Instalasi NextCloud pada OS Linux¶
Spesifikasi¶
- MariaDB Client 10.11.x (tidak akan instal DB server, hanya akan menggunakan DB client)
- Apache 2.4.4x
- PHP 8.0.x
- NextCloud 23.x.x
Repositori Apache, PHP, & MariaDB¶
Variable
MARIADB_VER="10.11"
PHP_VER="8.0"
Repositori
# dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
# dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm && \
# curl -LsS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | \
# bash -s -- --mariadb-server-version="mariadb-$MARIADB_VER" && \
# dnf update -y
# apt-get update && \
# apt-get -y install apt-transport-https lsb-release ca-certificates curl \
# software-properties-common wget gnupg && \
# curl -LsS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | \
# bash -s -- --mariadb-server-version="mariadb-$MARIADB_VER"
# wget -O /etc/apt/trusted.gpg.d/apache2.gpg https://packages.sury.org/apache2/apt.gpg && \
# wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg && \
# echo "deb http://packages.sury.org/apache2/ $(lsb_release -sc) main" > \
# /etc/apt/sources.list.d/apache2.list && \
# echo "deb http://packages.sury.org/php/ $(lsb_release -sc) main" > \
# /etc/apt/sources.list.d/php.list && \
# apt-get update
apt-get update && \
apt-get -y install apt-transport-https lsb-release ca-certificates curl \
software-properties-common && \
add-apt-repository -y ppa:ondrej/apache2 && \
add-apt-repository -y ppa:ondrej/php && \
curl -LsS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | && \
bash -s -- --mariadb-server-version="mariadb-$MARIADB_VER" && \
apt-get update
Instalasi¶
Apache & MariaDB¶
Instalasi Apache & MariaDB
dnf install -y httpd
dnf install -y MariaDB-server MariaDB-client
systemctl enable --now httpd mariadb
apt-get install -y apache2
apt-get install -y mariadb-server-$MARIADB_VER
systemctl enable --now apache2 mariadb-server-$MARIADB_VER
Jika terpisah antara aplikasi web dan pangkalan data, cukup instal klien peladen pangkalan data pada peladen aplikasi web
Instalasi MariaDB-client
curl -LsS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | && \
bash -s -- --mariadb-server-version="mariadb-$MARIADB_VER" && \
yum update -y && yum install -y MariaDB-client
curl -LsS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | && \
bash -s -- --mariadb-server-version="mariadb-$MARIADB_VER" && \
apt-get update && apt-get install -y mariadb-client
PHP & Redis¶
Variable
#!/bin/bash
set -eux
# variables
USER_NAME="deploy"
PHP_VER="8.0"
INSTANCE_FQDN="sub.domain.tld"
SSL_EMAIL="[email protected]"
NEXTCLOUD_RELEASE="23.0.11"
INSTALL_DIR="/opt/nextcloud"
DATA_DIR="/opt/data"
LOG_DIR="/var/log/nextcloud"
DB_HOST="db_host:db_port"
DB_NAME="db_name"
DB_USER="db_user"
DB_PASS="db_pass"
NC_ADMIN_USER="nc_admin_user"
NC_ADMIN_PASS="nc_admin_pass"
TZ="Asia/Jakarta"
Instalasi Apache2 mod-php & PHP
apt-get install libapache2-mod-php$PHP_VER
Mengaktifkan modul Apache yang diperlukan
a2enmod rewrite headers env dir mime
a2dismod dav
systemctl restart apache2
Instalasi Redis server & modul-modul PHP yang diperlukan
php$PHP_VER-{apcu,bz2,curl,gd,imagick,imap,intl,ldap,mbstring,mysql,redis,xml,zip} redis-server
Instalasi LibreOffice
apt-get install -y libreoffice
Konfigurasi¶
Akses redis bagi www-data
usermod -aG redis www-data
Optimasi PHP¶
Optimasi PHP
# meningkatkan batasan penggunaan memori
sed --in-place 's/^memory_limit.*/memory_limit = 512M/g' /etc/php/$PHP_VER/apache2/php.ini
# peningkatan performa dengan opcache
cat << EOF >> /etc/php/$PHP_VER/apache2/conf.d/10-opcache.ini
opcache.enable=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
EOF
# pengaktifan APCu
cat << EOF >> /etc/php/$PHP_VER/apache2/conf.d/20-apcu.ini
apc.enable_cli=1
EOF
# menjalankan ulang layanan peladen web apache2
systemctl restart apache2
Apache virtual host¶
#
cat << EOF > /etc/apache2/sites-available/$INSTANCE_FQDN.conf
Alias / "$INSTALL_DIR/"
<Directory $INSTALL_DIR/>
AllowOverride All
Require all granted
Options FollowSymlinks MultiViews
