Dies ist eine alte Version des Dokuments!
NextCloud auf dem Raspberry Pi einrichten
0. Vorbereitung
aktuelles Raspian-Image auf SD-Karte schreiben Lite Image für Headless oder volles Image mit Desktop
ssh aktivieren
RasPi starten
- über ssh anmelden
- raspi-config
- Passwort ändern
- Dateisystem erweitern
- ssh aktivieren
- Spracheinstrellungen anpassen
- Zeitzone konfigurieren
- reboot
- update/upgrade
- rpi-update installieren und Firmware updaten
sudo apt install rpi-update sudo rpi-update sudo reboot
Weitere Software installieren
sudo apt install mc htop
Betriebssystem auf USB-Stick verschieben
USB-Platte fest mounten (PARTUUID eintragen in /etc/fstab)
1. Webserver installieren
Webserver mit PHP installieren
sudo apt install apache2 php7.3 php7.3-gd php7.3-curl php7.3-common php7.3-intl php-pear php-apcu php7.3-xml libapache2-mod-php7.3 php7.3-mbstring php7.3-zip curl libcurl3 libcurl3-dev php7.3-mysql mariadb-server-10.1 smbclient
Root-Passwort für MariaDB <1El2ke3>
sudo mysql_secure_installation
Alle Nachfragen mit <Enter> beantworten (entfernt anonyme Einwahl, verhindert Remote-Login von root, entfernt Test-Datenbank). PHP-Modul in Apache aktivieren
sudo a2enmod php7.3
Apache neu starten
sudo systemctl restart apache2
Datenbank und Datenbankuser anlegen
mysql -u root -p create database nextcloud; create user ncuser@localhost identified by '1el2ke3'; grant all privileges on nextcloud.* to ncuser@localhost identified by '1el2ke3'; flush privileges; exit;
Binäres Logging in MariaDB aktivieren
sudo nano /etc/mysql/conf.d/mariadb.cnf
Folgende Zeilen hinzufügen
log-bin = /var/log/mysql/mariadb-bin log-bin-index = /var/log/mysql/mariadb-bin.index binlog_format = mixed
Anschliessend den mysql-Dämon neu starten
sudo systemctl restart mysql
NextCloud installieren
NextCloud herunterladen und installieren:
cd /var/www/html sudo wget https://download.nextcloud.com/server/releases/nextcloud-12.0.0.zip sudo unzip nextcloud-*.zip sudo rm nextcloud-*.zip
Eigentümer des Verzeichnisses /var/www/nextcloud rekursiv ändern:
sudo chown -R www-data:www-data /var/www/nextcloud
Für den SSL-Zugriff Git und Let's Encrypt installieren:
sudo apt install git -y cd /etc sudo git clone https://github.com/letsencrypt/letsencrypt
Installationsscript für Let's Encrypt ausführen
cd /etc/letsencrypt sudo ./letsencrypt-auto
Bei der Frage nach der Zugriffsart sicheren Zugriff auswählen.
Apache anpassen: ServerSignature and ServerTokens in der security.conf ändern
sudo nano /etc/apache2/conf-enabled/security.conf ServerTokens Prod ServerSignature Off
Apache neu starten:
sudo service apache2 restart
for faster performance also comment out “CustomLog ${APACHE_LOG_DIR}/access.log combined” with a “#” at the beginning in the previous two files and also in /etc/apache2/sites-available/000-default-le-ssl.conf (based on: https://github.com/owncloud/documentation/wiki/Performance-Tuning-%28unofficial%29 )
change apache2.conf:
sudo nano /etc/apache2/apache2.conf
and add at the end:
<Directory /var/www/nextcloud> AllowOverride All </Directory>
sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
add the following line
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
one line above </VirtualHost>
enable module headers:
sudo a2enmod headers
restart apache2:
sudo service apache2 restart
login to your nextcloud installation over your_no_ip.domain.com
to remove the memory cache bug from admin panel: add in config.php the following line before “;” :
sudo nano /var/www/html/nextcloud/config/config.php
'memcache.local' => '\OC\Memcache\APC',
restart apache2:
sudo service apache2 restart
setting strong directory permissions
cd ~ touch set-nextcloud-permissions.sh chmod +x set-nextcloud-permissions.sh nano set-nextcloud-permissions.sh
#!/bin/bash
ncpath='/var/www/nextcloud'
htuser='www-data'
htgroup='www-data'
rootuser='root'
printf "Creating possible missing Directories\n"
mkdir -p $ncpath/data
mkdir -p $ncpath/assets
mkdir -p $ncpath/updater
printf "chmod Files and Directories\n"
find ${ncpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ncpath}/ -type d -print0 | xargs -0 chmod 0750
printf "chown Directories\n"
chown -R ${rootuser}:${htgroup} ${ncpath}/
chown -R ${htuser}:${htgroup} ${ncpath}/apps/
chown -R ${htuser}:${htgroup} ${ncpath}/assets/
chown -R ${htuser}:${htgroup} ${ncpath}/config/
chown -R ${htuser}:${htgroup} ${ncpath}/data/
chown -R ${htuser}:${htgroup} ${ncpath}/themes/
chown -R ${htuser}:${htgroup} ${ncpath}/updater/
chmod +x ${ncpath}/occ
printf "chmod/chown .htaccess\n"
