-
Notifications
You must be signed in to change notification settings - Fork 0
/
2020-10-18-nextcloud.html
331 lines (301 loc) · 12.3 KB
/
2020-10-18-nextcloud.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="alternate"
type="application/rss+xml"
href="https://icot.github.io/rss.xml"
title="RSS feed for https://icot.github.io/">
<title>Nextcloud home deployment</title>
<meta name="author" content="icot">
<meta name="referrer" content="no-referrer">
<link href="static/style.css" rel="stylesheet" type="text/css"/>
<link rel="icon" href="static/favicon.ico">
</head>
<body>
<div id="preamble" class="status"><div class="header"> <a href="https://icot.github.io">icot.github.io</a> <div class="sitelinks"> <a href="about.html">about</a> | <a href="archive.html">archive</a> | <div class="dropdown"> <a href="tags/html" class="dropbtn">tags</a> <div class="dropdown-content"> </div> </div> | <a href="rss.xml">rss</a> </div></div></div>
<div id="content">
<div class="post-date">18 Oct 2020</div><h1 class="post-title"><a href="https://icot.github.io/2020-10-18-nextcloud.html">Nextcloud home deployment</a></h1>
<nav id="table-of-contents" role="doc-toc">
<h2>Table of Contents</h2>
<div id="text-table-of-contents" role="doc-toc">
<ul>
<li><a href="#org1cbc0c0">1. Intro</a>
<ul>
<li><a href="#orgc7bd945">1.1. Nextcloud vs Owncloud</a></li>
</ul>
</li>
<li><a href="#orgd88a738">2. First execution</a></li>
<li><a href="#org09dc943">3. Customizing configuration</a>
<ul>
<li><a href="#org6e521e2">3.1. SSL Certificates</a></li>
<li><a href="#orgc540e8a">3.2. apache configuration</a>
<ul>
<li><a href="#org2dba791">3.2.1. Alternative method</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#org254734f">4. Nextcloud configuration</a>
<ul>
<li><a href="#org74df572">4.1. External Database</a></li>
<li><a href="#orgf20c208">4.2. config/config.php trusted<sub>domains</sub></a></li>
</ul>
</li>
<li><a href="#org1b7291a">5. Resulting Docker Compose file</a></li>
</ul>
</div>
</nav>
<div id="outline-container-org1cbc0c0" class="outline-2">
<h2 id="org1cbc0c0"><span class="section-number-2">1.</span> Intro</h2>
<div class="outline-text-2" id="text-1">
<p>
I wanted to play with a home setup alternative to Cloud services like Dropbox or
Google Drive with basically only one requirement: there should be working clients
for all the systems I use: Linux, Android and Windows.
</p>
<p>
The first thing I wanted to play with is note synchronization among all my
devices, for which nowadays I’m using mainly two tools:
</p>
<ul class="org-ul">
<li>Joplin (joplin-cli) for Markdown based notes</li>
<li>Emacs org-mode and Orgzly on Android</li>
</ul>
<p>
The biggest restrictions for the setup came from the Android clients, in particular Orgzly:
</p>
<ul class="org-ul">
<li>Both Joplin and Orgzly work with Dropbox out of the box (Joplin also supports Nextcloud out of the box)</li>
<li>Both support WebDAV for syncing, but Orgzly will only work with services over HTTPS</li>
<li>Both support syncing to a local folder which could then be synced externally with whatever method you want to use</li>
</ul>
</div>
<div id="outline-container-orgc7bd945" class="outline-3">
<h3 id="orgc7bd945"><span class="section-number-3">1.1.</span> Nextcloud vs Owncloud</h3>
<div class="outline-text-3" id="text-1-1">
<p>
The two biggest solutions on the home cloud space seem to be Nextcloud and Owncloud.
Nextcloud is actually a fork of Owncloud from the original developer.
</p>
<p>
A work we use a custom solution based in Owncloud and my experience with the android client
is particularly bad. I tried to sync a local folder for some quick tests with Orgzly
and the syncing kept breaking, with the client ending in an unresponsive state and needing
a cold restart.
</p>
<p>
Just because of that I decided to try Nextcloud instead for this setup.
</p>
</div>
</div>
</div>
<div id="outline-container-orgd88a738" class="outline-2">
<h2 id="orgd88a738"><span class="section-number-2">2.</span> First execution</h2>
<div class="outline-text-2" id="text-2">
<p>
I launched a quick instance using docker following the recommended instructions
in the Docker Hub <a href="https://hub.docker.com/_/nextcloud">Nextcloud</a> guide to get a feel of the application.
