397 lines
14 KiB
Markdown
397 lines
14 KiB
Markdown
<!-- START doctoc.sh generated TOC please keep comment here to allow auto update -->
|
|
<!-- DO NOT EDIT THIS SECTION, INSTEAD RE-RUN doctoc.sh TO UPDATE -->
|
|
**Table of Contents**
|
|
|
|
- [installation guides](#installation-guides)
|
|
- [install nextcloud in debian9, apache, mysql](#install-nextcloud-in-debian9-apache-mysql)
|
|
- [install nextcloud in debian10, nginx and postgresql](#install-nextcloud-in-debian10-nginx-and-postgresql)
|
|
- [migrate from mysql or sqlite to postgresql](#migrate-from-mysql-or-sqlite-to-postgresql)
|
|
- [calendar and reminders](#calendar-and-reminders)
|
|
- [collabora online](#collabora-online)
|
|
- [issue related to docker and xfs malfunction](#issue-related-to-docker-and-xfs-malfunction)
|
|
- [install cache system for nextcloud](#install-cache-system-for-nextcloud)
|
|
- [run occ operations](#run-occ-operations)
|
|
- [extra references](#extra-references)
|
|
|
|
<!-- END doctoc.sh generated TOC please keep comment here to allow auto update -->
|
|
|
|
# installation guides
|
|
|
|
## install nextcloud in debian9, apache, mysql
|
|
|
|
install apache
|
|
|
|
apt-get install apache2 libapache2-mod-php7.0
|
|
|
|
install mysql
|
|
|
|
apt-get install mariadb-server php7.0-mysql
|
|
|
|
install php
|
|
|
|
apt-get install php7.0-gd php7.0-json php7.0-curl php7.0-mbstring
|
|
|
|
install php extensions
|
|
|
|
apt-get install php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip
|
|
|
|
install apache modules
|
|
|
|
a2enmod php7.0 rewrite headers env dir mime
|
|
|
|
download latest nextcloud compatible with php7.0 (debian9)
|
|
|
|
cd /var/www/html
|
|
wget -c https://download.nextcloud.com/server/releases/nextcloud-15.0.14.zip
|
|
unzip -qq nextcloud-*.zip
|
|
chown -R www-data: nextcloud
|
|
|
|
do apache configuration for nextcloud
|
|
|
|
vi /etc/apache2/sites-available/nextcloud.conf
|
|
|
|
option /nextcloud - use this configuration if you want to access nextcloud through example.com/nextcloud - put in file `/etc/apache2/conf-available/nextcloud.conf`:
|
|
|
|
```
|
|
Alias /nextcloud "/var/www/html/nextcloud/"
|
|
|
|
<Directory /var/www/html/nextcloud/>
|
|
Options +FollowSymlinks
|
|
AllowOverride All
|
|
|
|
<IfModule mod_dav.c>
|
|
Dav off
|
|
</IfModule>
|
|
|
|
SetEnv HOME /var/www/html/nextcloud
|
|
SetEnv HTTP_HOME /var/www/html/nextcloud
|
|
|
|
</Directory>
|
|
```
|
|
|
|
enable config
|
|
|
|
a2enconf nextcloud.conf
|
|
|
|
option nextcloud.example.com - in case you use a subdomain like nextcloud.example.com - put in file `/etc/apache2/sites-available/nextcloud.example.com.conf`:
|
|
|
|
```
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost _default_:443>
|
|
DocumentRoot /var/www/html/nextcloud
|
|
ServerName nextcloud.example.com
|
|
|
|
<Directory /var/www/html/nextcloud/>
|
|
Options +FollowSymlinks
|
|
AllowOverride All
|
|
|
|
<IfModule mod_dav.c>
|
|
Dav off
|
|
</IfModule>
|
|
|
|
SetEnv HOME /var/www/html/nextcloud
|
|
SetEnv HTTP_HOME /var/www/html/nextcloud
|
|
Satisfy Any
|
|
|
|
</Directory>
|
|
|
|
<Directory "/var/www/html/nextcloud/data/">
|
|
# just in case if .htaccess gets disabled
|
|
Require all denied
|
|
</Directory>
|
|
|
|
<IfModule mod_headers.c>
|
|
