353 lines
6.0 KiB
Markdown
353 lines
6.0 KiB
Markdown
# Baremetal install of Nextcloud on Debian
|
|
|
|
### Install packages
|
|
|
|
```bash
|
|
apt install -y \
|
|
apache2 \
|
|
bzip2 \
|
|
exif \
|
|
imagemagick \
|
|
mariadb-server \
|
|
redis-server \
|
|
libapache2-mod-php \
|
|
php-apcu \
|
|
php-bcmath \
|
|
php-bz2 \
|
|
php-ctype \
|
|
php-curl \
|
|
php-dom \
|
|
php-gd \
|
|
php-gmp \
|
|
php-imagick \
|
|
php-intl \
|
|
php-mbstring \
|
|
php-mysql \
|
|
php-posix \
|
|
php-redis \
|
|
php-xml \
|
|
php-zip
|
|
```
|
|
|
|
### Configure Mariadb
|
|
|
|
Create Nextcloud cnf
|
|
```bash
|
|
nano /etc/mysql/conf.d/nextcloud.cnf
|
|
```
|
|
|
|
Insert
|
|
```bash
|
|
[mysqld]
|
|
transaction_isolation = READ-COMMITTED
|
|
binlog_format = ROW
|
|
```
|
|
|
|
Restart mariadb service
|
|
```bash
|
|
systemctl restart mariadb
|
|
```
|
|
|
|
Check above settings
|
|
```bash
|
|
mariadb
|
|
```
|
|
|
|
Input the following
|
|
```bash
|
|
SELECT @@global.tx_isolation;
|
|
SELECT @@global.binlog_format;
|
|
```
|
|
|
|
Create database
|
|
```bash
|
|
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'phaiNooc9oibu2shoopo2shah8kohH';
|
|
CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
|
|
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
|
|
FLUSH PRIVILEGES;
|
|
exit;
|
|
```
|
|
|
|
Secure mariadb installation
|
|
```bash
|
|
mysql_secure_installation
|
|
```
|
|
|
|
### Nextcloud installation
|
|
|
|
Download Nextcloud
|
|
```bash
|
|
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
|
|
wget https://download.nextcloud.com/server/releases/latest.tar.bz2.asc
|
|
wget https://download.nextcloud.com/server/releases/latest.tar.bz2.md5
|
|
wget https://nextcloud.com/nextcloud.asc
|
|
gpg --import nextcloud.asc
|
|
```
|
|
|
|
Verify downloads
|
|
```bash
|
|
md5sum -c latest.tar.bz2.md5 < latest.tar.bz2
|
|
gpg --verify latest.tar.bz2.asc latest.tar.bz2
|
|
```
|
|
|
|
Move files to documents root
|
|
```bash
|
|
tar -xjvf latest.tar.bz2
|
|
cp -prv nextcloud /var/www
|
|
chown -R www-data:www-data /var/www/nextcloud
|
|
```
|
|
|
|
Change php settings
|
|
```bash
|
|
nano /etc/php/8.2/apache2/php.ini
|
|
```
|
|
|
|
Search and replace the following
|
|
```
|
|
memory_limit = 1G
|
|
upload_max_filesize = 10G
|
|
post_max_size = 0
|
|
max_execution_time = 3600
|
|
date.timezone = America/Chicago
|
|
opcache.interned_strings_buffer=16
|
|
```
|
|
|
|
Restart apache2
|
|
```bash
|
|
systemctl restart apache2
|
|
```
|
|
|
|
Create php file to verify settings
|
|
```
|
|
nano /var/www/html/phpinfo.php
|
|
```
|
|
|
|
Add the following
|
|
```bash
|
|
<?php phpinfo(); ?>
|
|
```
|
|
|
|
Go to `http://192.168.1.43/phpinfo.php` and verify
|
|
|
|
Disable the page and delete html directory
|
|
```bash
|
|
a2dissite 000-default.conf
|
|
systemctl restart apache2
|
|
rm -r /var/www/html
|
|
```
|
|
|
|
### Apache2
|
|
|
|
Create data folder
|
|
```bash
|
|
mkdir /var/www/nextcloud/data
|
|
chown -R www-data:www-data /var/www/nextcloud/data
|
|
```
|
|
|
|
Configure apache2
|
|
```bash
|
|
nano /etc/apache2/sites-available/nextcloud.conf
|
|
```
|
|
|
|
Insert the following
|
|
```bash
|
|
<VirtualHost *:80>
|
|
DocumentRoot /var/www/nextcloud/
|
|
ServerName nextcloud.akanealw.com
|
|
|
|
<Directory /var/www/nextcloud/>
|
|
Require all granted
|
|
AllowOverride All
|
|
Options FollowSymLinks MultiViews
|
|
|
|
<IfModule mod_dav.c>
|
|
Dav off
|
|
</IfModule>
|
|
|
|
</Directory>
|
|
</VirtualHost>
|
|
```
|
|
|
|
Enable sites and mods
|
|
```bash
|
|
a2ensite nextcloud.conf
|
|
a2enmod rewrite
|
|
a2enmod headers
|
|
a2enmod env
|
|
a2enmod dir
|
|
a2enmod mime
|
|
```
|
|
|
|
Restart apache2
|
|
```bash
|
