207 lines
5.4 KiB
Markdown
207 lines
5.4 KiB
Markdown
# NextCloud
|
|
|
|
NextCloud in a container. A simple PHP-FPM deployment. You'll need the Web Server container setup to get access. This just gives a very basic, non-web-server version of NextCloud.
|
|
|
|
*NOTE: You may want to use a filesystem on a [USB drive](../hardware/usb-flash-drive.md) instead of /var for the volumes setup in the below Docker command(s) to help reduce writes to the micro sd card*
|
|
|
|
## Inspiration / Sources
|
|
|
|
- [https://github.com/nextcloud/docker](https://github.com/nextcloud/docker)
|
|
- [https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion)
|
|
- [https://hub.docker.com/_/nextcloud/](https://hub.docker.com/_/nextcloud/)
|
|
- [https://hub.docker.com/r/arm64v8/nextcloud/](https://hub.docker.com/r/arm64v8/nextcloud/)
|
|
- [https://hub.docker.com/r/arm32v5/nextcloud/](https://hub.docker.com/r/arm32v5/nextcloud/)
|
|
- [https://hub.docker.com/r/arm32v7/nextcloud/](https://hub.docker.com/r/arm32v7/nextcloud/)
|
|
|
|
## Install / Update / Run Script
|
|
|
|
Setup a generic script that'll auto update NextCloud, build a container and launch it. You should only run this script at first launch and/or when you're looking for updates.
|
|
|
|
``` bash
|
|
|
|
mkdir -p /var/nextcloud/data /var/nextcloud/config
|
|
chown -R www-data: /var/nextcloud
|
|
|
|
wget -O nextcloud.sh https://git.lollipopcloud.solutions/lollipop-docker/misc/raw/branch/master/run_nextcloud.sh
|
|
chmod a+x /scratch/docker/nextcloud.sh
|
|
|
|
```
|
|
|
|
## Run NextCloud
|
|
|
|
Simply execute ```/scratch/docker/nextcloud.sh``` to update/run NextCloud.
|
|
|
|
## Update Unbound
|
|
|
|
``` bash
|
|
|
|
cat > /etc/unbound/local_zone/nextcloud.conf <<EOF
|
|
local-data: "nextcloud-insecure A 172.30.7.7"
|
|
local-data-ptr: "172.30.7.7 nextcloud-insecure"
|
|
local-data: "nextcloud-insecure.domain.tld A 172.30.7.7"
|
|
local-data-ptr: "172.30.7.7 nextcloud-insecure.domain.tld"
|
|
|
|
local-data: "nextcloud A 172.30.0.1"
|
|
local-data: "nextcloud.domain.tld A 172.30.0.1"
|
|
local-data-ptr: "172.30.0.1 nextcloud"
|
|
local-data-ptr: "172.30.0.1 nextcloud.domain.tld"
|
|
EOF
|
|
|
|
```
|
|
|
|
## Serving Via Caddy
|
|
|
|
``` bash
|
|
|
|
cat > /etc/caddy/services/nextcloud.conf <<EOF
|
|
# Nextcloud proxy
|
|
nextcloud.domain.tld {
|
|
tls user@domain.domain.tld
|
|
|
|
redir 301 {
|
|
if {scheme} is http
|
|
/ https://nextcloud.domain.tld{uri}
|
|
}
|
|
|
|
log /var/log/caddy/nextcloud.log
|
|
proxy / https://172.30.7.7 {
|
|
transparent
|
|
websocket
|
|
insecure-skip_verify
|
|
}
|
|
}
|
|
EOF
|
|
|
|
```
|
|
|
|
## First Run / Finalize Setup
|
|
|
|
- Navigate to ```http://nextcloud-insecure.domain.tld```
|
|
- Follow on-screen prompts for finalizing the NextCloud setup
|
|
- Use 172.30.12.12 as postgres IP if using postgres
|
|
- If the gateway times out watch htop for postgres setup to finish then reload the page.
