How to install NextCloud 12 on Ubuntu Server 16.04 LTS

Post Reply
User avatar
LHammonds
Site Admin
Site Admin
Posts: 651
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

How to install NextCloud 12 on Ubuntu Server 16.04 LTS

Post: # 561Post LHammonds
Thu Jan 11, 2018 4:24 pm

Greetings and salutations,

I hope this thread will be helpful to those who follow in my foot steps as well as getting any advice based on what I have done / documented.

To discuss this thread, please participate here: Ubuntu Tutorial Forums

High-level overview

NextCloud is a web application that can store and serve content from a centralized location, much like Dropbox. The difference is that NextCloud allows you to host the serving software on your own machines, taking the trust issues out of putting your personal data someone else's server.

This tutorial will cover how to manually setup an NextCloud server which will use a separate dedicated database server and SSL encryption.

Advantages of manually installing NextCloud:
* Can use the latest version of NextCloud currently available (Repository rarely contains latest version)
* Are not forced to install MySQL locally (handy if you have a dedicated database server)
* Can install where you want (such as standard / well-known locations)

Disadvantages of manually installing NextCloud:
* Will not automatically update the system via "apt-get update" (although you are not guaranteed you get the latest this way either...just the latest in the repository)
* Not as easy to install (thus this step-by-step guide)

The server will be installed inside a virtual machine in vSphere running on ESXi servers. Notes will also be supplied for doing the same thing for VirtualBox on a Windows 10 PC. Although there are some VMware-specific and VirtualBox-specific steps, they are very few and the majority of this documentation will work for other Virtual Machines or even directly installed onto a physical machine (e.g. bare-metal install). If you have any advice on doing things better, please let me know by replying to the Ubuntu forums thread above.

Tools utilized in this process
Helpful links

The list below are sources of information that was helpful in the creation of this document.
Assumptions

This documentation will need to make use of some very-specific information that will most-likely be different for each person / location. And as such, this information will be noted in this section. They will be highlighted in red throughout the document as a reminder that you should plug-in your own value rather than actually using these "place-holder" values.

Under no circumstance should you use the actual values listed below. They are place-holders for the real thing. This is just a checklist template you need to have answered before you start the install process.

Wherever you see RED in this document, you need to substitute it for you will use in your environment.
  • Internet domain: nextcloud.mydomain.com
  • Ubuntu Server name: srv-nextcloud
  • Ubuntu Server IP address: 192.168.107.9
  • Ubuntu Admin ID: administrator
  • Ubuntu Admin Password: myadminpass
  • Database Server Name (remote): srv-mysql
  • Database Server IP (remote): 192.168.107.20
  • Database Admin ID: root
  • Database Admin Password: rootpass
  • Database ID: nextclouduser
  • Database Password: nextclouduserpass
  • Email Server Name (remote): srv-mail
  • Email Server IP (remote): 192.168.107.25
  • NextCloud Admin ID: NextCloudAdmin
  • NextCloud Admin Password: nextcloudadminpass
NextCloud Ubuntu Server - Setup an Ubuntu server for use as the NextCloud server. This tutorial assumes the server was configured according to this tutorial: How to install and configure Ubuntu Server

MySQL/MariaDB server - Setup a separate and dedicated database server. This tutorial assumes the server was configured according to this tutorial: How to install and configure MariaDB

It is also assumed the reader knows how to use the VI editor. If not, you will need to beef up your skill set or use a different editor in place of it.

User avatar
LHammonds
Site Admin
Site Admin
Posts: 651
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Prior to install

Post: # 562Post LHammonds
Thu Jan 11, 2018 4:26 pm

Name Resolution

Add your NextCloud domain(s) so they point to the local loopback (127.0.0.1)
Add your other remote servers such as your mail and database server IPs so you can reference them by name.

Code: Select all

vi /etc/hosts

Code: Select all

127.0.0.1       localhost
127.0.1.1       srv-nextcloud
127.0.0.1	nextcloud.mydomain.com
192.168.107.25  srv-mail
192.168.107.20  srv-mysql
Prerequisites

Install Apache web server:

Code: Select all

apt-get -y install apache2
Install PHP for Apache with MySQL/MariaDB support

Code: Select all

apt-get -y install php7.0 libapache2-mod-php7.0 php7.0-mysql
TIP: You can search available PHP packages names by typing this:

Code: Select all

apt-cache search php7.0
TIP: You can see which PHP modules are installed by typing this:

Code: Select all

php -m
There are various required, recommended, app-specific modules listed on the requirements section of the manual.

The below will show what is already installed by default and what will be needed as a complete list. You can customize to your needs.

PHP modules:

Code: Select all

bz2
ctype
curl - Missing (contained in php7.0-curl)
dom - Missing (contained in php7.0-xml)
exif
fileinfo
ftp
gd - Missing (contained in php7.0-gd)
iconv
imagick - Missing (contained in php-imagick)
intl - Missing (contained in php7.0-intl)
gmp - Missing (contained in php7.0-gmp)
json
libxml
mbstring - Missing (contained in php7.0-mbstring)
mcrypt - Missing (contained in php7.0-mcrypt)
openssl
pdo_mysql
posix
simplexml - Missing (contained in php7.0-xml)
smbclient - Missing (contained in php-smbclient)
xmlreader - Missing (contained in php7.0-xml)
xmlwriter - Missing (contained in php7.0-xml)
zip - Missing (contained in php7.0-zip)
zlib
Install the missing PHP modules with these packages:

Code: Select all

apt-get -y install php7.0-gd php7.0-zip php7.0-xml php7.0-mbstring php7.0-curl php7.0-intl php7.0-mcrypt php7.0-gmp php-imagick php-smbclient
NOTE: Need to research how to install / configure / enable LibreOffice and video previews.

Enable various options in Apache:

Code: Select all

a2enmod rewrite
a2enmod headers
a2enmod env (probably already enabled)
a2enmod dir (probably already enabled)
a2enmod mime (probably already enabled)
Modify PHP to allow uploading of larger files and correct OPcache settings. In the below example, it allows 2GB uploads.

Code: Select all

vi /etc/php/7.0/apache2/php.ini

Code: Select all

default_charset = "UTF-8"
post_max_size = 2058M
upload_max_filesize = 2048M
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1
Reload Apache for changes to the config to take affect:

Code: Select all

service apache2 reload
PHP Information

To verify Apache, PHP and modules are installed and enabled, lets create the famous phpinfo page.

Code: Select all

touch /var/www/html/phpinfo.php
chown www-data:www-data /var/www/html/phpinfo.php
chmod 0644 /var/www/html/phpinfo.php
echo "<?php phpinfo(); ?>" >> /var/www/html/phpinfo.php
Open a browser and load up the phpinfo page: http://192.168.107.9/phpinfo.php

You should be able to scroll down and see sections for each module we wanted enabled. If you don't see a dedicated section, then that module is not installed/enabled.

When done, do not forget to remove the info file:

Code: Select all

rm /var/www/html/phpinfo.php

User avatar
LHammonds
Site Admin
Site Admin
Posts: 651
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Database Configuration

Post: # 563Post LHammonds
Thu Jan 11, 2018 4:29 pm

Configure MariaDB / MySQL

In this scenario, a dedicated and general-purpose database server already exists and it will be used to hold the application's database.
  1. Connect to the MariaDB/MySQL server using PuTTY.
  2. At the login prompt, login with your administrator account (administrator / myadminpass) and then temporarily grant yourself super user privileges by typing sudo su
  3. Type the following commands:
    mysql -u root -p Enter password: rootpass
    CREATE DATABASE nextcloud CHARACTER SET utf8 COLLATE utf8_bin; CREATE USER 'nextclouduser'@'%' IDENTIFIED BY 'nextclouduserpass'; GRANT ALL ON nextcloud.* TO 'nextclouduser'@'%'; FLUSH PRIVILEGES; exit
    The above commands will allow the database account to connect from any machine from anywhere in the world. This might be OK if your database is not accessible outsite your local network or if your machine name changes or you have multiple servers that connect to the same database that use the same ID. You can make this more secure by specifying your application server when granting access. Make sure the database server will recognize the server name (via hosts file or DNS) or just use the IP address:
    CREATE USER 'nextclouduser'@'srv-nextcloud' IDENTIFIED BY 'nextclouduserpass'; GRANT ALL ON nextcloud.* TO 'nextclouduser'@'srv-nextcloud';
    or
    CREATE USER 'nextclouduser'@'192.168.107.9' IDENTIFIED BY 'nextclouduserpass'; GRANT ALL ON nextcloud.* TO 'nextclouduser'@'192.168.107.9';
    This will prevent anyone knowing the credentials from logging into the database from any other remote machine not specified in the grant command.

    If your application is running on the database server (typical on a developer machine / non-production scenario), create the user like this:
    CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'nextclouduserpass'; GRANT ALL ON nextcloud.* TO 'nextclouduser'@'localhost';
    This will prevent anyone knowing the credentials from logging into the database from any other remote machine.

    If you mess anything up, you can remove the database and user by issuing these commands:
    DROP USER nextclouduser; FLUSH PRIVILEGES; DROP DATABASE nextcloud;
  4. To avoid the "impossible to write to binary log since BINLOG_FORMAT = STATEMENT" error message when accessing the NextCloud page the 1st time which creates the database tables/data, you need to edit the "my.cnf" on the MySQL/MariaDB server to include the following setting:

    Code: Select all

    binlog-format=MIXED
    Then restart the database service:

    Code: Select all

    service mysql restart

User avatar
LHammonds
Site Admin
Site Admin
Posts: 651
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

NextCloud Installation

Post: # 564Post LHammonds
Thu Jan 11, 2018 4:34 pm

NextCloud

We are installing manually instead of using the package manager for the following reasons:
  • Can obtain the newer version straight from NextCloud's website
  • Don't want MySQL installed on the same server since I have a dedicate DB server (and also would rather use MariaDB)
  • Want to use my own paths rather than the path Ubuntu uses which is different than everyone else.
Multiple web sites - This documentation assumes NextCloud will be an additional web site running on this server and as such will configure its own .conf files and manage each site separately.

