Nextcloud
From Wikipedia: Nextcloud is functionally very similar to the widely used Dropbox, with the primary functional difference being that Nextcloud is free and open-source, and thereby allowing anyone to install and operate it without charge on a private server. In contrary to proprietary services like Dropbox, the open architecture allows adding additional functionality to the server in form of so-called applications.Nextcloud is an actively maintained fork of ownCloud.
Contents
Installation
Required Packages
Install the apache php php-apache mariadb packages from the official repositories.
Install the nextcloudAUR package from the Arch User Repository.
Install the required PHP modules packages: php-gd php-intl php-mcrypt from the official repositories.
Install from the official repositories the APCu PHP module for memory caching: php-apcu.
Optional Packages
For file preview generation Install the following packages:
ffmpeg and either libreoffice-still or libreoffice-fresh from the official repositories.
php-imagickAUR from the Arch User Repository.
PHP Configuration
Edit /etc/php/php.ini
and uncomment the following required modules:
gd.so iconv.so xmlrpc.so zip.so
Also uncomment the following required modules for mariadb:
extension=pdo_mysql.so
Uncomment the following recommended PHP modules:
bz2.so curl.so intl.so mcrypt.so
Add the following to open_basedir
:
/usr/share/webapps/nextcloud:/dev/urandom
Setup mariadb and nextcloud DB
Configure mariadb:
# mysql_install_db –user=mysql –basedir=/usr –datadir=/var/lib/mysql
Enable and start mariadb.service
.
Secure mariadb:
# mysql_secure_installation
Create nextcloud
database:
$ mysql -u root -p
At the prompt, insert the following lines (make sure to enter them separately).
CREATE DATABASE IF NOT EXISTS nextcloud; CREATE USER ‘username’@’localhost’ IDENTIFIED BY ‘password’; GRANT ALL PRIVILEGES ON nextcloud.* TO ‘username’@’localhost’ IDENTIFIED BY ‘password’; quit
Setup Apache
Copy Nextcloud’s Apache configuration file to Apache configuration directory:
# cp /etc/webapps/nextcloud/apache.example.conf /etc/httpd/conf/extra/nextcloud.conf
Edit /etc/httpd/conf/httpd.conf
and:
Comment the line:
#LoadModule mpm_event_module modules/mod_mpm_event.so
Uncomment the line:
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
After LoadModule dir_module modules/mod_dir.so
, place the following module:
LoadModule php7_module modules/libphp7.so
At the end of the Include
list place the following line:
Include conf/extra/php7_module.conf
At the end of the LoadModule
list add the following line:
AddHandler php7-script php
At the bottom of /etc/httpd/conf/httpd.conf
add the following line:
Include conf/extra/nextcloud.conf
Enable the following modules:
mod_rewrite headers env dir mime
Enable and start the apache service httpd
Swithch to Cron from AJAX
Nextcloud requires scheduled execution of some tasks, and by default it archives this by using AJAX, however AJAX is the least reliable method, and it is recommended to use Cron instead.
To do so, first install chrony:
# pacman -S chrony
Then create a job for http
user:
# crontab -u http -e
This would open editor, paste this:
*/15 * * * * php -f /usr/share/webapps/nextcloud/cron.php
Save the file and exit. Now you should enable and start chrony.service
.
You can verify that everything is set by running
# crontab -u http -l
Finally, set Cron option in Nextcloud settings to Cron.
Enable memcache
Enable memcache by uncommenting the following line in /etc/php/conf.d/apcu.ini
:
extension=apcu.so
Log onto Nextcloud and set it up by pointing your browser to: http://localhost/nextcloud
. Follow the on screen instructions to setup Nextcloud
After Nextcloud is set up, add the following line to /usr/share/webapps/nextcloud/config/config.php
:
'memcache.local’ => ‘\OC\Memcache\APCu’,
Restart the apache httpd
service.
(Optional) SSL Setup and its hardening plus SSL hardening
Enable SSL with a self signed certificate
Edit /etc/httpd/conf/httpd.conf
and uncomment the following lines:
LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so Include conf/extra/httpd-ssl.conf
Still while in /etc/httpd/conf/httpd.conf
add port 443
to your Listen
ports:
Listen 443
Create the certificate issuing the following commands:
# cd /etc/httpd/conf # openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt -days 1095 # chmod 400 server.key
SSL hardening
Edit /etc/httpd/conf/extra/httpd-ssl.conf
and under the VirtualHost:443
section add the following section:
<IfModule mod_headers.c> Header always set Strict-Transport-Security “max-age=15768000; includeSubDomains; preload” </IfModule>