Skip to content
Snippets Groups Projects
Commit f01c3db9 authored by Montaño Sarria, Andres Felipe's avatar Montaño Sarria, Andres Felipe
Browse files

Update docker images

parent a5b23315
No related branches found
No related tags found
No related merge requests found
TRI.zip 0 → 100644
File added
ARG DISTRO
FROM ubuntu:${DISTRO}
# Avoid warnings by switching to noninteractive
ENV DEBIAN_FRONTEND=noninteractive
# Setup environment
RUN apt-get update && apt-get install -y apt-utils
RUN apt-get install -y \
locales \
&& sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen en_US.UTF-8
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
# Configure apt and install base packages
RUN apt-get update && apt-get -y install --no-install-recommends \
apt-transport-https \
build-essential \
ca-certificates \
curl \
gnupg-agent \
software-properties-common \
dialog 2>&1 \
checkinstall \
# clang
clang-format clang-tidy clang-tools clang \
clangd libc++-dev libc++1 libc++abi-dev \
libc++abi1 libclang-dev libclang1 liblldb-dev \
libllvm-ocaml-dev libomp-dev libomp5 lld lldb \
llvm-dev llvm-runtime llvm python3-clang \
# ccmake
cmake-curses-gui \
# AppimageTool
binutils coreutils desktop-file-utils fakeroot fuse libgdk-pixbuf2.0-dev patchelf python3-pip python3-setuptools squashfs-tools strace util-linux zsync \
gdb \
git \
git-lfs \
less \
make \
nano \
libnotify-bin notify-osd \
openssh-client \
pkg-config \
terminator \
trash-cli \
valgrind \
xterm \
wget \
zsh
# Update this date to re-run the image final update
LABEL image.date=21-12-2022
# Update final image
RUN apt-get update \
&& apt-get -y upgrade
# PDF-MIX-TOOL
RUN apt-get update && apt-get -y install \
qtbase5-dev qtbase5-dev-tools qttools5-dev qttools5-dev-tools \
libqt5svg5 libqt5svg5-dev \
qpdf libqpdf-dev\
imagemagick \
libmagick++-dev
# WORKDIR /srcs
RUN wget https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage -O /usr/local/bin/appimagetool
RUN chmod +x /usr/local/bin/appimagetool
RUN pip3 install appimage-builder
CMD ["zsh"]
ENV SHELL /usr/bin/zsh
ENV RUNNING_IN_DOCKER true
# Switch back to dialog for any ad-hoc use of apt-get
ENV DEBIAN_FRONTEND=
\ No newline at end of file
...@@ -17,21 +17,21 @@ ENV LANGUAGE en_US:en ...@@ -17,21 +17,21 @@ ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8 ENV LC_ALL en_US.UTF-8
# Configure apt and install packages # Configure apt and install packages
RUN apt-get -y install --no-install-recommends \ RUN apt-get update && apt-get -y install --no-install-recommends \
apt-transport-https \ apt-transport-https \
ca-certificates \ ca-certificates \
curl \ curl \
gnupg-agent \ gnupg-agent \
software-properties-common \ software-properties-common \
dialog 2>&1 \ dialog 2>&1 \
# Verify if git, process tools, lsb-release (common in install instructions for CLIs) are installed
# Install the https transport support package for The Artifactory debian repository
checkinstall \ checkinstall \
# clang
clang-format clang-tidy clang-tools clang \ clang-format clang-tidy clang-tools clang \
clangd libc++-dev libc++1 libc++abi-dev \ libc++-dev libc++1 libc++abi-dev \
libc++abi1 libclang-dev libclang1 liblldb-dev \ libc++abi1 libclang-dev libclang1 \
libllvm-ocaml-dev libomp-dev libomp5 lld lldb \ libomp-dev libomp5 lld lldb \
llvm-dev llvm-runtime llvm python3-clang \ llvm-dev llvm-runtime llvm \
# ccmake
cmake-curses-gui \ cmake-curses-gui \
direnv \ direnv \
gdb \ gdb \
...@@ -62,7 +62,9 @@ RUN if [ "${ROS_DISTRO}" = "noetic" ]; \ ...@@ -62,7 +62,9 @@ RUN if [ "${ROS_DISTRO}" = "noetic" ]; \
python3-click \ python3-click \
python3-numpy \ python3-numpy \
python3-osrf-pycommon \ python3-osrf-pycommon \
python3-vcstool; \ python3-vcstool \
# clang
clangd liblldb-dev libllvm-ocaml-dev python3-clang; \
elif [ "${ROS_DISTRO}" = "melodic" ]; \ elif [ "${ROS_DISTRO}" = "melodic" ]; \
then \ then \
apt-get -y install \ apt-get -y install \
...@@ -173,10 +175,10 @@ RUN apt-get update && apt-get install -y \ ...@@ -173,10 +175,10 @@ RUN apt-get update && apt-get install -y \
ros-${ROS_DISTRO}-twist-mux \ ros-${ROS_DISTRO}-twist-mux \
ros-${ROS_DISTRO}-ur-client-library \ ros-${ROS_DISTRO}-ur-client-library \
ros-${ROS_DISTRO}-ur-msgs \ ros-${ROS_DISTRO}-ur-msgs \
ros-${ROS_DISTRO}-usb-cam \
ros-${ROS_DISTRO}-velocity-controllers \ ros-${ROS_DISTRO}-velocity-controllers \
ros-${ROS_DISTRO}-warehouse-ros-mongo ros-${ROS_DISTRO}-warehouse-ros-mongo
RUN if [ "${ROS_DISTRO}" = "noetic" ]; \ RUN if [ "${ROS_DISTRO}" = "noetic" ]; \
then \ then \
apt-get -y install \ apt-get -y install \
...@@ -206,6 +208,7 @@ RUN if [ "${ROS_DISTRO}" = "noetic" ]; \ ...@@ -206,6 +208,7 @@ RUN if [ "${ROS_DISTRO}" = "noetic" ]; \
then \ then \
dpkg -i bat*.deb; \ dpkg -i bat*.deb; \
dpkg -i lsd*.deb; \ dpkg -i lsd*.deb; \
dpkg -i ripgrep*.deb; \
elif [ "${ROS_DISTRO}" = "melodic" ]; \ elif [ "${ROS_DISTRO}" = "melodic" ]; \
then \ then \
dpkg -i *.deb; \ dpkg -i *.deb; \
...@@ -215,8 +218,10 @@ RUN if [ "${ROS_DISTRO}" = "noetic" ]; \ ...@@ -215,8 +218,10 @@ RUN if [ "${ROS_DISTRO}" = "noetic" ]; \
RUN rm -rf * RUN rm -rf *
RUN apt-get --reinstall install -y libnotify-bin notify-osd
# Update this date to re-run the image final update # Update this date to re-run the image final update
LABEL image.date=15-12-2022 LABEL image.date=22-12-2022
# Update final image # Update final image
RUN apt-get update \ RUN apt-get update \
......
