welcome: please sign in

Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment
First name of the current Debian Project Leader

Page Locked

MemberManual / WebApplications / Nextcloud / Talk

1. Neater URLs

Add this line to $NEXTDIR/config/config.php:

cd $NEXTDIR
php7.2 occ config:system:set htaccess.RewriteBase --type=string --value="/"
php7.2 occ maintenance:update:htaccess

The second command should not be necessary, but it will generate a correct .htaccess for your version, for Nextcloud 15 it will look like this:

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
  </IfModule>

  <IfModule mod_env.c>
    # Add security and privacy related headers
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Robots-Tag "none"
    Header set X-Download-Options "noopen"
    Header set X-Permitted-Cross-Domain-Policies "none"
    Header set Referrer-Policy "no-referrer"
    SetEnv modHeadersAvailable true
  </IfModule>

  # Add cache control for static resources
  <FilesMatch "\.(css|js|svg|gif)$">
    Header set Cache-Control "max-age=15778463"
  </FilesMatch>

  # Let browsers cache WOFF files for a week
  <FilesMatch "\.woff2?$">
    Header set Cache-Control "max-age=604800"
  </FilesMatch>
</IfModule>
<IfModule mod_php5.c>
  php_value upload_max_filesize 511M
  php_value post_max_size 511M
  php_value memory_limit 512M
  php_value mbstring.func_overload 0
  php_value always_populate_raw_post_data -1
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>
<IfModule mod_php7.c>
  php_value upload_max_filesize 511M
  php_value post_max_size 511M
  php_value memory_limit 512M
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT}  DavClnt
  RewriteRule ^$         /remote.php/webdav/          [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [QSA,L]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>
#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####

ErrorDocument 403 /
ErrorDocument 404 /
<IfModule mod_rewrite.c>
  Options -MultiViews
  RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]
  RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1]
  RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff2?|ico|jpg|jpeg)$
  RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$
  RewriteCond %{REQUEST_FILENAME} !core/img/manifest.json$
  RewriteCond %{REQUEST_FILENAME} !/remote.php
  RewriteCond %{REQUEST_FILENAME} !/public.php
  RewriteCond %{REQUEST_FILENAME} !/cron.php
  RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php
  RewriteCond %{REQUEST_FILENAME} !/status.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v1.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v2.php
  RewriteCond %{REQUEST_FILENAME} !/robots.txt
  RewriteCond %{REQUEST_FILENAME} !/updater/
  RewriteCond %{REQUEST_FILENAME} !/ocs-provider/
  RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule . index.php [PT,E=PATH_INFO:$1]
  RewriteBase /
  <IfModule mod_env.c>
    SetEnv front_controller_active true
    <IfModule mod_dir.c>
      DirectorySlash off
    </IfModule>
  </IfModule>
</IfModule>

If someone can get this working to remove the 'index.php' stuff from URLs, please update the configuration on the main page.

Here is my best attempt so far:

web "cloud" where
    PhpVersion = php72;
    DocumentRoot = home "www/cloud.elektrubadur.se";
    SSL = elektrubadurCertificate;
with
    expiresByType "text/css" access 1 weeks;
    expiresByType "application/javascript" access 1 weeks;
    expiresByType "image/svg" access 1 weeks;
    expiresByType "image/gif" access 1 weeks;
    expiresByType "application/font-woff2" access 1 weeks;

    setEnv "front_controller_active" "true";
    setEnv "htaccessWorking" "true";
    setEnvIfNoCase "^Authorization$" "(.+)" ["XAUTHORIZATION=$1"];

    location "/" with
        unset_options [indexes, multiViews];
        directoryIndex ["index.php", "index.html"];
        errorDocument "403" "/";
        errorDocument "404" "/";
    end;

    rewriteCond "%{HTTP_USER_AGENT}" "DavClnt" [];
    rewriteRule "^$" "/remote.php/webdav/" [redirectWith temp, last];

