Differences

This shows you the differences between two versions of the page.

--- virtualisation:nextcloud [2018/02/27 14:16]
buettner
+++ virtualisation:nextcloud [2018/03/01 09:19] (current)
buettner
@@ Line 1: / Line 1: @@
-====How to setup Nextcloud on a NB2800 router====
+======How to setup Nextcloud on a NB2800 router======
 This article describes how to setup a Nextcloud server on your NB2800 router.
-[[https://nextcloud.com/|Nextcloud]] is a free and open source cloud hosting software. It lets you easily provide files for and share them with others, and lets you customize your cloud with a lot of tools and additional apps.
+[[https://nextcloud.com/|Nextcloud]] is a free and open source cloud hosting software. It lets you easily share your files with others, hosts your own calenders and contact lists and lets you customize your cloud with a lot of tools and additional apps.
 ===Preparations===
-All basic preparations made are described in this article: [[http://wiki.netmodule.com/virtualisation/file-server | How to set up a NB2800 File Server ]]
 If you need instructions on how to set up a LXC Container on NB2800 Routers, you can refer to this page: http://wiki.netmodule.com/app-notes/virtualisation.
+The first step you should take is to give your router a static IP adress. For this, use
+<code>
+nano /etc/network/interfaces
+</code>
+and set up a static IP configuration for your primary interface. In this example, the configuration for the eth0 interface looks like this:
+<konsole>
+auto eth0
+iface eth0 inet static
+address 192.168.1.50
+netmask 255.255.255.0
+network 192.168.1.0
+broadcast 192.168.1.255
+gateway 192.168.1.105
+dns-nameservers 192.168.1.105
+</konsole>
+After that, use
+<code>
+apt-get update
+apt-get upgrade
+</code>
+to bring your system up to date.
+If your network setup doesn't include a domain you could use on your router, you can easily create one you can use to access your file server.
+For this, get access to the routers web interface and go to Services -> DNS Server. Under "Static Hosts" , click on the plus symbol to add a new domain name.
+Now enter the IP address and the domain name you want it linked to and click "Apply"
+{{ :virtualisation:local_domain_lxc2.png?nolink&600 |}}
+After this, your configuration should look like this:
+{{ :virtualisation:local_domain_lxc.png?nolink&600 |}}
+Now you can access the file server with both its IP address a its local domain name.
 ===Installations===
-Before Nextcloud can be installed, some other programs need to be installed and set up. In the first step, enter
+Before Nextcloud can be installed, a web server (here: Nginx), a SQL program (here: MariaDB) and PHP need to be installed and set up. In the first step, install these programs by entering
 <code>
+apt-get update
 apt-get install nginx mariadb-client mariadb-server php7.0-common php7.0-fpm php7.0-cli php7.0-json php7.0-mysql php7.0-curl php7.0-intl php7.0-mcrypt php-pear php7.0-gd php7.0-zip php7.0-xml php7.0-mbstring php7.0-apcu
 </code>
@@ Line 25: / Line 62: @@
 ===Configuring PHP===
-For setting up PHP, several values in three files have to be edited. First, go to /etc/php/7.0/fpm/pool.d/www.conf and edit the following values (Note: all values described here have to be edited, decommented or added):
+For setting up PHP, several values in three files have to be edited. First, go to /etc/php/7.0/fpm/pool.d/www.conf and edit the following values (Note: all values described here have to be edited, decommented, or added):
 <code c /etc/php/7.0/fpm/pool.d/www.conf>
 user = www-data
@@ Line 63: / Line 100: @@
 ===Configuring MariaDB===
-First, you have to finish the MariDB installation:
+First, you have to finish the MariaDB installation:
 <code>
 mysql_secure_installation
@@ Line 73: / Line 110: @@
 service mysql restart
 </code>
-Now you have to create a new MariaDB user which is only needed for Nextcloud access. To enter the MariaDB editing  shell, enter
+Now you have to create a new MariaDB database and an user which is only needed for Nextcloud access. To enter the MariaDB shell, enter
 <code>
 mysql -u root -p
@@ Line 81: / Line 118: @@
 create database nextcloud_db;
 </code>
-Now create a new MariaDB-user with a password which can access the "nextcloud_db":
+Now create a new MariaDB user with a password which can access the "nextcloud_db":
 <code>
 create user 'user'@localhost identified by 'password';
@@ Line 87: / Line 124: @@
 Note that you have to enter your own credentials for 'user' and 'password'.
