1. Neater URLs

Add this line to $NEXTDIR/config/config.php:

cd $NEXTDIR
php7.2 occ config:system:set htaccess.RewriteBase --type=string --value="/"
php7.2 occ maintenance:update:htaccess

The second command should not be necessary, but it will generate a correct .htaccess for your version, for Nextcloud 15 it will look like this:

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
  </IfModule>

  <IfModule mod_env.c>
    # Add security and privacy related headers
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Robots-Tag "none"
    Header set X-Download-Options "noopen"
    Header set X-Permitted-Cross-Domain-Policies "none"
    Header set Referrer-Policy "no-referrer"
    SetEnv modHeadersAvailable true
  </IfModule>

  # Add cache control for static resources
  <FilesMatch "\.(css|js|svg|gif)$">
    Header set Cache-Control "max-age=15778463"
  </FilesMatch>

  # Let browsers cache WOFF files for a week
  <FilesMatch "\.woff2?$">
    Header set Cache-Control "max-age=604800"
  </FilesMatch>
</IfModule>
<IfModule mod_php5.c>
  php_value upload_max_filesize 511M
  php_value post_max_size 511M
  php_value memory_limit 512M
  php_value mbstring.func_overload 0
  php_value always_populate_raw_post_data -1
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>
<IfModule mod_php7.c>
  php_value upload_max_filesize 511M
  php_value post_max_size 511M
  php_value memory_limit 512M
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT}  DavClnt
  RewriteRule ^$         /remote.php/webdav/          [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [QSA,L]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>
#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####

ErrorDocument 403 /
ErrorDocument 404 /
<IfModule mod_rewrite.c>
  Options -MultiViews
  RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]
  RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1]
  RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff2?|ico|jpg|jpeg)$
  RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$
  RewriteCond %{REQUEST_FILENAME} !core/img/manifest.json$
  RewriteCond %{REQUEST_FILENAME} !/remote.php
  RewriteCond %{REQUEST_FILENAME} !/public.php
  RewriteCond %{REQUEST_FILENAME} !/cron.php
  RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php
  RewriteCond %{REQUEST_FILENAME} !/status.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v1.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v2.php
  RewriteCond %{REQUEST_FILENAME} !/robots.txt
  RewriteCond %{REQUEST_FILENAME} !/updater/
  RewriteCond %{REQUEST_FILENAME} !/ocs-provider/
  RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule . index.php [PT,E=PATH_INFO:$1]
  RewriteBase /
  <IfModule mod_env.c>
    SetEnv front_controller_active true
    <IfModule mod_dir.c>
      DirectorySlash off
    </IfModule>
  </IfModule>
</IfModule>

If someone can get this working to remove the 'index.php' stuff from URLs, please update the configuration on the main page.

Here is my best attempt so far:

web "cloud" where
    PhpVersion = php72;
    DocumentRoot = home "www/cloud.elektrubadur.se";
    SSL = elektrubadurCertificate;
with
    expiresByType "text/css" access 1 weeks;
    expiresByType "application/javascript" access 1 weeks;
    expiresByType "image/svg" access 1 weeks;
    expiresByType "image/gif" access 1 weeks;
    expiresByType "application/font-woff2" access 1 weeks;

    setEnv "front_controller_active" "true";
    setEnv "htaccessWorking" "true";
    setEnvIfNoCase "^Authorization$" "(.+)" ["XAUTHORIZATION=$1"];

    location "/" with
        unset_options [indexes, multiViews];
        directoryIndex ["index.php", "index.html"];
        errorDocument "403" "/";
        errorDocument "404" "/";
    end;

    rewriteCond "%{HTTP_USER_AGENT}" "DavClnt" [];
    rewriteRule "^$" "/remote.php/webdav/" [redirectWith temp, last];

