329 lines
16 KiB
Markdown
329 lines
16 KiB
Markdown
# Nextcloud
|
|
|
|
[Nextcloud](https://nextcloud.com/) is the most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe.
|
|
|
|
|
|
## Dependencies
|
|
|
|
This service requires the following other services:
|
|
|
|
- a [Postgres](postgres.md) database
|
|
- a [Traefik](traefik.md) reverse-proxy server
|
|
- (optional) a [KeyDB](keydb.md) data-store, installation details [below](#keydb)
|
|
- (optional) the [exim-relay](exim-relay.md) mailer
|
|
|
|
|
|
## Configuration
|
|
|
|
To enable this service, add the following configuration to your `vars.yml` file. This is a minimal example. See also the [Optional Configuration](#optional-configuration) sections below.
|
|
|
|
Then proceed with the [Installation](#installation) as described below, noting that it includes pre-install and post-install steps.
|
|
|
|
```yaml
|
|
########################################################################
|
|
# #
|
|
# nextcloud #
|
|
# #
|
|
########################################################################
|
|
|
|
nextcloud_enabled: true
|
|
|
|
nextcloud_hostname: mash.example.com
|
|
nextcloud_path_prefix: /nextcloud
|
|
|
|
nextcloud_initial_admin_username: admin # or a name if using personal accounts for admin
|
|
nextcloud_initial_admin_password: ''
|
|
|
|
# Optional configuration, as described below
|
|
|
|
########################################################################
|
|
# #
|
|
# /nextcloud #
|
|
# #
|
|
########################################################################
|
|
```
|
|
|
|
In the example configuration above, we configure the service to be hosted at `https://mash.example.com/nextcloud`.
|
|
|
|
You can remove the `nextcloud_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`.
|
|
|
|
You can choose any username/password for the initial account. This account will have [super administrator](https://docs.nextcloud.com/server/30/admin_manual/configuration_user/user_configuration.html#granting-administrator-privileges-to-a-user) privileges, by being a member of the `admin` group, but is not otherwise special or unique.
|
|
|
|
## Installation
|
|
|
|
Installation of Nextcloud requires two or three steps.
|
|
|
|
### Pre-Install
|
|
|
|
If you've decided to install a dedicated KeyDB instance for Nextcloud, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `nextcloud.example.com-deps`), before running installation for the main one (e.g. `nextcloud.example.com`).
|
|
|
|
### Main Install and Start Services
|
|
|
|
Run the [installation](../installing.md) for the main nextcloud host, e.g. `just run-tags install-all,start`.
|
|
|
|
Ensure Nextcloud and all services it depends on are installed and started.
|
|
|
|
### Post-Install
|
|
|
|
After the main installation, and services are running, you need to run a post-install step before Nextcloud will be available to use.
|
|
|
|
Run the post-install step: `just post-install-nextcloud` (or `just post-install-all`).
|
|
|
|
This post-install step:
|
|
|
|
- runs the Nextcloud [initial installation](https://docs.nextcloud.com/server/latest/admin_manual/installation/command_line_installation.html) `occ maintenance:install`, if it hasn't yet run.
|
|
- adjusts the configuration of URL paths, trusted reverse-proxies, etc.
|
|
- configures Nextcloud settings including those you define in `nextcloud_config_additional_parameters`.
|
|
|
|
Run it again after making any changes.
|
|
|
|
## Optional Configuration
|
|
|
|
### KeyDB
|
|
|
|
KeyDB can **optionally** be enabled to improve Nextcloud performance.
|
|
It's dubious whether using using KeyDB helps much, so we recommend that you **start without** it, for a simpler deployment.
|
|
|
|
To learn more, read the [Memory caching](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/caching_configuration.html) section of the Nextcloud documentation.
|
|
|
|
As described on the [KeyDB](keydb.md) documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate KeyDB instance for each service. See [Creating a KeyDB instance dedicated to Nextcloud](#creating-a-keydb-instance-dedicated-to-nextcloud).
|
|
|
|
If you're only running Nextcloud on this server and don't need to use KeyDB for anything else, you can [use a single KeyDB instance](#using-the-shared-keydb-instance-for-nextcloud).
|
|
|
|
**Regardless** of the method of installing KeyDB, you may need to adjust your Nextcloud configuration file (e.g. `/mash/nextcloud/data/config/config.php`) to **add** this:
|
|
|
|
```php
|
|
'memcache.distributed' => '\OC\Memcache\KeyDB',
|
|
'memcache.locking' => '\OC\Memcache\KeyDB',
|
|
'keydb' => [
|
|
'host' => 'REDIS_HOSTNAME_HERE',
|
|
'port' => 6379,
|
|
],
|
|
```
|
|
|
|
Where `REDIS_HOSTNAME_HERE` is to be replaced with:
|
|
|
|
- `mash-nextcloud-keydb`, when [Creating a KeyDB instance dedicated to Nextcloud](#creating-a-keydb-instance-dedicated-to-nextcloud)
|
|
- `mash-keydb`, when [using a single KeyDB instance](#using-the-shared-keydb-instance-for-nextcloud).
|
|
|
|
|
|
#### Using the shared KeyDB instance for Nextcloud
|
|
|
|
To install a single (non-dedicated) KeyDB instance (`mash-keydb`) and hook Nextcloud to it, add the following **additional** configuration:
|
|
|
|
```yaml
|
|
########################################################################
|
|
# #
|
|
# keydb #
|
|
# #
|
|
########################################################################
|
|
|
|
keydb_enabled: true
|
|
|
|
########################################################################
|
|
# #
|
|
# /keydb #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# nextcloud #
|
|
# #
|
|
########################################################################
|
|
|
|
# Base configuration as shown above
|
|
|
|
# Point Nextcloud to the shared KeyDB instance
|
|
nextcloud_redis_hostname: "{{ keydb_identifier }}"
|
|
|
|
# Make sure the Nextcloud service (mash-nextcloud.service) starts after the shared KeyDB service (mash-keydb.service)
|
|
nextcloud_systemd_required_services_list_custom:
|
|
- "{{ keydb_identifier }}.service"
|
|
|
|
# Make sure the Nextcloud container is connected to the container network of the shared KeyDB service (mash-keydb)
|
|
nextcloud_container_additional_networks_custom:
|
|
- "{{ keydb_identifier }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /nextcloud #
|
|
# #
|
|
########################################################################
|
|
```
|
|
This will create a `mash-keydb` KeyDB instance on this host.
|
|
|
|
This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for [Creating a KeyDB instance dedicated to Nextcloud](#creating-a-keydb-instance-dedicated-to-nextcloud).
|
|
|
|
#### Creating a KeyDB instance dedicated to Nextcloud
|
|
|
|
The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation.
|
|
|
|
Adjust your `inventory/hosts` file as described in [Re-do your inventory to add supplementary hosts](../running-multiple-instances.md#re-do-your-inventory-to-add-supplementary-hosts), adding a new supplementary host (e.g. if `nextcloud.example.com` is your main one, create `nectcloud.example.com-deps`).
|
|
|
|
Then, create a new `vars.yml` file for the
|
|
|
|
`inventory/host_vars/nextcloud.example.com-deps/vars.yml`:
|
|
|
|
```yaml
|
|
---
|
|
|
|
########################################################################
|
|
# #
|
|
# Playbook #
|
|
# #
|
|
########################################################################
|
|
|
|
# Put a strong secret below, generated with `pwgen -s 64 1` or in another way
|
|
# Various other secrets will be derived from this secret automatically.
|
|
mash_playbook_generic_secret_key: ''
|
|
|
|
# Override service names and directory path prefixes
|
|
mash_playbook_service_identifier_prefix: 'mash-nextcloud-'
|
|
mash_playbook_service_base_directory_name_prefix: 'nextcloud-'
|
|
|
|
########################################################################
|
|
# #
|
|
# /Playbook #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# keydb #
|
|
# #
|
|
########################################################################
|
|
|
|
keydb_enabled: true
|
|
|
|
########################################################################
|
|
# #
|
|
# /keydb #
|
|
# #
|
|
########################################################################
|
|
```
|
|
|
|
This will create a `mash-nextcloud-keydb` instance on this host with its data in `/mash/nextcloud-keydb`.
|
|
|
|
Then, adjust your main inventory host's variables file (`inventory/host_vars/nextcloud.example.com/vars.yml`) like this:
|
|
|
|
```yaml
|
|
########################################################################
|
|
# #
|
|
# nextcloud #
|
|
# #
|
|
########################################################################
|
|
|
|
# Base configuration as shown above
|
|
|
|
# Point Nextcloud to its dedicated KeyDB instance
|
|
nextcloud_redis_hostname: mash-nextcloud-keydb
|
|
|
|
# Make sure the Nextcloud service (mash-nextcloud.service) starts after its dedicated KeyDB service (mash-nextcloud-keydb.service)
|
|
nextcloud_systemd_required_services_list_custom:
|
|
- "mash-nextcloud-keydb.service"
|
|
|
|
# Make sure the Nextcloud container is connected to the container network of its dedicated KeyDB service (mash-nextcloud-keydb)
|
|
nextcloud_container_additional_networks_custom:
|
|
- "mash-nextcloud-keydb"
|
|
|
|
########################################################################
|
|
# #
|
|
# /nextcloud #
|
|
# #
|
|
########################################################################
|
|
```
|
|
|
|
### Single-Sign-On / Authentik
|
|
|
|
Nextcloud supports Single-Sign-On (SSO) via LDAP, SAML, and OIDC. To make use of this you'll need a Identity Provider like [authentik](./authentik.md) or [Keycloak](./keycloak.md). The following assumes you use authentik.
