NextCloud 16/17 on OpenBSD 6.6

nabbisen - Nov 14 '19 - - Dev Community

Summary

NextCloud, a folk of OwnCloud, is one of the files sharing applications.
It's open source and suitable for self-hosted service.
I will show how to install it in OpenBSD, well known for the ongoing efforts to archive proactive security.

The table of contents is:

  1. Create database
  2. Prepare the application
  3. Configure PHP and PHP-FPM
  4. Build web server
  5. Install NextCloud

Environment

  • OS: OpenBSD 6.6
  • Database: MariaDB 10.3
  • Application Engine: PHP 7.3 and PHP-FPM
  • File Sharing Application: NextCloud 16/17
  • Web server: OpenBSD httpd

Tutorial

1. Create database

In my case, the database is MariaDB.
What I did was to run mysql so as to connect the DB server and execute:

CREATE DATABASE <db-name> DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL PRIVILEGES ON <db-name>.* TO <db-user> IDENTIFIED BY '<db-pass>';
FLUSH PRIVILEGES;
\q
Enter fullscreen mode Exit fullscreen mode

Alternatively, you can use SQLite.

2. Prepare the application

There are two ways:

  • One is to build it from source code.
  • The other is to use pkg_add and get the official package from OpenBSD Package Management System.

2-1. Case: Build from source code

My option was this way because it is possible to build multiple services in the single computer.
16.0.6 is the version its stable channel recommends.

$ ftp https://download.nextcloud.com/server/releases/nextcloud-16.0.6.tar.bz2
$ tar xvjf nextcloud-16.0.6.tar.bz2
$ mv nextcloud-16.0.6 <some-dir>/nextcloud
Enter fullscreen mode Exit fullscreen mode

Be careful not to copy nextcloud/config/config.sample.php
to nextcloud/config/config.php here. config.php will be made by the web installer afterwards.

2-2. Case: OpenBSD Package Management System

Just run:

# pkg_add nextcloud
Enter fullscreen mode Exit fullscreen mode

It will be installed in /var/www/nextcloud.
The version may be 17.0.0.
You will have the useful document about the package as /usr/local/share/doc/pkg-readmes/nextcloud.

The good point to use the package is its default configurations by the great mainteners.
The bad point is that it's installed in the OS specific path instead of users/sites specific ones, and so it's difficult to have multiple services.

3. (Optional) Configure PHP and PHP-FPM

Edit /etc/php-7.3.ini:

- opcache.memory_consumption=128
+ opcache.memory_consumption=512
Enter fullscreen mode Exit fullscreen mode

Also do /etc/php-fpm.conf:

- ;env[PATH] = /usr/local/bin:/usr/bin:/bin
+ env[PATH] = /usr/local/bin:/usr/bin:/bin
Enter fullscreen mode Exit fullscreen mode

4. Build web server

Edit /etc/httpd.conf to add the definitions for your service:

server "<domain.tld>" {
        listen on $ext_addr port 80
        block return 301 "https://$SERVER_NAME$REQUEST_URI"
}
server "<domain.tld>" {
    listen on egress tls port 443

    root "<some-dir-after-chroot>/nextcloud"
    directory index index.php

    hsts max-age 15768000

    tls {
        certificate "/etc/ssl/<domain.tld>_fullchain.pem"
        key         "/etc/ssl/private/<domain.tld>_private.pem"
    }

    # deny access to confidential data/programs first
    location "/.ht*"        { block }
    location "/.user*"      { block }
    location "/3rdparty*"   { block }
    location "/README"      { block }
    location "/autotest*"   { block }
    location "/build*"      { block }
    location "/config*"     { block }
    location "/console*"    { block }
    location "/data*"       { block }
    location "/db_*"        { block }
    location "/indie*"      { block }
    location "/issue*"      { block }
    location "/lib*"        { block }
    location "/occ*"        { block }
    location "/templates*"  { block }
    location "/tests*"      { block }

    location "/*.php" {
        fastcgi socket "/run/php-fpm.sock"
    }
    location "/*.php[/?]*" {
        fastcgi socket "/run/php-fpm.sock"
    }

    location "/.well-known/host-meta" {
        block return 301 "/public.php?service=host-meta"
    }
    location "/.well-known/host-meta.json" {
        block return 301 "/public.php?service=host-meta-json"
    }
    location "/.well-known/webfinger" {
        block return 301 "/public.php?service=webfinger"
    }
    location "/.well-known/carddav" {
        block return 301 "/remote.php/dav/"
    }
    location "/.well-known/caldav" {
        block return 301 "/remote.php/dav/"
    }
}
Enter fullscreen mode Exit fullscreen mode

Then run:

# rcctl restart httpd
Enter fullscreen mode Exit fullscreen mode

5. Install NextCloud

Access to the service with your web browser.
The web installer will start.
Enter the forms and click "Finish setup":

web installer

If the installation is successful, you will meet the login page:

login

Well, again, nextcloud/config/config.php is made through the web installation.
Remember the "datadirectory" setting in it is affected by chroot.
This means that the value is /nextcloud/data when the real data directory is /var/www/nextcloud/data, because chroot strips "/var/www" from the path.

Conclusion

Thank you for your reading :)
I hope you enjoy your secure files sharing.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .