Not so long ago – almost 2 years from now – I wrote about setting up Nextcloud 13 on FreeBSD.

Today Nextcloud is at 17 version and the configuration that worked two years ago requires some tweaks.

This guide will not cover the same information that is available in earlier Nextcloud 13 on FreeBSD article like settings to run Nextcloud inside FreeBSD Jail. Please refer to that earpier article for these settings.

Today we will use these as backends for Nextcloud 17.

PostgreSQL 12

PHP 7.3

Nginx 1.14 (with php-fpm )

) Memcached 1.5.19

As Nextcloud in FreeBSD packages comes with MySQL and without PostgreSQL support we will need to build it from source using FreeBSD Ports.

Settings

Let’s fetch the latest FreeBSD Ports tree.

# rm -r /var/db/portsnap # mkdir /var/db/portsnap # portsnap auto

Now we need to configure needed options in the /etc/make.conf file.

# cat /etc/make.conf WRKDIRPREFIX=${PORTSDIR}/obj DEFAULT_VERSIONS+= php=7.3 DEFAULT_VERSIONS+= pgsql=12 OPTIONS_UNSET+= MYSQL OPTIONS_SET+= PGSQL OPTIONS_SET+= IMAGICK OPTIONS_SET+= PCNTL OPTIONS_SET+= SMB OPTIONS_SET+= REDIS

Packages and Ports

First we will add some basic tools and things like PostgreSQL still using FreeBSD packages to save tome time instead of compiling them.

# pkg install \ sudo \ portmaster \ beadm \ lsblk \ postgresql12-client \ postgresql12-server \ nginx \ memcached \ php73-pecl-memcached

Now we will compile Nextcloud and its dependencies using FreeBSD Ports – but with portmaster .

# env BATCH=yes portmaster \ databases/php73-pdo_pgsql \ databases/php73-pgsql \ www/nextcloud

PostgreSQL

We will now configure the FreeBSD’s Login Class for PostgreSQL database in the /etc/login.conf file.

# cat /etc/login.conf postgres:\ :lang=en_US.UTF-8:\ :setenv=LC_COLLATE=C:\ :tc=default: EOF # cap_mkdb /etc/login.conf

… and PostgreSQL settings in main FreeBSD’s configuration /etc/rc.conf file.

# grep postgresql /etc/rc.conf postgresql_enable=YES postgresql_class=postgres postgresql_data=/var/db/postgres/data12

Let’s initialize the PostgreSQL database.

# /usr/local/etc/rc.d/postgresql initdb The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locales COLLATE: C CTYPE: en_US.UTF-8 MESSAGES: en_US.UTF-8 MONETARY: en_US.UTF-8 NUMERIC: en_US.UTF-8 TIME: en_US.UTF-8 The default text search configuration will be set to "english". Data page checksums are disabled. fixing permissions on existing directory /var/db/postgres/data12 ... ok creating subdirectories ... ok selecting dynamic shared memory implementation ... posix selecting default max_connections ... 100 selecting default shared_buffers ... 128MB selecting default time zone ... Europe/Warsaw creating configuration files ... ok running bootstrap script ... ok performing post-bootstrap initialization ... ok syncing data to disk ... ok initdb: warning: enabling "trust" authentication for local connections You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb. Success. You can now start the database server using: /usr/local/bin/pg_ctl -D /var/db/postgres/data12 -l logfile start

As PostgreSQL database uses 8k blocks let’s set it in ZFS. We could of course create dedicated dataset for this purpose if needed.

# zfs set recordsize=8k zroot/ROOT/default

Now, let’s start the PostgreSQL database.

# /usr/local/etc/rc.d/postgresql start 2019-12-31 11:47:04.918 CET [36089] LOG: starting PostgreSQL 12.1 on amd64-portbld-freebsd12.0, compiled by FreeBSD clang version 6.0.1 (tags/RELEASE_601/final 335540) (based on LLVM 6.0.1), 64-bit 2019-12-31 11:47:04.918 CET [36089] LOG: listening on IPv6 address "::1", port 5432 2019-12-31 11:47:04.918 CET [36089] LOG: listening on IPv4 address "127.0.0.1", port 5432 2019-12-31 11:47:04.919 CET [36089] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432" 2019-12-31 11:47:04.928 CET [36089] LOG: ending log output to stderr 2019-12-31 11:47:04.928 CET [36089] HINT: Future log output will go to log destination "syslog".

We will now create PostgreSQL database for our Nextcloud instance.

# psql -hlocalhost -Upostgres psql (12.1) Type "help" for help. postgres=# CREATE USER nextcloud WITH PASSWORD 'NEXTCLOUD_DB_PASSWORD'; CREATE ROLE postgres=# CREATE DATABASE nextcloud TEMPLATE template0 ENCODING 'UNICODE'; CREATE DATABASE postgres=# ALTER DATABASE nextcloud OWNER TO nextcloud; ALTER DATABASE postgres=# \q

Keep in mind to put something more sophisticated in the NEXTCLOUD_DB_PASSWORD place.

PostgreSQL Cleanup and Indexing Script

Lets automate some PostgreSQL housekeeping.

# mkdir -p /var/db/postgres/bin # chown postgres /var/db/postgres/bin # vi /var/db/postgres/bin/vacuum.sh #! /bin/sh /usr/local/bin/vacuumdb -az 1> /dev/null 2> /dev/null /usr/local/bin/reindexdb -a 1> /dev/null 2> /dev/null /usr/local/bin/reindexdb -s 1> /dev/null 2> /dev/null :wq # cat /var/db/postgres/bin/vacuum.sh #! /bin/sh /usr/local/bin/vacuumdb -az 1> /dev/null 2> /dev/null /usr/local/bin/reindexdb -a 1> /dev/null 2> /dev/null /usr/local/bin/reindexdb -s 1> /dev/null 2> /dev/null # chown postgres /var/db/postgres/bin/vacuum.sh # chmod +x /var/db/postgres/bin/vacuum.sh # su - postgres -c 'crontab -e' 0 0 * * * /var/db/postgres/bin/vacuum.sh :wq /tmp/crontab.JMg5BfT5HV: 2 lines, 42 characters. crontab: installing new crontab # su - postgres -c 'crontab -l' 0 0 * * * /var/db/postgres/bin/vacuum.sh # su - postgres -c '/var/db/postgres/bin/vacuum.sh'

Nginx

Now its time for Nginx webserver.

# chown -R www:www /var/log/nginx # ls -l /var/log/nginx total 3 -rw-r----- 1 www www 64 2019.12.31 00:00 access.log -rw-r----- 1 www www 133 2019.12.31 00:00 access.log.0.bz2 -rw-r----- 1 www www 64 2019.12.31 00:00 error.log -rw-r----- 1 www www 133 2019.12.31 00:00 error.log.0.bz2

… and its main nginx.conf configuration file.

# cat /usr/local/etc/nginx/nginx.conf user www; worker_processes 4; worker_rlimit_nofile 51200; error_log /var/log/nginx/error.log; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" '; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; upstream php-handler { server 127.0.0.1:9000; } server { # ENFORCE HTTPS listen 80; server_name nextcloud.domain.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name nextcloud.domain.com; ssl_certificate /usr/local/etc/nginx/ssl/ssl-bundle.crt; ssl_certificate_key /usr/local/etc/nginx/ssl/server.key; # HEADERS SECURITY RELATED add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header Referrer-Policy "no-referrer"; # HEADERS add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # PATH TO THE ROOT OF YOUR INSTALLATION root /usr/local/www/nextcloud/; location = /robots.txt { allow all; log_not_found off; access_log off; } location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } # BUFFERS TIMEOUTS UPLOAD SIZES client_max_body_size 16400M; client_body_buffer_size 1048576k; send_timeout 3000; # ENABLE GZIP BUT DO NOT REMOVE ETag HEADERS gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; location / { rewrite ^ /index.php$request_uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; fastcgi_keep_conn off; fastcgi_buffers 16 256K; fastcgi_buffer_size 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_send_timeout 3000s; fastcgi_read_timeout 3000s; fastcgi_connect_timeout 3000s; } location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } # ADDING THE CACHE CONTROL HEADER FOR JS AND CSS FILES # MAKE SURE IT IS BELOW PHP BLOCK location ~ \.(?:css|js|woff2?|svg|gif)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=15778463"; # HEADERS SECURITY RELATED # IT IS INTENDED TO HAVE THOSE DUPLICATED TO ONES ABOVE add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; # HEADERS add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # OPTIONAL: DONT LOG ACCESS TO ASSETS access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # OPTIONAL: DONT LOG ACCESS TO OTHER ASSETS access_log off; } } }

