Nextcloud
Contents
Purpose
Installation
Amazon Linux ARM
- These are notes from a production environment. Please note that they assume files are stored on an NFS server and it copies config files from that server, you should only use this as general reference.
- NOTE : Both PHP 7.3 and 7.4 were created for Amazon Linux ARM based instances. That is why I am downloading some of the php modules from pecl.php.net .
PHP 7.3
yum upgrade -y amazon-linux-extras install php7.3 libreoffice -y yum install -y httpd mod_ssl php-fpm php-gd php-pecl-zip php-mysqlnd php-intl php-ldap libsmbclient-devel php-devel php-pecl-imagick php-process php-gmp php-bcmath php-pecl-apcu php-xml php-mbstring php-opcache php-pecl-redis yum-cron autofs wget https://pecl.php.net/get/smbclient-1.0.6.tgz tar -xf smbclient-1.0.6.tgz cd smbclient-1.0.6 phpize ./configure make make install #echo 'extension="smbclient.so"'>> /etc/php.ini echo -e '#!/bin/bash\ncp /mnt/conf/php.ini /etc/php.ini\ncp /mnt/conf/nextcloud.conf /etc/httpd/conf.d/nextcloud.conf\ncp /mnt/conf/www.conf /etc/php-fpm.d/www.conf\ncp /mnt/conf/php.conf /etc/httpd/conf.d/php.conf' > /root/conf.sh chmod +x /root/conf.sh /root/conf.sh echo '@daily /root/conf.sh' >> /var/spool/cron/root echo 'LoadModule mpm_event_module modules/mod_mpm_event.so' > /etc/httpd/conf.modules.d/00-mpm.conf sed -i 's/LoadModule\ mpm_prefork_module\ modules\/mod_mpm_prefork.so/#&/' /etc/httpd/conf.modules.d/00-mpm.conf sed -i 's|listen\ =\ 127\.0\.0\.1\:9000|listen\ =\ /run/www.sock|; s|^\;listen\.group\ =\ nobody|listen\.group\ =\ apache|; s|^\;listen\.mode\ =\ 0660|listen\.mode\ =\ 0660|' /etc/php-fpm.d/www.conf systemctl enable --now php-fpm systemctl enable --now httpd systemctl enable --now yum-cron
CentOS
WIP
CentOS 7
yum upgrade -y yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm yum -y install wget httpd mod_ssl php74-php-fpm php74-php-gd php74-php-pecl-zip php74-php-mysqlnd php74-php-intl php74-php-ldap php74-php-smbclient php74-php-pecl-imagick php74-php-process php74-php-gmp php74-php-bcmath php74-php-pecl-apcu php74-php-xml php74-php-mbstring php74-php-opcache php74-php-pecl-redis5 libreoffice-writer libreoffice-calc libreoffice-impress yum-cron autofs sed -i 's/update_cmd\ \=\ default/update_cmd\ \=\ security/; s/apply_updates\ \=\ no/apply_updates\ \=\ yes/' /etc/yum/yum-cron.conf *************** This is a holder as I am using autofs in my environment. Just put your web files here. I will come back with more details. *************** *************** Holder for php-fpm config *************** echo 'LoadModule mpm_event_module modules/mod_mpm_event.so' > /etc/httpd/conf.modules.d/00-mpm.conf sed -i 's/LoadModule\ mpm_prefork_module\ modules\/mod_mpm_prefork.so/#&/' /etc/httpd/conf.modules.d/00-mpm.conf sed -i 's|listen\ =\ 127\.0\.0\.1\:9000|listen\ =\ /run/www.sock|; s|^\;listen\.group\ =\ nobody|listen\.group\ =\ apache|; s|^\;listen\.mode\ =\ 0660|listen\.mode\ =\ 0660|' /etc/opt/remi/php74/php-fpm.d/www.conf setsebool -P httpd_can_network_connect_db on setsebool -P httpd_can_connect_ldap on setsebool -P httpd_can_network_connect on setsebool -P httpd_can_sendmail on setsebool -P httpd_use_cifs on setsebool -P httpd_use_nfs on systemctl enable --now php74-php-fpm systemctl enable --now httpd systemctl enable --now yum-cron
CentOS 8
Make sure to change remi release and update commands for CentOS 7.
