Guide for installation of [[https://nextcloud.com|Nextcloud]]. See [[/Talk]] for discussion on improvements. == Create database == Postgresql should work, but Nextcloud recommends MySQL. See [[MemberManual/Databases#Create_a_Database]]. We'll assume you name the database `${USER}_cloud`. == Software installation == === Unpack === Get the Nextcloud tarball from [[https://nextcloud.com/install/#instructions-server|Nextcloud]]. Pick a directory where you'll host Nextcloud, for example `$HOME/www/next.your.domain`. We'll call it `$NEXTDIR`. Also pick a directory for data, for example `$HOME/var/nextcloud`. We'll call it `$NEXTDATA`. Unpack the source. {{{ unzip nextcloud-15.0.0.zip }}} Move the resulting `nextcloud` directory to where you decided to have the document root. {{{ mv nextcloud $NEXTDIR }}} Create an empty data directory in the document root. This is necessary for the duration of the installation, we'll delete it later. {{{ cd $NEXTDIR mkdir data }}} === Permissions === Adjust directory permissions: {{{ fsr sa . system:anyuser none fsr sa . $USER.daemon rlk fsr sa config $USER.daemon rlidwk fsr sa data $USER.daemon rlidwk fsr sa apps $USER.daemon rlidwk }}} === Patch === Delete some lines in the file `core/Migrations/Version14000Date20180129121024.php`. This doesn't play well with the HCoop default of not granting DROP on tables. The easiest fix seems to be to manually drop these later. {{{ @@ -49,11 +49,6 @@ /** @var ISchemaWrapper $schema */ $schema = $schemaClosure(); - $schema->dropTable('admin_sections'); - $schema->dropTable('admin_settings'); - $schema->dropTable('personal_sections'); - $schema->dropTable('personal_settings'); - return $schema; } } }}} === Create real data directory === Create the data directory and give it correct permissions: {{{ mkdir $NEXTDATA cd $NEXTDATA fsr sa . system:anyuser none fsr sa . $USER.daemon rlidwk }}} == Nextcloud installation wizard == Open up the web site, which should now show you the installation wizard. Fill it out like so: {{{ Data folder: $NEXTDATA Database: MySQL/MariaDB Username: whatever you like Password: likewise DB hostname: mysql }}} == Post-installation configuration == === Update some column types === Run this command to convert a couple of column types that are not handled by the installer: {{{ cd $NEXTDIR php7.2 occ db:convert-filecache-bigint }}} === Set DB charset === In the MySQL CLI, run: {{{ ALTER DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; }}} Run these Nextcloud CLI commands: {{{ php7.2 occ config:system:set mysql.utf8mb4 --type boolean --value="true" php7.2 occ maintenance:repair php7.2 occ maintenance:mode --off }}} === Cache === Add this line to `$NEXDIR/config/config.php`, to enable the APCu cache: {{{ 'memcache.local' => '\OC\Memcache\APCu', }}} === Cron === Add a [[MemberManual/UsingCron|cron job]] like this replacing the variables with your username/path: {{{ */15 * * * * k5start -qtUf /etc/keytabs/user.daemon/$USER -- /usr/bin/php7.2 -f $NEXTDIR/cron.php }}} == Domtool == Example Domtool config: {{{ web "cloud" where PhpVersion = php72; DocumentRoot = home "$NEXTDIR"; SSL = use_cert "/etc/apache2/ssl/user/your.cert.pem"; with location "/" with unset_options [indexes, multiViews]; directoryIndex ["index.php", "index.html"]; end; expiresByType "text/css" access 1 weeks; expiresByType "application/javascript" access 1 weeks; expiresByType "image/svg" access 1 weeks; expiresByType "image/gif" access 1 weeks; expiresByType "application/font-woff2" access 1 weeks; setEnvIfNoCase "^Authorization$" "(.+)" ["XAUTHORIZATION=$1"]; rewriteCond "%{HTTP_USER_AGENT}" "DavClnt" []; rewriteRule "^$" "/remote.php/webdav/" [redirectWith temp, last]; rewriteRule ".*" "-" [env "HTTP_AUTHORIZATION" "%{HTTP:Authorization}"]; rewriteRule "^\.well-known/host-meta" "/public.php?service=host-meta" [qsappend, last]; rewriteRule "^\.well-known/host-meta\.json" "/public.php?service=host-meta-json" [qsappend, last]; rewriteRule "^\.well-known/webfinger" "/public.php?service=webfinger" [qsappend, last]; rewriteRule "^\.well-known/carddav" "/remote.php/dav/" [redirectWith permanent, last]; rewriteRule "^\.well-known/caldav" "/remote.php/dav/" [redirectWith permanent, last]; rewriteRule "^remote/(.*)" "remote.php" [qsappend, last]; rewriteRule "^(?:build|tests|config|lib|3rdparty|templates)/.*" "-" [redirectWith notfound, last]; rewriteCond "%{REQUEST_URI}" "!^/\.well-known/(acme-challenge|pki-validation)/.*" []; rewriteRule "^(?:\.|autotest|occ|issue|indie|db_|console).*" "-" [redirectWith notfound, last]; end; }}} And to enforce SSL: {{{ web "cloud" with rewriteRule "^(.*)$" "https://next.your.domain$1" [redirectWith permanent]; end; }}} == Login == You should now be able to log in and look around Nextcloud. You may want to have a look at `Settings → Overview` for any warnings. You will see a bunch of warnings like this: {{{ Some app directories are owned by a different user than the web server one. This may be the case if apps have been installed manually. Check the permissions of the following app directories: /afs/hcoop.net/user/… }}} These can be ignored. == Configuration in Nextcloud UI == === cron === Go to ''Settings → Basic Settings'' and select the option ''Cron'' under ''Background jobs'' (since we set that up earlier). You can check this page to ensure your cronjob is working. === Mail notifications === In ''Settings → Basic Settings'', set: {{{ Send mode: Sendmail Sendmail mode: pipe (-t) From address: whatever@your.domain }}} == Cleanup == === Delete default data directory === Since we use a new data directory we can delete the one in the document root: {{{ cd $NEXTDIR rm -r data }}} == Upgrade == The one-click upgrade feature does not work well with our ACL setup, so it's probably easiest to use the manual method. Follow the [[https://docs.nextcloud.com/server/15/admin_manual/maintenance/manual_upgrade.html|steps here]], with these changes: * Instead of 3 (Stop web server), disable the vhost/location in your Domtool configuration. * Instead of 10 (update ownership/permissions), update the file permissions in the new location like [[#Permissions|during installation]]