====== 24.04 NextCloud Installation ======


https://docs.nextcloud.com/server/12/admin_manual/installation/index.html


===== Prerequisites =====


Set up DNS (CNAME) to point to your nextcloud server.

  scottcloud.scottworld.net CNAME ---> Solaris

Also make sure it is set internally (if we are using split DNS)

===== Set up some directories =====


Create a directory to hold the nextcloud files .. make this outside the standard WWW readable dirrectory

  mkdir /opt/nextcloud/

Create a directory (outside of your WWW to hold the personal cloud files for our users)

  mkdir /srv/data/scottcloud

Set the permissions / ownership on this

  chown www-data:www-data /srv/data/scottcloud -R

===== Download Nextcloud =====


We can down grab a copy of the latest NetCloud install.

Check the latest version.

  https://nextcloud.com/install/#instructions-server

<code>
 cd /opt/
 wget https://download.nextcloud.com/server/releases/latest.tar.bz2  (for example)
 tar -xvf <tarfile>
</code>

Change the perms to let apache can r/w

  chown www-data:www-data /opt/nextcloud -R
  chmod 770 /opt/nextcloud -R


===== Create the database =====



We should create the NextCloud database first. I tend to use phpMyAdmin (you can use the terminal if you are savvy) Make sure the charset is    utf8mb4_unicode_ci  (this ensure you have the full character set)

Create a user "nextcloud" with an empty database of the same name with full privileges.

(I do this through phpMyadmin we installed earlier.

===== php Tweaks =====


We need some extra php modules.
 
  apt install php-gd php-json php-mysql php-curl php-mbstring php-intl php-gmp php-imagick php-zip php-xml php-smbclient smbclient php-bcmath imagemagick php-bz2

===== Apache Web Server Configuration =====


On Debian, Ubuntu, and their derivatives, Apache installs with a useful configuration so all you have to do is create a /etc/apache2/sites-available/scottcloud.conf file with these lines in it, replacing the Directory and other filepaths with your own filepaths:

<code>
<VirtualHost *:80>
    ServerName scottcloud.scottworld.net
    Redirect permanent / https://scottcloud.scottworld.net/
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName scottcloud.scottworld.net 
        DocumentRoot /opt/nextcloud
        CustomLog ${APACHE_LOG_DIR}/scottcloud.log combined
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/scottcloud.scottworld.net/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/scottcloud.scottworld.net/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/scottcloud.scottworld.net/chain.pem
        SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt

        <Directory /opt/nextcloud>
            Require all granted
            AllowOverride All
            Options FollowSymLinks MultiViews
            <IfModule mod_dav.c>
                Dav Off
            </IfModule>
        </Directory>

        <IfModule mod_headers.c>
            Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
            Header always set X-Frame-Options SAMEORIGIN
        </IfModule>
    </VirtualHost>
</IfModule>
</code>

===== Additional Apache Configurations =====


For Nextcloud to work correctly, we need the module mod_rewrite. Enable it by running:
<code>
    a2enmod rewrite
    a2enmod headers
    a2enmod env
    a2enmod dir
    a2enmod mime
</code>


When using SSL, take special note of the ServerName. You should specify one in the server configuration, as well as in the CommonName field of the certificate. If you want your Nextcloud to be reachable via the internet, then set both of these to the domain you want to reach your Nextcloud server.

Now enable the site and restart Apache:
<code>
  a2ensite scottcloud.conf
  systemctl restart apache2.service
</code>

===== Web Installation =====


Point a browser at... 

  scottcloud.scottworld.net/

Fill in the fields for your admin user / database / default data directory

===== Tweak some settings to remove errors =====


Add a php override file in 

  nano /etc/php/8.x/apache2/conf.d/nextcloud.ini

In there place these params

<code>
memory_limit = 512M
upload_max_filesize = 5G
post_max_size = 5G
max_execution_time = 3600
redis.session.locking_enabled = 1
redis.session.lock_retries = -1
redis.session.lock_wait_time = 10000
opcache.save_comments = 1
opcache.revalidate_freq = 60
opcache.interned_strings_buffer = 16
</code>

Mirror apache php settings when running CLI (occ command)

  ln -s /etc/php/8.x/apache2/conf.d/nextcloud.ini /etc/php/8.x/cli/conf.d/

Restart Apache2

  systemctl restart apache2.service

===== House Keeping =====


Create a file in /etc/cron.d

  nano /etc/cron.d/nextcloud

Add the line to do some housekeeping every 15 mins.
<code> 
 */5  *  *  *  * www-data php -f /opt/nextcloud/cron.php
</code>

===== Certbot SSL =====


Enable SSL on your cloud install with LetsEncrypt.

Clone into a git repository 
<code>
 cd /opt/
 git clone https://github.com/certbot/certbot
</code>
Now enter the git and run ...

  cd /opt/

  ./letsencrypt-auto --non-interactive --agree-tos --email mark@scottworld.net --apache -d solaris.scottworld.net --hsts

You should now have a A* rating.. check here

  https://www.ssllabs.com/ssltest/analyze.html?d=solaris.scottworld.net

Set up a renewal check...

  nano /etc/cron.d/letsencrypt

  * 1 * * 1 root /etc/certbot/certbot-auto renew --quiet


===== Make things look a bit nicer =====


Make browsers redirect to HTTPS

  nano /opt/nextcloud/config/config.php


Add / check these lines... to make a clean URL and set default locale etc.
<code>
  'htaccess.RewriteBase' => '/',
  'default_locale' => 'en_GB',
  'default_phone_region' => 'GB',
  'trashbin_retention_obligation' => 'auto, 90',
  'versions_retention_obligation' => 'auto, 365',
  'maintenance_window_start' => 1,
</code>
Now commit the changes

  sudo -u www-data php /opt/nextcloud/occ maintenance:update:htaccess

===== Setup Memory caching (REDIS) =====


  apt install redis-server php-redis
  adduser www-data redis

  nano /etc/redis/redis.conf

Comment out the bind line

  #bind 127.0.0.1 ::1

Change the following lines
<code>
 # Accept connections on the specified port, default is 6379 (IANA #815344).
 # If port 0 is specified Redis will not listen on a TCP socket.
 port 0

 # Unix socket.
 #
 # Specify the path for the Unix socket that will be used to listen for
 # incoming connections. There is no default, so Redis will not listen
 # on a unix socket when not specified.
 #
 unixsocket /run/redis/redis-server.sock
 unixsocketperm 770
</code>

Edit the /opt/nextcloud/config/config.php and add these lines.


<code>
  'memcache.local' => '\OC\Memcache\Redis',
  'memcache.distributed' => '\OC\Memcache\Redis',
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => [
             'host' => '/run/redis/redis-server.sock',
             'port' => 0,
             ],
);
</code>


Restart ...

  systemctl restart redis
  systemctl restart apache2