TrueNAS/docker-apps
TrueNAS/docker-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8801f142f1
docker-apps/nextcloud/nextcloud_jm.txt
Chris d067d5f1f7 first commit
2025-04-03 22:57:52 +02:00

298 lines
13 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# https://github.com/nextcloud/docker
# https://github.com/nextcloud/docker?tab=readme-ov-file#running-this-image-with-docker-compose
# https://api.onlyoffice.com/docs/docs-api/get-started/ready-to-use-connectors/nextcloud-integration/
Create user and group
---------------------
Credentials -> Local Groups -> Add
GID: 33
Name: www-data
Save
Credentials -> Local Users -> Add
Full Name: www-data
Username: www-data
Disable Password: <select>
Email: <leave blank>
UID: 33
Create New Primary Group: <unselect>
Primary Group: www-data
Create Home Directory: <uncheck>
Samba Authentication: <uncheck>
Save
www-data UID: 82 #33
www-data GID: 82 #33
Create datasets
---------------
# In Truenas shell:
# list datasets
zfs list | grep -i "docker.*nextcloud"
zfs list | grep -i "NData2.*nextcloud"
# create following datasets if not present
zfs create SSD1/docker/data/nextcloud
zfs create SSD1/docker/data/nextcloud/appdata
zfs create SSD1/docker/data/nextcloud/config
zfs create SSD1/docker/data/nextcloud/custom_apps
zfs create SSD1/docker/data/nextcloud/themes
zfs create SSD1/docker/data/nextcloud/redis
zfs create SSD1/docker/data/nextcloud/nginx
zfs create SSD1/docker/data/nextcloud/pgdata
zfs create SSD1/docker/data/nextcloud/pgbackups
chown -R www-data:www-data /mnt/SSD1/docker/data/nextcloud
chown -R postgres:postgres /mnt/SSD1/docker/data/nextcloud/pgdata
chown -R postgres:postgres /mnt/SSD1/docker/data/nextcloud/pgbackups
zfs create stpool1/NData2/bulkstore
zfs create stpool1/NData2/bulkstore/nextcloud
zfs create stpool1/NData2/bulkstore/nextcloud/data
chown -R www-data:www-data /mnt/stpool1/NData2/bulkstore/nextcloud
Create folders
--------------
mkdir -p /mnt/SSD1/docker/stacks/nextcloud/secrets
If not done already, add mapping for 2nd pool's appdata in jail config
----------------------------------------------------------------------
# the folder where appdata for nextcloud is stored is /mnt/stpool1/NData2/appdata/nextcloud
On Truenas shell:
jlmkr edit docker
Add the following args to "systemd_nspawn_user_args":
--bind='/mnt/stpool1/NData2/bulkstore:/mnt/bulkstore'
jlmkr restart docker
Enabling outgoing connections for nextcloud
-------------------------------------------
# If your server has multiple network connections, there could be a need to use a specific network interface to use for outgoing connections.
# Use the following steps to enable it:
#
# list available networks
docker network ls
# check if the "traefik-net" network is listed. The "traefik-net" network is created by the "networks" project
# if not present, execute the following command in docker shell to create the "traefik-net" network
docker network create --attachable --opt com.docker.network.bridge.name=traefik-net --opt com.docker.network.bridge.enable_ip_masquerade=false traefik-net
# execute the following to enable outgoing connections for on this network
# first, check the subnet of traefik-net
docker inspect traefik-net | grep "Subnet"
# note the subnet
# second, check the ip address of docker / host, replacing <interface name> with the name of the interface that will be used for outgoing connections
# note the host ip
ip a | grep <interface name>
# use in the following command, replacing <SUBNET> with the noted subnet and <HOST IP> noted host ip
iptables -t nat -A POSTROUTING -s <SUBNET> ! -o traefik-net -j SNAT --to-source <HOST IP>
# to delete the iptable entry added above, use the same iptables command but replace the "-A" with a "-D"
# check for SNAT entry with following command:
# iptables -t nat -L
Copy folder to docker stacks
----------------------------
# In Windows cmd shell in nextcloud folder, enter:
./cp2nas
# or
pscp -P 22 -r stacks/*.* root@192.168.2.2:/mnt/SSD1/docker/stacks/nextcloud/
Create secrets
--------------
# In Truenas shell:
cd /mnt/SSD1/docker/stacks/nextcloud/secrets
echo -n 'admin' > /mnt/SSD1/docker/stacks/nextcloud/secrets/nextcloud_admin_username
echo -n 'your_admin_password' > /mnt/SSD1/docker/stacks/nextcloud/secrets/nextcloud_admin_password
echo -n 'your_postgresql_database_name' > /mnt/SSD1/docker/stacks/nextcloud/secrets/nextcloud_postgresql_database
echo -n 'postgres' > /mnt/SSD1/docker/stacks/nextcloud/secrets/nextcloud_postgresql_username
openssl rand 64 | base64 -w 0 | sed 's/[\$,\#,/,+,=]//g' | cut -c -62 | tr -d '\n' > /mnt/SSD1/docker/stacks/nextcloud/secrets/nextcloud_postgresql_password
