NextCloud 11 ready Raspbian image with extras

Spreed.ME could be achieved by partly implementing this script by SyS0p3r and these steps to autorun the spreed server.

How can I remove or change the huge nextcloudpi welcome message?

sudo rm /etc/update-motd.d/10logo

you have a little guide to customize welcome message here if you want to do other changes

https://ownyourbits.com/2017/04/05/customize-your-motd-login-message-in-debian-and-ubuntu/

Finally got around to purchasing my RPi3 and will install when my external drive arrives! Will this package configure disk encryption for external drives? Or do I have to do that myself with LUKS/DM-Crypt?

awesome!

actually that is a good idea to add to NextCloudPi. I will do that for sure!

I have had a draft article for ecryptfs for my blog for a while, but I did not think about using it on the ncp

have fun with your new toy :slight_smile:

Thanks! Any good resources on how I can go about enabling whole disk encryption before you integrate it? I worry how much it would affect performance on the Pi3.

well, that is something that I have to test for myself before talking much about it

One thing you could do is to you encrypt the folder with ecryptfs (tutorial soon in ownyourbits.com) and keep it in a NFS storage, then mount it in your host PC.

https://ownyourbits.com/2017/04/13/share-your-files-in-your-lan-with-nfs/

That way, the decryption will be performed in your host PC and will not consume CPU for the raspberry pi. The problem… won’t be able to access it through the NC interface unless you also mount it on the RPi

I do not know how much CPU it would use… that’s something to be tested :slight_smile:

hope that makes sense xD

Thanks for your hard work, @nachoparker!

I’m new to just about all of this, and have been researching for a few weeks now prepping to setup Nextcloud on my new pi3 and this is a very attractive option!

I am currently torn between using your nextcloudpi solution or taking a swing at setting it all up myself. But your ease of setup, extras, and included hardening are what really have me struggling to decide, so I have a few quick questions for you, if you don’t mind.

  • Would it be possible to use nextcloudpi, uninstall apache and switch to nginx?
  • Would you recommend it or against it?
  • I ask because I keep seeing it as a suggestion over apache (along with mariadb, php7, and let’s encrypt, the three of which your solution already includes!)
  • Or is there a reason to stay with apache over nginx in your opinion?

I welcome answer from anyone, I really appreciate the work and documentation up to this point!

well, if you want to learn you can do it yourself and compare it with NextCloudPi. I encourage you to study the code to do that. It is on my github.

Apache is really solid and secure. It was the biggest bounty for hackes in pwn2own 2017 and the only one that did not fall (if I remember correctly).

They are both really good, where nginx shines is on servers with a huge number of concurrent connections due to its architecture.

Apache on the other hand, has many many many modules, such as modsecurity which is included in NextCloudPi.

But really the difference is not going to be noticeable on a small personal cloud.

If you want to practise/learn/do things your way it is a fun exercise. You can surely uninstall apache2 and go ahead with nginx installation.

You will have to study some of the code for the extras (such as letsencrypt) that asume apache and tweak it, but 90% of the code is browser agnostic. modsecurity is originally an Apache mod, but I think it has expanded, so you might be able to use it on nginx nowadays. I have not looked into that.

One good thing NCP has is remote updates, which should make the maintenance and getting fixes/improvements easier

also, if you already have your pi… you can just try it. Copy the image and that is it, working in < 5 minutes.

setting up something like this takes a looong time and maintenance.

But of course, it’s fun to learn

Thanks for the info and clarification b/w nginx and apache. Even after looking into it, I had wondered if it was going to make a big difference for a single-user cloud.

I’m simply looking to migrate from Dropbox/Google Drive so I can have more control and space, so no huge servers here. :smile:

With your response in mind, and my level of expertise, I think I will stick with your image as-is, and perhaps try to install by following the code as practice if I feel bold enough after checking out your github.

I do already have my pi, so I’m going to give it a whirl when I get home. Thanks again for your response and work on the image!

1 Like

Hi and first of all, thanks a lot for putting together all those pieces together! :slight_smile:

I’m trying to make it work but until now without success.
Steps:

  • From a GNU/Linux laptop I used Etcher to prepare the sd card.
  • Before unplugging it, I create an empty file named ssh into /boot to enable ssh at the boot.
  • I then plugin the sd card into my raspberrypi 2, connected with a wire to my router.
  • I can ssh to it and see the raspberry logo, from my laptop.

As far as I understood, already at this point Nextcloud, well, Apache and mySQL should be up and running and they are but f I open with my laptop browser http://192.168.178.47 I’m redirected to https and I get the warning because of the self-signed certificate. I accept and:

Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Apache/2.4.25 (Raspbian) Server at 192.168.178.47 Port 443

/var/log/apache2/error.log

[Sun Jun 04 10:42:43.004260 2017] [mpm_event:notice] [pid 1740:tid 3069383184] AH00491: caught SIGTERM, shutting down
[Sun Jun 04 10:43:05.007701 2017] [mpm_event:notice] [pid 1916:tid 3069354512] AH00489: Apache/2.4.25 (Raspbian) OpenSSL/1.0.2k configured -- resuming normal operations
[Sun Jun 04 10:43:05.010909 2017] [core:notice] [pid 1916:tid 3069354512] AH00094: Command line: '/usr/sbin/apache2'

other_vhosts_access.log

raspberrypi.fritz.box:80 192.168.178.49 - - [04/Jun/2017:10:38:16 +0000] "GET / HTTP/1.1" 302 612 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0"

access.log is empty

Game over, it seems.

I then tried to update the system with sudo apt-get update & sudo apt-get upgrade, only the following libraries were upgraded.

libtasn1-6 libtiff5 libwbclient0 raspberrypi-sys-mods sudo

Any way I sudo reboot and nothing changed. Still getting the 503 message on browser.

Even running on the raspi itself the http call, it replies with a 503.

$ curl -k https://localhost
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>503 Service Unavailable</title>
</head><body>
<h1>Service Unavailable</h1>
<p>The server is temporarily unable to service your
request due to maintenance downtime or capacity
problems. Please try again later.</p>
<hr>
<address>Apache/2.4.25 (Raspbian) Server at localhost Port 443</address>
</body></html>

Any idea, anyone?


Last thing
at login it says:

NextCloudPi v0.12.8 is up to date

but then:

sudo ncp-update
Downloading updates
Performing updates
NextCloudPi updated to version v0.12.15

So it was not updated.

Hello,

I have tested this endless times and it just works out of the box. There is no need to upgrade anything, and automatic security updates are enabled by default.

Did you make any other configuration changes, such as transfering the database dir to an external USB drive?

Are apache2, mysql and php-fpm processes up and running? check the status of mysqld ?

If you want we can troubleshoot this together at https://github.com/nextcloud/nextcloudpi/issues

Hi,
thanks a lot for your offer.
At the moment I can’t experiment but I might come back at a later time.
In the meantime I installed everything manually and it’s working.
Again, thank you. :slight_smile:

Hi

Thanks for the NextCloudPi images. This is indeed great work.

I’ve installed it both on a Pi2 and a Pi3 though and it is very slow - beyond being usable. Could someone please help me solve this?

So far I couldn’t do some other things, too: can’t enable HTTPS and can’t access from outside my LAN.

I don’t know much about networks, so I’m kind of in the dark as to what other info would be relevant for you to help me solve this. Sorry about that, but just ask and I’ll give you whichever info you need about this.

Thanks in advance

check your power source for the raspberry pi. There have been cases of very bad performance due to a cheap/unstable PSU.

HTTPS comes enabled by default.

In order to access from outside, read this

https://ownyourbits.com/2017/03/09/dnsmasq-as-dns-cache-server-for-nextcloudpi-and-raspbian/

Try to read these articles, many things are already covered here

https://ownyourbits.com/category/nextcloud/

1 Like

Thank you. I’ll check all this in the weekend.

Proposal for a new nextcloudpi-config function

First, thanks a lot for making a simple nextcloud server for raspberry pi reality :slight_smile: .
I personally think, that simplicity is the key for getting normal private households interested in their own (next) private cloud.

One proposal for making nextcloud pi even more simple.

The so called “trusted domain” issue seems to be a common problem with Nextcloud and I encountered it now too, with the nextcloud pi. I started my nextcloud pi server with connecting it over Ethernet. Later I activated WiFi and disconnected Ethernet, during this process the IP address of the Raspberry Pi changed. As result I received at the next login an error message from nextcloud that it can not be accessed with running at the new IP address. Same issue was coming up, when adding then a let’s encrypt certificate and accessing the Nextcloud via Domain address.

The issue is known and described for example at following link:

Solution is to change/add the trusted_domains array at config.php. An easy task for some, but very difficult for a “normal” person. When it comes down to IP address only it is possible of course to ensure, that the raspberry pi does not change IP address when switching for example from Ethernet to WiFi, but again this is easy for some, but difficult for others.

Proposal: Add a new function at nextcloudpi-config, which makes it easy to edit the trusted_domains array at config.php. Meaning adding, removing, editing entries.

Hi,

When did this happen to you?

I have considered too adding this option, but I decided that it was better to make it transparent if possible.

For this reason, I improved the integration of nc-wifi with trusted domains some time ago, as you can see here. Specifically, this was added the 22nd of May, version v0.14.0.

Could you run ncp-update and then try again? According to my testing your trusted domain list should update accordingly. Same goes for noip, letsencrypt and dnsmasq

Otherwise, please post a bug in github.

Thanks for you feedback. Ideas are very welcome.

Talking about this… do you see value in providing an easy way in nextcloudpi-config to format an external USB drive as ext4? AFAIK is the only manual step that is required right now for NextCloudPi

Nextcloud Pi & trusted domain

The Nextcloud Pi Version running was 0.13.0.
When starting nextcloudpi-config first time (version 0.12.x) I got a message that a new version is available and then a question if I want to update (yes/no). I updated straightaway.

Just triggered nc-update and output is NextCloudPi updated to version v0.13.0. A version v0.14.0 is not visible.
It is actually difficult to determine what is really supposed to be the latest version. Neither at the website ownyourbits nor at github this information is displayed in an eye-catching way. Further I could not find structured release notes for each particular version released.

I tested the v0.13.0 version concerning switching between two IP Addresses (e.g. WLAN and Eth) further and observed that a reboot does fix the trusted domain issue (i.e. the IP address assigned during boot process seems to be always the trusted one for the nextcloud server with v0.13.0). Something that easily can be explained to a user. As result this looks to me a minor item in the end. If v0.14.0 makes this even more transparent, the better.

Nextcloud Pi & format USB drive to ext4

Defining a “normal” user as someone who is not comfortable with the command line, formatting of an external drive could be easier. I personally did first mount the USB drive, determined via df -T command the path where the drive itself is located, unmounted the drive, formatted the drive via mkfs.ext4 <path> command and mounted the drive again. Likely not the most elegant solution, but it worked for me. Most difficult part was to ensure the path for the format command is right.