From e7c7fc82ab909a7592cfa8e630dc088613de68ef Mon Sep 17 00:00:00 2001 From: Ze'ev Schurmann Date: Wed, 7 May 2025 19:12:34 +0200 Subject: [PATCH] Updated to match Nextcloud Hub 10 --- setupnc.sh | 77 ++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 51 insertions(+), 26 deletions(-) diff --git a/setupnc.sh b/setupnc.sh index 5f555c4..0636597 100644 --- a/setupnc.sh +++ b/setupnc.sh @@ -30,24 +30,45 @@ apt update && apt -y upgrade ## extrepo - Tool for automatic configuration of external repos for Debian ## unzip - Needed to extract the Nextcloud zip file -apt -y install curl wget apache2 extrepo unzip +apt -y install curl wget apache2 unzip ## Now we enable Sury for installing the very latest PHP files -extrepo enable sury && apt update +curl -sSL https://packages.sury.org/php/README.txt | bash -x && apt update ## Now we install PHP 8.2 and required modules -apt -y install php8.2-{ctype,curl,dom,gd,common,mysql,mbstring,posix,simplexml,xmlreader,xmlwriter,xmlrpc,xml,cli,zip,bz2,fpm,intl,ldap,smbclient,ftp,imap,bcmath,gmp,exif,apcu,memcached,redis,imagick} libapache2-mod-php8.2 libapache2-mod-fcgid libxml2 +apt -y install php8.3-{ctype,curl,dom,gd,common,mysql,mbstring,opcache,posix,simplexml,xmlreader,xmlwriter,xmlrpc,xml,cli,zip,bz2,fpm,intl,ldap,smbclient,ftp,imap,bcmath,gmp,exif,apcu,memcached,redis,imagick} libapache2-mod-php8.3 libapache2-mod-fcgid libxml2 + +## Configure Apache2 and PHP8.3 + +systemctl stop apache2 +a2dismod php8.3 +a2dismod mpm_prefork +a2enmod mpm_event proxy proxy_fcgi setenvif rewrite +a2enconf php8.3-fpm +systemctl restart apache2 + +## Set optimal settings for PHP to make Nextcloud happy... + +echo "max_execution_time = 240" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini +echo "memory_limit = 512M" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini +echo "post_max_size = 512M" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini +echo "upload_max_filesize = 2048M" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini +echo "[opcache]" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini +echo "opcache.enable=1" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini +echo "opcache.memory_consumption=1024" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini +echo "opcache.interned_strings_buffer=128" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini +echo "opcache.max_accelerated_files=50000" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini +echo "opcache.validate_timestamps=0" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini +echo "opcache.revalidate_freq=60" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini +echo "opcache.save_comments=1" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini +systemctl restart php8.3-fpm.service ## Let's install MariaDB apt -y install mariadb-server mariadb-client -## Configure Apache2 and php8.2 - -systemctl stop apache2 && a2dismod php8.2 && a2dismod mpm_prefork && a2enmod mpm_event proxy proxy_fcgi setenvif rewrite && a2enconf php8.2-fpm && systemctl restart apache2 - ## Time to harden MariaDB systemctl enable mariadb @@ -65,6 +86,13 @@ echo "FLUSH PRIVILEGES;" | mysql echo "CREATE DATABASE $dbname; CREATE USER $dbuser@localhost IDENTIFIED BY '$dbpass'; GRANT ALL PRIVILEGES ON $dbname.* TO $dbuser@localhost; FLUSH PRIVILEGES;" | mysql +## Let's add support for SVG files... + +apt -y install librsvg2-bin +sed -i 's|| \n|' /etc/ImageMagick-6/policy.xml +apt -y install libmagickcore-6.q16-6-extra +systemctl restart apache2 + ## Time to download the latest copy of Nextcloud wget https://download.nextcloud.com/server/releases/latest.zip @@ -81,35 +109,32 @@ chown -R www-data:www-data /var/www/html mkdir /home/nextcloudfiles chown -R www-data:www-data /home/nextcloudfiles -## Do webconfig +## Let's do the web install without a browser -## Get token +cd /var/www/html +sudo -u www-data php occ maintenance:install --database="mysql" --database-host="localhost" --database-name="$dbname" --database-user="$dbuser" --database-pass="$dbpass" --admin-user="$adminuser" --admin-pass="$adminpass" --data-dir="/home/nextcloudfiles" -temp=$(curl -S http://localhost/index.php | grep "data-requesttoken") -token=${temp:20:-2} +## Configuring Nextcloud -## Submit Installation +cp /var/www/html/config/config.php /var/www/html/config/config.php.original +sudo -u www-data php occ config:system:set trusted_domains 0 --value="*" +sudo -u www-data php occ config:system:set maintenance_window_start --type=integer --value=1 +( crontab -u www-data -l 2>/dev/null; echo '*/5 * * * * php -f /var/www/html/cron.php' ) | crontab -u www-data - +sudo -u www-data php occ maintenance:repair --include-expensive +sudo -u www-data php occ config:system:set debug --type=boolean --value=false +sudo -u www-data php occ config:system:set memcache.local --type=string --value=\OC\Memcache\APCu -curl -s -X POST "http://localhost/index.php" -H "Content-Type: application/x-www-form-urlencoded" -d "install=true&adminlogin=$adminuser&adminpass=$adminpass&directory=%2Fhome%2Fnextcloudfiles&dbtype=mysql&dbuser=$dbuser&dbpass=$dbpass&dbpass-clone=$dbpass&dbname=$dbname&dbhost=localhost" +## Let's make a script so you can use the occ CLI tool from anywhere on your server -## Setup https (selfsigned) +echo -e '#!/bin/bash\n\ncd /var/www/nextcloud\nsudo -u www-data php occ $@' > /usr/bin/occ && chmod +x /usr/bin/occ -a2enmod ssl && a2ensite default-ssl.conf && systemctl restart apache2 +## Clean up time... -## Overridding the need for a domain name - -mv /var/www/html/config/config.php /var/www/html/config/config.php.old -head -n 8 /var/www/html/config/config.php.old > /var/www/html/config/config.php -echo " 1 => '*'," >> /var/www/html/config/config.php -tail -n 14 /var/www/html/config/config.php.old >> /var/www/html/config/config.php -chown www-data:www-data /var/www/html/config/config.php +apt -y autoremove ## DONE echo "You can now configure your networking for static IP, but what I do," echo "is assign a static IP by using DHCP reservation in my Router." -echo "You can forward port 80 and 443. But even if you connect on port 80" -echo "it will switch to port 443 (https) and give you a security warning." -echo "This is because it's a selfsigned certificate. But at least your data" -echo "is encrypted between browser and server." +echo "You can forward port 80. This is because it's a selfsigned certificate." echo "If you have any issues, DM me on Reddit u/thisiszeev"