Turris Mox Cloud - Nextcloud install problems

After the first try installing Nextcloud on my Mox I decided to make a new start with a second try. But nevertheless the installation has some bugs or better missing settings (and I wonder why a special Nextcloud package doesn’t set all thing right in the installation process. So I still get the following warnings and have no idea how to fix this… And the Nextcloud documentation is no help at all cause of the spcific turris settings…
(Up to now I’m very dissapointed that nearly nothing with Mox worked like expected… :frowning:)

Security & setup warnings

It’s important for the security and performance of your instance that everything is configured correctly. To help you with that we are doing some automatic checks. Please see the linked documentation for more information.

There are some warnings regarding your setup.

  • PHP does not seem to be setup properly to query system environment variables. The test with getenv(“PATH”) only returns an empty response. Please check the installation documentation :arrow_upper_right: for PHP configuration notes and the PHP configuration of your server, especially when using php-fpm.

  • The PHP memory limit is below the recommended value of 512MB.

  • Accessing site insecurely via HTTP. You are strongly adviced to set up your server to require HTTPS instead, as described in the security tips :arrow_upper_right:.

  • Your web server is not properly set up to resolve “/.well-known/caldav”. Further information can be found in the documentation.

  • Your web server is not properly set up to resolve “/.well-known/carddav”. Further information can be found in the documentation.

  • No memory cache has been configured. To enhance performance, please configure a memcache, if available. Further information can be found in the documentation.

  • This instance is missing some recommended PHP modules. For improved performance and better compatibility it is highly recommended to install them.
    imagick

1 Like

Here are the thing I’ve fixed :

  • PHP Env
  • Memory Limit
  • well-know

Things I’m still working on :

  • Cache : There’s memcached but no PHP module to use it.
  • Imagick : it seems there’s no package available to install it right now.

Hallo @dadall - nice to hear that at least some things could be fixed. I’d be very pleased if you can give me some hints how you did this - cause I’m no linux guy so far and guess that those things can’t be done inside the Nextcloud installation folders but on other parts of the system. And I fear to crash the while system…

Hum, let me try to help you. Basically, you need to use SSH to get connected to your Mox and use vim to edit few files. Do you feel ok with that ?

Yes. Did this before on my webspace as well when flashing a Sony Xperia with Sailfish OS.
With the MOX just tried to access it with cyberduck…

Okay.

To fix the memory limit :

Edit the php.ini file :

vim /etc/php.ini

Replace
memory_limit = 384M ; Maximum amount of memory a script may consume.
with
memory_limit = 512M ; Maximum amount of memory a script may consume.

To fix PHP env :

vim /etc/php7-fpm.d/www.conf

Then uncommant the lines starting with env like that :

; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

Now, restart php-fpm : /etc/init.d/php7-fpm restart

To fix the well-know :

Add these lines to /etc/lighttpd/conf.d/nextcloud.conf.

# Redirect Cal/CardDAV requests to Nextcloud endpoint:
url.redirect = (
"^/.well-known/caldav" => "/nextcloud/remote.php/dav",
"^/.well-known/carddav" => "/nextcloud/remote.php/dav"
)

And restart lighttpd : /etc/init.d/lighttpd restart

Next step : speed up the basic NC installation :slight_smile:

5 Likes

Ran into the same issues with nextcloud on the Turris Omnia. The last part of the fix looks to break lighttpd.

Error in var/log/messages

2019-08-11 21:47:22 info procd[]: Instance lighttpd::instance1 s in a crash loop 6 crashes, 2 seconds since last crash

Here is my full nextcloud.conf

alias.url += ( "/nextcloud" => "/srv/www/nextcloud" )

$HTTP["url"] =~ "^/nextcloud/(build|tests|config|lib|3rdparty|templates|data)" {
     url.access-deny = ("")
}

# Redirect Cal/CardDAV requests to Nextcloud endpoint:
url.redirect = (
	"^/.well-known/caldav"  => "/nextcloud/remote.php/dav",
	"^/.well-known/carddav" => "/nextcloud/remote.php/dav"
)

Hey @dadall , that did help me with some things (thanx again). I also added

“^/.well-known/webfinger” => “/nextcloud/public.php?service=webfinger”

to the nextcloud.conf to eliminate that error message, did also work. And the Nextcloud seems to be faster now…

You’re welcome !

Your line seems to really speed up Nextcloud. Thanks !

i have to use it one per line and add “+” to make it working in my case

url.redirect += ( "^/.well-known/caldav" => "/nextcloud/remote.php/dav" )
url.redirect += ( "^/.well-known/carddav" => "/nextcloud/remote.php/dav" )

anyway thanks you guys here for exhausting info :slight_smile:

HSTS
If you are getting this error:
The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS.

Add these lines to /etc/lighttpd/lighttpd.conf.

 server.modules += ( "mod_setenv" )
 $HTTP["scheme"] == "https" {
     setenv.add-response-header  = ( "Strict-Transport-Security" => "max-age=15552000; includeSubdomains; ")
 }

And restart lighttpd : /etc/init.d/lighttpd restart

Imagick
If you don’t use Theming, removing the app will remove the warning too.

For those who don’t know, this is how you save and exit if you edit vim file’s

  1. Press Esc
  2. Type :wq
  3. Press Enter

Hi Cryx

Did you manage to set HTTPS?

My DDNS is no-ip.com but when I enter my ddns domainname (still HTTP) I see my Turris Mox choice menu and I want to see Nextcloud directly. Did you manage this also?

example:

I see on no-ip.com, section: My Services => SSL Certificates => TrustCor Standard DV / Available / +Add CSR

Quote on No-IP:

In general you have to create the CSR (Certificate Signing Request), provide the CSR to No-IP, validate ownership of the hostname, download the certificate, install the certificate on your server, enable HTTPS and SSL on your server, and open port 443 in your router.

If anyone can help me with this :blush:

Thanks.
Gunther.