File moved
...@@ -5,51 +5,58 @@ if [[ -r "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" ]] ...@@ -5,51 +5,58 @@ if [[ -r "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" ]]
source "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" source "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh"
fi fi
#zmodload zsh/zprof
# If you come from bash you might have to change your $PATH. # If you come from bash you might have to change your $PATH.
export PATH=$HOME/.local/bin:$PATH # export PATH=$HOME/bin:/usr/local/bin:$PATH
# Path to your oh-my-zsh installation. # Path to your oh-my-zsh installation.
export ZSH="/home/andres/.oh-my-zsh" export ZSH=~/.oh-my-zsh
# Set name of the theme to load --- if set to "random", it will # Uncomment the following line to display red dots whilst waiting for completion.
# load a random theme each time oh-my-zsh is loaded, in which case, COMPLETION_WAITING_DOTS="true"
# to know which specific one was loaded, run: echo $RANDOM_THEME
# See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes
ZSH_THEME="powerlevel10k/powerlevel10k"
# Set up the prompt source "$HOME/.homesick/repos/homeshick/homeshick.sh"
autoload -Uz promptinit fpath=($HOME/.homesick/repos/homeshick/completions $fpath)
promptinit
prompt adam1
setopt histignorealldups # sharehistory source ~/antigen.zsh
setopt no_share_history antigen use oh-my-zsh
# Uncomment the following line to enable command auto-correction. antigen theme romkatv/powerlevel10k
ENABLE_CORRECTION="true"
# Uncomment the following line to display red dots whilst waiting for completion. antigen bundle docker
# You can also set it to another string to have that shown instead of the default red dots. antigen bundle git
# e.g. COMPLETION_WAITING_DOTS="%F{yellow}waiting...%f" antigen bundle globalias
# Caution: this setting can cause issues with multiline prompts in zsh < 5.7.1 (see #5765) antigen bundle last-working-dir
COMPLETION_WAITING_DOTS="true" antigen bundle sudo
antigen bundle zsh-users/zsh-history-substring-search
antigen bundle zsh-users/zsh-syntax-highlighting
antigen bundle wfxr/forgit
antigen bundle paulirish/git-open
antigen bundle popstas/zsh-command-time
antigen bundle MichaelAquilina/zsh-auto-notify
antigen bundle MichaelAquilina/zsh-you-should-use
antigen bundle zsh-users/zsh-autosuggestions
antigen apply
#ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE='fg=0'
# Uncomment the following line if you want to change the command execution time # command-line fuzzy finder
# stamp shown in the history command output. [ -f ~/.fzf.zsh ] && source ~/.fzf.zsh
# You can set one of the optional three formats:
# "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd" source $HOME/.init_shell
# or set a custom format using the strftime function format specifications,
# see 'man strftime' for details. if [ -f ~/.bash_aliases ]; then
HIST_STAMPS="dd/mm/yyyy" . ~/.bash_aliases
fi
# Which plugins would you like to load? #zprof
# Standard plugins can be found in $ZSH/plugins/
# Custom plugins may be added to $ZSH_CUSTOM/plugins/
# Example format: plugins=(rails git textmate ruby lighthouse)
# Add wisely, as too many plugins slow down shell startup.
plugins=(zsh-syntax-highlighting sudo git last-working-dir globalias you-should-use zsh-autosuggestions history-substring-search)
source $ZSH/oh-my-zsh.sh export FZF_DEFAULT_COMMAND='rg --files --hidden --follow --no-ignore-vcs'
export FZF_CTRL_T_COMMAND="$FZF_DEFAULT_COMMAND"
#export FZF_ALT_C_COMMAND="fd -t d --hidden --follow --exclude \".git\" . $HOME"
export FZF_ALT_C_COMMAND="fd -t d --hidden --follow --exclude \".git\" ."
# Create a cache folder if it isn't exists # Create a cache folder if it isn't exists
if [ ! -d "$HOME/.cache/zsh" ]; then if [ ! -d "$HOME/.cache/zsh" ]; then
...@@ -69,14 +76,11 @@ source ${HOME}/srcs/development_environment/dotfiles/docker.bash ...@@ -69,14 +76,11 @@ source ${HOME}/srcs/development_environment/dotfiles/docker.bash
source ${HOME}/srcs/development_environment/dotfiles/ros.bash source ${HOME}/srcs/development_environment/dotfiles/ros.bash
source ${HOME}/srcs/development_environment/dotfiles/system.bash source ${HOME}/srcs/development_environment/dotfiles/system.bash
eval "$(direnv hook zsh)" # To add direnv app
# eval "$(direnv hook zsh)"
# Add fuzzy search app
[ -f ~/.fzf.zsh ] && source ~/.fzf.zsh
# To customize prompt, run `p10k configure` or edit ~/.p10k.zsh. # To customize prompt, run `p10k configure` or edit ~/.p10k.zsh.
[[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh [[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh
# Finalize Powerlevel10k instant prompt. Should stay at the bottom of ~/.zshrc. # Finalize Powerlevel10k instant prompt. Should stay at the bottom of ~/.zshrc.