OpenSSL HTTPS Certificates

We will generate a certificates needed for HTTPS service for Nextcloud.

# mkdir -p /usr/local/etc/nginx/ssl # cd /usr/local/etc/nginx/ssl # openssl genrsa -des3 -out server.key 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ............+++++ ....+++++ e is 65537 (0x010001) Enter pass phrase for server.key: SERVER_KEY_PASSWORD Verifying - Enter pass phrase for server.key: SERVER_KEY_PASSWORD

As usual use something more sensible then SERVER_KEY_PASSWORD string here 🙂

# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:PL State or Province Name (full name) [Some-State]:lodzkie Locality Name (eg, city) []:Lodz Organization Name (eg, company) [Internet Widgits Pty Ltd]:Vermaden Enterprises Ltd. Organizational Unit Name (eg, section) []:IT Department Common Name (e.g. server FQDN or YOUR name) []:nextcloud.domain.com Email Address []:vermaden@interia.pl Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # cp server.key server.key.orig # openssl rsa -in server.key.orig -out server.key Enter pass phrase for server.key.orig: SERVER_KEY_PASSWORD writing RSA key # ls -l /usr/local/etc/nginx/ssl total 7 -rw-r--r-- 1 root wheel 1151 2019.12.31 12:39 server.csr -rw------- 1 root wheel 1679 2019.12.31 12:41 server.key -rw------- 1 root wheel 1751 2019.12.31 12:40 server.key.orig # openssl x509 -req -days 7000 -in server.csr -signkey server.key -out server.crt Signature ok subject=C = PL, ST = lodzkie, L = Lodz, O = Vermaden Enterprises Ltd., OU = IT Department, CN = nextcloud.domain.com, emailAddress = vermaden@interia.pl Getting Private key # ln -s /usr/local/etc/nginx/ssl/server.crt /usr/local/etc/nginx/ssl/ssl-bundle.crt

PHP

Here is the used PHP configuration with up to 16GB files for Nextcloud.

# grep '^[^;]' /usr/local/etc/php.ini [PHP] max_input_time=3600 engine = On short_open_tag = On precision = 14 output_buffering = OFF zlib.output_compression = Off implicit_flush = Off unserialize_callback_func = serialize_precision = 17 disable_functions = disable_classes = zend.enable_gc = On expose_php = On max_execution_time = 3600 max_input_time = 30000 memory_limit = 1024M error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT display_errors = Off display_startup_errors = Off log_errors = On log_errors_max_len = 1024 ignore_repeated_errors = Off ignore_repeated_source = Off report_memleaks = On track_errors = Off html_errors = On error_log = /var/log/php.log variables_order = "GPCS" request_order = "GP" register_argc_argv = Off auto_globals_jit = On post_max_size = 16400M auto_prepend_file = auto_append_file = default_mimetype = "text/html" default_charset = "UTF-8" doc_root = user_dir = enable_dl = Off file_uploads = On upload_max_filesize = 16400M max_file_uploads = 64 allow_url_fopen = On allow_url_include = Off default_socket_timeout = 300 [CLI Server] cli_server.color = On [Date] date.timezone = Europe/Warsaw [filter] [iconv] [intl] [sqlite3] [Pcre] [Pdo] [Pdo_mysql] pdo_mysql.cache_size = 2000 pdo_mysql.default_socket= [Phar] [mail function] SMTP = localhost smtp_port = 25 mail.add_x_header = On [SQL] sql.safe_mode = Off [ODBC] odbc.allow_persistent = On odbc.check_persistent = On odbc.max_persistent = -1 odbc.max_links = -1 odbc.defaultlrl = 4096 odbc.defaultbinmode = 1 [Interbase] ibase.allow_persistent = 1 ibase.max_persistent = -1 ibase.max_links = -1 ibase.timestampformat = "%Y-%m-%d %H:%M:%S" ibase.dateformat = "%Y-%m-%d" ibase.timeformat = "%H:%M:%S" [MySQLi] mysqli.max_persistent = -1 mysqli.allow_persistent = On mysqli.max_links = -1 mysqli.cache_size = 2000 mysqli.default_port = 3306 mysqli.default_socket = mysqli.default_host = mysqli.default_user = mysqli.default_pw = mysqli.reconnect = Off [mysqlnd] mysqlnd.collect_statistics = On mysqlnd.collect_memory_statistics = Off [OCI8] [PostgreSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0 [bcmath] bcmath.scale = 0 [browscap] [Session] session.save_handler = files session.save_path = "/tmp" session.use_strict_mode = 0 session.use_cookies = 1 session.use_only_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.cookie_httponly = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 1000 session.gc_maxlifetime = 1440 session.referer_check = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 session.hash_function = 0 session.hash_bits_per_character = 5 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" [Assertion] zend.assertions = -1 [COM] [mbstring] [gd] [exif] [Tidy] tidy.clean_output = Off [soap] soap.wsdl_cache_enabled=1 soap.wsdl_cache_dir="/tmp" soap.wsdl_cache_ttl=86400 soap.wsdl_cache_limit = 5 [sysvshm] [ldap] ldap.max_links = -1 [mcrypt] [dba] [opcache] opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1 [curl] [openssl]

PHP PostgreSQL Database Settings

Below are needed to make PHP work with PostgreSQL database.

# cat /usr/local/etc/php/ext-20-pgsql.ini extension=pgsql.so # cat /usr/local/etc/php/ext-20-pgsql.ini [PostgresSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0 EOF # cat /usr/local/etc/php/ext-20-pgsql.ini extension=pgsql.so [PostgresSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0

… and the second one.

# cat /usr/local/etc/php/ext-30-pdo_pgsql.ini extension=pdo_pgsql.so # cat /usr/local/etc/php/ext-30-pdo_pgsql.ini [PostgresSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0 EOF # cat /usr/local/etc/php/ext-30-pdo_pgsql.ini extension=pdo_pgsql.so [PostgresSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0

PHP FPM

Now the PHP FPM daemon.

# grep '^[^;]' /usr/local/etc/php-fpm.conf [global] pid = run/php-fpm.pid error_log = log/php-fpm.log syslog.facility = daemon include=/usr/local/etc/php-fpm.d/*.conf # touch /var/log/php-fpm.log # chown www:www /var/log/php-fpm.log # grep '^[^;]' /usr/local/etc/php-fpm.d/www.conf [www] user = www group = www listen = 127.0.0.1:9000 listen.backlog = -1 listen.owner = www listen.group = www listen.mode = 0660 listen.allowed_clients = 127.0.0.1 pm = static pm.max_children = 8 pm.start_servers = 4 pm.min_spare_servers = 4 pm.max_spare_servers = 32 pm.process_idle_timeout = 1000s; pm.max_requests = 500 request_terminate_timeout = 0 rlimit_files = 51200 env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp

Start Backend Services

We will now start all ‘backend’ services needed for Nextcloud.

