shadowpage.ydns.eu

start Login

Nextcloud

Source: PiMyLifeUp
NC Admin Manual: Administration_Manual
Online: Administration_Manual
```
sudo apt update
sudo apt upgrade
```

Install PHP

sudo apt install lsb-release
curl https://packages.sury.org/php/apt.gpg | sudo tee /usr/share/keyrings/suryphp-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/suryphp-archive-keyring.gpg] https://packages.sury.org/php/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/sury-php.list
sudo apt update
sudo apt upgrade
sudo apt install php8.4-cli

sudo apt install php8.4 php8.4-gd php8.4-sqlite3 php8.4-curl php8.4-zip php8.4-xml php8.4-mbstring php8.4-mysql php8.4-bz2 php8.4-intl php8.4-smbclient php8.4-imap php8.4-gmp php8.4-bcmath libapache2-mod-php8.4

Test

echo "<?php echo 'Hello World';" > test.php
php8.4 test.php

fix Sury-Repository

grep -R "packages.sury.org/php" /etc/apt/sources.list /etc/apt/sources.list.d/

sudo rm -f /etc/apt/sources.list.d/php.list
sudo rm -f /etc/apt/sources.list.d/sury-php.list

sudo wget -O /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb
sudo dpkg -i /tmp/debsuryorg-archive-keyring.deb

echo "deb [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg] https://packages.sury.org/php/ bookworm main" | sudo tee /etc/apt/sources.list.d/php.list

Install apache2

sudo apt install apache2
sudo service apache2 restart

Logfiles

cd /var/log/apache2/
nano error.log

Test

sudo nano /var/www/html/info.php

< ?php
phpinfo();

browse: http://192.168.6.11/info.php

Install MySQL

MySQL

sudo apt install mariadb-server
sudo mysql_secure_installation

y, rootpw, n, n, y, y, y, y

sudo mysql -u root -p

CREATE DATABASE nextclouddb;
CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY '[PASSWORD]';
GRANT ALL PRIVILEGES ON nextclouddb.* TO 'nextclouduser'@'localhost';
FLUSH PRIVILEGES;

quit

sudo apt install php-mysql

Setup Nextcloud

cd /var/www/
sudo wget https://download.nextcloud.com/server/releases/latest.tar.bz2
sudo tar -xvf latest.tar.bz2
sudo mkdir -p /var/www/nextcloud/data
sudo chown -R www-data:www-data /var/www/nextcloud/
sudo chmod 750 /var/www/nextcloud/data

Configuration

sudo nano /etc/apache2/sites-available/nextcloud.conf

add the following lines

<VirtualHost *:80>
  DocumentRoot /var/www/nextcloud/
  ServerName shadownextcloud.duckdns.org

  <Directory /var/www/nextcloud/>
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews

    <IfModule mod_dav.c>
      Dav off
    </IfModule>
  </Directory>
</VirtualHost>

save (CTRL + S) and exit (CTRL + X)

using the file by Apache

sudo a2ensite nextcloud.conf

and restart

sudo systemctl reload apache2
sudo reboot now

Setup Nextcloud user
use your browser
```
shadownextcloud.duckdns.org
```
1. enter Username and Password for your admin account
2. click "Storage & Datbase"
3. click "MySQL/MariaDB"
enter details
1. db user: nextclouduser
2. password: [PASSWORD]
3. set db name: nextclouddb
click "Install"!

Move Nextcloud’s data folder

sudo mkdir -p /var/nextcloud
sudo mv -v /var/www/nextcloud/data /var/nextcloud/data
cd /var/www/nextcloud/config
sudo cp -p config.php config.php.bk
sudo nano config.php

change line:

'datadirectory' => '/var/www/nextcloud/data',

'datadirectory' => '/var/nextcloud/data',

save (CTRL + S) and exit (CTRL + X)

sudo chown -R www-data:www-data /var/nextcloud/data

Add an external hd

add hd

Sicherheits- & Einrichtungswarnungen

Max upload size

find php.ini version

php -i |grep php.ini

edit

sudo nano /etc/php/8.4/apache2/php.ini

find

memory_limit = 
max_execution_time: 
max_input_time: 
post_max_size = 
upload_max_filesize =

set to

memory_limit = 512M
max_execution_time: 3600
max_input_time: 3600
post_max_size = 2G
upload_max_filesize = 2G

opcache.interned_strings_buffer=20

save (CTRL + S) and exit (CTRL + X)

sudo service apache2 restart

Wartungsfenster

sudo nano /var/www/nextcloud/config/config.php

add

'maintenance_window_start' => '1',

NGINX configuration

NGINX configuration
nginx:

cd /etc/nginx/sites-enabled/
sudo nano reverse-proxy.conf

server {
	server_name shadownextcloud.duckdns.org;

