welcome: please sign in

Diff for "MemberManual/WebApplications/Nextcloud"

Differences between revisions 38 and 43 (spanning 5 versions)
Revision 38 as of 2019-01-08 03:48:41
Size: 6833
Comment: Link to Talk page
Revision 43 as of 2019-01-27 11:26:28
Size: 6709
Comment: Changed cronjob to run every 15 minutes, that's what the admin page suggests (though the Nextcloud manual example has 5 minutes)
Deletions are marked like this. Additions are marked like this.
Line 41: Line 41:
fsr setacl . system:anyuser none fsr sa . system:anyuser none
Line 74: Line 74:
fsr setacl . system:anyuser none fsr sa . system:anyuser none
Line 131: Line 131:
*/5 * * * * k5start -qtUf /etc/keytabs/user.daemon/$USER -- /usr/bin/php7.2 -f $NEXTDIR/cron.php */15 * * * * k5start -qtUf /etc/keytabs/user.daemon/$USER -- /usr/bin/php7.2 -f $NEXTDIR/cron.php
Line 181: Line 181:
'''TODO: Work out how to set up the additional rewrites needed to remove the 'index.php' bit from URLs.'''
Line 213: Line 211:
'''TODO: Update with instructions on using SMTP when that's working.'''
Line 226: Line 222:
=== Drop unused tables ===

We should drop those deprecated tables from before (this wasn't actually working for me, will look into how to drop tables in MySQL later).

{{{
mysql-fixperms
mysql -h mysql -p ${USER}_cloud

DROP TABLE admin_sections;
DROP TABLE admin_settings);
DROP TABLE personal_sections;
DROP TABLE 'personal_settings;
}}}

'''TODO: This didn't work for me, fix the instructions on dropping tables.'''
== Upgrade ==

The one-click upgrade feature does not work well with our ACL setup, so it's probably easiest to use the manual method. Follow the [[https://docs.nextcloud.com/server/15/admin_manual/maintenance/manual_upgrade.html|steps here]], with these changes:

 * Instead of 3 (Stop web server), disable the vhost/location in your Domtool configuration.
 * Instead of 10 (update ownership/permissions), update the file permissions in the new location like [[#Permissions|during installation]]

Guide for installation of Nextcloud. See /Talk for discussion on improvements.

1. Create database

Postgresql should work, but Nextcloud recommends MySQL. See MemberManual/Databases#Create_a_Database. We'll assume you name the database ${USER}_cloud.

2. Software installation

2.1. Unpack

Get the Nextcloud tarball from Nextcloud.

Pick a directory where you'll host Nextcloud, for example $HOME/www/next.your.domain. We'll call it $NEXTDIR.

Also pick a directory for data, for example $HOME/var/nextcloud. We'll call it $NEXTDATA.

Unpack the source.

unzip nextcloud-15.0.0.zip

Move the resulting nextcloud directory to where you decided to have the document root.

mv nextcloud $NEXTDIR

Create an empty data directory in the document root. This is necessary for the duration of the installation, we'll delete it later.

cd $NEXTDIR
mkdir data

2.2. Permissions

Adjust directory permissions:

fsr sa . system:anyuser none
fsr sa . $USER.daemon rlk
fsr sa config $USER.daemon rlidwk
fsr sa data $USER.daemon rlidwk
fsr sa apps $USER.daemon rlidwk

2.3. Patch

Delete some lines in the file core/Migrations/Version14000Date20180129121024.php. This doesn't play well with the HCoop default of not granting DROP on tables. The easiest fix seems to be to manually drop these later.

@@ -49,11 +49,6 @@
                /** @var ISchemaWrapper $schema */
                $schema = $schemaClosure();

-               $schema->dropTable('admin_sections');
-               $schema->dropTable('admin_settings');
-               $schema->dropTable('personal_sections');
-               $schema->dropTable('personal_settings');
-
                return $schema;
        }
 }

2.4. Create real data directory

Create the data directory and give it correct permissions:

mkdir $NEXTDATA
cd $NEXTDATA
fsr sa . system:anyuser none
fsr sa . $USER.daemon rlidwk

3. Nextcloud installation wizard

Open up the web site, which should now show you the installation wizard. Fill it out like so:

Data folder: $NEXTDATA
Database: MySQL/MariaDB
Username: whatever you like
Password: likewise
DB hostname: mysql

