Skip to main content

Instalar NextCloud

Ejecutar un update y upgrade

apt update -y
apt upgrade -y

Instalar curl

apt install curl -y

Podemos usar php8.1 o bien php8.2

PHP 8.1

Preparar la instalación de PHP8.1

apt install -y gnupg2 ca-certificates apt-transport-https software-properties-common
wget -qO - https://packages.sury.org/php/apt.gpg | apt-key add
echo "deb https://packages.sury.org/php/ buster main" | tee /etc/apt/sources.list.d/php.list
apt update -y

Instalar PHP 8.1

apt install php8.1

Instalar módulos de PHP necesarios

apt install php8.1-mysql php8.1-imap php8.1-ldap php8.1-xml php8.1-gd php8.1-curl php8.1-mbstring php8.1-zip php8.1-simplexml php8.1-dom php8.1-intl php8.1-fpm php8.1-bcmath php8.1-gmp php8.1-imagick -y

PHP 8.2

Instalar PHP 8.2

apt install php8.2

Instalar módulos de PHP necesarios

apt install php8.2-mysql php8.2-imap php8.2-ldap php8.2-xml php8.2-gd php8.2-curl php8.2-mbstring php8.2-zip php8.2-simplexml php8.2-dom php8.2-intl php8.2-fpm php8.2-bcmath php8.2-gmp php8.2-imagick -y

Soporte SVG

Instalar soporte para SVG

apt-get install libmagickcore-6.q16-6-extra

Instalar Mariadb y soporte para PHP

apt -y install mariadb-server php-mysql

Instalar soporte para php 8 en apache2 (luego se quitará), ya que se instala por defecto con el php

apt install apache2 libapache2-mod-php8.1

Configurar Mariadb

mysql -u root -p

Generar la BBDD de Nextcloud así como las credenciales

CREATE DATABASE nextclouddb;
GRANT ALL ON nextclouddb.* TO 'nextcloud_user'@'localhost' IDENTIFIED BY 'mipassword';
FLUSH PRIVILEGES;
EXIT;

Descargar e instalar Nextcloud

cd /tmp
apt install zip -y
wget https://download.nextcloud.com/server/releases/latest.zip
unzip latest-22.zip
mv nextcloud /var/www/
cd /var/www/
chown -R www-data:www-data nextcloud
chmod -R 755 nextcloud

Instalar Nginx

Pararemos el servicio Apache2 y lo desactivaremos

service apache2 stop
systemctl disable apache2

Instalaremos nginx

apt-get install nginx -y

Arrancaremos y activaremos Nginx y php-fpm 8.1

service nginx start
systemctl enable nginx
service php8.1-fpm start
systemctl enable php8.1-fpm

Arrancaremos y activaremos Nginx y php-fpm 8.2

service nginx start
systemctl enable nginx
service php8.2-fpm start
systemctl enable php8.2-fpm

Crear el site nextcloud en nginx

Crearemos el sitio en /etc/nginx/sites-available/

nano /etc/nginx/sites-available/my-nextcloud.conf

La configuración por defecto que nos aparece en la documentación de Nextcloud es la siguiente:

upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php/php8.2-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name cloud.example.com;

    # Enforce HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443      ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example.com;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    ssl_certificate     /etc/ssl/nginx/cloud.example.com.crt;
    ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

    # HSTS settings
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Pagespeed is not supported by Nextcloud, so if your server is built
    # with the `ngx_pagespeed` module, uncomment this line to disable it.
    #pagespeed off;

    # HTTP response headers borrowed from Nextcloud `.htaccess`
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /var/www/nextcloud;

    # Specify how to handle directories -- specifying `/index.php$request_uri`
    # here as the fallback means that Nginx always exhibits the desired behaviour
    # when a client requests a path that corresponds to a directory that exists
    # on the server. In particular, if that directory contains an index.php file,
    # that file is correctly served; if it doesn't, then the request is passed to
    # the front-end controller. This consistent behaviour means that we don't need
    # to specify custom rules for certain paths (e.g. images and other assets,
    # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
    # `try_files $uri $uri/ /index.php$request_uri`
    # always provides the desired behaviour.
    index index.php index.html /index.php$request_uri;

    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
    location = / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Make a regex exception for `/.well-known` so that clients can still
    # access it despite the existence of the regex rule
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

    # Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
    # which handle static assets (as seen below). If this block is not declared first,
    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
    # to the URI, resulting in a HTTP 500 error response.
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;

        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass php-handler;

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ \.(?:css|js|svg|gif|png|jpg|ico)$ {
        try_files $uri /index.php$request_uri;
        expires 6M;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    location ~ \.woff2?$ {
        try_files $uri /index.php$request_uri;
        expires 7d;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    # Rule borrowed from `.htaccess`
    location /remote {
        return 301 /remote.php$request_uri;
    }