	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;

	root /;
	index index.html;

	# set max upload size
	client_max_body_size 512M;
	fastcgi_buffers 64 4K;

	location = /robots.txt {
		allow all;
	        log_not_found off;
        	access_log off;
	}
	rewrite ^/.well-known/webfinger /nextcloud/public.php?service=webfinger last;
	location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        	deny all;
	}
	location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        	deny all;
	}

	location / {
		proxy_pass http://192.168.6.11;
		proxy_set_header Host $host;
	}
}

sudo nginx -t && sudo nginx -s reload

SSL
sudo certbot --nginx

OPCache interned strings buffer anpassen

foxly.de

sudo nano /etc/php/8.4/cli/php.ini

opcache.interned_strings_buffer=20

default_phone_region

sudo nano /var/www/nextcloud/config/config.php

change/add

  'default_phone_region' => 'DE',

Login reverse proxy

sudo nano /var/www/nextcloud/config/config.php

add/change

  'overwritehost' => 'www.shadownextcloud.duckdns.org',

imagick

sudo apt-get install imagemagick php8.2-imagick
php -m | grep imagick
sudo systemctl reload apache2

Memcache

sudo apt-get install php8.2-apcu
sudo apt-get install redis-server php8.2-redis
sudo nano /var/www/nextcloud/config/config.php

add to end

'memcache.local' => '\OC\Memcache\APCu',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
'host' => 'localhost',
'port' => 6379,
],

sudo nano /etc/php/8.2/apache2/php.ini

add to end

apc.enable_cli=1

systemctl restart apache2.service

occ db:add-missing-indices

sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices

occ db:convert-type

sudo -u www-data php /var/www/nextcloud/occ db:convert-type --all-apps --password="[PASSWORD]" mysql nextclouduser 127.0.0.1 nextclouddb

occ maintenance:repair

sudo -u www-data php /var/www/nextcloud/occ maintenance:repair --include-expensive

Delete Log

sudo truncate -s 0 /var/www/nextcloud/data/nextcloud.log

E-Mail-Server
in Admin settings: navigate to "Persönlich" >> "Persönliche Informationen" add E-Mail-Adresse: [my]@gmx.de
navigate to "Administration" >> "Grundeinstellung"
```
Sendemosud: SMTP
Verschlüsselung: SSL
Absendeadresse: [my] @ gmx.de
Serveradresse: mail.gmx.net : 465
Zugangsdaten: [my]@gmx.de mysecretpassword
```
iOS synchronisieren
Source: docs.nextcloud
Calendar
1. Öffnen Sie die “Einstellungen”-App auf Ihrem iOS-Gerät.
2. Wählen Sie “Mail, Kontakte, Kalender”.
3. Klicken Sie auf “Account hinzufügen”.
4. Wählen Sie “Andere” als Account-Typ.
5. Wählen Sie “CalDAV-Account hinzufügen”.
6. Als Server verwenden Sie: shadownextcloud.duckdns.org/remote.php/dav/principals/users/USERNAME/
7. Geben Sie Ihren Nextcloud Benutzernamen und Ihr Passwort ein.
8. Klicken Sie “Weiter”.
9. Falls Ihr Server keine verschlüsselte Verbindung unterstützt, wird Ihnen eine entsprechende Fehlermeldung angezeigt. Bestätige Sie mit “OK”.
10. Wenn die Accountdaten nicht verifiziert werden können, führen Sie folgende Schritte durch:
  - Klicken Sie auf “OK”.
  - Öffnen Sie “Erweiterte Einstellungen”.
  - Falls Ihr Server keine verschlüsselte Verbindung unterstützt, deaktivieren Sie “SSL verwenden”.
  - Ändern Sie “Port” auf “80”.
  - Gehen Sie zurück zu den Account-Informationen und klicken Sie “Speichern”.

Talk

talk with turn coturn-turn-server-fuer-nextcloud-talk

```
sudo apt install coturn
```
```
sudo nano /etc/default/coturn
```
```
TURNSERVER_ENABLED=1
```
```
sudo nano /etc/turnserver.conf
```

listening-port=3478
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=????????
realm=shadownextcloud.duckdns.org
total-quota=100
bps-capacity=0
stale-nonce
no-loopback-peers
no-multicast-peers

```
sudo systemctl edit coturn.service
```
```
[Service]
ExecStartPre=/bin/sleep 30
```
```
sudo service coturn restart
```

High Performance Backend

Doc

opensourceisfun.substack

De

apt install openssh-server unzip wget sudo nano jq

wget -O latest.zip $(wget -q -O - 'https://api.github.com/repos/sunweaver/nextcloud-high-performance-backend-setup/releases/latest' | jq -r '.zipball_url')

unzip latest.zip
cd sunweaver-nextcloud-high-performance-backend-setup-*

```
nano settings.sh
```

# !!! Be careful, this script will be executed by the root user. !!!

# Please have a look at this Wiki page for this file:
# NOTE: It's in german.
# https://github.com/sunweaver/nextcloud-high-performance-backend-setup/wiki/02-Setup-Script

# Dry run (Don't actually alter anything on the system. (except in $TMP_DIR_PATH))
# Leave empty, if you wish that the user will be asked about this.
DRY_RUN=false

# Should the script try to install the high-performance-backend server
# without any user input?
UNATTENDED_INSTALL=true

# General settings
# Leave empty, if you wish that the user will be asked about this.
# You can also specify multiple Nextcloud servers by separating them with commas.
NEXTCLOUD_SERVER_FQDNS="shadownextcloud.duckdns.org"
# Leave empty, if you wish that the user will be asked about this.
SERVER_FQDN="shadowtalk.duckdns.org"

# Only modify if you know what you're doing.
#SSL_CERT_PATH_RSA=""
#SSL_CERT_KEY_PATH_RSA=""
#SSL_CHAIN_PATH_RSA=""
#SSL_CERT_PATH_ECDSA=""
#SSL_CERT_KEY_PATH_ECDSA=""
#SSL_CHAIN_PATH_ECDSA=""
#DHPARAM_PATH=""

# Collabora (Gets asked anyway, except unattended install.)
SHOULD_INSTALL_COLLABORA=true

# Signaling (Gets asked anyway, except unattended install.)
SHOULD_INSTALL_SIGNALING=true

SHOULD_INSTALL_UFW=true
SHOULD_INSTALL_NGINX=true
SHOULD_INSTALL_CERTBOT=true
SHOULD_INSTALL_UNATTENDEDUPGRADES=true
SHOULD_INSTALL_MSMTP=true

# Logfile get created if UNATTENDED_INSTALL is true.
# Leave empty, if you wish that the user will be asked about this.
LOGFILE_PATH="./setup-nextcloud-hpb-$(date +%Y-%m-%dT%H:%M:%SZ).log"

# Configuration gets copied and prepared here before copying them into place.
# This prevents config being broken if something goes wrong.
# Leave empty, if you wish that the user will be asked about this.
TMP_DIR_PATH="./tmp"

# Secrets, passwords and configuration gets saved in this file.
# Leave empty, if you wish that the user will be asked about this.
SECRETS_FILE_PATH="sfp"

# This email address gets passed on to the services the user whiches to install.
# The services (like Certbot) can send email notification for important info.
# Leave empty, if you wish that the user will be asked about this.
EMAIL_USER_ADDRESS="shadowpage@gmx.de"
# The password for the address above. Used to authenticate to the SMTP server.
EMAIL_USER_PASSWORD="22Shadow08!"
# The username to authencicate with. Most likely it will be just the full email
# address. But there are email hoster which require a different username.
EMAIL_USER_USERNAME="shadowpage@gmx.de"
# The SMTP server to send the emails to.
EMAIL_SERVER_HOST="mail.gmx.net"
# The port on which we will try to connect to the SMTP server.
#EMAIL_SERVER_PORT="25"
#EMAIL_SERVER_PORT="587"
EMAIL_SERVER_PORT="465"

# Should the ssh service be disabled?
DISABLE_SSH_SERVER=false

# Should nextcloud-spreed-signaling, nats-server and coturn be built and
# installed from sources?
SIGNALING_BUILD_FROM_SOURCES="yes"

# DNS Resolver. Here a custom DNS server can be specified,
# otherwise the one configured in resolv.conf is used
DNS_RESOLVER="192.168.6.5"

sudo ./setup-nextcloud-hpb.sh settings.sh

help.nextcloud

Signaling Server
Nextcloud Talk unter DietPi Video
- Nextcloud Talk unter DietPi Blog

Backup
Administration Manual
Backup folders
```
rsync -Aavx nextcloud/ nextcloud-dirbkp_`date +"%Y%m%d"`/
```
Backup database SQLite
```
sqlite3 data/owncloud.db .dump > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
```
Backup-Projekt mit rsync – Arbeitsschritte
1. NAS vorbereiten
  - Backup-Ordner anlegen
  - z. B. /Backups/Homelab
2. Backup-Pi (Pi-hole-Pi) vorbereiten
  - restic
```
sudo apt update
sudo apt install restic rsync openssh-client cifs-utils -y
sudo adduser backup
sudo usermod -aG sudo backup
su - backup
```
    NAS-Freigabe
```
sudo mkdir -p /mnt/nas-backup
sudo mount -t cifs //NAS-IP/Backup /mnt/nas-backup \
  -o username=backup
```
  - rsync
  - SSH Keys erzeugen
3. SSH-Zugriff vom Backup-Pi auf DMZ-Server
  - Nextcloud
  - nginx
  - coturn
  - Collabora
4. Nextcloud lokales Backup-Skript bauen
  - maintenance mode an
  - SQLite dump
  - config sichern
  - data sichern
  - maintenance mode aus
5. Backup-Pi Pull-Skript
  - rsync/SSH vom Nextcloud-Pi ziehen
  - später andere Server mit rein
6. restic Repository auf NAS
  - initialisieren
  - Backup-Ziel festlegen
7. Retention definieren
  - 7 täglich
  - 4 wöchentlich
  - 6 monatlich
8. Automatisierung
  - systemd timer oder cron nachts
9. Restore testen
  - einzelne Datei
  - komplette Nextcloud config
10. Dann restliche Server ergänzen
  - nginx
  - letsencrypt
  - coturn
  - docker configs
  - Wiki / TS3 / eBook etc.

Restore

Administration Manual
Restore folders

rsync -Aax nextcloud-dirbkp/ nextcloud/

Restore database SQLite

mysql -h [server] -u [username] -p[password] [db_name] < nextcloud-sqlbkp.bak

Nextcloud Restore mit rsync – kompletter Server

Wichtig: Restore immer zuerst in einen Testordner machen, niemals direkt über das Produktivsystem schreiben.

1. Snapshot anzeigen

restic snapshots \
 --repo /mnt/nas-backup/restic \
 --password-file ~/.restic-pass

2. Kompletten Snapshot wiederherstellen

mkdir -p /mnt/nas-backup/restore-tests/fullrestore
restic restore latest \
 --target /mnt/nas-backup/restore-tests/fullrestore \
 --repo /mnt/nas-backup/restic \
 --password-file ~/.restic-pass

3. Wiederhergestellte Daten finden

ls -lh /mnt/nas-backup/restore-tests/fullrestore/mnt/nas-backup/staging/nextcloud

Dort sollten liegen:

config-db/ – Nextcloud-Konfiguration und SQLite-Dump
data/ – Nextcloud-Datenverzeichnis

4. Daten auf neuen Nextcloud-Pi zurückkopieren

sudo rsync -a /mnt/nas-backup/restore-tests/fullrestore/mnt/nas-backup/staging/nextcloud/data/ \
 /var/www/nextcloud/data/

5. Konfiguration zurückholen

cd /mnt/nas-backup/restore-tests/fullrestore/mnt/nas-backup/staging/nextcloud/config-db
tar -xzf nextcloud-config-*.tar.gz
sudo rsync -a var/www/nextcloud/config/ /var/www/nextcloud/config/

6. Rechte setzen

sudo chown -R www-data:www-data /var/www/nextcloud/config
sudo chown -R www-data:www-data /var/www/nextcloud/data

7. Nextcloud prüfen

cd /var/www/nextcloud
sudo -u www-data php occ status
sudo -u www-data php occ files:scan --all

Hinweis: Bei SQLite kann die Datenbankdatei je nach Setup direkt in /var/www/nextcloud/data/ liegen. Vor einem echten Restore immer Pfade prüfen.

Sicherheits- & Einrichtungswarnungen

Fehlende Inizes

sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices

Impressum, Datenschutz

shadowpage.ydns.eu

Nextcloud

Install PHP

Test

Install apache2

Install MySQL

Setup Nextcloud

Configuration

Setup Nextcloud user

Move Nextcloud’s data folder

Add an external hd

Sicherheits- & Einrichtungswarnungen

Max upload size

Wartungsfenster

NGINX configuration

SSL

OPCache interned strings buffer anpassen

default_phone_region

Login reverse proxy

imagick

Memcache

occ db:add-missing-indices

occ db:convert-type

occ maintenance:repair

Delete Log

E-Mail-Server

iOS synchronisieren

Calendar

Talk

High Performance Backend

Backup

Backup-Projekt mit rsync – Arbeitsschritte

Restore

Nextcloud Restore mit rsync – kompletter Server

1. Snapshot anzeigen

2. Kompletten Snapshot wiederherstellen

3. Wiederhergestellte Daten finden

4. Daten auf neuen Nextcloud-Pi zurückkopieren

5. Konfiguration zurückholen

6. Rechte setzen

7. Nextcloud prüfen

Sicherheits- & Einrichtungswarnungen

Fehlende Inizes