preloader

Nextcloud Ansible Install

blog-image

Installing and Configure Nextcloud with Ansible on Ubuntu 20.04 and 18.04

Setting up Ansible

First, we will want to add the latest version of Ansible, which has better support for configuring Postgres than the version available in 18.04 by default.

Make sure software properties common is installed by running

sudo apt -y install software-properties-common

Now we can add the Ansible repo.

sudo apt-add-repository ppa:ansible/ansible

Install Ansible and all the libraries required for Ansible pull.

sudo apt install ansible git python-apt python3-apt

Now we can download the playbook from my gitlab, and go into the repo folder.

git clone https://gitlab.com/tiny6996/ansible-playbooks.git && cd ansible-playbooks

Building Your Inventory

For this article, I am assuming you are using a local Ansible inventory. The Ansible inventory is the list of hosts and settings that Ansible uses when running playbooks. I have provided a sample inventory for Nextcloud in the inventories folder. To start, we can copy it to /etc/ansible hosts by running sudo cp iventories/nextcloud /etc/ansible/hosts

Changing Parameters

Edit the following variables in vars sections of the role by running nano /etc/ansible/hosts.

  • Set nc_fqdn to your domain name ex. test.local.com.
  • Set nc_email to your email address so you can get notified when your TLS cert is about to expire.
  • Change the Postgres.password var to a randomly generated password.

Now press CTRL+o to save the file and CTRL+x to exit. To make sure to make sure your inventory works, run an Ansible ping command.

ansible test.local.com -m ping

Installing Nextcloud

Run the Playbook

sudo ansible-playbook ubuntu-nextcloud.yml --ask-become-pass

Finishing Touches

Going Through the Configurator

  1. Go to your Nextcloud server’s URL and type in the desired admin user and password.
  2. Set the database user name to nc_user and set the database password to the database password you generated previously.
  3. Set the database name to Nextcloud and the host to 127.0.0.1.
  4. Click finish setup and wait for the page reload. If you receive a time out error, just go back to your Nextcloud’s domain name.

Enable Redis

  1. Add the following lines to your Nextcloud config file by running sudo nano /var/www/html/nextcloud/config/config.php
'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => 'true',
  'redis' =>
  array (
    'host' => 'localhost',
    'port' => 6379,
    'timeout' => 3,
  ),

Resigning the Key for a Custom Certificate Authority (Active Directory Domain , Freeipa Domain, or Other CA)

If you are like me and use Freeipa or you are using this with a traditional CA, you can do following to get a new certificate from your CA of choice.

  1. Backup the old cert by running sudo cp /etc/nginx/nc_cert.pem /etc/nginx/nc_cert.pem.old.
  2. Get the text from the certificate signing request (CSR) by running cat /etc/nginx/nextcloud.csr.
  3. Copy CSR file and submit it to your CA. They should return a .crt or .pem file.
  4. Open the new certificate with a text editor and copy the content of it the pem file located at /etc/nginx/nc_cert.pem.
  5. Test your Nginx config by running sudo nginx -t.
  6. Restart Nginx to apply the new cert sudo systemctl restart nginx.

But y Do?

The reason for writing another Nextcloud guide is that I have yet to find a single one that sets up Nextcloud just the way I like it. Most guides use Mariadb or MySQL, which requires extra tuning for unicode strings. This does not have to be done for Postgres. Other guides do not setup PHP correctly by either using mod_php, or by not changing all the settings Nextcloud has as best practices for PHP. As shown in episode 404 of the techsnap podcast mod_php scales poorly compared to php_fpm. I haven’t found a ton of other guides that have configured a cache which is recommended by the Nextcloud team. Adding a cache like Redis or APCU can improve the performance of text queries by caching some strings in memory instead of on disk. Other guides I have found and used do not completely setup the webserver to recognize carddav and caldav for contact and calendar syncing. I also do not see a lot of guides setup HTTP headers to improve security by doing things like redirecting all traffic to HTTPS or setting up HSTS.

I was sick of having to cobble together many different guides along with using the Nextcloud best practices when I deployed Nextcloud. Even if there was a perfect step-by-step tutorial for setting up Nextcloud with Nginx, Postgres, Redis, and php-fpm. Typing or copy/pasting everything into a terminal is tedious and error prone, so it is worth setting up automation to do all of that for us.

Schilling

If you need a place to host your Nextcloud server, you should consider using Digital Ocean. Digital Ocean strikes a great balance between features and usability. They have virtual machine hosting in data centers all around the world. Digital Ocean also offers block and S3 compatible object storage that you can attach to your Nextcloud server or use for backups.

If you need help with this guide, you can email me at mathias@shiftsystems.net or contact me via matrix @tiny6996:matrix.org

If you want to watch me write the tutorial, you can watch the stream on Youtube