Satisfy Any
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
EOF
# mengaktifkan VirtualHost
a2ensite $INSTANCE_FQDN.conf
systemctl reload apache2
Unduh Nextcloud¶
# hak akses
usermod -aG www-data $USER_NAME
# unduh
cd /tmp
wget https://nextcloud.com/nextcloud.asc
wget https://download.nextcloud.com/server/releases/nextcloud-$NEXTCLOUD_RELEASE.tar.{bz2,bz2.asc}
gpg --import nextcloud.asc
gpg --verify nextcloud-$NEXTCLOUD_RELEASE.tar.bz2.asc nextcloud-$NEXTCLOUD_RELEASE.tar.bz2
# ekstrak
tar -xvjf nextcloud-$NEXTCLOUD_RELEASE.tar.bz2
# direktori instalasi & data
mkdir -pv $INSTALL_DIR $DATA_DIR $LOG_DIR
# pindahkah konten ke direktori instalasi
mv -v nextcloud/* $INSTALL_DIR
touch $LOG_DIR/nextcloud.log
chown -Rv www-data:www-data $INSTALL_DIR $DATA_DIR $LOG_DIR
Instalasi Nextcloud¶
# alias occ
alias occ="sudo -u www-data php $INSTALL_DIR/occ"
occ maintenance:install --database "mysql" \
--database-host "$DB_HOST" \
--database-name "$DB_NAME" \
--database-user "$DB_USER" \
--database-pass "$DB_PASS" \
--admin-user "$NC_ADMIN_USER" \
--admin-pass "$NC_ADMIN_PASS" \
--data-dir "$DATA_DIR"
# tambah FQDN sebagai domain yang diizinkan untuk akses
occ config:system:set trusted_domains 0 --value=$INSTANCE_FQDN
# mengaktifkan ssl sementara dan memuat ulang apache2
a2enmod ssl
a2ensite default-ssl
systemctl reload apache2
# manipulasi berkas konfigurasi via CLI
# konfigurasi log
occ config:system:set logtimezone --value="$TZ"
occ config:system:set logfile --value="$LOG_DIR/nextcloud.log"
occ config:system:set log_rotate_size --value=1073741824 --type=integer
occ config:system:set loglevel --value=3 --type=integer
occ config:system:set log_type --value="owncloud"
occ config:system:set logdateformat --value="F d, Y H:i:s"
# lokasi direktori
#occ config:system:set datadirectory --value="$DATA_DIR"
# optimasi redis & opcache
occ config:system:set redis host --value=localhost
occ config:system:set redis port --value=6379 --type=integer
occ config:system:set redis dbindex --value=0 --type=integer
occ config:system:set redis timeout --value=0.0 --type=float
occ config:system:set memcache.local --value="\OC\Memcache\APCu"
occ config:system:set memcache.distributed --value="\OC\Memcache\Redis"
occ config:system:set memcache.locking --value="\OC\Memcache\Redis"
# libreoffice konversi PDF
occ config:system:set preview_libreoffice_path --value="/usr/bin/libreoffice"
Finalisasi¶
Paska instalasi otomatis¶
# optimasi DB
occ db:add-missing-indices
occ db:convert-filecache-bigint
# Let's Encrypt SSL (staging)
apt-get install -y certbot python3-certbot-apache
certbot --apache -m [email protected] --agree-tos --test-cert -d $INSTANCE_FQDN
a2dissite default-ssl
systemctl reload apache2
apache2ctl configtest
systemctl restart apache2
# tautan tanpa index.php
occ config:system:set overwrite.cli.url --value="https://$INSTANCE_FQDN/"
occ config:system:set htaccess.RewriteBase --value="/"
occ maintenance:update:htaccess
systemctl restart apache2
# keamanan
occ config:system:set overwriteprotocol --value="https"
occ config:system:set remember_login_cookie_lifetime --value=1800 --type=integer
#
occ config:system:set maintenance --value=false --type=boolean
# memuat ulang apache2 dan redis
systemctl restart apache2 redis-server
# melihat isi konfigurasi aktual
occ config:list --private
# cron
sudo crontab -u www-data -e
*/5 * * * * php -f $INSTALL_DIR/cron.php
systemctl restart cron
sudo -u www-data php $INSTALL_DIR/cron.php
FQDN mengamankan subdomain¶
nano /etc/apache2/sites-available/$INSTANCE_FQDN.conf
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; preload"
</IfModule>
SetEnv HOME /opt/<$INSTALL_DIR>
SetEnv HTTP_HOME /opt/<$INSTALL_DIR>
Certbot SSL¶
#
openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
#
apt-get install certbot python3-certbot-apache
#
certbot --dry-run --test-cert --apache --agree-tos -m $SSL_EMAIL -d $INSTANCE_FQDN
#
certbot --test-cert --apache --agree-tos -m $SSL_EMAIL -d $INSTANCE_FQDN