[[PageOutline]]

= nextcloud =

Our [wiki:owncloud nextcloud] installation is running on lucius, which is currently running Debian jessie. The nextcloud application is instatlled from source. 

== Important details ==

 * The application runs as the www-data user
 * Directories:
  * The code is in /var/www/nextcloud. 
  * The data (files) are in /var/lib/nextcloud/data. 
  * Our configuration is in /etc/nextcloud (symlinked from /var/www/nextcloud/config)
 * We're using the postgres package not the mysql package. If you want to muck around in the database: `su - www-data` and then `psql nextcloud`
 * We're authenticating using the [wiki:login-service login-service] (web api). 
  * That happens via our own mfplauth app, which depends on the [https://github.com/nextcloud/apps/tree/master/user_external external user auth app] 
 * The admin username (mfpl-admin) and password are in [wiki:keyringer keyringer]. However, try to avoid logging in as mfpl-admin, and if you change any configuration options, /etc/nextcloud/config.php will get overwritten 
 * A 5GB per user quota is set. This is configured by logging in as mfpl-admin and then clicking to administer users. Quotas can be changed on a per user basis.
 * To fix #8125, we've added our own custom theme called "mayfirst", which is in lucius.mayfirst.org:/var/lib/nextcloud/themes and it is activated via the theme => "mayfirst" line in lucius.mayfirst.org:/etc/nextcloud/config.php. Currently, it only adds a style sheet that simply hides the password change form.
 * We have committed to maintaining the following extra apps, which are installed in /var/lib/nextcloud/apps-local:
  * [https://apps.nextcloud.com/apps/calendar Calendar] - allows users to create, share and sync calendars
  * [https://apps.nextcloud.com/apps/contacts Contacts] - allows users to create, share and sync contacts
  * [https://apps.nextcloud.com/apps/files_markdown Markdown editor] - provides a live preview while editing files in the markdown syntax (useful for storing static content generated web sites like [https://gohugo.io/ hugo]).
  * [https://apps.nextcloud.com/apps/circles circles] - allows users to create "circles" of people to share documents, calendars, etc. with.
  * [https://apps.nextcloud.com/apps/bookmarks Bookmarks] (see #10696) - save, sync and share bookmarks
  * [https://github.com/nextcloud/user_external External user authentication] - The base application allowing us to write our own external auth plugin (see below). The full nextcloud apps repository is checked out in /srv/nextcloud-apps. The user_external app is copied from /srv/nextcloud-apps/user_external to /var/lib/nextcloud/apps-local.
  * MF/PL custom auth app (git://git.mayfirst.org/mfpl/mfplauth) - Allowing users to login using their own May First/People Link username and password. this module is checkout via git directly in /var/lib/nextcloud/apps-local/mfplauth.
  * [https://apps.nextcloud.com/apps/onlyoffice] - web edit word and spreadsheet files using only office.
  * [https://apps.nextcloud.com/apps/end_to_end_encryption end to end encryption].
  * [https://apps.nextcloud.com/apps/notes Notes]
  * [https://apps.nextcloud.com/apps/tasks tasks]
  * [https://apps.nextcloud.com/apps/news news] - woops! Not yet enabled. See #13737

== Upgrading ==

Steps to upgrade from source:

 * Visit https://nextcloud.com/changelog/ and download the appropriate version to /root using wget and unpack
 * Create symlinks that mirror the symlinks in /var/www/nextcloud
 * If upgrading a major version, backup /var/lib/nextcloud/apps-local and download new versions of all apps in /var/lib/nextcloud/apps-local, replacing the existing apps with the new ones.
 * Copy /etc/nextcloud/config.php to /etc/nextcloud/config.php.bak
 * Enter maintenance mode (edit to /etc/nextcloud/config.php)
 * Backup the database with:
{{{
su -c "pg_dump nextcloud" www-data | gzip -c > nextcloud.pre.$(date +%Y.%m.%d).backup.sql.gz
}}}
 * Make a backup of the current nextcloud installation:
{{{
mv /var/www/nextcloud /var/www/nextcloud.version.n.n.n
}}}
 * Move the new copy in:
{{{
mv /root/nextcloud /var/www/
}}}
 * Ensure all database udpates have been run, su to the www-data user and then:
{{{
su - www-data
cd /var/www/nextcloud
php occ upgrade
}}}
 * Fix the libre office template language selection (see #13626):
{{{
/root/fix-nextcloud-templates /var/www/nextcloud/core/templates/filetemplates/template.odp
/root/fix-nextcloud-templates /var/www/nextcloud/core/templates/filetemplates/template.odt
/root/fix-nextcloud-templates /var/www/nextcloud/core/templates/filetemplates/template.ods
}}}


== Only Office ==

We are using [wiki:onlyoffice Only Office] for web-based editing of documents, spreadsheets and presentations.

== Nginx and php fpm ==

A working [https://docs.nextcloud.com/server/11/admin_manual/installation/nginx_nextcloud_9x.html nginx configuration file for nextcloud is available].

In addition, php5-fpm should work mostly out of the box but requires these tweaks:

 * /etc/php5/fpm/pool.d/www.conf:
  * Uncomment the the lines starting with env (so environment variables are available to nextcloud)
  * Change:
{{{
pm.max_children = 50
pm.start_servers = 10
pm.min_spare_servers = 10
pm.max_spare_servers = 15
}}}
 * Add the file `/etc/php5/fpm/conf.d/100-nextcloud.ini` with the contents:
{{{
always_populate_raw_post_data = -1
}}}

== Brute force rate limits ==

See [https://help.nextcloud.com/t/how-can-i-unblock-an-ip-blocked-through-brute-force-detection/5731 how to unblock an IP for more information]. In short, if an IP is wrongly blocked:

{{{
su - www-data
psql nextcloud
DELETE FROM oc_bruteforce_attempts WHERE ip = 'aaa.bbb.ccc.ddd';
}}}