# service postgresql start 2020-01-02 13:18:05.970 CET [52233] LOG: starting PostgreSQL 12.1 on amd64-portbld-freebsd12.0, compiled by FreeBSD clang version 6.0.1 (tags/RELEASE_601/final 335540) (based on LLVM 6.0.1), 64-bit 2020-01-02 13:18:05.974 CET [52233] LOG: listening on IPv6 address "::1", port 5432 2020-01-02 13:18:05.974 CET [52233] LOG: listening on IPv4 address "127.0.0.1", port 5432 2020-01-02 13:18:05.975 CET [52233] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432" 2020-01-02 13:18:06.024 CET [52233] LOG: ending log output to stderr 2020-01-02 13:18:06.024 CET [52233] HINT: Future log output will go to log destination "syslog". # service postgresql status pg_ctl: server is running (PID: 36089) /usr/local/bin/postgres "-D" "/var/db/postgres/data12" # service php-fpm start Performing sanity check on php-fpm configuration: [02-Jan-2020 13:16:50] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful Starting php_fpm. # service php-fpm status php_fpm is running as pid 52193. # service memcached start Starting memcached. # service memcached status memcached is running as pid 52273. # service nginx start Performing sanity check on nginx configuration: nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful Starting nginx.

Nextcloud Configuration

I created a link named /data to the Nextcloud data directory located at /usr/local/www/nextcloud/data place.

# ln -s /usr/local/www/nextcloud/data /data

The we use Firefox or other web browser to finish the Nextcloud configuration.

Type https://1.2.3.4 in the browser where 1.2.3.4 is your Nextcloud instance IP address.

I am sorry but the following image is in the Polish language – I forgot to change it to English … but I assume you will what to put in these fields by context.

After we finish the setup we go straight to Nextcloud Overview page at https://1.2.3.4/settings/admin/serverinfoto page to see what else needs to be taken care of.

Two issues needs to be addressed. One is about Nginx configuration, the other is about PostgreSQL, let’s fix them.

We will add needed header to the Nginx configuration file.

# diff -u /usr/local/etc/nginx/nginx.conf.OLD /usr/local/etc/nginx/nginx.conf --- /usr/local/etc/nginx/nginx.conf.OLD 2020-01-02 14:21:58.359398000 +0100 +++ /usr/local/etc/nginx/nginx.conf 2020-01-02 14:21:42.823426000 +0100 @@ -46,6 +46,7 @@ add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Frame-Options "SAMEORIGIN"; # PATH TO THE ROOT OF YOUR INSTALLATION root /usr/local/www/nextcloud/; # service nginx reload Performing sanity check on nginx configuration: nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful

… and update the PostgreSQL convertion.

# sudo -u www /usr/local/bin/php /usr/local/www/nextcloud/occ db:convert-filecache-bigint Following columns will be updated: * mounts.storage_id * mounts.root_id * mounts.mount_id This can take up to hours, depending on the number of files in your instance! Continue with the conversion (y/n)? [n] y

Viola! Both of our problems are gone now.

Trusted Domains

When you will enter the Nextcloud using different domain you will get a warning about that.

To add new Trusted Domain to the Nextcloud config do the following.

Here is how it looks before changes.

# grep -A 3 trusted /usr/local/www/nextcloud/config/config.php 'trusted_domains' => array ( 0 => '1.2.3.4', ),

We will now add nextcloud.domain.com domain.

# vi /usr/local/www/nextcloud/config/config.php # grep -A 4 trusted /usr/local/www/nextcloud/config/config.php 'trusted_domains' => array ( 0 => '1.2.3.4', 1 => 'nextcloud.domain.com', ),

You can of course add more with successive numbers.

# grep -A 5 trusted /usr/local/www/nextcloud/config/config.php 'trusted_domains' => array ( 0 => '1.2.3.4', 1 => 'nextcloud.domain.com', 2 => 'cloud.domain.com', ),

This is the end of this guide. Feel free to share your thougths 🙂

Log Rotation with Newsyslog

Newsyslog is part of FreeBSD’s base system. We will add Nextcloud and backend daemons log files to Newsyslog configuration so they will be rotated.

# cat /etc/newsyslog.conf /data/nextcloud.log www:www 640 7 * @T00 JC /usr/local/www/nextcloud/data/nextcloud.log www:www 640 7 * @T00 JC /var/log/php-fpm.log www:www 640 7 * @T00 JC /var/log/nginx/error.log www:www 640 7 * @T00 JC /var/log/nginx/access.log www:www 640 7 * @T00 JC EOF

Now you will not run out of free space when logs will grow in time.

EOF