|
|
|
|
|
|
**The official documentation of authentik to connect nextcloud via SAML seems broken**
|
|
|
|
MASH can connect Nextcloud with authentik via OIDC. The setup is quite straightforward, refer to [this blogpost by Jack](https://blog.cubieserver.de/2022/complete-guide-to-nextcloud-oidc-authentication-with-authentik/) for a full explanation.
|
|
|
|
In short you should:
|
|
|
|
* Create a new provider in authentik and trim the client secret to <64 characters
|
|
* Create an application in authentik using this provider
|
|
* Install the app `user_oidc` in Nextcloud
|
|
* Fill in the details from authentik in the app settings
|
|
|
|
**Troubleshooting**
|
|
|
|
If you encounter problems during login check (error message containes `SHA1 mismatch`) that
|
|
* Nextcloud users and authentik users do not have the same name -> if they do check `Use unique user ID` in the OIDC App settings
|
|
|
|
### Samba
|
|
|
|
To enable [Samba](https://www.samba.org/) external Windows fileshares using [smbclient](https://www.samba.org/samba/docs/current/man-html/smbclient.1.html), add the following additional configuration to your `vars.yml` file:
|
|
|
|
```yml
|
|
nextcloud_container_image_customizations_samba_enabled: true
|
|
```
|
|
|
|
## Recommended other services
|
|
|
|
### Collabora Online
|
|
|
|
To integrate the [Collabora Online](collabora-online.md) office suite, first install it by following its dedicated documentation page.
|
|
|
|
Then add the following **additional** Nextcloud configuration:
|
|
|
|
```yaml
|
|
nextcloud_collabora_app_wopi_url: "{{ collabora_online_url }}"
|
|
|
|
# By default, various private IPv4 networks are whitelited to connect to the WOPI API (document serving API).
|
|
# If your Collabora Online installation does not live on the same server as Nextcloud,
|
|
# you may need to adjust the list of networks.
|
|
# If necessary, redefined the `nextcloud_collabora_app_wopi_allowlist` environment variable here.
|
|
```
|
|
|
|
There's **no need** to [re-run the playbook](../installing.md) after adjusting your `vars.yml` file.
|
|
You should, however run: `just run-tags install-nextcloud-app-collabora`
|
|
|
|
This will install and configure the [Office](https://apps.nextcloud.com/apps/richdocuments) app for Nextcloud.
|
|
|
|
You should then be able to click any document (`.doc`, `.odt`, `.pdf`, etc.) in Nextcloud Files and it should automatically open a Collabora Online editor.
|
|
|
|
You can also create new documents via the "plus" button.
|
|
|
|
### Preview Generator
|
|
|
|
It is possible to setup preview generation, using this playbook.
|
|
|
|
First modify your `vars.yml` file by adding at least the following line (other options are also present, check the corresponding `defaults/main.yml` file):
|
|
|
|
```yaml
|
|
nextcloud_preview_enabled: true
|
|
```
|
|
|
|
then install Nextcloud (or rerun the playbook if already installed).
|
|
|
|
Next, from the Settings/Application menu in your Nextcloud instance install the preview generator app (https://apps.nextcloud.com/apps/previewgenerator).
|
|
|
|
After the application is installed run `just run-tags adjust-nextcloud-config` that will start the original preview-generation and when finished, enables the periodic generation of new images.
|
|
|
|
The original generation may take a long time, but a continuous prompt is presented by ansible as some visual feedback (it is being run as an async task), however it will timeout after approximately 27 hours.
|
|
|
|
On 60GBs, most of the data being images, it took about 10 minutes to finish.
|
|
|
|
If it takes more time to run than a day, you may want to start it from the host by calling
|
|
|
|
```sh
|
|
/usr/bin/env docker exec mash-nextcloud-server php /var/www/html/occ preview:generate-all
|
|
```
|
|
|
|
Also, please note: every time Nextcloud version is updated, you should rerun: `just run-tags adjust-nextcloud-config`.
|
|
|
|
Other supported variables:
|
|
|
|
`nextcloud_preview_preview_max_x` and `nextcloud_preview_preview_max_y` sets the maximum size of the preview in pixels..
|
|
Their default value according to the [documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/previews_configuration.html) is `null` which is set by the playbook.
|
|
Using a numeric value will set the corresponding nextcloud variable and sets the size of the preview images.
|
|
|
|
`nextcloud_preview_app_jpeg_quality` JPEG quality setting for preview images.
|
|
The default follows upstream default with 80.
|