The Batuhan's Blog

/

Blog

Creating the best Nextcloud Server

Thu Nov 16 2023

This is the second part of the Migrating an old Nextcloud Server. If you haven't read it yet, please read it first.

As you guys remember, on my last blog post we migrated our Nextcloud server from an Athlon pc to a Dell Optiplex 7050. Now it's time to do some settings and improvements to have the fastest and best Nextcloud server possible.

What we're gonna do?

In a summary what we're gonna do is, upgrading Nextcloud to latest version, setting up the cron tasks, improve the PHP OPcache and some other things to improve the security and performance.

Before start

  • Before following things I do, you should backup your data somewhere safe!
  • As we all know sometimes things works for me may not work for you. In that case please refer to official Nextcloud Documention.

Beginning

Update the packages on the server

Before doing anything further don't forget to upgrade the packages on the server to the latest versions available.

sudo dnf upgrade --nobest

In this command I added the --nobest because without this flag dnf won't upgrade packages like dlib and php-dlib.

Update Nextcloud server using updater script

  • If you already updated your server, you can skip this step.

Next step is to update the Nextcloud to version 27 from 25. But how? Nextcloud doesn't supports to update from a major version to another.

You're right. Nextcloud does not supports to upgrade between two major versions by the way we used to upgrade from 25.0.7 to 25.0.12 at the last post. But Nextcloud supports to upgrade between two major versions using their built-in updater. And I'm not talking about the webUi they have. I'm talking about the cli script that also webUi uses. Than why we simply don't use the webUi? Becouse it's not a stable way to update server. Anyways without any speaking here is how it's done.

Version 25.0.12 to 27

To upgrade our server log into your server via ssh and than go to directory that you have Nextcloud installed.

Screenshot_20231016_113303.png > This is Starship prompt btw

In that folder you need to switch into user apache becouse our current user can't read or write into some of those folders. But since apache is a system user and doesn't has a home folder, we can't just use sudo su apache command. What we need to do is we need to run the bash under apache and to do that we can use the command sudo -u apachce bash

Screenshot_20231016_113733.png And now we identify as apache lol. After that change your directory updater folder on our Nextcloud installation and now when you type ls, you should see 2 files named index.php and updater.phar. Now run the updater script with the command php updater.phar

and follow the insturactions. After it's done you should have the version 26. Now restart the apache and visit your server to confirm it works as it should.

After confirming that everything works perfectly fine re-run the script and update Nextcloud to version 27. Screenshot_20231016_115214.png

Configration

Now we're going to configure our Cron tasks for Nextcloud, Memcache for database, op-cache for PHP and Https for Apache2 webserver.

Cron jobs

  • Reference Nextcloud needs to execute it's cron jobs every 5 minutes to function properly. There are 3 ways to do that but in this post we're going with the systemd way.

We need to create 2 different files named nextCron.service and nextCron.timer under /etc/systemd/system folder. The first one will be our Cron job and the second one will be our timer for it.

Now edit the nextCron.service file to look like this

[Unit]
Description=Nextcloud cron.php job

[Service]
User=www-data
ExecCondition=php -f /var/www/nextcloud/occ status -e
ExecStart=/usr/bin/php -f /var/www/nextcloud/cron.php
KillMode=process

And nextCron.timer to look like this

[Unit]
Description=Run Nextcloud cron.php every 5 minutes

[Timer]
OnBootSec=5min
OnUnitActiveSec=5min
Unit=nextCron.service

[Install]
WantedBy=timers.target

Of course don't forget to change the /var/www/nexcloud sections with your own Nextcloud installation. After saving these files use the command down below to enable and start the Cron tasks.

sudo systemctl enable --now nextCron.timer

Don't forget to add that .timer extension otherwise systemd would give you errors.

Memcache and Redis

To improve the performance of our Nextcloud server we should setup memcache for Nextcloud using Redis. For single user instances, Redis not needed but it affects our server performance a lot so this is why we gonna set it up.

