Jafner/homelab
1
1
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity

Evaluate Nextcloud #67

New Issue
Closed
opened 2022-10-24 20:17:45 -07:00 by Jafner · 20 comments
Jafner commented 2022-10-24 20:17:45 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

Main installation documentation: https://github.com/nextcloud/all-in-one#how-to-use-this
Reverse proxy readme: https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md

Mostly interested in determining which components are useful. Also need to determine whether it makes more sense to use an all-in-one solution like this, or split out individual components (like WebDAV, VoIP, Drive, etc.)

Main installation documentation: https://github.com/nextcloud/all-in-one#how-to-use-this Reverse proxy readme: https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md Mostly interested in determining which components are useful. Also need to determine whether it makes more sense to use an all-in-one solution like this, or split out individual components (like WebDAV, VoIP, Drive, etc.)
Jafner commented 2022-10-24 20:17:45 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

assigned to @Jafner

assigned to @Jafner
Jafner commented 2022-10-24 20:21:46 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

Probably makes more sense to use Linuxserver's image

Probably makes more sense to use [Linuxserver's image](https://hub.docker.com/r/linuxserver/nextcloud)
Jafner commented 2022-11-02 09:00:10 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

mentioned in commit 85262dc130

mentioned in commit 85262dc1309a896604cca98abb756f95af632afa
Jafner commented 2022-11-02 09:01:43 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

mentioned in commit d28acbbe58

mentioned in commit d28acbbe581d3ea1b5fce84da585012dfd46e1d1
Jafner commented 2022-11-02 09:02:55 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

mentioned in commit 2a5634b9e6

mentioned in commit 2a5634b9e6dc3131def9957a899e51f3092df256
Jafner commented 2022-11-02 10:52:14 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

mentioned in commit 08ffc99e37

mentioned in commit 08ffc99e37e198948b07853c022a2e51a2a87fe7
Jafner commented 2022-11-02 10:59:38 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

mentioned in commit a9185655b2

mentioned in commit a9185655b2fe9f4fe4226d06509df74fba3c0b0b
Jafner commented 2022-11-21 14:56:05 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

mentioned in commit a779a2959f

mentioned in commit a779a2959fed9d6f183cd1bbd8715bb11caaaa95
Jafner commented 2022-11-21 14:57:30 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

mentioned in commit dafe07020c

mentioned in commit dafe07020c700118d9659b01b2a3c3fb812adfe5
Jafner commented 2022-11-21 14:58:36 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

mentioned in commit 85613cb244

mentioned in commit 85613cb244af7e1ff2d0dcfc7fc227cdc238a5e7
Jafner commented 2022-11-23 09:58:14 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

Evaluation: seems pretty sick.
Will close this when we clear out all Nextcloud security & setup warnings:

image

Evaluation: seems pretty sick. Will close this when we clear out all Nextcloud security & setup warnings: ![image](/uploads/1171f4e1c795db38207dfdd7dab34507/image.png)
Jafner commented 2023-01-25 08:35:51 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

Nextcloud has been running at https://nextcloud.jafner.net/ for a couple months now. It is hooked up to Keycloak for SSO. The service works great, with a couple long-term issues that must be resolved:

  • #73 Nextcloud is very picky about storage access permissions. It must have full permissions and all others must have zero permissions.
  • Fix reverse proxy header configuration. Docs
  • Replace SQLite DB with MySQL, MariaDB, or Postgresql. Docs
Nextcloud has been running at https://nextcloud.jafner.net/ for a couple months now. It is hooked up to Keycloak for SSO. The service works great, with a couple long-term issues that must be resolved: - [x] #73 Nextcloud is very picky about storage access permissions. It must have full permissions and all others must have zero permissions. - [x] Fix reverse proxy header configuration. [Docs](https://docs.nextcloud.com/server/25/admin_manual/configuration_server/reverse_proxy_configuration.html) - [x] Replace SQLite DB with MySQL, MariaDB, or Postgresql. [Docs](https://docs.nextcloud.com/server/25/admin_manual/configuration_database/db_conversion.html)
Jafner commented 2023-01-25 09:02:32 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

added #75 as child task

added #75 as child task
Jafner commented 2023-01-25 09:02:52 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

added #76 as child task

added #76 as child task
Jafner commented 2023-01-25 09:03:05 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

added #77 as child task

added #77 as child task
Jafner commented 2023-01-25 12:02:49 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

Jafner.net - Nextcloud Admin Overview
Nextcloud - Converting Database Type
Nextcloud - Reverse Proxy
Linuxserver - Docker Nextcloud
Linuxserver - SWAG Setup

[Jafner.net - Nextcloud Admin Overview](https://nextcloud.jafner.net/settings/admin/overview) [Nextcloud - Converting Database Type](https://docs.nextcloud.com/server/25/admin_manual/configuration_database/db_conversion.html) [Nextcloud - Reverse Proxy](https://docs.nextcloud.com/server/25/admin_manual/configuration_server/reverse_proxy_configuration.html) [Linuxserver - Docker Nextcloud](https://docs.linuxserver.io/images/docker-nextcloud) [Linuxserver - SWAG Setup](https://docs.linuxserver.io/general/swag#nextcloud-subdomain-reverse-proxy-example)
Jafner commented 2023-01-26 16:01:11 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

Migrate Nextcloud DB to MariaDB

  1. Create new MariaDB container: fb93a154
  2. Online the new container. docker-compose down && docker-compose up -d
  3. Run the conversion:
docker exec -it -u 1000 nextcloud_nextcloud bash
cd /config/www/nextcloud
php occ db:convert-type --password="AsCxp6v9DsktXcGR9r4C9er8y2GjNSarBebWarmryBsGCNSAEVfV6wKrTEJBNp26" --all-apps mysql ncuser mariadb nextcloud

At this point, we have successfully converted from SQLite to MariaDB. Rechecking the Nextcloud setup warnings, we see we have a new warning:

MySQL is used as database but does not support 4-byte characters. To be able to handle 4-byte characters (like emojis) without issues in filenames or comments for example it is recommended to enable the 4-byte support in MySQL. For further details read the documentation page about this.

We docker exec -it nextcloud_mariadb sh into the MariaDB container, then cat /config/custom.cnf and look for the line innodb_file_per_table=1, which is already there because we are using the Linuxserver image for MariaDB.

We could verify that this is working by running a mysql command to SHOW VARIABLES LIKE 'innodb_file_per_table';, but since this was the default that is not necesary.

So next we open a shell in the nextcloud container docker exec -it -u 1000 nextcloud_nextcloud bash, navigate into the Nextcloud directory cd /config/www/nextcloud and set the instance into maintenance mode php occ maintenance:mode --on.

Then, we open a shell back in the MariaDB container docker exec -it nextcloud_mariadb sh and open a MySQL session mysql -h mariadb -u ncuser -p nextcloud then enter the password when prompted. Now we can go ahead and change the database character set and collation ALTER DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;. Quit quit;.

Switching back to the nextcloud container, set the mysql.utf8mb4 variable to true php occ config:system:set mysql.utf8mb4 --type boolean --value="true". Then run a repair on the DB php occ maintenance:repair. Disable maintenance mode php occ maintenance:mode --off.

Now we should be able to use Emoji in file names, calendar events, comments, and others. Also that warning should be gone.

## Migrate Nextcloud DB to MariaDB 1. Create new MariaDB container: [fb93a154](https://gitlab.jafner.net/Jafner/homelab/-/commit/fb93a1549673c6b516370e7f2b6fc6acce6d08f8) 2. Online the new container. `docker-compose down && docker-compose up -d` 3. Run the conversion: ``` docker exec -it -u 1000 nextcloud_nextcloud bash cd /config/www/nextcloud php occ db:convert-type --password="AsCxp6v9DsktXcGR9r4C9er8y2GjNSarBebWarmryBsGCNSAEVfV6wKrTEJBNp26" --all-apps mysql ncuser mariadb nextcloud ``` At this point, we have successfully converted from SQLite to MariaDB. Rechecking the Nextcloud setup warnings, we see we have a new warning: > MySQL is used as database but does not support 4-byte characters. To be able to handle 4-byte characters (like emojis) without issues in filenames or comments for example it is recommended to enable the 4-byte support in MySQL. For further details read [the documentation page about this](https://docs.nextcloud.com/server/25/go.php?to=admin-mysql-utf8mb4). We `docker exec -it nextcloud_mariadb sh` into the MariaDB container, then `cat /config/custom.cnf` and look for the line `innodb_file_per_table=1`, which is already there because we are using the Linuxserver image for MariaDB. We could verify that this is working by running a mysql command to `SHOW VARIABLES LIKE 'innodb_file_per_table';`, but since this was the default that is not necesary. So next we open a shell in the nextcloud container `docker exec -it -u 1000 nextcloud_nextcloud bash`, navigate into the Nextcloud directory `cd /config/www/nextcloud` and set the instance into maintenance mode `php occ maintenance:mode --on`. Then, we open a shell back in the MariaDB container `docker exec -it nextcloud_mariadb sh` and open a MySQL session `mysql -h mariadb -u ncuser -p nextcloud` then enter the password when prompted. Now we can go ahead and change the database character set and collation `ALTER DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;`. Quit `quit;`. Switching back to the nextcloud container, set the mysql.utf8mb4 variable to true `php occ config:system:set mysql.utf8mb4 --type boolean --value="true"`. Then run a repair on the DB `php occ maintenance:repair`. Disable maintenance mode `php occ maintenance:mode --off`. Now we should be able to use Emoji in file names, calendar events, comments, and others. Also that warning should be gone.
Jafner commented 2023-01-26 16:01:30 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

