Installing Nextcloud on a FreeBSD VPS

| bsd | software | foss |

Introduction

Nextcloud is an exciting new fork of OwnCloud. I have been meaning to try it out lately and I finally got around to doing it. I picked Vultr{.add-link} for this instance since they have really affordable "Spinny Disk" instances starting at just \$5/mo for 125GB. The performance is noticeably slower than SSD, but if you are looking for a low cost place to store all of your files then this deal cannot be beat. Vultr also comes with full support for FreeBSD out of the box, which is a great choice for a system like this. The official Nextcloud documentation is wonderful, however it seems like it geared toward large multi-user installs. The purpose of this guide is to make it easy to install Nextcloud for a single (or just a few) user system. If you follow this guide you will have the latest stable version of Nextcloud with PHP7, Apache 2.4, MySQL 5.7 and Redis secured with LetsEncrypt on the latest stable version of FreeBSD.

Pre Requisites

In order to complete this guide successfully with a TLS enabled Nextcloud site you must have a domain name with DNS that successfully resolves to the IP address of your VPS Server.

Configuration Steps

  1. Launch a new Storage Instance in the DC of your choice. In my specific case I am running a 512MB RAM/125GB HD instance in the Los Angeles Data Center.
  2. SSH into the new VPS.
  3. Update and Upgrade BSD
    pkg update && pkg upgrade
    

    [Optional] Install some helper packages

    pkg install vim-lite htop tmux

  4. Add some swap By default, the storage instance does not come with a swap partition, since I chose the smallest instance with 512MB of RAM, it is probably a good idea to add some swap because if the system ever runs out of memory the whole entire thing will come crashing down. You can read more about how to add swap in FreeBSD, but the gist of it is:
    # Create a 1GB sawp file
    dd if=/dev/zero of=/swap bs=1m count=1024
    

    Set proper permissions on swap file

    chmod 600 /swap

    Add swap to /etc/fstab

    md99 none swap sw,file=/swap,late 0 0

    Turn swap on

    swapon -aL

    If everything was successful, running htop you should now see some swap space.
  5. Install and Configure BAMP Stack (BSD, Apache, MySQL, PHP) and Redis
    • Install all packages and dependencies
      pkg install apache24 mysql57-server redis php70 mod_php70 php70-pdo_mysql \
      php70-redis php70-gd php70-curl php70-json php70-zip php70-dom \
      php70-xmlwriter php70-xmlreader php70-xml php70-mbstring php70-ctype \
      php70-zlib php70-simplexml php70-hash php70-fileinfo php70-posix \
      php70-iconv php70-filter php70-openssl
      
    • Add Services to /etc/rc.conf
      # /etc/rc.conf
      

      … apache24_enable=“yes” mysql_enable=“yes” redis_enable=“yes”

    • Configure Apache Ensure that the rewrite and ssl modules are enabled (uncommented) in /usr/local/etc/apache24/httpd.conf.
      # /usr/local/etc/apache24/httpd.conf
      

      LoadModule ssl_module libexec/apache24/mod_ssl.so LoadModule rewrite_module libexec/apache24/mod_rewrite.so

      Add a PHP handler to /usr/local/etc/apache24/modules.d
      # /usr/local/etc/apache24/modules.d/001_mod_php.conf
      

      <FilesMatch ".php$"> SetHandler application/x-httpd-php </FilesMatch> <FilesMatch ".phps$"> SetHandler application/x-httpd-php-source </FilesMatch>

    • Configure MySQL Once MySQL has been added to /etc/rc.conf you can start it up by executing the following command in your shell:
      /usr/local/etc/rc.d/mysql-server start
      
      The first time MySQL runs it will create a root password which can be found in $HOME/.mysql_secret, use this password to log into MySQL, change the root password, and then create a new admin user for Nextcloud.
      # Grab the Root Password
      cat ~/.mysql-secret
      

      Log into MySQL

      mysql -u root -p $PASSWORD # Password from previous step

      Change the Root Password

      ALTER USER ‘root’@’localhost’ IDENTIFIED BY ‘$NEW_PASSWORD’;

      Create New Schema for Nextcloud

      CREATE DATABASE nextcloud;

      Create New Admin User for Nextcloud

      CREATE USER ’nextcloud_admin’@’localhost’ IDENTIFIED BY ‘$OTHER_NEW_PASSWORD’;

      Grant Permissions to the new Admin user to the Nextcloud Schema

      GRANT ALL ON nextcloud.* TO ’nextcloud_admin’@’localhost’;

      Refresh all Privileges

      FLUSH PRIVILEGES;

    • Configure Redis There are many different memory caching strategies for Nextcloud. I like using Redis for this sort of thing, you can chose whichever strategy you prefer. The following (optional) configuration will make redis run on a local socket instead of over TCP. This is better from a security perspective. Update /usr/local/etc/redis.conf to run on local socket
      # /usr/local/etc/redis.conf
      

      port 0 …

      unixsocket /tmp/redis.sock unixsocketperm 750

      Add www user to the wheel group so that it has permission to access this socket.
      pw groupmod wheel -m www
      
      Start Redis
      /usr/local/etc/rc.d/redis start
      
      If everything went well, you should see the redis socket in/tmp
      # ls -al /tmp
      total 48
      drwxrwxrwt   7 root   wheel  512 Sep  1 23:02 .
      drwxr-xr-x  18 root   wheel  512 Sep  1 22:03 ..
      

