Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Nextcloud on Opalstack

HOWTO install Nextcloud on Opalstack

  1. In your Opalstack dashboard create a new "Nginx Proxy Port" application and attach it to a site with Let's Encrypt enabled on the site. Make a note of the app's name and port assignment, and the site domain.

  2. In your Opalstack dashboard create a new MariaDB database and user. Make a note of the DB name, DB user name, and password.

  3. SSH to your app's shell user and run the following commands:

    cd ~/apps/appname
    git clone -b opalstack https://github.com/rsanden/userspace-fpm-installer.git
    cd userspace-fpm-installer
    
  4. In the ~/apps/appname/userspace-fpm-installer directory edit config to resemble the following, replacing the app name, port assignment, and domain with your own:

    #!bash
    STACKNAME="appname"
    PREFIX="$HOME/apps/$STACKNAME/server"
    LOGDIR="$HOME/logs/apps/$STACKNAME"
    PORT="55555"
    DOMAIN1="domain.com"
    APPDIR1="$HOME/apps/$STACKNAME/nextcloud"
    SERVER_TYPE="nginx"
    PHP_VERSION="7.4"
    
  5. Still in the ~/apps/appname/userspace-fpm-installer directory execute the following command. This will set up the config and control scripts for a private Nginx+PHP-FPM stack:

    ./install.bash
    
  6. Edit ~/apps/appname/server/conf/nginx.conf to resemble the following, replacing the shell user name, app name, port assignment, and domain with your own:

    pid /home/shelluser/apps/appname/server/var/run/nginx.pid;
    error_log /home/shelluser/apps/appname/server/log/nginx_nc_error.log;
    
    events {}
    
    http {
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
    
        client_body_temp_path /home/shelluser/apps/appname/server/tmp/client_body;
        fastcgi_temp_path     /home/shelluser/apps/appname/server/tmp/fastcgi_temp;
        proxy_temp_path       /home/shelluser/apps/appname/server/tmp/proxy_temp;
        scgi_temp_path        /home/shelluser/apps/appname/server/tmp/scgi_temp;
        uwsgi_temp_path       /home/shelluser/apps/appname/server/tmp/uwsgi_temp;
    
        log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
        access_log /home/shelluser/apps/appname/server/log/nginx_nc_access.log main;
    
        server {
            listen 55555;
            server_name domain.com;
        
            # set max upload size
            client_max_body_size 512M;
            fastcgi_buffers 64 4K;
        
            # Enable gzip but do not remove ETag headers
            gzip on;
            gzip_vary on;
            gzip_comp_level 4;
            gzip_min_length 256;
            gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
            gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
        
            # HTTP response headers borrowed from Nextcloud `.htaccess`
            add_header Referrer-Policy                      "no-referrer"   always;
            add_header X-Content-Type-Options               "nosniff"       always;
            add_header X-Download-Options                   "noopen"        always;
            add_header X-Frame-Options                      "SAMEORIGIN"    always;
            add_header X-Permitted-Cross-Domain-Policies    "none"          always;
            add_header X-Robots-Tag                         "none"          always;
            add_header X-XSS-Protection                     "1; mode=block" always;
        
            # Remove X-Powered-By, which is an information leak
            fastcgi_hide_header X-Powered-By;
        
            # Path to the root of your installation
            root /home/shelluser/apps/appname/nextcloud;
        
            index index.php index.html /index.php$request_uri;
        
            location = / {
                if ( $http_user_agent ~ ^DavClnt ) {
                    return 302 /remote.php/webdav/$is_args$args;
                }
            }
        
            location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
            }
        
            location ^~ /.well-known {
                location = /.well-known/carddav     { return 301 /remote.php/dav; }
                location = /.well-known/caldav      { return 301 /remote.php/dav; }
                #location = /.well-known/carddav     { return 301 /remote.php/dav/; }
                location ^~ /.well-known            { return 301 /index.php$uri; }
        
                try_files $uri $uri/ =404;
            }
        
            location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
            location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)              { return 404; }
        
            location ~ \.php(?:$|/) {
                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                set $path_info $fastcgi_path_info;
        
                try_files $fastcgi_script_name =404;
        
                include /etc/nginx/fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $path_info;
                fastcgi_param HTTPS on;
        
                fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
                fastcgi_param front_controller_active true;     # Enable pretty urls
                fastcgi_pass unix:/home/shelluser/apps/appname/server/var/run/php-fpm.sock;
        
                fastcgi_intercept_errors on;
                fastcgi_request_buffering off;
            }
        
            location ~ \.(?:css|js|svg|gif)$ {
                try_files $uri /index.php$request_uri;
                expires 6M;         # Cache-Control policy borrowed from `.htaccess`
                access_log off;     # Optional: Don't log access to assets
            }
        
            location ~ \.woff2?$ {
                try_files $uri /index.php$request_uri;
                expires 7d;         # Cache-Control policy borrowed from `.htaccess`
                access_log off;     # Optional: Don't log access to assets
            }
        
            location / {
                try_files $uri $uri/ /index.php$request_uri;
            }
        }
    }
    
  7. Execute the following commands to download Nextcloud:

    wget https://download.nextcloud.com/server/releases/nextcloud-20.0.7.zip
    unzip nextcloud-20.0.7.zip
    
  8. Restart the stack: ~/apps/appname/server/bin/restart

  9. Visit the site you created in step 1 - the Nextcloud installation wizard will guide you through the rest of the setup.

@dreamerworks
Copy link

dreamerworks commented Oct 11, 2021

Dear Sean,
very helpful instructions. I do get "403 Forbidden" after logging in. (it tries to go to "https://myappurl.com/apps/dashboard/").
do you have any hint on how to overcome this?
Thank you

@stephan0h
Copy link

stephan0h commented May 3, 2022

Worked like a charm. Just one thing: where can I tweak php settings? Need to increase memory limit to 512M with 23.0.4.

@defulmere
Copy link
Author

defulmere commented May 4, 2022

@stephan0h

Worked like a charm. Just one thing: where can I tweak php settings? Need to increase memory limit to 512M with 23.0.4.

  1. Add the following to server/etc/php-fpm.conf just below [www]:

     env[PHP_INI_SCAN_DIR] = /home/shelluser/apps/appname/nextcloud/
    
  2. Create /home/shelluser/apps/appname/nextcloud/.user.ini with the PHP config you want.

  3. Restart the stack.

@defulmere
Copy link
Author

defulmere commented May 4, 2022

@dreamerworks apologies for missing your question 6 months ago! I'd have to have a look at your config to be able to troubleshoot it, feel free to email Opalstack support if it's still an issue.

@stephan0h
Copy link

stephan0h commented May 4, 2022

@stephan0h

Worked like a charm. Just one thing: where can I tweak php settings? Need to increase memory limit to 512M with 23.0.4.

1. Add the following to `server/etc/php-fpm.conf` just below `[www]`:
   ```
    env[PHP_INI_SCAN_DIR] = /home/shelluser/apps/appname/nextcloud/
   ```

2. Create `/home/shelluser/apps/appname/nextcloud/.user.ini` with the PHP config you want.

3. Restart the stack.

Thanks a lot!

@dreamerworks
Copy link

dreamerworks commented May 5, 2022

@defulmere Well I sort it out back then. Honestly don't remember how it got solved.
Thanks for asking.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment