Guide for installation of Nextcloud. See /Talk for discussion on improvements.
1. Create database
Postgresql should work, but Nextcloud recommends MySQL. See MemberManual/Databases#Create_a_Database. We'll assume you name the database ${USER}_cloud.
2. Software installation
2.1. Unpack
Get the Nextcloud tarball from Nextcloud.
Pick a directory where you'll host Nextcloud, for example $HOME/www/next.your.domain. We'll call it $NEXTDIR.
Also pick a directory for data, for example $HOME/var/nextcloud. We'll call it $NEXTDATA.
Unpack the source.
unzip nextcloud-15.0.0.zip
Move the resulting nextcloud directory to where you decided to have the document root.
mv nextcloud $NEXTDIR
Create an empty data directory in the document root. This is necessary for the duration of the installation, we'll delete it later.
cd $NEXTDIR mkdir data
2.2. Permissions
Adjust directory permissions:
fsr sa . system:anyuser none fsr sa . $USER.daemon rlk fsr sa config $USER.daemon rlidwk fsr sa data $USER.daemon rlidwk fsr sa apps $USER.daemon rlidwk
2.3. Patch
Delete some lines in the file core/Migrations/Version14000Date20180129121024.php. This doesn't play well with the HCoop default of not granting DROP on tables. The easiest fix seems to be to manually drop these later.
@@ -49,11 +49,6 @@
/** @var ISchemaWrapper $schema */
$schema = $schemaClosure();
- $schema->dropTable('admin_sections');
- $schema->dropTable('admin_settings');
- $schema->dropTable('personal_sections');
- $schema->dropTable('personal_settings');
-
return $schema;
}
}
2.4. Create real data directory
Create the data directory and give it correct permissions:
mkdir $NEXTDATA cd $NEXTDATA fsr sa . system:anyuser none fsr sa . $USER.daemon rlidwk
3. Nextcloud installation wizard
Open up the web site, which should now show you the installation wizard. Fill it out like so:
Data folder: $NEXTDATA Database: MySQL/MariaDB Username: whatever you like Password: likewise DB hostname: mysql
4. Post-installation configuration
4.1. Update some column types
Run this command to convert a couple of column types that are not handled by the installer:
cd $NEXTDIR php7.2 occ db:convert-filecache-bigint
4.2. Set DB charset
In the MySQL CLI, run:
ALTER DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
Run these Nextcloud CLI commands:
php7.2 occ config:system:set mysql.utf8mb4 --type boolean --value="true" php7.2 occ maintenance:repair php7.2 occ maintenance:mode --off
4.3. Cache
Add this line to $NEXDIR/config/config.php, to enable the APCu cache:
'memcache.local' => '\OC\Memcache\APCu',
4.4. Cron
Add a cron job like this replacing the variables with your username/path:
*/15 * * * * k5start -qtUf /etc/keytabs/user.daemon/$USER -- /usr/bin/php7.2 -f $NEXTDIR/cron.php
5. Domtool
Example Domtool config:
web "cloud" where
PhpVersion = php72;
DocumentRoot = home "$NEXTDIR";
SSL = use_cert "/etc/apache2/ssl/user/your.cert.pem";
with
location "/" with
unset_options [indexes, multiViews];
directoryIndex ["index.php", "index.html"];
end;
expiresByType "text/css" access 1 weeks;
expiresByType "application/javascript" access 1 weeks;
expiresByType "image/svg" access 1 weeks;
expiresByType "image/gif" access 1 weeks;
expiresByType "application/font-woff2" access 1 weeks;
setEnvIfNoCase "^Authorization$" "(.+)" ["XAUTHORIZATION=$1"];
rewriteCond "%{HTTP_USER_AGENT}" "DavClnt" [];
rewriteRule "^$" "/remote.php/webdav/" [redirectWith temp, last];
rewriteRule ".*" "-" [env "HTTP_AUTHORIZATION" "%{HTTP:Authorization}"];
rewriteRule "^\.well-known/host-meta" "/public.php?service=host-meta" [qsappend, last];
rewriteRule "^\.well-known/host-meta\.json" "/public.php?service=host-meta-json" [qsappend, last];
rewriteRule "^\.well-known/webfinger" "/public.php?service=webfinger" [qsappend, last];
rewriteRule "^\.well-known/carddav" "/remote.php/dav/" [redirectWith permanent, last];
rewriteRule "^\.well-known/caldav" "/remote.php/dav/" [redirectWith permanent, last];
rewriteRule "^remote/(.*)" "remote.php" [qsappend, last];
rewriteRule "^(?:build|tests|config|lib|3rdparty|templates)/.*" "-" [redirectWith notfound, last];
rewriteCond "%{REQUEST_URI}" "!^/\.well-known/(acme-challenge|pki-validation)/.*" [];
rewriteRule "^(?:\.|autotest|occ|issue|indie|db_|console).*" "-" [redirectWith notfound, last];
end;And to enforce SSL:
web "cloud" with
rewriteRule "^(.*)$" "https://next.your.domain$1" [redirectWith permanent];
end;
6. Login
You should now be able to log in and look around Nextcloud. You may want to have a look at Settings → Overview for any warnings. You will see a bunch of warnings like this:
Some app directories are owned by a different user than the web server one. This may be the case if apps have been installed manually. Check the permissions of the following app directories:
/afs/hcoop.net/user/…These can be ignored.
7. Configuration in Nextcloud UI
7.1. cron
Go to Settings → Basic Settings and select the option Cron under Background jobs (since we set that up earlier).
You can check this page to ensure your cronjob is working.
7.2. Mail notifications
In Settings → Basic Settings, set:
Send mode: Sendmail Sendmail mode: pipe (-t) From address: whatever@your.domain
8. Cleanup
8.1. Delete default data directory
Since we use a new data directory we can delete the one in the document root:
cd $NEXTDIR rm -r data
9. Upgrade
The one-click upgrade feature does not work well with our ACL setup, so it's probably easiest to use the manual method. Follow the steps here, with these changes:
- Instead of 3 (Stop web server), disable the vhost/location in your Domtool configuration.
Instead of 10 (update ownership/permissions), update the file permissions in the new location like during installation