MBCDN

Dies ist eine alte Version des Dokuments!

Inhaltsverzeichnis

Docker
Installation
NGINX Proxy
User & Groups
File Permissions
Links

Kostenlose Cloud Lösung https://nextcloud.com/. Auch als Docker Image. Siehe hier.

Um den Hostname post-install anzupassen in die config.php den Parameter „overwritehost“ hinzufügen.

Docker

docker run -dit -p 80:80 nextcloud

Installation

Ubuntu 16.04

apt install apache2
apt install php7.0 libapache2-mod-php7.0 php7.0-intl php7.0-gd php7.0-json php7.0-mysql php7.0-common php7.0-curl php7.0-mbstring php7.0-mcrypt php7.0-xml php-imagick php7.0-zip
apt install mysql-server

MySQL starten und als root einloggen.

CREATE DATABASE nextcloud;
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'P@$$W0RD';
FLUSH PRIVILEGES;
exit;

Install nextcloud

cd /var/www
wget https://download.nextcloud.com/server/releases/latest-14.zip
unzip latest-14.zip
rm html
mv nextcloud html
chown -R www-data:www-data html
rm latest-14.zip

Modify /etc/apache2/sites-available/default-ssl.conf.

<VirtualHost *:80>
ServerAdmin admin@domain.com
DocumentRoot /var/www/html
ServerName localhost
ServerAlias domain.com

<Directory /var/www/html/>
    Options +FollowSymlinks
    AllowOverride All

    <IfModule mod_dav.c>
        Dav off
    </IfModule>

    SetEnv HOME /var/www/nextcloud
    SetEnv HTTP_HOME /var/www/nextcloud
</Directory>

Mods aktivieren

a2enmod rewrite headers env dir mime

Apache neu starten und Webinterface aufrufen.

NGINX Proxy

server {
    listen 443 ssl http2;
    server_name cloud.domain.local;

    # SSL-Zertifikate
    ssl_certificate /certs/certnew.pem;  # Dein Kombizertifikat (Server + CA)
    ssl_certificate_key /certs/server.key;  # Dein privater Schlüssel

    # SSL-Optimierung
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    add_header Content-Security-Policy "form-action 'self' https://cloud.domain.local;";

    # HSTS - Nur aktivieren, wenn HTTPS funktioniert!
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    # Proxy für Nextcloud (läuft lokal auf 8080)
    location / {
        proxy_pass http://localhost:8080;  # Hier wird der lokale Nextcloud-Server angesprochen
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header X-Forwarded-Ssl on;
    }

    # Weiterleitung von WebSockets für Nextcloud
    location ~ ^/nextcloud/(.*\.php|.*\.js|.*\.css|.*\.html|.*\.json|.*\.woff|.*\.svg|.*\.ttf|.*\.woff2)$ {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header X-Forwarded-Ssl on;
    }

    # Zugriffssteuerung (Standard-Dateien blockieren)
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }

    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }
}

# HTTP auf HTTPS weiterleiten
server {
    listen 80;
    server_name cloud.domain.local;
    return 301 https://$host$request_uri;
}

User & Groups

php occ user

user:add                 adds an account
user:add-app-password    Add app password for the named account
user:auth-tokens:add     [user:add-app-password] Add app password for the named account
user:auth-tokens:delete  Deletes an authentication token
user:auth-tokens:list    List authentication tokens of an user
user:clear-avatar-cache  clear avatar cache
user:delete              deletes the specified user
user:disable             disables the specified user
user:enable              enables the specified user
user:info                show user info
user:keys:verify         Verify if the stored public key matches the stored private key
user:lastseen            shows when the user was logged in last time
user:list                list configured users
user:report              shows how many users have access
user:resetpassword       Resets the password of the named user
user:setting             Read and modify user settings
user:sync-account-data   sync user backend data to accounts table for configured users

File Permissions

php occ files

files:cleanup                    cleanup filecache
files:copy                       Copy a file or folder
files:delete                     Delete a file or folder
files:get                        Get the contents of a file
files:move                       Move a file or folder
files:object:delete              Delete an object from the object store
files:object:get                 Get the contents of an object
files:object:put                 Write a file to the object store
files:put                        Write contents of a file
files:recommendations:recommend  Shows recommended files for an account
files:reminders                  List file reminders
files:repair-tree                Try and repair malformed filesystem tree structures
files:scan                       rescan filesystem
files:scan-app-data              rescan the AppData folder
files:transfer-ownership         All files and folders are moved to another user - outgoing shares and incoming user file shares (optionally) are moved as well.

# Transfer ownership
php occ files:transfer-ownership User1 User2
php occ files:transfer-ownership --path="User1/files" User1 User2

MBCDN

Benutzer-Werkzeuge

Webseiten-Werkzeuge