    rewriteRule ".*" "-" [env "HTTP_AUTHORIZATION" "%{HTTP:Authorization}"];
    rewriteRule "^\.well-known/host-meta" "/public.php?service=host-meta" [qsappend, last];
    rewriteRule "^\.well-known/host-meta\.json" "/public.php?service=host-meta-json" [qsappend, last];
    rewriteRule "^\.well-known/webfinger" "/public.php?service=webfinger" [qsappend, last];
    rewriteRule "^\.well-known/carddav" "/remote.php/dav/" [redirectWith permanent, last];
    rewriteRule "^\.well-known/caldav" "/remote.php/dav/" [redirectWith permanent, last];
    rewriteRule "^remote/(.*)" "remote.php" [qsappend, last];
    rewriteRule "^(?:build|tests|config|lib|3rdparty|templates)/.*" "-" [redirectWith notfound, last];
    rewriteCond "%{REQUEST_URI}" "!^/\.well-known/(acme-challenge|pki-validation)/.*" [];
    rewriteRule "^(?:\.|autotest|occ|issue|indie|db_|console).*" "-" [redirectWith notfound, last];

    directory elektrubadurRoot with
        rewriteRule "^core/js/oc.js$" "index.php" [passthrough, env "PATH_INFO" "$1"];
        rewriteRule "^core/preview.png$" "index.php" [passthrough, env "PATH_INFO" "$1"];
        rewriteCond "%{REQUEST_FILENAME}" "!\.(css|js|svg|gif|png|html|ttf|woff2?|ico|jpg|jpeg)$" [];
        rewriteCond "%{REQUEST_FILENAME}" "!core/img/favicon.ico$" [];
        rewriteCond "%{REQUEST_FILENAME}" "!core/img/manifest.json$" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/remote.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/public.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/cron.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/core/ajax/update.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/status.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/ocs/v1.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/ocs/v2.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/robots.txt" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/updater/" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/ocs-provider/" [];
        rewriteCond "%{REQUEST_URI}" "!^/\.well-known/(acme-challenge|pki-validation)/.*" [];
        rewriteRule "." "index.php" [passthrough, env "PATH_INFO" "$1"];

        rewriteBase "/";
    end;

    web "cloud" with
        rewriteRule "^(.*)$" "https://cloud.elektrubadur.se$1" [redirectWith permanent];
    end;

=== Drop unused tables ==

We should drop those deprecated tables from before, this wasn't actually working for me.

mysql-fixperms
mysql -h mysql -p ${USER}_cloud

DROP TABLE admin_sections;
DROP TABLE admin_settings);
DROP TABLE personal_sections;
DROP TABLE 'personal_settings;

1.1. Running Updates

Here is incomplete, work-in-progress script by StephenMichel for automating updates, provided without context or further explanation :P

#!/usr/bin/env bash

# set -x

set -eu -o pipefail

nextcloud_dir="$HOME/vhosts/nextcloud.smichel.me"
v_new="19.0.8"
v_cur="$(ls "$nextcloud_dir"/config-*.php | sort | tail -n 1 | xargs basename \
    | sed -e '
        s/^config-//
        s/\.php$//
    ')"

echo cur: $v_cur
echo new: $v_new

usage() {
cat <<EOF
USAGE: $0 OPTION

OPTIONS:

  --copyfiles   Download and install the latest version ($v_new).

  --fixperms    Grant your daemon permissions on the new directories.

To update nextcloud:
1. Stop serving nextcloud by disabling that section in your domtool config.
2. Run this script with --copyfiles.
3. Copy any apps that you want to preserve from the old location to the new one.
4. Run this script again with --fixperms.
EOF
}

copyfiles() {
    # cd "$nextcloud_dir"
    wget "https://download.nextcloud.com/server/releases/nextcloud-$v_new.tar.bz2"
    # tar -xjf "nextcloud-$v_new.zip"
    # cp htdocs/config/config.php nextcloud/config/config.php

    # mv htdocs{,-$v_cur}
    # mv nextcloud htdocs

    # cp htdocs/config/config.php ./config-$v_cur.php
}

fixperms() {
    cd "$nextcloud_dir"/htdocs
    fsr sa . system:anyuser none
    fsr sa . $USER.daemon rlk
    fsr sa config $USER.daemon rlidwk
    fsr sa apps $USER.daemon rlidwk
}

case "${1:-}" in
    ("--copyfiles") copyfiles ;;
    ("--fixperms") fixperms ;;
    (*) usage ;;
esac