A read only mirror of the original lollipop cloud sources. This repo was mirrored from the original home on GitLab (https://gitlab.com/kemonine/lolipop_lan_cloud/)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

6.7 KiB

NextCloud

NextCloud in a container. A simple PHP-FPM deployment. You’ll need the Web Server container setup to get access. This just gives a very basic, non-web-server version of NextCloud.

NOTE: You may want to use a filesystem on a USB disk instead of /var for the volumes setup in the below Docker command(s) to help reduce writes to the micro sd card

Inspiration / Sources

Install / Update / Run Script

Setup a generic script that’ll auto update NextCloud, build a container and launch it. You should only run this script at first launch and/or when you’re looking for updates.


mkdir /var/nextcloud
chown www-data /var/nextcloud

cat > /root/docker/nextcloud.sh <<EOF
#!/bin/bash

ARCH=\`arch\`
UPSTREAM="arm32v7/nextcloud:stable"

# Cleanup arch/container image here
if [ \$ARCH == "aarch64" ]
then
    echo "64bit arm"
    UPSTREAM="arm64v8/nextcloud:stable"
else
    echo "32bit arm"
    UPSTREAM="arm32v7/nextcloud:stable"
fi

echo "Updating"

docker pull \$UPSTREAM

echo "Running with latest release"

# Cleanup existing container
docker stop nextcloud
docker rm nextcloud

##########
# For postgresql instead of sqlite run the following commands
#docker exec -it postgres psql -U postgres
#create role nextcloud nocreatedb nocreaterole login PASSWORD 'password';
#create database nextcloud owner=nextcloud encoding=UTF8;

# Setup using the above database/username/role and ip of 172.30.12.12
##########

# Re-run/create container with latest image
docker run \\
    --name nextcloud \\
    --restart unless-stopped \\
    --net docker-private \\
    --ip 172.30.7.7 \\
    -e TZ=UTC \\
    -e DEBUG=1 \\
    -v /var/nextcloud:/var/www/html \\
    \$UPSTREAM

EOF

chmod a+x /root/docker/nextcloud.sh

Run NextCloud

Simply execute /root/docker/nextcloud.sh to update/run NextCloud.

Update Unbound


cat > /etc/unbound/local_zone/nextcloud.conf <<EOF
local-data: "nextcloud-insecure A 172.30.7.7"
local-data-ptr: "172.30.7.7 nextcloud-insecure"
local-data: "nextcloud-insecure.domain.tld A 172.30.7.7"
local-data-ptr: "172.30.7.7 nextcloud-insecure.domain.tld"

local-data: "nextcloud A 172.30.0.1"
local-data: "nextcloud.domain.tld A 172.30.0.1"
local-data-ptr: "172.30.0.1 nextcloud"
local-data-ptr: "172.30.0.1 nextcloud.domain.tld"
EOF

Serving Via Caddy


cat > /etc/caddy/services/nextcloud.conf <<EOF
# Nextcloud proxy
nextcloud:80, nextcloud:443, nextcloud.domain.tld:80, nextcloud.domain.tld:443 {
    redir 301 {
        if {scheme} is http
        /  https://nextcloud.domain.tld{uri}
    }

    log /var/log/caddy/nextcloud.log
    proxy / 172.30.7.7:80 {
        transparent
    }

    # Use acme.sh Let's Encrypt SSL cert setup
    tls /var/acme.sh/domain.tld/fullchain.cer /var/acme.sh/domain.tld/domain.tld.key

    header / {
        # Enable HTTP Strict Transport Security (HSTS) to force clients to always
        # connect via HTTPS (do not use if only testing)
        Strict-Transport-Security "max-age=15552000;"
        # Enable cross-site filter (XSS) and tell browser to block detected attacks
        X-XSS-Protection "1; mode=block"
        # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
        X-Content-Type-Options "nosniff"
        # Disallow the site to be rendered within a frame (clickjacking protection)
        X-Frame-Options "DENY"
    }
}
EOF

First Run / Finalize Setup

  • Navigate to http://nextcloud-insecure.domain.tld
  • Follow on-screen prompts for finalizing the NextCloud setup
  • Login as Admin

Post Install

Update/Install/Enable Apps

Enabled Apps

  • Update any apps that are showing as out of date

Disabled apps

  • Enable Auditing / Logging app
  • Enable Default encryption module
  • Enable external storage support
  • Enable PDF Viewer

Customization

  • Install External sites app

Files

  • Install Group folders app

Office & Text

  • Enable Calendar app
  • Enable Contacts app
  • Enable Notes app
  • Enable Tasks app

Organization

  • Install Annoucement center app
  • Enable bookmarks app

Security

  • Enable brute force settings app
  • Enable restrict login to IP addresses app
  • Enable Two Factor TOTP Provider app
  • Enable Two Factor U2F app
  • Enable Two Factory Yubikey

Social & communication

  • Enable circles app

Tools

  • Enable Impersonate app

Basic Setup

Adjust default view

If you’d like to see the activities view as your default view in NextCloud, edit /var/nextcloud/config/config.php and add 'defaultapp' => 'activity', to the file.

Add Cronjob

In the settings change from Ajax for scheduled jobs to Cron and run the following commands on your device.

This will lessen the page loads and keep the cron job constrained to a reasonable duration.


cat > /etc/systemd/system/nextcloudcron.service <<EOF
[Unit]
Description=Nextcloud cron.php job

[Service]
User=roo
ExecStart=/usr/bin/docker exec --user www-data nextcloud php /var/www/html/cron.php

[Install]
WantedBy=basic.target
EOF

cat > /etc/systemd/system/nextcloudcron.timer <<EOF
[Unit]
Description=Run Nextcloud cron.php every 90 minutes

[Timer]
OnBootSec=10min
OnUnitActiveSec=90min
Unit=nextcloudcron.service

[Install]
WantedBy=timers.target
EOF

systemctl daemon-reload
systemctl start nextcloudcron.timer
systemctl enable nextcloudcron.timer

Adjust Sharing settings

  • Disable Allow public uploads
  • Disable Allow users on this server to send shares to other servers
  • Disable Send password by mail

Adjust Security settings

Recommended Settings (Up to you)

  • Minimal Length : 12
  • Forbid common passwords
  • Enforce upper and lower case characters
  • Enforce numeric characters

Setup Apps

Configure groups (as appropriate)

  • Create group for standard users
  • Create group folder for the new group (non-syncthing dumping ground for sync)
  • Setup shared contacts list for new group
  • Setup shared calendar for new group