stephanphoto

Nextcloud auf einem KVM Server installieren

nextcloud logoVorteile einer eigenen Nextcloud ist es, das die Daten in deiner Hand sind. Du kannst neben dem Storege auch Daten zwischen deinen Endgeräten austauschen und deinen Kalender selber hosten.

Mein System: Debian 12, MariaDB, nginx mit php-fpm, PHP8.3

Bevor es los geht sollte folgendes gemacht werden:

Nginx, PHP und notwendige Programme installieren

apt install ngnix php-fpm mariadb-server imagemagick wget unzip nano php8.3-xml php8.3-cli php8.3-cgi php8.3-mysql php8.3-mbstring php8.3-gd php8.3-curl php8.3-zip php8.3-imagick php8.3-apcu php8.3-apcu php8.3-intl php8.3-bcmath php8.3-gmp php8.3-zip php-dompdf php8.3-xml php8.3-mbstring php8.3-gd php8.3-curl php8.3-imagick libmagickcore-6.q16-6-extra php8.3-intl php8.3-bcmath php8.3-gmp php8.3-cli php8.3-mysql php8.3-zip php8.3-gd  php8.3-mbstring php8.3-curl php8.3-xml php-pear php8.3-apcu php8.3-redis php8.3-smbclient php8.3-ldap php8.3-bz2 

GeoIP installieren

apt install geoip-bin

Einrichtung MariaDB
Es muss eine Datenbank mit User und Passwort für die Nextcloud erstellt werden.

mysql -u root -p

create database nextcloud;
create user nextcloudadmin@localhost identified by '<PASSWORT>';
grant all privileges on nextcloud.* to nextcloudadmin@localhost identified by '<PASSWORT>';
flush privileges;
exit;

oder

MariaDB [(none)]> create database nextcloud;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create user nextcloudadmin@localhost identified by '<PASSWORT>';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nextcloud.* to nextcloudadmin@localhost identified by '<PASSWORT>';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit;

Nginx einrichten

nano /etc/nginx/sites-available/nextcloud

server {
    if ($host = <URL>) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;
    server_name <URL>;

    # let Let's Encrypt access via HTTP so get SSL certs
    location ^~ /.well-known/acme-challenge/ {
            root /var/www/nextcloud;
    }

    # enforce https
    location / {
        return 301 https://$server_name$request_uri;
    }


}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name <URL>;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    # NOTE: some settings below might be redundant
    ssl_certificate /etc/letsencrypt/live/<URL>-0003/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/<URL>-0003/privkey.pem; # managed by Certbot

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "noindex, nofollow" always;
    add_header X-XSS-Protection "1; mode=block" always;


    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    #Mimetypes
    include /etc/nginx/mime.types;

    # Path to the root of your installation
    root /www/htdocs/w0105613/cloudsvrde;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

    # The following rule is only needed for the Social app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;

    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }


    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    location / {rewrite ^ /index.php;}

    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    }
    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;
        # Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        # Enable pretty urls
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    #location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
    #    try_files $uri/ =404;
    #    index index.php;
    #}

    # Adding the cache control header for js, css and map files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "noindex, nofollow" always;
        add_header X-XSS-Protection "1; mode=block" always;

        # Optional: Don't log access to assets
        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
        try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
        access_log off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
       try_files $uri/ =404;
       index index.php;

    }

}

Das ganze noch aktivieren
ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/nextcloud

Nginx testen und neu starten
nginx -t
service nginx restart

 

Folgendes in der php.ini ändern:
nano /etc/php/8.3/fpm/php.ini

memory_limit = 512M
upload_max_filesize = 5G
post_max_size = 20G

 

Folgendes in der www.conf ändern
nano /etc/php/8.2/fpm/pool.d/www.conf

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

 

Damit die Änderungen wirksam werden, müssen der Webserver und PHP neugestartet werden.
systemctl restart nginx
systemctl restart php8.2-fpm

Die Nextcloud herunterladen
BEACHTET!!! Der Link muss auf die aktuelle Version angepasst werden, er ist direkt bei Nextcloud auf der Webseite zu finden.

wget -O /tmp/latest.zip https://download.nextcloud.com/server/releases/latest.zip
unzip -o -d /var/www/nextcloud /tmp/latest.zip
chown -R www-data:www-data  /var/www -R

 

Des Weiteren haben wir einen lokalen Cache für die Nextcloud installiert - APCu. Der muss in der Nextcloud-Config angegeben werden.

###APCu

nano /var/www/cloudsvrde/config/config.php

Hier folgenden Eintrag hinzufügen 'memcache.local' => '\OC\Memcache\APCu',:

$CONFIG = array (
  'memcache.local' => '\OC\Memcache\APCu',
  'instanceid' => 'xxxxxxxxxxxx',
  'passwordsalt' => '++xxxxxxxxxxxx',
  'secret' => 'xxxxxxxxxxxx+gKGZ6',
  ....

echo "apc.enable_cli=1" >> /etc/php/8.3/cli/php.ini
systemctl restart nginx

 

Mit einem REDIS Server sieht es so aus:
https://www.vaahsen.de/redis-fuer-nextcloud-konfigurieren-memory-caching/

apt install redis-server php-redis php-apcu php8.3-apcu php8.3-redis

nano /etc/redis/redis.conf
supervised auto      => supervised systemd
unixsocketperm 700    => unixsocketperm 770

usermod -a -G redis www-data

nginx -t
service nginx restart
service redis-server start

Folgende Zeilen nach der letzten Zeile und vor dem ‚);‘ einfügen:

  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => 'true',
  'redis' =>
   array (
   'host' => 'localhost',
   'port' => 6379,
   'timeout' => 0.0,
   ),

OPcache konfigurieren
Als nächstes müssen Sie den PHP OPcache aktivieren, indem Sie die Datei php.ini bearbeiten

nano /etc/php/8.3/fpm/php.ini

Heben Sie die Kommentare in den folgenden Zeilen auf:
opcache.enable=1
opcache.memory_consumption=128
opcache.max_accelerated_files=10000
opcache.revalidate_freq=200

systemctl restart nginx php8.3-fpm

Ich Mit der Fotografie habe ich 2015 mit einer Canon PowerShot A1300™ angefangen. Mit dem Trainspotten habe ich im Januar 2022 angefangen.  Die ersten Bilder habe ich mit dem Samsung A21S™ gemacht. Inzwischen habe ich eine CANON SX520 HS™.

Für mich ist Eisenbahnfotografie nicht nur das super belichtete und von der Sonne angestrahlte Zug in einer Landschaft.
Eisenbahnfotografie heißt für mich einem einfach eine Lok in meinem Archiv zu haben, Lokomotiven und Züge in verschiedenen Stimmungen und Situationen zu fotografieren. Egal ob im Bahnhof, auf einer Brücke, im Tal oder bei einem Regenschauer.
Ich tue trainspotten das ich regelmäßig raus komme, inzwischen ist es ein Hobby geworden.
Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Read more
Unknown
Unknown
Accept
Decline