This is a how to install Nextcloud 12.3 with all checks passed on FreeNAS 11.
This is a rewrite of the original post https://forums.freenas.org/index.php?threads/how-to-nextcloud-10-w-apache-php-and-mariadb.46111/ with a few added adjustments where needed to make this fully functional.
I know this works as I have re-emulated this 4 times today to insure its accuracy
Somethings may need to be edited based upon volume name but for the most part plug and play
a great thanks to nathank1989 and all of those that have contributed.
Creating the Dataset & Jail
Create Dataset
Within FreeNAS Userspace:
Storage > Create ZFS Dataset
Code:Dataset Name = files Compression level = lz4 Enable atime = Off All other options default
SQL Data
Code:Dataset Name = db Compression level = zle Enable atime = Off Record Size = 16K (Under Advanced Mode) All other options default
Add New user in FreeNAS space:
Code:Username: mysql Shell: nologin Full Name: SQL User Password: anything
From the Storage Tab
Change Permissions On your Storage volume that houses your jail -> should look similar to this>>> /mnt/your drive name/db
Code:Owner: mysql Owner: mysql Set permission recursively
Create a Jail
Jails > Add Jail
Jail Name: nextcloud
Code:Template: "------" IPv4 Address: 192.168.1.99 IPv4 Subnet: 255.255.255.0 Leave all else default
Ensure VIMAGE is checked*
*Unless you have and want to use a separate and dedicated NIC for the jail. The MoBo I use comes with additional network ports.
Add Storage to the same jail you just created
Jail: nextcloud
Code:Source = /mnt/Cloud/files Destination = /mnt/files
Jail: nextcloud
Code:Source = /mnt/Cloud/db Destination = /var/db/mysql
Setting primary cache In FreeNAS UserSpace Shell
$zfs set primarycache=metadata Cloud/db
F.A.M.P Installation
In this section we are going to install F.A.M.P, an iteration of LAMP (Linux, Apache, MySQL, PHP). I chose this because I, personally, haven't had much luck with nginx or lighttp. Another guide suggested lighttp and sqlite, but those might not hold up to a good amount of users storing a bit of data.
The setup is:
FreeBSD 11.0
Apache 2.4
MariaDB 10.1
PHP 7.0 or 7.1 **Do NOT install PHP7.2 - Nexcloud is absolutely incompatible with this version as of this writing **
This provides the basis for our webserving jail.
via putty ssh into the jail
From FreeNAS user space run command:
JLS
you will then see your jails, the run commander jexec "And the number of you jail" (example) "jexec 2"
Before we get started, let's add a few necessary packages as they aren't currently installed.
$portsnap fetch extract
$pkg install nano wget sudo
We will install each part of FAMP one-by-one. FreeBSD is the Operating system so good to go on that!
Install Apache 2.4
$pkg install apache24
Setup in rc.conf
$sysrc apache24_enable=yes
Start Apache
$service apache24 start
Okay lets Check to see that it works!!!!
open a web browser on a local machine (preferably the machine your on) on your network
Navigate to http://your_jails_ip and you should see the text "It Works!"
Install MariaDB 10.1
$pkg install mariadb101-server
Setup in rc.conf
$sysrc mysql_enable=yes
Start MySQL Service
$service mysql-server start
Run Wizard Script
$mysql_secure_installation
For this step read and follow prompts.
By default there is no root password, (you must create a new one when promted
just hit enter, and answer Y to all the following questions.
Login to MySQL, create Nextcloud DB and User
$mysql -u root -p
Enter the password you made for root during MariaDB 10.1 setup.
Enter each of these commands one-by-one, and make sure to include the semi-colon ;
Code:CREATE DATABASE nextcloud; CREATE USER 'nextcloud_admin'@'localhost' IDENTIFIED BY 'MAKEUP-YOUR-OWN-PASSWORD'; GRANT ALL ON nextcloud.* TO 'nextcloud_admin'@'localhost'; FLUSH PRIVILEGES; exit
Replace MAKEUP-YOUR-OWN-PASSWORD with a password of your choosing. You need this for the NextCloud setup.
PHP 7.0
Install PHP and associated modules
Code:pkg install redis php70 php70-bz2 php70-ctype php70-curl php70-dom php70-exif php70-fileinfo php70-filter php70-gd php70-hash php70-iconv php70-intl php70-json php70-mbstring php70-mcrypt php70-pdo_mysql php70-openssl php70-posix php70-session php70-simplexml php70-xml php70-xmlreader php70-xmlwriter php70-xsl php70-wddx php70-zip php70-zlib php70-opcache mod_php70
or perhaps you prefer
php 7.1
Install PHP and associated modules
Code:pkg install redis php71-ctype php71-dom php71-gd php71-iconv php71-json php71-mbstring php71-posix php71-simplexml php71-xmlreader php71-xmlwriter php71-zip php71-zlib php71-pdo_mysql php71-hash php71-xml php71-session php71-mysqli php71-wddx php71-xsl php71-filter php71-curl php71-fileinfo php71-bz2 php71-intl php71-mcrypt php71-openssl php71-ldap php71-ftp php71-imap php71-exif php71-gmp php71-memcache php71-opcache php71-pcntl php71 mod_php71
$sysrc 'mysql_enable=YES' 'redis_enable=YES'
Configuring Apache for PHP7
Ensure that the rewrite and ssl modules are enabled (uncommented) in /usr/local/etc/apache24/httpd.conf.
$nano /usr/local/etc/apache24/httpd.conf
in the httpd.conf file search for "ssl_module" by using the bellow command
To search the document
Code:ctrl+w
Then enter the name of the file you want to search within the document
Code:ssl_module
To execute the command simply press enter it will find the filename
while still in the same document "httpd.conf"
Uncomment these 2 lines (delete the # at the start of the line) so it looks like this:
Code:LoadModule ssl_module libexec/apache24/mod_ssl.so LoadModule rewrite_module libexec/apache24/mod_rewrite.so
Remove php5 (if it exist)
Code:Find & Remove this >> LoadModule php5_module libexec/apache24/libphp5.so Replace with >> LoadModule php7_module libexec/apache24/libphp7.so
Add php7:
Code:If you can't find libphp5.so, just add LoadModule php7_module libexec/apache24/libphp7.so to the last of the LoadModule section; right above where it says # Third party modules IncludeOptional ...
while working in the same file after this line
Code:LoadModule php7_module libexec/apache24/libphp7.so
Add this
Code:<IfModule php7_module> <FilesMatch "\.(php|phps|php7|phtml)$"> SetHandler php7-script </FilesMatch> DirectoryIndex index.php </IfModule>
While still in the same file search for:
Code:<IFModule mime_module>
Then Insert this code directly under:
Code:AddType application/x-httpd-php-source .phps AddType application/x-httpd-php .php
Save & quit
Code:ctl+x y enter
Double check that you see libphp7.so in /usr/local/libexec/apache24
to do this simply search by executing the following commander
$find /usr -name libphp7.so
it should give you this feedback
Code:/usr/local/libexec/apache24/libphp7.so
if it does this lets move on!!!!!!!
now lets add a PHP handler
Code:# cd /usr/local/etc/apache24/modules.d # touch /usr/local/etc/apache24/modules.d/001_mod_php.conf # nano /usr/local/etc/apache24/modules.d/001_mod_php.conf
Paste this test in the 001_mod_php.conf file:
Code:<FilesMatch "\.php$"> SetHandler application/x-httpd-php </FilesMatch> <FilesMatch "\.phps$"> SetHandler application/x-httpd-php-source </FilesMatch>
Save & Exit
Once you're done save and close
Code:CTRL+x, Y, ENTER
Restart apache
service apache24 restart
Configure PHP.INI
Code:$ cd /usr/local/etc $ cp php.ini-production php.ini $ nano /usr/local/etc/php.ini
Code:find cgi.fix_pathinfo=0 change from =0 to =1 find date.timezone = Change to your timezone (America/New_York) [ SEE: http://php.net/manual/en/timezones.php ] find post_max_size= change it to 1999M find upload_max_size= change to 1999M
then uncomment and update the below values to match: (uncomment means to remove the # symbol before any line
Code:opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1
CTRL+X, Y, ENTER
Restart Apache
$service apache24 restart
Testing with PHPINFO()
Navigate to /usr/local/www/apache24/data/
Code:$ cd /usr/local/www/apache24/data $ touch info.php $ nano info.php
Paste the below code into the info.php file
Code:<?php // Show all information, defaults to INFO_ALL phpinfo(); ?>
Save & Exit
Navigate to http://your jails ip/info.php
You should see a full page with all the information regarding your PHP installation.
