NextCloud Configuration

All docs related to NextCloud configuration

[How-To] Configure Nextcloud after Installation

Purpose

This document aims to make config adjustments to get ride of all errors in Nextcloud after initial installation and setup. 

Prerequisites

List of prerequisites:

Nextcloud Configuration 

Step 1: Configure Nextcloud Config.php

First, run the following to change to the correct directory:

cd /var/www/nextcloud/config

Next, run the following command to install redis:

sudo apt update
sudo apt install redis-server php-redis

Now, run this command to enable redis on startup:

sudo systemctl enable redis-server

Next, run the following command to edit the config.php file:

sudo nano config.php

Once in the file, work off of this below golden image, making sure not to change anything values already set that are *** out of this golden config:

<?php
$CONFIG = array (
  'instanceid' => '******',
  'passwordsalt' => '******',
  'secret' => '******',
  'trusted_domains' =>
  array (
    0 => 'cloud.dev.stretchpowered.com',
  ),
  'trusted_proxies' =>
  array (
    0 => '10.10.30.100',
  ),
  'overwritehost' => 'cloud.dev.stretchpowered.com',
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '29.0.2.2',
  'overwrite.cli.url' => 'https://cloud.dev.stretchpowered.com',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud_db',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextclouduser',
  'dbpassword' => '******',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => [
    'host' => 'localhost',
    'port' => 6379,
    // Optional for password-protected Redis instances
    // 'password' => '******',
    'timeout' => 0.0,
    'read_timeout' => 0.0,
    'dbindex' => 0,
],
  'default_phone_region' => 'US',
  'mail_from_address' => 'nextcloud-leffringo',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'outlook.com',
  'mail_smtphost' => 'smtp-mail.outlook.com',
  'mail_smtpport' => '587',
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'nextcloud-leffringo@outlook.com',
  'mail_smtppassword' => '******',
  'maintenance_window_start' => 7,
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
);

Next, run the following command to restart Apache web server:

sudo systemctl restart apache2

Once you've made all the changes to match the golden config, move on to step 2.

Step 2: Configure Apache2 nextcloud.conf

Run the following command to go to the correct directory:

cd /etc/apache2/sites-available

Run the following command to edit the nextcloud.conf file:

sudo nano nextcloud.conf

Make the following changes if anything is different, being careful not to mess with domain settings for the environment you are working with:

<VirtualHost *:80>
    ServerName cloud.dev.stretchpowered.com
    DocumentRoot /var/www/nextcloud/

    # log files
    ErrorLog /var/log/apache2/cloud.dev.stretchpowered.com-error.log
    CustomLog /var/log/apache2/cloud.dev.stretchpowered.com-access.log combined

    <Directory /var/www/nextcloud/>
        Options +FollowSymlinks
        AllowOverride All

        <IfModule mod_dav.c>
            Dav off
        </IfModule>

        SetEnv HOME /var/www/nextcloud
        SetEnv HTTP_HOME /var/www/nextcloud
    </Directory>
</VirtualHost>

Once you've matched the golden config, move on to step 3.

Step 3: Configure .htaccess Config

Run the following command to change to the correct directory:

cd /var/www/nextcloud

Run the following command to enable mod_rewrite on apache2:

sudo a2enmod rewrite

Run the following command to edit the config file:

sudo nano .htaccess

Most of this document default is fine, just scroll down toward the bottom and add lines missing from this section:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^ocm-provider/?$ index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

Once you have added these missing lines, move on to step 4.

Step 4: Configure nginx reverse proxy config

Run the following command to change to the correct directory (on the reverse proxy nginx box, not nextcloud):

cd /etc/nginx/conf.d

Run the following command to edit the correct conf file name:

sudo nano cloud.dev.stretchpowered.com.conf

Match this config with the items below, making sure not to mess with the SSL and domain settings you already have specific to the environment. 

server {
        server_name cloud.dev.stretchpowered.com;
        client_max_body_size 64000m;
        location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.30.20.151:80;

        # Adjusted timeout settings
        proxy_connect_timeout 600s;
        proxy_send_timeout 600s;
        proxy_read_timeout 600s;
        send_timeout 600s;

        # Adjusted buffer settings
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
        proxy_temp_file_write_size 256k;
        }

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/cloud.dev.stretchpowered.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cloud.dev.stretchpowered.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = cloud.dev.stretchpowered.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        server_name cloud.dev.stretchpowered.com;
    return 404; # managed by Certbot


}

Once you've matched these to the golden config, move on to step 5.

