==============
cloud.libre.is
==============
Administrator documentation for Libre Cloud.

  `<https://cloud.libre.is/>`_

The site is based on Nextcloud software.

  `<https://nextcloud.com/>`_

Nextcloud install documentation:

  `<https://docs.nextcloud.com/server/latest/admin_manual/installation/index.html>`_

  `<https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html>`_


Firewall
========
Open ports 80 and 443.

.. code-block:: cfg

  -A INPUT -p tcp --dport 80 -j ACCEPT
  -A INPUT -p tcp --dport 443 -j ACCEPT


Apache
======
Initial setup of Apache with Certbot.

.. code-block:: sh

  sudo su -
  apt install python3-certbot-apache php php-fpm php-gd php-json php-xml \
    php-curl php-mbstring php-zip php-mysql php-intl php-imap php-bcmath \
    php-gmp php-apcu php-redis php-imagick imagemagick ffmpeg \
    redis-server
  echo "cloud.libre.is" > /var/www/html/index.html
  certbot -d cloud.libre.is
  a2enmod rewrite headers env dir mime setenvif ssl proxy_fcgi
  a2enconf php8.2-fpm
  systemctl restart apache2

Some PHP config...XXX

.. code-block:: sh

  sed -i -e 's/max_execution_time = 30/max_execution_time = 90/g' \
    /etc/php/8.2/apache2/php.ini
  sed -i -e 's/max_execution_time = 30/max_execution_time = 90/g' \
    /etc/php/8.2/cli/php.ini
  sed -i -e 's/max_execution_time = 30/max_execution_time = 90/g' \
    /etc/php/8.2/fpm/php.ini
  sed -i -e 's/memory_limit = 128M/memory_limit = 512M/g' \
    /etc/php/8.2/apache2/php.ini
  sed -i -e 's/memory_limit = 128M/memory_limit = 512M/g' \
    /etc/php/8.2/cli/php.ini 
  sed -i -e 's/memory_limit = 128M/memory_limit = 512M/g' \
    /etc/php/8.2/fpm/php.ini 
  sed -i -e 's/;opcache.enable=1/opcache.enable=1/g' \
    /etc/php/8.2/apache2/php.ini
  sed -i -e 's/;opcache.enable=1/opcache.enable=1/g' \
    /etc/php/8.2/cli/php.ini 
  sed -i -e 's/;opcache.enable=1/opcache.enable=1/g' \
    /etc/php/8.2/fpm/php.ini
  systemctl restart apache2


Database
========
Use MariaDB for the databse.

  `<https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/linux_database_configuration.html>`_

.. code-block:: sh

  sudo apt install mariadb-server
  sudo mariadb-admin password
  mariadb -uroot -p

Then in the database:

.. code-block:: sql

  CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'password';
  CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
  GRANT ALL PRIVILEGES on nextcloud.* to 'nextcloud'@'localhost';
  FLUSH PRIVILEGES;
  EXIT

Edit /etc/mysql/my.cnf to look like this:

.. code-block:: cfg

  [server]
  skip_name_resolve = 1
  innodb_buffer_pool_size = 128M
  innodb_buffer_pool_instances = 1
  innodb_flush_log_at_trx_commit = 2
  innodb_log_buffer_size = 32M
  innodb_max_dirty_pages_pct = 90
  query_cache_type = 1
  query_cache_limit = 2M
  query_cache_min_res_unit = 2k
  query_cache_size = 64M
  tmp_table_size= 64M
  max_heap_table_size= 64M
  slow_query_log = 1
  slow_query_log_file = /var/log/mysql/slow.log
  long_query_time = 1
  
  [client-server]
  !includedir /etc/mysql/conf.d/
  !includedir /etc/mysql/mariadb.conf.d/
  
  [client]
  default-character-set = utf8mb4
  
  [mysqld]
  character_set_server = utf8mb4
  collation_server = utf8mb4_general_ci
  transaction_isolation = READ-COMMITTED
  binlog_format = ROW
  innodb_large_prefix=on
  innodb_file_format=barracuda
  innodb_file_per_table=1

Restart database:

.. code-block:: sh

  systemctl restart mariadb.service

Edit PHP file /etc/php/8.2/apache2/conf.d/20-pdo_mysql.ini for MariaDB.
XXX maybe too:
/etc/php/8.2/cli/conf.d/20-pdo_mysql.ini
/etc/php/8.2/fpm/conf.d/20-pdo_mysql.ini

.. code-block:: cfg

  extension=pdo_mysql.so
  
  [mysql]
  mysql.allow_local_infile=On
  mysql.allow_persistent=On
  mysql.cache_size=2000
  mysql.max_persistent=-1
  mysql.max_links=-1
  mysql.default_port=
  mysql.default_socket=/run/mysqld/mysqld.sock
  mysql.default_host=
  mysql.default_user=
  mysql.default_password=
  mysql.connect_timeout=60
  mysql.trace_mode=Off

Then restart apache...

.. code-block:: sh

  sudo systemctl restart apache2

redis
=====
Make some redis config changes.
Edit /etc/redis/redis.conf

.. code-block:: cfg

  bind 127.0.0.1
  unixsocket /run/redis/redis-server.sock
  unixsocketperm 770

Then restart redis.

.. code-block:: sh

  sudo systemctl restart redis-server


Nextcloud
=========
Get Nextcloud source.

