2018-08-16 18:30:16 +00:00
# NextCloud
NextCloud in a container. A simple PHP-FPM deployment. You'll need the Web Server container setup to get access. This just gives a very basic, non-web-server version of NextCloud.
2019-01-29 05:55:31 +00:00
*NOTE: You may want to use a filesystem on a [USB drive ](../hardware/usb-flash-drive.md ) instead of /var for the volumes setup in the below Docker command(s) to help reduce writes to the micro sd card*
2018-08-16 18:30:16 +00:00
## Inspiration / Sources
- [https://github.com/nextcloud/docker ](https://github.com/nextcloud/docker )
- [https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion ](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion )
- [https://hub.docker.com/_/nextcloud/ ](https://hub.docker.com/_/nextcloud/ )
- [https://hub.docker.com/r/arm64v8/nextcloud/ ](https://hub.docker.com/r/arm64v8/nextcloud/ )
- [https://hub.docker.com/r/arm32v5/nextcloud/ ](https://hub.docker.com/r/arm32v5/nextcloud/ )
- [https://hub.docker.com/r/arm32v7/nextcloud/ ](https://hub.docker.com/r/arm32v7/nextcloud/ )
## Install / Update / Run Script
Setup a generic script that'll auto update NextCloud, build a container and launch it. You should only run this script at first launch and/or when you're looking for updates.
``` bash
2019-01-18 18:37:42 +00:00
mkdir -p /var/nextcloud/data /var/nextcloud/config
2018-09-17 23:12:53 +00:00
chown -R www-data: /var/nextcloud
2018-08-16 18:30:16 +00:00
2019-03-03 19:07:34 +00:00
wget -O nextcloud.sh https://git.lollipopcloud.solutions/lollipop-docker/misc/raw/branch/master/run_nextcloud.sh
2018-09-17 23:12:53 +00:00
chmod a+x /scratch/docker/nextcloud.sh
2018-08-16 18:30:16 +00:00
```
## Run NextCloud
2018-09-17 23:12:53 +00:00
Simply execute ```/scratch/docker/nextcloud.sh``` to update/run NextCloud.
2018-08-16 18:30:16 +00:00
## Update Unbound
``` bash
cat > /etc/unbound/local_zone/nextcloud.conf < < EOF
local-data: "nextcloud-insecure A 172.30.7.7"
local-data-ptr: "172.30.7.7 nextcloud-insecure"
local-data: "nextcloud-insecure.domain.tld A 172.30.7.7"
local-data-ptr: "172.30.7.7 nextcloud-insecure.domain.tld"
local-data: "nextcloud A 172.30.0.1"
local-data: "nextcloud.domain.tld A 172.30.0.1"
local-data-ptr: "172.30.0.1 nextcloud"
local-data-ptr: "172.30.0.1 nextcloud.domain.tld"
EOF
```
## Serving Via Caddy
``` bash
cat > /etc/caddy/services/nextcloud.conf < < EOF
# Nextcloud proxy
2019-01-15 20:35:56 +00:00
nextcloud.domain.tld {
tls user@domain.domain.tld
2018-08-16 18:30:16 +00:00
redir 301 {
if {scheme} is http
/ https://nextcloud.domain.tld{uri}
}
log /var/log/caddy/nextcloud.log
2019-01-18 18:37:42 +00:00
proxy / https://172.30.7.7 {
2018-08-16 18:30:16 +00:00
transparent
2019-01-18 18:37:42 +00:00
websocket
insecure-skip_verify
2018-08-16 18:30:16 +00:00
}
}
EOF
```
## First Run / Finalize Setup
- Navigate to ```http://nextcloud-insecure.domain.tld```
- Follow on-screen prompts for finalizing the NextCloud setup
2019-01-18 18:37:42 +00:00
- Use 172.30.12.12 as postgres IP if using postgres
- If the gateway times out watch htop for postgres setup to finish then reload the page.
2018-08-16 18:30:16 +00:00
- Login as Admin
## Post Install
### Update/Install/Enable Apps
#### Enabled Apps
- Update any apps that are showing as out of date
#### Disabled apps
- Enable Auditing / Logging app
- Enable Default encryption module
- Enable external storage support
- Enable PDF Viewer
#### Customization
- Install External sites app
#### Files
- Install Group folders app
#### Office & Text
- Enable Calendar app
- Enable Contacts app
- Enable Notes app
- Enable Tasks app
#### Organization
- Install Annoucement center app
- Enable bookmarks app
#### Security
- Enable brute force settings app
- Enable restrict login to IP addresses app
- Enable Two Factor TOTP Provider app
- Enable Two Factor U2F app
- Enable Two Factory Yubikey
#### Social & communication
- Enable circles app
#### Tools
- Enable Impersonate app
### Basic Setup
#### Adjust default view
If you'd like to see the activities view as your default view in NextCloud, edit ```/var/nextcloud/config/config.php``` and add ```'defaultapp' => 'activity',``` to the file.
#### Add Cronjob
In the settings change from ```Ajax``` for scheduled jobs to ```Cron``` and run the following commands on your device.
This will lessen the page loads and keep the cron job constrained to a reasonable duration.
``` bash
cat > /etc/systemd/system/nextcloudcron.service < < EOF
[Unit]
Description=Nextcloud cron.php job
[Service]
User=roo
ExecStart=/usr/bin/docker exec --user www-data nextcloud php /var/www/html/cron.php
[Install]
WantedBy=basic.target
EOF
cat > /etc/systemd/system/nextcloudcron.timer < < EOF
[Unit]
Description=Run Nextcloud cron.php every 90 minutes
[Timer]
OnBootSec=10min
OnUnitActiveSec=90min
Unit=nextcloudcron.service
[Install]
WantedBy=timers.target
EOF
systemctl daemon-reload
systemctl start nextcloudcron.timer
systemctl enable nextcloudcron.timer
```
#### Adjust Sharing settings
- Disable ```Allow public uploads```
- Disable ```Allow users on this server to send shares to other servers```
- Disable ```Send password by mail```
#### Adjust Security settings
Recommended Settings (Up to you)
- Minimal Length : 12
- Forbid common passwords
- Enforce upper and lower case characters
- Enforce numeric characters
### Setup Apps
- Setup file encryption : [https://docs.nextcloud.com/server/13/admin_manual/configuration_files/encryption_configuration.html ](https://docs.nextcloud.com/server/13/admin_manual/configuration_files/encryption_configuration.html )
- Setup external sites app as appropriate
- Setup remaining apps from above
### Configure groups (as appropriate)
- Create group for standard users
- Create group folder for the new group (non-syncthing dumping ground for sync)
- Setup shared contacts list for new group
- Setup shared calendar for new group
