File Hosting with Nextcloud
Installation
First, download the latest version of Nextcloud:
curl -LO https://download.nextcloud.com/server/releases/latest.tar.bz2
sudo tar -C /mnt/hdd1 -xvjf /tmp/latest.tar.bz2
nano /tmp/nextcloud.sh
Then paste this:
ocpath='/path/to/nextcloud/'
htuser='www-data'
htgroup='www-data'
rootuser='root'
printf "Creating possible missing Directories\n"
mkdir -p $ocpath/data
mkdir -p $ocpath/updater
printf "chmod Files and Directories\n"
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
chmod 755 ${ocpath}
printf "chown Directories\n"
chown -R ${rootuser}:${htgroup} ${ocpath}/
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
chown -R ${htuser}:${htgroup} ${ocpath}/config/
chown -R ${htuser}:${htgroup} ${ocpath}/data/
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
chown -R ${htuser}:${htgroup} ${ocpath}/updater/
chmod +x ${ocpath}/occ
printf "chmod/chown .htaccess\n"
if [ -f ${ocpath}/.htaccess ]; then
chmod 0644 ${ocpath}/.htaccess
chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
fi
if [ -f ${ocpath}/data/.htaccess ]; then
chmod 0644 ${ocpath}/data/.htaccess
chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
fi
Then run
Set up firewall rules if needed
sudo ufw allow 443/tcp
If you need to change the data directory, make sure to add this permission to the new folder:
Then, change the appropriate setting in nextcloud/config/config.php file.
Nginx Webserver Installation
First, install php-fpm if needed
sudo apt install php8.1-fpm php8.1-curl php8.1-cli php8.1-mysql php8.1-gd php8.1-iconv php8.1-xsl php8.1-intl php-pear php-imagick php8.1-common php8.1-mbstring php8.1-zip php8.1-soap php8.1-gmp php8.1-bcmath php8.1-xml php8.1-imap php8.1-ldap php8.1-bz2 php-apcu redis-server php-redis -y
Here you need to make the same change to two files:
sudo nano /etc/php/8.1/cli/php.ini
Uncomment and change these lines:
...
cgi.fix_pathinfo=0
...
post_max_size = 1G
...
upload_max_filesize = 1G
...
memory_limit = 1G
Then add the following lines to php.ini in OPcache:
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
opcache.interned_strings_buffer=16
Then
and uncomment these
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
Then
sudo systemctl enable php8.1-fpm
sudo apt-get install -y nginx libmagickcore-6.q16-6-extra
Run
and write down the address after mast. It should be something like this:
You will need to use the address in the file below!
Go to this address and copy the configuration for the nginx file.
Paste the configuration in the file. Here you need to make a few changes. Remove listen 443 part and keep everything in one server block (apart from upstream section).
Remove all ssl... parts.
server unix:/run/php/php8.1-fpm.sock;
}
server {
listen 80;
server_name cloud.website.com;
...
root /path/to/nextcloud;
...
}
Create a sim-link, then check if everything is ok.
sudo nginx -t
If no problem was found, re/start nginx
sudo systemctl start nginx
Generating SSL Certificates
Next, we need to generate SSL certificates using Let's Encrypt.
sudo apt-get update
sudo apt-get install python3-certbot-nginx -y
sudo certbot --nginx -d cloud.website.com
For auto renewal:
Then add this line
MySQL or MariaDB Installtion
First, install the MySQL/MariaDB:
Enter MySQL command line and create a database and a user. Write down the name of the database and username and password of the user as they would be needed later.
Enter
GRANT ALL ON nextclouduser.* to 'nextclouddb'@'localhost' IDENTIFIED BY 'nextcloud_db_password';
FLUSH PRIVILEGES;
exit
Go to the wesbite and configure the settings.
Tuning the Server
Cron Job Settings
To run a check on the server, we need to set up a Cron job:
Add the line
Installing and Configuring Fail2Ban
To prevent brute force attacks, we can add Nextcloud to Fail2Ban list
Paste
failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: <HOST>\).*}$
Save and close.
paste
enabled=true
port=http,https
protocol=tcp
filter=nextcloud
maxretry=3
bantime=-1 #1800
logpath=/var/log/nextcloud_fail2ban.log
Save and exit.
sudo systemctl restart fail2ban
Automatic Logout
To log off after inactivity go to the next cloud config file (/path/to/nextcloud/config/config.php)
and add (or edit)
Installing Cache
For better performance, install a memchache:
Restart Nginx and Php-fpm afterward.
Then add the following line to the next cloud config file:
Then
Tips and Troubleshooting
Uploading a file using curl
To upload a file to a folder, first go on the web browser and login into your Nextcloud account. Then, find the folder and share it by choosing file drop. It gives you a link like this:
To upload a file using cli, do this:
Back up and Restore the SQL database
Switch to root;
Then paste:
user = nextclouduser
password = 'nextcloud_db_Password'
(make sure to use the single quote if there are special characters in password!)
Set the permission for this file as
Then run
To restore a SQL backup file:
IF YOU HAVE LOST YOUR SQL DATABASE:
Make sure all the users are disconnected from Nextcloud.
Start a new Nextcloud instance, but with the same username and passwords for all the users, same salt in the old Nextcloud config file and same version (can check the version in the old config file as well).
The config file is located at config/config.php
Login using the admin and create the users then logout. Change the data folder to the old folder and scan using occ command.
Useful OCC commands
Solving the Error: File is Locked
Go to next cloud config file:
Then go to maintenance mode by changing the value of false to true (or add the line):
Then, connect to nextcloud database and type:
Enter
DELETE FROM oc_file_locks WHERE 1;
EXIT
Finally change back the maintenance mode to false.
If it did not work, then go to nextcloud folder as root (make sure you are NOT in maintenance mode):
Integrity Error
If you get an integrity problem, run this so see the files:
Deleting File Versions
Deleting file versions for all users:
Emptying Trash Bin
To empty trash bin for all users
Disbale 2FA
To disable 2FA for a specific user:
Send Push Notification
To send a push notification to a user
Deleting File Cache
To delete file cache
Repairing the instance
To do a repair