levlaz

Installing Nextcloud on a FreeBSD VPS

2016-09-01 Tags: freebsd

Introduction

Nextcloud is an exciting new fork of OwnCloud. I have been meaning to try it out lately and I finally got around to doing it. I picked Vultr{.add-link} for this instance since they have really affordable "Spinny Disk" instances starting at just \$5/mo for 125GB. The performance is noticeably slower than SSD, but if you are looking for a low cost place to store all of your files then this deal cannot be beat. Vultr also comes with full support for FreeBSD out of the box, which is a great choice for a system like this. The official Nextcloud documentation is wonderful, however it seems like it geared toward large multi-user installs. The purpose of this guide is to make it easy to install Nextcloud for a single (or just a few) user system. If you follow this guide you will have the latest stable version of Nextcloud with PHP7, Apache 2.4, MySQL 5.7 and Redis secured with LetsEncrypt on the latest stable version of FreeBSD.

Pre Requisites

In order to complete this guide successfully with a TLS enabled Nextcloud site you must have a domain name with DNS that successfully resolves to the IP address of your VPS Server.

Configuration Steps

  1. Launch a new Storage Instance in the DC of your choice. In my specific case I am running a 512MB RAM/125GB HD instance in the Los Angeles Data Center.
  2. SSH into the new VPS.
  3. Update and Upgrade BSD

    pkg update && pkg upgrade
    
    # [Optional] Install some helper packages
    pkg install vim-lite htop tmux
    
  4. Add some swap By default, the storage instance does not come with a swap partition, since I chose the smallest instance with 512MB of RAM, it is probably a good idea to add some swap because if the system ever runs out of memory the whole entire thing will come crashing down. You can read more about how to add swap in FreeBSD, but the gist of it is:

    # Create a 1GB sawp file
    dd if=/dev/zero of=/swap bs=1m count=1024
    
    # Set proper permissions on swap file
    chmod 600 /swap
    
    # Add swap to /etc/fstab
    md99    none    swap    sw,file=/swap,late  0   0
    
    # Turn swap on
    swapon -aL
    

    If everything was successful, running htop you should now see some swap space.

  5. Install and Configure BAMP Stack (BSD, Apache, MySQL, PHP) and Redis

    • Install all packages and dependencies

      pkg install apache24 mysql57-server redis php70 mod_php70 php70-pdo_mysql \
      php70-redis php70-gd php70-curl php70-json php70-zip php70-dom \
      php70-xmlwriter php70-xmlreader php70-xml php70-mbstring php70-ctype \
      php70-zlib php70-simplexml php70-hash php70-fileinfo php70-posix \
      php70-iconv php70-filter php70-openssl
      
    • Add Services to /etc/rc.conf

      # /etc/rc.conf
      
      ...
      apache24_enable="yes"
      mysql_enable="yes"
      redis_enable="yes"
      
    • Configure Apache Ensure that the rewrite and ssl modules are enabled (uncommented) in /usr/local/etc/apache24/httpd.conf.

      # /usr/local/etc/apache24/httpd.conf
      
      ...
      
      LoadModule ssl_module libexec/apache24/mod_ssl.so
      LoadModule rewrite_module libexec/apache24/mod_rewrite.so
      
      ...
      

      Add a PHP handler to /usr/local/etc/apache24/modules.d

      # /usr/local/etc/apache24/modules.d/001_mod_php.conf
      
      <FilesMatch "\.php$">
      SetHandler application/x-httpd-php
      </FilesMatch>
      <FilesMatch "\.phps$">
      SetHandler application/x-httpd-php-source
      </FilesMatch>
      
    • Configure MySQL Once MySQL has been added to /etc/rc.conf you can start it up by executing the following command in your shell:

      /usr/local/etc/rc.d/mysql-server start
      

      The first time MySQL runs it will create a root password which can be found in $HOME/.mysql_secret, use this password to log into MySQL, change the root password, and then create a new admin user for Nextcloud.

      # Grab the Root Password
      cat ~/.mysql-secret
      
      # Log into MySQL
      mysql -u root -p $PASSWORD # Password from previous step
      
      # Change the Root Password
      ALTER USER 'root'@'localhost' IDENTIFIED BY '$NEW_PASSWORD';
      
      # Create New Schema for Nextcloud
      CREATE DATABASE nextcloud;
      
      # Create New Admin User for Nextcloud
      CREATE USER 'nextcloud_admin'@'localhost' IDENTIFIED BY '$OTHER_NEW_PASSWORD';
      
      # Grant Permissions to the new Admin user to the Nextcloud Schema
      GRANT ALL ON nextcloud.* TO 'nextcloud_admin'@'localhost';
      
      # Refresh all Privileges
      FLUSH PRIVILEGES;
      
    • Configure Redis There are many different memory caching strategies for Nextcloud. I like using Redis for this sort of thing, you can chose whichever strategy you prefer. The following (optional) configuration will make redis run on a local socket instead of over TCP. This is better from a security perspective. Update /usr/local/etc/redis.conf to run on local socket