Code: Select all

cd /tmp
wget https://download.nextcloud.com/server/releases/nextcloud-12.0.4.zip.md5
wget https://download.nextcloud.com/server/releases/nextcloud-12.0.4.zip
Verify the file integrity of the download. Compare both numbers and insure they are identical:

Code: Select all

md5sum /tmp/nextcloud-12.0.4.zip
d29aa3fd0a57bcc6fbf2af5a21d70c47  /tmp/nextcloud-12.0.4.zip

cat /tmp/nextcloud-12.0.4.zip.md5
d29aa3fd0a57bcc6fbf2af5a21d70c47  nextcloud-12.0.4.zip
Extract the archive:

Code: Select all

cd /tmp
unzip /tmp/nextcloud-12.0.4.zip
chown www-data:www-data -R /tmp/nextcloud/
mv /tmp/nextcloud /var/www/nextcloud
rm /tmp/nextcloud*.zip
rm /tmp/nextcloud*.md5
Create the data repository location. It is recommended to keep this "Data" folder from being anywhere inside the web root folder to ensure users cannot simply browse it.

Code: Select all

mkdir -p /var/www/nextcloud-data
chown www-data:www-data -R /var/www/nextcloud-data
Install NextCloud (create database)

Code: Select all

cd /var/www/nextcloud/
sudo -u www-data php occ  maintenance:install --database "mysql" --database-host="srv-mysql" --database-name "nextcloud" --database-table-prefix "nc_" --database-user "nextclouduser" --database-pass "nextclouduserpass" --data-dir "/var/www/nextcloud-data" --admin-user "nextcloudadmin" --admin-pass "nextcloudadminpass"
NextCloud Configuration File

Make sure your config looks similar to this but substituting your actual values and adding any missing lines:

Code: Select all

vi /var/www/nextcloud/config/config.php

Code: Select all

<?php
$CONFIG = array (
  'instanceid' => 'ocndnnro5l72',
  'passwordsalt' => 'bhiABCw6D7Ed3IF+mHpIzJF06vKLMN',
  'secret' => 'abcdefghijklmnopqrstuvwxyz123456790',
  'trusted_domains' =>
  array (
    0 => 'nextcloud.mydomain.com',
    1 => '192.168.107.10',
    2 => 'localhost',
  ),
  'datadirectory' => '/var/www/nextcloud-data',
  'overwrite.cli.url' => 'http://nextcloud.mydomain.com',
  'htaccess.RewriteBase' => '/',
  'dbtype' => 'mysql',
  'version' => '12.0.4.3',
  'dbname' => 'nextcloud',
  'dbhost' => 'srv-mysql',
  'dbport' => '',
  'dbtableprefix' => 'nc_',
  'dbuser' => 'nextclouduser',
  'dbpassword' => 'nextclouduserpass!',
  'auth.bruteforce.protection.enabled' => true,
  'installed' => true,
);
Create Apache Config for NextCloud

Code: Select all

vi /etc/apache2/sites-available/nextcloud.conf
<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName nextcloud.mydomain.com DocumentRoot /var/www/nextcloud ErrorLog ${APACHE_LOG_DIR}/nc-error.log CustomLog ${APACHE_LOG_DIR}/nc-access.log combined <Directory /var/www/nextcloud/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /var/www/nextcloud SetEnv HTTP_HOME /var/www/nextcloud </Directory> </VirtualHost>
Enable the site configuration:

Code: Select all

a2ensite nextcloud
If you need to disable the site in the future:

Code: Select all

a2dissite nextcloud
Reload the Apache config so it is aware of the modified virtual host

Code: Select all

service apache2 reload
NextCloud Login

Now, go to your IP address or domain name in your browser:
Example: http://192.168.107.9/ or http://nextcloud.mydomain.com/
Make sure you can login with your admin account.

User avatar
LHammonds
Site Admin
Site Admin
Posts: 651
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Post-Installation

Post: # 565Post LHammonds
Thu Jan 11, 2018 4:36 pm

Directory Security

During install, you should have set the user/group ownership to match your web server (www-data for Apache on Ubuntu).

These are the default permissions for your NextCloud directories and files:
  • All files should be read-write for the file owner, read-only for the group owner, and zero for the world (640)
  • All directories should be executable (because directories always need the executable bit set), read-write for the directory owner, and read-only for the group owner (750)
  • The .htaccess files are read-write for the file owner, read-only group and world (644)
  • The .htaccess files should be owned by root:www-data
Let's create the script that will enforce the recommended permissions/ownership.

Code: Select all

mkdir -p /var/scripts/prod
touch /var/scripts/prod/nextcloud-secure.sh
chown root:root /var/scripts/prod/nextcloud-secure.sh
chmod 0755 /var/scripts/prod/nextcloud-secure.sh
vi /var/scripts/prod/nextcloud-secure.sh

Code: Select all

#!/bin/bash
#############################################
## Name          : nextcloud-secure.sh
## Version       : 1.1
## Date          : 2018-01-11
## Author        : LHammonds
## Compatibility : Ubuntu Server 16.04 LTS, NextCloud 13.0.1
## Purpose       : Ensures ownership and permissions are set correctly.
## Run Frequency : Manual as needed or via crontab schedule.
## NOTE: These settings will prevent the updater from working.
## The only thing needed to change in order for the updater to
## work is to change the rootuser to be the same as webuser.
################ CHANGE LOG #################
## DATE       WHO WHAT WAS CHANGED
## ---------- --- ----------------------------
## 2018-01-11 LTH Created script.
## 2018-03-29 LTH Improvments.
#############################################
wwwdir='/var/www/nextcloud'
datadir='/var/www/nextcloud-data'
webuser='www-data'
webgrp='www-data'
rootuser='root'

if [ ! -f ${wwwdir}/.htaccess ]; then
  echo "ERROR: Missing critical file: ${wwwdir}/.htaccess"
  echo "This file should have been included in the app archive"
fi
if [ ! -f ${wwwdir}/config/.htaccess ]; then
  echo "ERROR: Missing critical file: ${wwwdir}/config/.htaccess"
  echo "This file should have been included in the app archive"
fi
if [ ! -f ${datadir}/.htaccess ]; then
  echo "WARNING: Missing potentially critical file: ${datadir}/.htaccess"
  echo "If the data folder is not directly inside the"
  echo "www folder, then it is not an issue."
fi
echo "Making folders if they are missing..."
if [ ! -d ${wwwdir}/apps ]; then
  mkdir -p ${wwwdir}/apps
fi
if [ ! -d ${wwwdir}/config ]; then
  mkdir -p ${wwwdir}/config
fi
if [ ! -d ${wwwdir}/themes ]; then
  mkdir -p ${wwwdir}/themes
fi
if [ ! -d ${datadir} ]; then
  mkdir -p ${datadir}
fi
echo "Setting Ownership..."
chown -R ${webuser}:${webgrp} ${wwwdir}/
chown -R ${webuser}:${webgrp} ${wwwdir}/apps/
chown -R ${webuser}:${webgrp} ${wwwdir}/config/
chown -R ${webuser}:${webgrp} ${wwwdir}/themes/
chown ${rootuser}:${webgrp} ${wwwdir}/.htaccess
chown ${rootuser}:${webgrp} ${wwwdir}/config/.htaccess
chown ${rootuser}:${webgrp} ${datadir}/.htaccess
echo "Setting Folder Permissions..."
find ${wwwdir}/ -type d -print0 | xargs -0 chmod 0750
find ${datadir}/ -type d -print0 | xargs -0 chmod 0750
echo "Setting File Permissions..."
find ${wwwdir}/ -type f -print0 | xargs -0 chmod 0640
find ${datadir}/ -type f -print0 | xargs -0 chmod 0640
chmod 0644 ${wwwdir}/.htaccess
chmod 0644 ${wwwdir}/config/.htaccess
chmod 0644 ${datadir}/.htaccess
echo "Permission change complete."
Now just run the script

Code: Select all

/var/scripts/prod/nextcloud-secure.sh
You can also schedule the script via crontab to run on a regular basis to make sure the permissions never stay out of whack for long.

If you want to enable the updater to work, simply change the value of "rootuser" from "root" to "www-data"

Configure for secure (SSL) access

This will create a self-signed certificate that will expire 1,095 days (3 years) from the date it was created. Web browsers will balk about it being untrusted. It will still work but end-users will have to allow this exception unless you pay > $200 for an official SSL certificate issued by a trusted/known authority.

Code: Select all

a2enmod ssl
mkdir -p /etc/apache2/ssl/certs
mkdir -p /etc/apache2/ssl/private
openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout /etc/apache2/ssl/private/nextcloud.key -out /etc/apache2/ssl/certs/nextcloud.crt
  Country Name: US
  State: MyState
  Locality Name: MyCity
  Organication Name: MyCompany
  Organizational Unit Name: MyDepartment
  Common Name: nextcloud.mycompany.com
  Email Address: webmaster@mycompany.com
To verify the certificate:

Code: Select all

openssl x509 -in /etc/apache2/ssl/certs/nextcloud.crt -text -noout
To verify the private key:

Code: Select all

openssl rsa -in /etc/apache2/ssl/private/nextcloud.key -check
Create the SSL web config

Code: Select all

vi /etc/apache2/sites-available/nextcloud-ssl.conf
Set these values:

Code: Select all

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerName nextcloud.mydomain.com:443
                ServerAdmin webmaster@localhost
                DocumentRoot /var/www/nextcloud
                ErrorLog ${APACHE_LOG_DIR}/nc-error.log
                CustomLog ${APACHE_LOG_DIR}/nc-access.log combined
                SSLEngine on
                SSLCertificateFile /etc/apache2/ssl/certs/nextcloud.crt
                SSLCertificateKeyFile /etc/apache2/ssl/private/nextcloud.key
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
                <IfModule mod_headers.c>
                                Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
                </IfModule>
                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
</IfModule>
Now we need to enable the SSL site configuration:

Code: Select all

a2ensite nextcloud-ssl
service apache2 reload
Force users to use SSL for enhanced security