(( ! ${+functions[p10k-instant-prompt-finalize]} )) || p10k-instant-prompt-finalize (( ! ${+functions[p10k-instant-prompt-finalize]} )) || p10k-instant-prompt-finalize
# Enable Powerlevel10k instant prompt. Should stay close to the top of ~/.zshrc.
# Initialization code that may require console input (password prompts, [y/n]
# confirmations, etc.) must go above this block; everything else may go below.
if [[ -r "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" ]]; then
source "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh"
fi
# If you come from bash you might have to change your $PATH.
export PATH=$HOME/.local/bin:$PATH
# Path to your oh-my-zsh installation.
export ZSH="/home/andres/.oh-my-zsh"
# Set name of the theme to load --- if set to "random", it will
# load a random theme each time oh-my-zsh is loaded, in which case,
# to know which specific one was loaded, run: echo $RANDOM_THEME
# See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes
ZSH_THEME="powerlevel10k/powerlevel10k"
# Set up the prompt
autoload -Uz promptinit
promptinit
prompt adam1
setopt histignorealldups # sharehistory
setopt no_share_history
# Uncomment the following line to enable command auto-correction.
ENABLE_CORRECTION="true"
# Uncomment the following line to display red dots whilst waiting for completion.
# You can also set it to another string to have that shown instead of the default red dots.
# e.g. COMPLETION_WAITING_DOTS="%F{yellow}waiting...%f"
# Caution: this setting can cause issues with multiline prompts in zsh < 5.7.1 (see #5765)
COMPLETION_WAITING_DOTS="true"
# Uncomment the following line if you want to change the command execution time
# stamp shown in the history command output.
# You can set one of the optional three formats:
# "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd"
# or set a custom format using the strftime function format specifications,
# see 'man strftime' for details.
HIST_STAMPS="dd/mm/yyyy"
# Which plugins would you like to load?
# Standard plugins can be found in $ZSH/plugins/
# Custom plugins may be added to $ZSH_CUSTOM/plugins/
# Example format: plugins=(rails git textmate ruby lighthouse)
# Add wisely, as too many plugins slow down shell startup.
plugins=(zsh-syntax-highlighting sudo git last-working-dir globalias you-should-use zsh-autosuggestions history-substring-search)
source $ZSH/oh-my-zsh.sh
# Create a cache folder if it isn't exists
if [ ! -d "$HOME/.cache/zsh" ]; then
mkdir -p $HOME/.cache/zsh
fi
# Define a custom file for compdump
export ZSH_COMPDUMP="$HOME/.cache/zsh/zcompdump-$HOST-$ZSH_VERSION"
# User configuration
export EDITOR="code -r"
# Include dotfiles
source ${HOME}/srcs/development_environment/dotfiles/git.bash
source ${HOME}/srcs/development_environment/dotfiles/docker.bash
source ${HOME}/srcs/development_environment/dotfiles/ros.bash
source ${HOME}/srcs/development_environment/dotfiles/system.bash
eval "$(direnv hook zsh)"
# Add fuzzy search app
[ -f ~/.fzf.zsh ] && source ~/.fzf.zsh
# To customize prompt, run `p10k configure` or edit ~/.p10k.zsh.
[[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh
# Finalize Powerlevel10k instant prompt. Should stay at the bottom of ~/.zshrc.
(( ! ${+functions[p10k-instant-prompt-finalize]} )) || p10k-instant-prompt-finalize
...@@ -16,7 +16,9 @@ function dockbuild(){ ...@@ -16,7 +16,9 @@ function dockbuild(){
# Run container with rocker # Run container with rocker
# usage: rundock {noetic, melodic} [{remodel_ws, odin_ws}] [cmd] # usage: rundock {noetic, melodic} [{remodel_ws, odin_ws}] [cmd]
# ToDo Add extra parameters by arg
# To share docker --volume /var/run/docker.sock:/var/run/docker.sock:ro # To share docker --volume /var/run/docker.sock:/var/run/docker.sock:ro
# To share video (usb-cam) --volume /dev/video0:/dev/video0
function rundock() { function rundock() {
# Check if the image exist # Check if the image exist
if [[ "$(docker images -q devenv:$1 2> /dev/null)" == "" ]]; then if [[ "$(docker images -q devenv:$1 2> /dev/null)" == "" ]]; then
......
File moved
...@@ -19,12 +19,15 @@ if [ -z $SHELL ]; then echo "SHELL not set"; else ext=$(basename ${SHELL}); fi ...@@ -19,12 +19,15 @@ if [ -z $SHELL ]; then echo "SHELL not set"; else ext=$(basename ${SHELL}); fi
# Source rosmon # Source rosmon
function smon(){ function smon(){
if [[ -f "/opt/ros/${ROS_DISTRO}/etc/catkin/profile.d/50-rosmon.${ext}" ]]; then
source /opt/ros/${ROS_DISTRO}/etc/catkin/profile.d/50-rosmon.${ext} source /opt/ros/${ROS_DISTRO}/etc/catkin/profile.d/50-rosmon.${ext}
fi
} }
# cd to the root of the workspace # cd to the root of the workspace
function roshome(){ function roshome(){
roscd && cd .. roscd && cd ..
ROS_HOME=${PWD}
} }
# Source the current workspace # Source the current workspace
...@@ -35,12 +38,14 @@ function sourcews(){ ...@@ -35,12 +38,14 @@ function sourcews(){
# Source the current workspace # Source the current workspace
function sourceros(){ function sourceros(){
source /opt/ros/${ROS_DISTRO}/setup.${ext} && smon source /opt/ros/${ROS_DISTRO}/setup.${ext} && smon
ROS_HOME="/opt/ros/${ROS_DISTRO}/"
} }
# Source the current workspace # Source the current workspace
function sourcethis(){ function sourcethis(){
pwd_st=${PWD} pwd_st=${PWD}
roshome && sourcews roshome && sourcews
echo "Sourcing: ${ROS_HOME}"
cd ${pwd_st} cd ${pwd_st}
} }
...@@ -75,7 +80,7 @@ function runci(){ ...@@ -75,7 +80,7 @@ function runci(){
fi fi
} }
# If terminal starts in a ws, auto source it (useful for vscode) # if a new terminal starts in a ws, auto source it (useful for vscode)
if [ -z ${ROS_DISTRO+x} ]; then ; if [ -z ${ROS_DISTRO+x} ]; then ;
else else
pwd_init=${PWD} pwd_init=${PWD}
...@@ -83,12 +88,14 @@ else ...@@ -83,12 +88,14 @@ else
WS_name=${cropped%%/*} WS_name=${cropped%%/*}
WS_path=${HOME}/ros/${ROS_DISTRO}/${WS_name} WS_path=${HOME}/ros/${ROS_DISTRO}/${WS_name}
FILE=${WS_path}/devel/setup.${ext} FILE=${WS_path}/devel/setup.${ext}
# if PWD belongs to ROS ws then source it
if [[ -f $FILE ]]; then if [[ -f $FILE ]]; then
cd ${WS_path} cd ${WS_path}
source $FILE source $FILE
cd ${pwd_init} cd ${pwd_init}
ROS_HOME=${WS_path}
else else
source /opt/ros/${ROS_DISTRO}/setup.${ext} sourceros
fi fi
fi fi
......
