The purpose here is to separate nextcloud omv3x from omv4x. Not redo thin_x7 work. But also to keep close to it: nginx setup via plugins, MySQL too, minimum manual ssh. Nginx Vhost and specific php-fpm pool, plus MySQL with mariaDB, and nextcloud in a sharefolders.
Thanks to tinh_x7 guide , following the steps by step i was able to almost make it work for omv4.x, BUT I FAILED !!! MISERY MISERY
So i am thinking of reworking what he did using the same stepping and vamping his very good work until the blocking step.
I will use a OracleVM with latest omv4.0.17-1.
Pre-Installation Steps:
those omv-plugins are needed: mysql4.1.1, nginx4.0.2,
extra tools needed --> ssh login do: apt-get install wget zip unzip php7.0-curl php7.0-gd php-apcu
MYSQL
Using the mysql4.1.1 plugin, make sure you can access the mywebsql interface ( usually http://localhost/mysql/ ).
CREATE a empty nextcloud database ( i used netxcloudDB )
remember the login/password/ports you will use them later.
SHARE FOLDER AND ACL ( exactly as tinh_x7, with a little change for files localization )
Log into your OMV homepage, and go to Share Folders tab, and create a share folder call: www
for OMV4.x, the localisation is: ./sharedfolders/www
Via ssh create a folder name nextcloud
mkdir /sharedfolders/www/nextcloud/
and use the GUI to give this folder ACL read/write for user/group www-data
NGINX: exactly as thin_x7
pool
service/nginx/pools created new pools with:
name: nextcloud
comment: if needed
user: www-data
group: www-data
display error OFF
html error ON
30/128/8/2
5/2/1/3/0
extra option:
clear_env = no
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
server
service/nginx/server create new server with:
enable ON
directory device is www
use a document root ON
pubic directory OFF
port ( whatever you want except 80/443 ) 8080
default server OFF
ssl OFF ( because i will use letsencrypt plugin later, so your config might change here )
enable PHP ON
php-fpm pool ( use your poolname ) nextcloud
default config ON
use index html/php ON
log ON
EXTRA OPTION: ( i am not trying to mod enything from thin_x7 config, so lets roll, just one small change for max-age. I am aware of some problem with the headers but lets see them later)
add_header Strict-Transport-Security "max-age=3600; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = /robots.txt {
log_not_found off;
allow all;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 50G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass $socket;
fastcgi_intercept_errors on;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
END OF EXTRA OPTION
final nginx step:
service/nginx/setting
enable ON
ps: of course, i suppose you hit the double confirm each time it is needed .
NEXTCLOUD INSTALL
https://nextcloud.com/install/#instructions-server
Download the .tar.bz2 or .zip archive
ssh do:
cd /sharedfolders/www/
zip: wget https://download.nextcloud.com/server/releases/nextcloud-12.0.5.zip
unzip nextcloud-12.0.5.zip
chown -R www-data:www-data nextcloud
NEXTCLOUD CONFIG
point your browser to
http://192.168.1.58:8080/nextcloud/index.php --> error 503 means you did not do chown -R www-data:www-data nextcloud correctly
if no error, you will end up with this screen, dont forget to expend it to have full options:
create your nextcloud admin/password
use the mysql credential from the mysql plug in step
user: omvadmin password:xxxxx database name: nextcloudDB server-ports:yourconfighere
HERE COME TROUBLES !!!
just after finishing this setup, i end up in a 404 error http://192.168.1.58:8080/nextcloud/index.php/apps/files/
forget to say i clear cache/reboot nicely omv4x server, offert a cat to the god.
C'MON, who is going to find my stupid tiny mistake, because i am lost !!! And i am pretty sure this is a tiny stupid mistake !!!!