cloud.libre.is
Administrator documentation for Libre Cloud.
The site is based on Nextcloud software.
Nextcloud install documentation:
Firewall
Open ports 80 and 443.
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
Apache
Initial setup of Apache with Certbot.
sudo su -
apt install python3-certbot-apache php php-fpm php-gd php-json php-xml \
php-curl php-mbstring php-zip php-mysql php-intl php-imap php-bcmath \
php-gmp php-apcu php-redis php-imagick imagemagick ffmpeg \
redis-server
echo "cloud.libre.is" > /var/www/html/index.html
certbot -d cloud.libre.is
a2enmod rewrite headers env dir mime setenvif ssl proxy_fcgi
a2enconf php8.2-fpm
systemctl restart apache2
Some PHP config…XXX
sed -i -e 's/max_execution_time = 30/max_execution_time = 90/g' \
/etc/php/8.2/apache2/php.ini
sed -i -e 's/max_execution_time = 30/max_execution_time = 90/g' \
/etc/php/8.2/cli/php.ini
sed -i -e 's/max_execution_time = 30/max_execution_time = 90/g' \
/etc/php/8.2/fpm/php.ini
sed -i -e 's/memory_limit = 128M/memory_limit = 512M/g' \
/etc/php/8.2/apache2/php.ini
sed -i -e 's/memory_limit = 128M/memory_limit = 512M/g' \
/etc/php/8.2/cli/php.ini
sed -i -e 's/memory_limit = 128M/memory_limit = 512M/g' \
/etc/php/8.2/fpm/php.ini
sed -i -e 's/;opcache.enable=1/opcache.enable=1/g' \
/etc/php/8.2/apache2/php.ini
sed -i -e 's/;opcache.enable=1/opcache.enable=1/g' \
/etc/php/8.2/cli/php.ini
sed -i -e 's/;opcache.enable=1/opcache.enable=1/g' \
/etc/php/8.2/fpm/php.ini
systemctl restart apache2
Database
Use MariaDB for the databse.
sudo apt install mariadb-server
sudo mariadb-admin password
mariadb -uroot -p
Then in the database:
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL PRIVILEGES on nextcloud.* to 'nextcloud'@'localhost';
FLUSH PRIVILEGES;
EXIT
Edit /etc/mysql/my.cnf to look like this:
[server]
skip_name_resolve = 1
innodb_buffer_pool_size = 128M
innodb_buffer_pool_instances = 1
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 32M
innodb_max_dirty_pages_pct = 90
query_cache_type = 1
query_cache_limit = 2M
query_cache_min_res_unit = 2k
query_cache_size = 64M
tmp_table_size= 64M
max_heap_table_size= 64M
slow_query_log = 1
slow_query_log_file = /var/log/mysql/slow.log
long_query_time = 1
[client-server]
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mariadb.conf.d/
[client]
default-character-set = utf8mb4
[mysqld]
character_set_server = utf8mb4
collation_server = utf8mb4_general_ci
transaction_isolation = READ-COMMITTED
binlog_format = ROW
innodb_large_prefix=on
innodb_file_format=barracuda
innodb_file_per_table=1
Restart database:
systemctl restart mariadb.service
Edit PHP file /etc/php/8.2/apache2/conf.d/20-pdo_mysql.ini for MariaDB. XXX maybe too: /etc/php/8.2/cli/conf.d/20-pdo_mysql.ini /etc/php/8.2/fpm/conf.d/20-pdo_mysql.ini
extension=pdo_mysql.so
[mysql]
mysql.allow_local_infile=On
mysql.allow_persistent=On
mysql.cache_size=2000
mysql.max_persistent=-1
mysql.max_links=-1
mysql.default_port=
mysql.default_socket=/run/mysqld/mysqld.sock
mysql.default_host=
mysql.default_user=
mysql.default_password=
mysql.connect_timeout=60
mysql.trace_mode=Off
Then restart apache…
sudo systemctl restart apache2
redis
Make some redis config changes. Edit /etc/redis/redis.conf
bind 127.0.0.1
unixsocket /run/redis/redis-server.sock
unixsocketperm 770
Then restart redis.
sudo systemctl restart redis-server
Nextcloud
Get Nextcloud source.
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
wget https://download.nextcloud.com/server/releases/latest.tar.bz2.sha256
cat latest.tar.bz2.sha256 ; sha256sum latest.tar.bz2
tar xf latest.tar.bz2
sudo cp -a nextcloud/* /var/www/html/nextcloud/
sudo cp -a nextcloud/.htaccess nextcloud/.user.ini /var/www/html/nextcloud/
sudo chown -R www-data:www-data /var/www/html/nextcloud/
Apache More
Set up Apache for nextcloud.
Remove the old configs:
rm /etc/apache2/sites-enabled/000-default.conf \
/etc/apache2/sites-enabled/000-default-le-ssl.conf
Then add file /etc/apache2/sites-available/cloud-libre-is.conf with these contents:
<VirtualHost 70.39.110.157:80>
ServerName cloud.libre.is
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/nextcloud
ErrorLog ${APACHE_LOG_DIR}/error-cloud-libre-is.log
CustomLog ${APACHE_LOG_DIR}/access-cloud-libre-is.log combined
RewriteEngine on
ReWriteCond %{HTTPS} off
ReWriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{SERVER_NAME} =cloud.libre.is
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost 70.39.110.157:443>
ServerName cloud.libre.is
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/nextcloud
ErrorLog ${APACHE_LOG_DIR}/error-ssl-cloud-libre-is.log
CustomLog ${APACHE_LOG_DIR}/access-ssl-cloud-libre-is.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/cloud.libre.is/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.libre.is/privkey.pem
<Directory /var/www/html/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Symlink it to enable it, then restart apache.
sudo ln -s /etc/apache2/sites-available/cloud-libre-is.conf \
/etc/apache2/sites-enabled/
rm /var/www/html/index.html
sudo systemctl restart apache2
Nextcloud Admin
Now go to the new site and configure via web browser:
Create an admin account with password.
Settings:
Database: nextcloud
Database user: nextcloud
Database password: password used when creating nextcloud db above.
Install recommended apps. After installing apps, it appears to hang at the dashboard with just a big white box. Clicking outside the box fixes it.
Click in upper right corner icon and go to “Administration Settings”.
Make some config changes. Edit /var/www/html/nextcloud/config/config.php and add under “‘installed’ => true,” this:
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\APCu',
# 'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/run/redis/redis-server.sock',
'port' => 0,
),
'maintenance_window_start' => 1,
'default_language' => 'en',
'force_language' => 'en',
'default_locale' => 'en_US',
'force_locale' => 'en_US',
'default_phone_region' => 'US',
'default_timezone' => 'America/New_York',
'knowledgebaseenabled' => false,
'mail_domain' => 'libre.is',
'overwritehost' => 'cloud.libre.is',
'overwriteprotocol' => 'https',
'updatechecker' => false,
'defaultapp' => 'calendar,tasks',
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'ssl',
'mail_sendmailmode' => 'smtp',
'maintenance' => false,
Note, memcache.distributed is borken.
Edit /etc/php/8.2/apache2/php.ini and /etc/php/8.2/fpm/php.ini in the [opcache] section, set these values then restart apache:
opcache.enable=1
opcache.enable_cli=0
opcache.memory_consumption=512
opcache.interned_strings_buffer=64
opcache.max_accelerated_files=50000
opcache.max_wasted_percentage=15
opcache.validate_timestamps=0
opcache.revalidate_freq=0
opcache.save_comments=1
Update config. The config script needs a wrapper to run from the command line. Create /usr/local/sbin/nextcloud-occ with these contents:
#!/bin/bash
sudo -u www-data php --define apc.enable_cli=1 /var/www/html/nextcloud/occ "$@"
Then make it executable:
chown root:root /usr/local/sbin/nextcloud-occ
chmod 700 /usr/local/sbin/nextcloud-occ
Run OCC updates:
sudo nextcloud-occ maintenance:update:htaccess
sudo nextcloud-occ maintenance:repair --include-expensive
sudo nextcloud-occ db:add-missing-indices
Background jobs:
FPM config:
Move the install log out of the way:
sudo mv /var/www/html/nextcloud/data/nextcloud.log \
/var/www/html/nextcloud/data/nextcloud-install.log