File moved
# Nextcloud installation
Inspired in: [sysadmindecuba](https://www.sysadminsdecuba.com/2019/11/instalacion-de-nextcloud-en-debian-9-y-10/)
This guide is base on [Carsten Rieger](https://www.c-rieger.de/nextcloud-installationsanleitung/) guide, it helps to install Nextcloud in Debian 11.x.
Including Nginx, PHP 8.1, MariaDB, Redis, y ssl certificates for HTTPS.
Requirements:
- Internet.
- Server with Debian 11.x (64Bit).
Optional:
- External storage (HDD, FreeNAS, NFS, Cloudbox, etc) linked to container to store user data.
***Notes***
- All commands are executed as «root», for a different user, scale the provilegeds with «su -»
## Setting up
### Verify timezone configuration
``` bash
timedatectl set-timezone Europe/Madrid
```
### Configure «locales»
``` bash
dpkg-reconfigure locales
```
Search in the list: en_US.UTF-8 UTF-8
Select it with «Space», at next screen go down until «en_US.UTF-8» then «Enter».
### Reboot and check the configuration
``` bash
locale
```
### Additional packages
``` bash
apt update
apt install -y curl gnupg2 git lsb-release ssl-cert ca-certificates apt-transport-https tree locate software-properties-common dirmngr screen htop net-tools zip unzip bzip2 ffmpeg ghostscript libfile-fcntllock-perl sudo mc
```
Add repositories:
``` bash
cd /etc/apt/sources.list.d
echo "deb [arch=amd64] http://nginx.org/packages/mainline/debian $(lsb_release -cs) nginx" | tee nginx.list
echo "deb [arch=amd64] https://packages.sury.org/php/ $(lsb_release -cs) main" | tee php.list
echo "deb [arch=amd64] http://mirror2.hs-esslingen.de/mariadb/repo/10.6/debian $(lsb_release -cs) main" | tee mariadb.list
```
Install keys:
``` bash
curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add -
wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
```
Update:
``` bash
apt update && apt upgrade -y
```
## Nginx
To uninstall nginx:
``` bash
apt remove nginx nginx-extras nginx-common nginx-full -y --allow-change-held-packages
```
To remove apache and install nginx:
``` bash
systemctl stop apache2.service && apt remove --purge apache2
apt install -y nginx && systemctl enable nginx.service
```
Configure nginx:
``` bash
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak && nano /etc/nginx/nginx.conf
```
Add:
``` text
user www-data;
worker_processes auto;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
multi_accept on; use epoll;
}
http {
server_names_hash_bucket_size 64;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
set_real_ip_from 127.0.0.1;
set_real_ip_from 192.168.1.0/24;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
send_timeout 3600;
tcp_nopush on;
tcp_nodelay on;
open_file_cache max=500 inactive=10m;
open_file_cache_errors on;
keepalive_timeout 65;
reset_timedout_connection on;
server_tokens off;
resolver 8.8.8.8 valid=30s;
resolver_timeout 5s;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
```
Notes:
- Modify set_real_ip_from by proper subnet.
- Modify resolver to another IP DNS if desired.
Restart service:
``` bash
service nginx restart
```
### make directories and set up permissions
Note: - El siguiente directorio puedes cambiarlo a conveniencia, pero tenlo en cuenta porque a él debes anclar el almacenamiento externo en caso que lo uses:
/nextcloud-data = Donde estarán todos los archivos de los usuarios.
``` bash
mkdir -p /dataraid/nextcloud-data /var/www
chown -R www-data:www-data /nextcloud-data /var/www
```
## PHP
Instllation:
``` bash
apt install -y php8.1-{fpm,gd,mysql,curl,xml,zip,intl,mbstring,json,bz2,ldap,bcmath,gmp} php-{apcu,imagick,smbclient} imagemagick ldap-utils
```
Configuration:
``` bash
cp /etc/php/8.1/fpm/pool.d/www.conf /etc/php/8.1/fpm/pool.d/www.conf.bak ; cp /etc/php/8.1/cli/php.ini /etc/php/8.1/cli/php.ini.bak ; cp /etc/php/8.1/fpm/php.ini /etc/php/8.1/fpm/php.ini.bak ; cp /etc/php/8.1/fpm/php-fpm.conf /etc/php/8.1/fpm/php-fpm.conf.bak ; cp /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xml.bak
```
``` bash
sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/8.1/fpm/pool.d/www.conf ; sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/8.1/fpm/pool.d/www.conf ; sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/8.1/fpm/pool.d/www.conf ; sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/8.1/fpm/pool.d/www.conf ; sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/8.1/fpm/pool.d/www.conf ; sed -i "s/pm.max_children =.*/pm.max_children = 120/" /etc/php/8.1/fpm/pool.d/www.conf ; sed -i "s/pm.start_servers =.*/pm.start_servers = 12/" /etc/php/8.1/fpm/pool.d/www.conf ; sed -i "s/pm.min_spare_servers =.*/pm.min_spare_servers = 6/" /etc/php/8.1/fpm/pool.d/www.conf ; sed -i "s/pm.max_spare_servers =.*/pm.max_spare_servers = 18/" /etc/php/8.1/fpm/pool.d/www.conf ; sed -i "s/;pm.max_requests =.*/pm.max_requests = 1000/" /etc/php/8.1/fpm/pool.d/www.conf
```
``` bash
sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/8.1/cli/php.ini ; sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/8.1/cli/php.ini ; sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/8.1/cli/php.ini ; sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/8.1/cli/php.ini ; sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/8.1/cli/php.ini ; sed -i "s/;date.timezone.*/date.timezone = America\/\Havana/" /etc/php/8.1/cli/php.ini
```
``` bash
sed -i "s/memory_limit = 128M/memory_limit = 1024M/" /etc/php/8.1/fpm/php.ini ; sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/8.1/fpm/php.ini ; sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/8.1/fpm/php.ini ; sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/8.1/fpm/php.ini ; sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/8.1/fpm/php.ini ; sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/8.1/fpm/php.ini ; sed -i "s/;date.timezone.*/date.timezone = America\/\Havana/" /etc/php/8.1/fpm/php.ini ; sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/8.1/fpm/php.ini ; sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/8.1/fpm/php.ini ; sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/8.1/fpm/php.ini ; sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/8.1/fpm/php.ini ; sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/8.1/fpm/php.ini ; sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/8.1/fpm/php.ini ; sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/8.1/fpm/php.ini ; sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/8.1/fpm/php.ini
```
``` bash
sed -i '$aapc.enable_cli=1' /etc/php/8.1/mods-available/apcu.ini
```
``` bash
sed -i "s/rights=\"none\" pattern=\"PS\"/rights=\"read|write\" pattern=\"PS\"/" /etc/ImageMagick-6/policy.xml ; sed -i "s/rights=\"none\" pattern=\"EPS\"/rights=\"read|write\" pattern=\"EPS\"/" /etc/ImageMagick-6/policy.xml ; sed -i "s/rights=\"none\" pattern=\"PDF\"/rights=\"read|write\" pattern=\"PDF\"/" /etc/ImageMagick-6/policy.xml ; sed -i "s/rights=\"none\" pattern=\"XPS\"/rights=\"read|write\" pattern=\"XPS\"/" /etc/ImageMagick-6/policy.xml
```
Restart php and nginx:
``` bash
service php8.1-fpm restart && service nginx restart
```
## MariaDB
Installation:
``` bash
apt update && apt install -y mariadb-server
```
Secure MariaDB:
``` bash
mysql_secure_installation
Enter current password for root (enter for none):
```
***Note***
- Just press Enter since connections is made by sock.