.. code-block:: sh

  wget https://download.nextcloud.com/server/releases/latest.tar.bz2
  wget https://download.nextcloud.com/server/releases/latest.tar.bz2.sha256
  cat latest.tar.bz2.sha256 ; sha256sum latest.tar.bz2
  tar xf latest.tar.bz2
  sudo cp -a nextcloud/* /var/www/html/nextcloud/
  sudo cp -a nextcloud/.htaccess nextcloud/.user.ini /var/www/html/nextcloud/
  sudo chown -R www-data:www-data /var/www/html/nextcloud/


Apache More
===========
Set up Apache for nextcloud.

Remove the old configs:

.. code-block::

  rm /etc/apache2/sites-enabled/000-default.conf \
    /etc/apache2/sites-enabled/000-default-le-ssl.conf

Then add file /etc/apache2/sites-available/cloud-libre-is.conf
with these contents:

.. code-block:: apache

  <VirtualHost 70.39.110.157:80>
          ServerName cloud.libre.is
          ServerAdmin webmaster@localhost
          DocumentRoot /var/www/html/nextcloud
          ErrorLog ${APACHE_LOG_DIR}/error-cloud-libre-is.log
          CustomLog ${APACHE_LOG_DIR}/access-cloud-libre-is.log combined
          RewriteEngine on
          ReWriteCond %{HTTPS} off
          ReWriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
          RewriteCond %{SERVER_NAME} =cloud.libre.is
          RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
  </VirtualHost>
  
  <VirtualHost 70.39.110.157:443>
          ServerName cloud.libre.is
          ServerAdmin webmaster@localhost
          DocumentRoot /var/www/html/nextcloud
          ErrorLog ${APACHE_LOG_DIR}/error-ssl-cloud-libre-is.log
          CustomLog ${APACHE_LOG_DIR}/access-ssl-cloud-libre-is.log combined
          Include /etc/letsencrypt/options-ssl-apache.conf
          SSLCertificateFile /etc/letsencrypt/live/cloud.libre.is/fullchain.pem
          SSLCertificateKeyFile /etc/letsencrypt/live/cloud.libre.is/privkey.pem
        <Directory /var/www/html/nextcloud/>
          Require all granted
          AllowOverride All
          Options FollowSymLinks MultiViews
          <IfModule mod_dav.c>
            Dav off
          </IfModule>
        </Directory>
  </VirtualHost>
  # vim: syntax=apache ts=4 sw=4 sts=4 sr noet


Symlink it to enable it, then restart apache.

.. code-block:: sh

  sudo ln -s /etc/apache2/sites-available/cloud-libre-is.conf \
    /etc/apache2/sites-enabled/
  rm /var/www/html/index.html
  sudo systemctl restart apache2


Nextcloud Admin
===============
Now go to the new site and configure via web browser:

  `<https://cloud.libre.is/>`_

Create an admin account with password.

Settings:

* Database: nextcloud
* Database user: nextcloud
* Database password: password used when creating nextcloud db above.
* Install recommended apps. After installing apps, it appears to hang at the dashboard with just
  a big white box. Clicking outside the box fixes it.
* Click in upper right corner icon and go to "Administration Settings".


Make some config changes. Edit
/var/www/html/nextcloud/config/config.php
and add under "'installed' => true," this:

.. code-block:: cfg

    'htaccess.RewriteBase' => '/',
    'memcache.local' => '\\OC\\Memcache\\APCu',
    # 'memcache.distributed' => '\\OC\\Memcache\\Redis',
    'memcache.locking' => '\\OC\\Memcache\\Redis',
    'redis' =>
    array (
      'host' => '/run/redis/redis-server.sock',
      'port' => 0,
    ),
    'maintenance_window_start' => 1,
    'default_language' => 'en',
    'force_language' => 'en',
    'default_locale' => 'en_US',
    'force_locale' => 'en_US',
    'default_phone_region' => 'US',
    'default_timezone' => 'America/New_York',
    'knowledgebaseenabled' => false,
    'mail_domain' => 'libre.is',
    'overwritehost' => 'cloud.libre.is',
    'overwriteprotocol' => 'https',
    'updatechecker' => false,
    'defaultapp' => 'calendar,tasks',
    'mail_smtpmode' => 'smtp',
    'mail_smtpsecure' => 'ssl',
    'mail_sendmailmode' => 'smtp',
    'maintenance' => false,

Note, memcache.distributed is borken.

Edit /etc/php/8.2/apache2/php.ini and /etc/php/8.2/fpm/php.ini
in the [opcache] section, set these values then restart apache:

.. code-block:: ini

  opcache.enable=1
  opcache.enable_cli=0
  opcache.memory_consumption=512
  opcache.interned_strings_buffer=64
  opcache.max_accelerated_files=50000
  opcache.max_wasted_percentage=15
  opcache.validate_timestamps=0
  opcache.revalidate_freq=0
  opcache.save_comments=1




Update config. The config script needs a wrapper to run from the command line.
Create /usr/local/sbin/nextcloud-occ with these contents:

.. code-block:: sh

  #!/bin/bash
  sudo -u www-data php --define apc.enable_cli=1 /var/www/html/nextcloud/occ "$@"

Then make it executable:

.. code-block:: sh

  chown root:root /usr/local/sbin/nextcloud-occ
  chmod 700 /usr/local/sbin/nextcloud-occ


Run OCC updates:

.. code-block:: sh

  sudo nextcloud-occ maintenance:update:htaccess
  sudo nextcloud-occ maintenance:repair --include-expensive
  sudo nextcloud-occ db:add-missing-indices


Background jobs:

  `<https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html>`_

FPM config:

  `<https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html>`_
  `<https://www.php.net/manual/en/install.fpm.php>`_


Move the install log out of the way:

.. code-block:: sh

  sudo mv /var/www/html/nextcloud/data/nextcloud.log \
    /var/www/html/nextcloud/data/nextcloud-install.log