User:Maffblaster/Drafts/Nextcloud
Nextcloud is a free and open source cloud suite webapp used for file synchronization and sharing.
This installation document was written with Nextcloud 20 as a target and attempts to provide a fast installation on Gentoo systems.[1] Provisioning the hardware (CPU allocation, data storage, memory, etc.) is outside the scope of this document.
Installation
Nextcloud requires software components from the standard (L)AMP stack: a web server, a database, and PHP interpreter (php-fpm).
Kernel
Kernel support for Nextcloud purposes includes the standard array of subsystems for hosting webapps. Kernel configuration is beyond the scope of this article.
PHP
Before re-emerging PHP in order to get supported modules, see upstream's list of supported PHP versions and associated modules[2] which are necessary for correct operation of Nextcloud. As of March, 2021, Nextcloud runs on PHP 7.2, 7.3, and 7.4. There are currently 14 modules that should be available for Nextcloud. They can be checked with the following command.
user $
php -m | grep -i 'ctype\|curl\|dom\|gd\|iconv\|json\|libxml\|mbstring\|openssl\|posix\|session\|simplexml\|xmlreader\|xmlwriter\|zip\|zlib'
ctype curl dom gd iconv json libxml mbstring openssl posix session SimpleXML xmlreader xmlwriter zip zlib
Pipe the command to wc -l to get a count of 14:
user $
php -m | grep -i 'ctype\|curl\|dom\|gd\|iconv\|json\|libxml\|mbstring\|openssl\|posix\|session\|simplexml\|xmlreader\|xmlwriter\|zip\|zlib' | wc -l
14
Verify one of three possible modules exist for the database connector. In this instance, MariaDB will be the application's database:
user $
php -m | grep -i 'pdo_mysql'
pdo_mysql
Generally recommended modules (by upstream):
user $
php -m | grep -i 'bz2\|fileinfo\|intl'
bz2 fileinfo intl
Recommended modules for instances hosting photos/images:
user $
php -m | grep -i 'exif'
exif
Recommended for enhanced server performance is to pair Nextcloud with memcached. This php module is a PECL extension and is installed separately from php itself. On Gentoo, the php module is available in the following package
root #
emerge --ask dev-php/pecl-memcached
memcached package must also be installed:
root #
emerge --ask net-misc/memcached
Verify the module is available to PHP.
Web server
Apache and Nginx are supported web servers.
Signed SSL certificate (Let's Encrypt)
Let's Encrypt can be used to obtain free certificates which have been signed by a recognized signing authority.
root #
certbot certonly --standalone -d cloud.gentoo-example.org -d cloud.gentoo-example.org
Self signed SSL certificate
Nextcloud servers should have a secure connection. Following certificate will be valid for 365 days after generation:
root #
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt # Fill out the following fields.
root #
openssl dhparam -out /etc/nginx/dhparam.pem 4096 # Generate DH group
Create the nginx snippets directory (if it does not exist):
root #
mkdir -p /etc/nginx/snippets
Add the following files:
/etc/nginx/snippets/self-signed.conf
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
/etc/nginx/snippets/ssl-params.conf
ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; # Generate your own (expect to wait a while): openssl dhparam -out /etc/nginx/dhparam.pem 4096 # Use Mozilla's: curl https://cipherl.ist/ffdhe2048.txt > /path/to/dhparam ssl_dhparam /etc/nginx/dhparam.pem; # intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; # HSTS (ngx_http_headers_module is required) (63072000 seconds) add_header Strict-Transport-Security "max-age=63072000" always; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; # verify chain of trust of OCSP response using Root CA and Intermediate certs ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
USE flags
USE flags for www-apps/nextcloud Personal cloud that runs on your own server
curl
|
Add support for client-side URL transfer library |
imagemagick
|
Enable optional support for the ImageMagick or GraphicsMagick image converter |
mysql
|
Add mySQL Database support |
postgres
|
Add support for the postgresql database |
sqlite
|
Add support for sqliteembedded sql database |
vhosts
|
Add support for installing web-based applications into a virtual-hosting environment |
Emerge
root #
emerge --ask www-apps/nextcloud
Additional software
In addition to the standard web interface, a Linux native desktop sync client is also available:
root #
emerge --ask net-misc/nextcloud-client
Configuration
Files
- /etc - Global (system wide) configuration file.
Service
OpenRC
On an OpenRC system Nextcloud does not have a specific service, but runs on services from the AMP stack:
root #
rc-update add php-fpm default
root #
rc-update add mysql default
root #
rc-update add nginx default
systemd
Removal
Unmerge
root #
emerge --ask --depclean --verbose www-apps/nextcloud
See also
- Owncloud — a free, open source, Dropbox-like file synchronization and cloud service.