-Now all necessary right have to be granted to this new user:
+Now all necessary rights have to be granted to this new user:
 <code>
 grant all privileges on nextcloud_db.* to 'user'@localhost;
@@ Line 114: / Line 151: @@
 First, go to /etc/nginx/nginx.conf and edit the following three lines:
 <code c /etc/nginx/nginx.conf>
-überprüfen ob user = www-data
+user = www-data
-überprüfen ob worker_process = auto
+worker_process = auto
-in html-Block: server_tokens off
+server_tokens off
 </code>
@@ Line 127: / Line 164: @@
 nano /etc/nginx/sites-available/default
 </code>
-This new file has to be filled with this code:
+This new file has to be filled with this code (All passages that need to be edited are marked in the code):
 <code c /etc/nginx/sites-available/default>
 upstream php-handler {
@@ Line 135: / Line 172: @@
 server {
     listen 80;
-    server_name mediacontainer.local;		//an aktuellen Domainnamen anpassen
+    server_name mediacontainer.local;		//* edit to own domain name *//
     # enforce https
     return 301 https://$server_name$request_uri;
@@ Line 142: / Line 179: @@
 server {
     listen 443 ssl http2;
-    server_name mediacontainer.local;		//an aktuellen Domainnamen anpassen
+    server_name mediacontainer.local;		//* edit to own domain name *//
-    ssl_certificate /home/User/CA/cert.pem;			c und Dateinamen anpassen
+    ssl_certificate /home/NCUser/CA/cacert.pem;			//* edit to own files and directorys *//
-    ssl_certificate_key /home/User/CA/private/cakey.pem;	//an aktuellen Pfad und Dateinamen anpassen
+    ssl_certificate_key /home/NCUser/CA/private/cakey.pem;	//* edit to own files and directorys *//
     # Add headers to serve security related headers
@@ Line 165: / Line 202: @@
     # Path to the root of your installation
-    root /var/www/nextcloud/;			upstream php-handler {
+    root /var/www/nextcloud/;		//* edit to own directory *//
-server unix:/run/php/php7.0-fpm.sock;
-}
-server {
-    listen 80;
-    server_name mediacontainer.local;		//an aktuellen Domainnamen anpassen
-    # enforce https
-    return 301 https://$server_name$request_uri;
-}
-server {
-    listen 443 ssl http2;
-    server_name mediacontainer.local;		//an aktuellen Domainnamen anpassen
-    ssl_certificate /home/User/CA/cacert.pem;			//an aktuellen Pfad und Dateinamen anpassen
-    ssl_certificate_key /home/User/CA/private/cakey.pem;	//an aktuellen Pfad und Dateinamen anpassen
-    # Add headers to serve security related headers
-    # Before enabling Strict-Transport-Security headers please read into this
-    # topic first.
-    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
-    # includeSubDomains; preload;";
-    #
-    # WARNING: Only add the preload option once you read about
-    # the consequences in https://hstspreload.org/. This option
-    # will add the domain to a hardcoded list that is shipped
-    # in all major browsers and getting removed from this list
-    # could take several months.
-    add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
-    add_header X-Robots-Tag none;
-    add_header X-Download-Options noopen;
-    add_header X-Permitted-Cross-Domain-Policies none;
-    # Path to the root of your installation
-    root /var/www/nextcloud/;			upstream php-handler {
-server unix:/run/php/php7.0-fpm.sock;
-}
-server {
-    listen 80;
-    server_name mediacontainer.local;		//an aktuellen Domainnamen anpassen
-    # enforce https
-    return 301 https://$server_name$request_uri;
-}
-server {
-    listen 443 ssl http2;
-    server_name mediacontainer.local;		//an aktuellen Domainnamen anpassen
-    ssl_certificate /home/User/CA/cacert.pem;			//an aktuellen Pfad und Dateinamen anpassen
-    ssl_certificate_key /home/User/CA/private/cakey.pem;	//an aktuellen Pfad und Dateinamen anpassen
-    # Add headers to serve security related headers
-    # Before enabling Strict-Transport-Security headers please read into this
-    # topic first.