Now lets Configure REDIS
The purpose is to update redis.conf to run on local socket
Execute command:
Code:nano /usr/local/etc/redis.conf
In the redis.conf file find the value
Code:"port" and change it from its default value to 0
uncomment by removing the ; symbol from in front of the below values and edit to match
Code:unixsocket /tmp/redis.sock unixsocketperm 777
Add REDIS to rc.conf
$Code:sysrc redis_enable=yes
Start REDIS
$Code:service redis start
To run redis on a local socket,
Run
ls -al /tmp
you should see redis.sock and mysql.sock in the feedback list.
If you see those two, you're ALMOST DONE!!
Now lets Install NextCloud 12.3
before downloading NextCloud 12.3 navigate to the default apache data directory
$Code:cd /usr/local/www/apache24/data
Download Nextcloud:
wget https://download.nextcloud.com/server/releases/nextcloud-12.0.3.zip
Unzip Nextcloud:
$unzip nextcloud-12.0.3.zip
Give correct owner/ or rather modify the folder permissions:
Code:chown -R www:www /usr/local/www/apache24/data/nextcloud /mnt/files
Add virtual Host info :
Navigate to: /usr/local/etc/apache24/Includes
Code:cd /usr/local/etc/apache24/Includes
Touch file: (I used a cloud.* subdomain, if you're not using a sub, remove the 'cloud.')
$ touch YOURDOMAIN.com or org or gov.conf
$ nano YOURDOMAIN*
make your secure file in this format (simply copy and paste):
Be sure to edit the YOURSITE.COM part of the below file with your domain info
(Example) if your domain is "tocool.no-ip.org" enter that and the domain name matches your touch file name.
Code:<VirtualHost *:80> DocumentRoot "/usr/local/www/apache24/data/nextcloud" ServerName YOURSITE.com RewriteEngine on RewriteCond %{SERVER_NAME} =YOURSITE.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] #ErrorLog ${APACHE_LOG_DIR}/error.log #CustomLog ${APACHE_LOG_DIR}/access.log combined <Directory /usr/local/www/apache24/data/nextcloud/> Options +FollowSymlinks AllowOverride All <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /usr/local/www/apache24/data/nextcloud SetEnv HTTP_HOME /usr/local/www/apache24/data/nextcloud Satisfy Any </Directory> </VirtualHost>
Restart Apache:
$service apache24 restart
Navigate to the website
http://your jails ip/
You should now see the setup screen for NextCloud!!
If you do, give yourself a pat on the back. Now for the last steps...
NextCloud WebUI
Set up your admin account with a username and password you choose.
Storage & database
Code:Data folder = /mnt/files
Code:Database user = nextcloud_admin Database password = MADEUP_PASSWORD_FROM_BEFORE Database name = nextcloud Database host = localhost:/tmp/mysql.sock
Now lets prepare the secure part of your domain file:
Navigate to: /usr/local/etc/apache24/Includes
Code:cd /usr/local/etc/apache24/Includes nano YOURDOMAIN*
Copy and paste under the previously entered info
Code:<VirtualHost *:443> ServerAdmin YOUREMAIL ServerName YOURSITE.COM DirectoryIndex index.php DocumentRoot /usr/local/www/apache24/data/nextcloud SSLCertificateFile /usr/local/etc/letsencrypt/live/YOURSITE.COM/fullchain.pem SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/YOURSITE.COM/privkey.pem SSLEngine on # Intermediate configuration, tweak to your needs SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on SSLCompression off SSLOptions +StrictRequire <Directory /usr/local/www/apache24/data/nextcloud> AllowOverride all </Directory> <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" </IfModule> </VirtualHost>
Lets Cache!!!
to setup a complete cache with redis and apcu:
Code:cd pkg install p5-Locale-gettext help2man texinfo m4 autoconf make config-recursive install -C /usr/ports/databases/pecl-redis make config-recursive install -C /usr/ports/devel/pecl-APCu
then execute the following commands:
for php 7.0 and php 7.1
Code:$ su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"' $ su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"' $ su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"' $ su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set redis port --value=0 --type=integer'
Additional steps for php 7.1
Navigate to:
nano /usr/local/www/apache24/data/nextcloud/config/config.php
Then change:
'memcache.local' => '\\OC\\Memcache\\APCu',
to
'memcache.local' => '\\OC\\Memcache\\Redis',
service apache24 restart
Lets fix some annoying apache errors!
to get rid of the below error message when restarting apache do the following:
Code:AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message Syntax OK Stopping apache24. Waiting for PIDS: 80591. Performing sanity check on apache24 configuration: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message Syntax OK Starting apache24. AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message when stating apache do the following:
Run command:
nano /usr/local/etc/apache24/httpd.conf
Search for "servername" it will look like the below, enter your jails ipaddress xxx.xxx.x.xxx:80
Code:# ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # # If your host doesn't have a registered DNS name, enter its IP address here.ServerName your jails ip:80
<<<<<<<put your serving machines ip address
uncomment the ServerName line (uncomment simply means to remove the # or ; symbol from the front of any line) and wala message will be fixed.
restart apache
service apache24 restart
To add Domains that can connect from outside the lan:
navigate to: /usr/local/www/apache24/data/nextcloud/config/config.php
Code:nano /usr/local/www/apache24/data/nextcloud/config/config.php
The file will look like the below:
Code:<?php $CONFIG = array ( 'instanceid' => 'ocwo6kfuc3ve', 'passwordsalt' => '9s6vbvue6FZ3g2AklNJS4Y3S4Y3FG1', 'secret' => 'gzWPI+QgwkIKkYQwmgfGk7oGW87N/jaytyODIEgVfBjCek0y', 'trusted_domains' => array ( 0 => '192.168.1.30', 1 => 'coolp.to.org',<<<add just like this ), 'datadirectory' => '/usr/local/www/apache24/data/nextcloud/data', 'overwrite.cli.url' => 'http://192.168.1.30', 'dbtype' => 'mysql', 'version' => '12.0.3.3', 'dbname' => 'nextcloud', 'dbhost' => 'localhost:/tmp/mysql.sock', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => 'nextcloud_admin', 'dbpassword' => 'maria10 database password', 'installed' => true, 'memcache.local' => '\\OC\\Memcache\\APCu', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'redis' => array ( 'host' => '/tmp/redis.sock',
restart apache using the following command:
service apache24 restart
I cant use VI, its too cryptic so I choose to use nano to set cron jobs, to do so execute the following:
Code:setenv VISUAL /usr/local/bin/nano setenv EDITOR /usr/local/bin/nano
Setup NC's cron jobs:
crontab -u www -e
Code:*/15 * * * * /usr/local/bin/php -f /usr/local/www/apache24/data/nextcloud/cron.php
Now lets secure this server
SSL using Certbot:
Download/Install Certbot
pkg install py27-certbot
certbot certonly --webroot -w /usr/local/www/apache24/data/nextcloud -d YOURSITE.COM
Navigate to /usr/local/etc/apache24/httpd.conf
Code:cd /usr/local/etc/apache24/httpd.conf
in the httpd.conf file
FindListen 80
and add underneathListen 443
I don't know what the below command does but it works:
nano /etc/make.conf
Then add to the 2nd line of the file
Code:DEFAULT_VERSIONS+=php7.0
Restart Apache:
service apache24 restart
Add Cron Job:
crontab -e
Code:* 1 * * 1 ./usr/local/bin/certbot renew --quiet
Okay once you finally logon to Nextcloud 12.3 using http and you enter the admin area you will see these errors!!!!
Code:
- Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. It is strongly recommended that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.
- You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our security tips.
Have no fear if this error bothers you their is a fix
Force to https redirect:
Now lets introduce a redirect as in a redirect of http to https this mainly for on the lan as when accessed from the world wide web it automatically redirects to https and is not accessible via http.
be advised the https will say the connection is not secure when accessing from the lan using the direct ip.
Edit the .htaccess file by entering the following command:
$ nano /usr/local/www/apache24/data/nextcloud/.htaccess
While in the .htaccess file directly below this text:
Code:#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####
Add:
Code:RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Restart apache:
service apache24 restart
And VOILA! YOU ARE DONE!!!!!
so you can share with whomever you choose!!!!!!!!!!!!!
How to use NextCloud on a separate NIC
Code:Shut down the jail Click Edit Uncheck VIMAGE and select the NIC from the NIC drop down. Make sure your IP info didn't change. Start jail and try to access your cloud. If all went well you'd basically see nothing changed as it will work as expected.
helpful commands and notes from install
to find a file:
enter command: find /usr -name "filename"
beautiful guide,
However one thing i am not able to figure out is how to remove the index.php from the url
does anyone know where to find this?
nextcloud used to have these settings in its config file but changing these does not work.