openssl rand 64 | base64 -w 0 | sed 's/[\$,\#,/,+,=]//g' | cut -c -50 | tr -d '\n' > /mnt/SSD1/docker/stacks/nextcloud/secrets/nextcloud_redis_password
# restrict access
chown -R www-data:www-data /mnt/SSD1/docker/stacks/nextcloud/secrets/
chmod -R 400 /mnt/SSD1/docker/stacks/nextcloud/secrets/
# read existing acl permissions, if any
getfacl /mnt/SSD1/docker/stacks/nextcloud/secrets
# set acl permissions
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/nextcloud/secrets
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/nextcloud/secrets/nextcloud_postgresql_password
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/nextcloud/secrets/nextcloud_postgresql_username
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/nextcloud/secrets/nextcloud_postgresql_database
# NB! if you want to remove all acl entries from a folder recursively, use setfacl -b -R <foldername>
# to list secrets in secrets dir
cd /mnt/SSD1/docker/stacks/nextcloud/secrets
for i in $(ls -1); do echo $i = `cat $i`; done | sort
Migration
---------
# you do this at your own risk
Old installation (truecharts) New installation (on docker)
----------------------------- ----------------------------
/mnt/stpool1/apps/nextcloud /mnt/SSD1/docker/data/nextcloud/config
/mnt/stpool1/appdata/nextcloud/html /mnt/SSD1/docker/data/nextcloud/appdata
/mnt/stpool1/appdata/nextcloud/userdata /mnt/stpool1/NData2/bulkstore/nextcloud/data
# Stop old/source nextcloud
heavyscript app --stop nextcloud
# Stop new/target nextcloud
# On Dockge, select nextcloud and click stop & inactive
# Copy the source Library to target folder:
cp -rp /mnt/stpool1/apps/nextcloud/. /mnt/SSD1/docker/data/nextcloud/config/
cp -rp /mnt/stpool1/appdata/nextcloud/html/. /mnt/SSD1/docker/data/nextcloud/appdata
cp -rp /mnt/stpool1/appdata/nextcloud/userdata/. /mnt/stpool1/NData2/bulkstore/nextcloud/data
# Change ownership of copied folders
chown -R www-data:www-data /mnt/SSD1/docker/data/nextcloud /mnt/stpool1/NData2/bulkstore/nextcloud/data
Getting upgrading error message?
-------------------------------
# if you get an upgrading error message, then you need to perform a step wise upgrade until you end up with the desired release
# for example, if the error message you get is:
Can't start Nextcloud because upgrading from 28.0.2.5 to 30.0.0.14 is not supported.
# then you will have to go through the following steps:
# in Dockge, click Edit and set tag in compose.yml image setting to:
nextcloud:28.0.10-fpm
# click Save
# click Start; wait till startup is done
# click Stop & Inactive; wait till all containers have stopped
# in Dockge, click Edit and set tag in compose.yml image setting to:
nextcloud:29.0.7-fpm
# click Save
# click Start; wait till startup is done
# click Stop & Inactive; wait till all containers have stopped
# in Dockge, click Edit and set tag in compose.yml image setting to:
nextcloud:30.0.0-fpm
# click Save
# click Start; wait till startup is done
# Navigate to nextcloud using browser
Verify config settings in config.php
------------------------------------
nano /mnt/data/nextcloud/config/config.php
# verify the following settings to align with the new nextcloud installation:
'dbtype' => 'pgsql',
'version' => '28.0.2.5',
'overwrite.cli.url' => 'nextcloud.example.com', # update if required
'dbname' => 'nextcloud', # update if required
'dbhost' => 'nextcloud_postgresql', # updated
'dbport' => '5432', # update if required
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud', # update if required
'dbpassword' => 'your very strong password', # update
....
'redis' =>
array (
'host' => 'nextcloud-redis',
'password' => 'your very strong password', # update
'port' => '6379', # update if required
),
'overwritehost' => 'nextcloud.example.com', # update if required
'overwriteprotocol' => 'https',
....
'onlyoffice' =>
array (
'jwt_secret' => 'your_onlyoffice_jwt_secret', # obtain from onlyoffice and update
'jwt_header' => 'Authorization',
),
....
'mail_from_address' => 'your_email_from_address', # update all
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_domain' => 'your_email_domainname',
'mail_smtphost' => 'your_email_smtp_host',
'mail_smtpport' => '25',
'mail_smtpauth' => 1,
'mail_smtpname' => 'your_email_smtp_username',
'mail_smtppassword' => 'your_email_smtp_password',
....
'trusted_domains' =>
array (
0 => '127.0.0.1', # update all with your trusted domains
1 => 'localhost',
2 => 'nextcloud',
3 => 'nextcloud-*',
4 => '*.sthome.org',
5 => '*.sthome.net',
6 => '*.sthome.lan',
7 => 'onlyoffice.sthome.org',
....