if [ -f ${ncpath}/.htaccess ]
then
chmod 0644 ${ncpath}/.htaccess
chown ${rootuser}:${htgroup} ${ncpath}/.htaccess
fi
if [ -f ${ncpath}/data/.htaccess ]
then
chmod 0644 ${ncpath}/data/.htaccess
chown ${rootuser}:${htgroup} ${ncpath}/data/.htaccess
fi
run the script:
sudo ./set-nextcloud-permissions.sh rm set-nextcloud-permissions.sh
if you are working in your own network try the_ip_of_your_pi (will be faster)
do backgroundjobs with cron instead of AJAX
login in to the adminpanel and change cronjobs from AJAX to Cron: edit the crontab of www-data:
sudo crontab -u www-data -e
and add at the end:
- /15 * * * * php -f /var/www/html/nextcloud/cron.php
check the crontab of www-data:
sudo crontab -u www-data -l
10) install your nextcloud clients on your devices (smartphone, pc): for android: https://f-droid.org/repository/browse/?fdid=com.nextcloud.client
linux pc: sudo apt-get install owncloud-client
or use nextclouds appimage: https://download.nextcloud.com/desktop/prereleases/Linux/
wget https://download.nextcloud.com/desktop/prereleases/Linux/Nextcloud-2.3.2-beta-x86_64.glibc2.14.AppImage chmod +x Nextcloud-*.AppImage
more: https://nextcloud.com/install/
nextcloud calDAV, cardDAV: login into webinterface as admin and enable apps: calendar, contacts or: sudo -u www-data php /var/www/nextcloud/occ app:enable contacts && sudo -u www-data php /var/www/nextcloud/occ app:enable calendar
on android install davdroid: https://f-droid.org/repository/browse/?fdid=at.bitfire.davdroid
in the app enter your address of your pi if you want to use it only in your local lan, use your local lan ip..
if you are migrating from google to nextcloud you can export your calendars: https://support.google.com/calendar/answer/37111?hl=en
11) security: this is MOST important. BUT you also have to search for it YOURSELF.
if you are not a security expert best REMOVE port forwarding for ports 80 and 443 from your router like recommended in 5) so it will ONLY be reachable from your LOCAL network over 192.168.x.x
11.0) upgrade nextcloud when a new release arrives UPGRADE, UPGRADE, UPGRADE ..otherwise you will miss fixed security bugs.. how to upgrade from an older installation is described in 13) you can check your security of your current nextcloud version at: https://scan.nextcloud.com/
11.1) check your ssl connection: https://www.ssllabs.com/ssltest/analyze.html?d=your_personal_subdomain.noip.com
11.2) enable fail2ban for logins: based on: https://forum.owncloud.org/viewtopic.php?f=8&t=28678
you can check manually for failed logins: sudo lastb
install fail2ban: sudo apt install fail2ban
create a nextcloud.conf: sudo nano /etc/fail2ban/filter.d/nextcloud.conf
[Definition] failregex={„reqId“:„.*“,„remoteAddr“:„.*“,„app“:„core“,„message“:„Login failed: '.*' \(Remote IP: '<HOST>'\)“,„level“:2,„time“:„.*“}
ignoreregex =
create a jail.local: sudo nano /etc/fail2ban/jail.local
[nextcloud] enabled = true filter = nextcloud # select http, https or both, depending on which you use: port = http,https # edit the logpath to your needs: logpath = /var/www/nextcloud/data/nextcloud.log
start/ reload fail2ban: sudo service fail2ban start sudo service fail2ban reload sudo service fail2ban status
check fail2ban log: cat /var/log/fail2ban.log
manually check log files: Log files of Web Server: sudo nano /var/log/apache2/access.log #Access Log files (if you did not disable it to speed up apache2) sudo nano /var/log/apache2/other_vhosts_access.log sudo nano /var/log/apache2/other_vhosts_access.log.1 sudo zless /var/log/apache2/other_vhosts_access.log.2.gz sudo zless -S /var/log/apache2/other_vhosts_access.log.2.gz #-S means no linebreak sudo nano /var/log/apache2/error.log #Error Log files
example to unzip a gz files: gunzip other_vhosts_access.log.2.gz
clean a log file from unimportant lines (remove all lines from a file that start with “string”): sed -i '/^string/d' input-file
Log file of nextcloud: sudo nano /var/www/nextcloud/data/nextcloud.log
if you want to read only the last 10 entrys use: tail -10 /path/to/log/file
get the version of your nextcloud (simply add a /status.php at the end of the address): https://192.168.1.x/status.php
see apache2 logs: sudo su cd /var/log/apache2/ && ls
11.5) run update && upgrade on a regular basis run the following code once a week or so: sudo apt-get update && sudo apt-get upgrade -y maybe do it with a cronjob. but be aware, sometimes new software might break your running system, so maybe run it manually so you you will be able to check it directly if it is still working.
12) daily backup nextcloud(rsync data and config directorys to usb-stick): this daily backup uses rsync, the bad about that is: do not use doubledots in filenames in owncloud do not use spaces at the end of a foldername if you have an idea to avoid rsync rescanning files with that properties let me know.
create the folder usbdisk: sudo mkdir /media/usbdisk
make the user pi the owner of the folder: sudo chown -R pi:pi /media/usbdisk
add the usb-stick in fstab (so it will be mounted on boot): sudo nano /etc/fstab and add at the end of the file the following line, replace 02A2-C123 with your UUID
UUID=02A2-C123 /media/usbdisk vfat utf8,users,rw,uid=pi,gid=pi,nofail 0 0
create a backup script: cd touch backup-nextcloud2stick.sh chmod +x backup-nextcloud2stick.sh nano backup-nextcloud2stick.sh 1 2 3 4 5 6 7 8 9 10 11 12 13 14
#!/bin/bash #set nexcloud to maintaince mode, stop apache2, backup data and config folders, start apache, disable maintaince mode (date „+%H:%M:%S–%d.%b.%Y start nextcloud backup“) && \ sudo -u www-data php /var/www/nextcloud/occ maintenance:mode –on && \ sleep 5 sudo service apache2 stop && \ sleep 5 sudo rsync -rtuv /var/www/nextcloud/data/ /media/usbdisk/nextcloud-data/ && \ sudo rsync -rtuv /var/www/nextcloud/config/ /media/usbdisk/nextcloud-config/ && \ sleep 5 sudo service apache2 start && \ sleep 5 sudo -u www-data php /var/www/nextcloud/occ maintenance:mode –off && \ (date „+%H:%M:%S–%d.%b.%Y finished nextcloud backup“)
add the script to crontab: (so it will run everyday at 1:30) crontab -e 1
30 01 * * * /home/pi/backup-nextcloud2stick.sh » /home/pi/backup2stick.log
the calendars are a part of the sqlite database and will be backup in /media/usbdisk/nextcloud-data/owncloud.db
13) upgrade if you are using a very old version do not update directly to the latest version!!! ownCloud and the current Nextcloud releases do not have the the ability to skip releases. This means upgrades have to go through all major releases. Always start by upgrading to the latest bugfix/security release in your current stable series before moving to the next major release. To ensure app data is properly migrated you have to update and enable the apps after each step. They are automatically disabled to make sure the server does not break during the upgrade. Starting ownCloud 8.2.x or Nextcloud 9.0, you can use the new Nextcloud updater, skipping the steps below
for more information about upgrading to a new major release have a look at: https://nextcloud.com/blog/protect-your-privacy-time-to-upgrade-to-nextcloud-11./
13.a) upgrade manually(if a new version is avaliable, for example from 11.0.1 to 11.0.2) based on: https://docs.nextcloud.org/server/9/admin_manual/maintenance/manual_upgrade.html https://docs.nextcloud.org/server/9/admin_manual/maintenance/update.html#set-updating-permissions-label https://help.nextcloud.com/t/shell-script-for-backup-and-upgrade-nextcloud-or-owncloud/1131 https://docs.nextcloud.com/server/11/admin_manual/maintenance/manual_upgrade.html
if you just have a small update you can try my steps (for example from 11.0.1 to 11.0.2): switch to maintaince mode: sudo -u www-data php /var/www/nextcloud/occ maintenance:mode –on sudo -u www-data php /var/www/nextcloud/occ app:disable contacts sudo -u www-data php /var/www/nextcloud/occ app:disable calendar
stop the webserver: sudo service apache2 stop
rename the old nextcloud folder: cd /var/www/ sudo mv nextcloud nextcloud_old
get latest nextcloud version: #sudo wget https://download.nextcloud.com/server/releases/nextcloud-10.0.0.zip #sudo wget https://download.nextcloud.com/server/releases/nextcloud-10.0.1.zip #sudo wget https://download.nextcloud.com/server/releases/nextcloud-11.0.0.zip #sudo wget https://download.nextcloud.com/server/releases/nextcloud-11.0.1.zip cd /var/www/ sudo wget https://download.nextcloud.com/server/releases/nextcloud-11.0.2.zip sudo unzip nextcloud-*.zip sudo rm nextcloud-*.zip
move over the old config.php file and the data directory: sudo mv /var/www/nextcloud_old/config/config.php /var/www/nextcloud/config/config.php sudo mv /var/www/nextcloud_old/data /var/www/nextcloud/data
create a script to set permissions for update: cd touch nextcloud_upgrade_perms.sh chmod +x nextcloud_upgrade_perms.sh nano nextcloud_upgrade_perms.sh 1 2 3 4 5 6 7 8
#!/bin/bash # Sets permissions of the Nextcloud instance for updating
ncpath='/var/www/nextcloud' htuser='www-data' htgroup='www-data'
chown -R ${htuser}:${htgroup} ${ncpath}
change the permissions: sudo ./nextcloud_upgrade_perms.sh rm nextcloud_upgrade_perms.sh
start the webserver: sudo service apache2 start
upgrade nextcloud: sudo -u www-data php /var/www/nextcloud/occ upgrade
stop the webserver: sudo service apache2 stop
set strong directory permissions: it is explained in step 8)
start the webserver: sudo service apache2 start
disable maintaince mode: sudo -u www-data php /var/www/nextcloud/occ maintenance:mode –off sudo -u www-data php /var/www/nextcloud/occ -V sudo -u www-data php /var/www/nextcloud/occ app:enable contacts sudo -u www-data php /var/www/nextcloud/occ app:enable calendar
if you have setup fail2ban with nextcloud 9.0.53 or previous as i explained it in 11.2), do not forget to do it again, cause the path of the logfile changed from owncloud.log to nextcloud.log
if the update worked also remove the old nextcloud folder: sudo rm -r /var/www/nextcloud_old
13.b) upgrade web based(if a new version is avaliable, for example from 10.0.1 to 10.0.2) based on: https://docs.nextcloud.com/server/11/admin_manual/maintenance/update.html
on website login as with your admin account click on top right to get the menu 01-admin choose “Admin”
02-open-updater click “Open updater” 03-start-update click “Start update” it got the error 04-error-update logged into my pi over ssh then run: sudo -s cd /var/www/nextcloud rm -r assets on website run the updater again “Retry update” got the error check write permissions 05-wrong-write-permissions best enable maintaince mode first.. so owncloud is not doing important stuff in background sudo -u www-data php /var/www/nextcloud/occ maintenance:mode –on connect again over ssh and run in terminal the script nextcloud_upgrade_perms.sh [creating the script is explained in 13)a)] cd && sudo ./nextcloud_upgrade_perms.sh and run the updater again “Retry update” took ~5 minutes on pi2 to get the following site 06-maintaince-mode-switch now set old perms on owncloud directory [creating the script is explained in 13)a)]: cd && sudo ./set-nextcloud-permissions.sh then click on “No (for usage of the web based updater)” 07-finish-update then click on “Go to back to your Nextcloud instance to finish the update” 08-start-update “Start update” done.
14) nextcloud’s command line based on: https://www.c-rieger.de/using-nextclouds-command-line/ sudo su cd /var/www/nextcloud
rescan all files of all users: sudo -u www-data php occ files:scan –all -v
cleanup nextclouds filecache: sudo -u www-data php occ files:cleanup
cleanup all deleted files: sudo -u www-data php occ trashbin:cleanup
cleanup files for a user: sudo -u www-data php occ trashbin:cleanup
list all commands: sudo -u www-data php occ
15) other stuff https://github.com/petrockblog/OwncloudPie/blob/master/owncloudpie_setup.sh
Dateigrösse für den Upload anpassen
Die php.ini bearbeiten
sudo nano /etc/php5/apache2/php.ini
Die folgenden beiden Zeilen anpassen:
post_max_size = 2G upload_max_filesize = 2G
Speichern, schliessen, Apache neu starten
sudo service apache2 restart
https://www.linuxbabe.com/cloud-storage/setup-nextcloud-server-ubuntu-16-04-apache-mariadb-php7 https://fredfire1.wordpress.com/2016/06/25/install-nextcloud-owncloud-fork-on-raspberry-pi2-raspberrypi2/ https://pimylifeup.com/raspberry-pi-nextcloud-server/