I find that wiki page https://wiki.archlinux.org/index.php/Nextcloud is maybe bit out of date or in some cases not very helpfull.
I decided to used nextcloud with PSQL, NGINX and UWSGI. I did install nextcloud on my home router where I am running archlinux.
I would like to share my findings, feelings and configs. Maybe it will helpfull for someone.
Of course, I am new with nextcloud and configuration of nginx. Maybe someone will find some mistake or better (more secure) options, then thanks for feedback and comments.
1) Installation of prerequisites and nextcloud is OK.
2) PHP setup, here is list of packages I did install
local/php 7.3.2-1
local/php-apcu 5.1.17-1
local/php-embed 7.3.2-1
local/php-gd 7.3.2-1
local/php-igbinary 3.0.0-1
local/php-imagick 3.4.3-5
local/php-intl 7.3.2-1
local/php-pgsql 7.3.2-1
local/php-redis 4.2.0-1
local/uwsgi-plugin-php 2.0.18-1
3) PSQL, I did create new DB and user which can access that DB. PSQL is running on same server so Nextcloud will access DB over unix socket, PSQL is opening that by defualt.
I did add following line into /var/lib/postgres/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
local nextcloud nextcloud trust
4) UWSGI, I decide to used uwsgi because I am alrady using that for my custom django app. Uwsgi is opening unix socket for nginx.
here is configuration /etc/uwsgi/nextcloud.ini
[uwsgi]
plugins = php
php-sapi-name = apache
procname-master = uwsgi %n
master = true
socket = /run/uwsgi/%n.sock
chmod-socket = 660
chown-socket = http:http
uid = http
gid = http
umask = 027
processes = 4
cheaper = 1
; this would help with "broken pipe" or "timetout"
harakiri = 240
http-timeout = 240
socket-timeout = 240
worker-reload-mercy = 240
reload-mercy = 240
mule-reload-mercy = 240
touch-reload = %p
disable-logging = true
php-docroot = /usr/share/webapps/%n
php-allowed-ext = .php
php-index = index.php
php-set = date.timezone=Europe/Bratislava
;php-set = open_basedir=/tmp/:/usr/share/webapps/nextcloud:/etc/webapps/nextcloud:/dev/urandom
php-set = expose_php=false
php-set = session.save_path=/srv/nextcloud/data
php-set = upload_max_filesize=513M
php-set = post_max_size=513M
php-set = memory_limit=800M
php-set = output_buffering=off
php-set = extension=gd
php-set = extension=iconv
;php-set = extension=zip # enabled by default in global php.ini
php-set = extension=pdo_pgsql
;php-set = extension=curl # enabled by default in global php.ini
php-set = extension=bz2
php-set = extension=intl
php-set = extension=imagick
; opcache
php-set = zend_extension=opcache
php-set = opcache.enable=1
php-set = opcache.enable_cli=1
php-set = opcache.interned_strings_buffer=8
php-set = opcache.max_accelerated_files=10000
php-set = opcache.memory_consumption=128
php-set = opcache.save_comments=1
php-set = opcache.revalidate_freq=1
php-set = extension=apcu
php-set = apc.ttl=7200
php-set = apc.enable_cli=1
php-set = extension=redis
cron2 = minute=-15,unique=1 /usr/bin/php -c /etc/uwsgi/cron-php.ini -f /usr/share/webapps/nextcloud/cron.php 1>/dev/null
5) REDIS. I find out that it is good to used redis at least for Transactional file locking.
https://docs.nextcloud.com/server/15/admin_manual/configuration_files/files_locking_transactional.html
I did configure redis to open unix socket.
Here is configuration options which I changed, all other option I did leave by default.
port 0
unixsocket /run/redis/redis.sock
unixsocketperm 770
timeout 0
6) NGINX, for now I am using standart http port 80, later I will used only https
here is config for Nextcloud app which is accessable on subdomain, dont forget to make symlink to side-enabled.
/etc/nginx/sites-available/nextcloud.conf
server {
listen 80;
listen [::]:80;
server_name nextcloud.server.local_domain;
root /usr/share/webapps/nextcloud/;
client_max_body_size 128M;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ \.php(?:$|/) {
include uwsgi_params;
uwsgi_modifier1 14;
uwsgi_read_timeout 180;
uwsgi_pass unix:/run/uwsgi/nextcloud.sock;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
}
/etc/nginx/nginx.conf
worker_processes auto;
events {
worker_connections 1024;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
types_hash_max_size 4096;
server_names_hash_bucket_size 128;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
server_tokens off;
keepalive_timeout 5;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
include /etc/nginx/sites-enabled/*;
}
7) first start :: inicialize
I dicede to separate app and data, so I did create /srv/nextcloud/data to store files.
Open nextcloud app in webbrowser, THEN update ‘datadirectory’ in nextcloud config file {it will contain much less line as shown bellow}, THEN fill instalation formular in webbrowser.
Here is my nextcloud config file after first login: /etc/webapps/nextcloud/config/config.php
<?php
$CONFIG = array (
'instanceid' => '123456789',
'datadirectory' => '/srv/nextcloud/data',
'passwordsalt' => 'kasrl a4iuf ;le4mrai ewu7froa4 nr ae8rf7 9a',
'secret' => ',ksaj56;sruj[ saeojmta osyuefp;ao etn ao;weu7fpoatnh a8oe7gf',
'trusted_domains' =>
array (
0 => 'nextcloud.server.local_domain',
),
'dbtype' => 'pgsql',
'version' => '15.0.4.0',
'overwrite.cli.url' => 'http://nextcloud.server.local_domain',
'dbname' => 'nextcloud',
'dbhost' => '/run/postgresql/',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud',
'dbpassword' => ',sh5 s8orug; seotns8rp7ytps nerguy',
'installed' => true,
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'ssl',
'mail_sendmailmode' => 'smtp',
'filelocking.enabled' => true,
'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array (
'host' => '/run/redis/redis.sock',
'port' => 0,
'timeout' => 0.0,
),
// 'log_type' => 'syslog',
// 'logfile' => '',
// 'loglevel' => 3,
);