reordered and renamed for wikidocs

2024-08-10 00:18:30 -05:00
parent 8b47549ff7
commit 1466447ccc
19 changed files with 0 additions and 0 deletions
--- a/documents/nextcloud/nextcloud_bare_metal_install_on_debian/content.md
+++ b/documents/nextcloud/nextcloud_bare_metal_install_on_debian/content.md
@@ -0,0 +1,353 @@
+# Baremetal install of Nextcloud on Debian
+
+### Install packages
+
+```bash
+apt install -y \
+  apache2 \
+  bzip2 \
+  exif \
+  imagemagick \
+  mariadb-server \
+  redis-server \
+  libapache2-mod-php \
+  php-apcu \
+  php-bcmath \
+  php-bz2 \
+  php-ctype \
+  php-curl \
+  php-dom \
+  php-gd \
+  php-gmp \
+  php-imagick \
+  php-intl \
+  php-mbstring \
+  php-mysql \
+  php-posix \
+  php-redis \
+  php-xml \
+  php-zip
+```
+
+### Configure Mariadb
+
+Create Nextcloud cnf
+```bash
+nano /etc/mysql/conf.d/nextcloud.cnf
+```
+
+Insert
+```bash
+[mysqld]
+transaction_isolation = READ-COMMITTED
+binlog_format = ROW
+```
+
+Restart mariadb service
+```bash
+systemctl restart mariadb
+```
+
+Check above settings
+```bash
+mariadb
+```
+
+Input the following
+```bash
+SELECT @@global.tx_isolation;
+SELECT @@global.binlog_format;
+```
+
+Create database
+```bash
+CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'phaiNooc9oibu2shoopo2shah8kohH';
+CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
+GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
+FLUSH PRIVILEGES;
+exit;
+```
+
+Secure mariadb installation
+```bash
+mysql_secure_installation
+```
+
+### Nextcloud installation
+
+Download Nextcloud
+```bash
+wget https://download.nextcloud.com/server/releases/latest.tar.bz2
+wget https://download.nextcloud.com/server/releases/latest.tar.bz2.asc
+wget https://download.nextcloud.com/server/releases/latest.tar.bz2.md5
+wget https://nextcloud.com/nextcloud.asc
+gpg --import nextcloud.asc
+```
+
+Verify downloads
+```bash
+md5sum -c latest.tar.bz2.md5 < latest.tar.bz2
+gpg --verify latest.tar.bz2.asc latest.tar.bz2
+```
+
+Move files to documents root
+```bash
+tar -xjvf latest.tar.bz2
+cp -prv nextcloud /var/www
+chown -R www-data:www-data /var/www/nextcloud
+```
+
+Change php settings
+```bash
+nano /etc/php/8.2/apache2/php.ini
+```
+
+Search and replace the following
+```
+memory_limit = 1G
+upload_max_filesize = 10G
+post_max_size = 0
+max_execution_time = 3600
+date.timezone = America/Chicago
+opcache.interned_strings_buffer=16
+```
+
+Restart apache2
+```bash
+systemctl restart apache2
+```
+
+Create php file to verify settings
+```
+nano /var/www/html/phpinfo.php
+```
+
+Add the following
+```bash
+<?php phpinfo(); ?>
+```
+
+Go to `http://192.168.1.43/phpinfo.php` and verify
+
+Disable the page and delete html directory
+```bash
+a2dissite 000-default.conf
+systemctl restart apache2
+rm -r /var/www/html
+```
+
+### Apache2
+
+Create data folder
+```bash
+mkdir /var/www/nextcloud/data
+chown -R www-data:www-data /var/www/nextcloud/data
+```
+
+Configure apache2
+```bash
+nano /etc/apache2/sites-available/nextcloud.conf
+```
+
+Insert the following
+```bash
+<VirtualHost *:80>
+  DocumentRoot /var/www/nextcloud/
+  ServerName  nextcloud.akanealw.com
+
+  <Directory /var/www/nextcloud/>
+    Require all granted
+    AllowOverride All
+    Options FollowSymLinks MultiViews
+
+    <IfModule mod_dav.c>
+      Dav off
+    </IfModule>
+
+  </Directory>
+</VirtualHost>
+```
+
+Enable sites and mods
+```bash
+a2ensite nextcloud.conf
+a2enmod rewrite
+a2enmod headers
+a2enmod env
+a2enmod dir
+a2enmod mime
+```
+
+Restart apache2
+```bash
+systemctl restart apache2
+```
+
+### Install Nextcloud
+```bash
+cd /var/www/nextcloud/
+sudo -u www-data php occ  maintenance:install \
+--database='mysql' --database-name='nextcloud' \
+--database-user='nextcloud' --database-pass='phaiNooc9oibu2shoopo2shah8kohH' \
+--admin-user='admin' --admin-pass='iengil2nienoh9ieNg4ureo4vee2sh' \
+--data-dir='/var/www/nextcloud/data'
+```
+
+Edit php file
+```bash
+nano /var/www/nextcloud/config/config.php
+```
+
+Insert the following
+```bash
+'trusted_domains' =>
+array (
+ 0 => 'nextcloud.akanealw.com',
+ 1 => '192.168.1.43',
+ ),
+'trusted_proxies' =>
+array (
+ 0 => '192.168.1.4',
+ ),
+'default_language' => 'en',
+'default_locale' => 'en_US',
+'default_phone_region' => 'US',
+'overwrite.cli.url' => 'https://nextcloud.akanealw.com',
+'overwriteprotocol' => 'https',
+'overwritewebroot' => '/',
+'overwritecondaddr' => '192.168.1.4',
+'htaccess.RewriteBase' => '/',
+```
+Update config
+```bash
+cd /var/www/nextcloud/
+sudo -u www-data php occ maintenance:update:htaccess
+```
+
+### Scheduling tasks
+
+Setup crontab
+```bash
+sudo crontab -u www-data -e
+```
+
+Insert the following
+```bash
+*/5  *  *  *  * php -f /var/www/nextcloud/cron.php
+```
+
+Update settings
+```bash
+cd /var/www/nextcloud/
+sudo -u www-data php /var/www/nextcloud/occ background:cron
+```
+
+### Caching
+
+Check of Opcache is working
+```bash
+php -r 'phpinfo();' | grep opcache.enable
+```
+
+### Redis
+
+Add redis to the www-data group
+```bash
+usermod -a -G redis www-data
+```
+
+Configure redis server
+```bash
+nano /etc/redis/redis.conf
+```
+Uncomment the following
+```bash
+unixsocket /var/run/redis/redis.sock
+unixsocketperm to 770
+```
+
+Restart redis
+```bash
+systemctl restart redis-server
+```
+
+Check output of redis
+```bash
+ls -lh /var/run/redis
+```
+
+Update nextcloud php file for redis
+```bash
+nano /var/www/nextcloud/config/config.php
+```
+
+Add
+```bash
+ 'memcache.local' => '\OC\Memcache\APCu',
+ 'memcache.locking' => '\OC\Memcache\Redis',
+ 'redis' => 
+  array (
+   'host' => 'localhost',
+   'port' => 6379,
+   'timeout' => 1,
+   'password' => '',  
+ ),
+```
+
+### APCu
+
+Change apcu settings
+```bash
+nano /etc/php/8.2/apache2/conf.d/20-apcu.ini
+```
+
+Change to
+```bash
+extension=apcu.so
+apc.enabled=1
+apc.enable_cli=1
+```
+
+Enable apcu
+```bash
+cd /var/www/nextcloud/
+sudo -u www-data php --define apc.enable_cli=1  /var/www/nextcloud/occ  maintenance:repair
+```
+
+Add hsts settings
+```bash
+nano /etc/apache2/sites-available/nextcloud.conf
+```
+
+Add the following
+```bash
+    <IfModule mod_headers.c>
+      Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
+    </IfModule>
+```
+
+Restart apache2
+```bash
+systemctl restart apache2
+```
+
+Set maintenence window
+```bash
+cd /var/www/nextcloud
+sudo -u www-data php /var/www/nextcloud/occ config:system:set maintenance_window_start --type=integer --value=1
+```
+
+Log in as admin and set email address for admin user and email settings in Basic Settings
+```bash
+notify.akanealw@gmail.com
+smtp.gmail.com 587
+notify.akanealw@gmail.com
+leawkqqpthbwacrf
+```
+
+#### Troubleshooting brute force lockout
+```bash
+mariadb
+DELETE FROM nextcloud.oc_bruteforce_attempts;
+exit;
+```