Nexctloud is the most known opensource solution similar to google Drive. demo

Required

  • A running raspberry [Here](http://panoramix.chalier.ovh/tooling/basic-rpi)
  • The internet box should seta static local IP for the Pi
  • The ports 80, 443 on your internet box should be opened and rooted to your Pi.
  • The public IP of your internet is probably dynamic... Solution

Setup Nginx

You will first need to install Nginx. This is the equivalent of Apache, but more powerfull and recommanded for such kind of topics.

apt-get -y install nginx

nano /etc/nginx/nginx.conf

Setup PHP 7.3

Add the sources in this file:

nano /etc/apt/sources.list.d/10-buster.list

deb http://mirrordirector.raspbian.org/raspbian/ buster main contrib non-free rpi

Update all sources.

apt update Install this packet

sudo apt install -y -t buster php7.3-fpm php7.3-curl php7.3-gd php7.3-intl php7.3-mbstring php7.3-mysql php7.3-imap php7.3-opcache php7.3-sqlite3 php7.3-xml php7.3-xmlrpc php7.3-zip php7.3-bcmath php-apcu

php -v

Configure Nginx with this version of PHP

nano /etc/nginx/site-available/default

It should look like that:

server {

listen 80;

server_name localhost;

root /usr/share/nginx/html;

index index.php index.html index.htm;

location / { if ($request_uri ~ ^/(.*)\.html$) { return 302 /$1; } } error_page 500 502 503 504 /50x.html;

location = /50x.html { root /usr/share/nginx/html; }

location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$;

fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi_params; } }

 

Setup Database

Same than Nginx here. We will install MariaDB which is the recommanded fork of MySQL.

sudo apt-get install mariadb-server mariadb-client -y

sudo systemctl stop mariadb.service

sudo systemctl start mariadb.service

sudo systemctl enable mariadb.service

Then set the password

sudo mysql_secure_installation

Then you can restart the DB:

sudo systemctl stop mariadb.service

sudo systemctl start mariadb.service

sudo systemctl enable mariadb.service

And try to connect:

sudo mysql -u root -p

 

Download nextcloud

Download and unzip the last version of Nextcloud:

cd /var/www

wget https://download.nextcloud.com/server/releases/latest.tar.bz2

tar -xvf latest.tar.bz2

rm latest.tar.bz2*

Change the acces right for files and folders:

adduser --disabled-password --gecos "" nextcloud

chown -R nextcloud:www-data /var/www/nextcloud

chmod -R o-rwx /var/www/nextcloud

 

Domain name

First, you need to have a domain name available and a redirection to the server.

Create this file:

nano /etc/nginx/sites-available/nextcloud

And copy this inside:

upstream php-handler {

    server                        unix:/var/run/nextcloud.sock;

}

server {

    listen                        80;

    listen                        [::]:80;

    server_name                   cloud.mondomaine.com;

    return                        301 https://$server_name$request_uri;

}

server {

    listen                        443 ssl http2;

    listen                        [::]:443 ssl http2;

    server_name                   cloud.mondomaine.com;

    # Path to the root of your installation

    root                          /var/www/nextcloud/;

    ssl                           on;

    ssl_certificate               /etc/letsencrypt/live/cloud.mondomaine.com/fullchain.pem;

    ssl_certificate_key           /etc/letsencrypt/live/cloud.mondomaine.com/privkey.pem;

    ssl_trusted_certificate       /etc/letsencrypt/live/cloud.mondomaine.com/chain.pem;

    #ssl_dhparam                   /etc/ssl/certs/dhparam.pem;

    ssl_session_cache             shared:SSL:1m;

    ssl_session_timeout           1440m;

    ssl_buffer_size               8k;

    ssl_protocols                 TLSv1 TLSv1.1 TLSv1.2;

    ssl_ciphers                   'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED';

    ssl_prefer_server_ciphers     on;

    ssl_stapling                  on;

    ssl_stapling_verify           on;

    # Add headers to serve security related headers

    add_header                    X-Content-Type-Options nosniff;

    add_header                    X-XSS-Protection "1; mode=block";

    add_header                    X-Robots-Tag none;

    add_header                    X-Download-Options noopen;

    add_header                    X-Permitted-Cross-Domain-Policies none;

    add_header                    Strict-Transport-Security 'max-age=31536000; includeSubDomains;';

    location = /robots.txt {

        allow                     all;

        log_not_found             off;

        access_log                off;

    }

    location = /.well-known/carddav {

      return                      301 $scheme://$host/remote.php/dav;

    }

    location = /.well-known/caldav {

      return                      301 $scheme://$host/remote.php/dav;

    }

    # set max upload size

    client_max_body_size          512M;

    fastcgi_buffers               64 4K;

