SecBSD/ports
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ports/www/nextcloud/pkg/README

255 lines
7.8 KiB
Text
Raw Blame History

+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------
Nextcloud is installed under
${TINSTDIR}
Official documentation is available at:
https://docs.nextcloud.com/server/${MAJOR}/admin_manual/
Post-installation instructions
==============================
*** It is highly recommended to use SSL on the webserver (HTTPS).
chroot(2)
---------
When running Nextcloud under a chrooted environment, make sure to read the
"PHP's OpenSSL functions" section of:
${LOCALBASE}/share/doc/pkg-readmes/php-${MODPHP_VERSION}
The HTTP server must be able to resolve hostnames:
# mkdir -p /var/www/etc
# cp /etc/resolv.conf /var/www/etc
The configuration of an SQLite database path is set relatively to the chroot in
Nextcloud which will break background jobs run by cron(8) (see below).
A symlink can be created to workaround this issue:
# ln -sf ${TINSTDIR} /nextcloud
OpenBSD HTTP daemon
-------------------
httpd(8) example configuration for Nextcloud:
---8<---------------------------------------------------------------------------
server "domain.tld" {
listen on egress tls port 443
hsts max-age 15768000
tls {
certificate "/etc/ssl/domain.tld_fullchain.pem"
key "/etc/ssl/private/domain.tld_private.pem"
}
# Set max upload size to 513M (in bytes)
connection max request body 537919488
connection max requests 1000
connection request timeout 3600
connection timeout 3600
block drop
# Ensure that no '*.php*' files can be fetched from these directories
location "/nextcloud/config/*" {
block drop
}
location "/nextcloud/data/*" {
block drop
}
# Note that this matches "*.php*" anywhere in the request path.
location "/nextcloud/*.php*" {
root "/nextcloud"
request strip 1
fastcgi socket "/run/php-fpm.sock"
pass
}
location "/nextcloud/apps/*" {
root "/nextcloud"
request strip 1
pass
}
location "/nextcloud/dist/*" {
root "/nextcloud"
request strip 1
pass
}
location "/nextcloud/core/*" {
root "/nextcloud"
request strip 1
pass
}
location "/nextcloud" {
block return 301 "$DOCUMENT_URI/index.php"
}
location "/nextcloud/" {
block return 301 "$DOCUMENT_URI/index.php"
}
location "/.well-known/carddav" {
block return 301 "https://$SERVER_NAME/nextcloud/remote.php/dav"
}
location "/.well-known/caldav" {
block return 301 "https://$SERVER_NAME/nextcloud/remote.php/dav"
}
location "/.well-known/webfinger" {
block return 301 "https://$SERVER_NAME/nextcloud/public.php?service=webfinger"
}
location match "/nextcloud/oc[ms]%-provider/*" {
directory index index.php
pass
}
}
---8<---------------------------------------------------------------------------
nginx
-----
See:
https://docs.nextcloud.com/server/${MAJOR}/admin_manual/installation/nginx.html
Apache HTTPD
------------
Apache configuration for Nextcloud is stored under:
${TRUEPREFIX}/conf/modules.sample/apache-nextcloud.conf
It needs to be enabled by running the following command after the apache-httpd
package is installed:
# ln -s ../modules.sample/apache-nextcloud.conf ${TRUEPREFIX}/conf/modules
# rcctl restart apache2
The rewrite_module needs to be enabled by uncommenting the following line in
${SYSCONFDIR}/apache2/httpd2.conf:
#LoadModule rewrite_module /usr/local/lib/apache2/mod_rewrite.so
PHP
---
Default PHP values for Apache are set under:
${TINSTDIR}/.htaccess
${TINSTDIR}/config/.htaccess
OpenBSD HTTP daemon users can match these .htaccess file values by editing
${SYSCONFDIR}/php-${MODPHP_VERSION}.ini or ${SYSCONFDIR}/php-fpm.conf.
nginx users can match these .htaccess file values by configuring fastcgi_param
with a PHP_VALUE in ${SYSCONFDIR}/nginx/nginx.conf.
