You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
440 lines
8.5 KiB
440 lines
8.5 KiB
---
|
|
|
|
Alias: ["Nextcloud server"]
|
|
Tag: ["Computer", "Web", "Server", "Privacy", "Security"]
|
|
Date: 2021-09-03
|
|
DocType: "Server"
|
|
Hierarchy: "NonRoot"
|
|
location: [48.8570517, 2.3677354]
|
|
Performance:
|
|
CPU: 1Core
|
|
RAM: 512MB
|
|
Bandwidth: 500GB
|
|
Speed: 1Gbps
|
|
Characteristics:
|
|
OS: Ubuntu 20.04
|
|
Domiciliation: BG
|
|
IPv4: 82.118.235.70
|
|
Hostname: sofstorage14
|
|
Host: AlphaVPS
|
|
SubDomain: cloud
|
|
Disk:
|
|
Capa: 128GB
|
|
Type: HDD
|
|
UsedSpace: 25%
|
|
TimeStamp: 2021-11-13
|
|
CollapseMetaTable: yes
|
|
|
|
---
|
|
|
|
Parent:: [[mfxm Website Scope|mfxm.fr]], [[Storage and Syncing]]
|
|
|
|
---
|
|
|
|
^Top
|
|
|
|
 
|
|
|
|
```button
|
|
name Edit Server parameters
|
|
type command
|
|
action MetaEdit: Run MetaEdit
|
|
id EditMetaData
|
|
```
|
|
^button-CloudServerEdit
|
|
|
|
```button
|
|
name Save
|
|
type command
|
|
action Save current file
|
|
id Save
|
|
```
|
|
^button-CloudServerSave
|
|
|
|
 
|
|
|
|
# Cloud Server
|
|
|
|
 
|
|
|
|
```ad-abstract
|
|
title: Summary
|
|
collapse: open
|
|
Server for Cloud storage and device syncing.
|
|
```
|
|
|
|
 
|
|
|
|
```toc
|
|
style: number
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Server parameters
|
|
[[#^Top|TOP]]
|
|
 
|
|
|
|
```ad-quote
|
|
title: Dashboard access
|
|
[https://alphavps.com/clients/](https://alphavps.com/clients/)
|
|
```
|
|
|
|
 
|
|
|
|
```ad-quote
|
|
title: Address
|
|
The service will be located under **[cloud.mfxm.fr](https://cloud.mfxm.fr)** .
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Service
|
|
[[#^Top|TOP]]
|
|
 
|
|
|
|
```ad-abstract
|
|
title: Nextcloud
|
|
[[Nextcloud]] is a cloud storage management service offering a variety of Apps to manage data online.
|
|
```
|
|
|
|
 
|
|
|
|
#### Installation guide
|
|
|
|
```ad-info
|
|
title: Installation
|
|
[Tutorial](https://www.techrepublic.com/article/how-to-install-nextcloud-22-on-ubuntu-server-20-04/)
|
|
[Tutorial2](https://nextcloud.com/athome/)
|
|
[Tutorial3](https://blog.ssdnodes.com/blog/installing-nextcloud-docker/)
|
|
```
|
|
|
|
 
|
|
|
|
#### Installed dependencies
|
|
[[#^Top|TOP]]
|
|
 
|
|
|
|
##### Apache2
|
|
|
|
Webserver for [[Nextcloud]].
|
|
Apache2 has notorious issues with over-clogging memory usage (topping 100% of memory usage).
|
|
In order to minimise memory usage, [[#APCu]] has been installed as a cache manager. In addition, Appache has been paired with:
|
|
|
|
- **[php-fpm](https://www.php.net/manual/en/install.fpm.php)** for php7.4, enabling faster interaction between apache and backend.
|
|
- the '**event**' multi-processing module ([MPM](https://tecadmin.net/apache-mpm-prefork-and-worker-and-event/)) enabling decluttering of processing between ports & Apache
|
|
|
|
All relevant dependencies have been installed and the set-up tested.
|
|
A comprehensive tutorial on the MPM switch can be found [here](https://www.digitalocean.com/community/tutorials/how-to-configure-apache-http-with-mpm-event-and-php-fpm-on-ubuntu-18-04) or [here](https://askubuntu.com/questions/1319861/how-to-configure-apache-http-to-php-fpm-on-ubuntu-20-10).
|
|
|
|
**php.ini** files can be found at:
|
|
|
|
```ad-path
|
|
/etc/php/7.4/fpm/php.ini
|
|
/etc/php/7.4/apache2/php.ini
|
|
/etc/php/7.4/cli/php.ini
|
|
```
|
|
|
|
 