Nextcloud Reverse Proxy Header Configuration

https://help.nextcloud.com/t/trusted-reverse-proxy-warning-solved/56761
https://help.nextcloud.com/t/cannot-get-rid-of-the-reverse-proxy-warning/77376/17

After a bunch of trial and error, we got to this state:

$ cat /config/www/nextcloud/config/config.php 
<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'check_data_directory_permissions' => 'false',
  'instanceid' => '*********',
  'passwordsalt' => '***********',
  'secret' => '***********',
  'trusted_domains' => ['nextcloud.jafner.net'],
  'dbtype' => 'mysql',
  'version' => '25.0.0.18',
  'overwrite.cli.url' => 'http://nextcloud.jafner.net',
  'installed' => true,
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'noreply',
  'mail_domain' => 'jafner.net',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.gmail.com',
  'mail_smtpport' => '465',
  'mail_smtpname' => 'noreply@jafner.net',
  'mail_smtppassword' => '*************',
  'trusted_proxies' => ['172.18.0.31'],
  'overwritehost' => 'nextcloud.jafner.net',
  'overwriteprotocol' => 'https',
  'social_login_auto_redirect' => 'true',
  'default_phone_region' => 'US',
  'maintenance' => false,
  'dbname' => 'nextcloud',
  'dbhost' => 'mariadb',
  'dbuser' => 'ncuser',
  'dbpassword' => '****************************',
  'mysql.utf8mb4' => true,
);

Where 172.18.0.31 is the IP of the Traefik container on the web docker network on which internet traffic is routed through Traefik to Nextcloud.

I've also set Traefik to use this IP explicitly.

## Nextcloud Reverse Proxy Header Configuration https://help.nextcloud.com/t/trusted-reverse-proxy-warning-solved/56761 https://help.nextcloud.com/t/cannot-get-rid-of-the-reverse-proxy-warning/77376/17 After a bunch of trial and error, we got to this state: ``` $ cat /config/www/nextcloud/config/config.php <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'check_data_directory_permissions' => 'false', 'instanceid' => '*********', 'passwordsalt' => '***********', 'secret' => '***********', 'trusted_domains' => ['nextcloud.jafner.net'], 'dbtype' => 'mysql', 'version' => '25.0.0.18', 'overwrite.cli.url' => 'http://nextcloud.jafner.net', 'installed' => true, 'mail_smtpmode' => 'smtp', 'mail_smtpsecure' => 'ssl', 'mail_sendmailmode' => 'smtp', 'mail_from_address' => 'noreply', 'mail_domain' => 'jafner.net', 'mail_smtpauthtype' => 'LOGIN', 'mail_smtpauth' => 1, 'mail_smtphost' => 'smtp.gmail.com', 'mail_smtpport' => '465', 'mail_smtpname' => 'noreply@jafner.net', 'mail_smtppassword' => '*************', 'trusted_proxies' => ['172.18.0.31'], 'overwritehost' => 'nextcloud.jafner.net', 'overwriteprotocol' => 'https', 'social_login_auto_redirect' => 'true', 'default_phone_region' => 'US', 'maintenance' => false, 'dbname' => 'nextcloud', 'dbhost' => 'mariadb', 'dbuser' => 'ncuser', 'dbpassword' => '****************************', 'mysql.utf8mb4' => true, ); ``` Where `172.18.0.31` is the IP of the Traefik container on the `web` docker network on which internet traffic is routed through Traefik to Nextcloud. I've also [set Traefik to use this IP explicitly](https://gitlab.jafner.net/Jafner/homelab/-/commit/2ad17a292cb00b5a5f8b5b74994df7b44317558c).
Jafner commented 2023-01-26 23:53:16 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

added #78 as child task

added #78 as child task
Jafner commented 2023-01-27 00:14:04 -08:00 (Migrated from gitlab.jafner.net)
Copy Link

We have set up a cron job to run rsync -au /mnt/data/nextcloud/ /mnt/nas/backups/Binary/Nextcloud daily at midnight.

And with that, I believe this issue is closed.

We have set up a cron job to run `rsync -au /mnt/data/nextcloud/ /mnt/nas/backups/Binary/Nextcloud` daily at midnight. And with that, I believe this issue is closed.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Jafner/homelab#67
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?