411 lines
8.4 KiB
Markdown
411 lines
8.4 KiB
Markdown
# Nextcloud AIO
|
|
|
|
- [Nextcloud AIO](#nextcloud-aio)
|
|
- [Install with Rootless Podman](#install-with-rootless-podman)
|
|
- [Create the nextcloud user](#create-the-nextcloud-user)
|
|
- [Create the container autostart service](#create-the-container-autostart-service)
|
|
- [Install Nextcloud](#install-nextcloud)
|
|
- [Install Caddy](#install-caddy)
|
|
- [Firewall](#firewall)
|
|
- [Backups](#backups)
|
|
- [Manual Backups](#manual-backups)
|
|
- [Maintenance Mode](#maintenance-mode)
|
|
- [Trusted Proxy](#trusted-proxy)
|
|
- [Default phone region](#default-phone-region)
|
|
- [Adding existing files](#adding-existing-files)
|
|
- [Theming](#theming)
|
|
- [Changing the domain](#changing-the-domain)
|
|
- [Uninstall](#uninstall)
|
|
- [Edit QCOW](#edit-qcow)
|
|
- [Exclude Lists](#exclude-lists)
|
|
- [Troubleshooting](#troubleshooting)
|
|
- [Stuck in login screen](#stuck-in-login-screen)
|
|
- [Freezing after working for a bit](#freezing-after-working-for-a-bit)
|
|
- [Out of disk space](#out-of-disk-space)
|
|
- [Redis can't dump its DB](#redis-cant-dump-its-db)
|
|
- [Error connecting to server](#error-connecting-to-server)
|
|
|
|
<https://github.com/nextcloud/all-in-one>
|
|
|
|
## Install with Rootless Podman
|
|
|
|
Roughly taken from <https://github.com/nextcloud/all-in-one/discussions/3487>
|
|
|
|
This has been tested working on Fedora 41 with selinux and firewalld enabled.
|
|
|
|
### Create the nextcloud user
|
|
|
|
```bash
|
|
useradd nextcloud
|
|
loginctl enable-linger $(id -u nextcloud)
|
|
systemctl --user --machine=nextcloud@.host enable podman-restart
|
|
systemctl --user --machine=nextcloud@.host enable --now podman.socket
|
|
su -l nextcloud
|
|
mkdir -p /home/nextcloud/.config/containers/systemd
|
|
exit
|
|
```
|
|
|
|
### Create the container autostart service
|
|
|
|
Edit the autostart service to include "unless-stopped" containers.
|
|
|
|
```bash
|
|
machinectl shell nextcloud@
|
|
systemctl --user edit podman-restart.service
|
|
```
|
|
|
|
```conf
|
|
[Service]
|
|
ExecStart=
|
|
ExecStart=/usr/bin/podman $LOGGING start --all --filter restart-policy=always --filter restart-policy=unless-stopped
|
|
ExecStop=/bin/sh -c '/usr/bin/podman $LOGGING stop $(/usr/bin/podman container ls --filter restart-policy=always --filter restart-policy=unless-stopped -q)'
|
|
```
|
|
|
|
```bash
|
|
systemctl --user daemon-reload
|
|
```
|
|
|
|
### Install Nextcloud
|
|
|
|
On the operator
|
|
|
|
1. Edit `nextcloud-aio-mastercontainer.container` to include the correct username and UID where relevant.
|
|
2. Copy the files to the server:
|
|
|
|
```bash
|
|
# Copy the quadlet files
|
|
scp \
|
|
active/podman_nextcloud/nextcloud-aio-mastercontainer.container \
|
|
3dserver:/home/nextcloud/.config/containers/systemd/
|
|
|
|
ssh chown -R nextcloud:nextcloud /home/nextcloud/.config/containers/systemd/
|
|
```
|
|
|
|
On the server
|
|
|
|
```bash
|
|
machinectl shell nextcloud@
|
|
|
|
# Create volumes
|
|
mkdir nextcloud_data
|
|
mkdir nextcloud_aio_mastercontainer
|
|
|
|
# Create the nextcloud network with ipv6
|
|
podman network create --ipv6 nextcloud-aio
|
|
|
|
# Reload and restart the service
|
|
systemctl --user daemon-reload
|
|
systemctl --user restart nextcloud-aio-mastercontainer
|
|
```
|
|
|
|
### Install Caddy
|
|
|
|
As root
|
|
|
|
```bash
|
|
mkdir /etc/caddy
|
|
vim /etc/caddy/Caddyfile
|
|
```
|
|
|
|
Caddy will automatically provision certificates if the server DNS points to the correct IP
|
|
and is accessible on the ports specifified. All you need to do is put `https` in the caddy conf.
|
|
|
|
```conf
|
|
https://nextcloud.reeseapps.com:443 {
|
|
reverse_proxy 127.0.0.1:11000
|
|
}
|
|
|
|
https://nextcloud.reeseapps.com:8443 {
|
|
reverse_proxy 127.0.0.1:11001 {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
}
|
|
```
|
|
|
|
```bash
|
|
vim /etc/containers/systemd/caddy.container
|
|
```
|
|
|
|
```conf
|
|
[Unit]
|
|
Description=Caddy
|
|
|
|
[Container]
|
|
AddCapability=NET_ADMIN
|
|
ContainerName=caddy
|
|
Image=docker.io/caddy:2
|
|
Network=host
|
|
SecurityLabelDisable=true
|
|
Volume=/etc/caddy:/etc/caddy
|
|
Volume=caddy_data:/data
|
|
Volume=caddy_config:/config
|
|
|
|
[Service]
|
|
Restart=always
|
|
|
|
[Install]
|
|
WantedBy=default.target
|
|
```
|
|
|
|
```bash
|
|
systemctl daemon-reload
|
|
systemctl start caddy
|
|
```
|
|
|
|
### Firewall
|
|
|
|
Allow traffic to 11000 from your reverse proxy
|
|
|
|
## Backups
|
|
|
|
IMPORTANT: you will need both KEY AND PASSPHRASE to access this repo!
|
|
If you used a repokey mode, the key is stored in the repo, but you should back it up separately.
|
|
Use "borg key export" to export the key, optionally in printable format.
|
|
Write down the passphrase. Store both at safe place(s).
|
|
|
|
```bash
|
|
docker exec nextcloud-aio-borgbackup borg key export /mnt/borgbackup/borg/
|
|
```
|
|
|
|
If you need to reset the borg backup repo:
|
|
|
|
```bash
|
|
docker exec nextcloud-aio-borgbackup rm /mnt/docker-aio-config/data/borg.config
|
|
```
|
|
|
|
### Manual Backups
|
|
|
|
1. Backup `nextcloud_data`
|
|
2. Backup all nextcloud volumes at `/home/nextcloud/.local/share/containers/storage/volumes/`
|
|
3. Backup `.config/containers/systemd/`
|
|
|
|
Copy these back to where they came to restore
|
|
|
|
## Maintenance Mode
|
|
|
|
```bash
|
|
docker stop nextcloud-aio-apache
|
|
docker exec -it -u www-data nextcloud-aio-nextcloud ./occ maintenance:mode --on
|
|
|
|
docker start nextcloud-aio-apache
|
|
docker exec -it -u www-data nextcloud-aio-nextcloud ./occ maintenance:mode --off
|
|
```
|
|
|
|
## Trusted Proxy
|
|
|
|
If running with a reverse proxy.
|
|
|
|
```bash
|
|
docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 2 --value="10.1.0.0/16"
|
|
docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 3 --value="fd00:fd41:d0f1:1010::/64"
|
|
```
|
|
|
|
## Default phone region
|
|
|
|
```bash
|
|
docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="US"
|
|
```
|
|
|
|
## Adding existing files
|
|
|
|
```bash
|
|
docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --path=ducoterra/files
|
|
```
|
|
|
|
## Theming
|
|
|
|
Red: `#B30000`
|
|
|
|
## Changing the domain
|
|
|
|
```bash
|
|
docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"
|
|
```
|
|
|
|
## Uninstall
|
|
|
|
```bash
|
|
docker stop $(docker ps -a -q)
|
|
docker container prune
|
|
|
|
# DANGER ZONE
|
|
# This deletes all your data
|
|
docker volume prune -a -f
|
|
```
|
|
|
|
defaults,_netdev,x-systemd.requires=iscsid.service 0 1
|
|
|
|
## Edit QCOW
|
|
|
|
```bash
|
|
sudo modprobe nbd
|
|
sudo qemu-nbd -c /dev/nbd0 --read-only /path/to/image.qcow2
|
|
udisksctl mount -b /dev/nbd0p1
|
|
```
|
|
|
|
## Exclude Lists
|
|
|
|
Exclude lists take effect only if the folders/files haven't been synced yet. Here's a basic one
|
|
I stole that works well for development resources.
|
|
|
|
Put this in `~/.config/Nextcloud/sync-exclude.list`
|
|
|
|
```text
|
|
]*~
|
|
]~$*
|
|
].~lock.*
|
|
]~*.tmp
|
|
]*.~*
|
|
]Icon\r*
|
|
].DS_Store
|
|
].ds_store
|
|
]*.textClipping
|
|
]._*
|
|
]Thumbs.db
|
|
]photothumb.db
|
|
]System Volume Information
|
|
].*.sw?
|
|
].*.*sw?
|
|
].TemporaryItems
|
|
].Trashes
|
|
].DocumentRevisions-V100
|
|
].Trash-*
|
|
].fseventd
|
|
].apdisk
|
|
].Spotlight-V100
|
|
].directory
|
|
]*.part
|
|
]*.filepart
|
|
]*.crdownload
|
|
]*.kate-swp
|
|
]*.gnucash.tmp-*
|
|
].synkron.*
|
|
].sync.ffs_db
|
|
].symform
|
|
].symform-store
|
|
].fuse_hidden*
|
|
]*.unison
|
|
].nfs*
|
|
]My Saved Places.
|
|
]*.sb-*
|
|
]*.dll
|
|
]*.exe
|
|
].git/
|
|
].lock
|
|
]*.bin
|
|
].bin
|
|
]bin/
|
|
]*.lock
|
|
]node_modules/
|
|
].cache/
|
|
].vscode/
|
|
].pytest_cache/
|
|
].github/
|
|
].ipynb_checkpoints/
|
|
]*.exe
|
|
]*.dll
|
|
]*.class
|
|
]*.com
|
|
]*.so
|
|
]*.o
|
|
]@*/
|
|
]__pycache__/
|
|
].Python/
|
|
]build/
|
|
]dist/
|
|
]eggs/
|
|
].eggs/
|
|
]wheels/
|
|
]sdist/
|
|
]var/
|
|
]*.egg/
|
|
]*.egg-info/
|
|
]lib64/
|
|
]lib/
|
|
].tox/
|
|
].nox/
|
|
]env/
|
|
]venv/
|
|
]ENV/
|
|
]env.bak/
|
|
]venv.bak/
|
|
]site/
|
|
]cython_debug/
|
|
]vendor/
|
|
]tmp/
|
|
].libs/
|
|
].debs/
|
|
]src/
|
|
]Debug/
|
|
]debug/
|
|
]*.pdb
|
|
]*.enc
|
|
].enc
|
|
].sass-cache/
|
|
]_site/
|
|
].info
|
|
]*.info
|
|
].jekyll-cache
|
|
].jekyll-cache/
|
|
].zotero-ft-cache
|
|
].zotero-ft-info
|
|
]*.idlk
|
|
]zotero.sqlite.bak
|
|
]*.dwl
|
|
]*.dwl2
|
|
]*.bkp
|
|
]*.dtmp
|
|
].$*
|
|
]*.tmp
|
|
]_build/
|
|
].venv/
|
|
```
|
|
|
|
## Troubleshooting
|
|
|
|
### Stuck in login screen
|
|
|
|
Check logs at `/var/www/html/data/nextcloud.log` in `nextcloud-aio-nextcloud` container.
|
|
|
|
Sometimes this is caused by a broken app or twofactor. try:
|
|
|
|
```bash
|
|
# Disable two factor
|
|
./occ twofactorauth:state <user>
|
|
./occ twofactorauth:disable <user> totp
|
|
```
|
|
|
|
```bash
|
|
# Disable problem app
|
|
./occ app:disable integration_openai
|
|
```
|
|
|
|
### Freezing after working for a bit
|
|
|
|
#### Out of disk space
|
|
|
|
This can happen when nextcloud tries to write logs to its volume and doesn't have enough space
|
|
|
|
```bash
|
|
podman exec -it nextcloud-aio-nextcloud bash
|
|
df -h .
|
|
```
|
|
|
|
#### Redis can't dump its DB
|
|
|
|
This can happen when the redis volume doesn't have the correct permissions
|
|
|
|
```bash
|
|
podman exec -it --user root nextcloud-aio-redis bash
|
|
ls -lah /data
|
|
chown redis:redis /data
|
|
```
|
|
|
|
#### Error connecting to server
|
|
|
|
Your nextcloud instance won't be able to use host loopback with rootless containers. If you have
|
|
a local DNS record pointing to your server's IP address you'll need to delete that until this is
|
|
fixed.
|