==============
cloud.libre.is
==============
Administrator documentation for Libre Cloud.

  `<https://cloud.libre.is/>`_

The site is based on Nextcloud software.

  `<https://nextcloud.com/>`_

Nextcloud install documentation:

  `<https://docs.nextcloud.com/server/latest/admin_manual/installation/index.html>`_

  `<https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html>`_


Firewall
========
Open ports 80 and 443.

.. code-block:: cfg

  -A INPUT -p tcp --dport 80 -j ACCEPT
  -A INPUT -p tcp --dport 443 -j ACCEPT


Apache
======
Initial setup of Apache with Certbot.

.. code-block:: sh

  sudo su -
  apt install python3-certbot-apache php php-fpm php-gd php-json php-xml \
    php-curl php-mbstring php-zip php-mysql php-intl php-imap php-bcmath \
    php-gmp php-apcu php-redis php-imagick imagemagick ffmpeg
  echo "cloud.libre.is" > /var/www/html/index.html
  certbot -d cloud.libre.is
  a2enmod rewrite headers env dir mime setenvif ssl proxy_fcgi
  a2enconf php8.2-fpm
  systemctl restart apache2

Some PHP config...XXX

.. code-block:: sh

  sed -i -e 's/max_execution_time = 30/max_execution_time = 90/g' \
    /etc/php/8.2/apache2/php.ini
  sed -i -e 's/max_execution_time = 30/max_execution_time = 90/g' \
    /etc/php/8.2/cli/php.ini
  sed -i -e 's/max_execution_time = 30/max_execution_time = 90/g' \
    /etc/php/8.2/fpm/php.ini
  sed -i -e 's/memory_limit = 128M/memory_limit = 512M/g' \
    /etc/php/8.2/apache2/php.ini
  sed -i -e 's/memory_limit = 128M/memory_limit = 512M/g' \
    /etc/php/8.2/cli/php.ini 
  sed -i -e 's/memory_limit = 128M/memory_limit = 512M/g' \
    /etc/php/8.2/fpm/php.ini 
  sed -i -e 's/;opcache.enable=1/opcache.enable=1/g' \
    /etc/php/8.2/apache2/php.ini
  sed -i -e 's/;opcache.enable=1/opcache.enable=1/g' \
    /etc/php/8.2/cli/php.ini 
  sed -i -e 's/;opcache.enable=1/opcache.enable=1/g' \
    /etc/php/8.2/fpm/php.ini
  systemctl restart apache2




Database
========
Use MariaDB for the databse.

  `<https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/linux_database_configuration.html>`_

.. code-block:: sh

  sudo apt install mariadb-server
  sudo mariadb-admin password
  mariadb -uroot -p

Then in the database:

.. code-block:: sql

  CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
  CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
  GRANT ALL PRIVILEGES on nextcloud.* to 'username'@'localhost';
  EXIT



Nextcloud
=========
Get Nextcloud source.

.. code-block:: sh

  wget https://download.nextcloud.com/server/releases/latest.tar.bz2
  wget https://download.nextcloud.com/server/releases/latest.tar.bz2.sha256
  cat latest.tar.bz2.sha256 ; sha256sum latest.tar.bz2
  tar xf latest.tar.bz2
  sudo cp -a nextcloud/* /var/www/html/nextcloud/
  sudo cp -a nextcloud/.htaccess nextcloud/.user.ini /var/www/html/nextcloud/
  sudo chown -R www-data:www-data /var/www/html/nextcloud/


Apache More
===========
Set up Apache for nextcloud.

.. code-block:: apache

  <VirtualHost 70.39.110.157:80>
          ServerName cloud.libre.is
          ServerAdmin webmaster@localhost
          DocumentRoot /var/www/html/nextcloud
          ErrorLog ${APACHE_LOG_DIR}/error-cloud-libre-is.log
          CustomLog ${APACHE_LOG_DIR}/access-cloud-libre-is.log combined
          RewriteEngine on
          ReWriteCond %{HTTPS} off
          ReWriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  	RewriteCond %{SERVER_NAME} =cloud.libre.is
  	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
  	Alias /nextcloud "/var/www/html/nextcloud/"
          Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  	<Directory /var/www/html/nextcloud/>
  	  Require all granted
  	  AllowOverride All
  	  Options FollowSymLinks MultiViews
  	  <IfModule mod_dav.c>
  	    Dav off
  	  </IfModule>
  	</Directory>
  </VirtualHost>
  
  <VirtualHost 70.39.110.157:443>
          ServerName cloud.libre.is
          ServerAdmin webmaster@localhost
          DocumentRoot /var/www/html/nextcloud
          ErrorLog ${APACHE_LOG_DIR}/error-cloud-libre-is.log
          CustomLog ${APACHE_LOG_DIR}/access-cloud-libre-is.log combined
          RewriteEngine on
          ReWriteRule ^(.*)$ https://%1$1 [L,R=301]
          ErrorDocument 404 /en/404.html
          #Include /etc/letsencrypt/options-ssl-apache.conf
  	Include /etc/letsencrypt/options-ssl-apache.conf
          SSLCertificateFile /etc/letsencrypt/live/cloud.libre.is/fullchain.pem
  	SSLCertificateKeyFile /etc/letsencrypt/live/cloud.libre.is/privkey.pem
  	Alias /nextcloud "/var/www/html/nextcloud/"
          Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  	<Directory /var/www/html/nextcloud/>
  	  Require all granted
  	  AllowOverride All
  	  Options FollowSymLinks MultiViews
  	  <IfModule mod_dav.c>
  	    Dav off
  	  </IfModule>
  	</Directory>
  </VirtualHost>
  # vim: syntax=apache ts=4 sw=4 sts=4 sr noet


Nextcloud Config
================
Config changes:

.. code-block:: cfg

  'overwrite.cli.url' => 'https://cloud.libre.is/',
  'htaccess.RewriteBase' => '/',

Update config:

.. code-block:: sh

  sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess

Background jobs:

  `<https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html>`_

FPM config:

  `<https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html>`_
  `<https://www.php.net/manual/en/install.fpm.php>`_