    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }
}

Tendremos que cambiar lo siguiente:

php-handler. Comentar la linea de 127.0.0.1 y descomentar la del socket fpm

Para ello comprobaremos si existe el socket

root@demo:/etc/nginx/sites-available# ls -la /var/run/php/php8.1-fpm.sock
srw-rw---- 1 www-data www-data 0 Aug  8 23:56 /var/run/php/php8.1-fpm.sock
root@demo:/etc/nginx/sites-available#

Si existe usaremos el socket de php-fpm. Si no tendremos que iniciar el php-fpm

upstream php-handler {
    #server 127.0.0.1:9000;
    server unix:/var/run/php/php8.2-fpm.sock;
}

Si no tenemos certificado de pago, comentaremos las líneas de los certificados

# Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    #ssl_certificate     /etc/ssl/nginx/cloud.example.com.crt;
    #ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

Cambiaremos el nombre del server por el nuestro, en lugar de cloud.example.com, pondremos el nuestro. Tanto el el apartado de server:80 como en el de server:443 Cambiaremos la ruta a la que apunta

# Path to the root of your installation
    root /var/www/nextcloud;

En la parte de add_header, agregaremos esto al final

    add_header Strict-Transport-Security            "max-age=15768000" always;

Agregaremos el sitio a los sitios disponibles

cd /etc/nginx/sites-enabled
ln -s /etc/nginx/sites-available/my-nextcloud.conf my-nextcloud.conf

Certificado LetsEncrypt

Instalaremos las librerías para el certificado de LetsEncrypt

apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface

Instalaremos el certbot

apt install python3-certbot-nginx

Generamos el certificado

certbot --nginx -d my-nextcloud.com

Caché

Podemos usar memcached o redi para la caché.

Instalar Memcached

para instalar memcached, primeor lo instalaremos

apt install memcached

apt install php-memcached

A continuación lo habilitaremos al inciio y lo arrancaremos

systemctl enable memcached
systemctl start memcached

Y por último agregaremos la configuración en el archivo config.php

'memcache.local' => '\OC\Memcache\Memcached',
'memcache.distributed' => '\OC\Memcache\Memcached',
'memcached_servers' => array(
     array('127.0.0.1', 11211),
     ),

Instalar redis

Para instalar redis habilitaremos redis y  apcu

apt install php8.1-apcu php8.1-redis redis-server
apt install php8.2-apcu php8.2-redis redis-server

Habilitamos redis

systemctl enable redis-server

Ahora configuramos redis

Buscaremos la siguiente línea unixsocket /var/run/redis/redis.sock y la descomentaremos. Debajo de esa línea nos encontraremos con unixsocketperm 700 el cual también descomentaremos y cambiaremos por unixsocketperm 770. Guardamos y salimos.

Añadimos el usuario redis al grupo de Apache

usermod -a -G redis www-data

Finalmente, reiniciamos los servicios de Apache y Redis:

# systemctl restart nginx
# systemctl enable redis-server
# systemctl restart redis-server

Tenemos que configurar NextCloud para que use Redis, para ello tendremos que modificar el fichero de configuración de NextCloud agregaremos la configuración en el archivo config.php y añadiremos lo siguiente:

'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => 'true',
'redis' =>
  array (
    'host' => '127.0.0.1',
    'port' => 6379,
    'timeout' => 0.0,
  ),

Desde Nextcloud 12, se requiere una configuración adicional para configurar correctamente Opcache de PHP. Se muestra el error «La OPcache de PHP no está bien configurada. Para mejorar el rendimiento se recomienda usar las siguientes configuraciones en el php.ini«. Para ello tendremos que editar el fichero /etc/php/8.1/fpm/php.ini.

Al final del fichero añadimos lo siguiente:

; Nextcloud Opcache settings
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

Y reiniciamos PHP-FPM:

systemctl restart php8.1-fpm

Ajustes finales

Tamaño de subida de archivos

Modificaremos el fichero /etc/php/8.1/fpm/php.ini y modifcaremos los parámetros upload_max_filesize y post_max_size y les pondremos el valor de 2048M. Finalmente, reiniciaremos PHP-FPM para que entre en efecto la modificación

Enlaces amigables

Otra cosa que es bueno configurar son los enlaces amigables para que las URL’s sean visualmente más facil de recordar  de NextCloud parfa ello modificamos el archivo config.php y añadimos lo siguiente:

'htaccess.RewriteBase' => '/',

Y si reiniciamos el servicio del Nginx veremos que de las URL nube.tecnocratica.net/index.php/apps/ pasaremos a nube.tecnocratica.net/apps/.


Back to top