
Alias: ["Nextcloud server", "Cloud Server"]
Tag: ["Computer", "Web", "Server", "Privacy", "Security"]
Date: 2021-09-03
DocType: "Server"
Hierarchy: "NonRoot"
location: [48.8570517, 2.3677354]
 CPU: 1Core
 RAM: 512MB
 Bandwidth: 500GB
 Speed: 1Gbps
 OS: Ubuntu 20.04
 Domiciliation: BG
 Hostname: sofstorage14
 Host: AlphaVPS
 SubDomain: cloud
 Capa: 128GB
 Type: HDD
 UsedSpace: 25%
 TimeStamp: 2021-11-13
CollapseMetaTable: yes


Parent:: [[mfxm Website Scope|mfxm.fr]], [[Storage and Syncing]]




name Edit Server parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData

name Save
type command
action Save current file
id Save


# Cloud Server


title: Summary
collapse: open
Server for Cloud storage and device syncing.


style: number




### Server parameters

title: Dashboard access


title: Address
The service will be located under **[cloud.mfxm.fr](https://cloud.mfxm.fr)** .




### Service

title: Nextcloud
[[Nextcloud]] is a cloud storage management service offering a variety of Apps to manage data online.


#### Installation guide

title: Installation


#### Installed dependencies

##### Apache2

Webserver for [[Nextcloud]].
Apache2 has notorious issues with over-clogging memory usage (topping 100% of memory usage). 
In order to minimise memory usage, [[#APCu]] has been installed as a cache manager. In addition, Appache has been paired with:

- **[php-fpm](https://www.php.net/manual/en/install.fpm.php)** for php7.4, enabling faster interaction between apache and backend.
- the '**event**' multi-processing module ([MPM](https://tecadmin.net/apache-mpm-prefork-and-worker-and-event/)) enabling decluttering of processing between ports & Apache

All relevant dependencies have been installed and the set-up tested.
A comprehensive tutorial on the MPM switch can be found [here](https://www.digitalocean.com/community/tutorials/how-to-configure-apache-http-with-mpm-event-and-php-fpm-on-ubuntu-18-04) or [here](https://askubuntu.com/questions/1319861/how-to-configure-apache-http-to-php-fpm-on-ubuntu-20-10).

**php.ini** files can be found at:



##### Certbot
Provides SSL certification from **Let's Encrypt**. Installation dependencies are different from Nginx and explained [here](https://linuxhint.com/secure-apache-lets-encrypt-ubuntu/)


##### MySQL

Nothing particular to note on MySQL apart from initial set-up and user management.

Configuration file is under:


title: Optimise memory usage of mysql
% Disable performance schema to hugely reduce RAM usage
performance_schema = OFF

In order to restart mysql, the command is:

sudo service mysql restart


##### Security
| Program name | Type | Description
| **[[Configuring Fail2ban|fail2ban]]** | Daemon | Blocks suspicious attempts to login
| **unattended-upgrades** | Program | Enables automatic updates of installed programs and OS
| **logwatch** | Daemon | Monitors activity on server and sends activity logs


##### fail2ban
Classic [[Configuring Fail2ban|fail2ban]] installation with a dedicated configuration:

sudo nano /etc/fail2ban/jail.d/sshd.local

With the following parameters:

enabled = true
maxretry = 10
bantime = 1m


Please refer to the [[Configuring Fail2ban|conf guide]] for a detailed description.


##### Postfix

Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Configuring Postfix|system]] is required for every server to work correctly.


##### APCu
Memory caching addon for Nextcloud. Memory caching management is provided by Nextcloud and needs to be set up as a system cron job. After installing APCu, the webserver needs to be **restarted** and the cron job defined:

1. **Define the cronjob**

sudo crontab -u www-data -e

2. **Add cronjob**

 */5  *  *  *  * php -f /var/www/html/nextcloud/cron.php --define apc.enable_cli=1

3. **Verify that the cron job is added**

sudo crontab -u www-data -l


##### SVG support
SVG support is installed in the form of a package.

sudo apt-get update -y
sudo apt-get install -y libmagickcore-6.q16-6-extra


##### UFW

Firewall management, see [[Configuring UFW|here]] for more details.




#### Server-side monitoring
[Monit](https://mmonit.com/monit/documentation/monit.html) is a process and daemon monitoring tool. More information on operating the software can be found [[Configuring Monit|here]].

List of monitored services:
- System
- [[Configuring Fail2ban|Fail2ban]]
- cron
- Postfix
- Apache


[[Configuring Telegram bots|Telegram bots]] are also being implemented to receive logs from logwatch & [[Configuring Monit|monit]].




#### Service management
Nextcloud offers two alternatives for managing the service:
1. An admin webpanel
2. A command line tool


##### Admin webpanel

Accessed through login into the service with admin credentials. Settings offer an admin section.


##### Nextcloud command line tool
From the server's command line, Nextcloud offers the ability to perform some tasks like user management.


###### Introduction to the command

[[Nextcloud]] offers a command-line tool which permission needs to be set to "executable". It is located here:


The tool needs to be invoked by the "www-data" user and compiled with PHP:

sudo -u www-data php /var/www/html/nextcloud/occ


###### Generic commands

[[Nextcloud]] offers a simple description of all commands [here](https://docs.nextcloud.com/server/22/admin_manual/configuration_server/occ_command.html)




#### Data transfer
After each data transfer, run the following command to refresh [[Nextcloud]]'s webapp:

sudo -u www-data php /var/www/html/nextcloud/occ files:scan --all

More info can be found [here](https://docs.nextcloud.com/server/22/admin_manual/configuration_server/occ_command.html)


##### Cloud2Cloud
title: Data transfer tool

rClone uses a simple config interface to configure remote hosts (including [[Nextcloud]]):

rclone config

The config data can be password-protected for security.

1. **Copy data**

rclone copy source:'datapath' dest:'datapath'

2. **Sync data**

rclone sync source:'datapath' dest:'datapath'


##### Upload from local

[Nextcloud help](https://help.nextcloud.com/t/how-to-upload-and-share-file-automatically/19202)


##### Directories
1. **Local file structure**


2. **Webdav file structure**





#### Nextcloud server hardening
title: Nextcloud tutorial




### Pricing

<mark class="green">Cloud Server</mark> | One-off cost | Recurring subscription p.a.
<p style="color:cyan">**Server hosting**</p> | &emsp; | *€15*




### Tasks & Further steps


- [ ] [[Server Cloud]]: Backup server %%done_del%% 🔁 every 6 months on the 1st Tuesday 📅 2022-09-06
- [x] [[Server Cloud]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2022-03-11 ✅ 2022-03-11
- [x] [[Server Cloud]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-09-15 ✅ 2022-01-08
- [x] [[Server Cloud]]: Backup server 🔁 every 6 months on the 1st Tuesday ✅ 2021-09-14
- [x]  Set-up landing page

- [ ] [[Selfhosting]], [[Server Cloud|Cloud]]: Upgrader & Health checks %%done_del%% 🔁 every 4 months 📅 2022-09-01
- [x] [[Selfhosting]], [[Server Cloud|Cloud]]: Upgrader & Health checks 🔁 every 4 months 📅 2022-05-01 ✅ 2022-05-05