``` bash
Switch to unix_socket authentication [Y/n] n
Change root password? [Y/n] n
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
```
### Configure MariaDB
``` bash
service mysql stop
mv /etc/mysql/my.cnf /etc/mysql/my.cnf.bak && nano /etc/mysql/my.cnf
```
Add:
``` text
[client]
default-character-set = utf8
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysqld_safe]
log_error=/var/log/mysql/mysql_error.log
nice = 0
socket = /var/run/mysqld/mysqld.sock
[mysqld]
basedir = /usr
bind-address = 127.0.0.1
binlog_format = ROW
bulk_insert_buffer_size = 16M
character-set-server = utf8
collation-server = utf8_general_ci
concurrent_insert = 2
connect_timeout = 5
datadir = /var/lib/mysql
default_storage_engine = InnoDB
expire_logs_days = 10
general_log_file = /var/log/mysql/mysql.log
general_log = 0
innodb_buffer_pool_size = 1024M
innodb_buffer_pool_instances = 1
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 32M
innodb_max_dirty_pages_pct = 90
innodb_file_per_table = 1
innodb_open_files = 400
innodb_io_capacity = 4000
innodb_flush_method = O_DIRECT
key_buffer_size = 128M
lc_messages_dir = /usr/share/mysql
lc_messages = en_US
log_bin = /var/log/mysql/mariadb-bin
log_bin_index = /var/log/mysql/mariadb-bin.index
log_error=/var/log/mysql/mysql_error.log
log_slow_verbosity = query_plan
log_warnings = 2
long_query_time = 1
max_allowed_packet = 16M
max_binlog_size = 100M
max_connections = 200
max_heap_table_size = 64M
myisam_recover_options = BACKUP
myisam_sort_buffer_size = 512M
port = 3306
pid-file = /var/run/mysqld/mysqld.pid
query_cache_limit = 2M
query_cache_size = 64M
query_cache_type = 1
query_cache_min_res_unit = 2k
read_buffer_size = 2M
read_rnd_buffer_size = 1M
skip-external-locking
skip-name-resolve
slow_query_log_file = /var/log/mysql/mariadb-slow.log
slow-query-log = 1
socket = /var/run/mysqld/mysqld.sock
sort_buffer_size = 4M
table_open_cache = 400
thread_cache_size = 128
tmp_table_size = 64M
tmpdir = /tmp
transaction_isolation = READ-COMMITTED
user = mysql
wait_timeout = 600
[mysqldump]
max_allowed_packet = 16M
quick
quote-names
[isamchk]
key_buffer = 16M
```
Restart service:
``` bash
service mysql restart
```
Create db, user and password:
``` text
DB = nextcloud
User = nextcloud
Password = passw0rd (o la que usted desee)
```
``` bash
mysql -uroot -p
CREATE DATABASE nextcloud CHARACTER SET utf8 COLLATE utf8_general_ci; CREATE USER nextcloud@localhost identified by 'passw0rd'; GRANT ALL PRIVILEGES on nextcloud.* to nextcloud@localhost; FLUSH privileges; quit;
```
Check that transaction isolation level is establish to READ_COMMITTED and collation to UTF8MB4:
``` bash
mysql -h localhost -uroot -p -e "SELECT @@TX_ISOLATION; SELECT SCHEMA_NAME 'database', default_character_set_name 'charset', DEFAULT_COLLATION_NAME 'collation' FROM information_schema.SCHEMATA WHERE SCHEMA_NAME='nextcloud'"
Enter current password for root (enter for none):
```
Should be as follows:
``` text
+---------------------+
| @@TX_ISOLATION |
+---------------------+
| READ-COMMITTED |
+---------------------+
+-----------+---------+--------------------+
| database | charset | collation |
+-----------+---------+--------------------+
| nextcloud | utf8 | utf8_general_ci |
+-----------+---------+--------------------+
```
## Redis
Installation:
``` bash
apt update && apt install -y redis-server php-redis
```
Change configuration and groups:
``` bash
cp /etc/redis/redis.conf /etc/redis/redis.conf.bak
sed -i "s/port 6379/port 0/" /etc/redis/redis.conf ; sed -i s/\#\ unixsocket/\unixsocket/g /etc/redis/redis.conf ; sed -i "s/unixsocketperm 700/unixsocketperm 770/" /etc/redis/redis.conf ; sed -i "s/# maxclients 10000/maxclients 512/" /etc/redis/redis.conf
usermod -a -G redis www-data
cp /etc/sysctl.conf /etc/sysctl.conf.bak && sed -i '$avm.overcommit_memory = 1' /etc/sysctl.conf
```
Ahora recomendamos reiniciar:
``` bash
reboot
```
## Nextcloud
### Make nextcloud.conf
``` bash
[ -f /etc/nginx/conf.d/default.conf ] && mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
touch /etc/nginx/conf.d/default.conf
nano /etc/nginx/conf.d/nextcloud.conf
```
Add:
``` text
upstream php-handler {
server unix:/run/php/php8.1-fpm.sock;
}
server {
listen 80 default_server;
server_name nextcloud.dominio.cu;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2 default_server;
server_name nextcloud.dominio.cu;
# Certificados autofirmados
ssl_certificate /etc/nginx/certificados/nextcloud.crt;
ssl_certificate_key /etc/nginx/certificados/nextcloud.key;
# Certificados Let's Encrypt
# ssl_certificate /etc/nginx/certificados/fullchain.pem;
# ssl_certificate_key /etc/nginx/certificados/privkey.pem;
# ssl_trusted_certificate /etc/nginx/certificados/chain.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384';
ssl_ecdh_curve X448:secp521r1:secp384r1:prime256v1;
ssl_prefer_server_ciphers on;
# Descomentar si usas certificados Let's Encrypt
# ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
fastcgi_hide_header X-Powered-By;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_connect_timeout 3600;
root /var/www/nextcloud;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
client_max_body_size 10240M;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ^~ /apps/rainloop/app/data {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri;
access_log off;
}
}
```
***Notes:***
- Modify parameters server_name by DNS of the Nextcloud server.
