mysql
       # php/fileinfo not identified
       php$PHP_VER-bz2
       php$PHP_VER-intl
       php$PHP_VER-ldap
       php-redis
       php-imagick
       ffmpeg
       php$PHP_VER-cli   # provides pcntl
   )
   apt -y install "${PKGS[@]}"
   

   A few notes regarding that list:

   1. It’s taken from the official documentation.
   2. Don’t be tempted to use APCu instead of Redis; APCu has a bug.
   3. A good command for working out what provides various virtual pages is:

      apt-cache showpkg <virt-pkg>    #  e.g. apt-cache showpkg php-ctype

2. Edit /etc/apache2/sites-available/$FQHN-ssl.conf and add:

   <Directory /var/www/html/>
     Require all granted
     AllowOverride All
     Options FollowSymLinks MultiViews
     <IfModule mod_dav.c>
       Dav off
     </IfModule>
   </Directory>

3. Run:

   a2enmod rewrite
   a2enmod env
   a2enmod dir
   a2enmod mime
   systemctl reload apache2

4. Go here, click ‘Download for server’, then click ‘Details and Download options’ and copy the link for the ‘.tar.bz2’ download.
5. On the backend webserver run:

   wget <link>
   tar xjf ~/nextcloud-*.tar.bz2 --strip-components=1 --directory=/var/www/html
   

6. Create /var/www/html/config/config.php containing only:

   <?php
   $CONFIG = array(
   );

7. Run:

   chown -R www-data:www-data /var/www/html/

8. Configure pretty URLs within Nextcloud by adding to /var/www/html/config/config.php between the round brackets:

   'overwrite.cli.url' => 'https://nextcloud.pasta.freemyip.com',
   'htaccess.RewriteBase' => '/',

9. Add both the back-end and front-end webserver names to /var/www/html/config/config.php between the round brackets:

   'trusted_domains' => array (
       0 => 'gnocchi.pasta.net',
       1 => 'nextcloud.pasta.freemyip.com',
     ),
   'overwritehost' => 'nextcloud.pasta.freemyip.com',

10. Clone the trusted_domains setting to trusted_proxies; this will prevent a security warning later.
11. Visit https://$FQHN/ or preferably the front-end webserver, which should prompt for admin account details and database details. Don’t fill anything in yet; we’ll do that in a moment.
12. Create a database as follows:

    apt -y install mariadb-server
    mariadb
    create database nextcloud;
    create user 'nextcloud'@localhost identified by '<set-a-password>';
    grant all on nextcloud.* to 'nextcloud'@localhost;
    \q

13. Go to https://<nextcloud-server>/.
14. Set the admin’s login to admin.
15. Set the admin’s password.
16. Expand the ‘Storage & database’ section.
17. Leave the default data folder.
18. There is probably no option except to use MariaDB/Mysql, but if there is then set the database type to MySQL/MariaDB.
19. Click ‘Finish Setup’ and wait.
20. Dismiss the popup that appears about client software.
21. To switch to the Beta Channel:
    1. Edit /etc/php/7.4/apache2/php.ini and set:

       memory_limit = 512M

       (Without this the download of the beta version will fail integrity checks.)

    2. Go to Settings–>Overview menu and change the update channel to Beta.
    3. Go to Settings–>Overview menu and click Open Updated and then Start Update and then follow the prompts.
22. If you want to replace /var/www/html/data with a symlink to somewhere with more space then do so now.

Install plugins

1. Install the following plugins:
   1. Customization->App Order
   2. Customization->Custom Menu
   3. Dashboard–>OpenProject Integration (is only a dashboard applet)
   4. Integration–>Maps (low quality)
   5. Integration–>Rainloop (seems to be mail account + client, not just mail client)
   6. Multimedia–>GpxEdit (low quality)
   7. Office & Text–>Calendar (won’t allow Monday as first day or week)
   8. Office & Text–>Carnet
   9. Office & Text–>Deck
   10. Office & Text–>Mail (won’t work with some accounts being non-TLS accounts)
   11. Office & Text–>Tasks
   12. Organization–>Bookmarks
   13. Organization–>Cookbook
   14. Tools–>News
2. Disable the following standard plugins:
   1. Activity (pointless)
   2. Circles (can’t invite non-Nextcloud users; invitation mail not sent)
   3. Collabora Online (just too complicated to set up)
   4. Dashboard (just not useful for me)
   5. Recommendations (pointless)
   6. Tasks (clunky interface)
   7. Usage Survey (privacy)

Security

1. Go to Settings–>Overview and wait for the Setup and Security Warnings section to be updated.
2. To fix the warning ‘The Strict-Transport-Security HTTP header is not set to at least 5552000 seconds’:
   1. Edit /etc/apache2/sites-available/$FQHN-ssl.conf and add:

      <IfModule mod_headers.c>
          Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
      </IfModule>

       

   2. Run:

      a2enmod headers
      systemctl restart apache2

3. To fix the warning ‘Your installation has no default phone region set’:
   1. Edit/var/www/html/config/config.php and add:

      'default_phone_region' => '49',
      

4. To Fix the warning ‘No memory cache has been configured’:
   1. Install redis-server.
   2. Edit /etc/redis/redis.conf and change:

      port 0
      unixsocket /run/redis/redis-server.sock
      unixsocketperm 770

      (port 0 disables redis listening on TCP; unixsocketperm 770 allows those users in group redis to communicate with the redis server over the Unix socket.)

   3. Edit/var/www/html/config/config.php and add:

      'memcache.local' => '\OC\Memcache\Redis',
      'memcache.locking' => '\OC\Memcache\Redis',
      'filelocking.enabled' => 'true',
      'redis' => array (
          'host' => '/run/redis/redis-server.sock',
          'port' => 0,
          'timeout' => 0.0,
      ),

   4. Reboot.
5. To Fix the warning ‘The database is missing some indexes’:
   1. Run:

      su - www-data -s /bin/bash
      cd html
      php occ db:add-missing-indices
      exit

6. To fix the warning ‘This instance is missing some recommended PHP modules’:
   1. Run:

      apt -y install php$PHP_VER-bcmath php$PHP_VER-gmp
      systemctl restart apache2

7. Disable Flows (I don’t need them) by:
   1. Run:

      su - www-data -s /bin/bash
      cd html
      php occ  config:app:set workflowengine user_scope_disabled --value yes

      (See here for more details.)

8. Go to Settings–>Personal Info (this is as user ‘admin’) and set the email address (this is required for the next step to work)
9. Go to Settings–>Basic Settings–>Email server and configure the mail server and send a test mail.
10. Several apps prefer that Nextcloud uses the real cron rather than the built-in AJAX cron:
    1. Go to Settings–>Basic Settings–>Background Jobs and select ‘Cron’.
    2. Run:

       apt -y install cron

    3. Run:

       su - www-data -s /bin/bash -c "echo '*/5 * * * * php -f /var/www/html/cron.php' | crontab -"

    4. On the mail server host add an entry for www-data to /etc/aliases ans run:

       newaliases

11. Although I did not do it, I note it here for next time: The trash expiry needs to be set to something otherwise files hang around forever. See here for instructions on configuring.
12. Configure the logging of client IPs.
13. Go to https://scan.nextcloud.com/ and enter the server URL.

See also

• Computing