NextCloud Work from Home

4th February 2021

Uncategorised

NextCloud is a great application that was originally designed to be a DropBox alternative but quickly grew to much more. It has a single pane integration of Files, Email, Contacts, Calendar, Chat, Audio/Video Conf +more. Functionality is extended through Plugins

Pros:
Single pane = works on anything with a modern browser
Apps for Android and iPhone
Onsite = control of my files, in my country where I know the laws
LDAP integration, or local accounts
Plugins for 2FA, Hardware token etc
GeoFilter via plugin (if your firewall doesn’t support it)
Fail2ban via plugin
External storage on SMB/CIFS , S3, FTP, OpenStackOS, SFTP, WebDav, More via Plugins DropBox, GoogleDrive, OneDrive… etc
Installs on Raspberry Pi 4

Cons:
Takes some work to setup
Connection to SMB is finicky

My Install Notes:

I installed on VmWare 6.7 (4cpu,8gb,200gbThin), Ubuntu20.04LTS
Don’t install NextCloud via Snap (the checkbox when installing Ubuntu), smbclient is super difficult to add to Snap!

https://www.itzgeek.com/post/how-to-install-nextcloud-on-ubuntu-20-04/

https://www.server-world.info/en/note?os=Ubuntu_20.04&p=nextcloud&f=8

https://help.nextcloud.com/t/ldap-user-and-group-backend-the-library-ldap-is-not-available/57484

Modifications to the links above for php-smbclient/External Storages:
sudo apt -y install smbclient cifs-utils libsmbclient-dev php-dev make php-fpm php-ldap
sudo pecl install smbclient
sudo echo ‘extension=smbclient.so’ >> /etc/php/7.4/fpm/php.ini
(above didn’t work, need to use sudo nano /etc/php/7.4/fpm/php.ini then add extension=smbclient.so anywhere, doesn’t matter)
sudo systemctl restart php7.4-fpm

If the default Apache webpage is still visible run this:
sudo a2dissite 000-default.conf
sudo service apache2 reload

Top right user initial menu
Apps
Disabled Apps
External Storage support = Enable (if u wanna use existing file shares)
LDAP Users Backend = Enable (if u have a Microsoft Domain Controller)
Menu, Settings, Administration section
External storages,
Add Storage = smb/cifs
Add app Group folders

Work-around for finicky SMB:
I could not add external storage to a share named Projects, different shares worked on this server, tried changing ownership and permissions, local authentication, nothing worked
eventually I connected to the default windows share G$ and added the path to the folder i wanted to be the root.
BUT that didn’t work with the account that had read-only permissions, I used a privileged account, and checked the “read only” box hidden in the extended menus.

Get an SSL certificate from ZeroSSL if TCP ports 80+443 are in use. ZeroSSL lets you confirm with an email address. but their renewal process is stooopid. Update; ZeroSSL counts a renewal as a new certificate, so you quickly run out of “free” certificates.

Turn off IPv6:
nano /etc/sysctl.conf
add to end:net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Error: Access through untrusted domain
nano /opt/nextcloud/config/config.php

‘trusted_domains’ =>
array (
0 => ‘10.3.1.102’,’remote.tc.ca’
),

…

‘overwrite.cli.url’ => ‘http://remote.tc.ca/nextcloud’,

sudo apachectl configtest

sudo systemctl reload apache2

how to remove /netcloud from URL???

setup fail2ban; requires path to nextcloud.log

Renew Certificate:
letsencrypt renew

Lets put that in the scheduler so it gets done auto-magically
nano /etc/cron.weekly/cert_renew.sh
#!/bin/bash
letsencrypt renew
Ctrl+O
Ctrl+X
chmod +x /etc/cron.weekly/cert_renew.sh

Moreupdates:
if you only have a few users, don’t use LDAP integration, the Kerberos ticket expires and its difficult to renew.

if you get this error when trying to update Nextcloud “The PHP memory limit is below the recommended value of 512MB”
nano /etc/php/7.2/apache2/php.ini
search for and increase memory_limit to 512M

if the updater gets stuck try this:
sudo -u www-data php /var/www/nextcloud/occ maintenance:repair
OR
sudo -u www-data php /var/www/html/nextcloud/occ maintenance:repair