Step 5: Configure apcu Config

First lets make sure apcu is running under the correct version of PHP:

php -m | grep apcu

This should return the word apcu. Once you have that confirmed, run the following to edit the config:

sudo nano /etc/php/8.2/mods-available/apcu.ini

Once editing, add the following lines:

extension=apcu.so
apc.enable_cli=1

Save and exit that config file. Then, run the following to enable the apcu module for PHP 8.2:

sudo phpenmod apcu

Then, restart the web server:

sudo systemctl restart apache2

Then, if you have this error or just as a good check, run this command to make sure no database entries are missing:

sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices

That is it for this step, move on to step 6.

Step 6: Clear Nextcloud Error Log

Run the following command to become root as you need to be for this:

sudo su -l

Run the following command to change to the correct directory:

cd /var/www/nextcloud/data

Run the following command to remove the nextcloud config file:

rm -f nextcloud.log

With that, you've completed the initial config. Refresh your nextcloud instance in browser on admin tab to see if you have the famous green check mark. 

[How-To] Move Nextcloud Data Directory

Purpose

The purpose of this document is to show how to move the data directory of a nextcloud server. 

Prerequisites

List of prerequisites:

Data Directory Move

Step 1: Shut Down Nextcloud Web Server

First, we need to stop Apache so nextcloud is not active. Do this with the following command:

sudo systemctl stop apache2

Step 2: Move Data Directory Contents

Next, we have to move the contents of the data directory. First, become root:

sudo su -l

Then, use the copy command to move everything from the original dir to the target dir for new data:

cp -r /var/www/nextcloud/data /mnt/nc-data/

Step 3: Change Data Directory in Nextcloud Config

Next, change the data directory in the nextcloud config:

sudo nano /var/www/nextcloud/config/config.php
'datadirectory' => '/mnt/nc-data/data',

Around line 15, you should see like above, change this to the new data directory.

Step 4: Change Owner Permissions

Next, we need to update www-data to be the owner of the new data dir:

sudo chown -R www-data:www-data /mnt/nc-data/data

Step 5: Start Nextcloud Web Server

Finally, start the nextcloud web server for the first time with the new data directory:

sudo systemctl start apache2

Once the web server has started, try to browse to the URL. If everything is good, you'll get to login page. If it says something about a file not existing, you've not done things in order. After getting past login, go to admin settings to check for errors. It will likely complain about the cronjob not being able to run. Just run it manually once like this then it should be good going forward:

sudo -u www-data php -f /var/www/nextcloud/cron.php

Once everything is good to go with no errors and you have backups, remove the old data directory:

sudo rm -rf /var/www/nextcloud/data

[How-To] Add LDAP/AD Authentication to Nextcloud

Purpose

This will show you how to add LDAP/AD auth to the nextcloud server. 

Prerequisites

List of prerequisites:

LDAP Implementation

Step 1: Update and Install Modules

Run this line to update your server CLI side:

sudo apt update

Now run this command to install the php-ldap module:

sudo apt install php-ldap -y

Next, reload Apache so that the updated library can be exposed to Nextcloud:

sudo systemctl reload apache2

Now you have the needed mods and can move on to GUI steps.

Step 2: Add the LDAP App in the GUI

First, browse to your Nextcloud Instance in web UI. Log in and go to administrative settings in the top right corner. Then, browse to disabled apps. Look for "LDAP user and group backend" and enable it. 

Step 3: Configure the LDAP App

After you enable the app, in the admin tab, you'll see "LDAP/AD Integration", select it. There are 4 tabs to configure:

  1. The first tab is the Server tab. It will set up what LDAP/AD servers you are pointing to. Use the IP address or the DNS name for each DC, and add them as separate servers with the plus button. Once they are added, add an account dedicated to servicing user lookups for this app and its password. Then finally, add a Base DN for user lookup. 
  2. The second tab is for user configuration. Everything here can be left default.
  3. The third tab is for configuring Login Attributes. The only thing to change here is to to check the email box and the username to allow users to sign in with either option. 
  4. The fourth tab is to configure security groups for nextcloud users. Use the drop-down to select the group and hit save. Make sure the configuration shows as OK and green status.