User:Maffblaster/Drafts/Nextcloud
Nextcloud is a free and open source cloud suite webapp used for file synchronization and sharing.
This installation document was written with Nextcloud 20 as a target and attempts to provide a fast installation on Gentoo systems.[1] Provisioning the hardware (CPU allocation, data storage, memory, etc.) is outside the scope of this document.
Installation
Nextcloud requires software components from the standard (L)AMP stack: a web server, a database, and PHP interpreter (php-fpm).
Kernel
Kernel support for Nextcloud purposes includes the standard array of subsystems for hosting webapps. Kernel configuration is beyond the scope of this article.
PHP
Before re-emerging PHP in order to get supported modules, see upstream's list of supported PHP versions and associated modules[2] which are necessary for correct operation of Nextcloud. As of June, 2023 the latest Nextcloud release runs on PHP 8.0 (deprecated), 8.1, and 8.2 (recommended). There are currently 18 PHP modules that should be available for Nextcloud. They can be checked with the following command:
user $php -m | grep -i 'ctype\|curl\|dom\|gd\|iconv\|json\|libxml\|mbstring\|openssl\|pcntl\|posix\|session\|simplexml\|xmlreader\|xmlwriter\|zip\|zlib'ctype curl dom fileinfo gd hash iconv json libxml mbstring openssl pcntl posix session SimpleXML xmlreader xmlwriter zip zlib
Pipe the command to wc -l to get a count of 19:
user $php -m | grep -i 'ctype\|curl\|dom\|fileinfo\|gd\|hash\|iconv\|json\|libxml\|mbstring\|openssl\|pcntl\|posix\|session\|simplexml\|xmlreader\|xmlwriter\|zip\|zlib' | wc -l19
Verify one of three possible modules exist for the database connector. In this instance, MySQL/MariaDB (pdo_mysql) will be the application's database, although PostgresSQL (pdo_pgsql ) or Sqlite (pdo_sqlite) could be used as the database:
user $php -m | grep -i 'pdo_mysql'pdo_mysql
Generally recommended modules (by upstream):
user $php -m | grep -i 'bzip2\|fileinfo\|intl'bzip2 intl
Recommended modules for instances hosting photos/images:
user $php -m | grep -i 'exif'exif # necessary for image rotation in pictures app imagick # necessary for preview generation
Recommended for enhanced server performance is to pair Nextcloud with memcached. This php module is a PECL extension and is installed separately from PHP itself:
root #emerge --ask dev-php/pecl-memcachedmemcached package must also be installed:
root #emerge --ask net-misc/memcachedVerify the module is available to PHP:
user $php -m | grep -i 'mem'memcached
Web server
Apache and Nginx are supported web servers.
Signed SSL certificate (Let's Encrypt)
Let's Encrypt can be used to obtain free certificates which have been signed by a recognized signing authority.
root #certbot certonly --standalone -d cloud.gentoo-example.org -d cloud.gentoo-example.orgSelf signed SSL certificate
Nextcloud servers should have a secure connection. Following certificate will be valid for 365 days after generation:
root #openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt # Fill out the following fields.
root #openssl dhparam -out /etc/nginx/dhparam.pem 4096 # Generate DH group for Perfect Forward Secrecy; this will take some time!
Create the nginx snippets directory (if it does not exist):
root #mkdir -p /etc/nginx/snippetsAdd the following files:
/etc/nginx/snippets/self-signed.confssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
/etc/nginx/snippets/ssl-params.confssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# Generate your own (expect to wait a while): openssl dhparam -out /etc/nginx/dhparam.pem 4096
# Use Mozilla's: curl https://cipherl.ist/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /etc/nginx/dhparam.pem;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
USE flags
USE flags for www-apps/nextcloud Personal cloud that runs on your own server
curl
|
Add support for client-side URL transfer library |
imagemagick
|
Enable optional support for the ImageMagick or GraphicsMagick image converter |
mysql
|
Add mySQL Database support |
postgres
|
Add support for the postgresql database |
sqlite
|
Add support for sqlite - embedded sql database |
vhosts
|
Add support for installing web-based applications into a virtual-hosting environment |
Emerge
root #emerge --ask www-apps/nextcloudAdditional software
In addition to the standard web interface, a Linux native desktop sync client is also available:
root #emerge --ask net-misc/nextcloud-clientWeb app
After the package is installed, the web app will need to be installed. Nextcloud offers both a web and command-line installation interface
Command-line installation
Browse to the root of the web app's installation directory, it should be located somewhere under /var/www/.../nextcloud and find the occ file. It should be executed via the php:
user $doas -u <web_server_user> php occ list # Invocation options
user $doas -u <web_server_user> php occ check # Discover missing dependencies
Find the latest docs on the CLI installation interface upstream.
Graphical installation
If everything worked well, it should be possible to browse to the web interface and install via graphical wizard.
Configuration
Files
Web server files:
- /etc/nginx/nginx.conf - The default configuration file for the nginx web server.
PHP files:
- /etc/php/php-fpm${PV}/php.ini - The default configuration file for php-fpm accessed by the web server. Ensure the package version, represented by
${PV}, is adjusted for the current eselected version. New directories with version names in the paths are automatically created by Portage during installation when PHP is updated to newer a newer version. - /etc/php/fpm-php8.2/fpm.d/www.conf - An important file to specify the user accessing fpm from the web.
- /etc/php/php-cli${PV}/php.ini - The default configuration file for php-cli accessed via command-line interfaces, such as cron jobs or timers. Ensure the package version, represented by
${PV}, is adjusted for the current eselected version. New directories with version names in the paths are automatically created by Portage during installation when PHP is updated to newer a newer version.
Database files:
- /etc/mysql/mariadb.d/50-distro-server.cnf - The MySQL 'server' file used by MariaDB.
Service
OpenRC
On an OpenRC system Nextcloud does not have a specific service, but runs on services from the AMP stack:
root #rc-update add php-fpm default
root #rc-update add mysql default
root #rc-update add nginx default
systemd
Enable and start the services:
root #systemctl enable --now nginx
root #systemctl enable --now php-fpm@8.2
root #systemctl enable --now mariadb # Default MySQL implementation
When using MariaDB or MySQL; MariaDB is the default MySQL provider on Gentoo systems:
root #systemctl enable --now mysql # Alterantive MySQL implementationWhen using PostgreSQL:
root #systemctl enable --now postgresql-16Removal
Unmerge
root #emerge --ask --depclean --verbose www-apps/nextcloudSee also
- Owncloud — a free, open source, Dropbox-like file synchronization and cloud service.