Last modified: 2023-11-24
Nextcloud will be using apache
apt install mlocate apache2 libapache2-mod-php mariadb-client mariadb-server wget unzip bzip2 curl php php-common php-curl php-gd php-mbstring php-mysql php-xml php-zip php-intl php-apcu php-redis php-bcmath php-gmp php-imagickEnter the MariaDB CLI as the root user
mariadb -u root -pCREATE DATABASE nextcloud;For UTF8 support use this instead:
CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY '{PASSWORD}';
FLUSH PRIVILEGES;Exit the MariaDB prompt
Download Nextcloud into /var/www
wget https://download.nextcloud.com/server/releases/nextcloud-[VERSION].tar.bz2
tar -xf nextcloud-[VERSION].tar.bz2Change owner to the apache user
chown -Rfv www-data:www-data /var/www/nextcloudCreate nextcloud configuration for apache
vi /etc/apache2/sites-available/nextcloud.confConfiguration file
<VirtualHost *:80> # specify listen ip addresses: ADDRESS:PORT for ipv4, [ADDRESS]:PORT vor ipv6, *:80 for all
ServerAdmin webmaster@localhost
DocumentRoot /var/www/nextcloud
Alias /nextcloud "/var/www/nextcloud/"
<Directory "/var/www/nextcloud/">
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
Require all granted
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
ErrorLog ${APACHE_LOG_DIR}/nextcloud_error_log
CustomLog ${APACHE_LOG_DIR}/nextcloud_access_log common
</VirtualHost>Enable rewrite module
a2enmod rewriteEnable nextcloud and disable the default site
a2ensite nextcloud.conf && a2dissite 000-default.confEdit ports.conf for apache2 to only bind the addresses you need
systemctl restart apache2apt install php-apcu'memcache.local' => '\OC\Memcache\APCu',Enable APCu for the PHP CLI as well.
/etc/php/8.2/cli/php.ini
...
apc.enable_cli=1Redis can be used for providing a distributed memcache. See the install instructions below.
'memcache.distributed' => '\OC\Memcache\Redis',apt install redis php-redisIf Redis is installed on the same machine, unix sockets can be used to communicate.
Enable unixsocket in the redis config file located under /etc/redis/redis.conf
Uncomment the provided default value
Set unixsocketperm to 777, so the www-data webserver user can access it.
NOTE: There's probably a better way of doing this involving groups, but I wanted to get it working
Add these lines to config.php
'filelocking.enabled' => true,
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => '/run/redis/redis-server.sock',
'port' => 0,
'timeout' => 0.0,
),Restart the Redis and Apache2 services
systemctl restart apache2
systemctl restart redisTo execute regular jobs, I personally use cron.
Edit crontab as the www-data user.
su -s /bin/sh -c 'crontab -e' www-dataAdd this following line:
*/5 * * * * php -f [NEXTCLOUD DIR]/cron.phpThe main config file is [NEXTCLOUD DIR]/config/config.php
See this page for more options
This settings keeps the files for 15 days, unless drive space is getting low.
In that case it delets them earlier.
'trashbin_retention_obligation' => 'auto, 15',This disables the warning of untrusted proxy in the webinterface.
'trusted_proxies' =>
array (
0 => '[PROXY IP]',
),Array of trusted domains.
'trusted_domains' =>
array (
0 => '[DOMAIN 1]',
1 => '[DOMAIN 2]',
),Enable maintenance mode to prevent data inconsistencies
su -s /bin/sh -c 'php /var/www/nextcloud/occ maintenance:mode --on' www-dataTo disable maintenance mode again, run the same command with --off instead of --on
su -s /bin/sh -c 'php /var/www/nextcloud/updater/updater.phar' www-dataAlways check the admin status page after an upgrade. Sometimes additional steps are needed to fully complete the upgrade
The missing indices can be added using occ
su -s /bin/sh -c 'php /var/www/nextcloud/occ db:add-missing-indices' www-dataDump database to file
NOTE: The password needs to be inserted directly after -p without any space
mysqldump --single-transaction -h [SERVER] -u [USERNAME] -p[PASSWORD] [DB NAME] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak#!/bin/bash
set -euo pipefail
server=
username=
password=
db_name=
sudo mkdir -p /var/www/database-backup
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
mysqldump --single-transaction -h $server -u $username -p$password $db_name | sudo tee /var/www/database-backup/nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --offmariadb -h [SERVER] -u [USERNAME] -p[PASSWORD] -e "DROP DATABASE nextcloud"
mariadb -h [SERVER] -u [USERNAME] -p[PASSWORD] -e "CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci"mariadb -h [SERVER] -u [USERNAME] -p[PASSWORD] [DB NAME] < nextcloud-sqlbkp.bakInstall ffmpeg to enable thumbnail generation for video files.
sudo rsync -a --progress root@172.18.50.101:/var/www/nextcloud /var/www//etc/php/8.2/apache2/php.iniChange memory_limit to 1G
Disable post_max_size by setting 0
Previously used 20G in the old Nextcloud installation
Change upload_max_filesize to 20G
Change opcache.interned_strings_buffer to 32
/etc/php/8.2/cli/php.iniDisable post_max_size by setting 0
Previously used 20G in the old Nextcloud installation
Change upload_max_filesize to 20G
This chapter is unfinished
Docker Compose for Nextcloud + Collabora + Traefik?
Use HTTPS with Ubuntu 22.04, apache, Nextcloud and Collabora(Docker)
HowTo: Ubuntu + Docker + Nextcloud + Talk + Collabora
Collabora - Installation Guide
podman run -t -d --name collabora-online -p 9980:9980 \
-e "extra_params=--o:ssl.enable=false --o:ssl.termination=true" \
--label "io.containers.autoupdate=image" \
docker.io/collabora/code:latestserver {
listen 443 ssl;
server_name collabora.exu.li;
ssl_certificate_key /etc/acme-sh/collabora.exu.li/key.pem;
ssl_certificate /etc/acme-sh/collabora.exu.li/cert.pem;
# static files
location ^~ /browser {
proxy_pass http://172.18.50.101:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://172.18.50.101:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://172.18.50.101:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://172.18.50.101:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass http://172.18.50.101:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass http://172.18.50.101:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}This procedure is incomplete. See these links for the additional configurations necessary.
jiriks74 Docker-DocumentServer
Onlyoffice-Nextcloud issue 601
Onlyoffice-Nextcloud issue 153
Integrating onlyoffice, requires setting the correct Content Security Policy headers on the webserver. Using CSP also introduces blockages in Nextcloud that have to be fixed. The console view is your friend for finding every issue.
For my installation, the headers needed to be set like this.
Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: [ONLYOFFICE DOMAIN NAME];"podman run -itd --name onlyoffice -p 8080:80 \
-e JWT_ENABLED="true" \
-e JWT_SECRET="[SECRET KEY]" \
-e JWT_HEADER="AuthorizationJwt" \
docker.io/onlyoffice/documentserverInstalling ONLYOFFICE Docs Community Edition for Docker on a local server
About the ONLYOFFICE and Nextcloud integration
Using ONLYOFFICE Docs behind the proxy