From ee6ec0ed4c236d063b698f957a462e64250f4eb6 Mon Sep 17 00:00:00 2001 From: akanealw Date: Sat, 13 Apr 2024 17:20:56 -0500 Subject: [PATCH] vault backup: 2024-04-13 17:20:56 --- .obsidian/workspace.json | 33 +- Nextcloud-Ubuntu.md.md | 15 + Nextcloud-bare-metal-install-on-Debian.md.md | 353 +++++++++++++++++++ 3 files changed, 396 insertions(+), 5 deletions(-) create mode 100644 Nextcloud-Ubuntu.md.md create mode 100644 Nextcloud-bare-metal-install-on-Debian.md.md diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index b91e883..2539268 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -11,11 +11,28 @@ "id": "fad9f2a4d62c964b", "type": "leaf", "state": { - "type": "empty", - "state": {} + "type": "markdown", + "state": { + "file": "Nextcloud-Ubuntu.md.md", + "mode": "preview", + "source": false + } + } + }, + { + "id": "f424d6ca11a0775c", + "type": "leaf", + "state": { + "type": "markdown", + "state": { + "file": "Nextcloud-bare-metal-install-on-Debian.md.md", + "mode": "preview", + "source": false + } } } - ] + ], + "currentTab": 1 } ], "direction": "vertical" @@ -81,6 +98,7 @@ "state": { "type": "backlink", "state": { + "file": "Nextcloud-bare-metal-install-on-Debian.md.md", "collapseAll": false, "extraContext": false, "sortOrder": "alphabetical", @@ -97,6 +115,7 @@ "state": { "type": "outgoing-link", "state": { + "file": "Nextcloud-bare-metal-install-on-Debian.md.md", "linksCollapsed": false, "unlinkedCollapsed": true } @@ -118,7 +137,9 @@ "type": "leaf", "state": { "type": "outline", - "state": {} + "state": { + "file": "Nextcloud-bare-metal-install-on-Debian.md.md" + } } } ] @@ -139,8 +160,10 @@ "command-palette:Open command palette": false } }, - "active": "8b0230dde8b29191", + "active": "f424d6ca11a0775c", "lastOpenFiles": [ + "Nextcloud-Ubuntu.md.md", + "Nextcloud-bare-metal-install-on-Debian.md.md", "tessssssss.md", "testttt.md", "test", diff --git a/Nextcloud-Ubuntu.md.md b/Nextcloud-Ubuntu.md.md new file mode 100644 index 0000000..b39d596 --- /dev/null +++ b/Nextcloud-Ubuntu.md.md @@ -0,0 +1,15 @@ +```bin +CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'phaiNooc9oibu2shoopo2shah8kohH'; +CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; +GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost'; +FLUSH PRIVILEGES; +exit; +``` +```bin +cd /var/www/nextcloud/ +sudo -u www-data php occ maintenance:install \ +--database='mysql' --database-name='nextcloud' \ +--database-user='nextcloud' --database-pass='phaiNooc9oibu2shoopo2shah8kohH' \ +--admin-user='admin' --admin-pass='iengil2nienoh9ieNg4ureo4vee2sh' \ +--data-dir='/var/www/nextcloud/data' +``` \ No newline at end of file diff --git a/Nextcloud-bare-metal-install-on-Debian.md.md b/Nextcloud-bare-metal-install-on-Debian.md.md new file mode 100644 index 0000000..685fd7c --- /dev/null +++ b/Nextcloud-bare-metal-install-on-Debian.md.md @@ -0,0 +1,353 @@ +# Baremetal install of Nextcloud on Debian + +### Install packages + +```bash +apt install -y \ + apache2 \ + bzip2 \ + exif \ + imagemagick \ + mariadb-server \ + redis-server \ + libapache2-mod-php \ + php-apcu \ + php-bcmath \ + php-bz2 \ + php-ctype \ + php-curl \ + php-dom \ + php-gd \ + php-gmp \ + php-imagick \ + php-intl \ + php-mbstring \ + php-mysql \ + php-posix \ + php-redis \ + php-xml \ + php-zip +``` + +### Configure Mariadb + +Create Nextcloud cnf +```bash +nano /etc/mysql/conf.d/nextcloud.cnf +``` + +Insert +```bash +[mysqld] +transaction_isolation = READ-COMMITTED +binlog_format = ROW +``` + +Restart mariadb service +```bash +systemctl restart mariadb +``` + +Check above settings +```bash +mariadb +``` + +Input the following +```bash +SELECT @@global.tx_isolation; +SELECT @@global.binlog_format; +``` + +Create database +```bash +CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'phaiNooc9oibu2shoopo2shah8kohH'; +CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; +GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost'; +FLUSH PRIVILEGES; +exit; +``` + +Secure mariadb installation +```bash +mysql_secure_installation +``` + +### Nextcloud installation + +Download Nextcloud +```bash +wget https://download.nextcloud.com/server/releases/latest.tar.bz2 +wget https://download.nextcloud.com/server/releases/latest.tar.bz2.asc +wget https://download.nextcloud.com/server/releases/latest.tar.bz2.md5 +wget https://nextcloud.com/nextcloud.asc +gpg --import nextcloud.asc +``` + +Verify downloads +```bash +md5sum -c latest.tar.bz2.md5 < latest.tar.bz2 +gpg --verify latest.tar.bz2.asc latest.tar.bz2 +``` + +Move files to documents root +```bash +tar -xjvf latest.tar.bz2 +cp -prv nextcloud /var/www +chown -R www-data:www-data /var/www/nextcloud +``` + +Change php settings +```bash +nano /etc/php/8.2/apache2/php.ini +``` + +Search and replace the following +``` +memory_limit = 1G +upload_max_filesize = 10G +post_max_size = 0 +max_execution_time = 3600 +date.timezone = America/Chicago +opcache.interned_strings_buffer=16 +``` + +Restart apache2 +```bash +systemctl restart apache2 +``` + +Create php file to verify settings +``` +nano /var/www/html/phpinfo.php +``` + +Add the following +```bash + +``` + +Go to `http://192.168.1.43/phpinfo.php` and verify + +Disable the page and delete html directory +```bash +a2dissite 000-default.conf +systemctl restart apache2 +rm -r /var/www/html +``` + +### Apache2 + +Create data folder +```bash +mkdir /var/www/nextcloud/data +chown -R www-data:www-data /var/www/nextcloud/data +``` + +Configure apache2 +```bash +nano /etc/apache2/sites-available/nextcloud.conf +``` + +Insert the following +```bash + + DocumentRoot /var/www/nextcloud/ + ServerName nextcloud.akanealw.com + + + Require all granted + AllowOverride All + Options FollowSymLinks MultiViews + + + Dav off + + + + +``` + +Enable sites and mods +```bash +a2ensite nextcloud.conf +a2enmod rewrite +a2enmod headers +a2enmod env +a2enmod dir +a2enmod mime +``` + +Restart apache2 +```bash +systemctl restart apache2 +``` + +### Install Nextcloud +```bash +cd /var/www/nextcloud/ +sudo -u www-data php occ maintenance:install \ +--database='mysql' --database-name='nextcloud' \ +--database-user='nextcloud' --database-pass='phaiNooc9oibu2shoopo2shah8kohH' \ +--admin-user='admin' --admin-pass='iengil2nienoh9ieNg4ureo4vee2sh' \ +--data-dir='/var/www/nextcloud/data' +``` + +Edit php file +```bash +nano /var/www/nextcloud/config/config.php +``` + +Insert the following +```bash +'trusted_domains' => +array ( + 0 => 'nextcloud.akanealw.com', + 1 => '192.168.1.43', + ), +'trusted_proxies' => +array ( + 0 => '192.168.1.4', + ), +'default_language' => 'en', +'default_locale' => 'en_US', +'default_phone_region' => 'US', +'overwrite.cli.url' => 'https://nextcloud.akanealw.com', +'overwriteprotocol' => 'https', +'overwritewebroot' => '/', +'overwritecondaddr' => '192.168.1.4', +'htaccess.RewriteBase' => '/', +``` +Update config +```bash +cd /var/www/nextcloud/ +sudo -u www-data php occ maintenance:update:htaccess +``` + +### Scheduling tasks + +Setup crontab +```bash +sudo crontab -u www-data -e +``` + +Insert the following +```bash +*/5 * * * * php -f /var/www/nextcloud/cron.php +``` + +Update settings +```bash +cd /var/www/nextcloud/ +sudo -u www-data php /var/www/nextcloud/occ background:cron +``` + +### Caching + +Check of Opcache is working +```bash +php -r 'phpinfo();' | grep opcache.enable +``` + +### Redis + +Add redis to the www-data group +```bash +usermod -a -G redis www-data +``` + +Configure redis server +```bash +nano /etc/redis/redis.conf +``` +Uncomment the following +```bash +unixsocket /var/run/redis/redis.sock +unixsocketperm to 770 +``` + +Restart redis +```bash +systemctl restart redis-server +``` + +Check output of redis +```bash +ls -lh /var/run/redis +``` + +Update nextcloud php file for redis +```bash +nano /var/www/nextcloud/config/config.php +``` + +Add +```bash + 'memcache.local' => '\OC\Memcache\APCu', + 'memcache.locking' => '\OC\Memcache\Redis', + 'redis' => + array ( + 'host' => 'localhost', + 'port' => 6379, + 'timeout' => 1, + 'password' => '', + ), +``` + +### APCu + +Change apcu settings +```bash +nano /etc/php/8.2/apache2/conf.d/20-apcu.ini +``` + +Change to +```bash +extension=apcu.so +apc.enabled=1 +apc.enable_cli=1 +``` + +Enable apcu +```bash +cd /var/www/nextcloud/ +sudo -u www-data php --define apc.enable_cli=1 /var/www/nextcloud/occ maintenance:repair +``` + +Add hsts settings +```bash +nano /etc/apache2/sites-available/nextcloud.conf +``` + +Add the following +```bash + + Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" + +``` + +Restart apache2 +```bash +systemctl restart apache2 +``` + +Set maintenence window +```bash +cd /var/www/nextcloud +sudo -u www-data php /var/www/nextcloud/occ config:system:set maintenance_window_start --type=integer --value=1 +``` + +Log in as admin and set email address for admin user and email settings in Basic Settings +```bash +notify.akanealw@gmail.com +smtp.gmail.com 587 +notify.akanealw@gmail.com +leawkqqpthbwacrf +``` + +#### Troubleshooting brute force lockout +```bash +mariadb +DELETE FROM nextcloud.oc_bruteforce_attempts; +exit; +``` \ No newline at end of file