Difference between revisions of "Nextcloud"

Revision as of 12:56, 14 January 2021

Purpose

Installation

CentOS

WIP

CentOS 7

^[1]^[2]

CentOS 8

Make sure to change remi release and update commands for CentOS 7.

mkswap -U a507cc29-e07c-46ee-8486-350111e8edf9 /dev/nvme1n1
swapon UUID=a507cc29-e07c-46ee-8486-350111e8edf9
bash -c "echo 'UUID=a507cc29-e07c-46ee-8486-350111e8edf9 swap swap defaults' >> /etc/fstab"
dnf upgrade -y
dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf -y install wget php74-php php74-php-gd php74-php-pecl-zip php74-php-mysqlnd php74-php-intl php74-php-ldap php74-php-smbclient php74-php-pecl-imagick php74-php-process php74-php-gmp php74-php-bcmath php74-php-pecl-apcu libreoffice-writer libreoffice-calc libreoffice-impress redis

wget https://download.nextcloud.com/server/releases/nextcloud-19.0.0.zip
unzip nextcloud-19.0.0.zip
mv nextcloud /var/www/html/
mkdir /var/www/html/nextcloud/data
chown -R apache:apache /var/www/html/nextcloud
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'
restorecon -R '/var/www/html/nextcloud/'

CentOS 8

sed -i 's|#\ maxmemory\ <bytes>|maxmemory 1g|; s|#\ maxmemory-policy\ noeviction|maxmemory-policy\ allkeys-lfu|' /etc/redis.conf

CentOS 7

sed -i 's|#\ maxmemory\ <bytes>|maxmemory 1g|; s|#\ maxmemory-policy\ noeviction|maxmemory-policy\ allkeys-lru|' /etc/redis.conf

setsebool -P httpd_can_network_connect_db on
setsebool -P httpd_can_connect_ldap on
setsebool -P httpd_can_network_connect on
setsebool -P httpd_can_sendmail on
setsebool -P httpd_use_cifs on
systemctl enable --now redis
systemctl enable --now php74-php-fpm
systemctl enable --now httpd

General

FPM Tweaking

Not for CentOS 7.
From the nextcloud documentation.^[3] Editing the /etc/opt/remi/php74/php-fpm.d/www.conf file to match.

pm = dynamic
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 18

Troubleshooting

caldav not rewriting

To fix the caldav issues, had to edit the rewrite rules in the htaccess file.^[4]^[5]

RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]

to

RewriteRule ^\.well-known/carddav https://server.com/remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/caldav https://server.com/remote.php/dav/ [R=301,L]

HSTS

Basic http conf file example.

<VirtualHost *:80>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  DocumentRoot /var/www/html/nextcloud
  ServerName  server.com

  <Directory /var/www/html/nextcloud>
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews
    <IfModule mod_dav.c>
      Dav off
    </IfModule>
  </Directory>
</VirtualHost>

LDAPS Server Error

When trying to enable LDAPS lookup I would run into server errors. Needed to disable the config^[6]

sudo -u apache php74 /var/www/html/nextcloud/occ ldap:show-config
sudo -u apache php74 /var/www/html/nextcloud/occ ldap:set-config s01 ldapConfigurationActive 0

Stuck Updates

Update was stuck at step 5 because of memory limits. Ran the following^[7] to clear it.

sudo -u www-data php occ maintenance:repair

config.php modifications

caching

If everything is installed on a single instance.

'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
     'host' => 'localhost',
     'port' => 6379,
],

Behind TLS Proxy

'overwriteprotocol' => 'https',

Under the standard config array

'trusted_proxies'   => '192.168.20.0/24', '192.168.18.0/24',
'forwarded_for_headers' => array('HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'),

Edit apache vhost file for the site and add the following^[8]

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "logs/access_log" combined env=!forwarded
CustomLog "logs/access_log" proxy env=forwarded

Remove Default Directory Listing

'skeletondirectory' => '',

OCC Options

Disable Signup Link

^[9]

sudo -u apache php74 /var/www/html/nextcloud/occ config:system:set --type=bool --value=false simpleSignUpLink.shown

[1] ttps://www.stephenrlang.com/2018/02/centos-7-apache-2-4-with-php-fpm/

[2] ttps://src.fedoraproject.org/rpms/php/raw/master/f/php.conf

[3] ttps://docs.nextcloud.com/server/15/admin_manual/installation/server_tuning.html#tune-php-fpm

[4] ttps://help.nextcloud.com/t/disable-a-specific-ldap-configuration/48443

[5] ttps://github.com/nextcloud/server/issues/11850

[6] ttps://docs.nextcloud.com/server/11.0/admin_manual/configuration_server/occ_command.html#ldap-commands-label

[7] ttps://docs.nextcloud.com/server/13/admin_manual/maintenance/manual_upgrade.html

[8] ttps://www.loadbalancer.org/blog/apache-and-x-forwarded-for-headers/

[9] ttps://github.com/nextcloud/server/issues/11327

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

Difference between revisions of "Nextcloud"

Revision as of 12:56, 14 January 2021

Contents

Purpose

Installation

CentOS

CentOS 7

CentOS 8

General

FPM Tweaking

Troubleshooting

caldav not rewriting

HSTS

LDAPS Server Error

Stuck Updates

config.php modifications

caching

Behind TLS Proxy

Remove Default Directory Listing

OCC Options

Disable Signup Link

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools