Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen der Seite angezeigt.

--- ncraspi [2019/07/21 09:38] – noone
+++ ncraspi [2022/03/24 23:56] (aktuell) – noone
@@ Zeile 2: / Zeile 2: @@
 ===0. Vorbereitung===
-aktuelles Raspian-Image auf SD-Karte schreiben [[https://downloads.raspberrypi.org/raspbian_lite_latest|Lite Image für Headless]] oder [[https://downloads.raspberrypi.org/raspbian_latest|volles Image mit Desktop]]\\
+aktuelles RaspberryPiOS-Image auf SD-Karte schreiben [[https://downloads.raspberrypi.org/raspbian_lite_latest|Lite Image für Headless]] oder [[https://downloads.raspberrypi.org/raspbian_latest|volles Image mit Desktop]]\\
 ssh aktivieren\\
 RasPi starten
@@ Zeile 14: / Zeile 14: @@
   * reboot
   * update/upgrade
-  * rpi-update installieren und Firmware updaten
+[[piwebmin|Webmin]] installieren und anpassen
-   sudo apt install rpi-update
-   sudo rpi-update
-   sudo reboot
 Weitere Software installieren
-   sudo apt install mc htop
+   sudo apt install mc gpm htop
 [[staticip|Feste IP-Adresse zuweisen]]
@@ Zeile 30: / Zeile 27: @@
 ===1. Webserver installieren===
-Webserver mit PHP installieren
+   sudo apt install -y \
-   sudo apt install apache2 php7.3 php7.3-gd php7.3-curl php7.3-common php7.3-intl php-pear php-apcu php7.3-xml libapache2-mod-php7.3 php7.3-mbstring php7.3-zip curl libcurl3 libcurl3-dev php7.3-mysql mariadb-server-10.1 smbclient
+      apache2\
+      mariadb-server\
+      mariadb-client\
+      php7.3\
+      php7.3-mysql\
+      php7.3-curl\
+      php7.3-gd\
+      php7.3-zip\
+      php7.3-fpm\
+      php7.3-mbstring\
+      php7.3-xml\
+      php7.3-intl\
+      php-imagick
+      libapache2-mod-php
-| |
+MariaDB absichern
+   sudo mysql_secure_installation
-Root-Passwort für MariaDB <1El2ke3>\\
+Datenbank für NextCloud anlegen
-   sudo mysql_secure_installation
+   sudo mysql -u root -p
-Alle Nachfragen mit <Enter> beantworten (entfernt anonyme Einwahl, verhindert Remote-Login von root, entfernt Test-Datenbank).
-PHP-Modul in Apache aktivieren
+   create database NextCloud;
-   sudo a2enmod php7.3
+   create user 'nextcloud'@'localhost' identified by '<passwort>';
-Apache neu starten
+   grant all on NextCloud.* to 'nextcloud'@'localhost';
-   sudo systemctl restart apache2
-Datenbank und Datenbankuser anlegen
-   mysql -u root -p
-   create database nextcloud;
-   create user ncuser@localhost identified by '1el2ke3';
-   grant all privileges on nextcloud.* to ncuser@localhost identified by '1el2ke3';
    flush privileges;
-   exit;
+   quit
-Binäres Logging in MariaDB aktivieren
-   sudo nano /etc/mysql/conf.d/mariadb.cnf
-Folgende Zeilen hinzufügen
-   log-bin        = /var/log/mysql/mariadb-bin
-   log-bin-index  = /var/log/mysql/mariadb-bin.index
-   binlog_format  = mixed
-Anschliessend den mysql-Dämon neu starten
-   sudo systemctl restart mysql
-====NextCloud installieren====
+NextCloud herunterladen
+   cd ~/Download
+   wget https://download.nextcloud.com/server/releases/latest.zip
+und entpacken
+   unzip latest.zip
+Verzeichnis nextcloud in den Webserver verschieben und Benutzer anpassen
+   sudo mv nextcloud /var/www/html
+   sudo chown -R www-data.www-data /var/www/html/nextcloud
-NextCloud herunterladen und installieren:
+Konfiguration für virtuellen Host anlegen
-   cd /var/www/html
+   sudo nano /etc/apache2/sites-available/nextcloud.conf
-   sudo wget https://download.nextcloud.com/server/releases/nextcloud-12.0.0.zip
+mit dem Inhalt
-   sudo unzip nextcloud-*.zip
+   <VirtualHost *:80>
-   sudo rm nextcloud-*.zip
+      ServerName p37.ddnss.de
-Eigentümer des Verzeichnisses /var/www/nextcloud rekursiv ändern:
+      ServerAdmin pegasus37@gmx.net
-   sudo chown -R www-data:www-data /var/www/nextcloud
+      DocumentRoot /var/www/html
+      ErrorLog ${APACHE_LOG_DIR}/hostname.tld_error.log
+      CustomLog ${APACHE_LOG_DIR}/hostname.tld_access.log combined
+      <Directory /var/www/html>
+         Options +FollowSymlinks
+         AllowOverride All
+         <IfModule mod_dav.c>
+            Dav off
+         </IfModule>
+         SetEnv HOME /var/www/html
+         SetEnv HTTP_HOME /var/www/html
+      </Directory>
+   </VirtualHost>
-Für den SSL-Zugriff Git und Let's Encrypt installieren:
+Webserver neustarten
-   sudo apt install git -y
+   sudo systemctl restart apache2
-   cd /etc
-   sudo git clone https://github.com/letsencrypt/letsencrypt
-Installationsscript für Let's Encrypt ausführen
-   cd /etc/letsencrypt
-   sudo ./letsencrypt-auto
-Bei der Frage nach der Zugriffsart sicheren Zugriff auswählen.
-Apache anpassen:
+===2. Zertifikat einrichten===
-ServerSignature and ServerTokens in der security.conf ändern
-   sudo nano /etc/apache2/conf-enabled/security.conf
-   ServerTokens Prod
-   ServerSignature Off
-Apache neu starten:
-   sudo service apache2 restart
+Pakete installieren
+   sudo apt install certbot python-certbot-apache
+Zertifikat anfordern
+**Achtung:** Der Raspberry pi muss aus dem Internet auf Port 80 und Port 443 erreichbar sein. Vor diesem Schritt müssen die Ports im Router eingerichtet werden.
+   sudo certbot --apache
+Automatische Zertifikas-Erneuerung anlegen
+Mit
+   sudo crontab -e
+die Cron-Tabelle öffnen und neuen Job eintragen
+3 * * * /usr/bin/certbot renew --quiet
+Nach dem Speichern wird das Zertifikat rechtzeitig vor Ablauf automatisch erneuert.
+Für die Hintergrundarbeiten der NextCloud ist noch ein weiterer Cronjob anzulegen, diesmal für den Benutzer www-data:
-for faster performance also comment out “CustomLog ${APACHE_LOG_DIR}/access.log combined” with a “#” at the beginning in the previous two files and also in /etc/apache2/sites-available/000-default-le-ssl.conf (based on: https://github.com/owncloud/documentation/wiki/Performance-Tuning-%28unofficial%29 )
-change apache2.conf:
-   sudo nano /etc/apache2/apache2.conf
-and add at the end:
-   <Directory /var/www/nextcloud>
-     AllowOverride All
-   </Directory>
-   sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
-add the following line
-   Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
-one line above </VirtualHost>
-enable module headers:
-   sudo a2enmod headers
-restart apache2:
-   sudo service apache2 restart
-login to your nextcloud installation over your_no_ip.domain.com
-to remove the memory cache bug from admin panel:
-add in config.php the following line before “;” :
-   sudo nano /var/www/html/nextcloud/config/config.php
-   'memcache.local' => '\OC\Memcache\APC',
-restart apache2:
-   sudo service apache2 restart
-setting strong directory permissions
-   cd ~
-   touch set-nextcloud-permissions.sh
-   chmod +x set-nextcloud-permissions.sh
-   nano set-nextcloud-permissions.sh
-   #!/bin/bash
-   ncpath='/var/www/nextcloud'
-   htuser='www-data'
-   htgroup='www-data'
-   rootuser='root'
-   printf "Creating possible missing Directories\n"
-   mkdir -p $ncpath/data
-   mkdir -p $ncpath/assets
-   mkdir -p $ncpath/updater
-   printf "chmod Files and Directories\n"
-   find ${ncpath}/ -type f -print0 | xargs -0 chmod 0640
-   find ${ncpath}/ -type d -print0 | xargs -0 chmod 0750
-   printf "chown Directories\n"
-   chown -R ${rootuser}:${htgroup} ${ncpath}/
-   chown -R ${htuser}:${htgroup} ${ncpath}/apps/
-   chown -R ${htuser}:${htgroup} ${ncpath}/assets/
-   chown -R ${htuser}:${htgroup} ${ncpath}/config/
-   chown -R ${htuser}:${htgroup} ${ncpath}/data/
-   chown -R ${htuser}:${htgroup} ${ncpath}/themes/
-   chown -R ${htuser}:${htgroup} ${ncpath}/updater/
-   chmod +x ${ncpath}/occ
-   printf "chmod/chown .htaccess\n"
-   if [ -f ${ncpath}/.htaccess ]
-    then
-    chmod 0644 ${ncpath}/.htaccess
-    chown ${rootuser}:${htgroup} ${ncpath}/.htaccess
-   fi
-   if [ -f ${ncpath}/data/.htaccess ]
-    then
-    chmod 0644 ${ncpath}/data/.htaccess
-    chown ${rootuser}:${htgroup} ${ncpath}/data/.htaccess
-   fi
-run the script:
-   sudo ./set-nextcloud-permissions.sh
-   rm set-nextcloud-permissions.sh
-if you are working in your own network try the_ip_of_your_pi (will be faster)
-do backgroundjobs with cron instead of AJAX
-login in to the adminpanel and change cronjobs from AJAX to Cron:
-edit the crontab of www-data:
    sudo crontab -u www-data -e
-and add at the end:
+   */5 * * * * php -f /var/www/html/nextcloud/cron.php
-   */15  *  *  *  * php -f /var/www/html/nextcloud/cron.php
-check the crontab of www-data:
-   sudo crontab -u www-data -l
-) install your nextcloud clients on your devices (smartphone, pc):
-for android:
-https://f-droid.org/repository/browse/?fdid=com.nextcloud.client
-linux pc:
-sudo apt-get install owncloud-client
-or use nextclouds appimage:
-https://download.nextcloud.com/desktop/prereleases/Linux/
-wget https://download.nextcloud.com/desktop/prereleases/Linux/Nextcloud-2.3.2-beta-x86_64.glibc2.14.AppImage
-chmod +x Nextcloud-*.AppImage
-more:
-https://nextcloud.com/install/
-nextcloud calDAV, cardDAV:
-login into webinterface as admin and enable apps: calendar, contacts
-or:
-sudo -u www-data php /var/www/nextcloud/occ app:enable contacts &&
-sudo -u www-data php /var/www/nextcloud/occ app:enable calendar
-on android install davdroid:
-https://f-droid.org/repository/browse/?fdid=at.bitfire.davdroid
-in the app enter your address of your pi
-if you want to use it only in your local lan, use your local lan ip..
-if you are migrating from google to nextcloud you can export your calendars:
-https://support.google.com/calendar/answer/37111?hl=en
-) security:
-this is MOST important. BUT you also have to search for it YOURSELF.
-if you are not a security expert best REMOVE port forwarding for ports 80 and 443 from your router like recommended in 5)
-so it will ONLY be reachable from your LOCAL network over 192.168.x.x
-.0) upgrade nextcloud when a new release arrives
-UPGRADE, UPGRADE, UPGRADE ..otherwise you will miss fixed security bugs..
-how to upgrade from an older installation is described in 13)
-you can check your security of your current nextcloud version at:
-https://scan.nextcloud.com/
-.1) check your ssl connection:
-https://www.ssllabs.com/ssltest/analyze.html?d=your_personal_subdomain.noip.com
-.2) enable fail2ban for logins:
-based on: https://forum.owncloud.org/viewtopic.php?f=8&t=28678
-you can check manually for failed logins:
-sudo lastb
-install fail2ban:
-sudo apt install fail2ban
-create a nextcloud.conf:
-sudo nano /etc/fail2ban/filter.d/nextcloud.conf
-[Definition]
-failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}
-ignoreregex =
-create a jail.local:
-sudo nano /etc/fail2ban/jail.local
-[nextcloud]
-enabled = true
-filter  = nextcloud
-# select http, https or both, depending on which you use:
-port    =  http,https
-# edit the logpath to your needs:
-logpath = /var/www/nextcloud/data/nextcloud.log
-start/ reload fail2ban:
-sudo service fail2ban start
-sudo service fail2ban reload
-sudo service fail2ban status
-check fail2ban log:
-cat /var/log/fail2ban.log
-manually check log files:
-Log files of Web Server:
-sudo nano /var/log/apache2/access.log #Access Log files (if you did not disable it to speed up apache2)
-sudo nano /var/log/apache2/other_vhosts_access.log
-sudo nano /var/log/apache2/other_vhosts_access.log.1
-sudo zless /var/log/apache2/other_vhosts_access.log.2.gz
-sudo zless -S /var/log/apache2/other_vhosts_access.log.2.gz #-S means no linebreak
-sudo nano /var/log/apache2/error.log #Error Log files
-example to unzip a gz files:
-gunzip other_vhosts_access.log.2.gz
-clean a log file from unimportant lines (remove all lines from a file that start with “string”):
-sed -i '/^string/d' input-file
-Log file of nextcloud:
-sudo nano /var/www/nextcloud/data/nextcloud.log
-if you want to read only the last 10 entrys use:
-tail -10 /path/to/log/file
-get the version of your nextcloud (simply add a /status.php at the end of the address):
-https://192.168.1.x/status.php
-see apache2 logs:
-sudo su
-cd /var/log/apache2/ && ls
-.5) run update && upgrade on a regular basis
-run the following code once a week or so:
-sudo apt-get update && sudo apt-get upgrade -y
-maybe do it with a cronjob.
-but be aware, sometimes new software might break your running system, so maybe run it manually so you you will be able to check it directly if it is still working.
-) daily backup nextcloud(rsync data and config directorys to usb-stick):
-this daily backup uses rsync, the bad about that is:
-do not use doubledots in filenames in owncloud
-do not use spaces at the end of a foldername
-if you have an idea to avoid rsync rescanning files with that properties let me know.
-create the folder usbdisk:
-sudo mkdir /media/usbdisk
-make the user pi the owner of the folder:
-sudo chown -R pi:pi /media/usbdisk
-add the usb-stick in fstab (so it will be mounted on boot):
-sudo nano /etc/fstab
-and add at the end of the file the following line, replace 02A2-C123 with your UUID
-UUID=02A2-C123 /media/usbdisk vfat utf8,users,rw,uid=pi,gid=pi,nofail 0 0
-create a backup script:
-cd
-touch backup-nextcloud2stick.sh
-chmod +x backup-nextcloud2stick.sh
-nano backup-nextcloud2stick.sh
-#!/bin/bash
-#set nexcloud to maintaince mode, stop apache2, backup data and config folders, start apache, disable maintaince mode
-(date "+%H:%M:%S--%d.%b.%Y start nextcloud backup") && \
-sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on && \
-sleep 5
-sudo service apache2 stop && \
-sleep 5
-sudo rsync -rtuv /var/www/nextcloud/data/ /media/usbdisk/nextcloud-data/ && \
-sudo rsync -rtuv /var/www/nextcloud/config/ /media/usbdisk/nextcloud-config/ && \
-sleep 5
-sudo service apache2 start && \
-sleep 5
-sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off && \
-(date "+%H:%M:%S--%d.%b.%Y finished nextcloud backup")
-add the script to crontab: (so it will run everyday at 1:30)
-crontab -e
-01 * * * /home/pi/backup-nextcloud2stick.sh >> /home/pi/backup2stick.log
-the calendars are a part of the sqlite database and will be backup in /media/usbdisk/nextcloud-data/owncloud.db
-) upgrade
-if you are using a very old version do not update directly to the latest version!!!
-ownCloud and the current Nextcloud releases do not have the the ability to skip releases. This means upgrades have to go through all major releases.
-Always start by upgrading to the latest bugfix/security release in your current stable series before moving to the next major release.
-To ensure app data is properly migrated you have to update and enable the apps after each step. They are automatically disabled to make sure the server does not break during the upgrade.
-Starting ownCloud 8.2.x or Nextcloud 9.0, you can use the new Nextcloud updater, skipping the steps below
-for more information about upgrading to a new major release have a look at:
-https://nextcloud.com/blog/protect-your-privacy-time-to-upgrade-to-nextcloud-11./
-.a) upgrade manually(if a new version is avaliable, for example from 11.0.1 to 11.0.2)
-based on:
-https://docs.nextcloud.org/server/9/admin_manual/maintenance/manual_upgrade.html
-https://docs.nextcloud.org/server/9/admin_manual/maintenance/update.html#set-updating-permissions-label
-https://help.nextcloud.com/t/shell-script-for-backup-and-upgrade-nextcloud-or-owncloud/1131
-https://docs.nextcloud.com/server/11/admin_manual/maintenance/manual_upgrade.html
-if you just have a small update you can try my steps (for example from 11.0.1 to 11.0.2):
-switch to maintaince mode:
-sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
-sudo -u www-data php /var/www/nextcloud/occ app:disable contacts
-sudo -u www-data php /var/www/nextcloud/occ app:disable calendar
-stop the webserver:
-sudo service apache2 stop
-rename the old nextcloud folder:
-cd /var/www/
-sudo mv nextcloud nextcloud_old
-get latest nextcloud version:
-#sudo wget https://download.nextcloud.com/server/releases/nextcloud-10.0.0.zip
-#sudo wget https://download.nextcloud.com/server/releases/nextcloud-10.0.1.zip
-#sudo wget https://download.nextcloud.com/server/releases/nextcloud-11.0.0.zip
-#sudo wget https://download.nextcloud.com/server/releases/nextcloud-11.0.1.zip
-cd /var/www/
-sudo wget https://download.nextcloud.com/server/releases/nextcloud-11.0.2.zip
-sudo unzip nextcloud-*.zip
-sudo rm nextcloud-*.zip
-move over the old config.php file and the data directory:
-sudo mv /var/www/nextcloud_old/config/config.php /var/www/nextcloud/config/config.php
-sudo mv /var/www/nextcloud_old/data /var/www/nextcloud/data
-create a script to set permissions for update:
-cd
-touch nextcloud_upgrade_perms.sh
-chmod +x nextcloud_upgrade_perms.sh
-nano nextcloud_upgrade_perms.sh
-#!/bin/bash
-# Sets permissions of the Nextcloud instance for updating
-ncpath='/var/www/nextcloud'
-htuser='www-data'
-htgroup='www-data'
-chown -R ${htuser}:${htgroup} ${ncpath}
-change the permissions:
-sudo ./nextcloud_upgrade_perms.sh
-rm nextcloud_upgrade_perms.sh
-start the webserver:
-sudo service apache2 start
-upgrade nextcloud:
-sudo -u www-data php /var/www/nextcloud/occ upgrade
-stop the webserver:
-sudo service apache2 stop
-set strong directory permissions:
-it is explained in step 8)
-start the webserver:
-sudo service apache2 start
-disable maintaince mode:
-sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
-sudo -u www-data php /var/www/nextcloud/occ -V
-sudo -u www-data php /var/www/nextcloud/occ app:enable contacts
-sudo -u www-data php /var/www/nextcloud/occ app:enable calendar
-if you have setup fail2ban with nextcloud 9.0.53 or previous as i explained it in 11.2), do not forget to do it again, cause the path of the logfile changed from owncloud.log to nextcloud.log
-if the update worked also remove the old nextcloud folder:
-sudo rm -r /var/www/nextcloud_old
-.b) upgrade web based(if a new version is avaliable, for example from 10.0.1 to 10.0.2)
-based on:
-https://docs.nextcloud.com/server/11/admin_manual/maintenance/update.html
-on website login as with your admin account
-click on top right to get the menu
--admin
-choose “Admin”
--open-updater
-click “Open updater”
--start-update
-click “Start update”
-it got the error
--error-update
-logged into my pi over ssh
-then run:
-sudo -s
-cd /var/www/nextcloud
-rm -r assets
-on website run the updater again “Retry update”
-got the error check write permissions
--wrong-write-permissions
-best enable maintaince mode first.. so owncloud is not doing important stuff in background
-sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
-connect again over ssh and run in terminal the script nextcloud_upgrade_perms.sh [creating the script is explained in 13)a)]
-cd && sudo ./nextcloud_upgrade_perms.sh
-and run the updater again “Retry update”
-took ~5 minutes on pi2 to get the following site
--maintaince-mode-switch
-now set old perms on owncloud directory [creating the script is explained in 13)a)]:
-cd && sudo ./set-nextcloud-permissions.sh
-then click on “No (for usage of the web based updater)”
--finish-update
-then click on “Go to back to your Nextcloud instance to finish the update”
--start-update
-“Start update”
-done.
-) nextcloud’s command line
-based on: https://www.c-rieger.de/using-nextclouds-command-line/
-sudo su
-cd /var/www/nextcloud
-rescan all files of all users:
-sudo -u www-data php occ files:scan --all -v
-cleanup nextclouds filecache:
-sudo -u www-data php occ files:cleanup
-cleanup all deleted files:
-sudo -u www-data php occ trashbin:cleanup
-cleanup files for a user:
-sudo -u www-data php occ trashbin:cleanup
-list all commands:
+===3. Nextcloud einrichten===
-sudo -u www-data php occ
-) other stuff
+Webseite aufrufen
-https://github.com/petrockblog/OwncloudPie/blob/master/owncloudpie_setup.sh
+   <ip des Raspberry Pi>/nextcloud
+===PHP-Optimierungen===
+OPCache aktivieren
+   sudo nano /etc/php/7.3/apach2/php.ini
-Dateigrösse für den Upload anpassen
+Einträge aktivieren
+   opcache.enable=1
+   opcache.enable_cli=1
+   opcache.interned_strings_buffer=8
+   opcache.max_accelerated_files=10000
+   opcache.memory_consumption=128
+   opcache.save_comments=1
+   opcache.revalidate_freq=1
-Die php.ini bearbeiten
+Filegrössen anpassen
-   sudo nano /etc/php5/apache2/php.ini
-Die folgenden beiden Zeilen anpassen:
    post_max_size = 2G
    upload_max_filesize = 2G
-Speichern, schliessen, Apache neu starten
+   max_file_uploads = 200
-   sudo service apache2 restart
+   memory_limit = 512M
+===PHP-Memory-Cache===
-https://www.linuxbabe.com/cloud-storage/setup-nextcloud-server-ubuntu-16-04-apache-mariadb-php7
+Redis-Server inklusive passendes PHP-Modul installieren
-https://fredfire1.wordpress.com/2016/06/25/install-nextcloud-owncloud-fork-on-raspberry-pi2-raspberrypi2/
+   sudo apt install php-redis redis-server
-https://pimylifeup.com/raspberry-pi-nextcloud-server/