For enhanced performance, a PHP opcode cache can be used (built-in to PHP 5.5+,
enable "opcache.ini" to use it).
Recommended values for ${SYSCONFDIR}/php-${MODPHP_VERSION}.ini:
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
Database configuration
----------------------
See the following URL for setting up a database for Nextcloud:
https://docs.nextcloud.com/server/${MAJOR}/admin_manual/configuration_database/linux_database_configuration.html
Nextcloud can work with a PostgreSQL, MariaDB or SQLite3 database. The
corresponding package needs to be installed *before* setting up Nextcloud:
php-pdo_sqlite, php-pdo_pgsql or php-pdo_mysql
Configuration file
------------------
Configuration is done under:
${TINSTDIR}/config/config.php
and the default "datadirectory" is set to:
${TINSTDIR}/data
When running chrooted, ${TRUEPREFIX} must be stripped from the paths.
Cron job
--------
Nextcloud needs to run background jobs on a regular basis. By default, it will
execute one task with each page loaded ("AJAX" option in the admin interface).
The prefered way is to use a cron(8) job instead.
(see https://<hostname>/nextcloud/index.php/settings/admin#backgroundjobs)
e.g.
*/15 * * * * su -m www -c "${MODPHP_BIN} -f ${TINSTDIR}/cron.php"
Memory caching and file locking
-------------------------------
Nextcloud server performance can be significantly improved with memory caching
and memory-based locking. Distributed caching and Transactional File Locking is
provided by Redis, an in-memory data structure store. More information and
configuration example are available at:
https://docs.nextcloud.com/server/${MAJOR}/admin_manual/configuration_server/caching_configuration.html#id4
TL;DR
You need a redis server running (available in the redis package) then adapt and
append the following to:
${TINSTDIR}/config/config.php
'filelocking.enabled' => true,
'memcache.local' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
'timeout' => 0.0,
'password' => '', // Optional, if not defined no password will be used.
),
Authentication backends
-----------------------
When using a non-default user authentication backend (LDAP, IMAP, ...), extra
packages may be needed (e.g. php-ldap, php-imap).
Finishing and validating the installation
-----------------------------------------
Make sure the web server can resolve its hostname (e.g. if chrooted, by creating
${TRUEPREFIX}/etc/hosts and/or ${TRUEPREFIX}/etc/resolv.conf).
Create the file "CAN_INSTALL" to allow web-based installation:
# touch ${TINSTDIR}/config/CAN_INSTALL
Accessing https://<hostname>/nextcloud with a Web browser will finish the
installation and create a new admin user.
Updating
========
Before updating to a new release, read:
https://docs.nextcloud.com/server/${MAJOR}/admin_manual/maintenance/upgrade.html
To update from one major version to the next, "pkg_delete nextcloud"
and then "pkg_add nextcloud", choosing the next major version from
the list.
Nextcloud updates are only supported from one major version to the
next (23->24, 24->25, etc) and the release schedule does not align
nicely with OpenBSD's. To avoid an unsupported upgrade path, be sure
to update to the highest available Nextcloud major version before
upgrading to a new OpenBSD release.
WebDAV access
=============
The personal WebDAV share can be accessed using the following URL (e.g. with
Nautilus, Thunar or Doplhin) and the corresponding user and password for the
share:
https://<hostname>/nextcloud/remote.php/webdav/
Synchronization
===============
The "nextcloudclient" package (net/nextcloudclient) is a graphical (Qt)
application to synchronize with a Nextcloud server.
Apps and dependencies
=====================
To keep dependencies to a minimum, not all dependencies for all installed apps
are enforced. It is the job of the administrator to manually install required
packages according to the non-default apps (s)he wants to enable.
Reference in a new issue View git blame Copy permalink