Code: Select all

a2enmod rewrite

Code: Select all

vi /etc/apache2/sites-available/nextcloud.conf

Code: Select all

<VirtualHost *:80>
        #### Redirect to port 443 ###
        RewriteEngine on
        ReWriteCond %{SERVER_PORT} !^443$
        RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
        #### End of Redirection configuration ###

        ServerAdmin webmaster@localhost
        ServerName nextcloud.mydomain.com
        DocumentRoot /var/www/nextcloud
        ErrorLog ${APACHE_LOG_DIR}/nc-error.log
        CustomLog ${APACHE_LOG_DIR}/nc-access.log combined
        <Directory /var/www/nextcloud/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
                <IfModule mod_dav.c>
                  Dav off
                 </IfModule>
                SetEnv HOME /var/www/nextcloud
                SetEnv HTTP_HOME /var/www/nextcloud
        </Directory>
</VirtualHost>
Reload the updated configuration for Apache:

Code: Select all

service apache2 reload
Configure NextCloud Settings

Now, go to your IP address or domain name in your browser:
Example: http://192.168.107.9/ or http://nextcloud.mydomain.com/

It should automatically re-direct to https:// for secured SSL connection.

Login with your admin account and click the gear icon on top-right side, then click Admin

When the configuration check is complete, it should say "No problems found" if you did everything right (e.g. using SSL, .htaccess, etc.)

Email Server - Setup your mail sending capability here (choices vary depending on your mail server):
Send mode: smtp Encryption: SSL From address: nextcloud@mydomain.com Authentication method: Login Check: Authentication required Server address: mail.mydomain.com : 25 Credentials: smtpuser Password: smtppassword
On top-right side, click on the gear icon, then +Apps and then find and enable the following:
  • Office and Text -> Calendar
  • Office and Text -> Contacts
Add Users

While logged in with your admin user, click gear icon on top-right side and then Users
Click the "gear" icon on the lower-left corner to display settings.
Note the default space quota is set to Unlimited. You can configure the default here.
It would also be a good idea to place checkmarks beside "Send email to new user" and "Show email address"
In the empty "Username" "Password" and "Email" fields, add a user account and click "Create"
Repeat for each user you want added.

NextCloud comes with one default group: admin. When you create users, they will not belong to any group. If you need to create other groups, click the "+ Add group" link on the top-left and type in a name.

You can assign space limitations by setting the quota for each individual or just let it use the system-wide default quota.

Configure New User Folder Skeleton

When a new user is created, the following folder/files are copied to the new user's folder:

/var/www/nextcloud/core/skeleton/*

You can remove the example files and/or create new folders/files so it looks a certain way when a new person logs in.

Install New Apps

You can install other apps not listed with the default installation.
Visit this site: https://apps.nextcloud.com/?xsortmode=high

User avatar
LHammonds
Site Admin
Site Admin
Posts: 651
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Upgrades

Post: # 566Post LHammonds
Thu Jan 11, 2018 4:38 pm

Do not skip the major releases when upgrading. So going from 9.0.54 to 12.0.4 means you need to upgrade in this order:

9.0.54 -> 9.0.58 (Upgrade to the latest minor release of the current major version you are on)
9.0.58 -> 10.0.6 (Upgrade to the latest next major release)
10.0.6 -> 11.0.6 (Upgrade to the latest next major release)
11.0.6 -> 12.0.4 (Upgrade to the latest next major release)

General steps of the upgrade are as follows:
  1. Disable any 3rd-party applications
  2. Place system into maintenance mode.

    Code: Select all

    cd /var/www/nextcloud
    sudo -u www-data php occ maintenance:mode --on
    or

    Code: Select all

    vi /var/www/nextcloud/config/config.php

    Code: Select all

    'maintenance' => true,
  3. Backup the NextCloud site (and uploads)

    Code: Select all

    tar -czf /tmp/html-before.tar.gz /var/www/nextcloud
  4. Backup the database

    Code: Select all

    mysql --databases nextcloud > /tmp/nextcloud-before.sql
  5. Download next release to install and extract into a temp folder

    Code: Select all

    cd /tmp
    wget *** INSERT URL HERE ***
    unzip /tmp/nextcloud*.zip
    rm /tmp/nextcloud*.zip
  6. Stop web server

    Code: Select all

    service apache2 stop
  7. Push the folders around such as the following:

    Code: Select all

    mv /var/www/nextcloud /var/www/nextcloud.old
    mv /tmp/nextcloud /var/www/nextcloud
    cp /var/www/nextcloud.old/config/config.php /var/www/nextcloud/config/.
    mv /var/www/nextcloud.old/data /var/www/nextcloud/.
    NOTE: If you have a custom theme, be sure to move it too. Example:

    Code: Select all

    mv /var/www/nextcloud.old/themes/mytheme /var/www/nextcloud/themes/.
  8. Start web server

    Code: Select all

    service apache2 start
  9. Run the upgrade script:

    Code: Select all

    cd /var/www/nextcloud
    sudo -u www-data php occ upgrade
    NOTE: If the command does not work, you might need to enable the "execute" permission with chmod +x occ
  10. Turn off maintenance mode.