Installing packages

Before starting we need to install redis and php-redis module. We can install it using

sudo dnf install redis php-redis

After installing our packages we need to enable the systemd service of redis and start it up. For that we can simply use the command

sudo systemctl enable --now redis && sudo systemctl start redis

Configuring Nextcloud

After installing needed packages and enabling the systemd service we can now edit our config.php file to use Redis for cache. Now change your directory back to Nextcloud server directory and use the command down below to switch to user apache.

sudo -u apache bash

After changing switching to user apache, now go to your config/config.php file and add these lines to bottom of your file.

 'memcache.local' => '\OC\Memcache\APCu',  
 'memcache.distributed' => '\OC\Memcache\Redis',  
 'memcache.locking' => '\OC\Memcache\Redis',  
 'redis' => [  
         'host' => 'localhost',  
         'port' => 6379,  
 ],

After that save this file and restart the Apache Web server with command

sudo systemctl restart httpd

and it's done!

Configuring PHP

PHP comes with every single thing preconfigured for us but the default config isn't really good at some places like big file uploading or long lasting big requests to server. Or op-cache. Now what we're gonna do is do some changes on the PHP config file which is located at /etc/php.ini and change the settings we need to change.

OPcache

Opcache is needed for JIT or Just-in-time complication and it speeds things up when some changes on server or files are made. By default it's disabled. To enable it go to your Php config file (/etc/php.ini on my case) and add these lines just under the [opcache] header.

[opcache] // Don't copy that! 

opcahce.enable=1
opcache.save_comments=1  
opcache.jit=1255  
opcache.jit_buffer_size=512M  
opcache.revalidate_freq=30
opcache.interned_strings_buffer=64
opcache.memory_consumption=512

Big file uploads

By default file uploads on PHP is limited by 512Mbs but you can easly increase that by changing 4 lines on your php.ini file.

php_value upload_max_filesize 8G
php_value post_max_size 8G

As you can see there I set them to 8Gbs because it's what my server has as memory and I suggest you to set it like that. Don't put a bigger value than your memory. That could lead to data corruption.

I also suggest you to increase the max request time. The default values are 30 seconds and it isn't that enough when you try to upload big files over a slow connection.

php_value max_input_time 360
php_value max_execution_time 360

I set them as 6 minutes but you can set them much higher values if you need.

Now we finished with PHP. To make our changes take effect restart the php-fpm service and httpd using systemctl.

sudo systemctl restart php-fpm && sudo systemctl restart httpd

And only thing we left to do is creating TLS certificates using the CertBot.

HTTPS

So even tho https isn't specially needed for Nextcloud to function, it's a key part when it comes to security. And thanks to certbot it's so much easier to get one on your server.

In Certbot's website they only show you the snap way of installing certbot but I personally don't like the Snap package manager and since it's available on Rocky Linux repos, I'm going to install it from there. To intsall it, simply run the command

sudo dnf install certbot python3-certbot-apache

and run it with root privileges.

sudo certbot -i apache

Screenshot-2023-10-16-at-21.30.50.png On my case it gave me this error but after checking the apache configration file I see that it was using those certs for that. If that happens to you too, check your config file to see if certificates are there or not. If not you should go to help page on the Certbots website and try to get help from there.

So this was it. Now when you log into your Nextcloud server and head into Administration settings page you can see that it passes all the security checks and also it now loads faster.

Screenshot-2023-10-16-at-21.39.46.png I worked a lot for those tutorials and I hope it helps to you. When the Nextcloud 28 comes out I'll also show you how to update to that version and how I integrated Nextcloud with my devices and keep them in sync but it's another posts topic.

If you counter any problems, you can feel free to send me an email about your problem or can join to our Discord Server and get help from there.

I'm also planning something big and hopefully when I get things on it's way I'm gonna announce it. But there is still a lot of time for it. Until next time!

Reply via E-Mail

Thank You!

Batuhan Yılmaz - 16.10.2023 - 32/100