guides/self_hosting/services/nextcloud/README.md

# Ask for domain & database credentials
printf "Domain name (e.g. cloud.example.com):\n * DNS records must already be set up!\n> " && read -r domain
printf "nextcloud database admin username:\n> " && read -r nextcloud_db_admin
printf "nextcloud database admin password:\n> " && read -r nextcloud_db_admin_pass

# Install dependencies

```shell
apt install -y curl nginx python3-certbot-nginx postgresql php php-{fpm,bcmath,bz2,intl,gd,mbstring,pgsql,zip,xml,curl,imagick,gmp}
```

For some reason that installs apache2, remove it as we don't need it.

```shell
apt purge apache2
apt autoremove
```

### Check PHP version...

As of 2023-07-10, it's 8.2.
You can also check with `ls /etc/php` by checking the version's folder name.

```shell
php -v | grep -o '[0-9].*(cli)' | cut -d '.' -f 1,2
```

# Set up postgresql database

```shell
systemctl enable --now postgresql
sudo -i -u postgres psql -c "CREATE USER nextcloud WITH PASSWORD 'DB_PASSWORD';"
sudo -i -u postgres psql -c "CREATE DATABASE nextcloud TEMPLATE template0 ENCODING 'UTF8';"
sudo -i -u postgres psql -c "ALTER DATABASE nextcloud OWNER TO nextcloud;"
sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;"
sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON SCHEMA public TO nextcloud;"
```

# Nginx configuration & cert
I modified this config to be easily set up with SSL via certbot,
but you can visit the following url for the official example:
[Nextcloud's nginx example configuration](https://docs.nextcloud.com/server/19/admin_manual/installation/nginx.html).
```shell
curl -L nextcloud-nginx.tavo.one | sed "s/cloud.example.com/YOURDOMAIN/g" | tee /etc/nginx/sites-available/nextcloud.conf 
ln -s /etc/nginx/sites-available/nextcloud.conf /etc/nginx/sites-enabled/
systemctl restart nginx
certbot -d YOURDOMAIN --nginx --register-unsafely-without-email --agree-tos
```

# Download & extract latest nextcloud
```shell
wget -O /opt/nextcloud-$(date -I).tar.bz2 https://download.nextcloud.com/server/releases/latest.tar.bz2
tar -xjf /opt/nextcloud-$(date -I).tar.bz2 -C /var/www
```

# Permissions for www-data user & restart services
```shell
chown -R www-data:www-data /var/www/nextcloud
chmod -R 755 /var/www/nextcloud
systemctl enable --now php8.2-fpm
systemctl enable --now nginx
```

# Recommended modifications:

RECOMMENDED MODIFICATIONS TO ENHANCE
SECURITY & PERFORMANCE:

I find it better to configure them
one by one and troubleshoot each one
separately that way!

## Tune php-fpm

Recommended settings for `/etc/php/8.2/fpm/pool.d/www.conf`
This should get rid of the _'getenv("PATH") only returns an empty response'_
overview panel notification, plus enhance performance.

```php
pm = dynamic
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 18

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
```

Recommended settings for `/etc/php/$php_ver/fpm/php.ini`
Sometimes when installing apps, an error might occur
and it's not always verbose as to why it can't proceed.
This could fix some of those problems.

```php
opcache.interned_strings_buffer=32

memory_limit = 512M
```

## Tune memcache

### APCu local memcache
For performance, documentation suggests enabling a
memcache, for 'local memcache', APCu is recommended.

Install dependencies

```shell
apt install php-apcu
```

Add the following lines to `/var/www/nextcloud/config/config.php` under `$CONFIG=array`...

```php
'memcache.local' => '\OC\Memcache\APCu',
```

In order to avoid problems with cron jobs,
Nextcloud's docs suggest to add these  
somewhere in `php.ini`, but I found it
worked best when I added them in 
`/etc/php/$php_ver/mods-available/apcu.ini`
(extension=apcu.so should already be there):

```php
extension=apcu.so
apc.enabled=1
apc.enable_cli=1
```

Restart php$php_ver-fpm
```shell
systemctl restart php8.2-fpm
```

### Redis server (Transactional file locking)
This is enabled by default in nextcloud to prevent
dataloss with failed uploads or disconnects, however,
it loads your database greatly for this purpose.
To delegate this processing to redis, docs recommend:

NOTE:
If you run into trouble just remove the
`memcache.locking' => '\OC\Memcache\Redis'`,
line mentioned below.

Insall required pacakges

```shell
apt install redis-server php-redis
```

Uncomment & modify `/etc/redis/redis.conf`

```
port 0
unixsocket /run/redis/redis.sock
unixsocketperm 770
```

Permissions, enable & run redis

```shell
sudo usermod -a -G redis www-data
systemctl enable --now redis-server
```

Add the following lines to `/var/www/nextcloud/config/config.php` under `$CONFIG=array`...

```php
'filelocking.enabled' => true,
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
     'host' => '/var/run/redis/redis.sock',
     'port' => 0,
     'timeout' => 0.0,
      ),
```


(Optional) For distributed cache, also add:
`memcache.distributed' => '\OC\Memcache\Redis'`,

Similarly with APCu, it is recommended
to add these settings in php.ini, I just
find it cleaner in the respective module's
config in `/etc/php/$php_ver/mods-available/redis.ini`
(extension=redis.so should already be there):

```php
extension=redis.so
redis.session.locking_enabled=1
redis.session.lock_retries=-1
redis.session.lock_wait_time=10000
```

```shell
Restart services
systemctl restart redis-server
systemctl restart php$php_ver-fpm
systemctl restart nginx
```

## Cron for background jobs

Run the following command:

```shell
crontab -u www-data -e
```

Append the following line AS IS
to the end of the document
(as recommended in nextcloud docs):

```
*/5  *  *  *  * php -f /var/www/nextcloud/cron.php
```

```shell
systemctl restart php8.2-fpm
```

## Apply
If applied, restart to apply changes with:

```shell
systemctl restart redis-server
systemctl restart php$php_ver-fpm
systemctl restart nginx
```