Header always set Strict-Transport-Security "max-age=15768000; preload"
|
|
</IfModule>
|
|
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
|
|
|
|
# add rewrites suggested by https://docs.nextcloud.com/server/stable/admin_manual/issues/general_troubleshooting.html#service-discovery
|
|
<IfModule mod_rewrite.c>
|
|
RewriteEngine on
|
|
RewriteRule ^/\.well-known/host-meta https://nextcloud.example.com/public.php?service=host-meta [QSA,L]
|
|
RewriteRule ^/\.well-known/host-meta\.json https://nextcloud.example.com/public.php?service=host-meta-json [QSA,L]
|
|
RewriteRule ^/\.well-known/webfinger https://nextcloud.example.com/public.php?service=webfinger [QSA,L]
|
|
RewriteRule ^/\.well-known/carddav https://nextcloud.example.com/remote.php/dav/ [R=301,L]
|
|
RewriteRule ^/\.well-known/caldav https://nextcloud.example.com/remote.php/dav/ [R=301,L]
|
|
</IfModule>
|
|
</VirtualHost>
|
|
</IfModule>
|
|
```
|
|
|
|
enable site for apache
|
|
|
|
a2ensite nextcloud.example.com.conf
|
|
|
|
add in `/etc/php/7.0/apache2/php.ini`:
|
|
|
|
[opcache]
|
|
opcache.enable=1
|
|
opcache.enable_cli=1
|
|
opcache.interned_strings_buffer=8
|
|
opcache.max_accelerated_files=10000
|
|
opcache.memory_consumption=128
|
|
opcache.save_comments=1
|
|
opcache.revalidate_freq=1
|
|
|
|
replace `memory_limit` in `/etc/php/7.0/apache2/php.ini` to be:
|
|
|
|
memory_limit = 512M
|
|
|
|
go to `/etc/php/7.2/fpm/pool.d` and uncomment `env[PATH] = /usr/local/bin:/usr/bin:/bin` (thanks https://wiki.turris.cz/doc/en/public/nextcloud_security_setup)
|
|
|
|
[optional] in case you want to have data in different disk/storage:
|
|
|
|
mkdir -p /media/data/nextcloud
|
|
chown -R www-data: /media/data/nextcloud
|
|
cd /var/www/html/nextcloud
|
|
mv data /media/data/nextcloud
|
|
ln -s /media/data/nextcloud/data data
|
|
|
|
create user, database and choose privileges for nextcloud's case: run `mysql_setpermission` and select option 6
|
|
|
|
run in browser nextcloud and follow steps to install it
|
|
|
|
enter nextcloud, go to apps and install: calendar, polls, collabora online
|
|
|
|
## install nextcloud in debian10, nginx and postgresql
|
|
|
|
install following dependencies:
|
|
|
|
apt install php7.3-fpm php7.3-pgsql postgresql-11 php7.3-gd php7.3-json php7.3-curl php7.3-mbstring php7.3-intl php-imagick php7.3-xml php7.3-zip
|
|
|
|
prepare postgresql
|
|
|
|
su - postgres -c psql
|
|
CREATE USER nextcloud with encrypted password 'nextcloud';
|
|
CREATE DATABASE nextcloud encoding 'UTF8' owner nextcloud;
|
|
exit
|
|
|
|
prepare location
|
|
|
|
cd /var/www/html
|
|
wget -c https://download.nextcloud.com/server/releases/nextcloud-18.0.1.zip
|
|
unzip -qq nextcloud-*.zip
|
|
chown -R www-data: nextcloud
|
|
|
|
follow [this guide]( https://docs.nextcloud.com/server/table/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx), in my case I did the following change on top
|
|
|
|
```
|
|
# thanks https://docs.nextcloud.com/server/stable/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx
|
|
upstream php-handler {
|
|
#server 127.0.0.1:9000;
|
|
#server unix:/var/run/php/php7.2-fpm.sock;
|
|
#
|
|
# did
|
|
# php-fpm7.3
|
|
# said
|
|
# [17-Feb-2020 13:18:14] ERROR: Another FPM instance seems to already listen on /run/php/php7.3-fpm.sock
|
