Home
Open menu

How I setup Nextcloud

Layout

My Nextcloud install is run on 2 vms and an LXC container, this is to spread the load over more servers.

  • web01 is the webserver, it runs nginx and only nginx
  • php01 is the PHP server, all the data is stored here
  • mysql01 is the DB server, it runs MariaDB
  • docker swarm (2 nodes) is where I have the notify_push container

Installed things

Nginx has been installed from the nginx.org repo, if your on a pi and want a newer version. Go have a look at packages.sury.org

PHP is installed from https://packages.sury.org/php/ as it has PHP from 5.6 all the way up to 8.4, I use an Ansible role to get the repo setup and install all the things I need.

MariaDB is from the Debian repo, so a standard install. I have made changes to the my.cnf to make it run in 1GB of memory.

nextcloud gets installed from the zip file from nextcloud.com, I then do steps to move the old version left and setup the new version (more below).

Nextcloud steps

To get nextcloud upgraded or installed I follow this list of steps

New Install

  • select a location for the install
  • make any directories I need (e.g. mkdir /srv/www/)
  • download the latest version from nextcloud.com wget https://download.nextcloud.com/server/releases/nextcloud-29.0.6.zip
  • unzip the download unzip nextcloud-29.0.7.zip
  • move to my own named directory mv nextcloud horwood-nextcloud
  • copy in my backed up config cp /backups/config.php horwood-nextcloud/config/

upgrade

  • goto were nextcloud is installed
    • cd /srv/www/
  • download the latest version from nextcloud.com
    • wget https://download.nextcloud.com/server/releases/nextcloud-29.0.7.zip
  • unzip the download
    • unzip nextcloud-29.0.7.zip
  • change the owner of new install
    • chown www-data:www-data nextcloud -r
  • move the old left and the new right, dropping the backup in the bin
    • rm -fr horwood-nextcloud;mv horwood-nextcloud horwood-nextcloud.old;mv nextcloud horwood-nextcloud
  • copy the apps from the old version
    • rsync -vvr --ignore-existing horwood-nextcloud.old/apps/ horwood-nextcloud/apps/
  • switch to the webserver user and run the upgrade
    • cd horwood-nextcloud
    • su www-data
    • php occ upgrade

Using the Redis session handler

If you are using Redis for locking and/or caching, you may also wish to use Redis for session management. Redis can be used for centralized session management across multiple Nextcloud application servers, unlike the standard files handler. If you use the Redis handler, though, you MUST ensure that session locking is enabled. As of this writing, the Redis session handler does NOT enable session locking by default, which can lead to session corruption in some Nextcloud apps that make heavy use of session writes such as Talk. In addition, even when session locking is enabled, if the application fails to acquire a lock, the Redis session handler does not currently return an error. Adding the following settings in your php.ini file will prevent session corruption when using Redis as your session handler:

redis.session.locking_enabled=1
redis.session.lock_retries=-1
redis.session.lock_wait_time=10000

Full example:

[Session]
session.save_handler = redis
session.save_path = "tcp://redis:6379?weight=1, tcp://redis:6379?weight=2&timeout=2.5"
redis.session.locking_enabled=1
redis.session.lock_retries=-1
redis.session.lock_wait_time=10000

More information on configuration of phpredis session handler can be found on the PhpRedis GitHub page

MySQL Config my.cnf

[client]
port                    = 3306
socket                  = /var/run/mysqld/mysqld.sock
default-character-set   = utf8mb4
[mysqld_safe]
socket                  = /var/run/mysqld/mysqld.sock
nice                    = 0
[mariadb]
thread_handling=pool-of-threads
[mysqld]
user                    = mysql
pid-file                = /var/run/mysqld/mysqld.pid
socket                  = /var/run/mysqld/mysqld.sock
port                    = 3306
basedir                 = /usr
datadir                 = /mnt/mysql_data/mysql/
tmpdir                  = /tmp
log_error               = /var/log/mariadb.err
lc-messages-dir         = /usr/share/mysql
skip-external-locking
skip-name-resolve

binlog_format             = ROW
character_set_server      = utf8mb4
collation_server          = utf8mb4_general_ci
expire_logs_days          = 10
innodb_buffer_pool_size   = 3G
innodb_file_format        = barracuda
innodb_file_per_table     = 1
innodb_large_prefix       = on
innodb_log_buffer_size    = 3G
innodb_log_file_size      = 768M
innodb_flush_method       = O_DIRECT
interactive_timeout       = 900
join_buffer_size          = 256M
key_buffer_size           = 10M
max_allowed_packet        = 10M
max_binlog_size           = 100M
max_connections           = 50
max_heap_table_size       = 512M
myisam-recover-options    = BACKUP
net_buffer_length         = 2K
query_cache_limit         = 128M
query_cache_size          = 0
query_cache_type          = 0
read_buffer_size          = 256K
read_rnd_buffer_size      = 256K
table_definition_cache    = 1500
table_open_cache          = 1230
thread_cache_size         = 25
thread_concurrency        = 25
thread_stack              = 128k
tmp_table_size            = 512M
transaction_isolation     = READ-COMMITTED
wait_timeout              = 900

performance_schema = on
performance-schema-consumer-events-statements-history-long = ON
performance-schema-consumer-events-statements-history = ON
performance-schema-consumer-events-statements-current = ON
performance-schema-consumer-events-stages-current=ON
performance-schema-consumer-events-stages-history=ON
performance-schema-consumer-events-stages-history-long=ON
performance-schema-consumer-events-transactions-current=ON
performance-schema-consumer-events-transactions-history=ON
performance-schema-consumer-events-transactions-history-long=ON
performance-schema-consumer-events-waits-current=ON
performance-schema-consumer-events-waits-history=ON
performance-schema-consumer-events-waits-history-long=ON
performance-schema-instrument='%=ON'
max-digest-length=2048
performance-schema-max-digest-length=2018

#innodb_force_recovery=1

[mysqldump]
quick
quote-names
max_allowed_packet      = 16M
[mysql]
[isamchk]
key_buffer              = 16M

Talk High performance backend (THPB) and TURN/STUN

I have an odd setup when it comes to the setup of Talk, I have nextcloud and the THPB on my dedi. But the TURN/STUN server on a VPS.

This works very well once you know how it all hangs together and what firewall rules you need.

At this point you will have all the bits needed, as the aio-talk image has TURN/STUN in it. You just need to port forward 3478 to the container.

I have coturn installed on my VPS so that its not all in one place

  • install coturn
  • upload the config below
  • make sure you allow 3478 in on both UDP and TCP
  • If like me you have a very strict firewall, allow 49152:65535 on UDP out
listening-port=3478
listening-ip=0.0.0.0
external-ip=57.128.172.172
relay-ip=57.128.172.172
relay-ip=2001:41d0:801:2000::3060
verbose=4
fingerprint
use-auth-secret
static-auth-secret=8b2bd4f8c47919a0048a768b1edc74d72c55f374daae17026341e7e1a3bbd4b3
server-name=coturn.horwood.biz
realm=coturn.horwood.biz
total-quota=0
bps-capacity=0
stale-nonce
no-stdout-log
log-file=/var/log/turn.log
syslog
no-multicast-peers
mobility

Docker containers

I run about 5 docker containers that add extra functionality, the below list has links to the compose files.