Nextcloud
BDD¶
Installation et configuration de la base¶
apt-get -y install mariadb-server
- Sécurisation de mariadb
cat << EOF > /srv/lxc/mariadb_secure_installation.sh
#!/bin/bash
# Delete anonymous users
mysql -e "DELETE FROM mysql.user WHERE User='';"
# Ensure the root user can not log in remotely
mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
# Remove the test database
mysql -e "DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';"
# Make our changes take effect
mysql -e "FLUSH PRIVILEGES"
EOF
/srv/lxc/mariadb_secure_installation.sh
{{% notice info %}} Remplacez IP_PRIV_db {{% /notice %}}
- IP_PRIV_db correspond à l'IP privée de la base
Bind de l'adresse privée de la base¶
sed -i 's/bind-address.*/bind-address = IP_PRIV_db/' /etc/mysql/mariadb.conf.d/50-server.cnf
Création de la base et du user¶
{{% notice info %}} Remplacez DB_USERNAME DB_PASSWORD IP_PRIV_www {{% /notice %}}
- IP_PRIV_www correspond à l'IP privée du nextcloud
mysql <<< '
CREATE DATABASE nextcloud;
GRANT ALL PRIVILEGES ON nextcloud.* TO "DB_USERNAME"@"IP_PRIV_www" IDENTIFIED BY "'DB_PASSWORD'";
FLUSH PRIVILEGES;
'
Restart de mariadb¶
systemctl restart mariadb
Système¶
Clean du cache¶
apt-get clean
Création de la commande alias occ¶
echo 'sudo -u www-data php /var/www/nextcloud/occ \$@' > /usr/local/bin/occ
chmod +x /usr/local/bin/occ
Installation des paquets requis¶
apt-get -y install \
wget \
curl \
sudo \
apache2 \
mariadb-client \
redis-server \
libapache2-mod-rpaf \
php \
php-imagick \
imagemagick \
php-redis \
php-fpm \
php-xml \
php-mysql \
php-gd \
php-zip \
php-mbstring \
php-curl \
php-bz2 \
php-intl \
php-gmp \
php-bcmath
libapache2-mod-php \
unzip \
> /dev/null
apache2 FIX ServerName¶
echo 'ServerName $FQDN_CLOUD' > /etc/apache2/conf-available/99_ServerName.conf
a2enconf 99_ServerName > /dev/null
Activation du php7-fpm¶
a2enmod proxy_fcgi setenvif > /dev/null
a2enconf php7.3-fpm > /dev/null
Action de modules apache¶
a2enmod rewrite
a2enmod headers env dir mime
Tunnig de opcache pour php7¶
sed -i \
-e 's/;opcache.enable=0/opcache.enable=1/' \
-e 's/;opcache.enable_cli=0/opcache.enable_cli=1/' \
-e 's/;opcache.interned_strings_buffer=4/opcache.interned_strings_buffer=8/' \
-e 's/;opcache.max_accelerated_files=2000/opcache.max_accelerated_files=10000/' \
-e 's/;opcache.memory_consumption=64/opcache.memory_consumption=128/' \
-e 's/;opcache.save_comments=1/opcache.save_comments=1/' \
-e 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=1/' \
/etc/php/7.*/fpm/php.ini
Limitation de la mémoire phph à 512mo¶
sed -i \
-e 's/^memory_limit = .*/memory_limit = 512M/' \
/etc/php/7.*/fpm/php.ini
Redémarrage de php-fpm et apache2¶
systemctl restart php7.3-fpm.service apache2.service
apache2 doit écouter seulement sur l'ip privée¶
Remplacez IP_PRIV_www
{.is-info}
echo 'Listen $IP_PRIV_www:80' > /etc/apache2/ports.conf
PHP 7 timezone¶
sed -i 's#;\(date.timezone =\)#\1 \"Europe/Paris\"#' /etc/php/7.*/fpm/php.ini
Installation de nextcloud¶
Téléchargement and extraction de Nextcloud¶
curl -o nextcloud-23.zip https://download.nextcloud.com/server/releases/latest-23.zip /tmp/nextcloud.tar.bz2
unzip nextcloud-23.zip
rm -vf /tmp/nextcloud.tar.bz2
mv nextcloud /var/www/html/
Mise à jour de droits sur les répertoires¶
chown -R www-data:www-data /var/www/nextcloud/