      srwxr-x— 1 redis wheel 0 Sep 1 23:02 redis.sock

  6. Download Nextcloud We are almost there! The last few steps are to actually download and configure Nextcloud. You can get the latest version of Nextcloud from here.
    # Go to the default apache data directory
    cd /usr/local/www/apache24/data
    

    Download Nextcloud

    wget https://download.nextcloud.com/server/releases/nextcloud-10.0.0.zip

    Unzip Nextcloud

    unzip nextcloud-10.0.0.zip

    Make sure the www user owns this directory

    chown -R www:www nextcloud

  7. Install and run certbot by LetsEncrypt The full instructions are available here but the gist is:
    # Install the Package
    pkg install py27-certbot
    

    Generate the Cert

    certbot certonly

    Go through the certbot UI and fill out your site specific details. If all goes well you should see a message that says:
    Congratulations! Your certificate and chain have been saved at/usr/local/etc/letsencrypt/live/$YOUR_SITE/fullchain.pem
  8. Create a VirtualHost Configuration for Nextcloud Create a new file called $YOUR_SITE.conf in /usr/local/etc/apache24/Includes, the contents of this file should have a VirtualHost specification for your new Nextcloud site. The first VirtualHost will listen on port 80 and redirect all requests to HTTPS. The second VirtualHost will listen on port 443 and serve your actual Nextcloud site.
    <VirtualHost *:80>
      ServerAdmin $YOUR_EMAIL
      ServerName $YOUR_SITE
    

    RewriteEngine on RewriteCond %{SERVER_NAME} =$YOUR_SITE RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] </VirtualHost>

    Listen 443

    <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin $YOUR_EMAIL ServerName $YOUR_SITE

    DirectoryIndex index.php
    DocumentRoot /usr/local/www/apache24/data/nextcloud
    SSLCertificateFile /usr/local/etc/letsencrypt/live/$YOUR_SITE/fullchain.pem
    SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/$YOUR_SITE/privkey.pem
    
    SSLEngine on
    
    # Intermediate configuration, tweak to your needs
    SSLProtocol             all -SSLv2 -SSLv3
    SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    SSLHonorCipherOrder     on
    SSLCompression          off
    
    SSLOptions +StrictRequire
    
    <span class="nt">&lt;Directory</span> <span class="err">/usr/local/www/apache24/data/nextcloud</span><span class="nt">&gt;</span>
      AllowOverride all
    <span class="nt">&lt;/Directory&gt;</span>
    
    <span class="nt">&lt;IfModule</span> <span class="err">mod_headers.c</span><span class="nt">&gt;</span>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    <span class="nt">&lt;/IfModule&gt;</span>
    

    </VirtualHost> </IfModule>

    Start apache with /usr/local/etc/rc.d/apache24 start
  9. Configure Nextcloud
    • Verify Installation Go to https://\$YOUR_SITE.com, verify that you get redirected to HTTPS and that the certificate shows up as valid.
    • Create Admin Account If this page loads properly, you should create an admin user, set the data directory location, and fill in the database credentials from step 5.
    • Tweak Config File We need to tweak the config file in order to enable Redis memory caching. Open up/usr/local/www/apache24/data/nextcloud/config/config.php and add:
      # /usr/local/www/apache24/data/nextcloud/config/config.php
      

      ‘memcache.locking’ => ‘\OC\Memcache\Redis’, ‘memcache.local’ => ‘\OC\Memcache\Redis’, ‘redis’ => array ( ‘host’ => ‘/tmp/redis.sock’, ‘port’ => 0, ),

    • Use System Cron Job By default NextCloud uses an AJAX cron, the performance is a bit better if you let the system cron handle this. Add the following to the crontab:
      # crontab -u www-data -e
      PATH=/usr/local/bin
      */15  *  *  *  * php -f /usr/local/www/apache24/data/nextcloud/cron.php
      
      Once this has been added, select Cron from Admin -> Settings
    • Enjoy Nextcloud That was a lot of steps, but now we have a private, self hosted, secure, and affordable Nextcloud instance. If you ran into any issues during installation please let me know in the comments below!

Next Steps

Thank you for reading! Share your thoughts with me on mastodon or via email.

Check out some more stuff to read down below.

Most popular posts this month

Recent Favorite Blog Posts

This is a collection of the last 8 posts that I bookmarked.

Articles from blogs I follow around the net

Supermicro NVIDIA GB200 NVL72 System at Computex 2024

We checked out the Supermicro NVIDIA GB200 NVL72 rack at Computex 2024. This is a prime example of why power is becoming such a big deal The post Supermicro NVIDIA GB200 NVL72 System at Computex 2024 appeared first on ServeTheHome.

via ServeTheHome July 22, 2024

Forum

Community is one of the main topics I touch on here. My community, my social media is an email and iMessage, but I thought I could do more. I did such an experiment last year and I quit soon after. I don't think I was ready for it. Today I still don&#…

via Michal Zelazny July 21, 2024

Weekly Update 409

It feels weird to be writing anything right now that isn't somehow related to Friday's CrowdStrike incident, but given I recorded this video just a few hours before all hell broke loose, it'll have to wait until next week. This week, the issue…

via Troy Hunt July 21, 2024

Generated by openring