---
Alias: ["Nextcloud server", "Cloud Server"]
Tag: ["Computer", "Web", "Server", "Privacy", "Security"]
Date: 2021-09-03
DocType: "Server"
Hierarchy: "NonRoot"
location: [48.8570517, 2.3677354]
Performance:
CPU: 1Core
RAM: 512MB
Bandwidth: 500GB
Speed: 1Gbps
Characteristics:
OS: Ubuntu 20.04
Domiciliation: BG
IPv4: 82.118.235.70
Hostname: sofstorage14
Host: AlphaVPS
SubDomain: cloud
Disk:
Capa: 128GB
Type: HDD
UsedSpace: 25%
TimeStamp: 2021-11-13
CollapseMetaTable: yes
---
Parent:: [[mfxm Website Scope|mfxm.fr]], [[Storage and Syncing]]
---
^Top
```button
name Edit Server parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData
```
^button-CloudServerEdit
```button
name Save
type command
action Save current file
id Save
```
^button-CloudServerSave
# Cloud Server
```ad-abstract
title: Summary
collapse: open
Server for Cloud storage and device syncing.
```
```toc
style: number
```
---
### Server parameters
[[#^Top|TOP]]
```ad-quote
title: Dashboard access
[https://alphavps.com/clients/](https://alphavps.com/clients/)
```
```ad-quote
title: Address
The service will be located under **[cloud.mfxm.fr](https://cloud.mfxm.fr)** .
```
---
### Service
[[#^Top|TOP]]
```ad-abstract
title: Nextcloud
[[Nextcloud]] is a cloud storage management service offering a variety of Apps to manage data online.
```
#### Installation guide
```ad-info
title: Installation
[Tutorial](https://www.techrepublic.com/article/how-to-install-nextcloud-22-on-ubuntu-server-20-04/)
[Tutorial2](https://nextcloud.com/athome/)
[Tutorial3](https://blog.ssdnodes.com/blog/installing-nextcloud-docker/)
```
#### Installed dependencies
[[#^Top|TOP]]
##### Apache2
Webserver for [[Nextcloud]].
Apache2 has notorious issues with over-clogging memory usage (topping 100% of memory usage).
In order to minimise memory usage, [[#APCu]] has been installed as a cache manager. In addition, Appache has been paired with:
- **[php-fpm](https://www.php.net/manual/en/install.fpm.php)** for php7.4, enabling faster interaction between apache and backend.
- the '**event**' multi-processing module ([MPM](https://tecadmin.net/apache-mpm-prefork-and-worker-and-event/)) enabling decluttering of processing between ports & Apache
All relevant dependencies have been installed and the set-up tested.
A comprehensive tutorial on the MPM switch can be found [here](https://www.digitalocean.com/community/tutorials/how-to-configure-apache-http-with-mpm-event-and-php-fpm-on-ubuntu-18-04) or [here](https://askubuntu.com/questions/1319861/how-to-configure-apache-http-to-php-fpm-on-ubuntu-20-10).
**php.ini** files can be found at:
```ad-path
/etc/php/7.4/fpm/php.ini
/etc/php/7.4/apache2/php.ini
/etc/php/7.4/cli/php.ini
```
##### Certbot
[[#^Top|TOP]]
Provides SSL certification from **Let's Encrypt**. Installation dependencies are different from Nginx and explained [here](https://linuxhint.com/secure-apache-lets-encrypt-ubuntu/)
##### MySQL
Nothing particular to note on MySQL apart from initial set-up and user management.
Configuration file is under:
```ad-path
/etc/mysql/mysql.conf.d/mysqld.cnf
```
```ad-code
title: Optimise memory usage of mysql
~~~yaml
[mysqld]
% Disable performance schema to hugely reduce RAM usage
performance_schema = OFF
~~~
```
In order to restart mysql, the command is:
```ad-command
~~~bash
sudo service mysql restart
~~~
```
##### Security
[[#^Top|TOP]]
| Program name | Type | Description
|----------------|------|-------------
| **[[Configuring Fail2ban|fail2ban]]** | Daemon | Blocks suspicious attempts to login
| **unattended-upgrades** | Program | Enables automatic updates of installed programs and OS
| **logwatch** | Daemon | Monitors activity on server and sends activity logs
##### fail2ban
[[#^Top|TOP]]
Classic [[Configuring Fail2ban|fail2ban]] installation with a dedicated configuration:
```ad-command
~~~bash
sudo nano /etc/fail2ban/jail.d/sshd.local
~~~
```
With the following parameters:
```ad-code
~~~yaml
[sshd]
enabled = true
port=2227
maxretry = 10
bantime = 1m
~~~
```
Please refer to the [[Configuring Fail2ban|conf guide]] for a detailed description.
##### Postfix
Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Configuring Postfix|system]] is required for every server to work correctly.
##### APCu
[[#^Top|TOP]]
Memory caching addon for Nextcloud. Memory caching management is provided by Nextcloud and needs to be set up as a system cron job. After installing APCu, the webserver needs to be **restarted** and the cron job defined:
1. **Define the cronjob**
```ad-command
~~~bash
sudo crontab -u www-data -e
~~~
```
2. **Add cronjob**
```ad-code
~~~bash
*/5 * * * * php -f /var/www/html/nextcloud/cron.php --define apc.enable_cli=1
~~~
```
3. **Verify that the cron job is added**
```ad-command
~~~bash
sudo crontab -u www-data -l
~~~
```
##### SVG support
[[#^Top|TOP]]
SVG support is installed in the form of a package.
```ad-command
~~~bash
sudo apt-get update -y
sudo apt-get install -y libmagickcore-6.q16-6-extra
~~~
```
&emsp
##### UFW
Firewall management, see [[Configuring UFW|here]] for more details.
---
#### Server-side monitoring
[[#^Top|TOP]]
[Monit](https://mmonit.com/monit/documentation/monit.html) is a process and daemon monitoring tool. More information on operating the software can be found [[Configuring Monit|here]].
List of monitored services:
- System
- SSH
- [[Configuring Fail2ban|Fail2ban]]
- cron
- Postfix
- MySQL
- Apache
[[Configuring Telegram bots|Telegram bots]] are also being implemented to receive logs from logwatch & [[Configuring Monit|monit]].
---
#### Service management
[[#^Top|TOP]]
Nextcloud offers two alternatives for managing the service:
1. An admin webpanel
2. A command line tool
##### Admin webpanel
Accessed through login into the service with admin credentials. Settings offer an admin section.
##### Nextcloud command line tool
[[#^Top|TOP]]
From the server's command line, Nextcloud offers the ability to perform some tasks like user management.
###### Introduction to the command
[[Nextcloud]] offers a command-line tool which permission needs to be set to "executable". It is located here:
```ad-path
/var/www/html/nextcloud/occ
```
The tool needs to be invoked by the "www-data" user and compiled with PHP:
```ad-command
~~~bash
sudo -u www-data php /var/www/html/nextcloud/occ
~~~
```
###### Generic commands
[[Nextcloud]] offers a simple description of all commands [here](https://docs.nextcloud.com/server/22/admin_manual/configuration_server/occ_command.html)
---
#### Data transfer
[[#^Top|TOP]]
After each data transfer, run the following command to refresh [[Nextcloud]]'s webapp:
```ad-command
~~~bash
sudo -u www-data php /var/www/html/nextcloud/occ files:scan --all
~~~
```
More info can be found [here](https://docs.nextcloud.com/server/22/admin_manual/configuration_server/occ_command.html)
##### Cloud2Cloud
[[#^Top|TOP]]
```ad-bug
title: Data transfer tool
[rclone](https://autoize.com/moving-data-from-cloud-to-cloud-with-rclone/)
```
rClone uses a simple config interface to configure remote hosts (including [[Nextcloud]]):
```ad-command
~~~bash
rclone config
~~~
```
The config data can be password-protected for security.
1. **Copy data**
```ad-command
~~~bash
rclone copy source:'datapath' dest:'datapath'
~~~
```
2. **Sync data**
```ad-command
~~~bash
rclone sync source:'datapath' dest:'datapath'
~~~
```
##### Upload from local
```ad-bug
[Curl](https://cylab.be/blog/33/how-to-upload-your-files-to-nextcloud-file-drop-using-curl)
[Nextcloud help](https://help.nextcloud.com/t/how-to-upload-and-share-file-automatically/19202)
```
##### Directories
[[#^Top|TOP]]
1. **Local file structure**
```ad-path
/var/www/html/nextcloud/data/USERNAME/files
```
2. **Webdav file structure**
```ad-path
/remote.php/dav/files/USERNAME
```
---
#### Nextcloud server hardening
[[#^Top|TOP]]
```ad-bug
title: Nextcloud tutorial
[Here](https://docs.nextcloud.com/server/latest/admin_manual/installation/harden_server.html)
```
---
### Pricing
[[#^Top|TOP]]
Cloud Server | One-off cost | Recurring subscription p.a.
--------|---------------|:----------------------:
**Server hosting**
| | *€15*
^CloudServerCost
---
### Tasks & Further steps
- [ ] :cloud: [[Server Cloud]]: Backup server %%done_del%% 🔁 every 6 months on the 1st Tuesday 📅 2022-09-06
- [x] [[Server Cloud]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2022-03-11 ✅ 2022-03-11
- [x] [[Server Cloud]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-09-15 ✅ 2022-01-08
- [x] [[Server Cloud]]: Backup server 🔁 every 6 months on the 1st Tuesday ✅ 2021-09-14
- [x] Set-up landing page
- [ ] :cloud: [[Selfhosting]], [[Server Cloud|Cloud]]: Upgrader & Health checks %%done_del%% 🔁 every 4 months 📅 2022-09-01
- [x] [[Selfhosting]], [[Server Cloud|Cloud]]: Upgrader & Health checks 🔁 every 4 months 📅 2022-05-01 ✅ 2022-05-05
[[#^Top|TOP]]