mkdir -vp /var/log/nextcloud
chown -vR www-data:www-data /var/log/nextcloud
Création du vhost apache pour Nextcloud¶
{{% notice info %}} Remplacez FQDN MAIL_ADMIN {{% /notice %}}
<VirtualHost *:80>
ServerName FQDN
ServerAdmin MAIL_ADMIN
DocumentRoot /var/www/nextcloud
# Autorisation des réécritures
RewriteEngine on
# Tunning des logs de sortie
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" \"%{Host}i\"" MyFormat
CustomLog ${APACHE_LOG_DIR}/cloud_access.log MyFormat
</VirtualHost>
<Directory /var/www/nextcloud>
Options +FollowSymLinks
AllowOverride All
Require all granted
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
Désactivation vhost par défault et activation du nextcloud¶
a2dissite 000-default > /dev/null
a2ensite nextcloud.conf > /dev/null
systemctl reload apache2
Installation de nextcloud¶
occ \
maintenance:install \
--database 'mysql' \
--database-host '$IP_PRIV_db' \
--database-name 'nextcloud' \
--database-user '$DB_USERNAME' \
--database-pass '$DB_PASSWORD' \
--admin-user '$NEXTCLOUD_admin_user' \
--admin-pass '$NEXTCLOUD_admin_password' \
--data-dir='/srv/data-nextcloud'
"
Set transparency client ip for Nextcloud and Apache¶
occ config:system:set trusted_proxies 0 --value='IP_PRIV_RVPRX'
occ config:system:set forwarded_for_headers 0 --value='HTTP_X_FORWARDED_FOR'
sed -i 's/\\(.*RPAFproxy_ips\\).*/\\1 IP_PRIV_RVPRX/' /etc/apache2/mods-available/rpaf.conf
Tunning du nombre de fichiers max en upload¶
sed -i \
-e 's/upload_max_filesize=.*/upload_max_filesize=5G/' \
-e 's/post_max_size=.*/post_max_size=5G/' \
/var/www/nextcloud/.user.ini
"
Configuration de nextcloud¶
Remplacez FQDN_CLOUD
{.is-info}
occ config:system:set trusted_domains 0 --value='FQDN_CLOUD'
occ config:system:set overwrite.cli.url --value='FQDN_CLOUD'
occ config:system:set htaccess.RewriteBase --value='/'
# Language and time zone settings
occ config:system:set default_language --value='fr'
occ config:system:set force_language --value='fr'
occ config:system:set default_locale --value='fr_FR'
occ config:system:set force_locale --value='fr_FR'
occ config:system:set default_phone_region --value='FR'
occ config:system:set logtimezone --value='Europe/Paris'
# Redis
occ config:system:set memcache.local --value='\\OC\\Memcache\\Redis'
occ config:system:set memcache.locking --value='\\OC\\Memcache\\Redis'
occ config:system:set redis host --value='localhost'
occ config:system:set redis port --value='6379'
# Log
occ config:system:set loglevel --value='2'
occ config:system:set logfile --value='/var/log/nextcloud/nextcloud.log'
# Example for 100MB :
# 100MB ( 100 * 1024 * 1024 ) = 104857600 byte
occ config:system:set log_rotate_size --value=$(( 100 * 1024 * 1024 ))
# Use cron to run background jobs
occ background:cron
Mise à jour du .htaccess¶
occ maintenance:update:htaccess
Installation des applications¶
occ app:install calendar
occ app:enable calendar
occ app:enable admin_audit
occ app:install contacts
occ app:enable contacts
occ app:install announcementcenter
occ app:enable announcementcenter
# OnlyOffice
occ app:install onlyoffice
occ app:enable onlyoffice
occ app:install quota_warning
occ app:enable quota_warning
occ app:install files_rightclick
occ app:enable files_rightclick
occ app:enable files_pdfviewer
# Talk
occ app:install spreed
occ app:enable spreed
occ app:install registration
occ app:enable registration
# allows you to customize your share tokens
occ app:install sharerenamer
occ app:enable sharerenamer
# Notes
occ app:install notes
occ app:enable notes
# Tasks
occ app:install tasks
occ app:enable tasks
# Group Folders
occ app:enable groupfolders
# Text - Collaborative document editing
occ app:enable text
Enable admin_approval_required for registration app$¶
occ config:app:set registration admin_approval_required --value='yes'
Activation des notifications d'alerte de quotas¶
occ config:app:set quota_warning info_email --value='yes'
occ config:app:set quota_warning warning_email --value='yes'
occ config:app:set quota_warning alert_email --value='yes'
Configuration du smtp¶
Remplacez FQDN_CLOUD IP_PRIV_SMTP
occ config:system:set mail_smtpauthtype --value='LOGIN'
occ config:system:set mail_from_address --value='cloud'
occ config:system:set mail_domain --value='$FQDN'
occ config:system:set mail_smtphost --value='$IP_PRIV_SMTP'
occ config:system:set mail_smtpport --value='25'
Configuration de l'email de l'admin¶
Remplacez NEXTCLOUD_admin_user NEXTCLOUD_admin_user
occ user:setting NEXTCLOUD_admin_user settings email 'NEXTCLOUD_admin_email'
Configuration de deux jobs¶
- /etc/systemd/system/nextcloudcron.service
[Unit]
Description=Nextcloud cron.php job
[Service]
User=www-data
ExecStart=/usr/bin/php -f /var/www/nextcloud/cron.php
[Install]
WantedBy=basic.target
- /etc/systemd/system/nextcloudcron.timer
[Unit]
Description=Run Nextcloud cron.php every 15 minutes
[Timer]
OnBootSec=5min
OnUnitActiveSec=15min
Unit=nextcloudcron.service
[Install]
WantedBy=timers.target
systemctl daemon-reload
systemctl enable --now nextcloudcron.timer
NC Database - convert filecache bigint¶
occ db:convert-filecache-bigint
Clean du cache¶
apt-get clean
Redémarrage¶
reboot
vhost du reverse proxy¶
Remplacez FQND IP_PRIV_WWW
server {
listen 80;
server_name FQDN;
return 301 https://FQDN$request_uri;
}
server {
listen 443 ssl http2;
server_name FQDN;
# Let's Encrypt:
ssl_certificate /etc/letsencrypt/live/FQDN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/FQDN/privkey.pem;
# Add common Conf:
include /etc/nginx/RVPRX_common.conf;
# Service discovery
# see
# https://docs.nextcloud.com/server/14/admin_manual/issues/general_troubleshooting.html#service-discovery
rewrite /.well-known/carddav /remote.php/dav permanent;
rewrite /.well-known/caldav /remote.php/dav permanent;
# LOGS
gzip on;
access_log /var/log/nginx/FQDN_access.log;
error_log /var/log/nginx/FQDN_error.log;
location / { proxy_pass http://IP_PRIV_WWW/; }
}
Restore / Backup¶
Tabs¶
Backup¶
sudo -u www-data php occ maintenance:mode --on
rsync -Aavx nextcloud/ nextcloud-dirbkp_`date +"%Y%m%d"`/
mysqldump --single-transaction -h [server] -u [username] -p[password] [db_name] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
sudo -u www-data php occ maintenance:mode --off
Restore¶
sudo -u www-data php occ maintenance:mode --on
rsync -Aax nextcloud-dirbkp/ nextcloud/
mysql -h [server] -u [username] -p[password] -e "DROP DATABASE nextcloud"
mysql -h [server] -u [username] -p[password] -e "CREATE DATABASE nextcloud"
mysql -h [server] -u [username] -p[password] [db_name] < nextcloud-sqlbkp.bak