-    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
-    # includeSubDomains; preload;";
-    #
-    # WARNING: Only add the preload option once you read about
-    # the consequences in https://hstspreload.org/. This option
-    # will add the domain to a hardcoded list that is shipped
-    # in all major browsers and getting removed from this list
-    # could take several months.
-    add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
-    add_header X-Robots-Tag none;
-    add_header X-Download-Options noopen;
-    add_header X-Permitted-Cross-Domain-Policies none;
-    # Path to the root of your installation
-    root /var/www/nextcloud/;			//an aktuellen Pfad anpassen
     location = /robots.txt {
@@ Line 336: / Line 301: @@
     }
 }
+</code>
-    location = /robots.txt {
+Now you can test your Nginx configuration by entering
-        allow all;
+<code>
-        log_not_found off;
+nginx -t
-        access_log off;
+</code>
-    }
-    # The following 2 rules are only needed for the user_webfinger app.
+<konsole>
-    # Uncomment it if you're planning to use this app.
+root@LXC_MEDIA:/# nginx -t
-    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
-    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
+nginx: configuration file /etc/nginx/nginx.conf test is successful
-    # last;
+</konsole>
-    location = /.well-known/carddav {
+If no error occurs, restart Nginx with
-      return 301 $scheme://$host/remote.php/dav;
+<code>
-    }
+service nginx restart
-    location = /.well-known/caldav {
+</code>
-      return 301 $scheme://$host/remote.php/dav;
-    }
-    # set max upload size
-    client_max_body_size 512M;
-    fastcgi_buffers 64 4K;
-    # Enable gzip but do not remove ETag headers
+===Nextcloud Download and Installation===
-    gzip on;
-    gzip_vary on;
-    gzip_comp_level 4;
-    gzip_min_length 256;
-    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-    # Uncomment if your server is build with the ngx_pagespeed module
+First, download the Nextcloud installation file from the Nextcloud homepage. Before downloading the file, you should visit the [[https://nextcloud.com/install/#instructions-server|Nextcloud download page]] to check for the newest version.
-    # This module is currently not supported.
+<code>
-    #pagespeed off;
+wget https://download.nextcloud.com/server/releases/nextcloud-13.0.0.tar.bz2
+</code>
+After the download finished, extract the file to its directory:
+<code>
+tar -xjf nextcloud-13.0.0.tar.bz2 -C /var/www
+</code>
+If you want to, you can now delete the installation file:
+<code>
+rm nextcloud-13.0.0.tar.bz2
+</code>
+Now you have to set the correct user and group to the Nextcloud folder:
+<code>
+chown -R www-data:www-data /var/www/nextcloud
+</code>
-    location / {
+Now open your web browser and go to http://Ip-address-or-domain to enter the Nextcloud installation screen.
-        rewrite ^ /index.php$uri;
-    }
-    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+Here you have to set credentials for an administrator and enter the MariaDB user credentials you set earlier.
-        deny all;
-    }
-    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
-        deny all;
-    }
-    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
+{{ :virtualisation:nc-setup.jpg?nolink&600 |}}
-        fastcgi_split_path_info ^(.+\.php)(/.*)$;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_param PATH_INFO $fastcgi_path_info;
-        fastcgi_param HTTPS on;
-        #Avoid sending the security headers twice
-        fastcgi_param modHeadersAvailable true;
-        fastcgi_param front_controller_active true;
-        fastcgi_pass php-handler;
-        fastcgi_intercept_errors on;
-        fastcgi_request_buffering off;
-    }
-    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
-        try_files $uri/ =404;
-        index index.php;
-    }
-    # Adding the cache control header for js and css files
+===Configuration Nextcloud===
-    # Make sure it is BELOW the PHP block
-    location ~ \.(?:css|js|woff|svg|gif)$ {
-        try_files $uri /index.php$uri$is_args$args;
-        add_header Cache-Control "public, max-age=15778463";
-        # Add headers to serve security related headers (It is intended to
-        # have those duplicated to the ones above)
-        # Before enabling Strict-Transport-Security headers please read into
-        # this topic first.