</p>
<p>
After playing a bit and reading the rest of the sections in the link, I opted to
override the default apache config to enable SSL, use an external database, and
set a volume for the actual data.
</p>
<p>
I extracted the default apache config from the running container with
</p>
<pre class="example" id="org6b3064a">
mkdir apache2
docker cp nextcloud_app_1:/etc/apache2 ./apache2
</pre>
<p>
You can do the same with <b>/var/www/html</b> to get a copy of the application data,
or you can run docker with a volume mapping to a local empty folder and the installation
process will setup things there (You will want to do this to keep your data in some permanent
storage solution anyway).
</p>
</div>
</div>
<div id="outline-container-org09dc943" class="outline-2">
<h2 id="org09dc943"><span class="section-number-2">3.</span> Customizing configuration</h2>
<div class="outline-text-2" id="text-3">
</div>
<div id="outline-container-org6e521e2" class="outline-3">
<h3 id="org6e521e2"><span class="section-number-3">3.1.</span> SSL Certificates</h3>
<div class="outline-text-3" id="text-3-1">
<p>
Because of the Orgzly requirement for HTTPS I needed to reconfigure apache to serve using
TLS.
</p>
<p>
I use a dynamic DNS domain name provided by Duck <a href="https://www.duckdns.org">Duck DNS</a> to access my home network from the internet
via Wireguard. With this setup, and Let’s encrypt support for DNS based certificate requests
I obtained a wildcard certificate (so I can reuse it for other internal services) using <a href="https://go-acme.github.io/lego/">Lego</a>:
</p>
<pre class="example" id="org6088c35">
DUCKDNS_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXX \
lego --dns duckdns --domains "*.yourdomain.duckdns.org" --email [email protected] run
</pre>
<p>
I placed a copy of the generated certificates to the local (working directory) <b><b>ssl</b></b> folder,
which will be exposed to the container as a volume mounted on <b><b>/etc/ssl/private</b></b>.
</p>
</div>
</div>
<div id="outline-container-orgc540e8a" class="outline-3">
<h3 id="orgc540e8a"><span class="section-number-3">3.2.</span> apache configuration</h3>
<div class="outline-text-3" id="text-3-2">
<p>
With the certificates in place the following changes need to be applied to enable the apache
listener on 443 and use the new let’s encrypt certificates:
</p>
<ul class="org-ul">
<li>Modify <b>apache2/sites-available/default-ssl.conf</b> so the <b>SSLCertificateFile</b> and <b>SSLCertificateKeyFile</b> match your certificate file names:</li>
</ul>
<pre class="example" id="orgb41fa36">
SSLCertificateFile /etc/ssl/private/_.yourdomain.duckdns.org.crt
SSLCertificateKeyFile /etc/ssl/private/_.yourdomain.duckdns.org.key
</pre>
<ul class="org-ul">
<li>Enable default-ssl site.</li>
</ul>
<pre class="example" id="orga506335">
apache2/ $ ln -s sites-available/default-ssl.conf sites-enabled/default-ssl.conf
</pre>
<ul class="org-ul">
<li>Enable ssl module.</li>
</ul>
<pre class="example" id="orgabbe50f">
apache2/ $ ln -s mods-available/default-ssl.conf mods-enabled/ssl.conf
apache2/ $ ln -s mods-available/default-ssl.load mods-enabled/ssl.load
</pre>
</div>
<div id="outline-container-org2dba791" class="outline-4">
<h4 id="org2dba791"><span class="section-number-4">3.2.1.</span> Alternative method</h4>
<div class="outline-text-4" id="text-3-2-1">
<p>
An alternative for the enabling/configuration is to run the container and enable
the module and the sites with the apache management tools <b><b>a2enmod</b></b> and <b><b>a2ensite</b></b>, then
save the changes with <b><b>docker cp</b></b>.
</p>
<p>
<b>Disclaimer</b>: This is actually what I did, so the previous <i>offline</i> instructions might actually be missing something.
</p>
</div>
</div>
</div>
</div>
<div id="outline-container-org254734f" class="outline-2">
<h2 id="org254734f"><span class="section-number-2">4.</span> Nextcloud configuration</h2>
<div class="outline-text-2" id="text-4">
</div>
<div id="outline-container-org74df572" class="outline-3">
<h3 id="org74df572"><span class="section-number-3">4.1.</span> External Database</h3>
<div class="outline-text-3" id="text-4-1">
<p>
The Docker image already supports configuring an external database via the use of
environment variables. In my case I have one PostgreSQL instance already running in my
network, so I just created an account and database there and configured the values
using environment variables in the <i>docker-compose.yaml</i> definition:
</p>
<pre class="example" id="org790c6f3">
environment:
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: XXXXXXXXX
POSTGRES_HOST: A.B.C.D:5432
</pre>
</div>
</div>
<div id="outline-container-orgf20c208" class="outline-3">
<h3 id="orgf20c208"><span class="section-number-3">4.2.</span> config/config.php trusted<sub>domains</sub></h3>
<div class="outline-text-3" id="text-4-2">
<p>
If you start now the container, the application will execute correctly but accesing it through the secure
endpoint will fail because your particular domain is not in the list of <b>trusted<sub>domains</sub></b>. The <b>config/config.php</b>
file needs to be modified to add your desired domain list to the list:
</p>
<pre class="example" id="orgfb5a854">
'trusted_domains' =>
array (
0 => 'localhost:9080',
1 => 'localhost:9443',
2 => 'fqdn.your.domain.org:9080',
3 => 'fqdn.your.domain.org:9443',
),
</pre>
</div>
</div>
</div>
<div id="outline-container-org1b7291a" class="outline-2">
<h2 id="org1b7291a"><span class="section-number-2">5.</span> Resulting Docker Compose file</h2>
<div class="outline-text-2" id="text-5">
<p>
After applying the configuration changes, the following <b>docker-compose.yaml</b> can be used
to run the service with the customized configuration:
</p>
<pre class="example" id="org33c7b2f">
version: '3.7'
volumes:
nextcloud:
driver: local
driver_opts:
o: bind
type: none
device: /path/to/nextcloud/local-storage
ssl_private:
driver: local
driver_opts:
o: bind
type: none
device: /path/to/nextcloud/ssl
apache_conf:
driver: local
driver_opts:
o: bind
type: none
device: /path/to/nextcloud/apache2/
services:
app:
image: nextcloud:apache
restart: always
environment:
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: XXXXXXXXX
POSTGRES_HOST: A.B.C.D:5432
ports:
- 0.0.0.0:8080:80
- 0.0.0.0:8443:443
volumes:
- nextcloud:/var/www/html
- ssl_private:/etc/ssl/private
- apache_conf:/etc/apache2
</pre>
</div>
</div>
<div class="taglist"><a href="https://icot.github.io/tags.html">Tags</a>: <a href="https://icot.github.io/tag-docker.html">docker</a> <a href="https://icot.github.io/tag-nextcloud.html">nextcloud</a> </div></div>
<div id="postamble" class="status"><center>
<a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/">
<img alt="Creative Commons License" style="border-width:0; height:1.5em"
src="https://mirrors.creativecommons.org/presskit/buttons/80x15/png/by-sa.png"/></a>
<br />
<span xmlns:dct="http://purl.org/dc/terms/" href="http://purl.org/dc/dcmitype/Text"
property="dct:title" rel="dct:type">
This personal blog </span> by <a xmlns:cc="http://creativecommons.org/ns#"
href="https://icot.github.io"
property="cc:attributionName" rel="cc:attributionURL">icot</a>
is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by-sa/4.0/">Creative Commons Attribution-ShareAlike 4.0 International License</a>.
<br />
Made with <a href="https://emacs.org">
<img class="inline" src="https://upload.wikimedia.org/wikipedia/commons/0/08/EmacsIcon.svg" style="height:1.5em; margin-bottom:-0.3em; opacity: 0.9;" alt="Emacs" title="Emacs"/></a>
, <a href="https://orgmode.org">
<img class="inline" src="static/org-mode-unicorn-borderless-icon.svg" alt="Org mode unicorn logo" style="height:1.5em; margin-bottom:-0.3em; opacity:0.9;" title="Org Mode"></a>
and <a href="https://github.com/bastibe/org-static-blog">bastibe/org-static-blog</a>
with the CSS theme based on <a rel="jao.io" href="https://jao.io">jao.io</>'s one.
</center>
</div>
</body>
</html>