    Code: Select all

    sudo -u www-data php occ maintenance:mode --off
    or

    Code: Select all

    vi /var/www/nextcloud/config/config.php

    Code: Select all

    'maintenance' => false,
  11. If the upgrade was successful, verify by logging into the site as admin an verify the version number.
  12. Re-enable the 3rd party applications
  13. Re-run the script to correct ownership and permissions.

    Code: Select all

    /var/scripts/nextcloud-secure.sh
  14. Remove old code:

    Code: Select all

    rm -rf /var/www/nextcloud.old
  15. Backup the NextCloud site (and uploads)

    Code: Select all

    tar -czf /tmp/html-after.tar.gz /var/www/nextcloud
  16. Backup the database

    Code: Select all

    mysql --databases nextcloud > /tmp/nextcloud-after.sql

User avatar
LHammonds
Site Admin
Site Admin
Posts: 651
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

External Storage

Post: # 567Post LHammonds
Thu Jan 11, 2018 4:51 pm

External Storage

These are the steps to enable and configure external storage to mount an existing share on another server...Windows 2012 in this case.

Step #1 Gather Share Information
  1. Make sure you have valid connection information such as the following:
  2. IP Address of the server hosting the share. Example: 192.168.107.55
  3. Exact spelling of the share. Example: Share
  4. UserID that has access to the share. Example: MyDomain\JDoe
  5. Password for the UserID. Example: abcd123!
Step #2 Enable External Storage support
  1. Login to your NextCloud web interface with an administrator account
  2. On the top-right corner, click the gear icon -> +Apps -> Not enabled
  3. Find "External storage support" and click the Enable button
  4. Click the Enabled section on the left to show all enabled plugins and make sure you see External storage support.
Step #3 - Configure NextCloud to utilize the external storage
  1. On the top-right corner, click the gear icon -> Admin -> External Storages
  2. Type in a folder name that will show up in the user's account. Example: Policies
  3. Click the "Add storage" drop-down beside it and select "SMB/CIFS"
  4. Fill out the Host, Share, Username and Password.
  5. In the "Available for" section to the right, add the NextCloud users/groups that will get this link.
  6. WARNING: Be careful adding it to anyone that syncs their account to their PC because they will immediately start sync'ing this new location.

User avatar
LHammonds
Site Admin
Site Admin
Posts: 651
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Fail2Ban

Post: # 568Post LHammonds
Thu Jan 11, 2018 4:53 pm

Fail2Ban

If you have Fail2Ban installed and protecting SSH as part of the base install. You can add these few changes to also watch for NextCloud login failures.

NextCloud as a basic brute force denial system but this one is much, much better and configurable to your needs.

If you use fail2ban option, be sure to edit NextCloud's config.php file and set auth.bruteforce.protection.enabled to false

Code: Select all

vi /etc/fail2ban/filter.d/nextcloud.conf

Code: Select all

## Author: LHammonds
## Date:   2017-01-11

[INCLUDES]

before = common.conf

[Definition]

## NextCloud 12.0.4
failregex=Login failed.*Remote IP.*'<HOST>'

ignoreregex =

Code: Select all

vi /etc/fail2ban/jail.local
Add the following to the bottom. If your data path is different, be sure to update "logpath"

Code: Select all


[nextcloud]
enabled = true
filter  = nextcloud
# select http, https or both, depending on which you use:
port    =  http,https
# edit the logpath to your needs:
logpath = /var/www/nextcloud-data/nextcloud.log
## "bantime" is the number of seconds that a host is banned.
##  300 =  5 minutes
##  600 = 10 minutes
##  900 = 15 minutes
## 1800 = 30 minutes
## 3600 = 60 minutes
bantime = 1800
## "findtime" is the length of time between login attempts before a ban is set.
findtime = 600
## "maxretry" is how many attempts can be made to access the server from a single IP before a ban is imposed.
maxretry = 7

User avatar
LHammonds
Site Admin
Site Admin
Posts: 651
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

NextCloud Client

Post: # 570Post LHammonds
Mon Jan 15, 2018 5:58 am

How to Install NextCloud Client

Reference: User Manual

Client Installation
  1. Visit NextCloud and download the Desktop Client that matches your operating system (e.g. Windows)
  2. Install the client you just downloaded using the default settings
Account Configuration
  1. Add Account
  2. Address: https://nextcloud.mydomain.com
  3. Untrusted Certificate - Click "Trust this certificate anyway" and click OK
  4. Credentials - Type in your ID and password and click Next
  5. Local folder options - Pick a folder on your PC to synchronize to the server and click Connect
  6. Everything Setup - Click Finish
NOTE #1: It says Untrusted Certificate because we use a self-signed certificate during installation which is perfectly OK. If we needed to purchase an SSL certificate from Verisign, we would need to pay hundreds of dollars every couple of years to keep that warning message from displaying which is not that important.

NOTE #2: You might need to specify which folders in your account to sync if you can also access network shares (you do not want to sync the entire network file server to your PC)

Migration from ownCloud

This information was documented with the following:
  • ownCloud Desktop app version 2.4.0
  • Windows 10
  • NextCloud Desktop app version 2.3.3
Migration Option #1 - Re-use old configuration

If you are unsure of the settings or are doing this for somebody else, you can just copy over the configuration and you do not have to worry about missing anything. This is the safest option to pick.
  1. Right-click on the ownCloud icon in taskbar, select Quit ownCloud
  2. Open Control Panel, Programs and Features, uninstall ownCloud
  3. Close Control Panel
  4. Open a browser and login to https://nextcloud.mydomain.com
  5. In the top-right corner, click the gear icon and select Personal
  6. Under the Get the apps to sync your files click Desktop app
  7. Click Windows 7,8.x and 10 to download Nextcloud-2.3.3.1-setup.exe
  8. Install NextCloud
  9. Start NextCloud client but close it once the wizard asks for the Server Address
  10. Right-click on the NextCloud icon in taskbar, select Quit NextCloud
  11. Click Start, Run (or Search if Run is not visible), type %localappdata% and press ENTER
  12. Edit ownCloud\owncloud.cfg and select all the contents (CTRL+A) and copy (CTRL+C)
  13. Close owncloud.cfg
  14. Edit NextCloud\nextcloud.cfg and select all the contents (CTRL+A) and paste (CTRL+V) to overwrite all the data
  15. Save and close nextcloud.cfg
  16. Start NextCloud client
  17. Enter your password and the client should start without having to re-sync any files.
Migration Option #2 - Re-key configuration

If you are confident in knowing all your settings, you can just re-configure the new client like the old client. This can be considered the riskier option.
  1. Right-click on the ownCloud icon in taskbar, select Quit ownCloud
  2. Open Control Panel, Programs and Features, uninstall ownCloud
  3. Close Control Panel
  4. Follow the steps above in the Client Installation and Account Configuration sections.
Video Tutorials

NOTE: NextCloud is just a new version of ownCloud so information about ownCloud applies.

User avatar
LHammonds
Site Admin
Site Admin
Posts: 651
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Automation

Post: # 595Post LHammonds
Tue Mar 06, 2018 7:01 am

Here is a crontab entry for purging any backups older than 8 days:

Code: Select all

0 23 * * * find /bak/nextcloud/* -type f -mtime +8 -execdir rm -- '{}' \; > /dev/null 2>&1
Here is a script that can be used to backup the NextCloud instance. Notice that it does not include the database since it is assumed it is on a separate/dedicated database server. The database server will have its own backup scripts.

/var/scripts/prod/nextcloud-backup.sh

Code: Select all

#!/bin/bash
#############################################
## Name          : Nextcloud-backup.sh
## Version       : 1.1
## Date          : 2018-03-06
## Author        : LHammonds
## Compatibility : Ubuntu Server 12.04-16.04 LTS, NextCloud 12.0.4
## Purpose       : Backup web server while online.
## Run Frequency : One or multiple times per day.
## Exit Codes    : (if multiple errors, value is the addition of codes)
##   0 = Success
##   1 = rsync failure
##   2 = Archive creation failure
##   4 = Remote copy failure
##   8 = Cannot connect to MySQL NFS mount
################ CHANGE LOG #################
## DATE       WHO WHAT WAS CHANGED
## ---------- --- ----------------------------
## 2012-05-14 LTH Created script.
## 2017-08-31 LTH Updated variable names to current standard.
## 2018-03-06 LTH Adapted from ownCloud to NextCloud.
#############################################
## Import common variables and functions. ##
source /var/scripts/common/standard.conf

LogFile="${LogDir}/${Company}-nextcloud-backup.log"
TargetDir="${BackupDir}/nextcloud"
LockFile="${TempDir}/nextcloud-backup.lock"
ArchiveFile="`date +%Y-%m-%d-%H-%M`_nextcloud-backup.${ArchiveMethod}"
Sources="/var/www/nextcloud/ /var/log/apache2/ /etc/apache2/ /etc/php/7.0/ /etc/network/interfaces /etc/hosts"
ErrorFlag=0
ReturnValue=0

#######################################
##            FUNCTIONS              ##
#######################################
function f_cleanup()
{
  if [ -f ${LockFile} ];then
    ## Remove lock file so other backup jobs can run.
    rm "${LockFile}" 1>/dev/null 2>&1
  fi
  echo "`date +%Y-%m-%d_%H:%M:%S` - NextCloud backup exit code: ${ErrorFlag}" >> ${LogFile}
}

#######################################
##           MAIN PROGRAM            ##
#######################################

## Binaries ##
Tar="$(which tar)"
My7zip="$(which 7za)"
Rsync="$(which rsync)"
if [ -f ${LockFile} ]; then
  ## Script lock file detected.  Abort script.
  f_sendmail "NextCloud Backup Aborted - Lock File" "This script tried to run but detected the lock file: ${LockFile}\n\nPlease check to make sure the file does not remain when backup is not actually running."
  exit 1
else
  echo "`date +%Y-%m-%d_%H:%M:%S` ${ScriptName}" > ${LockFile}
fi
StartTime="$(date +%s)"
echo "`date +%Y-%m-%d_%H:%M:%S` - Backup started." >> ${LogFile}

