[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

[jag131990]

Occ upgrade doesn't work either. You have to use the updater.phar app to get it to work. To do so you need to install sudo and php70-phar and follow the update instructions for using the pahr updater.

Really wish the web updater worked then.. that sounds like some hassle. Thanks ill give it a go.

 

[jag131990]

Really wish the web updater worked then.. that sounds like some hassle. Thanks ill give it a go.

Hi guys the thanks are owed to Jailer for this method - but I struggle to find my way around being very new to this environment so I am posting what I have done for other if it is helpful -

To upgrade Nextcloud from the shell (using the build method via this thread since we all seem to have broken web-updaters):

pkg install sudo
pkg install php70-phar

Do this bit below if there is only no updater.phar in your /usr/local/www/nextcloud/updater folder!

Code:

I used the instructions found here - https://nextcloud.com/blog/get-up-to-date-with-the-new-nextcloud-updater/
download the updater.phar file - link  https://github.com/nextcloud/updater/raw/4858b8fd322a228cba2efab35488085ec407efc9/updater.phar
Place this into /usr/local/www/nextcloud/updater e.g. 
mv /mnt/(location to your file)/updater.phar /usr/local/www/nextcloud/updater

to perform the update:

cd /usr/local/www/nextcloud/updater/
sudo -u www php updater.phar
follow the prompts

 

[Jailer]

The updater.phar should already be in the /updater directory so downloading the file from github may not be needed.

 

[jag131990]

The updater.phar should already be in the /updater directory so downloading the file from github may not be needed.

I naturally assumed it wasn't lol. Guess I overwrote whatever was there..

My download is taking an awful long time..

Code:

root@nextcloud_cb:/usr/local/www/nextcloud/updater # sudo -u www php updater.phar
Nextcloud Updater - version: 1.0.2

Current version is 11.0.1.

Update to Nextcloud 11.0.2 available. (channel: "stable")
Following file will be downloaded automatically: https://download.nextcloud.com/server/releases/nextcloud-11.0.2.zip

Steps that will be executed:
[ ] Check for expected files
[ ] Check for write permissions
[ ] Enable maintenance mode
[ ] Create backup
[ ] Downloading
[ ] Extracting
[ ] Replace entry points
[ ] Delete old files
[ ] Move new files in place
[ ] Done

Start update? [y/N] y

Info: Gracefully stopping the updater via Ctrl-C is not possible - PCNTL extension is not loaded.

[✔] Check for expected files
[✔] Check for write permissions
[✔] Enable maintenance mode
[✔] Create backup
[ ] Downloading ...

edit now to copy this stuff in here I had silly mistake of CTRL+C despite the warning, it exited.. run the command again get:

'Step 5 is currently in process. Please call this command later."

I guess a good warning to everyone is to always make a snapshot of your jail dataset before doing anything.. lucky I did not sure what will hapen now haha.

 

[Jailer]

Subsequent updates should be easy with one command once you've got everything set up as described and are logged into your jail. Of course change the directory path to where you have your nextcloud/owncloud installation.

sudo -u www php /usr/local/www/owncloud/updater/updater.phar

 

[KevDog]

Ok to put my own issue to bed -- and to help anyone else who has this problem

php70-redis was withdrawn and is no converted to pecl-redis. At this time pecl-redis lists php56 as a direct dependency, however contacting the developer, he stated php70 was supported and pecl-redis should be installed via ports.

I ran into some problems with the compilation, but here are the basic steps

Code:

$ sudo pkg install -r php70 php70-session <----Step may not be needed but I had to do this 
$ cd /usr/ports/databases/pecl-redis
$ sudo make install

In order to prevent the pkg manager from trying to install php56 when running a command similar to:
$ sudo pkg upgrade

Code:

$ sudo pkg lock pecl-redis

That should cover it.

 

[KevDog]

Subsequent updates should be easy with one command once you've got everything set up as described and are logged into your jail. Of course change the directory path to where you have your nextcloud/owncloud installation.

sudo -u www php /usr/local/www/owncloud/updater/updater.phar

Confirmed this process work. I had however to reinstall a lot of apps after this process, and log back out and in for the process to complete. Thanks guys for the help!!!

 

[KevDog]

........
Your workflow for updates will go as follows:

• pkg upgrade and upgrade all your packages.
• pkg unlock name_of_package and unlock nginx and openssl
• portsnap fetch update to update the ports tree
• portmaster -a to check your packages and install available updates
• pkg lock name_of_package to lock nginx and openssl after updates are installed

.........

