Difference between revisions of "NextCloud/Installation"

Latest revision as of 14:48, 15 May 2018

HOW TO: INSTALL NEXTCLOUD 10 ON FREEBSD JAIL

I wrote this guide primarily as a backup in case I needed to redo things over again, and decided to spruce it up and share it with others.

Please read Reference 1^[1] before continuing with this guide. The forum post has the most up-to-date information.

The Goal:

Put Nextcloud 10 on a FreeNAS jail using a standard LAMP setup for FreeBSD (FAMP)

This guide is a mix of several other guides I found for installing OwnCloud. The process for OC9 and NC10 is virtually identical. But most of the guides were out of date in regards to FreeNAS, so I updated it for FreeNAS 9.10.1, Nextcloud 10, Apache 2.4, PHP 7, and MariaDB 10.1 and FreeBSD 10+ Jail. I sourced all of the guides and pages I had used down at the bottom.

Getting Started - 

General Assumptions:

• You are familiar with Linux and comfortable with command line, but not so familiar with FreeBSD
• You have already set up a proper pool for your NextCloud dataset
• You are using FreeNAS 9.10.1-RELEASE with FreeBSD Jail Template "------"
• Your FreeNAS is connected to the internet, and your jails are properly configured.
• That you're generally on a clean install of 9.10.1-RELEASE, upgrades from 9.3, 9.2.1, etc have some issues with jails and templates. I ain't got time for that nonsense so this was a fresh install for me.
• You're using this for maybe a small start-up with no more than 100 users.

'Specifics:'

My Build: A real budget strapped build. (<$1400)

ASRock C2550d4n

16GB Crucial (2x8gb) DDR3-1600 EUDIMM 1.35v

x2 5TB HGST NAS 7200rpm 

x2 2TB Seagate Barracuda 7200rpm (These two are used for my NextCloud setup)

Target: 100+ users for Cloud and Archive storage, currently, with disk-to-disk mirroring. Soon to be expanded to a proper raid when I get the funds.

Creating the Dataset & Jail 

Let's Begin

Pool Name: "SETV_Cloud"

Static IP Address: 10.130.12.191

Create Dataset^[2]

Within FreeNAS Userspace:

Storage > Create ZFS Dataset

• Dataset Name = files
• Compression level = lz4
• Enable atime = Off
• All other options default
• Dataset Name = db
• Compression level = zle
• Enable atime = Off
• Record Size = 16K (Under Advanced Mode)
• All other options default

Users - Add New

• Username: mysql
• Shell: nologin
• Full Name: SQL User
• Password: anything

Storage -> /mnt/SETV_Cloud/db Change Permissions

• Owner: mysql
• Owner: mysql
• Set permission recursively

Create Jail

Jails > Add Jail

• Jail Name: nextcloud
• Template: "------"
• IPv4 Address: 10.130.10.121
• IPv4 Subnet: 255.255.248.0
• Leave all else default
• Ensure VIMAGE is checked

Add Storage

Jails -> Storage

• Jail: nextcloud
• Source = /mnt/SETV_Cloud/files
• Destination = /mnt/files

• Jail: nextcloud
• Source = /mnt/SETV_Cloud/db
• Destination = /var/db/mysql

Setting primary cache

In FreeNAS UserSpace Shell

$ zfs set primarycache=metadata Cloud/db

Configure Jail for SSH

We need to set up the jail to be able to SSH in and make faster adjustments.

Enter the Jail's shell from within FreeNAS

$ pkg upgrade

If it asks any questions, select Y and continue.

Enable SSH

$ cd /etc/ssh

$ vi sshd_config

Personally, I despise vi, but this is the quickest method I have found. Know a way better, please let me know.

if you don't know how to use vi, here's a quick step by step. I suggest you check out this cheat sheet

1. Scroll down using the DOWN arrow key until you find #PermitRootLogin no line.
2. With the cursor on the # hit x this will delete the hash now use the RIGHT arrow key to select the space before 'no'
3. Hit i type yes
4. Hit esc
5. Select the n in 'no' and hit x twice to delete 'no' so the line reads PermitRootLogin yes
6. type :wq
7. Hit ENTER
8. The file is now saved

Now enable and start SSH

$ sysrc sshd_enable=yes

$ service sshd start

Change Jail Root PW

We need to reset the jails root password; type this command, and follow the prompts

$ passwd

Now close the shell within FreeNAS, and use PuTTY to SSH to the jail.

F.A.M.P Installation

In this section we are going to install F.A.M.P, an iteration of LAMP (Linux, Apache, MySQL, PHP). I chose this because I, personally, haven't had much luck with nginx and mariadb. Another guide suggested lighttp and sqlite, but those might not hold up to a good amount of users storing a bit of data.

The setup is:

• FreeBSD 10.1
• Apache 2.4
• MariaDB 10.1
• PHP 7.0

This provides the basis for our webserving jail.

Before we get started, let's add a few necessary packages as they aren't currently installed.

$ pkg install nano wget sudo

We will install each part of FAMP one-by-one. FreeBSD is the Operating system so good to go on that!

Apache 2.4 ^[3]

Install

$ pkg install apache24

Setup in rc.conf

$ sysrc apache24_enable=yes

Start Apache

$ service apache24 start

Check that it works

Navigate to http://10.130.12.191 and you should see the text "It Works!"

MariaDB 10.1 ^[4]

Install

$ pkg install mariadb101-server

Setup in rc.conf

$ sysrc mysql_enable=yes

Start Server

$ service mysql-server start

Run Wizard Script

$ mysql_secure_installation

Read and follow prompts. There is no root password set just hit enter, and answer Y to all the following questions.

Login to MySQL, create Nextcloud DB and User

$ mysql -u root -p

enter password you made for root during setup.

Enter each of these commands one-by-one, and make sure to include the semi-colon ;

Code:

CREATE DATABASE nextcloud; 

CREATE USER 'nextcloud_admin'@'localhost' IDENTIFIED BY 'MAKEUP-YOUR-OWN-PASSWORD'; 

GRANT ALL ON nextcloud.* TO 'nextcloud_admin'@'localhost'; 

FLUSH PRIVILEGES; 

exit 

Replace MAKEUP-YOUR-OWN-PASSWORD with a password of your choosing. You need this for the NextCloud setup.

PHP 7.0

Install PHP and associated modules

Code:

pkg install redis php70 php70-bz2 php70-ctype php70-curl php70-dom php70-exif php70-fileinfo php70-filter php70-gd php70-hash php70-iconv php70-intl php70-json php70-mbstring php70-mcrypt php70-pdo_mysql php70-openssl php70-posix php70-session php70-simplexml php70-xml php70-xmlreader php70-xmlwriter php70-xsl php70-wddx php70-zip php70-zlib php70-APCu php70-redis

Setup rc.conf

sysrc 'mysql_enable=YES' 'redis_enable=YES'

Configuring Apache for PHP7

Ensure that the rewrite and ssl modules are enabled (uncommented) in /usr/local/etc/apache24/httpd.conf.

$ cd /usr/local/etc/apache24/

$ nano httpd.conf

Search the conf file for "ssl_module"

Code:

ctrl+w 
ssl_module 
ENTER

Uncomment (delete the # at the start of the line) so it looks like this:

LoadModule ssl_module libexec/apache24/mod_ssl.so

Repeat for

LoadModule rewrite_module libexec/apache24/mod_rewrite.so

Remove php5 add php7: ^[5][6]

• Find & Remove this >> LoadModule php5_module libexec/apache24/libphp5.so
• Replace with >> LoadModule php7_module libexec/apache24/libphp7.so

Right after libphp7.so line add

Code:

<IfModule php7_module>
   <FilesMatch "\.(php|phps|php7|phtml)$">
       SetHandler php7-script
   </FilesMatch>
   DirectoryIndex index.php 
</IfModule>

Then FIND <IFModule mime_module>

Insert Right After:

Code:

AddType application/x-httpd-php-source .phps
AddType application/x-httpd-php        .php

Save the file & exit

Add a PHP handler

# cd/usr/local/etc/apache24/modules.d

# touch /usr/local/etc/apache24/modules.d/001_mod_php.conf

# nano /usr/local/etc/apache24/modules.d/001_mod_php.conf

Paste:

Code:

<FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
 </IfModule>

Save & Exit

service apache24 restart

Once you're done save and close CTRL+x, Y, ENTER

Configure PHP.INI ^[7]

$ nano /usr/local/etc/php.ini

find cgi.fix_pathinfo=0 change from =0 to =1

find date.timezone = Change to your timezone (America/New_York)

find post_max_size= change it to 1999M

find upload_max_size= change to 1999M

CTRL+X, Y, ENTER

Restart Apache

$ service apache24 restart

Testing with PHPINFO() ^[8][9]

Navigate to /usr/local/www/apache24/data/

$ touch info.php

$ nano info.php

Paste:

Code:

<?php
 // Show all information, defaults to INFO_ALL
 phpinfo();
 ?>

Save & Exit

Navigate to http://10.130.12.191/info.php

You should see a full page with all the information regarding your PHP installation.

Configure REDIS ^[10]

Update /usr/local/etc/redis.confto run on local socket

Find port= and change it to 0

Find and replace:

Code:

unixsocket /tmp/redis.sock 
unixsocketperm 750

Add REDIS to rc.conf

$ sysrc redis_enable=yes

Start REDIS

$ service redis start

Check Redis

Run ls -al /tmp to run on local socket, you should see redis.sock and mysql.sock in the list.

If you see those two, you're ALMOST DONE!!

Installing NextCloud^[11]

Download

Go to the default apache data directory

$ cd /usr/local/www/apache24/data

Download Nextcloud

$ wget https://download.nextcloud.com/server/releases/nextcloud-10.0.0.zip

Unzip Nextcloud

$ unzip nextcloud-10.0.0.zip

Give correct owner

chown -R www:www /usr/local/www/apache24/data/nextcloud /mnt/files

chown -R mysql:mysql /var/db/mysql

Add virtual Host info ^[12]

Navigate to /usr/local/etc/apache24/Includes

Touch file:

$ touch cloud.YOURDOMAIN.com.conf

$ nano cloud*

Copy and paste the below text.

Code:

 <VirtualHost *:80>
 DocumentRoot "/usr/local/www/apache24/data/nextcloud"
 ServerName cloud.ssdcougars.tv
   RewriteEngine on
   RewriteCond %{SERVER_NAME} =cloud.ssdcougars.tv
   RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
 #ErrorLog ${APACHE_LOG_DIR}/error.log
 #CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /usr/local/www/apache24/data/nextcloud/>
 Options +FollowSymlinks
 AllowOverride All
 <IfModule mod_dav.c>
 Dav off
 </IfModule>
 SetEnv HOME /usr/local/www/apache24/data/nextcloud
 SetEnv HTTP_HOME /usr/local/www/apache24/data/nextcloud
 Satisfy Any
</Directory>
</VirtualHost>

Restart apache... again...

$ service apache24 restart

Navigate to the website

http://10.130.12.191/

You should now see the setup screen for NextCloud!!

If you do, give yourself a pat on the back. Now for the last steps...

'NextCloud WebUI'

Set up your admin account with a username and password you choose.

Storage & database

• Data folder = /mnt/files
• Database user = nextcloud_admin
• Database password = MADEUP_PASSWORD_FROM_BEFORE
• Database name = nextcloud
• Database host = localhost:/tmp/mysql.sock

Final Setup

In Jail Shell

Setup redis for caching

Code:

$ su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"' 
$ su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"' 
$ su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"' 
$ su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set redis port --value=0 --type=integer'

Setup All Previews

su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enable_previews --value=true --type=boolean'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 0 --value="OC\Preview\PNG"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 1 --value="OC\Preview\JPEG"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 2 --value="OC\Preview\GIF"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 3 --value="OC\Preview\BMP"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 4 --value="OC\Preview\XBitmap"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 5 --value="OC\Preview\MarkDown"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 6 --value="OC\Preview\MP3"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 7 --value="OC\Preview\TXT"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 8 --value="OC\Preview\Illustrator"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 9 --value="OC\Preview\Movie"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 10 --value="OC\Preview\MSOffice2003"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 11 --value="OC\Preview\MSOffice2007"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 12 --value="OC\Preview\MSOfficeDoc"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 13 --value="OC\Preview\OpenDocument"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 14 --value="OC\Preview\PDF"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 15 --value="OC\Preview\Photoshop"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 16 --value="OC\Preview\Postscript"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 17 --value="OC\Preview\StarOffice"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 18 --value="OC\Preview\SVG"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 19 --value="OC\Preview\TIFF"'
su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set enabledPreviewProviders 20 --value="OC\Preview\Font"'

Setup NC's cron jobs

Set Crontab editor to Nano for easier editing:

Add

setenv VISUAL /usr/local/bin/nano

setenv EDITOR /usr/local/bin/nano

to ~/.login

$ crontab -u www -e

Code:

*/15 * * * * /usr/local/bin/php -f /usr/local/www/apache24/data/nextcloud/cron.php

Setting up SSL using Certbot

httpd.conf Edits

Edit /usr/local/etc/apache24/httpd.conf

Find Listen 80 and add underneath Listen 443

Edit /usr/local/etc/apache24/Includes/cloud.ssdmftk.com.conf

Add the following:

<VirtualHost *:443>
    ServerAdmin webmaster@ssdcougars.tv
    ServerName cloud.ssdmftk.com
    DirectoryIndex index.php
    DocumentRoot /usr/local/www/apache24/data/nextcloud
    SSLCertificateFile /usr/local/etc/letsencrypt/live/cloud.ssdmftk.com/fullchain.pem
    SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/cloud.ssdmftk.com/privkey.pem
    SSLEngine on
    # Intermediate configuration, tweak to your needs
    SSLProtocol             all -SSLv2 -SSLv3
    SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    SSLHonorCipherOrder     on
    SSLCompression          off
    SSLOptions +StrictRequire
    <Directory /usr/local/www/apache24/data/nextcloud>
      AllowOverride all
    </Directory>
    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>
  </VirtualHost>

Install Certbot ^[4]

pkg install py27-certbot

$ certbot certonly --webroot -w /usr/local/www/apache24/data/nextcloud -d cloud.ssdmftk.com -d cloud.ssdcougars.tv -w /usr/local/www/apache24/data/nextcloud 
$ service apache24 restart 

Add Cron Job:

crontab -e

This will run certbot renewal every day at 1am and refresh Apache at 1:05 am^[13]

* 1 * * * /usr/local/bin/certbot renew > /var/log/certbotrenew.log 2>&1

5 1 * * * service apache24 restart

Collabora Online Setup

Set up Docker on FreeBSD Jail ^[14]

Install Collabora Docker Container ^[15]

Debian info on Callabora

Notes

And VOILA! YOU ARE DONE!!!!!

I have NOT yet installed the CollaboraOnline stuff yet. I will have to figure that out....

Errors:

ERR_EMPTY_RESPONSE

In /var/log/httpd-error.log

See similar errors to:

[pid:#####] child died with signal 11

Problem: Invalid LoadModule listed in Apache's httpd.conf

In our case it was loading php5 - we don't have php5 so it segfaults.

In /usr/local/etc/apache24/httpd.conf

Comment out LoadModule php5_module        libexec/apache24/libphp5.so

Sources

1. Jump up ↑ https://forums.freenas.org/index.php?threads/how-to-nextcloud-with-famp.46111/#post-313910
2. Jump up ↑ https://forums.freenas.org/index.php?threads/how-to-owncloud-using-nginx-php-fpm-and-mysql.17786/
3. Jump up ↑ https://www.digitalocean.com/community/tutorials/how-to-install-an-apache-mysql-and-php-famp-stack-on-freebsd-10-1
4. ↑ ^{Jump up to: 4.0 4.1} https://levlaz.org/installing-nextcloud-on-a-freebsd-vps/
5. Jump up ↑ http://serverfault.com/questions/646333/apache-24-not-serving-php-on-freebsd-10
6. Jump up ↑ https://kdenby.homelinux.com/?p=208
7. Jump up ↑ https://forums.freenas.org/index.php?threads/how-to-owncloud-using-nginx-php-fpm-and-mysql.17786/
8. Jump up ↑ https://mediatemple.net/community/products/dv/204643880/how-can-i-create-a-phpinfo.php-page
9. Jump up ↑ https://www.digitalocean.com/community/tutorials/how-to-install-an-apache-mysql-and-php-famp-stack-on-freebsd-10-1
10. Jump up ↑ https://levlaz.org/installing-nextcloud-on-a-freebsd-vps/
11. Jump up ↑ https://levlaz.org/installing-nextcloud-on-a-freebsd-vps/
12. Jump up ↑ https://www.linuxbabe.com/cloud-storage/setup-nextcloud-server-ubuntu-16-04-apache-mariadb-php7
13. Jump up ↑ https://hostpresto.com/community/tutorials/how-to-secure-your-apache-using-certbot-ssl/
14. Jump up ↑ http://www.freenas.org/blog/docker-done-right/
15. Jump up ↑ https://nextcloud.com/collaboraonline/