Nextcloud

From Michael's Information Zone
Jump to navigation Jump to search

Purpose

Installation

CentOS 8

WIP

mkswap -U a507cc29-e07c-46ee-8486-350111e8edf9 /dev/nvme1n1
swapon UUID=a507cc29-e07c-46ee-8486-350111e8edf9
bash -c "echo 'UUID=a507cc29-e07c-46ee-8486-350111e8edf9 swap swap defaults' >> /etc/fstab"
dnf upgrade -y
dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf -y install wget php74-php php74-php-gd php74-php-pecl-zip php74-php-mysqlnd php74-php-intl php74-php-ldap php74-php-smbclient php74-php-pecl-imagick php74-php-process php74-php-gmp php74-php-bcmath php74-php-pecl-apcu libreoffice-writer libreoffice-calc libreoffice-impress redis

wget https://download.nextcloud.com/server/releases/nextcloud-19.0.0.zip
unzip nextcloud-19.0.0.zip
mv nextcloud /var/www/html/
mkdir /var/www/html/nextcloud/data
chown -R apache:apache /var/www/html/nextcloud
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'
restorecon -R '/var/www/html/nextcloud/'

sed -i 's|#\ maxmemory\ <bytes>|maxmemory 1g|; s|#\ maxmemory-policy\ noeviction|maxmemory-policy\ allkeys-lfu|' /etc/redis.conf

setsebool -P httpd_can_network_connect_db on
setsebool -P httpd_can_connect_ldap on
setsebool -P httpd_can_network_connect on
setsebool -P httpd_can_sendmail on
setsebool -P httpd_use_cifs on
systemctl enable --now redis
systemctl enable --now php74-php-fpm
systemctl enable --now httpd

FPM Tweaking

From the nextcloud documentation.[1] Editing the /etc/opt/remi/php74/php-fpm.d/www.conf file to match.

pm = dynamic
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 18

Troubleshooting

caldav not rewriting

To fix the caldav issues, had to edit the rewrite rules in the htaccess file.[2][3]

RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]

to

RewriteRule ^\.well-known/carddav https://server.com/remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/caldav https://server.com/remote.php/dav/ [R=301,L]

HSTS

Basic http conf file example.

<VirtualHost *:80>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  DocumentRoot /var/www/html/nextcloud
  ServerName  server.com

  <Directory /var/www/html/nextcloud>
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews
    <IfModule mod_dav.c>
      Dav off
    </IfModule>
  </Directory>
</VirtualHost>

LDAPS Server Error

When trying to enable LDAPS lookup I would run into server errors. Needed to disable the config[4]

sudo -u apache php74 /var/www/html/nextcloud/occ ldap:show-config
sudo -u apache php74 /var/www/html/nextcloud/occ ldap:set-config s01 ldapConfigurationActive 0

config.php modifications

caching

'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
     'host' => 'redis-host.example.com',
     'port' => 6379,
],

Behind TLS Proxy

'overwriteprotocol' => 'https',

Remove Default Directory Listing

'skeletondirectory' => '',