-        # add_header Strict-Transport-Security "max-age=15768000;
-        #  includeSubDomains; preload;";
-        #
-        # WARNING: Only add the preload option once you read about
-        # the consequences in https://hstspreload.org/. This option
-        # will add the domain to a hardcoded list that is shipped
-        # in all major browsers and getting removed from this list
-        # could take several months.
-        add_header X-Content-Type-Options nosniff;
-        add_header X-XSS-Protection "1; mode=block";
-        add_header X-Robots-Tag none;
-        add_header X-Download-Options noopen;
-        add_header X-Permitted-Cross-Domain-Policies none;
-        # Optional: Don't log access to assets
-        access_log off;
-    }
-    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+After Nextcloud was installed succesfully, go to /var/www/nextcloud/config/config.php and add or edit the following lines:
-        try_files $uri /index.php$uri$is_args$args;
+<code c /var/www/nextcloud/config/config.php>
-        # Optional: Don't log access to other assets
+'memcache.local' => '\OC\Memcache\APCu',
-        access_log off;
+'trusted_domains' =>
-    }
+ array (
-}
+ => 'mediacontainer.local',
+=> '192.168.1.50',
-    location = /robots.txt {
+ ),
-        allow all;
+'overwriteprotocol' => 'https',
-        log_not_found off;
+'logtimezone' => 'Europe/Berlin',
-        access_log off;
-    }
-    # The following 2 rules are only needed for the user_webfinger app.
-    # Uncomment it if you're planning to use this app.
-    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
-    # last;
-    location = /.well-known/carddav {
-      return 301 $scheme://$host/remote.php/dav;
-    }
-    location = /.well-known/caldav {
-      return 301 $scheme://$host/remote.php/dav;
-    }
-    # set max upload size
-    client_max_body_size 512M;
-    fastcgi_buffers 64 4K;
-    # Enable gzip but do not remove ETag headers
-    gzip on;
-    gzip_vary on;
-    gzip_comp_level 4;
-    gzip_min_length 256;
-    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-    # Uncomment if your server is build with the ngx_pagespeed module
-    # This module is currently not supported.
-    #pagespeed off;
-    location / {
-        rewrite ^ /index.php$uri;
-    }
-    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
-        deny all;
-    }
-    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
-        deny all;
-    }
-    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
-        fastcgi_split_path_info ^(.+\.php)(/.*)$;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_param PATH_INFO $fastcgi_path_info;
-        fastcgi_param HTTPS on;
-        #Avoid sending the security headers twice
-        fastcgi_param modHeadersAvailable true;
-        fastcgi_param front_controller_active true;
-        fastcgi_pass php-handler;
-        fastcgi_intercept_errors on;
-        fastcgi_request_buffering off;
-    }
-    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
-        try_files $uri/ =404;
-        index index.php;
-    }
-    # Adding the cache control header for js and css files
-    # Make sure it is BELOW the PHP block
-    location ~ \.(?:css|js|woff|svg|gif)$ {
-        try_files $uri /index.php$uri$is_args$args;
-        add_header Cache-Control "public, max-age=15778463";
-        # Add headers to serve security related headers (It is intended to
-        # have those duplicated to the ones above)
-        # Before enabling Strict-Transport-Security headers please read into
-        # this topic first.
-        # add_header Strict-Transport-Security "max-age=15768000;
-        #  includeSubDomains; preload;";
-        #
-        # WARNING: Only add the preload option once you read about
-        # the consequences in https://hstspreload.org/. This option
-        # will add the domain to a hardcoded list that is shipped
-        # in all major browsers and getting removed from this list
-        # could take several months.
-        add_header X-Content-Type-Options nosniff;
-        add_header X-XSS-Protection "1; mode=block";
-        add_header X-Robots-Tag none;
-        add_header X-Download-Options noopen;
-        add_header X-Permitted-Cross-Domain-Policies none;
-        # Optional: Don't log access to assets
-        access_log off;
-    }
-    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
-        try_files $uri /index.php$uri$is_args$args;
-        # Optional: Don't log access to other assets
-        access_log off;
-    }
-}
 </code>

User Tools

Site Tools

Differences

Page Tools