【NextCloud】Ubuntu20.04にインストール

Ubuntu + Apache + PHP + Mariadb + Redis

# 初期セットアップ
sudo apt update
sudo apt upgrade -y
sudo apt install build-essential pkg-config tcl unzip -y 

# Apacheインストール
sudo apt install apache2 -y
sudo systemctl restart apache2

### mod rewrite有効化
cd /etc/apache2/mods-available
sudo a2enmod rewrite

### Apache設定
sudo vim /etc/apache2/sites-available/nextcloud.conf

<VirtualHost *:80>
  DocumentRoot /var/www/html/nextcloud/
  ServerName 11.22.33.44

  <Directory "/var/www/html/nextcloud/">
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews
  </Directory>
</VirtualHost>


## 追加設定ファイルの有効化
cd /etc/apache2/sites-available/
sudo a2ensite nextcloud
sudo a2dissite 000-default
sudo systemctl reload apache2

## Apache自動起動設定
sudo systemctl enable apache2.service
sudo systemctl start apache2.service

# PHP
## リポジトリセット
sudo add-apt-repository ppa:ondrej/php
sudo add-apt-repository ppa:ondrej/apache2

## インストール
sudo apt install php7.4 php7.4-curl php7.4-dom php7.4-gd php7.4-mbstring php7.4-zip php7.4-mysql php7.4-bz2 php7.4-intl php7.4-apcu php7.4-redis php7.4-imagick php7.4-bcmath php7.4-gmp -y

## PHP設定変更
sudo sed -i "s/^max_execution_time = 30/max_execution_time = 60/" /etc/php/7.4/apache2/php.ini
sudo sed -i "s/^memory_limit = 128M/memory_limit = 512M/" /etc/php/7.4/apache2/php.ini
sudo sed -i "s/^session.save_handler = files/session.save_handler = redis/" /etc/php/7.4/apache2/php.ini
sudo sed -i "s@^;session.save_path = \"/var/lib/php/sessions\"@session.save_path = \"tcp://localhost:6379\"@" /etc/php/7.4/apache2/php.ini

# mariadbインストール
sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
sudo add-apt-repository 'deb [arch=amd64] http://mariadb.mirror.globo.tech/repo/10.5/ubuntu focal main'
sudo apt install mariadb-server mariadb-client -y

## インストール
sudo mysql_secure_installation

## セットアップ
sudo mysql -uroot

CREATE DATABASE nextcloud DEFAULT CHARACTER SET utf8mb4;
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'nextcloud';
GRANT ALL ON nextcloud.* TO "nextcloud"@"localhost";
SHOW GRANTS FOR 'nextcloud'@'localhost';
quit;

MariaDB [(none)]> SHOW GRANTS FOR 'nextcloud'@'localhost';
+------------------------------------------------------------------------------------------------------------------+
| Grants for nextcloud@localhost                                                                                   |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `nextcloud`@`localhost` IDENTIFIED BY PASSWORD '*622C4A896C7A2B1DEE6B6713116AFF0182BED69F' |
| GRANT ALL PRIVILEGES ON `nextcloud`.* TO `nextcloud`@`localhost`                                                 |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)

# redis
sudo apt install -y redis-server
sudo systemctl restart redis.service
sudo systemctl status redis

# Nextcloud本体
cd /tmp
wget https://download.nextcloud.com/server/releases/nextcloud-21.0.1.tar.bz2
wget https://download.nextcloud.com/server/releases/nextcloud-21.0.1.tar.bz2.md5
md5sum -c nextcloud-21.0.1.tar.bz2.md5 < nextcloud-21.0.1.tar.bz2
tar xf nextcloud-21.0.1.tar.bz2
sudo mkdir /var/www/html/nextcloud/data
sudo chown -R www-data:www-data /var/www/html/nextcloud
sudo systemctl restart apache2.service

インストール情報を入力
}]

# redisを使うように
sudo vim /var/www/html/nextcloud/config/config.php

## 以下を追記
  'default_phone_region' => 'JP',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'redis' =>
  array (
    'host' => 'localhost',
    'port' => 6379,
  ),
  'htaccess.RewriteBase' => '/',


## 設定更新
sudo -u www-data php /var/www/html/nextcloud/occ maintenance:update:htaccess

## 警告が出るプラグインインストール
sudo apt install libmagickcore-6.q16-6-extra -y

## Apahce再起動
sudo systemctl restart apache2

https化させる場合

# 証明書
sudo apt install certbot python3-certbot-apache

## ServerNameを割り当てるFQDNへ変更
sudo vim /etc/apache2/sites-available/nextcloud.conf

<VirtualHost *:80>
  DocumentRoot /var/www/html/nextcloud/
  ServerName nextcloud.vamdemic.net

  <Directory "/var/www/html/nextcloud/">
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews
  </Directory>
</VirtualHost>

## コンフィグに問題ないかチェック
sudo apache2ctl configtest

## 設定をリロード
sudo systemctl reload apache2

## ファイアウォールの状態を確認（443空いてなかったら開ける）
sudo ufw status

## 証明書インストール
sudo certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): nextcloud.miraie-taf.net
Invalid email address: nextcloud.miraie-taf.net.
There seem to be problems with that address. Enter email address (used for
urgent renewal and security notices)

If you really want to skip this, you can run the client with
--register-unsafely-without-email but make sure you then backup your account key
from /etc/letsencrypt/accounts

 (Enter 'c' to cancel):
Invalid email address: .
Enter email address (used for urgent renewal and security notices)

If you really want to skip this, you can run the client with
--register-unsafely-without-email but make sure you then backup your account key
from /etc/letsencrypt/accounts

 (Enter 'c' to cancel):
Invalid email address: .
Enter email address (used for urgent renewal and security notices)

If you really want to skip this, you can run the client with
--register-unsafely-without-email but make sure you then backup your account key
from /etc/letsencrypt/accounts

 (Enter 'c' to cancel): yuta@vamdemicsystem.black

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: nextcloud.vamdemic.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nextcloud.miraie-taf.net
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/nextcloud-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/nextcloud-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/nextcloud-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/nextcloud.conf to ssl vhost in /etc/apache2/sites-available/nextcloud-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://nextcloud.miraie-taf.net

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=nextcloud.miraie-taf.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/nextcloud.miraie-taf.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/nextcloud.miraie-taf.net/privkey.pem
   Your cert will expire on 2021-10-13. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le


## 自動更新デーモンの起動を確認
sudo systemctl status certbot.timer

## テスト
sudo certbot renew --dry-run