In this blog, we will install the very popular Nextcloud (https://nextcloud.com/) collaboration tool on OCI and MDS.
What is Nextcloud?
Nextcloud is a great alternative for Dropbox, Google Drive, OneDrive, and similar services.
Nextcloud has a partnership with managed services, but I believe the strength lies in the fact you can run it on your own environment and keep all your files, calendar events, contacts, and everything else under your full control without anyone looking into it nor have any limitation on how to use it (such as the number of clients that can connect or data sizes).
I’m also a big believer in “trust yourself” in the sense that I’m ok with managed services, but I also want to know I have backups I can trust and if I need to – I have unlimited and full access to my data.
Nextcloud provides all those!
You have virtually NO limitations using it. Run it on 1 device or 1,000. Have 1G of data or 20TB. Run backup every 2 years or every 5 minutes.
Feel like you really have a bad day? Go and mess with the database…
Who should use Nextcloud?
Well… Everybody. If you ask me.
I use it privately for years now and love it. I don’t use any other collaboration tool.
But if you search the name, you’ll find Nextcloud has some massive installations worldwide.
Why Nextcloud and not some other fancy names?
Nextcloud is simple. It runs on PHP and is backed by MySQL (or Oracle DB SQLite if you are crazy enough). You can use apache or NGINX.
It has a very active development community and with enough installations and easy updates – it’s as secure as one expects. Naturally, more security can be imposed outside of Nextcloud’s core system.
Why Oracle Cloud and MDS?
That’s easy; Oracle cloud is awesome. It’s high performant and provides great value for money for everything required: compute, storage, network bandwidth, and MySQL managed service, all while it is the most secure cloud platform.
Nextcloud has a very good security track record and great authentication modules, but you can always take advantage of additional security tools Oracle cloud offers. Oracle cloud as a default treats everything as “has to be secure” rather than “has to be accessed easily”, which means that by default, your data will be protected.
Ok. Sure. Where do I sign?
Well, luckily for you, no need to sign. Nextcloud is an Open Source project and you can just install it and use it right now. No need to speak to anyone.
Nextcloud does offer Enterprise options if you’d like to check them out.
Sounds good. Show me how!
Great, let’s start!
First, I make an assumption you already have an account with Oracle cloud (even a free one, during the trial as you will need MDS – which is not part of the “always free” tier).
I also assume you already set up VCN and provisioned Oracle Linux 8 and MDS instances. There are other blog posts showing how it’s done, so I won’t repeat those steps.
Step 1: Setting up the compute instance
We will run all the commands as root.
Now, let’s run the update and install the repos for additional packages and PHP
yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm https://rpms.remirepo.net/enterprise/remi-release-8.rpm
Nextcloud can run (at the time of writing this blog) PHP 7.4, 8.0, and 8.1. The recommended version is currently 8.0
Now we’re ready to install everything we need, including MySQL Shell (https://dev.mysql.com/doc/mysql-shell/8.0/en/)
Some basic setup for PHP.
I’m doing the bare minimum, in production systems you probably going to need to do some more tweaking.
I also live in Melbourne, so I set the timezone accordingly. If you’re not my neighbor, you might wanna check here: https://www.php.net/manual/en/timezones.php
date.timezone = “Australia/Melbourne”
I’m using apache, so I’m adding/changing those setups directives
<Directory “/var/www/html”>
AllowOverride All
</Directory>
# Compress content, add the end of the conf file
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
Nextcloud uses PHP. A LOT. So using caching mechanisms make a lot of sense.
I’m setting up OPCache (which is compiled code cache). In big systems, Memcached is highly recommended (not covered in this blog)
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
Time to enable and start our web server
Oracle Linux 8 comes with quite strict rules, so you need to add HTTP(80) and HTTPS(443) to the firewall to allow access.
Do not forget to allow those ports in your VNC security list!
firewall-cmd –permanent –zone=public –add-service=https
firewall-cmd –reload
Step 2: Setting up MDS
My MDS IP address is 10.0.0.80, but you probably have a different IP. Check the OCI console and find out.