|
server unix:/run/php/php7.3-fpm.sock;
|
|
}
|
|
```
|
|
|
|
https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#php-fpm-tips-label
|
|
|
|
- A warning says that php is not properly configured. In `/etc/php/7.3/fpm/pool.d/www.conf` uncomment line `env[PATH] = /usr/local/bin:/usr/bin:/bin` . Extra source: https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#php-fpm-tips-label
|
|
- A warning suggests increasing the memory limit for php. In `/etc/php/7.3/fpm/php.ini` replace line `memory_limit = 128M` with `memory_limit = 512M`
|
|
- A warning suggests to index something (expensive on large deployments) `su www-data -s /bin/sh -c "php /var/www/html/nextcloud/occ db:add-missing-indices"`
|
|
- A warning suggests to convert something (expensive on large deployments) `su www-data -s /bin/sh -c "php /var/www/html/nextcloud/occ db:convert-filecache-bigint"`
|
|
- A warning suggests to adapt http headers (add this in nginx server or general nginx.conf) and reload nginx:
|
|
|
|
after all of that: `systemctl restart php7.3-fpm.service` (maybe restart nginx too)
|
|
|
|
```
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Robots-Tag none;
|
|
add_header X-Download-Options noopen;
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
```
|
|
|
|
# migrate from mysql or sqlite to postgresql
|
|
|
|
adapt the following environment to your needs and execute:
|
|
|
|
username="nextcloud"
|
|
hostname="localhost"
|
|
dbname="nextcloud"
|
|
dbpass="nextcloud"
|
|
su www-data -s /bin/sh -c "php /var/www/html/nextcloud/occ db:convert-type --all-apps --port 5432 --password $dbpass pgsql $username $hostname $dbname --no-interaction"
|
|
|
|
after executing that script the database is automatically moved in the nextcloud configuration from dbtype `mysql` to `pgsql`, etc.
|
|
|
|
extra source https://docs.nextcloud.com/server/stable/admin_manual/configuration_database/db_conversion.html
|
|
|
|
# calendar and reminders
|
|
|
|
enable calendar app
|
|
|
|
activate cronjob: settings / basic settings / background jobs: select Cron
|
|
|
|
in a terminal, do `crontab -u www-data -e` and add the following line
|
|
|
|
*/5 * * * * php -f /var/www/html/nextcloud/cron.php
|
|
|
|
src https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/background_jobs_configuration.html
|
|
|
|
# collabora online
|
|
|
|
install docker
|
|
|
|
```
|
|
apt-get install \
|
|
apt-transport-https \
|
|
ca-certificates \
|
|
curl \
|
|
gnupg2 \
|
|
software-properties-common
|
|
|
|
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
|
|
|
|
apt-key fingerprint 0EBFCD88
|
|
|
|
add-apt-repository \
|
|
"deb [arch=amd64] https://download.docker.com/linux/debian \
|
|
$(lsb_release -cs) \
|
|
stable"
|
|
|
|
apt-get update
|
|
|
|
apt-get install docker-ce docker-ce-cli containerd.io
|
|
|
|
after that you have to reboot https://github.com/docker/for-linux/issues/598
|
|
|
|
source https://docs.docker.com/install/linux/docker-ce/debian/ or
|
|
|
|
[apache reverse proxy option](https://www.collaboraoffice.com/code/apache-reverse-proxy/)
|
|
|
|
[nginx reverse proxy option](https://www.collaboraoffice.com/code/nginx-reverse-proxy/)
|
|
|
|
I had to add this entry, which helped nextcloud to detect the collaboraonline thing (?)
|
|
|
|
```
|
|
location / {
|
|
proxy_pass https://127.0.0.1:9980;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
```
|
|
|
|
because we are using spanish and english dictionaries, we have to install them according to [this source](https://github.com/husisusi/officeonlin-install.sh/issues/155#issuecomment-457002079)
|
|
|
|
apt install hunspell locales-all hunspell-en-us hunspell-es
|
|
|
|
if your reverse proxy is in localhost (or change 127.0.0.1 to the interface you can securely listen)
|
|
|
|
this also serves as an script to upgrade docker, change the target_tag and be careful with the space it fills in your system
|
|
|
|
```
|
|
# src https://hub.docker.com/r/collabora/code/tags
|
|
# tag: last time checked 2020-7-15
|
|
target_tag="4.2.5.3"
|
|
nextcloud_domain="nextcloud.example.com" # or example.com if is a subdomain
|
|
# this is not needed
|
|
#nextcloud_domain="$(echo $nextcloud_domain | sed 's/\./\\\\\./g')"
|
|
docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=$nextcloud_domain" -e 'dictionaries=en es ..' --restart always --cap-add MKNOD collabora/code:$target_tag
|
|
```
|
|
|
|
if you have firewall:
|
|
|
|
- ACCEPT traffic for docker0 bridge interface
|
|
- don't allow docker to modify firewall, put `DOCKER_OPTS="--iptables=false"` in `/etc/default/docker`
|
|
|
|
a way to validate that collabora online is working:
|
|
|
|
https://office.example.com/hosting/capabilities
|
|
|
|
extra links to check that it is working ([thanks](https://www.allerstorfer.at/nextcloud-install-collabora-online/)):
|
|
|
|
- https://office.example.com/hosting/discovery
|
|
- https://office.example.com/loleaflet/dist/admin/admin.html
|
|
|
|
extra link about how to compile and install yourself (docker contains a limitation of less than 60 persons in the same document) https://github.com/husisusi/officeonlin-install.sh
|
|
|
|
## issue related to docker and xfs malfunction
|
|
|
|
problem: xfs with d_type/ftype false is problematic with docker https://docs.docker.com/storage/storagedriver/overlayfs-driver/
|
|
|
|
workaround: create a new xfs partition
|
|
|
|
create new directory in that new partition for docker
|
|
|
|
mkdir -p /media/data/docker
|
|
|
|
find docker.service
|
|
|
|
systemctl status docker
|
|
|
|
in order changes to take effect after upgrade, you need an override method (thanks https://success.docker.com/article/using-systemd-to-control-the-docker-daemon), do `systemctl edit docker` and add the location (thanks https://www.rb-associates.co.uk/blog/move-var-lib-docker-to-another-directory/) this way:
|
|
|
|
[Service]
|
|
ExecStart=
|
|
ExecStart=/usr/bin/dockerd -g /media/data/docker -H fd:// --containerd=/run/containerd/containerd.sock
|
|
|
|
reload systemd config
|
|
|
|
systemctl daemon-reload
|
|
|
|
force the usage of overlay2 (src https://docs.docker.com/storage/storagedriver/overlayfs-driver/). Add in `/etc/docker/daemon.json`
|
|
|
|
```json
|
|
{
|
|
"storage-driver": "overlay2"
|
|
}
|
|
```
|
|
|
|
## install cache system for nextcloud
|
|
|
|
install APCu and redis as backend cache system:
|
|
|
|
apt install php-apcu redis-server php-redis
|
|
|
|
[redis is significantly faster as a unix socket](https://guides.wp-bullet.com/how-to-configure-redis-to-use-unix-socket-speed-boost/), in `/etc/redis/redis.conf` put:
|
|
|
|
unixsocket /var/run/redis/redis-server.sock
|
|
unixsocketperm 775
|
|
|
|
restart redis to apply configuration changes
|
|
|
|
service redis-server restart
|
|
|
|
add www-data to redis group and restart apache2 to have proper permissions
|
|
|
|
gpasswd -a www-data redis
|
|
service apache2 restart # or nginx
|
|
|
|
configure APCU as memcache and redis for file locking, in `/var/www/html/nextcloud/config/config.php` add:
|
|
|
|
'memcache.locking' => '\OC\Memcache\Redis',
|
|
'memcache.local' => '\OC\Memcache\Redis',
|
|
'memcache.distributed' => '\OC\Memcache\Redis',
|
|
'redis' => [
|
|
'host' => '/var/run/redis/redis-server.sock',
|
|
'port' => 0,
|
|
'dbindex' => 0,
|
|
'timeout' => 1.5,
|
|
],
|
|
|
|
https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/caching_configuration.html
|
|
|
|
using redis as memcache.local, suggested here https://help.nextcloud.com/t/solved-apcu-caching-gives-error/9403/5
|
|
|
|
## run occ operations
|
|
|
|
check new nextcloud version
|
|
|
|
su www-data -s /bin/sh -c "php /var/www/html/nextcloud/occ update:check"
|
|
|
|
noninteractive upgrade
|
|
|
|
su www-data -s /bin/sh -c "php /var/www/html/nextcloud/updater/updater.phar --no-interaction"
|
|
|
|
src https://docs.nextcloud.com/server/18/admin_manual/maintenance/update.html#batch-mode-for-command-line-based-updater
|
|
|
|
# extra references
|
|
|
|
http://blackhold.nusepas.com/2019/04/02/nextcloud-sobre-nginx-y-postgresql-paquetes-ofimaticos-collabora-o-onlyoffice-ds-sobre-docker/
|