mkswap -U a507cc29-e07c-46ee-8486-350111e8edf9 /dev/nvme1n1 swapon UUID=a507cc29-e07c-46ee-8486-350111e8edf9 bash -c "echo 'UUID=a507cc29-e07c-46ee-8486-350111e8edf9 swap swap defaults' >> /etc/fstab" dnf upgrade -y dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm dnf -y install wget php74-php php74-php-gd php74-php-pecl-zip php74-php-mysqlnd php74-php-intl php74-php-ldap php74-php-smbclient php74-php-pecl-imagick php74-php-process php74-php-gmp php74-php-bcmath php74-php-pecl-apcu libreoffice-writer libreoffice-calc libreoffice-impress redis wget https://download.nextcloud.com/server/releases/nextcloud-19.0.0.zip unzip nextcloud-19.0.0.zip mv nextcloud /var/www/html/ mkdir /var/www/html/nextcloud/data chown -R apache:apache /var/www/html/nextcloud semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?' restorecon -R '/var/www/html/nextcloud/'
CentOS 8
sed -i 's|#\ maxmemory\ <bytes>|maxmemory 1g|; s|#\ maxmemory-policy\ noeviction|maxmemory-policy\ allkeys-lfu|' /etc/redis.conf
CentOS 7
sed -i 's|#\ maxmemory\ <bytes>|maxmemory 1g|; s|#\ maxmemory-policy\ noeviction|maxmemory-policy\ allkeys-lru|' /etc/redis.conf
setsebool -P httpd_can_network_connect_db on setsebool -P httpd_can_connect_ldap on setsebool -P httpd_can_network_connect on setsebool -P httpd_can_sendmail on setsebool -P httpd_use_cifs on systemctl enable --now redis systemctl enable --now php74-php-fpm systemctl enable --now httpd
General
FPM Tweaking
Not for CentOS 7.
From the nextcloud documentation.[3] Editing the /etc/opt/remi/php74/php-fpm.d/www.conf file to match.
pm = dynamic pm.max_children = 120 pm.start_servers = 12 pm.min_spare_servers = 6 pm.max_spare_servers = 18
Troubleshooting
caldav not rewriting
To fix the caldav issues, had to edit the rewrite rules in the htaccess file.[4][5]
RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L] RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
to
RewriteRule ^\.well-known/carddav https://server.com/remote.php/dav/ [R=301,L] RewriteRule ^\.well-known/caldav https://server.com/remote.php/dav/ [R=301,L]
HSTS
Basic http conf file example.
<VirtualHost *:80> Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" DocumentRoot /var/www/html/nextcloud ServerName server.com <Directory /var/www/html/nextcloud> Require all granted AllowOverride All Options FollowSymLinks MultiViews <IfModule mod_dav.c> Dav off </IfModule> </Directory> </VirtualHost>
LDAPS Server Error
When trying to enable LDAPS lookup I would run into server errors. Needed to disable the config[6]
sudo -u apache php74 /var/www/html/nextcloud/occ ldap:show-config sudo -u apache php74 /var/www/html/nextcloud/occ ldap:set-config s01 ldapConfigurationActive 0
Stuck Updates
- Update was stuck at step 5 because of memory limits. Ran the following[7] to clear it.
sudo -u www-data php occ maintenance:repair
config.php modifications
caching
If everything is installed on a single instance.
'memcache.local' => '\OC\Memcache\APCu', 'memcache.distributed' => '\OC\Memcache\Redis', 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => [ 'host' => 'localhost', 'port' => 6379, ],
Behind TLS Proxy
'overwriteprotocol' => 'https',
- Under the standard config array
'trusted_proxies' => '192.168.20.0/24', '192.168.18.0/24', 'forwarded_for_headers' => array('HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'),
- Edit apache vhost file for the site and add the following[8]
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded CustomLog "logs/access_log" combined env=!forwarded CustomLog "logs/access_log" proxy env=forwarded
Remove Default Directory Listing
'skeletondirectory' => '',
OCC Options
Disable Signup Link
sudo -u apache php74 /var/www/html/nextcloud/occ config:system:set --type=bool --value=false simpleSignUpLink.shown
Update
Using CLI
sudo -u apache php74 /var/www/nextcloud/updater/updater.phar --no-interaction
Custom Mail Template
There should be a better way to do this, I just haven't spent enough time looking for it. For now I edit the following directly.
/var/www/html/nextcloud/apps/activity/lib/MailQueueHandler.php
For basic string changes I change
$template->addBodyText( $l->t('There was some activity at %s', [$homeLink]), $l->t('There was some activity at %s', [$this->urlGenerator->getAbsoluteURL('/')]) );
to
$template->addBodyText( $l->t('New files have been received in the external file upload folder under G:\CSPFX. Please retrieve and remove the files and notify the appropriate staff in your office. The files in this folder will be automatically deleted after 10 days.'),
- ↑ https://www.stephenrlang.com/2018/02/centos-7-apache-2-4-with-php-fpm/
- ↑ https://src.fedoraproject.org/rpms/php/raw/master/f/php.conf
- ↑ https://docs.nextcloud.com/server/15/admin_manual/installation/server_tuning.html#tune-php-fpm
- ↑ https://help.nextcloud.com/t/disable-a-specific-ldap-configuration/48443
- ↑ https://github.com/nextcloud/server/issues/11850
- ↑ https://docs.nextcloud.com/server/11.0/admin_manual/configuration_server/occ_command.html#ldap-commands-label
- ↑ https://docs.nextcloud.com/server/13/admin_manual/maintenance/manual_upgrade.html
- ↑ https://www.loadbalancer.org/blog/apache-and-x-forwarded-for-headers/
- ↑ https://github.com/nextcloud/server/issues/11327