wiki:nextcloud-admin

Version 17 (modified by https://id.mayfirst.org/jamie, 8 days ago) (diff)

--

nextcloud

Our nextcloud installation is running on lucius, which is currently running Debian jessie. The nextcloud application is instatlled from source.

Important details

  • The application runs as the www-data user
  • Directories:
    • The code is in /var/www/nextcloud.
    • The data (files) are in /var/lib/nextcloud/data.
    • Our configuration is in /etc/nextcloud (symlinked from /var/www/nextcloud/config)
  • We're using the postgres package not the mysql package. If you want to muck around in the database: su - www-data and then psql nextcloud
  • We're authenticating using the login-service (web api).
  • The admin username (mfpl-admin) and password are in keyringer. However, try to avoid logging in as mfpl-admin, and if you change any configuration options, /etc/nextcloud/config.php will get overwritten
  • A 5GB per user quota is set. This is configured by logging in as mfpl-admin and then clicking to administer users. Quotas can be changed on a per user basis.
  • To fix #8125, we've added our own custom theme called "mayfirst", which is in lucius.mayfirst.org:/var/lib/nextcloud/themes and it is activated via the theme => "mayfirst" line in lucius.mayfirst.org:/etc/nextcloud/config.php. Currently, it only adds a style sheet that simply hides the password change form.
  • We have committed to maintaining four extra apps, which are installed in /var/lib/nextcloud/apps-local:
    • Calendar - allows users to create, share and sync calendars
    • Contacts - allows users to create, share and sync contacts
    • Markdown editor - provides a live preview while editing files in the markdown syntax (useful for storing static content generated web sites like hugo).
    • circles - allows users to create "circles" of people to share documents, calendars, etc. with.
    • Bookmarks (see #10696) - save, sync and share bookmarks
    • External user authentication - The base application allowing us to write our own external auth plugin (see below). The full nextcloud apps repository is checked out in /srv/nextcloud-apps. The user_external app is copied from /srv/nextcloud-apps/user_external to /var/lib/nextcloud/apps-local.
    • MF/PL custom auth app (git://git.mayfirst.org/mfpl/mfplauth) - Allowing users to login using their own May First/People Link username and password. this module is checkout via git directly in /var/lib/nextcloud/apps-local/mfplauth.
    • Rich Documents/Collobora - web edit word and spreadsheet files.

Upgrading

Steps to upgrade from source:

  • Visit https://nextcloud.com/changelog/ and download the appropriate version to /root using wget and unpack
  • Create symlinks that mirror the symlinks in /var/www/nextcloud
  • If upgrading a major version, backup /var/lib/nextcloud/apps-local and download new versions of all apps in /var/lib/nextcloud/apps-local, replacing the existing apps with the new ones.
  • Copy /etc/nextcloud/config.php to /etc/nextcloud/config.php.bak
  • Enter maintenance mode (edit to /etc/nextcloud/config.php)
  • Backup the database with:
    su -c "pg_dump nextcloud" www-data > nextcloud.pre.$(date +%Y.%m.%d).backup.sql
    
  • Ensure the dump completed successfully:
    tail nextcloud.pre.$(date +%Y.%m.%d).backup.sql
    
  • Make a backup of the current nextcloud installation:
    mv /var/www/nextcloud /var/www/nextcloud.version.n.n.n
    
  • Move the new copy in:
    mv /root/nextcloud /var/www/
    
  • Ensure all database udpates have been run, su to the www-data user and then:
    su - www-data
    cd /var/www/nextcloud
    php occ upgrade
    

Collabora online

For the richtext editor to work, we have to have Collabora Online installed. Fortunately it can be installed as a docker image.

The docker service is installed and managed via puppet (m_docker.pp).

We are loosely following these instructions for installation with nginx (that page includes an nginx configuration file). They depend on a collabora-code docker image, which has a Docker file that lives on github. Rather than pull in their unverified docker image, I have forked their Docker file (git://git.mayfirst.org/mfpl/collabora-code), with instructions on how to build it from scratch.

On lucius it should be installed via puppet and found in:

/usr/local/share/collabora-code

See the README.mfpl.md for directions on installing and upgrading the docker images.

Our code is in the mfpl branch.

To pull in the latest version from github, perform the following on your workstation:

  • Checkout both the upstream and mfpl code
  • Rebase the master branch under the mfpl branch
  • Push the mfpl branch to git.mayfirst.org
  • Pull it onto lucius

Nginx and php fpm

A working nginx configuration file for nextcloud is available.

In addition, php5-fpm should work mostly out of the box but requires these tweaks:

  • /etc/php5/fpm/pool.d/www.conf:
    • Uncomment the the lines starting with env (so environment variables are available to nextcloud)
    • Change:
      pm.max_children = 50
      pm.start_servers = 10
      pm.min_spare_servers = 10
      pm.max_spare_servers = 15
      
  • Add the file /etc/php5/fpm/conf.d/100-nextcloud.ini with the contents:
    always_populate_raw_post_data = -1