User:Maffblaster/Drafts/Nextcloud

From Gentoo Wiki
Jump to:navigation Jump to:search
This article is a stub. You can help by expanding it.

Nextcloud is a free and open source cloud suite webapp used for file synchronization and sharing.

This installation document was written with Nextcloud 20 as a target and attempts to provide a fast installation on Gentoo systems.[1] Provisioning the hardware (CPU allocation, data storage, memory, etc.) is outside the scope of this document.

Installation

Nextcloud requires software components from the standard (L)AMP stack: a web server, a database, and PHP interpreter (php-fpm).

Kernel

Kernel support for Nextcloud purposes includes the standard array of subsystems for hosting webapps. Kernel configuration is beyond the scope of this article.

PHP

Before re-emerging PHP in order to get supported modules, see upstream's list of supported PHP versions and associated modules[2] which are necessary for correct operation of Nextcloud. As of March, 2021, Nextcloud runs on PHP 7.2, 7.3, and 7.4. There are currently 14 modules that should be available for Nextcloud. They can be checked with the following command.

user $php -m | grep -i 'ctype\|curl\|dom\|gd\|iconv\|json\|libxml\|mbstring\|openssl\|posix\|session\|simplexml\|xmlreader\|xmlwriter\|zip\|zlib'
ctype
curl
dom
gd
iconv
json
libxml
mbstring
openssl
posix
session
SimpleXML
xmlreader
xmlwriter
zip
zlib

Pipe the command to wc -l to get a count of 14:

user $php -m | grep -i 'ctype\|curl\|dom\|gd\|iconv\|json\|libxml\|mbstring\|openssl\|posix\|session\|simplexml\|xmlreader\|xmlwriter\|zip\|zlib' | wc -l
14

Verify one of three possible modules exist for the database connector. In this instance, MariaDB will be the application's database:

user $php -m | grep -i 'pdo_mysql'
pdo_mysql

Generally recommended modules (by upstream):

user $php -m | grep -i 'bz2\|fileinfo\|intl'
bz2
fileinfo
intl

Recommended modules for instances hosting photos/images:

user $php -m | grep -i 'exif'
exif

Recommended for enhanced server performance is to pair Nextcloud with memcached. This php module is a PECL extension and is installed separately from php itself. On Gentoo, the php module is available in the following package

root #emerge --ask dev-php/pecl-memcached

memcached package must also be installed:

root #emerge --ask net-misc/memcached

Verify the module is available to PHP.

Web server

Apache and Nginx are supported web servers.

Signed SSL certificate (Let's Encrypt)

Let's Encrypt can be used to obtain free certificates which have been signed by a recognized signing authority.

root #certbot certonly --standalone -d cloud.gentoo-example.org -d cloud.gentoo-example.org

Self signed SSL certificate

Nextcloud servers should have a secure connection. Following certificate will be valid for 365 days after generation:

root #openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt # Fill out the following fields.
root #openssl dhparam -out /etc/nginx/dhparam.pem 4096 # Generate DH group

Create the nginx snippets directory (if it does not exist):

root #mkdir -p /etc/nginx/snippets

Add the following files:

FILE /etc/nginx/snippets/self-signed.conf
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
FILE /etc/nginx/snippets/ssl-params.conf
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
ssl_session_tickets off;

# Generate your own (expect to wait a while): openssl dhparam -out /etc/nginx/dhparam.pem 4096
# Use Mozilla's: curl https://cipherl.ist/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /etc/nginx/dhparam.pem;

# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;

# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;

# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

USE flags

USE flags for www-apps/nextcloud Personal cloud that runs on your own server

curl Add support for client-side URL transfer library
imagemagick Enable optional support for the ImageMagick or GraphicsMagick image converter
mysql Add mySQL Database support
postgres Add support for the postgresql database
sqlite Add support for sqliteembedded sql database
vhosts Add support for installing web-based applications into a virtual-hosting environment

Emerge

root #emerge --ask www-apps/nextcloud

Additional software

In addition to the standard web interface, a Linux native desktop sync client is also available:

root #emerge --ask net-misc/nextcloud-client

Configuration

Files

  • /etc - Global (system wide) configuration file.

Service

OpenRC

On an OpenRC system Nextcloud does not have a specific service, but runs on services from the AMP stack:

root #rc-update add php-fpm default
root #rc-update add mysql default
root #rc-update add nginx default

systemd

Removal

Unmerge

root #emerge --ask --depclean --verbose www-apps/nextcloud

See also

  • Owncloud — a free, open source, Dropbox-like file synchronization and cloud service.

External resources

References