|
systemctl restart apache2
|
|
```
|
|
|
|
### Install Nextcloud
|
|
```bash
|
|
cd /var/www/nextcloud/
|
|
sudo -u www-data php occ maintenance:install \
|
|
--database='mysql' --database-name='nextcloud' \
|
|
--database-user='nextcloud' --database-pass='phaiNooc9oibu2shoopo2shah8kohH' \
|
|
--admin-user='admin' --admin-pass='iengil2nienoh9ieNg4ureo4vee2sh' \
|
|
--data-dir='/var/www/nextcloud/data'
|
|
```
|
|
|
|
Edit php file
|
|
```bash
|
|
nano /var/www/nextcloud/config/config.php
|
|
```
|
|
|
|
Insert the following
|
|
```bash
|
|
'trusted_domains' =>
|
|
array (
|
|
0 => 'nextcloud.akanealw.com',
|
|
1 => '192.168.1.43',
|
|
),
|
|
'trusted_proxies' =>
|
|
array (
|
|
0 => '192.168.1.4',
|
|
),
|
|
'default_language' => 'en',
|
|
'default_locale' => 'en_US',
|
|
'default_phone_region' => 'US',
|
|
'overwrite.cli.url' => 'https://nextcloud.akanealw.com',
|
|
'overwriteprotocol' => 'https',
|
|
'overwritewebroot' => '/',
|
|
'overwritecondaddr' => '192.168.1.4',
|
|
'htaccess.RewriteBase' => '/',
|
|
```
|
|
Update config
|
|
```bash
|
|
cd /var/www/nextcloud/
|
|
sudo -u www-data php occ maintenance:update:htaccess
|
|
```
|
|
|
|
### Scheduling tasks
|
|
|
|
Setup crontab
|
|
```bash
|
|
sudo crontab -u www-data -e
|
|
```
|
|
|
|
Insert the following
|
|
```bash
|
|
*/5 * * * * php -f /var/www/nextcloud/cron.php
|
|
```
|
|
|
|
Update settings
|
|
```bash
|
|
cd /var/www/nextcloud/
|
|
sudo -u www-data php /var/www/nextcloud/occ background:cron
|
|
```
|
|
|
|
### Caching
|
|
|
|
Check of Opcache is working
|
|
```bash
|
|
php -r 'phpinfo();' | grep opcache.enable
|
|
```
|
|
|
|
### Redis
|
|
|
|
Add redis to the www-data group
|
|
```bash
|
|
usermod -a -G redis www-data
|
|
```
|
|
|
|
Configure redis server
|
|
```bash
|
|
nano /etc/redis/redis.conf
|
|
```
|
|
Uncomment the following
|
|
```bash
|
|
unixsocket /var/run/redis/redis.sock
|
|
unixsocketperm to 770
|
|
```
|
|
|
|
Restart redis
|
|
```bash
|
|
systemctl restart redis-server
|
|
```
|
|
|
|
Check output of redis
|
|
```bash
|
|
ls -lh /var/run/redis
|
|
```
|
|
|
|
Update nextcloud php file for redis
|
|
```bash
|
|
nano /var/www/nextcloud/config/config.php
|
|
```
|
|
|
|
Add
|
|
```bash
|
|
'memcache.local' => '\OC\Memcache\APCu',
|
|
'memcache.locking' => '\OC\Memcache\Redis',
|
|
'redis' =>
|
|
array (
|
|
'host' => 'localhost',
|
|
'port' => 6379,
|
|
'timeout' => 1,
|
|
'password' => '',
|
|
),
|
|
```
|
|
|
|
### APCu
|
|
|
|
Change apcu settings
|
|
```bash
|
|
nano /etc/php/8.2/apache2/conf.d/20-apcu.ini
|
|
```
|
|
|
|
Change to
|
|
```bash
|
|
extension=apcu.so
|
|
apc.enabled=1
|
|
apc.enable_cli=1
|
|
```
|
|
|
|
Enable apcu
|
|
```bash
|
|
cd /var/www/nextcloud/
|
|
sudo -u www-data php --define apc.enable_cli=1 /var/www/nextcloud/occ maintenance:repair
|
|
```
|
|
|
|
Add hsts settings
|
|
```bash
|
|
nano /etc/apache2/sites-available/nextcloud.conf
|
|
```
|
|
|
|
Add the following
|
|
```bash
|
|
<IfModule mod_headers.c>
|
|
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
|
</IfModule>
|
|
```
|
|
|
|
Restart apache2
|
|
```bash
|
|
systemctl restart apache2
|
|
```
|
|
|
|
Set maintenence window
|
|
```bash
|
|
cd /var/www/nextcloud
|
|
sudo -u www-data php /var/www/nextcloud/occ config:system:set maintenance_window_start --type=integer --value=1
|
|
```
|
|
|
|
Log in as admin and set email address for admin user and email settings in Basic Settings
|
|
```bash
|
|
notify.akanealw@gmail.com
|
|
smtp.gmail.com 587
|
|
notify.akanealw@gmail.com
|
|
leawkqqpthbwacrf
|
|
```
|
|
|
|
#### Troubleshooting brute force lockout
|
|
```bash
|
|
mariadb
|
|
DELETE FROM nextcloud.oc_bruteforce_attempts;
|
|
exit;
|
|
``` |