4. Post-installation configuration

4.1. Update some column types

Run this command to convert a couple of column types that are not handled by the installer:

cd $NEXTDIR
php7.2 occ db:convert-filecache-bigint

4.2. Set DB charset

In the MySQL CLI, run:

ALTER DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

Run these Nextcloud CLI commands:

php7.2 occ config:system:set mysql.utf8mb4 --type boolean --value="true"
php7.2 occ maintenance:repair
php7.2 occ maintenance:mode --off

4.3. Cache

Add this line to $NEXDIR/config/config.php, to enable the APCu cache:

'memcache.local' => '\OC\Memcache\APCu',

4.4. Cron

Add a cron job like this replacing the variables with your username/path:

*/15 * * * * k5start -qtUf /etc/keytabs/user.daemon/$USER -- /usr/bin/php7.2 -f $NEXTDIR/cron.php

5. Domtool

Example Domtool config:

web "cloud" where
    PhpVersion = php72;
    DocumentRoot = home "$NEXTDIR";
    SSL = use_cert "/etc/apache2/ssl/user/your.cert.pem";
with
    location "/" with
        unset_options [indexes, multiViews];
        directoryIndex ["index.php", "index.html"];
    end;

    expiresByType "text/css" access 1 weeks;
    expiresByType "application/javascript" access 1 weeks;
    expiresByType "image/svg" access 1 weeks;
    expiresByType "image/gif" access 1 weeks;
    expiresByType "application/font-woff2" access 1 weeks;

    setEnvIfNoCase "^Authorization$" "(.+)" ["XAUTHORIZATION=$1"];

    rewriteCond "%{HTTP_USER_AGENT}" "DavClnt" [];
    rewriteRule "^$" "/remote.php/webdav/" [redirectWith temp, last];

    rewriteRule ".*" "-" [env "HTTP_AUTHORIZATION" "%{HTTP:Authorization}"];
    rewriteRule "^\.well-known/host-meta" "/public.php?service=host-meta" [qsappend, last];
    rewriteRule "^\.well-known/host-meta\.json" "/public.php?service=host-meta-json" [qsappend, last];
    rewriteRule "^\.well-known/webfinger" "/public.php?service=webfinger" [qsappend, last];
    rewriteRule "^\.well-known/carddav" "/remote.php/dav/" [redirectWith permanent, last];
    rewriteRule "^\.well-known/caldav" "/remote.php/dav/" [redirectWith permanent, last];
    rewriteRule "^remote/(.*)" "remote.php" [qsappend, last];
    rewriteRule "^(?:build|tests|config|lib|3rdparty|templates)/.*" "-" [redirectWith notfound, last];
    rewriteCond "%{REQUEST_URI}" "!^/\.well-known/(acme-challenge|pki-validation)/.*" [];
    rewriteRule "^(?:\.|autotest|occ|issue|indie|db_|console).*" "-" [redirectWith notfound, last];
end;

And to enforce SSL:

web "cloud" with
    rewriteRule "^(.*)$" "https://next.your.domain$1" [redirectWith permanent];
end;

6. Login

You should now be able to log in and look around Nextcloud. You may want to have a look at Settings → Overview for any warnings. You will see a bunch of warnings like this:

Some app directories are owned by a different user than the web server one. This may be the case if apps have been installed manually. Check the permissions of the following app directories:

    /afs/hcoop.net/user/…

These can be ignored.

7. Configuration in Nextcloud UI

7.1. cron

Go to Settings → Basic Settings and select the option Cron under Background jobs (since we set that up earlier).

You can check this page to ensure your cronjob is working.

7.2. Mail notifications

In Settings → Basic Settings, set:

Send mode: Sendmail
Sendmail mode: pipe (-t)
From address: whatever@your.domain

8. Cleanup

8.1. Delete default data directory

Since we use a new data directory we can delete the one in the document root:

cd $NEXTDIR
rm -r data

9. Upgrade

The one-click upgrade feature does not work well with our ACL setup, so it's probably easiest to use the manual method. Follow the steps here, with these changes:

  • Instead of 3 (Stop web server), disable the vhost/location in your Domtool configuration.
  • Instead of 10 (update ownership/permissions), update the file permissions in the new location like during installation

MemberManual/WebApplications/Nextcloud (last edited 2019-01-27 11:26:28 by BjörnLindström)