Version 35 (modified by Jamie McClelland, 16 months ago) (diff)



Our nextcloud installation is running on lucius, which is currently running Debian jessie. The nextcloud application is instatlled from source.

Important details

  • The application runs as the www-data user
  • Directories:
    • The code is in /var/www/nextcloud.
    • The data (files) are in /var/lib/nextcloud/data.
    • Our configuration is in /etc/nextcloud (symlinked from /var/www/nextcloud/config)
  • We're using the postgres package not the mysql package. If you want to muck around in the database: su - www-data and then psql nextcloud
  • We're authenticating using the login-service (web api).
  • The admin username (mfpl-admin) and password are in keyringer. However, try to avoid logging in as mfpl-admin, and if you change any configuration options, /etc/nextcloud/config.php will get overwritten
  • A 5GB per user quota is set. This is configured by logging in as mfpl-admin and then clicking to administer users. Quotas can be changed on a per user basis.
  • To fix #8125, we've added our own custom theme called "mayfirst", which is in and it is activated via the theme => "mayfirst" line in Currently, it only adds a style sheet that simply hides the password change form.
  • We have committed to maintaining the following extra apps, which are installed in /var/lib/nextcloud/apps-local:


Steps to upgrade from source:

  • Visit and download the appropriate version to /root using wget and unpack
  • Create symlinks that mirror the symlinks in /var/www/nextcloud
  • If upgrading a major version, make a backup of the local apps directory /var/lib/nextcloud/local-apps and then download new versions of all apps to a temporary location (e.g. /root/nextclout/apps).
  • Copy /etc/nextcloud/config.php to /etc/nextcloud/config.php.bak
  • Enter maintenance mode (edit to /etc/nextcloud/config.php)
  • Backup the database with:
    su -c "pg_dump nextcloud" -s /bin/bash www-data | gzip -c > nextcloud.pre.$(date +%Y.%m.%d).backup.sql.gz
  • Make a backup of the current nextcloud installation:
    mv /var/www/nextcloud /var/www/nextcloud.version.n.n.n
  • Move the new copy in:
    mv /root/nextcloud /var/www/
  • If major upgrade, delete the contents of /var/lib/nextcloud/local-apps and move in the new versions.
  • Ensure all database udpates have been run, su to the www-data user and then:
    su - -s /bin/bash www-data
    cd /var/www/nextcloud
    php occ upgrade
  • Clear out brute force log
    su - -s/bin/bash www-data
    psql nextcloud
    DELETE FROM oc_bruteforce_attempts;
  • Fix the libre office template language selection (see #13626):
    /root/fix-nextcloud-templates /var/www/nextcloud/core/templates/filetemplates/template.odp
    /root/fix-nextcloud-templates /var/www/nextcloud/core/templates/filetemplates/template.odt
    /root/fix-nextcloud-templates /var/www/nextcloud/core/templates/filetemplates/template.ods

Only Office

We are using Only Office for web-based editing of documents, spreadsheets and presentations.

Nginx and php fpm

A working nginx configuration file for nextcloud is available.

In addition, php5-fpm should work mostly out of the box but requires these tweaks:

  • /etc/php/7.3/fpm/pool.d/www.conf:
    • Uncomment the the lines starting with env (so environment variables are available to nextcloud)
    • Change:
      pm.max_children = 50
      pm.start_servers = 10
      pm.min_spare_servers = 10
      pm.max_spare_servers = 15
  • Add the file /etc/php5/fpm/conf.d/100-nextcloud.ini with the contents:
    always_populate_raw_post_data = -1

Brute force rate limits

See how to unblock an IP for more information. In short, if an IP is wrongly blocked:

su - www-data
psql nextcloud
DELETE FROM oc_bruteforce_attempts WHERE ip = 'aaa.bbb.ccc.ddd';

Resetting an e2e passphrase

This seems to be a flaw in the e2e model, but it is possible for an administrator to reset a user's e2e key if they lose the passphrase. Check out this issue for the latst.

At the time of this writing, the following works:

  • Enter the end_to_end_encryption folder in your appdata folder. Your appdata folder is a folder inside your data folder (the folder containing all your nextcloud files). It has a randomly generated name that starts with appdata like appdata_487461775a51. The end_to_end_encryption folder has three folders: meta-data, private-keys and public-keys.
  • If your username is joe, then remove meta-data/joe, private-keys/joe.private.key, public-keys/joe.public.key
  • In the database (replace joe with your username):
    DELETE FROM oc_filecache WHERE path LIKE 'appdata_%/end_to_end_encryption/meta-data/joe%';
    DELETE FROM oc_filecache WHERE path LIKE 'appdata_%/end_to_end_encryption/%-keys/joe.%.key';
  • launch the maintenance crontab manually as the www-data user (/usr/bin/php -f /var/www/nextcloud/cron.php)