NextCloud
Updated 14 Avril 2021
Introduction
Nextcloud est un logiciel web pour la synchronisation des données, le stockage cloud et le partage de fichiers.
Préparer un conteneur LXC
Nous recommandons d'installer Nextcloud dans un conteneur distinct que vous auriez configuré selon le manuel.
Installation et configuration de PostgreSQL
Installez et configurez PostgreSQL selon le manuel. Remplacez la base de données dbtest de l'exemple par nextcloud, et à la place de l'utilisateur test créez nextcloud.
Installation et configuration de Nginx
Installez et configurez le serveur web Nginx et PHP-FPM conformément au manuel.
Installation de Nextcloud
Ci-dessous, vous trouverez des explications sur l'installation de Nextcloud à partir du code source. Les mises à jour ultérieures seront effectuées via l'interface web ou directement depuis la ligne de commande du service.
Télécharger et extraire Nextcloud
Pour décompresser l'archive Nextcloud, vous aurez besoin d'un archiveur unzip. Si le paquet n'est pas installé sur votre système, commencez par l'installer :
emerge -a app-arch/unzip
Créez les chemins d'accès nécessaires, puis téléchargez et décompressez le service :
mkdir -p /var/calculate/www/nextcloud/{upload,save}
cd /var/calculate/www/nextcloud
wget https://download.nextcloud.com/server/releases/latest.zip
unzip latest.zip
mv nextcloud htdocs
rm latest.zip
Modifiez les privilèges:
chown -R nginx. .
Configuration de Nginx pour NextCloud
Configurez Nginx pour le nom de domaine ~cloud.example.org~ :
upstream php-handler { server unix:/run/php-fpm.socket; } server { listen 80; server_name cloud.example.org; # Path to the root of your installation root /var/calculate/www/nextcloud/htdocs/; # Logs access_log /var/log/nginx/cloud.example.org.access.log main; error_log /var/log/nginx/cloud.example.org.error.log; # Max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; location = /robots.txt { allow all; log_not_found off; access_log off; } # Для получения сертификата ssl location ~ /.well-known { allow all; } location = /.well-known/carddav { return 301 $scheme://$host:$server_port/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host:$server_port/remote.php/dav; } location / { rewrite ^ /index.php$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; # Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; # Enable pretty urls fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~ \.(?:css|js|woff|woff2?|svg|gif)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=15778463"; # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # Optional: Don't log access to other assets access_log off; } }
Configuration PHP-FPM
Configurez les variables d'environnement PHP-FPM :
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp
Configurez l'OPcache de PHP-FPM :
[PHP] ; Maximum amount of memory a script may consume ; http://php.net/memory-limit memory_limit = 512M [opcache] ; Determines if Zend OPCache is enabled for the CLI version of PHP opcache.enable_cli=1 ; How often (in seconds) to check file timestamps for changes to the shared ; memory storage allocation. ("1" means validate once per second, but only ; once per request. "0" means always validate) opcache.revalidate_freq=1
Redémarrez Nginx et PHP-FPM pour valider :
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
nginx | * Checking nginx configuration ... [ ok ] nginx | * Refreshing nginx configuration ... [ ok ]
php-fpm | * Stopping PHP FastCGI Process Manager ... [ ok ] php-fpm | * Testing PHP FastCGI Process Manager config ... [ ok ] php-fpm | * Starting PHP FastCGI Process Manager ... [ ok ]
Configuration de Nextcloud
Ajoutez cloud.example.org tournant sur l'IP ~192.168.0.1~~ au serveur DNS de votre réseau local ou modifiez la ligne :
192.168.0.1 cloud.example.org
Rendez-vous sur la page ~http://cloud.example.org~~~ avec votre navigateur Web pour finaliser la configuration de Nextcloud.
Configuration HTTPS
Obtenir le certificat Let's Encrypt
Procurez-vous un certificat de domaine pour cloud.example.org pour Nginx en suivant les instructions du manuel.
Mise en place de la prise en charge de HTTPS dans Nginx
Configurez Nginx pour assurer la prise en charge de HTTPS, en suivant les instructions du manuel.
Configurer HTTPS pour Nextcloud
Configurez Nginx pour le domaine ~cloud.example.org~ :
upstream php-handler { server unix:/run/php-fpm.socket; } server { listen 80; server_name cloud.example.org; rewrite ^ https://$server_name$request_uri? permanent; } server { listen 443 ssl http2; ssl_certificate /etc/letsencrypt/live/cloud.example.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/cloud.example.org/privkey.pem; include ssl.conf; server_name cloud.example.org; # Path to the root of your installation root /var/calculate/www/nextcloud/htdocs/; # Logs access_log /var/log/nginx/cloud.example.org.access.log main; error_log /var/log/nginx/cloud.example.org.error.log; # Max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; location = /robots.txt { allow all; log_not_found off; access_log off; } # Для получения сертификата ssl location ~ /.well-known { allow all; } location = /.well-known/carddav { return 301 $scheme://$host:$server_port/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host:$server_port/remote.php/dav; } location / { rewrite ^ /index.php$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; # Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; # Enable pretty urls fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~ \.(?:css|js|woff|woff2?|svg|gif)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=15778463"; # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # Optional: Don't log access to other assets access_log off; } }
Configuration du cache
Redis est une structure de données en mémoire qui peut être utilisée pour la gestion du cache. Pour utiliser Redis, installez d'abord les logiciels nécessaires:
emerge dev-db/redis dev-php/pecl-redis virtual/pkgconfig
Ajoutez Redis à la liste de démarrage automatique, exécutez-le puis relancez PHP-FPM :
* service redis added to runlevel default
php-fpm | * Starting redis ... [ ok ]
php-fpm | * Stopping PHP FastCGI Process Manager ... [ ok ] php-fpm | * Testing PHP FastCGI Process Manager config ... [ ok ] php-fpm | * Starting PHP FastCGI Process Manager ... [ ok ]
Ajoutez les paramètres Redis sur Nextcloud :
<?php
$CONFIG = array (
'instanceid' => 'secret',
'passwordsalt' => 'secret',
'secret' => 'secret',
'trusted_domains' =>
array (
0 => 'cloud.example.org',
),
'datadirectory' => '/var/calculate/www/nextcloud/htdocs/data',
'overwrite.cli.url' => 'https://cloud.example.org',
'dbtype' => 'pgsql',
'version' => '13.0.2',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud',
'dbpassword' => 'secret',
'installed' => true,
'maintenance' => false,
'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
),
);
Par défaut, Redis utilise 64 Mo de mémoire vive. Il est possible que cela ne suffise pas pour que Nextcloud fonctionne normalement, provoquant l'erreur OOM command not allowed when used memory > 'maxmemory' (commande non autorisée lorsque la mémoire utilisée est supérieure à la mémoire maximale). Définissez la taille maximale de mémoire vive à utiliser par Redis :
/etc/redis.conf
... maxmemory 256mb
Conclusion
Voilà, votre Nextcloud est opérationnel ! Mais ce n'est que le début. Libre à vous de découvrir les incroyables fonctionnalités de votre nuage personnel Nextcloud. Reportez-vous à la page [Travailler avec Nextcloud] (working_with_nextcloud) pour en savoir plus.
Note
Vous pouvez également vous abonner à notre groupe de discussion @nextcloud@calculate.social sur Mastodon.