lollipopcloud/services/nextcloud.md

NextCloud

NextCloud in a container. A simple PHP-FPM deployment. You'll need the Web Server container setup to get access. This just gives a very basic, non-web-server version of NextCloud.

NOTE: You may want to use a filesystem on a USB drive instead of /var for the volumes setup in the below Docker command(s) to help reduce writes to the micro sd card

Inspiration / Sources

• https://github.com/nextcloud/docker
• https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion
• https://hub.docker.com/_/nextcloud/
• https://hub.docker.com/r/arm64v8/nextcloud/
• https://hub.docker.com/r/arm32v5/nextcloud/
• https://hub.docker.com/r/arm32v7/nextcloud/

Install / Update / Run Script

Setup a generic script that'll auto update NextCloud, build a container and launch it. You should only run this script at first launch and/or when you're looking for updates.

mkdir -p /var/nextcloud/data /var/nextcloud/config
chown -R www-data: /var/nextcloud

wget -O nextcloud.sh https://git.lollipopcloud.solutions/lollipop-docker/misc/raw/branch/master/run_nextcloud.sh
chmod a+x /scratch/docker/nextcloud.sh

Run NextCloud

Simply execute /scratch/docker/nextcloud.sh to update/run NextCloud.

Update Unbound

cat > /etc/unbound/local_zone/nextcloud.conf <<EOF
local-data: "nextcloud-insecure A 172.30.7.7"
local-data-ptr: "172.30.7.7 nextcloud-insecure"
local-data: "nextcloud-insecure.domain.tld A 172.30.7.7"
local-data-ptr: "172.30.7.7 nextcloud-insecure.domain.tld"

local-data: "nextcloud A 172.30.0.1"
local-data: "nextcloud.domain.tld A 172.30.0.1"
local-data-ptr: "172.30.0.1 nextcloud"
local-data-ptr: "172.30.0.1 nextcloud.domain.tld"
EOF

Serving Via Caddy

cat > /etc/caddy/services/nextcloud.conf <<EOF
# Nextcloud proxy
nextcloud.domain.tld {
    tls user@domain.domain.tld
    
    redir 301 {
        if {scheme} is http
        /  https://nextcloud.domain.tld{uri}
    }

    log /var/log/caddy/nextcloud.log
    proxy / https://172.30.7.7 {
        transparent
        websocket
        insecure-skip_verify
    }
}
EOF

First Run / Finalize Setup

• Navigate to http://nextcloud-insecure.domain.tld
• Follow on-screen prompts for finalizing the NextCloud setup
  • Use 172.30.12.12 as postgres IP if using postgres
  • If the gateway times out watch htop for postgres setup to finish then reload the page.
• Login as Admin

Post Install

Update/Install/Enable Apps

Enabled Apps

• Update any apps that are showing as out of date

Disabled apps

• Enable Auditing / Logging app
• Enable Default encryption module
• Enable external storage support
• Enable PDF Viewer

Customization

• Install External sites app

Files

• Install Group folders app

Office & Text

• Enable Calendar app
• Enable Contacts app
• Enable Notes app
• Enable Tasks app

Organization

• Install Annoucement center app
• Enable bookmarks app

Security

• Enable brute force settings app
• Enable restrict login to IP addresses app
• Enable Two Factor TOTP Provider app
• Enable Two Factor U2F app
• Enable Two Factory Yubikey

Social & communication

• Enable circles app

Tools

• Enable Impersonate app

Basic Setup

Adjust default view

If you'd like to see the activities view as your default view in NextCloud, edit /var/nextcloud/config/config.php and add 'defaultapp' => 'activity', to the file.

Add Cronjob

In the settings change from Ajax for scheduled jobs to Cron and run the following commands on your device.

This will lessen the page loads and keep the cron job constrained to a reasonable duration.

cat > /etc/systemd/system/nextcloudcron.service <<EOF
[Unit]
Description=Nextcloud cron.php job

[Service]
User=roo
ExecStart=/usr/bin/docker exec --user www-data nextcloud php /var/www/html/cron.php

[Install]
WantedBy=basic.target
EOF

cat > /etc/systemd/system/nextcloudcron.timer <<EOF
[Unit]
Description=Run Nextcloud cron.php every 90 minutes

[Timer]
OnBootSec=10min
OnUnitActiveSec=90min
Unit=nextcloudcron.service

[Install]
WantedBy=timers.target
EOF

systemctl daemon-reload
systemctl start nextcloudcron.timer
systemctl enable nextcloudcron.timer

Adjust Sharing settings

• Disable Allow public uploads
• Disable Allow users on this server to send shares to other servers
• Disable Send password by mail

Adjust Security settings

Recommended Settings (Up to you)

• Minimal Length : 12
• Forbid common passwords
• Enforce upper and lower case characters
• Enforce numeric characters

Setup Apps

• Setup file encryption : https://docs.nextcloud.com/server/13/admin_manual/configuration_files/encryption_configuration.html
• Setup external sites app as appropriate
• Setup remaining apps from above

Configure groups (as appropriate)

• Create group for standard users
• Create group folder for the new group (non-syncthing dumping ground for sync)
• Setup shared contacts list for new group
• Setup shared calendar for new group