I’m also using “root” as my admin user, but you might be using “admin” or “ImGodKneelBeforeMe” which is totally cool and normal.
We’ll be using MySQL shell to connect to MDS.
Let’s enable history first (my history teacher should be proud… It’s not something they ever thought I’d be saying. I didn’t either!)
Let’s switch to SQL and setup our Nextcloud user and database
create user ‘nextcloud’@’%’ identified by ‘VertSecret1!1’; grant all privileges on `nextcloud`.* to ‘nextcloud’@’%’;
create database nextcloud;
Step 3: Setting up Nextcloud
We’re almost there, final touches before we jump on the web install.
You can have a look here: https://nextcloud.com/install/#instructions-server for the full instructions and ways to install Nextcloud, including the fully automated way via the web.
I’m going through the long way, to show the steps though.
Let’s download the package and put it where it belongs. I’m using a trick here (shopt -s dotglob) to allow me to copy all the files needed including hidden dot files.
wget https://download.nextcloud.com/server/releases/latest.zip
unzip latest.zip
shopt -s dotglob
mv nextcloud/* /var/www/html/
Before we go on, let’s create the “data” directory. This is where all your files and users’ stuff will be.
Now the files are where they need to be, but we need to make sure they are owned by apache
In our system, we have SELinux running, so we need to set SELinux to work with PHP. We also enable access for apache to connect to the remote MDS.
Make sure you read https://docs.nextcloud.com/server/latest/admin_manual/installation/selinux_configuration.html.
You won’t be able to run updates unless you run the SELinux commands.
semanage fcontext -a -t httpd_sys_rw_content_t ‘/var/www/html/data(/.*)?’
semanage fcontext -a -t httpd_sys_rw_content_t ‘/var/www/html/config(/.*)?’
semanage fcontext -a -t httpd_sys_rw_content_t ‘/var/www/html/apps(/.*)?’
semanage fcontext -a -t httpd_sys_rw_content_t ‘/var/www/html/.htaccess’
semanage fcontext -a -t httpd_sys_rw_content_t ‘/var/www/html/.user.ini’
semanage fcontext -a -t httpd_sys_rw_content_t ‘/var/www/html/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?’
restorecon -Rv ‘/var/www/html/’
setsebool -P httpd_can_network_connect_db on
Step 4: Web installer
If everything went according to plan (it never does), all you have to do now is to point your browser to the IP of your compute instance and you’ll see this
You have to set up your Nextcloud admin user name and password (not the MDS root user!) then click on “Storage & databases” so you can choose “MySQL”.
The database user, password, and database name, which we set up earlier in step 2, are:
User: nextcloud
Password: VertSecret1!1
Database name: nextcloud
Host: <whatever your MDS IP is>
The next screen should be this one. You can just click to install
If you see this – you’ve done it! You have nextcloud installed.
You can go to the settings and make sure you read all the notices and warnings, plus after you are done with SSL and stuff, run the security check that Nextcloud runs on your production site.
Final notes
- This is a very basic Nextcloud setup. From here, make sure you’re enabling SSL (do NOT run Nextcloud without it) and make sure it’s as secure as it can be. Run the security diagnostics tool.
- Nextcloud has many clients available; PCs, Macs, Android, iOS, and Linux. Check them out.
- Nextcloud has a huge amount of plugins you can use. Calendar, contact, to-do list, notes, collaboration, chats, etc. Check the apps page.
- You can run Nextcloud with MDS HA with the same setup to make your database highly redundant. Make sure you back up your compute instance. MDS will back up automatically every day (if you enable the option).
- Files on the compute are encrypted as rest by the compute disk encryption. If you’d like to share files and encrypt them before even uploading to the cloud, use gocryptfs (https://github.com/rfjakob/gocryptfs) and its Windows port cppcryptfs (https://github.com/bailey27/cppcryptfs) for years and love it.
Use it at your own risk though. - You can create a highly redundant and performant Nextcloud setup by using several compute instances, MDS HA, and a load balancer. The files can be hosted on an OCI file system mount and shared between the instances.