357 lines
9.2 KiB
Markdown
357 lines
9.2 KiB
Markdown
## Nextcloud auf dem Raspberry Pi 3
|
|
|
|
### Ersteinrichtung des Raspberry Pi
|
|
Siehe [Ersteinrichtung](https://cdng.ddns.net/gitea/julian/raspberry-pi/src/master/ersteinrichtung.md)
|
|
|
|
|
|
## Vorbereitungen
|
|
vgl. [Anleitung von AvoidErrors](http://www.avoiderrors.net/owncloud-raspberry-pi/)
|
|
|
|
|
|
**Aktualisierung suchen & installieren**
|
|
|
|
```xml
|
|
sudo apt update && sudo apt upgrade -y && sudo reboot
|
|
```
|
|
|
|
**Benutzer www-data zur Gruppe www-data hinzufügen**
|
|
|
|
```xml
|
|
sudo usermod -a -G www-data www-data
|
|
```
|
|
|
|
**Benötigte Pakete installieren**
|
|
|
|
```xml
|
|
sudo apt install nginx openssl ssl-cert php5-cli php5-sqlite php5-gd php5-common php5-cgi sqlite3 php-pear php-apc curl libapr1 libtool curl libcurl4-openssl-dev php-xml-parser php5 php5-dev php5-curl php5-gd php5-fpm memcached php5-memcache varnish -y
|
|
```
|
|
|
|
**Eigenes SSL-Zertifikat erstellen**
|
|
|
|
```xml
|
|
sudo openssl req $@ -new -x509 -days 730 -nodes -out /etc/nginx/cert.pem -keyout /etc/nginx/cert.key
|
|
```
|
|
|
|
**Zugriffsrechte des Zertifikats ändern**
|
|
|
|
```xml
|
|
sudo chmod 600 /etc/nginx/cert.pem
|
|
sudo chmod 600 /etc/nginx/cert.key
|
|
```
|
|
|
|
**Alte nginx config-Datei sichern**
|
|
|
|
```xml
|
|
sudo mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default_old
|
|
```
|
|
|
|
**Neue config-Datei erstellen**
|
|
|
|
```xml
|
|
sudo nano /etc/nginx/sites-available/default
|
|
```
|
|
|
|
**Dort einfügen:**
|
|
*An 2 Stellen muss die IP-Adresse oder die dynamische DNS eingetragen werden! Außerdem müssen die Pfade zum SSL-Zertifikat und zu den Diffie-Hellman-Parametern geändert werden.*
|
|
|
|
```xml
|
|
upstream php-handler {
|
|
server 127.0.0.1:9000;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name IP-Adresse oder dynamische DNS;
|
|
# Enforce HTTPS
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name IP-Adresse oder dynamische DNS;
|
|
|
|
ssl_certificate /path/to/cert;
|
|
ssl_certificate_key /path/to/private-key;
|
|
|
|
# Security Headers
|
|
add_header Strict-Transport-Security "max-age=15768000";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header X-Robots-Tag none;
|
|
add_header X-Download-Options noopen;
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_dhparam /path/to/dh-params
|
|
ssl_session_cache shared:ssl_session_cache:10m;
|
|
|
|
|
|
# Path to the root of your installation
|
|
root /var/www;
|
|
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location = /.well-known/carddav {
|
|
return 301 $scheme://$host/nextcloud/remote.php/dav;
|
|
}
|
|
location = /.well-known/caldav {
|
|
return 301 $scheme://$host/nextcloud/remote.php/dav;
|
|
}
|
|
|
|
location /.well-known/acme-challenge { }
|
|
|
|
location ^~ /nextcloud {
|
|
# set max upload size
|
|
client_max_body_size 20148M;
|
|
fastcgi_buffers 64 4K;
|
|
|
|
# Disable gzip to avoid the removal of the ETag header
|
|
gzip off;
|
|
|
|
error_page 403 /nextcloud/core/templates/403.php;
|
|
error_page 404 /nextcloud/core/templates/404.php;
|
|
|
|
location /nextcloud {
|
|
rewrite ^ /nextcloud/index.php$uri;
|
|
}
|
|
|
|
location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
|
deny all;
|
|
}
|
|
location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
|
|
deny all;
|
|
}
|
|
|
|
location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
|
|
include fastcgi_params;
|
|
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
fastcgi_param HTTPS on;
|
|
#Avoid sending the security headers twice
|
|
fastcgi_param modHeadersAvailable true;
|
|
fastcgi_param front_controller_active true;
|
|
fastcgi_pass php-handler;
|
|
fastcgi_intercept_errors on;
|
|
# fastcgi_request_buffering off;
|
|
}
|
|
|
|
location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
|
|
try_files $uri/ =404;
|
|
index index.php;
|
|
}
|
|
|
|
# Adding the cache control header for js and css files
|
|
# Make sure it is BELOW the PHP block
|
|
location ~* \.(?:css|js|woff|svg|gif)$ {
|
|
try_files $uri /nextcloud/index.php$uri$is_args$args;
|
|
add_header Cache-Control "public, max-age=7200";
|
|
# Add headers to serve security related headers (It is intended
|
|
# to have those duplicated to the ones above)
|
|
# Before enabling Strict-Transport-Security headers please read
|
|
# into this topic first.
|
|
# add_header Strict-Transport-Security "max-age=15768000;
|
|
# includeSubDomains; preload;";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header X-Robots-Tag none;
|
|
add_header X-Download-Options noopen;
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
# Optional: Don't log access to assets
|
|
access_log off;
|
|
}
|
|
|
|
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
|
try_files $uri /nextcloud/index.php$uri$is_args$args;
|
|
# Optional: Don't log access to other assets
|
|
access_log off;
|
|
}
|
|
}
|
|
}
|
|
```
|
|
|
|
**PHP-conf bearbeiten**
|
|
|
|
```xml
|
|
sudo nano /etc/php5/fpm/pool.d/www.conf
|
|
```
|
|
|
|
-> listen = 127.0.0.1:9000
|
|
|
|
|
|
**conf-swapsize ändern**
|
|
|
|
```xml
|
|
sudo nano /etc/dphys-swapfile
|
|
```
|
|
|
|
-> CONF_SWAPSIZE = 512
|
|
|
|
**Pi neustarten**
|
|
sudo reboot
|
|
|
|
|
|
## Nextcloud installieren
|
|
|
|
**Als Root anmelden**
|
|
|
|
```xml
|
|
sudo -s
|
|
```
|
|
|
|
**Ordner erstellen**
|
|
|
|
```xml
|
|
mkdir -p /var/www/nextcloud
|
|
```
|
|
|
|
**Verzeichnis wechseln**
|
|
|
|
```xml
|
|
cd /var/www/
|
|
```
|
|
|
|
**Nextcloud laden**
|
|
|
|
```xml
|
|
wget https://download.nextcloud.com/server/releases/nextcloud-xxx.tar.bz2
|
|
```
|
|
|
|
**.tar entpacken**
|
|
|
|
```xml
|
|
tar xvjf nextcloud-xxx.tar.bz2
|
|
```
|
|
|
|
**User „www-data“ zum Eigentümer des Ordners machen**
|
|
|
|
```xml
|
|
chown -R www-data:www-data /var/www/nextcloud
|
|
```
|
|
|
|
**Alte Dateien entfernen**
|
|
|
|
```xml
|
|
rm -rf nextcloud-xxx.tar.bz2
|
|
exit
|
|
```
|
|
|
|
## Datenbank ändern (MySQL)
|
|
**Benötigte Pakete installieren**
|
|
|
|
```xml
|
|
sudo apt install mysql-server php5-mysql -y
|
|
```
|
|
(Während des Vorgangs das root Passwort festlegen)
|
|
|
|
**Datenbank erstellen**
|
|
|
|
```xml
|
|
mysql -p -u USER
|
|
CREATE DATABASE IF NOT EXISTS nextcloud;
|
|
exit
|
|
```
|
|
|
|
## Nextcloud öffnen & konfigurieren
|
|
* IP-Adresse des Raspberry Pi im Browser eingeben
|
|
* Administrator-Account erstellen
|
|
* Unten bei Speicher & Datenbank „MySQL/MariaDB“ auswählen
|
|
|
|
-> Benutzer: root, PW: vorhin festgelegt, DB-Name: nextcloud, Host: localhost
|
|
|
|
## Signiertes SSL-Zertifikat installieren
|
|
Siehe [Signiertes SSL-Zertifikat installieren](https://cdng.ddns.net/gitea/julian/raspberry-pi/src/master/signiertes-ssl-zertifikat.md)
|
|
|
|
|
|
## ddclient installieren
|
|
Siehe [ddclient installieren](https://cdng.ddns.net/gitea/julian/raspberry-pi/src/master/ddclient.md)
|
|
|
|
|
|
## Daten auf externem Medium speichern
|
|
Siehe zuerst [Externes Laufwerk einbinden](https://cdng.ddns.net/gitea/julian/raspberry-pi/src/master/externes-laufwerk.md)
|
|
|
|
**Als Root anmelden**
|
|
|
|
```xml
|
|
sudo -s
|
|
```
|
|
|
|
**Speicherort der Nextcloud-Daten ermitteln**
|
|
|
|
```xml
|
|
nano /var/www/nextcloud/config/config.php
|
|
```
|
|
-> Eintrag: datadirectory (Standard: /var/www/owncloud/data)
|
|
-> Ändern in: /home/pi/usbstick
|
|
|
|
**Nextcloud-Daten auf das externe Medium kopieren**
|
|
|
|
```xml
|
|
cp -R /var/www/nextcloud/data/. /home/pi/usbstick
|
|
```
|
|
|
|
|
|
**Überprüfen, ob Daten da sind**
|
|
|
|
```xml
|
|
cd /home/pi/usbstick && ls -la
|
|
```
|
|
|
|
**Datei-Eigentümer der Datenkopie ändern**
|
|
|
|
```xml
|
|
chown -R www-data:www-data /home/pi/usbstick
|
|
```
|
|
|
|
**Überprüfen, ob Eigentümer geändert wurde**
|
|
|
|
```xml
|
|
ls -la
|
|
```
|
|
|
|
**Original-Ordner nach erfolgreichem Umziehen der Daten löschen**
|
|
|
|
```xml
|
|
cd /var/www/nextcloud
|
|
rm -rf data
|
|
exit
|
|
```
|
|
|
|
|
|
## Anpassungen
|
|
**Cache konfigurieren**
|
|
|
|
```xml
|
|
sudo nano /var/www/nextcloud/config/config.php
|
|
```
|
|
|
|
-> Unten einfügen: 'memcache.local' => '\OC\Memcache\APC',
|
|
|
|
**PHP-Path Variablen**
|
|
|
|
```xml
|
|
sudo nano /etc/php5/fpm/pool.d/www.conf
|
|
```
|
|
Suche (CTRL+W) nach "env[HOSTNAME]"
|
|
-> Bei allen folgenden env-Variablen (HOSTNAME, PATH, TMP, TMPDIR, TEMP) das ";" entfernen
|
|
|
|
**Datei-Limits anheben**
|
|
|
|
```xml
|
|
sudo nano /var/www/nextcloud/.user.ini
|
|
```
|
|
|
|
-> Ändern:
|
|
upload\_max\_file\_size=2048M
|
|
post\_max\_size=2048M
|
|
|