So I wrote a script that automates this process for me since it was turning into somewhat of consuming process.
Script needs to be run as root and requires the bash shell. I haven't tested it in other shells, so I can't speak if it will work with other shells -- I'm guessing some modification will be needed to do away from some "bashisms"
Tested on bash 4.4.12

Code:

#!/usr/bin/env bash

pkg=$(which pkg)
portsnap=$(which portsnap)
portmaster=$(which portmaster)

$pkg update
$pkg upgrade
$portsnap fetch update

IFS=$'\n'
pnu=($($portmaster -L --index-only | grep "New version available" | awk '{print $5}'))


pnu_full=("${pnu[@]}")

echo
echo "--------------->>"
echo "Port Master Packages Needing Upgrading:"
printf '%s\n' "${pnu_full[@]}"
echo


for (( i=0; i<${#pnu[@]}; i=$i+1 )); do pnu[${i}]="${pnu[${i}]%-*}"; done

IFS=$'\n'
if $pkg lock --has-locked-packages; then
	packages=( $($pkg lock --show-locked) )

	#Shift array not to include the "Currently locked packages first element"
	packages=("${packages[@]:1}")

	#Remove the version and release numbers from the packages
	for (( i=0; i<${#packages[@]}; i=$i+1 )); do packages[${i}]="${packages[${i}]%-*}"; done
	
	echo "--------------->>"
	echo "Locked ports"
	printf '%s\n' "${packages[@]}";
	echo

	#Compare the locked package list with the ports-needing-upgrade from portmaster
	#unique-packages=( `echo ${pnu[@]} ${packages[@]} ` )
	  #This will give the intersection between the locked package list and the portmaster upgrade list

	locked_packages_needing_upgrading=( $(echo ${pnu[@]} ${packages[@]} | tr ' ' '\n' | sort | uniq -d ) )


	echo "--------------->>"
	echo "Locked packages needing upgrading"
	printf '%s\n' "${locked_packages_needing_upgrading[@]}"
	echo

	if [ "${#locked_packages_needing_upgrading[@]}" -gt 0 ]; then
		for e in "${locked_packages_needing_upgrading[@]}"; do $pkg unlock -y "${e}"; done
		for e in "${locked_packages_needing_upgrading[@]}"; do $portmaster -yGd --no-confirm "${e}"; done
		for e in "${locked_packages_needing_upgrading[@]}"; do $pkg lock -y "${e}"; done
	fi

fi

$portmaster -dGya --no-confirm

########## End Upgrade Script

 

[KevDog]

Couple things noted after upgrading.. (grr)

#1 - I'm getting not pdf previews -- blank page -- images, gifs and txt files work normally

#2 - I'm receiving this error on the Security and Setup Warnings

• The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.
• The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.
• Please double check the installation guides ↗, and check for any errors or warnings in the log.

However this doesn't make any sense since this is the relevant portion of my nginx.config file:

Code:

  server {
	   listen 80 default_server;
	   #listen [::]:80 default_server;
	   #enforce https
	   root /var/empty;
	   server_name gohilton.com; #IP Address or URL
	   return 301 https://$server_name$request_uri;

	}

	server {
		listen 443 ssl http2 default_server;
		listen [::]:443 ssl http2 default_server;
		server_name gohilton.com;

		#######SSL SECTION########################################
		# global SSL options with Perfect Forward Secrecy (PFS) high strength ciphers
		# first. PFS ciphers are those which start with ECDHE which means (EC)DHE
		# which stands for (Elliptic Curve) Diffie-Hellman Ephemeral - 4096 bit DH key. 256bit preference.

		# ciphers for RSA signed certificates
		ssl_ciphers HIGH:!aNULL:!MD5;
		ssl_dhparam /usr/local/etc/nginx/ssl/dhparam.pem;
		ssl_ecdh_curve secp384r1;			  # 384 bit prime modulus curve efficiently supports ECDHE ssl_ciphers up to a SHA384 hash
		ssl_prefer_server_ciphers on;		  # the preferred ciphers are listed on the server by "ssl_ciphers"
		ssl_protocols TLSv1.2 TLSv1.1 TLSv1;   # protocols, the order is unimportant
		ssl_session_cache shared:SSL:10m;
		ssl_session_tickets off;
		ssl_session_timeout 128s;			  # how long before the client and server must renegotiate the ssl key
		ssl_stapling on;					   # staple the ssl cert to the initial reply returned to the client for speed
		ssl_stapling_verify on;
		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;";
		add_header X-Frame-Options DENY;
		add_header X-Content-Type-Options nosniff;

		ssl_certificate /usr/local/etc/letsencrypt/live/gohilton.com/fullchain.pem;
		ssl_certificate_key /usr/local/etc/letsencrypt/live/gohilton.com/privkey.pem;

		resolver				  8.8.8.8 8.8.4.4 valid=300s;
		resolver_timeout		   5s;

	#######END SSL SECTION####################################################

	root /usr/local/www;
		location = /robots.txt { allow all; access_log off; log_not_found off; }
		location = /favicon.ico { access_log off; log_not_found off; }

		# Add headers to serve security related headers
		# Before enabling Strict-Transport-Security headers please read into this
		# topic first.
		#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
		add_header X-Content-Type-Options nosniff;
		add_header X-Frame-Options "SAMEORIGIN";
		add_header X-XSS-Protection "1; mode=block";
		add_header X-Robots-Tag none;
		add_header X-Download-Options noopen;
		add_header X-Permitted-Cross-Domain-Policies none;

		location = /office {
		rewrite ^/office(.*) /$1 break;
		proxy_pass http://10.0.1.161:81;
	}

		location /minecraft {
		proxy_pass https://10.0.1.161:8443/;
		proxy_redirect off;
		proxy_ssl_verify off;
		proxy_ssl_session_reuse off;
		proxy_set_header Host $http_host;
		proxy_set_header X-Real_IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}

	  # static files
		location ^~ /loleaflet {
			proxy_pass https://10.0.1.161:9980;
			proxy_ssl_verify off;
			proxy_set_header Host $http_host;
		}

		# WOPI discovery URL
		location ^~ /hosting/discovery {
			proxy_pass https://10.0.1.161:9980;
			proxy_ssl_verify off;
			proxy_set_header Host $http_host;
		}

		# websockets, download, presentation and image upload
		location ^~ /lool {
			proxy_pass https://10.0.1.161:9980;
			proxy_ssl_verify off;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
			proxy_set_header Host $http_host;
		}


		location = /.well-known/carddav {
		  return 301 $scheme://$host/remote.php/dav;
		}


	location ^~ /nextcloud {
			client_max_body_size 512M;
			fastcgi_buffers 64 4K;
			error_page 403 /nextcloud/core/templates/403.php;
			error_page 404 /nextcloud/core/templates/404.php;

		location /nextcloud {
				  rewrite ^ /nextcloud/index.php$uri;
				}
				location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
				  deny all;
				}
				location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
					deny all;
				}
				location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
					fastcgi_split_path_info ^(.+\.php)(/.*)$;
					include fastcgi_params;
					fastcgi_param HTTPS on;
					fastcgi_param modHeadersAvailable true;
					fastcgi_pass unix:/var/run/php-fpm.sock;
					fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
					fastcgi_param PATH_INFO $fastcgi_path_info;
					fastcgi_param front_controller_active true;
					fastcgi_intercept_errors on;
				}
				location ~* \.(?:css|js)$ {
					try_files $uri /nextcloud/index.php$uri$is_args$args;
					add_header Cache-Control "public, max-age=7200";
					add_header X-Content-Type-Options nosniff;
					add_header X-Frame-Options "SAMEORIGIN";
					add_header X-XSS-Protection "1; mode=block";
					add_header X-Robots-Tag none;
					add_header X-Download-Options noopen;
					add_header X-Permitted-Cross-Domain-Policies none;
					# Optional: Don't log access to assets
					access_log off;
				}
				location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|png)$ {
					try_files $uri /nextcloud/index.php$uri$is_args$args;
					access_log off;
				}

	}
	}
}

 

[redpeat]

I'm about at wit's end here... and lacking sleep.

I thought I was being a good citizen by running some vulnerability scanners against my Nextcloud installation (installed thanks to @Joshua Parker Ruehlig and his outstanding documentation). It provided some good information, but in the process it hosed my site! Initially browsing to the Nextcloud site it presented a 404 complaining that the file was not found (/nextcloud/login). Being the responsible steward of my FreeNAS system I didn't sweat it since I had backups of the jail, DB, and files datasets. As a result I restored all 3 thinking I'd be back up and running within minutes. Problem is, I only made matters worse after performing the restore! Now mysql-server won't even start.

I've tried to gather more debug information to pin-point the crashes, but haven't got far.

Code:

root@nextcloud_2:/var/db/mysql # tail -n 30 /var/db/mysql/nextcloud_2.err

To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

Server version: 10.1.21-MariaDB
key_buffer_size=134217728
read_buffer_size=131072
max_used_connections=0
max_threads=153
thread_count=0
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 467063 K  bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x0 thread_stack 0x48400
0xb03f9e <my_print_stacktrace+0x2e> at /usr/local/libexec/mysqld
0x723c22 <handle_fatal_signal+0x262> at /usr/local/libexec/mysqld
0x803214b4a <pthread_sigmask+0x51a> at /lib/libthr.so.3
0x80321422c <pthread_getspecific+0xe1c> at /lib/libthr.so.3
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.
170310 01:57:10 mysqld_safe mysqld from pid file /var/db/mysql/nextcloud_2.pid ended

Code:

root@nextcloud_2:/var/db/mysql # /usr/local/bin/mysqladmin debug
/usr/local/bin/mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/tmp/mysql.sock' (61 "Connection refused")'
Check that mysqld is running and that the socket: '/tmp/mysql.sock' exists!

I can't pay the bills without my Nextcloud password DB! No money, LOTs of problems...

I've "touched" the /tmp/mysql.sock file, and granted full permissions to the mysql user, but it failed to resolve the issue.

Suggestions?

 

[jag131990]

I'm about at wit's end here... and lacking sleep.

I can't pay the bills without my Nextcloud password DB! No money, LOTs of problems...


Suggestions?

This sounds like a recipe for disaster..

Not helpful sorry.

 

[redpeat]

This sounds like a recipe for disaster..

Not helpful sorry.

Yeah, a recipe that was hard to swallow! BUT I was able to finally revert to a known good backup, albeit from 2 days ago.

I was initially troubleshooting potential InnoDB corruption based on the error log:

Code:

InnoDB: If you get repeated assertion failures or crashes, even
InnoDB: immediately after the mysqld startup, there may be
InnoDB: corruption in the InnoDB tablespace. Please refer to
InnoDB: http://dev.mysql.com/doc/refman/5.6/en/forcing-innodb-recovery.html
InnoDB: about forcing recovery.
170310 17:26:54 [ERROR] mysqld got signal 6 ;

and I got to the point where I was forcing a recovery by setting the following (iteratively from 1 to 4) in my /usr/local/etc/my.cnf file .

Code:

innodb_force_recovery = 1

But by the time you get past level 4, you're guaranteeing even further data corruption.

When I got to this point I figured what the hell, might as well sacrifice a few days troubleshooting/data loss and roll back even further than a few hours. So although I lost any changes to Nextcloud over the past 2 days, at least I'm up and running again.

 

[Thoni]

Hi @All
After a long time i tried to install a new owncloud jail.
But same as @KevDog i run into trouble...
php70-APCu and php70-redis are not longer offered.
I try a "pkg install -r php70 php70-session" as suggested by kevdog.
But this gives me a "No repositories are enabled"

Any hint?

 

[KevDog]

I can only tell you what I've done at this point.
php70-redis was replaced by pecl-redis which I installed from the ports tree.
Once pecl-redis is installed you'll have to lock the package because the next time you try to upgrade with the
pkg upgrade command, it will try to pull in a lot of other things and replace a bunch of the php70 packages.

No repositories enabled, doesn't sound like a good thing however. Do you have the pkg utility installed?

 

[Thoni]

@KevDog
Nevermind.
I started from scratch and used php56 for this install. But an updated tutorial should be great. But for now i let it run ...

 

[Jailer]

I started from scratch and used php56 for this install.

If you do this you can also install the owncloud package and keep it up to date with pkg upgrade.

 

[ArgaWoW]

I switched to freenas corral and what to know if it is possible to install owncloud according to this guide in a freebsd vm. Any one some experience with such things?

Gesendet von meinem LG-H850 mit Tapatalk

 

[Jailer]

Directions for a FreeBSD install should be identical.

 

[ArgaWoW]

Directions for a FreeBSD install should be identical.

Hi,
I tried to set up owncloud on Freenas Corral directly in a freebsd vm. After I have end the installation and when I try to open owncloud I got an error

Php-modul gp not properly installed. I searched the forum and I ask Google but I can't find a solution.

Can anyone give me some advice please [emoji57]

Gesendet von meinem LG-H850 mit Tapatalk

 

[Chakalov]

Please allow a quick simple question: does anyone have experienced problems with this ownCloud installation after updating to Freenas 10? I'm willing to update a client's NAS where they are happily using ownCloud and any disturbance in the connection to the cloud would be rather unpleasant.

Thank you!