      # /usr/local/etc/redis.conf
      
      ...
      
      port 0
      ...
      
      unixsocket /tmp/redis.sock
      unixsocketperm 750
      

      Add www user to the wheel group so that it has permission to access this socket.

      pw groupmod wheel -m www
      

      Start Redis

      /usr/local/etc/rc.d/redis start
      

      If everything went well, you should see the redis socket in /tmp

      # ls -al /tmp
      total 48
      drwxrwxrwt   7 root   wheel  512 Sep  1 23:02 .
      drwxr-xr-x  18 root   wheel  512 Sep  1 22:03 ..
      
      ...
      
      srwxr-x---   1 redis  wheel    0 Sep  1 23:02 redis.sock
      
      ...
      
  6. Download Nextcloud We are almost there! The last few steps are to actually download and configure Nextcloud. You can get the latest version of Nextcloud from here.

    # Go to the default apache data directory
    cd /usr/local/www/apache24/data
    
    # Download Nextcloud
    wget https://download.nextcloud.com/server/releases/nextcloud-10.0.0.zip
    
    # Unzip Nextcloud
    unzip nextcloud-10.0.0.zip
    
    # Make sure the www user owns this directory
    chown -R www:www nextcloud
    
  7. Install and run certbot by LetsEncrypt The full instructions are available here but the gist is:

    # Install the Package
    pkg install py27-certbot
    
    # Generate the Cert
    certbot certonly
    

    Go through the certbot UI and fill out your site specific details. If all goes well you should see a message that says:

    Congratulations! Your certificate and chain have been saved at /usr/local/etc/letsencrypt/live/$YOUR_SITE/fullchain.pem

  8. Create a VirtualHost Configuration for Nextcloud Create a new file called $YOUR_SITE.conf in /usr/local/etc/apache24/Includes, the contents of this file should have a VirtualHost specification for your new Nextcloud site. The first VirtualHost will listen on port 80 and redirect all requests to HTTPS. The second VirtualHost will listen on port 443 and serve your actual Nextcloud site.

    <VirtualHost *:80>
      ServerAdmin $YOUR_EMAIL
      ServerName $YOUR_SITE
    
      RewriteEngine on
      RewriteCond %{SERVER_NAME} =$YOUR_SITE
      RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
      </VirtualHost>
    
    Listen 443
    
    <IfModule mod_ssl.c>
      <VirtualHost *:443>
        ServerAdmin $YOUR_EMAIL
        ServerName $YOUR_SITE
    
        DirectoryIndex index.php
        DocumentRoot /usr/local/www/apache24/data/nextcloud
        SSLCertificateFile /usr/local/etc/letsencrypt/live/$YOUR_SITE/fullchain.pem
        SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/$YOUR_SITE/privkey.pem
    
        SSLEngine on
    
        # Intermediate configuration, tweak to your needs
        SSLProtocol             all -SSLv2 -SSLv3
        SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
        SSLHonorCipherOrder     on
        SSLCompression          off
    
        SSLOptions +StrictRequire
    
        <Directory /usr/local/www/apache24/data/nextcloud>
          AllowOverride all
        </Directory>
    
        <IfModule mod_headers.c>
          Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
        </IfModule>
    
      </VirtualHost>
    </IfModule>
    

    Start apache with /usr/local/etc/rc.d/apache24 start

  9. Configure Nextcloud

    • Verify Installation Go to http://\$YOUR_SITE.com, verify that you get redirected to HTTPS and that the certificate shows up as valid.
    • Create Admin Account If this page loads properly, you should create an admin user, set the data directory location, and fill in the database credentials from step 5.

    • Tweak Config File We need to tweak the config file in order to enable Redis memory caching. Open up /usr/local/www/apache24/data/nextcloud/config/config.php and add:

      # /usr/local/www/apache24/data/nextcloud/config/config.php
      
      ...
      
      'memcache.locking' => '\\OC\\Memcache\\Redis',
      'memcache.local' => '\\OC\\Memcache\\Redis',
      'redis' =>
      array (
      'host' => '/tmp/redis.sock',
      'port' => 0,
      ),
      
    • Use System Cron Job By default NextCloud uses an AJAX cron, the performance is a bit better if you let the system cron handle this. Add the following to the crontab:

      # crontab -u www-data -e
      PATH=/usr/local/bin
      */15  *  *  *  * php -f /usr/local/www/apache24/data/nextcloud/cron.php
      

      Once this has been added, select Cron from Admin -> Settings

    • Enjoy Nextcloud That was a lot of steps, but now we have a private, self hosted, secure, and affordable Nextcloud instance. If you ran into any issues during installation please let me know in the comments below!

Next Steps

Comments (0)

Add Your Two Cents: