Nextcloud
Jump to navigation
Jump to search
Contents
Purpose
Installation
Amazon Linux
Amazon Linux ARM64
PHP 8.0
#!/bin/bash timedatectl set-timezone America/New_York yum upgrade -y dd if=/dev/zero of=/SWAP bs=1024M count=2 chmod 0600 /SWAP mkswap /SWAP swapon /SWAP amazon-linux-extras install -y php8.0 libreoffice yum install -y httpd yum-cron autofs php-bcmath php-gd php-intl php-ldap php-process php-gmp php-bcmath php-sodium php-xml php-mbstring php-opcache php-pecl-imagick php-devel gcc libsmbclient-devel sed -i 's/update_cmd\ \=\ default/update_cmd\ \=\ security/; s/apply_updates\ \=\ no/apply_updates\ \=\ yes/' /etc/yum/yum-cron.conf wget https://pecl.php.net/get/redis-5.3.7.tgz tar -xf redis-5.3.7.tgz && cd redis-5.3.7 phpize && ./configure && make && make install cd ~ wget https://pecl.php.net/get/apcu-5.1.21.tgz tar -xf apcu-5.1.21.tgz && cd apcu-5.1.21 phpize && ./configure && make && make install cd ~ wget https://pecl.php.net/get/smbclient-1.0.6.tgz tar -xf smbclient-1.0.6.tgz && cd smbclient-1.0.6 phpize && ./configure && make && make install cd ~ echo -e '/var/www /etc/auto1.mnt\n/mnt /etc/auto2.mnt' >> /etc/auto.master echo -e 'html nfs.yourdomain.com:/mnt/nfs/nextcloud/webdir' >> /etc/auto1.mnt echo -e 'conf nfs.yourdomain.com:/mnt/nfs/nextcloud/conf/2022' >> /etc/auto2.mnt systemctl enable --now autofs cp /mnt/conf/nextcloud.conf /etc/httpd/conf.d/nextcloud.conf cp /mnt/conf/www.conf /etc/php-fpm.d/www.conf cp /mnt/conf/php.ini /etc/php.ini echo 'LoadModule mpm_event_module modules/mod_mpm_event.so' > /etc/httpd/conf.modules.d/00-mpm.conf echo 'extension=redis.so' > /etc/php.d/10-redis.ini echo 'extension=apcu.so' > /etc/php.d/10-apcu.ini echo 'extension=smbclient.so' > /etc/php.d/40-smbclient.ini systemctl enable --now php-fpm systemctl enable --now httpd systemctl enable --now yum-cron <pre> =====Notes===== *These are notes from a production environment. Please note that they assume files are stored on an NFS server and it copies config files from that server, you should only use this as general reference. *NOTE : Both PHP 7.3 and 7.4 were created for Amazon Linux ARM based instances. That is why I am downloading some of the php modules from pecl.php.net . =====General Setup Pre PHP===== <pre> yum install -y yum-cron autofs sed -i 's/update_cmd\ \=\ default/update_cmd\ \=\ security/; s/apply_updates\ \=\ no/apply_updates\ \=\ yes/' /etc/yum/yum-cron.conf echo -e '/var/www /etc/auto.mnt\n/mnt /etc/auto.mnt' >> /etc/auto.master echo -e 'html nfs.your.domain:/mnt/nfs/nextcloud/webdir\nconf nfs.your.domain:/mnt/nfs/nextcloud/conf' >> /etc/auto.mnt systemctl enable --now autofs
PHP 7.3 Specific
yum upgrade -y amazon-linux-extras install php7.3 libreoffice -y yum install -y httpd mod_ssl php-fpm php-gd php-pecl-zip php-mysqlnd php-intl php-ldap libsmbclient-devel php-devel php-pecl-imagick php-process php-gmp php-bcmath php-pecl-apcu php-xml php-mbstring php-opcache php-pecl-redis wget https://pecl.php.net/get/smbclient-1.0.6.tgz tar -xf smbclient-1.0.6.tgz cd smbclient-1.0.6 phpize ./configure make make install #echo 'extension="smbclient.so"'>> /etc/php.ini
PHP 7.4 Specific
amazon-linux-extras install php7.4 libreoffice -y yum install -y httpd mod_ssl php-fpm php-gd php-pecl-zip php-mysqlnd php-intl php-ldap libsmbclient-devel php-devel *** php-process php-gmp php-bcmath php-pecl-apcu php-xml php-mbstring php-opcache php-pecl-redis yum-cron autofs gcc ImageMagick-devel wget https://pecl.php.net/get/imagick-3.4.4.tgz wget wget https://pecl.php.net/get/smbclient-1.0.6.tgz tar -xf imagick-3.4.4.tgz; cd imagick-3.4.4 phpize ./configure make make test make install cd ../ tar -xf smbclient-1.0.6.tgz cd smbclient-1.0.6 phpize ./configure make make install
General Steps Post PHP
echo -e '#!/bin/bash\ncp /mnt/conf/php.ini /etc/php.ini\ncp /mnt/conf/nextcloud.conf /etc/httpd/conf.d/nextcloud.conf\ncp /mnt/conf/www.conf /etc/php-fpm.d/www.conf\ncp /mnt/conf/php.conf /etc/httpd/conf.d/php.conf' > /root/conf.sh chmod +x /root/conf.sh /root/conf.sh echo '@daily /root/conf.sh' >> /var/spool/cron/root echo 'LoadModule mpm_event_module modules/mod_mpm_event.so' > /etc/httpd/conf.modules.d/00-mpm.conf sed -i 's/LoadModule\ mpm_prefork_module\ modules\/mod_mpm_prefork.so/#&/' /etc/httpd/conf.modules.d/00-mpm.conf sed -i 's|listen\ =\ 127\.0\.0\.1\:9000|listen\ =\ /run/www.sock|; s|^\;listen\.group\ =\ nobody|listen\.group\ =\ apache|; s|^\;listen\.mode\ =\ 0660|listen\.mode\ =\ 0660|' /etc/php-fpm.d/www.conf systemctl enable --now php-fpm systemctl enable --now httpd systemctl enable --now yum-cron
Amazon Linux x86
This is from production on a single on-prem instance. The database will be held on the same server for the time being as this is more a PoC for a client.
Mariadb 10.5 / PHP 8.0
sudo amazon-linux-extras install mariadb10.5 sudo amazon-linux-extras install php8.0 sudo yum install httpd yum install -y php-fpm php-gd php-pecl-zip php-mysqlnd php-intl php-ldap php-process php-gmp php-bcmath php-pecl-apcu php-xml php-mbstring php-opcache wget https://download.nextcloud.com/server/releases/nextcloud-22.2.0.zip unzip nextcloud-22.2.0.zip sudo rsync -a nextcloud/* /var/www/html/ && sudo chown -R apache:apache /var/www/html sudo systemctl enable --now httpd sudo systemctl enable --now mariadb sudo mysql_secure_installation
CentOS
WIP
CentOS 7
yum upgrade -y yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm yum -y install wget httpd mod_ssl php74-php-fpm php74-php-gd php74-php-pecl-zip php74-php-mysqlnd php74-php-intl php74-php-ldap php74-php-smbclient php74-php-pecl-imagick php74-php-process php74-php-gmp php74-php-bcmath php74-php-pecl-apcu php74-php-xml php74-php-mbstring php74-php-opcache php74-php-pecl-redis5 libreoffice-writer libreoffice-calc libreoffice-impress yum-cron autofs sed -i 's/update_cmd\ \=\ default/update_cmd\ \=\ security/; s/apply_updates\ \=\ no/apply_updates\ \=\ yes/' /etc/yum/yum-cron.conf *************** This is a holder as I am using autofs in my environment. Just put your web files here. I will come back with more details. *************** *************** Holder for php-fpm config *************** echo 'LoadModule mpm_event_module modules/mod_mpm_event.so' > /etc/httpd/conf.modules.d/00-mpm.conf sed -i 's/LoadModule\ mpm_prefork_module\ modules\/mod_mpm_prefork.so/#&/' /etc/httpd/conf.modules.d/00-mpm.conf sed -i 's|listen\ =\ 127\.0\.0\.1\:9000|listen\ =\ /run/www.sock|; s|^\;listen\.group\ =\ nobody|listen\.group\ =\ apache|; s|^\;listen\.mode\ =\ 0660|listen\.mode\ =\ 0660|' /etc/opt/remi/php74/php-fpm.d/www.conf setsebool -P httpd_can_network_connect_db on setsebool -P httpd_can_connect_ldap on setsebool -P httpd_can_network_connect on setsebool -P httpd_can_sendmail on setsebool -P httpd_use_cifs on setsebool -P httpd_use_nfs on systemctl enable --now php74-php-fpm systemctl enable --now httpd systemctl enable --now yum-cron
CentOS 8
Make sure to change remi release and update commands for CentOS 7.
mkswap -U a507cc29-e07c-46ee-8486-350111e8edf9 /dev/nvme1n1 swapon UUID=a507cc29-e07c-46ee-8486-350111e8edf9 bash -c "echo 'UUID=a507cc29-e07c-46ee-8486-350111e8edf9 swap swap defaults' >> /etc/fstab" dnf upgrade -y dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm dnf -y install wget php74-php php74-php-gd php74-php-pecl-zip php74-php-mysqlnd php74-php-intl php74-php-ldap php74-php-smbclient php74-php-pecl-imagick php74-php-process php74-php-gmp php74-php-bcmath php74-php-pecl-apcu libreoffice-writer libreoffice-calc libreoffice-impress redis wget https://download.nextcloud.com/server/releases/nextcloud-19.0.0.zip unzip nextcloud-19.0.0.zip mv nextcloud /var/www/html/ mkdir /var/www/html/nextcloud/data chown -R apache:apache /var/www/html/nextcloud semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?' restorecon -R '/var/www/html/nextcloud/'
CentOS 8
sed -i 's|#\ maxmemory\ <bytes>|maxmemory 1g|; s|#\ maxmemory-policy\ noeviction|maxmemory-policy\ allkeys-lfu|' /etc/redis.conf
CentOS 7
sed -i 's|#\ maxmemory\ <bytes>|maxmemory 1g|; s|#\ maxmemory-policy\ noeviction|maxmemory-policy\ allkeys-lru|' /etc/redis.conf
setsebool -P httpd_can_network_connect_db on setsebool -P httpd_can_connect_ldap on setsebool -P httpd_can_network_connect on setsebool -P httpd_can_sendmail on setsebool -P httpd_use_cifs on systemctl enable --now redis systemctl enable --now php74-php-fpm systemctl enable --now httpd
General
FPM Tweaking
Not for CentOS 7.
From the nextcloud documentation.[3] Editing the /etc/opt/remi/php74/php-fpm.d/www.conf file to match.
pm = dynamic pm.max_children = 120 pm.start_servers = 12 pm.min_spare_servers = 6 pm.max_spare_servers = 18
Troubleshooting
caldav not rewriting
To fix the caldav issues, had to edit the rewrite rules in the htaccess file.[4][5]
RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L] RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
to
RewriteRule ^\.well-known/carddav https://server.com/remote.php/dav/ [R=301,L] RewriteRule ^\.well-known/caldav https://server.com/remote.php/dav/ [R=301,L]
HSTS
Basic http conf file example.
<VirtualHost *:80>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
DocumentRoot /var/www/html/nextcloud
ServerName server.com
<Directory /var/www/html/nextcloud>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
</VirtualHost>
LDAPS Server Error
When trying to enable LDAPS lookup I would run into server errors. Needed to disable the config[6]
sudo -u apache php74 /var/www/html/nextcloud/occ ldap:show-config sudo -u apache php74 /var/www/html/nextcloud/occ ldap:set-config s01 ldapConfigurationActive 0
Stuck Updates
- Update was stuck at step 5 because of memory limits. Ran the following[7] to clear it.
sudo -u www-data php occ maintenance:repair
config.php modifications
caching
If everything is installed on a single instance.
'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
'host' => 'localhost',
'port' => 6379,
],
Behind TLS Proxy
'overwriteprotocol' => 'https',
- Under the standard config array
'trusted_proxies' => '192.168.20.0/24', '192.168.18.0/24',
'forwarded_for_headers' => array('HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'),
- Edit apache vhost file for the site and add the following[8]
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "logs/access_log" combined env=!forwarded
CustomLog "logs/access_log" proxy env=forwarded
Remove Default Directory Listing
'skeletondirectory' => '',
OCC Options
Disable Signup Link
sudo -u apache php74 /var/www/html/nextcloud/occ config:system:set --type=bool --value=false simpleSignUpLink.shown
Update
Using CLI
sudo -u apache php74 /var/www/nextcloud/updater/updater.phar --no-interaction
Custom Mail Template
There should be a better way to do this, I just haven't spent enough time looking for it. For now I edit the following directly.
/var/www/html/nextcloud/apps/activity/lib/MailQueueHandler.php
For basic string changes I change
$template->addBodyText(
$l->t('There was some activity at %s', [$homeLink]),
$l->t('There was some activity at %s', [$this->urlGenerator->getAbsoluteURL('/')])
);
to
$template->addBodyText(
$l->t('New files have been received in the external file upload folder under G:\CSPFX. Please retrieve and remove the files and notify the appropriate staff in your office. The files in this folder will be automatically deleted after 10 days.'),
- ↑ https://www.stephenrlang.com/2018/02/centos-7-apache-2-4-with-php-fpm/
- ↑ https://src.fedoraproject.org/rpms/php/raw/master/f/php.conf
- ↑ https://docs.nextcloud.com/server/15/admin_manual/installation/server_tuning.html#tune-php-fpm
- ↑ https://help.nextcloud.com/t/disable-a-specific-ldap-configuration/48443
- ↑ https://github.com/nextcloud/server/issues/11850
- ↑ https://docs.nextcloud.com/server/11.0/admin_manual/configuration_server/occ_command.html#ldap-commands-label
- ↑ https://docs.nextcloud.com/server/13/admin_manual/maintenance/manual_upgrade.html
- ↑ https://www.loadbalancer.org/blog/apache-and-x-forwarded-for-headers/
- ↑ https://github.com/nextcloud/server/issues/11327
