John Galea's Blog

My blog on Gadgets and the like

Nextcloud VM install (final setup)

I’ve played a lot lately with Nextcloud and Owncloud, it’s been fun. So let’s quickly review. I really like the functionality you can achieve with Nextcloud, and it meets my basic needs once all of the additional functionality like email/calendar etc that I don’t want are removed. I’m looking simply for a self hosted, safe, secure drop box like space where prying eyes like Google are looking into my documents. The Nextcloud iOS app includes iPhone photo sync which was the killer feature that moved me from Owncloud. There are a number of ways you can install Owncloud/Nextcloud from a container, to a VM. I have not been able to get the container space to correctly map outside the OS drive, or other containers so there is the risk of users overflowing the available space. This can be managed through quotas at the OS and inside Nextcloud/Owncloud but this isn’t what I wanted. From a VM point of view I found an all in one install script from nextcloud, but as with anything like this, while it gets you up as painlessly as possible, it also will have a particular preferred method. For me, I didn’t like that they used Postgres (I prefer MySQL/MariaDB), and it used ZFS (instead of LVM) for the data drive. At some point I may need to extend the partition so I want to make that as painless as possible. I also tried the Owncloud VM template and hated that because it used, and exposed Univention, a container web front end. And so we have what I hope will be my final setup. So what I am wanting is Front end Apache, secured by SSL, Nextcloud with it’s data on it’s own drive, running on Ubuntu 20. I will then port forward this to my domain, since I have still been unable to find a way to reverse proxy this using a separate NGINX instance. Here’s how to get there. I will repeat myself a bit in the hope of this article being all inclusive.

First off install Ubuntu 20, and install ONLY SSH. There is an option at install time for Nextcloud but I’m not sure what that selects or does. I made the OS drive 20G which once installed leaves 13G free. I added a second drive which you can make any size and expand it in the future if need be. To do this you do the following from the OS. Partition the new drive using fdisk:

fdisk /dev/sdb

  • select n for new partition
  • select p for primary
  • accept all default for partition starting etc
  • select t to change this to a LVM drive
  • enter 8e to make it an LVM drive
  • select w to write it
  • quit fdisk
pvcreate /dev/sdb1
vgcreate nextclouddata /dev/sdb1
lvcreate -L 49.9G -n data nextclouddata
mkfs -t ext4 /dev/nextclouddata/data
next up you need a mount point for the new space:
mkdir /nextclouddata (or whatever you want)
vi /etc/fstab to add the mount point at boot
/dev/nextclouddata/data /nextclouddata  ext4 defaults 0 0

You can reboot to see if it maps correctly. 

Your now ready to start your install. First up you need to install a LAMP (Linux, Apache, MariaDB, PHP). This guide was perfect. At one point it talks about installing Apache for PHP-FPM, you can ignore this part of the guide. Personally, I already have a MySQL instance in the house so I will simply use that, so I don’t need to install MariaDB. Now your onto the Nextcloud install itself, which this guide . The configured default space is a little odd in that it mounts as owncloud.example.com. So I manually edited the config file vi /etc/apache2//sites-available/000-default.conf to look like this:

Listen 80
<VirtualHost *:80>
ServerAdmin webmaster@ssl-tutorials.com
DocumentRoot /var/www/nextcloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Your now ready to change the permissions on the mount point to allow Nextcloud to use this new LVM formatted drive for permissions.

chown www-data:root /nextclouddata
chmod 770 /nextclouddata

Your now ready to configure Nextcloud. hit http://ipaddress to get started. For me, I wanted to NOT install the standard code, wanted an external MySQL database, and wanted to mount the data to /nextclouddata created earlier. You do not need to do anything manually on the database, just give it your root or DBA account and it will create the database, create the account it will run on, and set everything up for you. It does NOT run as the DBA account you give it, so not to worry. Again remember to tick off the box install standard apps that’s just off this screenshot.

After a little bit of time Nextcloud is up ready for configuration. Logon with your admin account and configure the admin accounts email address by selecting settings. Then configure your email server settings, basic.

Be sure and test it out. Email is how your users are informed there account is setup, informed when something is shared with them, and how they can reset their own account. So this is a pretty important step to get done right up front. Next your going to want to go to the apps section and disable anything you don’t know you need. I also disabled the delete box to make sure anything deleted is gone immediately rather than be retained for 180 days or when the end user remembers to empty their deleted folder (sure they will remember ;)). I want the files on the server encrypted at rest so if Apache gets compromised, or SFTP gets hit the files are safe, so enable the default encryption module while your here. Your then ready to go to settings, security to enable server side encryption, read the warnings and move on …

I upload a file like a JPG into the file space, then use SFTP to go in and grab it out from under Nextcloud. If encryption is working correctly then this file will not be readable as a JPG, I like to test to be sure, as they say, trust but verify. Initial basic setup of the Nextcloud is now complete.

For me the next step is to add my own certs, but you could also use a self signed cert. The big issue with a self signed cert is users get an insecure warning and panic. So my own cert it is. You will need to add SSL support to apache by enabling the ssl module using the command a2enmod ssl and then editing your config file to point at your certs and change your port. You then need to go to your router to open up the port you chose. I know I’ve glossed over this last step but there are lots of guides and whomever you buy your cert will likely have an Apache config document. I bought mine from Positive SSL.

Update: I tripped over another great addition to my Nextcloud! using OnlyOffice I can add the abililty to create, and modify, spreadsheets, documents and presentations giving me Google Docs like functionality with local storage!. Installing it was pretty easy. First off you need to locate and edit your install.php file on your Nextcloud server to increase the timeout, seems OnlyOffice is BIG as called out in this post! Then it’s a simple two step process of installing the OnlyOffice plug in and then installing the document server as called out in this post.

I also discovered that Nextcloud supports WebDAV which can in turn be used to map a Nextcloud logon as a drive letter to a windows PC using windows explorer using add a custom network location. Which makes accessing your Nextcloud even more convenient, no web interface needed. And, anything saved is of course, encrypted at rest!

For a good giggle I took this and loaded it up on a VERY old dual core atom box with 4G of ram, and it ran perfectly fine. Encryption as you would expect was noticeably slower but otherwise …

I’ve been playing around with the right set of setting for properly backing up and iPhone’s pics. What I found is the best is to NOT select the default which is most compatible. That way live photos get left as HEICs. I also prefer to have them in their own folder on Owncloud so that the root doesn’t get cluttered, nor does your photo directory. And that way you can also have say another phone or tablet etc and have them all separate and not get merged. I also turned on maintain original filename to stop this from getting scrunched. With this I have an acceptable iPhone backup, off of iCloud with no limits but my own!

December 25, 2020 - Posted by | Uncategorized

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: