How to install nextcloud on a turris omnia debian jessie container (using apache2)

eugenio · November 30, 2016, 2:12am

create and start a new container :

lxc-container instruction page

as suggested by @j0n4s82, I forgot to add that ethtool is not installed by default on openwrt on the omnia, therfore:

opkg update
opkg install ethtool

Command for bug dhcliend debian (to be run on turris shell):

ethtool -K br-lan tx off

Enter the container shell by:

lxc-attach -n container_name

On the container shell first renew the dhcp lease and then install minimal utilities:

dhclient -r eth0

apt-get install ssh man apt-utils nano wget unzip tar sudo git

As root, edit the sshd_config file in /etc/ssh/sshd_config:

nano /etc/ssh/sshd_config

Add a line in the Authentication section of the file that says PermitRootLogin yes. This line may already exist and be commented out with a “#”. In this case, remove the “#”.

"#"Authentication:
"#"LoginGraceTime 2m
PermitRootLogin yes
"#"StrictModes yes
"#"MaxAuthTries 6
"#"MaxSessions 10

Save the updated /etc/ssh/sshd_config file.

Restart the SSH server:

service sshd restart

Change host name, edit:

nano /etc/hostname

edit /etc/hosts with domain-name ??? (i’m not sure it’s necessary, remove the [“”] but not the #)

“#”-> xxx.xxx.xxx.xxx yourdomain.com

Installation of nextcloud prerequisites(note down the MariaDB root password as you’ll need it later)

apt-get install apache2 mariadb-server libapache2-mod-php5 php5-gd php5-json php5-mysql php5-curl php5-intl php5-mcrypt php5-imagick

Download and deploy nextcloud in /var/www/

wget https://download.nextcloud.com/server/releases/nextcloud-10.0.1.zip

unzip nextcloud-10.0.1.zip -d /var/www/

Install nextcloud (taken from nextcloud manual installation page ):

Change the ownership of your nextcloud directory to your HTTP user, like this example for Debian/Ubuntu. You must run occ as your HTTP user; see Run occ As Your HTTP User:

sudo chown -R www-data:www-data /var/www/nextcloud/

Use the occ command to complete your installation. This takes the place of running the graphical Installation Wizard:

cd /var/www/nextcloud/

sudo -u www-data php occ maintenance:install --database
“mysql” --database-name “nextcloud” --database-user “root” --database-pass
“password” --admin-user “admin” --admin-pass “password”

Nextcloud is not installed - only a limited number of commands are available

Nextcloud was successfully installed

Change directory to your preferred one and download and install certbot from letsencrypt to obtain certificates for your server for free:

frist add jessie backports to your source.lists or venv.sh will fail:

debian backports instructions:

then

apt-get update && apt-get upgrade

git clone GitHub - certbot/certbot: Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.

cd certbot

./letsencrypt-auto-source/letsencrypt-auto --os-packages-only

./tools/venv.sh

source ./venv/bin/activate

certbot --apache -d yourdomain.com -d www.yourdomain.com --keep-until-expiring --agree-tos --email youremail@somedomain.com

a permanent fix for the bug in ISC DHCP Client:

apt-get remove isc-dhcp-client && apt-get install dhcpcd5

as advised in this post

Point your browser to yourdomain.com and enjoy!!!

Big_boss · December 2, 2016, 8:13am

Thanks, great tutorial.

I was wondering,

Is the MariaDB version, version 10/10.x series? Or just the 5.5 series. If just the 5.5 series how come? Is there a particular reason for?
How come you have installed php5 and not used php7? Because this takes a lot of workload from the CPU and great speed improvements.

eugenio · December 2, 2016, 8:52am

Hi @Big_boss thanks for the compliment, it’s my very first tutorial and I am an amateur linux user not a professional or a CS.
That said my google-fu failed me and on php point and I couldn’t find instructions on how to install php-7.0 on arm.
About mariaDB, if my apt-fu doesn’t fail me:

root@xxx:~# apt-show-versions mariadb-client-10.0
mariadb-client-10.0:armhf/jessie 10.0.28-0+deb8u1 uptodate
root@xxx:~# apt-show-versions mariadb-server-10.0
mariadb-server-10.0:armhf/jessie 10.0.28-0+deb8u1 uptodate

I will look into the php-7 problem more closely but if you have suggestion feel free to comment.

Big_boss · December 2, 2016, 9:09am

Well i’m on my way towards being a advanced user on Linux, although i still still do lack a lot of knowledge. Opensource knowledge is A LOT

About ARM-based architecture i am amateur as an amateur can be. A LOT for me to learn.

I am not sure how LXC takes whole architecture thing. Because Raspberry pi 3 uses ARM-v8 while the Omnia uses a ARM-v7.

Here is a tutorial with debian Jessi on the Raspberry pi 3. I THINK it will not work because of the whole ARM-versions. If you can, try it and if it does not work, you know for sure.

eugenio · December 2, 2016, 9:25am

Actually I just found this that allows you to install all from a convenient deb repo although not official one. This puts the brake on installing it on a server where potential sensitive information can be stored. But it’s still a possibility…

Big_boss · December 2, 2016, 9:30am

Yeah, but the question is still there …“are those packages for certain ARM-version architecture?”. Looking at the url, i couldn’t see anything

eugenio · December 2, 2016, 9:37am

from wikipedia:

Currently the Debian armhf port requires at least an ARMv7 CPU with Thumb-2 and VFP3D16.

from the repo page:

Packages are built on architectures: as main: amd64 and i386, secondary: armel and armhf, low level: kfreebsd-{i386,amd64}.

this should include the turris, right?

Big_boss · December 2, 2016, 9:43am

Well that is what i also am wondering

The Omnia uses “mvebu” that is apparently a specifiek type of ARM-processor. Although i have also read somewhere before that the Omnia ARM-processor is a ARM-v7.

Well we can only know by trying right. If it does not work, then we know we were wrong

EDIT2: I stumbled upon my other comment a couple of weeks back.

Turris Omnia CPU: Armada 385 = ARM7v

Raspberry Pi 3 CPU: ARM Cortex-A53 = ARM8v

eugenio · December 2, 2016, 9:46am

I could compile some software on the container using armv7 and other as flags for the compiler… this should mean that is armv7 compatible…

Big_boss · December 2, 2016, 9:50am

Yeah, that might or could do the job. Compiling php7 from source. Try and let me know.

*Got to take a shower and go to the Friday-prayer. Be back in a couple of hours hopefully. Let me know what you have come to know.

j0n4s82 · December 5, 2016, 6:30am

The ssh-server config file is located at /etc/config/sshd on turris. It confused me once, so I thought I point it out.

Thanks for this guide!

eugenio · December 5, 2016, 6:48am

Thank you @j0n4s82 for your comment. Corrected now!

j0n4s82 · December 5, 2016, 6:57am

Also, is this the solution for the Jessie Debian version not being able to go online? I had it installed once and it was not able to go online for whatever reason. There is another thread where this problem is mentioned: Debian on Turris

eugenio · December 5, 2016, 9:20am

yes @j0n4s82, but a more permanent fix is indicated below

j0n4s82 · December 5, 2016, 10:11am

Thank you @eugenio! Very helpful.

j0n4s82 · December 5, 2016, 11:49am

Although, I was just thinking, in your guide you @eugenio are talking about the container, right? The place for the config file as you described it might be right then. Please check and verify and change the guide accordingly. I’ll take a look at it tonight.

j0n4s82 · December 5, 2016, 8:29pm

I’d like to suggest to add the following to the guide:

opkg update
opkg install ethtool

Because the ethtool is not installed by default.

eugenio · December 5, 2016, 10:53pm

Updated the guide with last suggestions!

j0n4s82 · December 6, 2016, 6:58am

@eugenio @Big_boss

I tried

ethtool -K br-lan tx off

started my container and typed

apt-get update

and got this

root@LXC_NAME:~# apt-get update
Err http://security.debian.org jessie/updates InRelease

Err http://security.debian.org jessie/updates Release.gpg
  Temporary failure resolving 'security.debian.org'
Err http://httpredir.debian.org jessie InRelease

Err http://httpredir.debian.org jessie Release.gpg
  Temporary failure resolving 'httpredir.debian.org'
Reading package lists... Done
W: Failed to fetch http://httpredir.debian.org/debian/dists/jessie/InRelease

W: Failed to fetch http://security.debian.org/dists/jessie/updates/InRelease

W: Failed to fetch http://security.debian.org/dists/jessie/updates/Release.gpg  Temporary failure resolving 'security.debian.org'

W: Failed to fetch http://httpredir.debian.org/debian/dists/jessie/Release.gpg  Temporary failure resolving 'httpredir.debian.org'

W: Some index files failed to download. They have been ignored, or old ones used instead.

What am I doing wrong? I also tried the ethtool command with eth1 with the same result.

For the permanent fix to work I would have to use this temporary workaround, correct?

Big_boss · December 6, 2016, 8:28am

This has to do with the fact that you have no internet connection on your container…or maybe more specific…no direct dns connection.

To test this, try to the following …IN YOUR CONTAINER.

ping www.google.com

If that does not work (which i suspect) then try this one.

ping 172.217.17.68

If that did work let me know, if it also did not work…also let me know :).