NextCloud Configuration
All docs related to NextCloud configuration
- [How-To] Configure Nextcloud after Installation
- [How-To] Move Nextcloud Data Directory
- [How-To] Add LDAP/AD Authentication to Nextcloud
[How-To] Configure Nextcloud after Installation
Purpose
This document aims to make config adjustments to get ride of all errors in Nextcloud after initial installation and setup.
Prerequisites
List of prerequisites:
- Root user or sudo user
- Nextcloud Server
Nextcloud Configuration
Step 1: Configure Nextcloud Config.php
First, run the following to change to the correct directory:
cd /var/www/nextcloud/config
Next, run the following command to install redis:
sudo apt update
sudo apt install redis-server php-redis
Now, run this command to enable redis on startup:
sudo systemctl enable redis-server
Next, run the following command to edit the config.php file:
sudo nano config.php
Once in the file, work off of this below golden image, making sure not to change anything values already set that are *** out of this golden config:
<?php
$CONFIG = array (
'instanceid' => '******',
'passwordsalt' => '******',
'secret' => '******',
'trusted_domains' =>
array (
0 => 'cloud.dev.stretchpowered.com',
),
'trusted_proxies' =>
array (
0 => '10.10.30.100',
),
'overwritehost' => 'cloud.dev.stretchpowered.com',
'datadirectory' => '/var/www/nextcloud/data',
'dbtype' => 'mysql',
'version' => '29.0.2.2',
'overwrite.cli.url' => 'https://cloud.dev.stretchpowered.com',
'overwriteprotocol' => 'https',
'dbname' => 'nextcloud_db',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextclouduser',
'dbpassword' => '******',
'installed' => true,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => [
'host' => 'localhost',
'port' => 6379,
// Optional for password-protected Redis instances
// 'password' => '******',
'timeout' => 0.0,
'read_timeout' => 0.0,
'dbindex' => 0,
],
'default_phone_region' => 'US',
'mail_from_address' => 'nextcloud-leffringo',
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_domain' => 'outlook.com',
'mail_smtphost' => 'smtp-mail.outlook.com',
'mail_smtpport' => '587',
'mail_smtpauth' => 1,
'mail_smtpname' => 'nextcloud-leffringo@outlook.com',
'mail_smtppassword' => '******',
'maintenance_window_start' => 7,
'maintenance' => false,
'theme' => '',
'loglevel' => 2,
);
Next, run the following command to restart Apache web server:
sudo systemctl restart apache2
Once you've made all the changes to match the golden config, move on to step 2.
Step 2: Configure Apache2 nextcloud.conf
Run the following command to go to the correct directory:
cd /etc/apache2/sites-available
Run the following command to edit the nextcloud.conf file:
sudo nano nextcloud.conf
Make the following changes if anything is different, being careful not to mess with domain settings for the environment you are working with:
<VirtualHost *:80>
ServerName cloud.dev.stretchpowered.com
DocumentRoot /var/www/nextcloud/
# log files
ErrorLog /var/log/apache2/cloud.dev.stretchpowered.com-error.log
CustomLog /var/log/apache2/cloud.dev.stretchpowered.com-access.log combined
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
</VirtualHost>
Once you've matched the golden config, move on to step 3.
Step 3: Configure .htaccess Config
Run the following command to change to the correct directory:
cd /var/www/nextcloud
Run the following command to enable mod_rewrite on apache2:
sudo a2enmod rewrite
Run the following command to edit the config file:
sudo nano .htaccess
Most of this document default is fine, just scroll down toward the bottom and add lines missing from this section:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} DavClnt
RewriteRule ^$ /remote.php/webdav/ [L,R=302]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
RewriteRule ^remote/(.*) remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
RewriteRule ^ocm-provider/?$ index.php [QSA,L]
RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
Once you have added these missing lines, move on to step 4.
Step 4: Configure nginx reverse proxy config
Run the following command to change to the correct directory (on the reverse proxy nginx box, not nextcloud):
cd /etc/nginx/conf.d
Run the following command to edit the correct conf file name:
sudo nano cloud.dev.stretchpowered.com.conf
Match this config with the items below, making sure not to mess with the SSL and domain settings you already have specific to the environment.
server {
server_name cloud.dev.stretchpowered.com;
client_max_body_size 64000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.30.20.151:80;
# Adjusted timeout settings
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
send_timeout 600s;
# Adjusted buffer settings
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cloud.dev.stretchpowered.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cloud.dev.stretchpowered.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = cloud.dev.stretchpowered.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name cloud.dev.stretchpowered.com;
return 404; # managed by Certbot
}
Once you've matched these to the golden config, move on to step 5.
Step 5: Configure apcu Config
First lets make sure apcu is running under the correct version of PHP:
php -m | grep apcu
This should return the word apcu. Once you have that confirmed, run the following to edit the config:
sudo nano /etc/php/8.2/mods-available/apcu.ini
Once editing, add the following lines:
extension=apcu.so
apc.enable_cli=1
Save and exit that config file. Then, run the following to enable the apcu module for PHP 8.2:
sudo phpenmod apcu
Then, restart the web server:
sudo systemctl restart apache2
Then, if you have this error or just as a good check, run this command to make sure no database entries are missing:
sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices
That is it for this step, move on to step 6.
Step 6: Clear Nextcloud Error Log
Run the following command to become root as you need to be for this:
sudo su -l
Run the following command to change to the correct directory:
cd /var/www/nextcloud/data
Run the following command to remove the nextcloud config file:
rm -f nextcloud.log
With that, you've completed the initial config. Refresh your nextcloud instance in browser on admin tab to see if you have the famous green check mark.
[How-To] Move Nextcloud Data Directory
Purpose
The purpose of this document is to show how to move the data directory of a nextcloud server.
Prerequisites
List of prerequisites:
- Root user or sudo user
- Nextcloud Server
Data Directory Move
Step 1: Shut Down Nextcloud Web Server
First, we need to stop Apache so nextcloud is not active. Do this with the following command:
sudo systemctl stop apache2
Step 2: Move Data Directory Contents
Next, we have to move the contents of the data directory. First, become root:
sudo su -l
Then, use the copy command to move everything from the original dir to the target dir for new data:
cp -r /var/www/nextcloud/data /mnt/nc-data/
Step 3: Change Data Directory in Nextcloud Config
Next, change the data directory in the nextcloud config:
sudo nano /var/www/nextcloud/config/config.php
'datadirectory' => '/mnt/nc-data/data',
Around line 15, you should see like above, change this to the new data directory.
Step 4: Change Owner Permissions
Next, we need to update www-data to be the owner of the new data dir:
sudo chown -R www-data:www-data /mnt/nc-data/data
Step 5: Start Nextcloud Web Server
Finally, start the nextcloud web server for the first time with the new data directory:
sudo systemctl start apache2
Once the web server has started, try to browse to the URL. If everything is good, you'll get to login page. If it says something about a file not existing, you've not done things in order. After getting past login, go to admin settings to check for errors. It will likely complain about the cronjob not being able to run. Just run it manually once like this then it should be good going forward:
sudo -u www-data php -f /var/www/nextcloud/cron.php
Once everything is good to go with no errors and you have backups, remove the old data directory:
sudo rm -rf /var/www/nextcloud/data
[How-To] Add LDAP/AD Authentication to Nextcloud
Purpose
This will show you how to add LDAP/AD auth to the nextcloud server.
Prerequisites
List of prerequisites:
- Root user or sudo user
- Nextcloud Server
LDAP Implementation
Step 1: Update and Install Modules
Run this line to update your server CLI side:
sudo apt update
Now run this command to install the php-ldap module:
sudo apt install php-ldap -y
Next, reload Apache so that the updated library can be exposed to Nextcloud:
sudo systemctl reload apache2
Now you have the needed mods and can move on to GUI steps.
Step 2: Add the LDAP App in the GUI
First, browse to your Nextcloud Instance in web UI. Log in and go to administrative settings in the top right corner. Then, browse to disabled apps. Look for "LDAP user and group backend" and enable it.
Step 3: Configure the LDAP App
After you enable the app, in the admin tab, you'll see "LDAP/AD Integration", select it. There are 4 tabs to configure:
- The first tab is the Server tab. It will set up what LDAP/AD servers you are pointing to. Use the IP address or the DNS name for each DC, and add them as separate servers with the plus button. Once they are added, add an account dedicated to servicing user lookups for this app and its password. Then finally, add a Base DN for user lookup.
- The second tab is for user configuration. Everything here can be left default.
- The third tab is for configuring Login Attributes. The only thing to change here is to to check the email box and the username to allow users to sign in with either option.
- The fourth tab is to configure security groups for nextcloud users. Use the drop-down to select the group and hit save. Make sure the configuration shows as OK and green status.