Nextcloud
De Banane Atomic
Aller à la navigationAller à la recherche
Links
Manual upgrade
 |
Updates between multiple major versions and downgrades are unsupported. |
Backup the database, the data directory and the config.php file.
|
# backup
tar czf /folder/nextcloud.tar.gz nextcloud
sudo mysqldump -rnextcloud.sql nextcloud
# download the latest Nextcloud Server release
wget https://download.nextcloud.com/server/releases/nextcloud-23.0.0.tar.bz2
# unpack it
tar -xjf nextcloud-*.tar.bz2
# disable cron task
sudo crontab -u www-data -e
# stop the web server (apache)
sudo a2dissite nextcloud
sc-reload apache2
# rename old version and move the new one
mv /var/www/nextcloud /var/www/nextcloud-old
mv ~/download/nextcloud /var/www
# copy the config
cp /var/www/nextcloud-old/config/config.php /var/www/nextcloud/config
# copy the data folder
cp /var/www/nextcloud-old/data /var/www/nextcloud
# adjust file ownership and permissions
chown -R www-data:www-data /var/www/nextcloud
find /var/www/nextcloud/ -type d -exec chmod 750 {} \;
find /var/www/nextcloud/ -type f -exec chmod 640 {} \;
# start the web server (apache)
a2ensite nextcloud
sc-reload apache2
# upgrade with the www-data user
chmod 755 /var/www/nextcloud
cd /var/www/nextcloud
sudo -u www-data php occ upgrade
chmod 750 /var/www/nextcloud
# disable the maintenance mode if required
sudo -u www-data php occ maintenance:mode --off
# enable cron task
sudo crontab -u www-data -e
|
 |
Check the version
|
Configuration
NGINX
| /etc/nginx/sites-available/nextcloud.conf |
upstream php-handler {
server unix:/var/run/php/php-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name cloud.domain.net;
# enforce https
return 301 https://$server_name:443$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.domain.net;
ssl_certificate /etc/ssl/nginx/cloud.domain.net.crt;
ssl_certificate_key /etc/ssl/nginx/cloud.domain.net.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/nextcloud;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
access_log off;
}
}
|
Apache
| /etc/apache2/sites-available/nextcloud.conf |
<VirtualHost *:80>
ServerName nextcloud.domain.fr
Redirect / https://nextcloud.domain.fr/
</VirtualHost>
<VirtualHost _default_:443>
ServerName nextcloud.domain.fr
DocumentRoot /var/www/nextcloud
SSLCertificateFile /etc/letsencrypt/live/domain.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.fr/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<FilesMatch "\.php$">
SSLOptions +StdEnvVars
</FilesMatch>
ErrorLog ${APACHE_LOG_DIR}/nextcloud-error.log
CustomLog ${APACHE_LOG_DIR}/nextcloud-access.log combined
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
</IfModule>
<Directory /var/www/nextcloud>
Options FollowSymlinks
AllowOverride all
Require all granted
</Directory>
</VirtualHost>
|
Pretty URL
| config/config.php |
'overwrite.cli.url' => 'https://nextcloud.domain.fr/', 'htaccess.RewriteBase' => '/', |
|
|
sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess |
Server tuning
PHP-FPM
| /etc/php/8.2/fpm/pool.d/nextcloud.conf |
[nextcloud] user = www-data group = www-data listen = /run/php/php8.2-fpm-nextcloud.sock listen.owner = www-data listen.group = www-data pm = dynamic pm.max_children = 10 pm.start_servers = 4 pm.min_spare_servers = 2 pm.max_spare_servers = 6 php_value[memory_limit] = 512M php_value[opcache.interned_strings_buffer] = 16 ; disable the revalidation completely php_value[opcache.validate_timestamps] = 0 php_value[opcache.jit] = 1255 php_value[opcache.jit_buffer_size] = 128M |
| /etc/apache2/sites-available/nextcloud.conf |
<FilesMatch "\.php$">
# use the nextcloud php-fpm pool
SetHandler "proxy:unix:/run/php/php8.2-fpm-nextcloud.sock|fcgi://localhost"
SSLOptions +StdEnvVars
</FilesMatch>
|
|
|
# restart PHP FPM sc-restart php8.2-fpm.service |
MySQL
|
Get the best value for innodb_buffer_pool_size |
| /etc/mysql/conf.d/mysql.cnf |
[mysqld] innodb_buffer_pool_size = 1G innodb_io_capacity = 4000 |
Background jobs
|
|
# edit crontab for user www-data sudo crontab -u www-data -e # run cron.php every 5 minutes */5 * * * * php -f /var/www/nextcloud/cron.php |
With admin account, change the Settings → Administration → Basic settings → Background jobs = Cron
Settings
Resetting a lost admin password
|
|
# change the admin password sudo -u www-data php /var/www/nextcloud/occ user:resetpassword admin |
Email server
| Setting | Value |
|---|---|
| Send mode | SMTP |
| Authentication method |
|
| Authentication required | use same credential as for roundcube |
| Server address | smtp.domain.fr:25 |
Apps
Installer des Apps:
- se connecter en admin
- cliquer sur l'icone du profile en haut à droite → Apps
Deck
Outils de gestion de taches similaire à Trello
Talk
Chat, video & audio calls
Calendar
Installation sur Ubuntu 18.04
|
|
wget https://download.nextcloud.com/server/releases/latest-27.tar.bz2 tar xf latest-*.tar.bz2 sudo mv -T nextcloud /var/www/nextcloud sudo chown -R root:root /var/www/nextcloud # vérifier que les modules php suivant sont bien installés dpkg -l php-zip php-gd php-curl php-imagick # folders rights sudo chown -R www-data:www-data apps sudo chown -R www-data:www-data config sudo chown -R www-data:www-data data sudo chmod 750 config |
|
create database nextcloud; grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password'; flush privileges; |
Errors
Memcache \OC\Memcache\APCu not available for local cache
| /etc/php/7.4/mods-available/apcu.ini |
apc.enable_cli=1 |
The PHP memory limit is below the recommended value of 512MB
| /etc/php/7.4/apache2/php.ini |
memory_limit = 512M |
MySQL is used as database but does not support 4-byte characters
A memcache is not required and you may safely ignore the warning if you prefer
| config/config.php |
'memcache.local' => '\OC\Memcache\APCu', |
