User:Maffblaster/Drafts/Nextcloud
Nextcloud is a free and open source cloud suite webapp used for file synchronization and sharing.
This installation document was written with Nextcloud 20 as a target and attempts to provide a fast installation on Gentoo systems.[1] Provisioning the hardware (CPU allocation, data storage, memory, etc.) is outside the scope of this document.
Installation
Nextcloud requires software components from the standard (L)AMP stack: a web server, a database, and PHP interpreter (php-fpm).
Kernel
Kernel support for Nextcloud purposes includes the standard array of subsystems for hosting webapps. Kernel configuration is beyond the scope of this article.
PHP
Before re-emerging PHP in order to get supported modules, see upstream's list of supported PHP versions and associated modules[2] which are necessary for correct operation of Nextcloud. As of June, 2023 the latest Nextcloud release runs on PHP 8.0 (deprecated), 8.1, and 8.2 (recommended). There are currently 18 PHP modules that should be available for Nextcloud. They can be checked with the following command:
user $php -m | grep -i 'ctype\|curl\|dom\|gd\|iconv\|json\|libxml\|mbstring\|openssl\|posix\|session\|simplexml\|xmlreader\|xmlwriter\|zip\|zlib'ctype curl dom fileinfo gd hash iconv json libxml mbstring openssl posix session SimpleXML xmlreader xmlwriter zip zlib
Pipe the command to wc -l to get a count of 18:
user $php -m | grep -i 'ctype\|curl\|dom\|fileinfo\|gd\|hash\|iconv\|json\|libxml\|mbstring\|openssl\|posix\|session\|simplexml\|xmlreader\|xmlwriter\|zip\|zlib' | wc -l18
Verify one of three possible modules exist for the database connector. In this instance, MySQL/MariaDB (pdo_mysql) will be the application's database, although PostgresSQL (pdo_pgsql ) or Sqlite (pdo_sqlite) could be used as the database:
user $php -m | grep -i 'pdo_mysql'pdo_mysql
Generally recommended modules (by upstream):
user $php -m | grep -i 'bzip2\|fileinfo\|intl'bzip2 intl
Recommended modules for instances hosting photos/images:
user $php -m | grep -i 'exif'exif # necessary for image rotation in pictures app imagick # necessary for preview generation
Recommended for enhanced server performance is to pair Nextcloud with memcached. This php module is a PECL extension and is installed separately from PHP itself:
root #emerge --ask dev-php/pecl-memcachedmemcached package must also be installed:
root #emerge --ask net-misc/memcachedVerify the module is available to PHP:
user $php -m | grep -i 'mem'memcached
Web server
Apache and Nginx are supported web servers.
Signed SSL certificate (Let's Encrypt)
Let's Encrypt can be used to obtain free certificates which have been signed by a recognized signing authority.
root #certbot certonly --standalone -d cloud.gentoo-example.org -d cloud.gentoo-example.orgSelf signed SSL certificate
Nextcloud servers should have a secure connection. Following certificate will be valid for 365 days after generation:
root #openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt # Fill out the following fields.
root #openssl dhparam -out /etc/nginx/dhparam.pem 4096 # Generate DH group
Create the nginx snippets directory (if it does not exist):
root #mkdir -p /etc/nginx/snippetsAdd the following files:
/etc/nginx/snippets/self-signed.confssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
/etc/nginx/snippets/ssl-params.confssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# Generate your own (expect to wait a while): openssl dhparam -out /etc/nginx/dhparam.pem 4096
# Use Mozilla's: curl https://cipherl.ist/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /etc/nginx/dhparam.pem;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
USE flags
USE flags for www-apps/nextcloud Personal cloud that runs on your own server
curl
|
Add support for client-side URL transfer library |
imagemagick
|
Enable optional support for the ImageMagick or GraphicsMagick image converter |
mysql
|
Add mySQL Database support |
postgres
|
Add support for the postgresql database |
sqlite
|
Add support for sqlite - embedded sql database |
vhosts
|
Add support for installing web-based applications into a virtual-hosting environment |
Emerge
root #emerge --ask www-apps/nextcloudAdditional software
In addition to the standard web interface, a Linux native desktop sync client is also available:
root #emerge --ask net-misc/nextcloud-clientConfiguration
Files
- /etc - Global (system wide) configuration file.
Service
OpenRC
On an OpenRC system Nextcloud does not have a specific service, but runs on services from the AMP stack:
root #rc-update add php-fpm default
root #rc-update add mysql default
root #rc-update add nginx default
systemd
Enable and start the services:
root #systemctl enable --now nginx
root #systemctl enable --now php-fpm
root #systemctl enable --now mariadb
If using PostgreSQL
root #systemctl enable --now postgresql-15Removal
Unmerge
root #emerge --ask --depclean --verbose www-apps/nextcloudSee also
- Owncloud — a free, open source, Dropbox-like file synchronization and cloud service.