    # Enable gzip but do not remove ETag headers

    gzip                          on;

    gzip_vary                     on;

    gzip_comp_level               4;

    gzip_min_length               256;

    gzip_proxied                  expired no-cache no-store private no_last_modified no_etag auth;

    gzip_types                    application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    location / {

        rewrite                   ^ /index.php$uri;

    }

    location ~ ^/.well-known/acme-challenge/* {

        allow                     all;

    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {

        deny                      all;

    }

    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {

        deny                      all;

    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+).php(?:$|/) {

        fastcgi_split_path_info   ^(.+.php)(/.*)$;

        include                   fastcgi_params;

        fastcgi_param             SCRIPT_FILENAME $document_root$fastcgi_script_name;

        fastcgi_param             PATH_INFO $fastcgi_path_info;

        fastcgi_param             HTTPS on;

        #Avoid sending the security headers twice

        fastcgi_param             modHeadersAvailable true;

        fastcgi_param             front_controller_active true;

        fastcgi_pass              php-handler;

        fastcgi_intercept_errors  on;

        fastcgi_request_buffering off;

fastcgi_read_timeout      300;

    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {

        try_files                 $uri/ =404;

        index                     index.php;

    }

    # Adding the cache control header for js and css files

    # Make sure it is BELOW the PHP block

    location ~* .(?:css|js|woff|svg|gif)$ {

        try_files                 $uri /index.php$uri$is_args$args;

        add_header                Cache-Control "public, max-age=15778463";

        add_header                X-Content-Type-Options nosniff;

        add_header                X-XSS-Protection "1; mode=block";

        add_header                X-Robots-Tag none;

        add_header                X-Download-Options noopen;

        add_header                X-Permitted-Cross-Domain-Policies none;

        # Optional: Don't log access to assets

        access_log                off;

    }

    location ~* .(?:png|html|ttf|ico|jpg|jpeg)$ {

        try_files                 $uri /index.php$uri$is_args$args;

        # Optional: Don't log access to other assets

        access_log                off;

    }

}

 

 

 

 

Modify in the file:

server_name ==> **cloud.mondomaine.com**;

root ==> /var/www/nextcloud/;

Then restart nginx with this new config:

ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/nextcloud

systemctl restart nginx.service

systemctl restart php7.3-fpm.service

SSL

In order to get the HTTPS, you will to generate a certificat every months through let's encrypt service.

Install Certbot:

apt-get install -y software-properties-common

add-apt-repository ppa:certbot/certbot -y

apt-get update >apt-get install -y certbot check current certificat:

openssl x509 -noout -dates -in /etc/letsencrypt/live/**cloud.mondomaine.com**/cert.pem

Generate cetificat:

certbot certonly --webroot -w /var/www/nextcloud --agree-tos --no-eff-email --email **email@mondomaine.com** -d **cloud.mondomaine.com** --rsa-key-size 4096 Auto update certificat: in crontab add: every 2 months: >1 1 1 * *

service nginx stop && certbot -q renew && service nginx start

Hard drive

The best in nextcloud is to connect and external hardrive in order to have terabytes available for storage.

sudo -u www-data chown -R www-data:www-data /localdir sudo -u www-data chmod -R 0750 /localdir

Mail server

Optimisations

PHP

cache increase add in

/var/www/nextcloud/user.ini

Change or add this:

upload_max_filesize=10G

post_max_size=10G

memory_limit=512M

Timeout

nano /etc/php/7.0/fpm/pool.d/nextcloud.conf add

Change or add this:

request_terminate_timeout = 300

Then:

systemctl restart nginx.service

systemctl restart php7.0-fpm.service

Cache PHP

nano /etc/php/7.0/fpm/php.ini

Add at the end:

opcache.enable=1

opcache.enable_cli=1

opcache.interned_strings_buffer=8

opcache.max_accelerated_files=10000

opcache.memory_consumption=128 >opcache.save_comments=1

opcache.revalidate_freq=1

Then:

reboot

 

Redis

nano /var/www/nextcloud/config/config.php

Add this BEFORE the laste line: 

'memcache.local' => '\\OC\\Memcache\\APCu', > 'memcache.locking' => '\\OC\\Memcache\\Redis', > 'redis' => > array ( > 'host' => '/var/run/redis/redis.sock', > 'port' => 0, > 'timeout' => 0, > 'password' => '', > 'dbindex' => 0, > ),

 

Install Redis:

apt-get install redis-server -y

apt install php-redis -y

apt-get install php7.0-apcu -y

service php7.0-fpm restart

service nginx reload

Plugin to add

  • Calendar
  • Rainloop (for mail)
  • Phonetrack(for position)
  • Carnet (for notes)