ducoterra
5184c84d50
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 33s
270 lines
6.4 KiB
Markdown
270 lines
6.4 KiB
Markdown
# Nextcloud AIO
|
|
|
|
- [Nextcloud AIO](#nextcloud-aio)
|
|
- [Install with Rootless Podman](#install-with-rootless-podman)
|
|
- [Create the nextcloud user](#create-the-nextcloud-user)
|
|
- [Install Podman](#install-podman)
|
|
- [Create the container autostart service](#create-the-container-autostart-service)
|
|
- [Install Nextcloud](#install-nextcloud)
|
|
- [Install Caddy](#install-caddy)
|
|
- [Firewall](#firewall)
|
|
- [Backups](#backups)
|
|
- [Maintenace Mode](#maintenace-mode)
|
|
- [Trusted Proxy](#trusted-proxy)
|
|
- [Default phone region](#default-phone-region)
|
|
- [Adding existing files](#adding-existing-files)
|
|
- [Theming](#theming)
|
|
- [Changing the domain](#changing-the-domain)
|
|
- [Uninstall](#uninstall)
|
|
- [Edit QCOW](#edit-qcow)
|
|
- [Stuck in login screen](#stuck-in-login-screen)
|
|
- [Freezing after working for a bit](#freezing-after-working-for-a-bit)
|
|
- [Out of disk space](#out-of-disk-space)
|
|
- [Redis can't dump its DB](#redis-cant-dump-its-db)
|
|
|
|
<https://github.com/nextcloud/all-in-one>
|
|
|
|
## Install with Rootless Podman
|
|
|
|
Roughly taken from <https://github.com/nextcloud/all-in-one/discussions/3487>
|
|
|
|
This has been tested working on Fedora 41 with selinux and firewalld enabled.
|
|
|
|
### Create the nextcloud user
|
|
|
|
```bash
|
|
useradd nextcloud
|
|
su - nextcloud
|
|
ssh-keygen
|
|
exit
|
|
cp ~/.ssh/authorized_keys /home/nextcloud/.ssh/authorized_keys
|
|
chown nextcloud:nextcloud /home/nextcloud/.ssh/authorized_keys
|
|
loginctl enable-linger $(id -u nextcloud)
|
|
```
|
|
|
|
### Install Podman
|
|
|
|
```bash
|
|
# As root user
|
|
dnf install podman
|
|
|
|
# Now SSH into the server as the nextcloud user
|
|
systemctl --user enable podman-restart
|
|
systemctl --user enable --now podman.socket
|
|
```
|
|
|
|
### Create the container autostart service
|
|
|
|
Edit the autostart service to include "unless-stopped" containers.
|
|
|
|
As the nextcloud user:
|
|
|
|
`systemctl --user edit podman-restart.service`
|
|
|
|
```conf
|
|
[Service]
|
|
ExecStart=
|
|
ExecStart=/usr/bin/podman $LOGGING start --all --filter restart-policy=always --filter restart-policy=unless-stopped
|
|
ExecStop=/bin/sh -c '/usr/bin/podman $LOGGING stop $(/usr/bin/podman container ls --filter restart-policy=always --filter restart-policy=unless-stopped -q)'
|
|
```
|
|
|
|
```bash
|
|
systemctl --user daemon-reload
|
|
```
|
|
|
|
### Install Nextcloud
|
|
|
|
```bash
|
|
# Make the container systemd directory (if needed)
|
|
ssh nextcloud mkdir -p ~/.config/containers/systemd
|
|
|
|
# Create the nextcloud network with ipv6
|
|
ssh nextcloud podman network create --ipv6 nextcloud-aio
|
|
|
|
# Copy the quadlet files
|
|
scp \
|
|
active/podman_nextcloud/nextcloud-aio-mastercontainer.container \
|
|
nextcloud:.config/containers/systemd/
|
|
|
|
# Reload and restart the service
|
|
ssh nextcloud systemctl --user daemon-reload
|
|
ssh nextcloud systemctl --user restart nextcloud-aio-mastercontainer
|
|
```
|
|
|
|
### Install Caddy
|
|
|
|
As root
|
|
|
|
```bash
|
|
mkdir /etc/caddy
|
|
vim /etc/caddy/Caddyfile
|
|
```
|
|
|
|
Caddy will automatically provision certificates if the server DNS points to the correct IP
|
|
and is accessible on the ports specifified. All you need to do is put `https` in the caddy conf.
|
|
|
|
```conf
|
|
https://nextcloud.reeseapps.com:443 {
|
|
reverse_proxy 127.0.0.1:11000
|
|
}
|
|
|
|
https://nextcloud.reeseapps.com:8443 {
|
|
reverse_proxy 127.0.0.1:11001 {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
}
|
|
```
|
|
|
|
```bash
|
|
vim /etc/containers/systemd/caddy.container
|
|
```
|
|
|
|
```conf
|
|
[Unit]
|
|
Description=Caddy
|
|
|
|
[Container]
|
|
AddCapability=NET_ADMIN
|
|
ContainerName=caddy
|
|
Image=docker.io/caddy:2
|
|
Network=host
|
|
SecurityLabelDisable=true
|
|
Volume=/etc/caddy:/etc/caddy
|
|
Volume=caddy_data:/data
|
|
Volume=caddy_config:/config
|
|
|
|
[Service]
|
|
Restart=always
|
|
|
|
[Install]
|
|
WantedBy=default.target
|
|
```
|
|
|
|
```bash
|
|
systemctl daemon-reload
|
|
systemctl start caddy
|
|
```
|
|
|
|
### Firewall
|
|
|
|
Allow traffic to 11000 from your reverse proxy
|
|
|
|
## Backups
|
|
|
|
IMPORTANT: you will need both KEY AND PASSPHRASE to access this repo!
|
|
If you used a repokey mode, the key is stored in the repo, but you should back it up separately.
|
|
Use "borg key export" to export the key, optionally in printable format.
|
|
Write down the passphrase. Store both at safe place(s).
|
|
|
|
```bash
|
|
docker exec nextcloud-aio-borgbackup borg key export /mnt/borgbackup/borg/
|
|
```
|
|
|
|
If you need to reset the borg backup repo:
|
|
|
|
```bash
|
|
docker exec nextcloud-aio-borgbackup rm /mnt/docker-aio-config/data/borg.config
|
|
```
|
|
|
|
## Maintenace Mode
|
|
|
|
```bash
|
|
docker stop nextcloud-aio-apache
|
|
docker exec -it -u www-data nextcloud-aio-nextcloud ./occ maintenance:mode --on
|
|
|
|
docker start nextcloud-aio-apache
|
|
docker exec -it -u www-data nextcloud-aio-nextcloud ./occ maintenance:mode --off
|
|
```
|
|
|
|
## Trusted Proxy
|
|
|
|
If running with a reverse proxy.
|
|
|
|
```bash
|
|
docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 2 --value="10.1.0.0/16"
|
|
docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 3 --value="fd00:fd41:d0f1:1010::/64"
|
|
```
|
|
|
|
## Default phone region
|
|
|
|
```bash
|
|
docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="US"
|
|
```
|
|
|
|
## Adding existing files
|
|
|
|
```bash
|
|
docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --path=ducoterra/files
|
|
```
|
|
|
|
## Theming
|
|
|
|
Red: `#B30000`
|
|
|
|
## Changing the domain
|
|
|
|
```bash
|
|
docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"
|
|
```
|
|
|
|
## Uninstall
|
|
|
|
```bash
|
|
docker stop $(docker ps -a -q)
|
|
docker container prune
|
|
|
|
# DANGER ZONE
|
|
# This deletes all your data
|
|
docker volume prune -a -f
|
|
```
|
|
|
|
defaults,_netdev,x-systemd.requires=iscsid.service 0 1
|
|
|
|
## Edit QCOW
|
|
|
|
```bash
|
|
sudo modprobe nbd
|
|
sudo qemu-nbd -c /dev/nbd0 --read-only /path/to/image.qcow2
|
|
udisksctl mount -b /dev/nbd0p1
|
|
```
|
|
|
|
## Stuck in login screen
|
|
|
|
Check logs at `/var/www/html/data/nextcloud.log` in `nextcloud-aio-nextcloud` container.
|
|
|
|
Sometimes this is caused by a broken app or twofactor. try:
|
|
|
|
```bash
|
|
# Disable two factor
|
|
./occ twofactorauth:state <user>
|
|
./occ twofactorauth:disable <user> totp
|
|
```
|
|
|
|
```bash
|
|
# Disable problem app
|
|
./occ app:disable integration_openai
|
|
```
|
|
|
|
## Freezing after working for a bit
|
|
|
|
### Out of disk space
|
|
|
|
This can happen when nextcloud tries to write logs to its volume and doesn't have enough space
|
|
|
|
```bash
|
|
podman exec -it nextcloud-aio-nextcloud bash
|
|
df -h .
|
|
```
|
|
|
|
### Redis can't dump its DB
|
|
|
|
This can happen when the redis volume doesn't have the correct permissions
|
|
|
|
```bash
|
|
podman exec -it --user root nextcloud-aio-redis bash
|
|
ls -lah /data
|
|
chown redis:redis /data
|
|
```
|