Nextcloud on Opalstack

nextcloud_on_opalstack.md

HOWTO install Nextcloud on Opalstack

1. In your Opalstack dashboard create a new "Nginx Proxy Port" application and attach it to a site with Let's Encrypt enabled on the site. Make a note of the app's name and port assignment, and the site domain.

2. In your Opalstack dashboard create a new MariaDB database and user. Make a note of the DB name, DB user name, and password.

3. SSH to your app's shell user and run the following commands:

   cd ~/apps/appname
   git clone -b opalstack https://github.com/rsanden/userspace-fpm-installer.git
   cd userspace-fpm-installer
   

4. In the ~/apps/appname/userspace-fpm-installer directory edit config to resemble the following, replacing the app name, port assignment, and domain with your own:

   #!bash
   STACKNAME="appname"
   PREFIX="$HOME/apps/$STACKNAME/server"
   LOGDIR="$HOME/logs/apps/$STACKNAME"
   PORT="55555"
   DOMAIN1="domain.com"
   APPDIR1="$HOME/apps/$STACKNAME/nextcloud"
   SERVER_TYPE="nginx"
   PHP_VERSION="8.0"
   

5. Still in the ~/apps/appname/userspace-fpm-installer directory execute the following command. This will set up the config and control scripts for a private Nginx+PHP-FPM stack:

   ./install.bash
   

6. Edit ~/apps/appname/server/conf/nginx.conf to resemble the following, replacing the shell user name, app name, port assignment, and domain with your own:

   pid /home/shelluser/apps/appname/server/var/run/nginx.pid;
   error_log /home/shelluser/apps/appname/server/log/nginx_nc_error.log;
   
   events {}
   
   http {
       include /etc/nginx/mime.types;
       default_type application/octet-stream;
   
       client_body_temp_path /home/shelluser/apps/appname/server/tmp/client_body;
       fastcgi_temp_path     /home/shelluser/apps/appname/server/tmp/fastcgi_temp;
       proxy_temp_path       /home/shelluser/apps/appname/server/tmp/proxy_temp;
       scgi_temp_path        /home/shelluser/apps/appname/server/tmp/scgi_temp;
       uwsgi_temp_path       /home/shelluser/apps/appname/server/tmp/uwsgi_temp;
   
       log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
       access_log /home/shelluser/apps/appname/server/log/nginx_nc_access.log main;
   
       server {
           listen 55555;
           server_name domain.com;
           port_in_redirect off;
       
           # set max upload size
           client_max_body_size 512M;
           fastcgi_buffers 64 4K;
       
           # Enable gzip but do not remove ETag headers
           gzip on;
           gzip_vary on;
           gzip_comp_level 4;
           gzip_min_length 256;
           gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
           gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
       
           # HTTP response headers borrowed from Nextcloud `.htaccess`
           add_header Referrer-Policy                      "no-referrer"      always;
           add_header X-Content-Type-Options               "nosniff"          always;
           add_header X-Download-Options                   "noopen"           always;
           add_header X-Frame-Options                      "SAMEORIGIN"       always;
           add_header X-Permitted-Cross-Domain-Policies    "none"             always;
           add_header X-Robots-Tag                         "none"             always;
           add_header X-XSS-Protection                     "1; mode=block"    always;
           add_header Strict-Transport-Security            "max-age=15552000" always;
       
           # Remove X-Powered-By, which is an information leak
           fastcgi_hide_header X-Powered-By;
       
           # Path to the root of your installation
           root /home/shelluser/apps/appname/nextcloud;
       
           index index.php index.html /index.php$request_uri;
       
           location = / {
               if ( $http_user_agent ~ ^DavClnt ) {
                   return 302 /remote.php/webdav/$is_args$args;
               }
           }
       
           location = /robots.txt {
               allow all;
               log_not_found off;
               access_log off;
           }
       
           location ^~ /.well-known {
               location = /.well-known/carddav     { return 301 https://$server_name/remote.php/dav; }
               location = /.well-known/caldav      { return 301 https://$server_name/remote.php/dav; }
               location ^~ /.well-known            { return 301 https://$server_name/index.php$uri; }
       
               try_files $uri $uri/ =404;
           }
       
           location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
           location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)              { return 404; }
       
           location ~ \.php(?:$|/) {
               fastcgi_split_path_info ^(.+?\.php)(/.*)$;
               set $path_info $fastcgi_path_info;
       
               try_files $fastcgi_script_name =404;
       
               include /etc/nginx/fastcgi_params;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               fastcgi_param PATH_INFO $path_info;
               fastcgi_param HTTPS on;
       
               fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
               fastcgi_param front_controller_active true;     # Enable pretty urls
               fastcgi_pass unix:/home/shelluser/apps/appname/server/var/run/php-fpm.sock;
       
               fastcgi_intercept_errors on;
               fastcgi_request_buffering off;
           }
       
           location ~ \.(?:css|js|svg|gif)$ {
               try_files $uri /index.php$request_uri;
               expires 6M;         # Cache-Control policy borrowed from `.htaccess`
               access_log off;     # Optional: Don't log access to assets
           }
       
           location ~ \.woff2?$ {
               try_files $uri /index.php$request_uri;
               expires 7d;         # Cache-Control policy borrowed from `.htaccess`
               access_log off;     # Optional: Don't log access to assets
           }
       
           location / {
               try_files $uri $uri/ /index.php$request_uri;
           }
       }
   }
   

7. Execute the following commands to download Nextcloud:

   wget wget https://download.nextcloud.com/server/releases/nextcloud-24.0.4.tar.bz2
   tar -jxf nextcloud-24.0.4.tar.bz2
   

8. Restart the stack: ~/apps/appname/server/bin/restart

9. Visit the site you created in step 1 - the Nextcloud installation wizard will guide you through the rest of the setup.

@riverofjanuary ~/apps/appname/server/bin/php-fpm is a symlink pointing to /opt/remi/php80/root/usr/sbin/php-fpm. Delete it and recreate it pointing to /opt/remi/php83/root/usr/sbin/php-fpm then restart the stack.

Thank you, that worked! Just putting this here for people searching in future so they dont need to hunt down exact commands:

cd ~/apps/appname/server/bin
rm php-fpm
ln -s /opt/remi/php83/root/usr/sbin/php-fpm php-fpm
~/apps/appname/server/bin/restart