|
|
|
|
##### Certbot
|
|
[[#^Top|TOP]]
|
|
Provides SSL certification from **Let's Encrypt**. Installation dependencies are different from Nginx and explained [here](https://linuxhint.com/secure-apache-lets-encrypt-ubuntu/)
|
|
|
|
 
|
|
|
|
##### MySQL
|
|
|
|
Nothing particular to note on MySQL apart from initial set-up and user management.
|
|
|
|
Configuration file is under:
|
|
|
|
```ad-path
|
|
/etc/mysql/mysql.conf.d/mysqld.cnf
|
|
```
|
|
|
|
```ad-code
|
|
title: Optimise memory usage of mysql
|
|
~~~yaml
|
|
[mysqld]
|
|
% Disable performance schema to hugely reduce RAM usage
|
|
performance_schema = OFF
|
|
~~~
|
|
```
|
|
|
|
In order to restart mysql, the command is:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo service mysql restart
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
##### Security
|
|
[[#^Top|TOP]]
|
|
| Program name | Type | Description
|
|
|----------------|------|-------------
|
|
| **fail2ban** | Daemon | Blocks suspicious attempts to login
|
|
| **unattended-upgrades** | Program | Enables automatic updates of installed programs and OS
|
|
| **logwatch** | Daemon | Monitors activity on server and sends activity logs
|
|
|
|
 
|
|
|
|
##### Postfix
|
|
|
|
Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Configuring Postfix|system]] is required for every server to work correctly.
|
|
|
|
 
|
|
|
|
##### APCu
|
|
[[#^Top|TOP]]
|
|
Memory caching addon for Nextcloud. Memory caching management is provided by Nextcloud and needs to be set up as a system cron job. After installing APCu, the webserver needs to be **restarted** and the cron job defined:
|
|
|
|
1. **Define the cronjob**
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo crontab -u www-data -e
|
|
~~~
|
|
```
|
|
|
|
2. **Add cronjob**
|
|
|
|
```ad-code
|
|
~~~bash
|
|
*/5 * * * * php -f /var/www/html/nextcloud/cron.php --define apc.enable_cli=1
|
|
~~~
|
|
```
|
|
|
|
3. **Verify that the cron job is added**
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo crontab -u www-data -l
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
##### SVG support
|
|
[[#^Top|TOP]]
|
|
SVG support is installed in the form of a package.
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo apt-get update -y
|
|
sudo apt-get install -y libmagickcore-6.q16-6-extra
|
|
~~~
|
|
```
|
|
|
|
##### UFW
|
|
|
|
Firewall management, see [[Configuring UFW|here]] for more details.
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
#### Server-side monitoring
|
|
[[#^Top|TOP]]
|
|
[Monit](https://mmonit.com/monit/documentation/monit.html) is a process and daemon monitoring tool. More information on operating the software can be found [[Configuring Monit|here]].
|
|
|
|
List of monitored services:
|
|
- System
|
|
- SSH
|
|
- Fail2ban
|
|
- cron
|
|
- Postfix
|
|
- MySQL
|
|
- Apache
|
|
|
|
 
|
|
|
|
[[Configuring Telegram bots|Telegram bots]] are also being implemented to receive logs from logwatch & [[Configuring Monit|monit]].
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
#### Service management
|
|
[[#^Top|TOP]]
|
|
Nextcloud offers two alternatives for managing the service:
|
|
1. An admin webpanel
|
|
2. A command line tool
|
|
|
|
 
|
|
|
|
##### Admin webpanel
|
|
|
|
Accessed through login into the service with admin credentials. Settings offer an admin section.
|
|
|
|
 
|
|
|
|
##### Nextcloud command line tool
|
|
[[#^Top|TOP]]
|
|
From the server's command line, Nextcloud offers the ability to perform some tasks like user management.
|
|
|
|
 
|
|
|
|
###### Introduction to the command
|
|
|
|
[[Nextcloud]] offers a command-line tool which permission needs to be set to "executable". It is located here:
|
|
|
|
```ad-path
|
|
/var/www/html/nextcloud/occ
|
|
```
|
|
|
|
The tool needs to be invoked by the "www-data" user and compiled with PHP:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo -u www-data php /var/www/html/nextcloud/occ
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
###### Generic commands
|
|
|
|
[[Nextcloud]] offers a simple description of all commands [here](https://docs.nextcloud.com/server/22/admin_manual/configuration_server/occ_command.html)
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
#### Data transfer
|
|
[[#^Top|TOP]]
|
|
After each data transfer, run the following command to refresh [[Nextcloud]]'s webapp:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo -u www-data php /var/www/html/nextcloud/occ files:scan --all
|
|
~~~
|
|
```
|
|
|
|
More info can be found [here](https://docs.nextcloud.com/server/22/admin_manual/configuration_server/occ_command.html)
|
|
|
|
 
|
|
|
|
##### Cloud2Cloud
|
|
[[#^Top|TOP]]
|
|
```ad-bug
|
|
title: Data transfer tool
|
|
[rclone](https://autoize.com/moving-data-from-cloud-to-cloud-with-rclone/)
|
|
```
|
|
|
|
rClone uses a simple config interface to configure remote hosts (including [[Nextcloud]]):
|
|
|
|
```ad-command
|
|
~~~bash
|
|
rclone config
|
|
~~~
|
|
```
|
|
|
|
The config data can be password-protected for security.
|
|
|
|
1. **Copy data**
|
|
|
|
```ad-command
|
|
~~~bash
|
|
rclone copy source:'datapath' dest:'datapath'
|
|
~~~
|
|
```
|
|
|
|
2. **Sync data**
|
|
|
|
```ad-command
|
|
~~~bash
|
|
rclone sync source:'datapath' dest:'datapath'
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
##### Upload from local
|
|
|
|
```ad-bug
|
|
[Curl](https://cylab.be/blog/33/how-to-upload-your-files-to-nextcloud-file-drop-using-curl)
|
|
[Nextcloud help](https://help.nextcloud.com/t/how-to-upload-and-share-file-automatically/19202)
|
|
```
|
|
|
|
 
|
|
|
|
##### Directories
|
|
[[#^Top|TOP]]
|
|
1. **Local file structure**
|
|
|
|
```ad-path
|
|
/var/www/html/nextcloud/data/USERNAME/files
|
|
```
|
|
|
|
2. **Webdav file structure**
|
|
|
|
```ad-path
|
|
/remote.php/dav/files/USERNAME
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
#### Nextcloud server hardening
|
|
[[#^Top|TOP]]
|
|
```ad-bug
|
|
title: Nextcloud tutorial
|
|
[Here](https://docs.nextcloud.com/server/latest/admin_manual/installation/harden_server.html)
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Pricing
|
|
[[#^Top|TOP]]
|
|
 
|
|
|
|
<mark class="green">Cloud Server</mark> | One-off cost | Recurring subscription p.a.
|
|
--------|---------------|:----------------------:
|
|
<p style="color:cyan">**Server hosting**</p> |   | *€15*
|
|
^CloudServerCost
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Tasks & Further steps
|
|
|
|
 
|
|
|
|
- [ ] [[Server Cloud]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2022-09-06
|
|
- [x] [[Server Cloud]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2022-03-11 ✅ 2022-03-11
|
|
- [x] [[Server Cloud]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-09-15 ✅ 2022-01-08
|
|
- [x] [[Server Cloud]]: Backup server 🔁 every 6 months on the 1st Tuesday ✅ 2021-09-14
|
|
- [x] Set-up landing page
|
|
|
|
[[#^Top|TOP]]
|
|
|
|
 
|
|
  |