|
|
- Login as Admin
|
|
|
|
## Post Install
|
|
|
|
### Update/Install/Enable Apps
|
|
|
|
#### Enabled Apps
|
|
- Update any apps that are showing as out of date
|
|
|
|
#### Disabled apps
|
|
|
|
- Enable Auditing / Logging app
|
|
- Enable Default encryption module
|
|
- Enable external storage support
|
|
- Enable PDF Viewer
|
|
|
|
#### Customization
|
|
|
|
- Install External sites app
|
|
|
|
#### Files
|
|
|
|
- Install Group folders app
|
|
|
|
#### Office & Text
|
|
|
|
- Enable Calendar app
|
|
- Enable Contacts app
|
|
- Enable Notes app
|
|
- Enable Tasks app
|
|
|
|
#### Organization
|
|
|
|
- Install Annoucement center app
|
|
- Enable bookmarks app
|
|
|
|
#### Security
|
|
|
|
- Enable brute force settings app
|
|
- Enable restrict login to IP addresses app
|
|
- Enable Two Factor TOTP Provider app
|
|
- Enable Two Factor U2F app
|
|
- Enable Two Factory Yubikey
|
|
|
|
#### Social & communication
|
|
|
|
- Enable circles app
|
|
|
|
#### Tools
|
|
|
|
- Enable Impersonate app
|
|
|
|
### Basic Setup
|
|
|
|
#### Adjust default view
|
|
|
|
If you'd like to see the activities view as your default view in NextCloud, edit ```/var/nextcloud/config/config.php``` and add ```'defaultapp' => 'activity',``` to the file.
|
|
|
|
#### Add Cronjob
|
|
|
|
In the settings change from ```Ajax``` for scheduled jobs to ```Cron``` and run the following commands on your device.
|
|
|
|
This will lessen the page loads and keep the cron job constrained to a reasonable duration.
|
|
|
|
``` bash
|
|
|
|
cat > /etc/systemd/system/nextcloudcron.service <<EOF
|
|
[Unit]
|
|
Description=Nextcloud cron.php job
|
|
|
|
[Service]
|
|
User=roo
|
|
ExecStart=/usr/bin/docker exec --user www-data nextcloud php /var/www/html/cron.php
|
|
|
|
[Install]
|
|
WantedBy=basic.target
|
|
EOF
|
|
|
|
cat > /etc/systemd/system/nextcloudcron.timer <<EOF
|
|
[Unit]
|
|
Description=Run Nextcloud cron.php every 90 minutes
|
|
|
|
[Timer]
|
|
OnBootSec=10min
|
|
OnUnitActiveSec=90min
|
|
Unit=nextcloudcron.service
|
|
|
|
[Install]
|
|
WantedBy=timers.target
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
systemctl start nextcloudcron.timer
|
|
systemctl enable nextcloudcron.timer
|
|
|
|
```
|
|
|
|
#### Adjust Sharing settings
|
|
|
|
- Disable ```Allow public uploads```
|
|
- Disable ```Allow users on this server to send shares to other servers```
|
|
- Disable ```Send password by mail```
|
|
|
|
#### Adjust Security settings
|
|
|
|
Recommended Settings (Up to you)
|
|
|
|
- Minimal Length : 12
|
|
- Forbid common passwords
|
|
- Enforce upper and lower case characters
|
|
- Enforce numeric characters
|
|
|
|
### Setup Apps
|
|
|
|
- Setup file encryption : [https://docs.nextcloud.com/server/13/admin_manual/configuration_files/encryption_configuration.html](https://docs.nextcloud.com/server/13/admin_manual/configuration_files/encryption_configuration.html)
|
|
- Setup external sites app as appropriate
|
|
- Setup remaining apps from above
|
|
|
|
### Configure groups (as appropriate)
|
|
|
|
- Create group for standard users
|
|
- Create group folder for the new group (non-syncthing dumping ground for sync)
|
|
- Setup shared contacts list for new group
|
|
- Setup shared calendar for new group
|