'trusted_proxies' =>
array (
0 => '172.16.0.0/16', # update with traefik network CIDR
),
Please note
-----------
# 1. It seems like nextcloud works only correctly with PUID=33 and PGID=33?
# 2. The NEXTCLOUD_TRUSTED_DOMAINS environment variable is ineffective after the first install. It seems to be ignored after the config/config.php file has been initialised.
# If the config, e.g. trusted domains setting requires editing, do it in config/config.php, for example:
nano /mnt/SSD1/docker/data/nextcloud/config
'trusted_domains' =>
array (
0 => 'localhost',
1 => '*.example.com',
2 => '*.example.net',
),
It is advisable to keep the environment variables in step with changes made to the config/config.php settings.
Backup old nextcloud
--------------------
#https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html
# on truenas:
sudo -u www-data php occ maintenance:mode --on
rsync -Aavx /mnt/stpool1/apps/nextcloud/ /mnt/SSD1/docker/data/nextcloud/nextcloud-dirbkp_`date +"%Y%m%d"`/config/
rsync -Aavx /mnt/stpool1/appdata/nextcloud/html/ /mnt/SSD1/docker/data/nextcloud/nextcloud-dirbkp_`date +"%Y%m%d"`/appdata/
rsync -Aavx /mnt/stpool1/appdata/nextcloud/userdata/ /mnt/stpool1/NData2/bulkstore/nextcloud/nextcloud-dirbkp_`date +"%Y%m%d"`/data
# to back db, use: PGPASSWORD="password" pg_dump [db_name] -h [server] -U [username] -f nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
PGPASSWORD="UfxuRXEX9okv0kSIjPM1PBnKev3UQaKL6rXpnsnIoFBJB6U3lKJyXZPgnwSXrl" pg_dump nextcloud -h nextcloud-cnpg-main-rw.ix-nextcloud.svc.cluster.local -U nextcloud -f /mnt/SSD1/docker/data/nextcloud/pgbackups/nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
Restore to new nextcloud
------------------------
rsync -Aax /mnt/SSD1/docker/data/nextcloud/nextcloud-dirbkp_`date +"%Y%m%d"`/config/ /mnt/SSD1/docker/data/nextcloud/config/
rsync -Aax /mnt/SSD1/docker/data/nextcloud/nextcloud-dirbkp_`date +"%Y%m%d"`/appdata/ /mnt/SSD1/docker/data/nextcloud/appdata/
rsync -Aax /mnt/stpool1/NData2/bulkstore/nextcloud/nextcloud-dirbkp_`date +"%Y%m%d"`/data /mnt/stpool1/NData2/bulkstore/nextcloud/data
PGPASSWORD="password" psql -h [server] -U [username] -d template1 -c "DROP DATABASE \"nextcloud\";"
PGPASSWORD="password" psql -h [server] -U [username] -d template1 -c "CREATE DATABASE \"nextcloud\";"
PGPASSWORD="password" psql -h [server] -U [username] -d nextcloud -f nextcloud-sqlbkp.bak
Setting up nextcloud
--------------------
# start nextcloud using Dockge
# login to nextcloud as admin and go to Administration settings -> Basic settings
# Setup Email server
#
# go to Administration settings -> Overview
# wait for "Security & setup warnings" scan to complete
# check for any warnings; see examples below how to fix
#
1. setting maintenance window
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# in docker shell execute the following using nextcloud www-data user (82) to set window to start at 11:pm UTC
docker exec -u 82 nextcloud-app-1 /var/www/html/occ config:system:set maintenance_window_start --type=integer --value=23
#
2. adding database indices after upgrade
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# in docker shell, run the following commands after nextcloud upgrade
# first, set maintenance mode on
docker exec -u 82 nextcloud-app-1 /var/www/html/occ maintenance:mode --on
# above should return "Maintenance mode enabled"
# run following commands
docker exec -u 82 nextcloud-app-1 /var/www/html/occ db:add-missing-columns
docker exec -u 82 nextcloud-app-1 /var/www/html/occ db:add-missing-indices
docker exec -u 82 nextcloud-app-1 /var/www/html/occ db:add-missing-primary-keys
# turn off maintenance mode
docker exec -u 82 nextcloud-app-1 /var/www/html/occ maintenance:mode --off
# above should return "Maintenance mode disabled"
#
3. Migrating available mimetypes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# in docker shell, enter:
docker exec -u 82 nextcloud-app-1 /var/www/html/occ maintenance:repair --include-expensive
#
4. Setting default phone region
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
docker exec -u 82 nextcloud-app-1 /var/www/html/occ config:system:set default_phone_region --type=string --value=ZA
Configure OnlyOffice in nextcloud
---------------------------------
# Login to nextcloud as admin
# Browse to nextcloud admin settings
Click on top left icon (new install has an 'A') -> Apps (below Administration settings)
# Search for onlyoffice
Click on search icon (top left magnifying glass) and enter onlyoffice
Reference in New Issue View Git Blame Copy Permalink