    rewriteRule ".*" "-" [env "HTTP_AUTHORIZATION" "%{HTTP:Authorization}"];
    rewriteRule "^\.well-known/host-meta" "/public.php?service=host-meta" [qsappend, last];
    rewriteRule "^\.well-known/host-meta\.json" "/public.php?service=host-meta-json" [qsappend, last];
    rewriteRule "^\.well-known/webfinger" "/public.php?service=webfinger" [qsappend, last];
    rewriteRule "^\.well-known/carddav" "/remote.php/dav/" [redirectWith permanent, last];
    rewriteRule "^\.well-known/caldav" "/remote.php/dav/" [redirectWith permanent, last];
    rewriteRule "^remote/(.*)" "remote.php" [qsappend, last];
    rewriteRule "^(?:build|tests|config|lib|3rdparty|templates)/.*" "-" [redirectWith notfound, last];
    rewriteCond "%{REQUEST_URI}" "!^/\.well-known/(acme-challenge|pki-validation)/.*" [];
    rewriteRule "^(?:\.|autotest|occ|issue|indie|db_|console).*" "-" [redirectWith notfound, last];

    directory elektrubadurRoot with
        rewriteRule "^core/js/oc.js$" "index.php" [passthrough, env "PATH_INFO" "$1"];
        rewriteRule "^core/preview.png$" "index.php" [passthrough, env "PATH_INFO" "$1"];
        rewriteCond "%{REQUEST_FILENAME}" "!\.(css|js|svg|gif|png|html|ttf|woff2?|ico|jpg|jpeg)$" [];
        rewriteCond "%{REQUEST_FILENAME}" "!core/img/favicon.ico$" [];
        rewriteCond "%{REQUEST_FILENAME}" "!core/img/manifest.json$" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/remote.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/public.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/cron.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/core/ajax/update.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/status.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/ocs/v1.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/ocs/v2.php" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/robots.txt" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/updater/" [];
        rewriteCond "%{REQUEST_FILENAME}" "!/ocs-provider/" [];
        rewriteCond "%{REQUEST_URI}" "!^/\.well-known/(acme-challenge|pki-validation)/.*" [];
        rewriteRule "." "index.php" [passthrough, env "PATH_INFO" "$1"];

        rewriteBase "/";
    end;

    web "cloud" with
        rewriteRule "^(.*)$" "https://cloud.elektrubadur.se$1" [redirectWith permanent];
    end;

=== Drop unused tables ==

We should drop those deprecated tables from before, this wasn't actually working for me.

mysql-fixperms
mysql -h mysql -p ${USER}_cloud

DROP TABLE admin_sections;
DROP TABLE admin_settings);
DROP TABLE personal_sections;
DROP TABLE 'personal_settings;

1.1. Running Updates

Here is incomplete, work-in-progress script by StephenMichel for automating updates, provided without context or further explanation :P

#!/usr/bin/env bash

# set -x

set -eu -o pipefail

nextcloud_dir="$HOME/vhosts/nextcloud.smichel.me"
v_new="19.0.8"
v_cur="$(ls "$nextcloud_dir"/config-*.php | sort | tail -n 1 | xargs basename \
    | sed -e '
        s/^config-//
        s/\.php$//
    ')"

echo cur: $v_cur
echo new: $v_new

usage() {
cat <<EOF
USAGE: $0 OPTION

OPTIONS:

  --copyfiles   Download and install the latest version ($v_new).

  --fixperms    Grant your daemon permissions on the new directories.

To update nextcloud:
1. Stop serving nextcloud by disabling that section in your domtool config.
2. Run this script with --copyfiles.
3. Copy any apps that you want to preserve from the old location to the new one.
4. Run this script again with --fixperms.
EOF
}

copyfiles() {
    # cd "$nextcloud_dir"
    wget "https://download.nextcloud.com/server/releases/nextcloud-$v_new.tar.bz2"
    # tar -xjf "nextcloud-$v_new.zip"
    # cp htdocs/config/config.php nextcloud/config/config.php

    # mv htdocs{,-$v_cur}
    # mv nextcloud htdocs

    # cp htdocs/config/config.php ./config-$v_cur.php
}

fixperms() {
    cd "$nextcloud_dir"/htdocs
    fsr sa . system:anyuser none
    fsr sa . $USER.daemon rlk
    fsr sa config $USER.daemon rlidwk
    fsr sa apps $USER.daemon rlidwk
}

case "${1:-}" in
    ("--copyfiles") copyfiles ;;
    ("--fixperms") fixperms ;;
    (*) usage ;;
esac