- There are two sections: «Certificados Autofirmados» y «Certificados Let’s Encrypt». Next Autosign certificates will be generated, but if certificates LE are used comment above lines, un comment below and modify the path.
- parameter: ssl_stapling on; when using auto sign certificates produces this Warning:
``` text
[warn] 2013#2013: "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/nginx/certificados/nextcloud.crt"
```
- Uncomment ssl_stapling on; only if Certificados Let’s Encrypt are used.
To make a autosign SSL certificate SSL:
``` bash
mkdir /etc/nginx/certificados && cd /etc/nginx/certificados
apt install openssl
openssl genrsa -out nextcloud.key 2048
openssl req -new -key nextcloud.key -out nextcloud.csr
```
Al ejecutar éste último comando vendrán una serie de preguntas las cuales voy a explicar a continuación:
Nota.- En caso de equivocarte presionar Ctrl + C para cancelar, introducir el comando anterior y volver a empezar.
Country Name (2 letter code) = Código de país en formato ISO de dos letras mayúsculas.
State or Province Name (full name) = Estado o provincia.
Locality Name = Localidad o ciudad.
Organization Name = Nombre de la organización.
Organizational Unit Name = Sector de la organización.
Common Name = FQDN del servidor. Introducir el DNS para tu nextcloud (nextcloud.dominio.cu).
Email Address = Dirección de correo de contacto. (o Enter para no poner nada)
A los campos «A challenge password» y «An optional company name» dale Enter para dejarlos en blanco
Generamos el certificado para 10 años:
openssl x509 -req -days 3652 -in nextcloud.csr -signkey nextcloud.key -out nextcloud.crt
Mejora la seguridad del servidor y del sistema usando una clave Diffie-Hellman (dhparam.pem):
openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
Nota: Por favor, sea paciente, tomará tiempo dependiendo de su hardware.
Descargar, extraer Nextcloud y dar permisos:
cd /var/www
wget <https://download.nextcloud.com/server/releases/latest.tar.bz2>
tar -xjf latest.tar.bz2 -C /var/www ; chown -R www-data:www-data /var/www/
Si lo tienes en .zip:
cd /var/www
unzip latest.zip && chown -R www-data:www-data /var/www/
Justo antes de instalar haremos un paréntesis para quienes quieran usar un almacenamiento externo ya quede instalado Nextcloud dentro de dicho almacenamiento.
– Usando un 2do HDD dentro del mismo Proxmox haremos lo siguiente:
Apagamos el contenedor:
poweroff
Nos conectamos al host Proxmox y realizamos estos pasos.
Asumiremos que usted solo tiene conectado el HDD sin montar y el sistema lo nombró sdb, en caso de tenerlo ya montado desmóntelo y use la ruta /nextcloud-data (o la que especificó en dicho paso).
Listamos los HDD
lsblk -fm
NAME FSTYPE LABEL UUID MOUNTPOINT NAME SIZE OWNER GROUP MODE
sda sda 298,1G root disk brw-rw----
├─sda1 ext4 456601bc-efa4-450c-b380-2441e3a351f0 / ├─sda1 294,1G root disk brw-rw----
├─sda2 ├─sda2 1K root disk brw-rw----
└─sda5 swap a964f87b-4f06-4a08-bafb-e5f29ca049f8 [SWAP] └─sda5 4G root disk brw-rw----
sdb ext4 d515e96b-d282-4ae2-9776-385e447e67fd sdb 931,5G root disk brw-rw----
Si como dijimos, no lo tiene montado, en la parte de MountPoint para sdb no saldrá nada.
(Si el HDD es nuevo) Formateamos el HDD en Ext4:
mkfs.ext4 /dev/sdb
Creamos un directorio en el cual montaremos el nuevo HDD. Montamos y corregimos permisos:
mkdir /nextcloud-data
mount /dev/sdb /nextcloud-data/
chown -R www-data:www-data /nextcloud-data
Modificamos el archivo de configuración de nuestro contenedor (sustituir ID):
nano /etc/pve/lxc/ID.conf
Debajo de la línea memory agregamos lo siguiente:
mp0: /nextcloud-data,mp=/nextcloud-data
Nota.- Directorio de Proxmox mapeado a la carpeta /nextcloud-data del contenedor. La información la guardarás directamente en el 2do HDD del Proxmox.
Listo! Iniciamos el contenedor nuevamente y continuamos con la Instalación del Nextcloud.
– Usando un compartido NFS:
Apagamos el contenedor:
poweroff
Si usted tiene un servidor NFS en su red también puede usarlo para guardar los datos de su Nextcloud. Para ello realizamos estos pasos.
