How to set up HPB with NGINX + unix socket (on Arch)
NC21 introduces the Nextcloud Files High Performance Back-End (HPB) aka Client Push. HPB significantly reduces load with many connected clients, but also has advantages for instances with only a few users since notifications arrive instantly, like for Talk.
So, yes, you want to set it up although it requires a reverse proxy and Redis. (At least in NC 21) the Nextcloud app “Client Push” needs to be installed.
It is necessary to at least finalize configuration using OCC. Both, the fact that HPB shall be used instead of classic polling, and the configuration of HPB, appear to be saved to the database since the setup commands do not modify config/config.php but the push service import settings from there.
To allow access, it seems to be necessary to allow the exposed IP of the push service which is used by the proxy to access the Nextcloud. That seems to be necessary even if sockets are used. (?) To start the push service during configuration (as root) its executable needs to be installed first (as web server user).
In my setup, I got a strange error here. It’s yet unclear if that impacts operation: Currently no user complains but I don’t get files modified by other users pushed to my PC.
sudo -i -u http
cd /nextcloud/installation/folder
sed -i "s/);/ 'trusted_proxies' =>\n array (\n 0 => 'MY_IP',\n ),\n);/" config/config.php
php occ app:install notify_push
exit
Next, the daemon should be configured and started, to access it from the NC web server. Since multiple NC instances would need different ports (and some housekeeping to map them), I prefer to use self-explanatory-named unix sockets. The notify push README.md notes that this is possible, but leaves it to the reader what is needed in case you want to follow this path. This should cover all you need for NGINX: proxy_pass
I learned the hard way that the documentation also lacks some service parameters to make sure all needed services are started prior to attempting to start notify_push – leading to just an error message “cannot access database” and a non-started service after reboot…
sudo -i
# adjust paths to suit your distro's layout
# note that there probably already exist cron .service and .timer files already
mkdir -p /run/notify_push ; chown http:http /run/notify_push
cat >/etc/systemd/system/MY_CLOUD-notify_push.service <<EOF
[Unit]
Description = Push daemon for Nextcloud clients
After=nginx.service php-fpm.service mariadb.service redis.service
[Service]
Environment=SOCKET_PATH=/run/notify_push/MY_CLOUD.sock
ExecStart=/nextcloud/installation/folder/apps/notify_push/bin/x86_64/notify_push /nextcloud/installation/folder/cloud/config/config.php
User=http
Group=http
RuntimeDirectory=notify_push
RuntimeDirectoryMode=755
[Install]
WantedBy = multi-user.target
EOF
systemctl enable --now MY_CLOUD-notify_push
# Testen, ob der Socket läuft
ss -xl | grep notify_push
The server { … } section of the NGINX host/site configuration (e.g. /etc/nginx/sites/MY_CLOUD.conf) should look like this if you want to use a socket:
# Nextcloud files High Performance Back-end 'notify_push'
location /push/ {
proxy_pass http://unix:/run/notify_push/MY_CLOUD.sock:/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
After modifying it, the NGINX config needs to be reloaded and the app must be activated and configured. You need to provide URL/push – without it, the single server config wizard would be started.
# as root
systemctl reload nginx
# as webserver user
sudo -i -u http
cd /nextcloud/installation/folder
php occ app:enable notify_push
php occ notify_push:setup https://cloud.MY_CLOUD.com/push
exit
After that, you may want to restart any sync clients. Changes to files should be pushed immediately to all connected sync clients. You may want to test that:
I have several PCs connected to the same shares. If I change something, my colleague (on Windows) gets the file immediately. If she changes some file, I (on Linux) only get them when I force sync manually. I have not found a cause yet.