Personal Privacy

Login Advanced Search
     General TopicsSelf Hosted ServicesServer Setup

File Hosting with Nextcloud

Installation

First, download the latest version of Nextcloud:

cd /tmp
curl -LO https://download.nextcloud.com/server/releases/latest.tar.bz2
sudo tar -C /mnt/hdd1 -xvjf /tmp/latest.tar.bz2
nano /tmp/nextcloud.sh

Then paste this:

#!/bin/bash
ocpath='/path/to/nextcloud/'
htuser='www-data'
htgroup='www-data'
rootuser='root'

printf "Creating possible missing Directories\n"
mkdir -p $ocpath/data
mkdir -p $ocpath/updater

printf "chmod Files and Directories\n"
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
chmod 755 ${ocpath}

printf "chown Directories\n"
chown -R ${rootuser}:${htgroup} ${ocpath}/
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
chown -R ${htuser}:${htgroup} ${ocpath}/config/
chown -R ${htuser}:${htgroup} ${ocpath}/data/
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
chown -R ${htuser}:${htgroup} ${ocpath}/updater/

chmod +x ${ocpath}/occ

printf "chmod/chown .htaccess\n"
if [ -f ${ocpath}/.htaccess ]; then
  chmod 0644 ${ocpath}/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
fi
if [ -f ${ocpath}/data/.htaccess ]; then
  chmod 0644 ${ocpath}/data/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
fi

Then run

sudo bash /tmp/nextcloud.sh

Set up firewall rules if needed

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

If you need to change the data directory, make sure to add this permission to the new folder:

sudo chown -R www-data:www-data DATAFOLDER

Then, change the appropriate setting in nextcloud/config/config.php file.

Nginx Webserver Installation

First, install php-fpm if needed

sudo apt install software-properties-common -y
sudo apt install php8.1-fpm php8.1-curl php8.1-cli php8.1-mysql php8.1-gd php8.1-iconv php8.1-xsl php8.1-intl php-pear php-imagick php8.1-common php8.1-mbstring php8.1-zip php8.1-soap php8.1-gmp php8.1-bcmath php8.1-xml php8.1-imap php8.1-ldap php8.1-bz2 php-apcu redis-server php-redis -y

Here you need to make the same change to two files:

sudo nano /etc/php/8.1/fpm/php.ini
sudo nano /etc/php/8.1/cli/php.ini

Uncomment and change these lines:

date.timezone = America/Los_Angeles
...
cgi.fix_pathinfo=0
...
post_max_size = 1G
...
upload_max_filesize = 1G
...
memory_limit = 1G

Then add the following lines to php.ini in OPcache:

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
opcache.interned_strings_buffer=16

Then

sudo nano /etc/php/8.1/fpm/pool.d/www.conf

and uncomment these

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

Then

sudo systemctl start php8.1-fpm
sudo systemctl enable php8.1-fpm
sudo apt-get install -y nginx libmagickcore-6.q16-6-extra

Run

netstat -pl | grep php

and write down the address after mast. It should be something like this:

/run/php/8.1-fpm.socket

You will need to use the address in the file below!
Go to this address and copy the configuration for the nginx file.

sudo nano /etc/nginx/sites-available/nextcloud.conf

Paste the configuration in the file. Here you need to make a few changes. Remove listen 443 part and keep everything in one server block (apart from upstream section).
Remove all ssl... parts.

upstream php-handler {
  server unix:/run/php/php8.1-fpm.sock;
}
server {
  listen 80;
  server_name cloud.website.com;
  ...
  root /path/to/nextcloud;
  ...
}

Create a sim-link, then check if everything is ok.

sudo ln -s /etc/nginx/sites-available/nextcloud.conf /etc/nginx/sites-enabled/nextcloud.conf
sudo nginx -t

If no problem was found, re/start nginx

sudo systemctl enable nginx
sudo systemctl start nginx

Generating SSL Certificates

Next, we need to generate SSL certificates using Let's Encrypt.

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python3-certbot-nginx -y
sudo certbot --nginx -d cloud.website.com

For auto renewal:

sudo crontab -e

Then add this line

15 3 * * * /usr/bin/certbot renew

MySQL or MariaDB Installtion

First, install the MySQL/MariaDB:

sudo apt-get -y install mysql-server
or
sudo apt-get -y install mariadb-server

Enter MySQL command line and create a database and a user. Write down the name of the database and username and password of the user as they would be needed later.

sudo mysql -u root -p

Enter

CREATE DATABASE nextclouddb;
GRANT ALL ON nextclouduser.* to 'nextclouddb'@'localhost' IDENTIFIED BY 'nextcloud_db_password';
FLUSH PRIVILEGES;
exit

Go to the wesbite and configure the settings.

Tuning the Server

Cron Job Settings

To run a check on the server, we need to set up a Cron job:

crontab -u www-data -e

Add the line

*/5 * * * * php -f /path/to/nextcloud/cron.php

Installing and Configuring Fail2Ban

To prevent brute force attacks, we can add Nextcloud to Fail2Ban list

sudo nano /etc/fail2ban/filter.d/nextcloud.local

Paste

[Definition]
failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
    ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
    ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: <HOST>\).*}$

Save and close.

sudo nano /etc/fail2ban/jail.local

paste

[nextcloud]
enabled=true
port=http,https
protocol=tcp
filter=nextcloud
maxretry=3
bantime=-1 #1800
logpath=/var/log/nextcloud_fail2ban.log

Save and exit.

sudo touch /var/log/nextcloud_fail2ban.log
sudo systemctl restart fail2ban

Automatic Logout

To log off after inactivity go to the next cloud config file (/path/to/nextcloud/config/config.php)

sudo nano /path/to/nextcloud/config/config.php

and add (or edit)

'session_lifetime' => 60 * 60 , // in seconds

Installing Cache

For better performance, install a memchache:

sudo apt-get -y install php-apcu

Restart Nginx and Php-fpm afterward.

sudo systemctl restart php8.1-fpm nginx

Then add the following line to the next cloud config file:

nano /mnt/hdd1/nextcloud/config/config.php
'memcache.local' => '\OC\Memcache\APCu',

Then

echo 'apc.enable_cli=1' >> /etc/php/8.1/mods-available/apcu.ini

Tips and Troubleshooting

Uploading a file using curl

To upload a file to a folder, first go on the web browser and login into your Nextcloud account. Then, find the folder and share it by choosing file drop. It gives you a link like this:

https://cloud.website.com/s/URL_CODE

To upload a file using cli, do this:

curl -k -T FILE_NAME -u "URL_CODE":PASSWORD -H 'X-Requested-With: XMLHttpRequest' https://cloud.website.com/public.php/webdav/FILE_NAME

Back up and Restore the SQL database

Switch to root;

sudo nano /root/.my.cnf

Then paste:

[mysqldump]
user = nextclouduser
password = 'nextcloud_db_Password'

(make sure to use the single quote if there are special characters in password!)
Set the permission for this file as

chmod 600 /root/.my.cnf

Then run

mysqldump --user=nextclouduser -h localhost nextclouddb > /BackUpFile

To restore a SQL backup file:

mysql -u 'nextclouduser' -p 'nextclouddb' < /path/to/backup/file

IF YOU HAVE LOST YOUR SQL DATABASE:

Make sure all the users are disconnected from Nextcloud.
Start a new Nextcloud instance, but with the same username and passwords for all the users, same salt in the old Nextcloud config file and same version (can check the version in the old config file as well).
The config file is located at config/config.php
Login using the admin and create the users then logout. Change the data folder to the old folder and scan using occ command.

sudo -u www-data php8.1 /path/to/nextcloud/occ files:scan "--all"

Useful OCC commands

Solving the Error: File is Locked

Go to next cloud config file:

nano /mnt/hdd1/nextcloud/config/config.php

Then go to maintenance mode by changing the value of false to true (or add the line):

maintenance => true,

Then, connect to nextcloud database and type:

sudo mysql

Enter

connect 'nextclouddb';
DELETE FROM oc_file_locks WHERE 1;
EXIT

Finally change back the maintenance mode to false.
If it did not work, then go to nextcloud folder as root (make sure you are NOT in maintenance mode):

sudo -u www-data php8.1 /path/to/nextcloud/occ files:scan "--all"

Integrity Error

If you get an integrity problem, run this so see the files:

sudo -u www-data php8.1 /path/to/nextcloud/occ integrity:check-core

Deleting File Versions

Deleting file versions for all users:

sudo -u www-data php8.1 /path/to/nextcloud/occ versions:cleanup

Emptying Trash Bin

To empty trash bin for all users

sudo -u www-data php8.1 /path/to/nextcloud/occ trashbin:cleanup --all-users

Disbale 2FA

To disable 2FA for a specific user:

sudo -u www-data php8.1 /path/to/nextcloud/occ twofactorauth:disable USERNAME

Send Push Notification

To send a push notification to a user

sudo -u www-data php8.1 /path/to/nextcloud/occ notification:generate USERNAME "Message!"

Deleting File Cache

To delete file cache

sudo -u www-data php8.1 /path/to/nextcloud/occ files:cleanup

Repairing the instance

To do a repair

sudo -u www-data php8.1 /path/to/nextcloud/occ maintenance:repair

Buy me a coffe?!


Comments

No comments yet!
Add a new comment:

11