Asumiremos que usted sabe trabajar con su servidor NFS (nfs-kernel-server), que ya creó el directorio que va a compartir y modificó el archivo /etc/exports del NFS donde agrego el IP de su servidor Nextcloud.
Un ejemplo de lo que se debería agregar al exports:
/nextcloud-data/ 192.168.2.2(rw,no_wdelay,async,no_root_squash,no_subtree_check)
Luego de esto le realizaremos unos cambios al APP ARMOR del host Proxmox donde se encuentra nuestro Nextcloud para que los Contenedores puedan conectarse al NFS.
Para ello tenemos dos opciones: a mano, o por la web de Proxmox.
– A mano:
Si su Proxmox es versión 4.4.x:
nano /etc/apparmor.d/lxc/lxc-default-cgns
Y agregamos antes del “}” final:
allow mount fstype=nfs,
allow mount fstype=nfs4,
allow mount fstype=rpc_pipefs,
Si su Proxmox es versión 5.2.x:
nano /etc/apparmor.d/lxc/lxc-default-cgns
Agregamos antes del “}” final:
mount fstype=nfs,
mount fstype=nfs4,
mount fstype=rpc_pipefs,
Si su Proxmox es versión 6.x.x:
Como dijimos al inicio el CT debe tener privilegios sino no conecta con el servidor NFS.
Realice los mismos pasos que la versión 5. Y además en el archivo de configuración del contenedor:
nano /etc/pve/lxc/ID.conf
Agregamos las siguientes líneas al final:
lxc.apparmor.profile: lxc-default-cgns
lxc.apparmor.profile: unconfined
– Por la web de Proxmox
Pinchar en el ID de nuestro CT > Options > Features > Marcar NFS.
Luego de acomodar el APP ARMOR instalamos el cliente NFS en el contenedor de Nextcloud:
apt install nfs-common
Creamos el archivo rc.local si no está, y le agregamos el comando para que monte el compartido del NFS cuando se inicie:
nano /etc/rc.local
Agregarle:
# !/bin/bash
mount -t nfs 192.168.2.1:/nextcloud-data /nextcloud-data
exit 0
Y le damos los permisos correspondientes:
chmod -R 755 /etc/rc.local
Iniciamos el contenedor y revisamos si se montó bien el compartido con el siguiente comando:
lsblk -fm
NAME FSTYPE LABEL UUID MOUNTPOINT NAME SIZE OWNER GROUP MODE
sdb /nextcloud-data sdb 931.5G
Ahí tenemos nuestro compartido NFS listo para utilizar.
Continuamos con la instalación…
Instala Nextcloud silenciosamente:
Información:
-database-name “nextcloud”: La creamos anteriormente configurando base de datos y usuario.
-database-user “nextcloud”: Lo creamos anteriormente configurando base de datos y usuario.
-database-pass “passw0rd”: La conexion es por sock, no importa lo que pongamos.
-admin-user “UsuarioAdmin”: Nombre de usuario para administrar Nextcloud, el que guste.
-admin-pass “PasswordAdmin”: Contraseña del usuario de administración, la que guste.
-data-dir “/nextcloud-data”: Si modificaste al inicio del manual esta dirección, sustituyala.
sudo -u www-data php /var/www/nextcloud/occ maintenance:install --database "mysql" --database-name "nextcloud" --database-user "nextcloud" --database-pass "passw0rd" --admin-user "UsuarioAdmin" --admin-pass "PasswordAdmin" --data-dir "/nextcloud-data"
Mejorando la configuración de Nexcloud:
Agregamos dominio e IP de confianza:
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ config:system:set trusted_domains 0 --value=nextcloud.dominio.cu'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value=192.168.2.2'
Sobrescriba la URL con su dominio:
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=<https://nextcloud.dominio.cu>'
Hacemos una copia de la configuración:
cp /var/www/nextcloud/config/config.php /var/www/nextcloud/config/config.php.bak
Amplía tu config.php de Nextcloud:
``` bash
sed -i 's/^[ ]*//' /var/www/nextcloud/config/config.php && sed -i '/);/d' /var/www/nextcloud/config/config.php
cat <<EOF >>/var/www/nextcloud/config/config.php
'activity_expire_days' => 14,
'auth.bruteforce.protection.enabled' => true,
'blacklisted_files' =>
array (
0 => '.htaccess',
1 => 'Thumbs.db',
2 => 'thumbs.db',
),
'cron_log' => true,
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\XBitmap',
5 => 'OC\\Preview\\Movie',
6 => 'OC\\Preview\\PDF',
7 => 'OC\\Preview\\MP3',
8 => 'OC\\Preview\\TXT',
9 => 'OC\\Preview\\MarkDown',
),
'filesystem_check_changes' => 0,
'filelocking.enabled' => 'true',
'htaccess.RewriteBase' => '/',
'integrity.check.disabled' => false,
'knowledgebaseenabled' => false,
'logfile' => '/var/nc_data/nextcloud.log',
'loglevel' => 2,
'logtimezone' => 'America/Havana',
'log_rotate_size' => 104857600,
'maintenance' => false,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'overwriteprotocol' => 'https',
'preview_max_x' => 1024,
'preview_max_y' => 768,
'preview_max_scale_factor' => 1,
'redis' =>
array (
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
'timeout' => 0.0,
),
'quota_include_external_storage' => false,
'share_folder' => '/Shares',
'skeletondirectory' => '',
'theme' => '',
'trashbin_retention_obligation' => 'auto, 7',
'updater.release.channel' => 'stable',
'force_language' => 'es',
);
EOF
```
Notas:
– El sock de Redis está descomentado para usarse en Debian 10. Si instalaste en un CT Debian 9 comenta el otro y descomenta para esta versión.