## Connect to the MySQL server to kick-off a remote database backup.
#mount tema1-mysql:/srv/samba/share /mnt/tema1-mysql

## Output the version information to a text file which will be included in the backup.
if [ -f "${AppDir}/version-info.txt" ]; then
  rm "${AppDir}/version-info.txt"
fi
lsb_release -cd >> ${AppDir}/version-info.txt
apache2 -v >> ${AppDir}/version-info.txt
php -i >> ${AppDir}/version-info.txt

## Check destination folder.  Create folder structure if not present.
if [ ! -d "${TargetDir}" ]; then
  mkdir -p ${TargetDir}
fi
## Synchronize files to backup folder.
## Synchronize files to backup folder.
${Rsync} -apogHK --delete --exclude=*.pid ${AppDir} ${TargetDir} 1>/dev/null 2>&1
ReturnValue=$?
if [ ${ReturnValue} -ne 0 ]; then
  ## ERROR: Send email notification.
  echo "`date +%Y-%m-%d_%H:%M:%S` --- ERROR: Backup failed. ${AppDir} -> ${TargetDir}" >> ${LogFile}
  f_sendmail "Backup Failure - rsync" "ERROR: Backup failed. ${AppDir} -> ${TargetDir}, RETURN VALUE = ${ReturnValue}"
  ErrorFlag=${ErrorFlag} + 1
fi
## Compress the backup into a single file based on archive method specified.
echo "`date +%Y-%m-%d_%H:%M:%S` --- Compressing archive: ${TempDir}/${ArchiveFile}" >> ${LogFile}
case "${ArchiveMethod}" in
tar.7z)
  ## NOTE: Compression changed from 9(ultra) to 7 since it was blowing out on 512 MB RAM
  ${Tar} -cpf - ${Sources} | ${My7zip} a -si -mx=7 -w${TempDir} ${TempDir}/${ArchiveFile} 1>/dev/null 2>&1
  ReturnValue=$?
  ## Restore using one of the following commands (do not uncomment, only for notation):
  ## 7za x -so -w/tmp ${TempDir}/${ArchiveFile} | tar -C / -xf -
  ## 7za x -so -w/tmp ${TempDir}/${ArchiveFile} | tar -C ${TempDir}/restore --strip-components=1 -xf -
  ;;
tgz)
  ${Tar} -cpzf ${TempDir}/${ArchiveFile} ${Sources} 1>/dev/null 2>&1
  ReturnValue=$?
  ## Restore using one of the following commands (do not uncomment, only for notation):
  ## tar -C / -xzf ${TempDir}/${ArchiveFile}
  ## tar -C ${TempDir}/restore --strip-components=1 -xzf ${TempDir}/${ArchiveFile}
  ;;
*)
  ${Tar} -cpzf ${TempDir}/${ArchiveFile} ${Sources} 1>/dev/null 2>&1
  ReturnValue=$?
  ;;
esac

if [ ${ReturnValue} -ne 0 ]; then
  ## tar command failed.  Send warning email.
  f_sendmail "NextCloud Backup Failure - tar" "tar failed with return value of ${ReturnValue}"
  ErrorFlag=$((${ErrorFlag} + 2))
fi
mv ${TempDir}/${ArchiveFile} ${TargetDir}/.

## Calculate total time for backup.
FinishTime="$(date +%s)"
ElapsedTime="$(expr ${FinishTime} - ${StartTime})"
Hours=$((${ElapsedTime} / 3600))
ElapsedTime=$((${ElapsedTime} - ${Hours} * 3600))
Minutes=$((${ElapsedTime} / 60))
Seconds=$((${ElapsedTime} - ${Minutes} * 60))

echo "`date +%Y-%m-%d_%H:%M:%S` --- Total backup time: ${Hours} hour(s) ${Minutes} minute(s) ${Seconds} second(s)" >> ${LogFile}

echo "`date +%Y-%m-%d_%H:%M:%S` - NextCloud backup completed." >> ${LogFile}

## Perform cleanup routine.
f_cleanup
## Exit with the combined return code value.
exit ${ErrorFlag}
Example output in the log:

/var/log/abc-nextcloud-backup.log

Code: Select all

2018-03-04_23:00:01 - Backup started.
2018-03-04_23:00:02 --- Compressing archive: /tmp/2018-03-04-23-00_nextcloud-backup.tar.7z
2018-03-04_23:01:26 --- Total backup time: 0 hour(s) 1 minute(s) 25 second(s)
2018-03-04_23:01:26 - NextCloud backup completed.
2018-03-04_23:01:26 - NextCloud backup exit code: 0
2018-03-05_23:00:01 - Backup started.
2018-03-05_23:00:03 --- Compressing archive: /tmp/2018-03-05-23-00_nextcloud-backup.tar.7z
2018-03-05_23:01:32 --- Total backup time: 0 hour(s) 1 minute(s) 31 second(s)
2018-03-05_23:01:32 - NextCloud backup completed.
2018-03-05_23:01:32 - NextCloud backup exit code: 0

Post Reply