chris/nextcloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b3f2006650ff9c5c4b9b814ff57e21ae2b4cad55
nextcloud/README.md
T
chris b3f2006650 Add README.md
2026-05-29 18:29:17 +00:00

5.4 KiB
Raw Blame History

Nextcloud - nc.wittenberger.us

Self-hosted Nextcloud instance running on a bare metal Ubuntu VM with Apache + PHP 8.3 and a MySQL backend.

Repository Contents

nextcloud/
├── configs/
│   ├── config.php                        # Nextcloud application config (secrets redacted)
│   ├── nc.wittenberger.us.conf           # Apache HTTP vhost (port 80, redirects to HTTPS)
│   ├── nc.wittenberger.us-le-ssl.conf    # Apache HTTPS vhost (port 443, SSL + RemoteIP)
│   └── php.ini                           # PHP 8.3 config (apache2 SAPI)
└── README.md

Stack

  • Nextcloud v33.0.3.2
  • Apache2 - HTTP/HTTPS, mod_ssl, mod_remoteip, mod_rewrite
  • PHP 8.3 - mod_php (apache2 SAPI)
  • MySQL - database backend (nextcloud db, localhost)
  • Redis - distributed locking (memcache.locking, localhost:6379)
  • APCu - local memory cache (memcache.local)
  • Let's Encrypt - SSL via Certbot (/etc/letsencrypt/live/nc.wittenberger.us/)

Prerequisites

  • Ubuntu VM with Apache2, PHP 8.3, MySQL, Redis installed
  • PHP extensions: apcu, opcache, pdo_mysql, mbstring, intl, gd, curl, zip, xml
  • Certbot for SSL certificate management
  • Cloudflare in front of the server (NPM on a separate host handles proxying)

Key PHP Settings

The following values in configs/php.ini are tuned specifically for Nextcloud - these differ from PHP defaults:

Directive Value Reason
memory_limit 512M Nextcloud recommendation
upload_max_filesize 200G Large file uploads
post_max_size 200G Large file uploads
max_execution_time 360 Long-running operations
opcache.enable 1 Performance
opcache.memory_consumption 512 Performance
opcache.interned_strings_buffer 16 Performance
opcache.max_accelerated_files 10000 Performance
date.timezone America/Chicago Local timezone

Apache Configuration

Two vhost files in configs/:

nc.wittenberger.us.conf (port 80) - redirects all HTTP traffic to HTTPS via mod_rewrite.

nc.wittenberger.us-le-ssl.conf (port 443) - main vhost. Notable settings:

  • RemoteIPHeader X-Forwarded-For with all Cloudflare IP ranges trusted via RemoteIPTrustedProxy
  • NPM reverse proxy IP (10.10.14.199) also trusted
  • HSTS header set via mod_headers: max-age=15552000; includeSubDomains
  • SSL via Let's Encrypt; includes /etc/letsencrypt/options-ssl-apache.conf

The RemoteIPTrustedProxy list should be kept in sync with the Cloudflare IP ranges in config.php's trusted_proxies array and the NPM host's http_top.conf. All three need updating when Cloudflare adds new ranges.

Nextcloud Configuration (config.php)

Key settings (see configs/config.php for full file):

Setting Value
dbtype mysql
dbhost localhost
memcache.local APCu
memcache.locking Redis
redis.host localhost:6379
maintenance_window_start 6 (6 AM UTC)
default_phone_region US
mail_smtpport 587
REVERSE_PROXY_LIMIT 2

Secrets to fill in after cloning:

Placeholder Description
instanceid Auto-generated, do not change on restore
passwordsalt Auto-generated, do not change on restore
secret Auto-generated, do not change on restore
trusted_domains Your FQDN and LAN IP
trusted_proxies NPM host IP + Cloudflare ranges
dbpassword MySQL password for nextcloud user
mail_smtphost / mail_smtppassword SMTP credentials
INTERNAL_TOKEN / JWT_SECRET Auto-generated, restore from backup

Background Jobs (Cron)

Nextcloud background tasks run via system cron as root every 5 minutes:

*/5 * * * * php -f /var/www/nc.wittenberger.us/cron.php

To restore after accidental removal:

Verify cron mode is set to Cron (not Ajax or Webcron) under Administration → Basic Settings in the Nextcloud UI.

SSL Certificates

Managed by Certbot. Certificates live at /etc/letsencrypt/live/nc.wittenberger.us/. Auto-renewal is handled by the system certbot.timer - verify with:

systemctl status certbot.timer

Backups

What Where
Nextcloud files /var/www/nc.wittenberger.us/
User data /var/www/nc.wittenberger.us/data/ (or custom datadirectory)
Database mysqldump -u nextcloud -p nextcloud > nextcloud_$(date +%F).sql
Config config.php (this repo, secrets stored separately)
SSL certs /etc/letsencrypt/

Updating Nextcloud

Use the built-in web updater or occ:

cd /var/www/nc.wittenberger.us
sudo -u www-data php occ upgrade

After updates, clear opcache and verify background jobs are still running.

Troubleshooting

Incorrect IP in logs / Nextcloud security warning about reverse proxy Verify trusted_proxies in config.php matches the RemoteIPTrustedProxy entries in the SSL vhost and that REVERSE_PROXY_LIMIT is set correctly.

Background jobs not running Check cron is active: crontab -l. Verify mode in Admin → Basic Settings.

Redis connection errors

systemctl status redis
redis-cli ping

Opcache issues after update

systemctl restart apache2

Check Nextcloud logs

tail -f /var/www/nc.wittenberger.us/data/nextcloud.log
Reference in New Issue View Git Blame Copy Permalink