Nextcloud (Beta) · Whatbox

Wiki > Nextcloud (Beta)

Nextcloud is a self-hosted platform for sharing files and using other productivity applications on the web and mobile devices.

Pre-install notes

Caution: This install method relies on beta functionality.

While this should generally be stable, be warned that there could be breaking changes in the future.

Visit the BETA SSL page for your slot.
Click the "Setup Box" button if this is your first time.
Enter a personalized name for your Box which will be used as the ____.box.ca subdomain. Applications will be hosted under this subdomain, such as nextcloud.____.box.ca.
Press the "Setup" button and wait for the initial setup to complete.

Beta SSL Setup

Visit the BETA SSL page for your slot.
Click the "Add App" button to perform a custom app setup.
Read the terms and conditions for custom app setup.
Enter the child subdomain you want to use. For instance, entering nextcloud here will create http://nextcloud.____.box.ca.
Enter 443 for the port and click Save to add the app.

Nextcloud download

Choose a directory use for hosting the Nextcloud web interface. We'll be using ~/custom_webapps/nextcloud

Create the custom_webapps directory and change to it:

mkdir -p ~/custom_webapps /config/user/box/tmp/; cd ~/custom_webapps

Download the latest version from the Nextcloud install page.

wget https://download.nextcloud.com/server/releases/nextcloud-21.0.1.zip -O nextcloud-21.0.1.zip

Unzip it, creating the nextcloud directory

unzip nextcloud-21.0.1.zip

Custom Box configuration (nginx)

This is not officially supported by Whatbox and may break at any time

Edit the /config/user/box/apps/nextcloud_custom.conf file using your preferred editor. If you made the subdomain above something other than nextcloud, adjust this in the nextcloud_custom.conf filename.

Acknowledge the warning at the top of the file. Proceed at your own risk.

Do not make manual edits to this file. It is managed by Whatbox and changes will be overwritten automatically

Remove the existing section:

    location / {
        ...
    }

Replace it with the following, mirroring the Nextcloud install guide

    # Path to the root of your installation
    root /home/user/custom_webapps/nextcloud/;

    # Optional; uncomment to enable
    # access_log /config/user/box/apps/nextcloud_access.log;
    # error_log /config/user/box/apps/nextcloud_error.log warn;

    # Use PROXY protocol to find remote IP
    set_real_ip_from unix:;
    real_ip_header proxy_protocol;

    client_body_temp_path /config/user/box/tmp/client_body;
    proxy_temp_path /config/user/box/tmp/proxy;
    fastcgi_temp_path /config/user/box/tmp/fastcgi;
    uwsgi_temp_path /config/user/box/tmp/uwsgi;
    scgi_temp_path /config/user/box/tmp/scgi;

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Pagespeed is not supported by Nextcloud, so if your server is built
    # with the `ngx_pagespeed` module, uncomment this line to disable it.
    #pagespeed off;

    # HTTP response headers borrowed from Nextcloud `.htaccess`
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    # Handled above

    # Specify how to handle directories -- specifying `/index.php$request_uri`
    # here as the fallback means that Nginx always exhibits the desired behaviour
    # when a client requests a path that corresponds to a directory that exists
    # on the server. In particular, if that directory contains an index.php file,
    # that file is correctly served; if it doesn't, then the request is passed to
    # the front-end controller. This consistent behaviour means that we don't need
    # to specify custom rules for certain paths (e.g. images and other assets,
    # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
    # `try_files $uri $uri/ /index.php$request_uri`
    # always provides the desired behaviour.
    index index.php index.html /index.php$request_uri;

    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
    location = / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Make a regex exception for `/.well-known` so that clients can still
    # access it despite the existence of the regex rule
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

    # Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
    # which handle static assets (as seen below). If this block is not declared first,
    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
    # to the URI, resulting in a HTTP 500 error response.
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;

        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass unix:/home/user/.config/php-fpm/socket;

        # Already set globally
        # fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ \.(?:css|js|svg|gif)$ {
        try_files $uri /index.php$request_uri;
        expires 6M;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    location ~ \.woff2?$ {
        try_files $uri /index.php$request_uri;
        expires 7d;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    # Rule borrowed from `.htaccess`
    location /remote {
        return 301 /remote.php$request_uri;
    }

    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }

PHP configuration

Create the configuration directory. mkdir -p ~/.config/php-fpm
Create the configuration file. touch ~/.config/php-fpm/conf
Copy the contents below into the configuration file. Be sure to delete any spaces at the start of each line to prevent startup errors.

[global]
daemonize = yes
error_log = /home/user/.config/php-fpm/error.log

[www]
listen = /home/user/.config/php-fpm/socket

listen.owner = user
listen.group = user
listen.mode = 0600

pm = dynamic
pm.max_children = 20
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 5

Restart php-fpm: pkill -f php-fpm; php-fpm --fpm-config ~/.config/php-fpm/conf
Create the /config/user/box/fastcgi_params file with the following content:

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    WebServer;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;

TODO: Cron restart

Restart nginx:

pkill -f box/nginx; /usr/sbin/nginx -c /config/user/box/nginx.conf

MySQL / MariaDB database

Run the following to set up the initial database: /usr/bin/mariadb-install-db --user=$USER --auth-root-authentication-method=socket --datadir=/home/$USER/.config/mysql/data --basedir=/usr --skip-networking --socket=/home/$USER/.config/mysql/mysqld.sock --log-error=/home/$USER/.config/mysql/mysqld.err --pid-file=/home/$USER/.config/mysql/mariadb.pid

This will create two database users: root, and user. Processes running under the account user will be able to connect to MariaDB without requiring a password. Other users on the Whatbox server will not be able to connect to your database because it will only be listening on a socket, at /home/$USER/.config/mysql/mysqld.sock, rather than a TCP port.

TODO: Cron restart

Run the following to start mysqld: /usr/bin/mysqld_safe --skip-networking --socket=/home/$USER/.config/mysql/mysqld.sock --datadir=/home/$USER/.config/mysql/data --pid-file=/home/$USER/.config/mysql/mariadb.pid --log-error=/home/$USER/.config/mysql/mysqld.err --nowatch

If you need to connect to mysql, run the following: mysql --socket=/home/$USER/.config/mysql/mysqld.sock

Nextcloud

The Nextcloud install page should now be accessible. Visit the subdomain you created initially (nextcloud.____.box.ca) and you should be presented with the install page.

Select a username and password for the admin account. For best security, use a separate account for this. If you plan to regularly log in using the username user, consider using the following here:

Username: user_admin
Password: (Your choice)

Click Storage & Database to expand that section.

Data folder: /home/user/custom_webapps/nextcloud/data
Configure the database: Select MySQL/MariaDB
Database user: user
Database password: (Blank)
Database name: nextcloud
Database host: Change from localhost to localhost:/home/user/.config/mysql/mysqld.sock

Optionally, uncheck the box to install recommended apps.

Click Finish Setup. This will take a couple of minutes to complete.