notes/documents/nextcloud/nextcloud_bare_metal_install_on_debian/content.md

nextcloud_bare_metal_install_on_debian

Baremetal install of Nextcloud on Debian

Install packages

apt install -y \
  apache2 \
  bzip2 \
  exif \
  imagemagick \
  mariadb-server \
  redis-server \
  libapache2-mod-php \
  php-apcu \
  php-bcmath \
  php-bz2 \
  php-ctype \
  php-curl \
  php-dom \
  php-gd \
  php-gmp \
  php-imagick \
  php-intl \
  php-mbstring \
  php-mysql \
  php-posix \
  php-redis \
  php-xml \
  php-zip

Configure Mariadb

Create Nextcloud cnf

nano /etc/mysql/conf.d/nextcloud.cnf

Insert

[mysqld]
transaction_isolation = READ-COMMITTED
binlog_format = ROW

Restart mariadb service

systemctl restart mariadb

Check above settings

mariadb

Input the following

SELECT @@global.tx_isolation;
SELECT @@global.binlog_format;

Create database

CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'phaiNooc9oibu2shoopo2shah8kohH';
CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
FLUSH PRIVILEGES;
exit;

Secure mariadb installation

mysql_secure_installation

Nextcloud installation

Download Nextcloud

wget https://download.nextcloud.com/server/releases/latest.tar.bz2
wget https://download.nextcloud.com/server/releases/latest.tar.bz2.asc
wget https://download.nextcloud.com/server/releases/latest.tar.bz2.md5
wget https://nextcloud.com/nextcloud.asc
gpg --import nextcloud.asc

Verify downloads

md5sum -c latest.tar.bz2.md5 < latest.tar.bz2
gpg --verify latest.tar.bz2.asc latest.tar.bz2

Move files to documents root

tar -xjvf latest.tar.bz2
cp -prv nextcloud /var/www
chown -R www-data:www-data /var/www/nextcloud

Change php settings

nano /etc/php/8.2/apache2/php.ini

Search and replace the following

memory_limit = 1G
upload_max_filesize = 10G
post_max_size = 0
max_execution_time = 3600
date.timezone = America/Chicago
opcache.interned_strings_buffer=16

Restart apache2

systemctl restart apache2

Create php file to verify settings

nano /var/www/html/phpinfo.php

Add the following

<?php phpinfo(); ?>

Go to http://192.168.1.43/phpinfo.php and verify

Disable the page and delete html directory

a2dissite 000-default.conf
systemctl restart apache2
rm -r /var/www/html

Apache2

Create data folder

mkdir /var/www/nextcloud/data
chown -R www-data:www-data /var/www/nextcloud/data

Configure apache2

nano /etc/apache2/sites-available/nextcloud.conf

Insert the following

<VirtualHost *:80>
  DocumentRoot /var/www/nextcloud/
  ServerName  nextcloud.akanealw.com

  <Directory /var/www/nextcloud/>
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews

    <IfModule mod_dav.c>
      Dav off
    </IfModule>

  </Directory>
</VirtualHost>

Enable sites and mods

a2ensite nextcloud.conf
a2enmod rewrite
a2enmod headers
a2enmod env
a2enmod dir
a2enmod mime

Restart apache2

systemctl restart apache2

Install Nextcloud

cd /var/www/nextcloud/
sudo -u www-data php occ  maintenance:install \
--database='mysql' --database-name='nextcloud' \
--database-user='nextcloud' --database-pass='phaiNooc9oibu2shoopo2shah8kohH' \
--admin-user='admin' --admin-pass='iengil2nienoh9ieNg4ureo4vee2sh' \
--data-dir='/var/www/nextcloud/data'

Edit php file

nano /var/www/nextcloud/config/config.php

Insert the following

'trusted_domains' =>
array (
 0 => 'nextcloud.akanealw.com',
 1 => '192.168.1.43',
 ),
'trusted_proxies' =>
array (
 0 => '192.168.1.4',
 ),
'default_language' => 'en',
'default_locale' => 'en_US',
'default_phone_region' => 'US',
'overwrite.cli.url' => 'https://nextcloud.akanealw.com',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/',
'overwritecondaddr' => '192.168.1.4',
'htaccess.RewriteBase' => '/',

Update config

cd /var/www/nextcloud/
sudo -u www-data php occ maintenance:update:htaccess

Scheduling tasks

Setup crontab

sudo crontab -u www-data -e

Insert the following

*/5  *  *  *  * php -f /var/www/nextcloud/cron.php

Update settings

cd /var/www/nextcloud/
sudo -u www-data php /var/www/nextcloud/occ background:cron

Caching

Check of Opcache is working

php -r 'phpinfo();' | grep opcache.enable

Redis

Add redis to the www-data group

usermod -a -G redis www-data

Configure redis server

nano /etc/redis/redis.conf

Uncomment the following

unixsocket /var/run/redis/redis.sock
unixsocketperm to 770

Restart redis

systemctl restart redis-server

Check output of redis

ls -lh /var/run/redis

Update nextcloud php file for redis

nano /var/www/nextcloud/config/config.php

Add

 'memcache.local' => '\OC\Memcache\APCu',
 'memcache.locking' => '\OC\Memcache\Redis',
 'redis' => 
  array (
   'host' => 'localhost',
   'port' => 6379,
   'timeout' => 1,
   'password' => '',  
 ),

APCu

Change apcu settings

nano /etc/php/8.2/apache2/conf.d/20-apcu.ini

Change to

extension=apcu.so
apc.enabled=1
apc.enable_cli=1

Enable apcu

cd /var/www/nextcloud/
sudo -u www-data php --define apc.enable_cli=1  /var/www/nextcloud/occ  maintenance:repair

Add hsts settings

nano /etc/apache2/sites-available/nextcloud.conf

Add the following

    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
    </IfModule>

Restart apache2

systemctl restart apache2

Set maintenence window

cd /var/www/nextcloud
sudo -u www-data php /var/www/nextcloud/occ config:system:set maintenance_window_start --type=integer --value=1

Log in as admin and set email address for admin user and email settings in Basic Settings

notify.akanealw@gmail.com
smtp.gmail.com 587
notify.akanealw@gmail.com
leawkqqpthbwacrf

Troubleshooting brute force lockout

mariadb
DELETE FROM nextcloud.oc_bruteforce_attempts;
exit;