– Usé el párametro 'force_language' => 'es', para forzar el lenguaje a Español, puedes comentar la línea y que cada usuario elija el idioma; por defecto inicia en Ingles.
sudo -u www-data sed -i "s/.*dbhost.*/\'dbhost\' \=\>\ \'localhost\:\/var\/run\/mysqld\/mysqld\.sock\'\,/g" /var/www/nextcloud/config/config.php
Edita el .user.ini de Nextcloud:
sudo -u www-data sed -i "s/output_buffering=.*/output_buffering='Off'/" /var/www/nextcloud/.user.ini
Reinicia servicios:
service nginx stop && service php8.1-fpm stop && service mysql restart && service php8.1-fpm restart && service redis-server restart && service nginx restart
Ajustar aplicaciones de Nextcloud:
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ app:disable survey_client' && su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ app:disable firstrunwizard' && su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ app:enable admin_audit' && su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ app:enable files_pdfviewer'
Añadir cronjobs para www-data:
crontab -u www-data -e
Si nos pide seleccionar el editor escogemos «nano» que es la opcion 1
Agrega:
*/5* ** * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1
Configurar Nextcloud para que use cron.php:
sudo -u www-data php /var/www/nextcloud/occ background:cron
sudo -u www-data php /var/www/nextcloud/occ background:cron
Optimiza y Actualiza Nextcloud:
cd /root
nano /root/upgrade.sh
# !/bin/bash
/usr/sbin/service nginx stop
sudo -u www-data php /var/www/nextcloud/updater/updater.phar
sudo -u www-data php /var/www/nextcloud/occ status
sudo -u www-data php /var/www/nextcloud/occ -V
sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices
sudo -u www-data php /var/www/nextcloud/occ db:add-missing-columns
sudo -u www-data php7.4 /var/www/nextcloud/occ db:add-missing-primary-keys
sudo -u www-data php /var/www/nextcloud/occ db:convert-filecache-bigint
sed -i "s/output_buffering=.*/output_buffering='Off'/" /var/www/nextcloud/.user.ini
chown -R www-data:www-data /var/www/nextcloud
redis-cli -s /var/run/redis/redis-server.sock <<EOF
FLUSHALL
quit
EOF
sudo -u www-data php /var/www/nextcloud/occ files:scan --all
sudo -u www-data php /var/www/nextcloud/occ files:scan-app-data
sudo -u www-data php /var/www/nextcloud/occ app:update --all
/usr/sbin/service php7.4-fpm restart
/usr/sbin/service nginx restart
exit 0
Salva y marca como ejecutable:
chmod +x /root/upgrade.sh
Ejecutelo:
/root/upgrade.sh
Notas.- Si nos pide «Convertir columnas» le damos «Y».
Si el actualizador encuentra una versión nueva le saldrán los siguientes pasos:
– Nos preguntará si queremos iniciar la actualización «Y»
– Una ves que termine el proceso nos dirá si queremos mantener el «Modo Mantenimiento» activado, le damos «N»
– Nos logueamos y verificamos que todo este OK.
Inicia sesión en tu nuevo servidor de Nextcloud:
<https://nextcloud.dominio.cu/login> o <https://192.168.2.2/login>
Usuario = nextcloud (El que especificamos instalando Nextcloud silenciosamente)
Password= passw0rd (El que especificamos instalando Nextcloud silenciosamente)
Vamos al apartado «Configuración» pinchando en el icono de engranaje en la parte superior derecha.
Luego pinchamos en «Vista General» y revisamos el apartado «Avisos de seguridad y configuración«.
Si dice «Ha pasado todos los controles» pues genial, no nos queda nada por hacer.
Si dice «Hace mas de ‘X’ años que no se ejecutan los cron jobs» no te preocupes, dale varios minutos para que se ejecuten los que agregamos durante la instalación y la alerta desaparecerá.
Si dice «El servidor no tiene conexión a internet» pues es algo muy evidente.
Ahora pasaremos a conectar dicho servidor con nuestro Dominio, y arreglaremos las carpetas de los usuarios para que nos muestre el nombre y no el UUID.
Una vez iniciada sesión como administrador vamos al apartado «Aplicaciones» y activamos «LDAP user and group backend».
Luego vamos a «Configuración > Integración LDAP / AD» y comenzamos con la configuración.
En el apartado «Servidor«:
Servidor = IP o DNS de nuestro AD, y luego le damos al botón «Detectar puerto» (debe ponernos el 389).
DN Usuario = DN del usuario que usaremos para conectar con el AD (no tiene que ser administrador).
Contraseña = Contraseña de dicho Usuario, y le damos al botón de «Guardar credenciales».
DN Base = Podemos poner cuantos DN de usuarios queramos, uno por línea. Al terminar le damos a «Probar Base DN» y debe darnos «Configuración correcta» en verde debajo.
Nota:- Apóyese del «Editor ADSI» o «samba-tools» para sacar los DN correctamente.
Aquí les muestro un ejemplo:
En el apartado «Usuarios«:
Este apartado lo dejé por defecto, aquí no realicé ningún cambio.
En el apartado «Atributos de inicio de sesión«:
Este apartado lo dejé por defecto. Viene marcada la opción de «Usuario LDAP / AD» así que no necesité cambiar nada.
En el apartado «Grupos«:
En este apartado si deseas usar grupos para tu Nextcloud pues aquí seleccionas cuales.
En el apartado «Avanzado» (ala derecha):
Este apartado lo dejé por defecto, aquí no realicé ningún cambio.
En el apartado «Experto» (a la derecha):
Aquí es donde modificaremos para que en vez del UUID del usuario (en las carpetas de Nextcloud) nos muestre solo el nombre.
Realiza los siguientes cambios en los tres campos y borre las asignaciones:
Luego pincha en «Configuración de prueba» y debe mostrarte «Configuración válida ¡Conexión establecida!»
Una vez terminados estos pasos conéctate al servidor, verás que salen las carpetas con los nombres de todos los usuarios de tu dominio, las cuales se irán llenando de documentos a medida que estos copien cosas dentro.
Nota:- Si aparecen las carpetas con el UUID y las de usuario puedes borrar tranquilamente las del UUID. Por supuesto, con mucho cuidado.
Y nada más, a crear usuarios. Que aproveche!
...@@ -52,3 +52,6 @@ git clone --depth=1 https://github.com/mattmc3/antidote.git ${ZDOTDIR:-~}/.antid ...@@ -52,3 +52,6 @@ git clone --depth=1 https://github.com/mattmc3/antidote.git ${ZDOTDIR:-~}/.antid
zsh-you-shuould-use zsh-you-shuould-use
https://github.com/MichaelAquilina/zsh-you-should-use.git https://github.com/MichaelAquilina/zsh-you-should-use.git
git@git.code.tecnalia.com:miguel.prada/rosem.git
git@git.code.tecnalia.com:miguel.prada/gitlab_templates.git
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment