IMPORTANT: The contents of this blog post are a detailed explanation of NextCloudPi. However, the main landing page of the project is now nextcloudpi.com and that is the place where information will be kept up to date.

I would like to introduce NextCloudPi, ready to use Raspbian 9 image with the latest Nextcloud 13.

NextCloudPi is now also available as an ARM or x86 docker container ( NEW 06-08-2017 )

NextCloudPi can now also be installed on any Debian 9 system ( NEW 11-12-2017 )

NextCloudPi can also be built for Armbian supported boards, like the Odroid HC1 ( NEW 12-04-2017 ).

NextCloudPi is an official NextCloud community project as of 05-31-2017.

Features:

Debian 9 stretch

Nextcloud 13.0.2

Apache 2.4.25, with HTTP2 enabled

PHP 7.0 (double the speed of PHP5!)

MariaDB 10

Redis memory cache ( NEW 11-12-2017 )

4.9 Linux Kernel ( NEW 03-13-2017 )

Automatic redirection to HTTPS

ACPU PHP cache

PHP Zend OPcache enabled with file cache

HSTS

Cron jobs for Nextcloud

Sane configuration defaults

Pre-installed popular Apps for home use ( calendar, contacts, notes, tasks, news … )

Full emoji support ( NEW 05-24-2017 )

Postfix email

Secure

Extras:

Extras are not activated by default. Configure them with sudo nextcloudpi-config

Get it

Please, if possible use and share the torrent to keep the hosting costs down.

At this moment, the images do not provide a desktop environment, though it can be added through apt.

Please, report any issues here.

Use the official forums to ask questions, opinions and participate.

Please, before asking technical questions in the forums, take a look at the FAQ and the wiki.

We need your help! There are many easy things that you can do to contribute.

Installation

NEW: you can follow the installation and setup steps in the Wiki

SD card for the Raspberry Pi

Follow the classic instructions to copy the image to an SD card.

tar -xvf NextCloudPi-lite_02-12-17.tar.bz2 sudo dd bs=4M if=NextCloudPi-lite_02-12-17.img of=/dev/sdx

Replace sdx to your SD card device.

Windows users can install the image with Etcher as explained in this post.

Installer

You can install it in any architecture running the latest Debian with

# curl -sSL https://raw.githubusercontent.com/nextcloud/nextcloudpi/master/install.sh | bash

Usage

NEW: you can follow the installation and setup steps in the Wiki

Connectivity and basic setup

Upon first boot, you should do the usual, such as change the default Raspbian password, maybe configure the network connection, enlarge the partition with raspi-config , and enable SSH if you so desire.

If you are going to connect though a network cable, make sure it is plugged in before turning the Raspberry Pi on. If you are doing manual configuration of the network, such as setting up a static IP, reboot when you are done so that NextCloudPi can detect it.

In many cases you can just access by typing nextcloudpi.local in your browser. Otherwise, you need to discover what is your Raspberry Pi IP address. For this, you can use a network scanner such as nmap

$ nmap -sP '192.168.0.*' Starting Nmap 7.50 ( https://nmap.org ) at 2017-07-24 17:30 CEST Nmap scan report for 192.168.0.131 Host is up (0.017s latency). Nmap done: 256 IP addresses (1 hosts up) scanned in 3.33 seconds

, or you can read it from the screen if you have an HDMI monitor connected during power on. If you use Windows, you can use Angry IP Scanner.

You can connect to your home Wi-Fi through nextcloudpi-config

You can access your private Nextcloud just typing the IP or URL in the navigation bar of your browser. It will redirect you to the HTTPS site

https://<rpi_ip_or_url>

The admin user is ncp, and the default password is ownyourbits. Login to create users, change default password and other configurations.

You can access the NextCloudPi web panel in HTTPS port 4443. The username is ncp and the password is ownyourbits.

https://<rpi_ip_or_url>:4443

The first run, the easiest is to run the configuration wizard. This is the whole process

USB external drive

By default, your data will be kept in your SD card. You will probably want to connect an external USB drive to your Raspberry Pi in order to host your files.

First, you can format your external drive with the nc-format-USB feature. FAT32 or NTFS filesystems are not supported.

Then, you can enable the nc-automount feature. This will result in your drives being auto-mounted to /media

Finally, set your Nextcloud data folder in the drive using nc-datadir.

Access from outside

In order to access your private cloud from the internet, you should setup a Dynamic DNS, so you can use a domain name that doesn’t change with your public IP.

I use no-ip free plan for my DDNS. The no-ip service is integrated in NextCloudPi.

Also, you need to setup port forwarding in your router so your router sends connections to your Raspberry Pi. For this, you can use the nc-forward-ports feature ( details ).

You can explore some alternative ways of accessing your files in this post.

Get a trusted certificate

If you want to avoid the “Untrusted Certificate” warning and make everyone’s life easier, get a Let’s Encrypt signed certificate for your DNS domain through nextcloudpi-config or the web interface.

More extras

You can activate and configure the system and any extras from the web interface.

You can also do so from the command line with

sudo nextcloudpi-config

Follow the wiki or the dedicated posts on this blog for details on each entry.

Apache logs for Nextcloud are located at /var/www/nextcloud/data/{access,error}.log .

Updating

Please, keep in mind that you will be exposing your own private data to the internet and you are the only person responsible for its security. Update your system frequently to get the latest security updates.

Upon login, you will be notified for new NextCloudPi updates

in order to upgrade to the latest version, type

sudo ncp-update

Try it on QEMU first

You can try NextCloudPi first with qemu-pi.sh from the last post

sudo ./qemu-pi.sh NextCloudPi_03-13-17.img

Details

Nextcloud is awesome. It allows us to own and control our information without relying on external companies. These companies could change things outside of our control or even shut down the service and we realize only too late that we do not own the software that we use. Nextcloud is certainly a huge tool to protect our privacy and our data.

The big issue though is that it is a web service, so it needs to run on top of an operating system. Setting that up implies long hours of installation, dealing with package versions, configuration and troubleshooting. Many people are not willing or do not have the knowledge to accomplish this task, and I think it is a big reason why it is not that popular outside of the geek niche.

I thought it would help to facilitate already configured images to the public with Nextcloud included, so I automated the process. Let’s go for it!

In the last post we learned how to use qemu-pi.sh to launch Raspbian on a QEMU virtual machine. We will use this to automatically generate a Raspbian image with Nextcloud 12 installed.

I recommend to setup qemu-pi.sh to use a static MAC address so you can always get the same IP through DHCP after each reboot. This is important to automate the process, and for that reason it comes as the default configuration.

Write down the IP that your Raspbian gets from DHCP, and launch

git clone https://github.com/nextcloud/nextcloudpi.git cd nextcloudpi ./batch.sh 192.168.0.145 # change to your QEMU raspbian IP

This will get the code from github, and

Download latest Raspbian image.

Resize the partition.

Update the system.

Install Apache with HTTP2, PHP7, Mariadb and all that is needed to run Nextcloud.

Install Nextcloud.

Configure the system.

You can use your own image by setting DOWNLOAD=0 at the top of the script. You can also choose between Raspbian or Raspbian Lite by setting the IMG variable. See the code for details.

At the end of the process you end up with an image that you can write on an SD card and use on your Raspberry Pi.

The good thing about this method is that it is an automated process, so we can easily produce newer versions as Raspbian, Apache and Nextcloud receive updates.

Also note that you can change the following parameters at the top of install-nextcloud.sh

ADMINUSER=admin DBADMIN=ncadmin DBPASSWD=ownyourbits MAX_FILESIZE=1G

This was tested on Raspberry Pi 2 and Raspberry Pi 3.

Screenshots

The basic configuration and optimizations are already in place, so there are no warnings on the Admin section. We can see that we are using the recommended cron method.

Also, you can see the default maximum upload size to a sane value of 1G by default. PHP operations time out at one hour. This is important to allow for long uploads and downloads for big files or slow connections.

In order to test that you are using HTTP2, look for X-Firefox-Spdy: h2 in the network tab.

PHP configuration

If you have ever manually configured a Nextcloud instance, the auto-configuration parameters by default are equivalent to this

Code

#!/bin/bash # Nextcloud installation on Raspbian through SSH # Tested with 2017-01-11-raspbian-jessie.img (and lite) # # Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> # GPL licensed (see end of file) * Use at your own risk! # # Usage: # cat install-nextcloud.sh | sshpass -praspberry ssh pi@$IP # # Notes: # Upon each necessary restart, the system will cut the SSH session, therefore # it is required to save the state of the installation. See variable $STATE_FILE # It will be necessary to invoke this a number of times for a complete installation sudo su VER=11.0.1 ADMINUSER=admin DBADMIN=ncadmin DBPASSWD=ownyourbits MAX_FILESIZE=1G STATE_FILE=/home/pi/.installation_state set -x set -e test -f $STATE_FILE && STATE=$( cat $STATE_FILE 2>/dev/null ) if [ "$STATE" == "" ]; then # RESIZE IMAGE ########################################## SECTOR=$( fdisk -l /dev/sda | grep Linux | awk '{ print $2 }' ) set +e echo -e "d

2

n

p

2

$SECTOR



w

" | fdisk /dev/sda set -e echo 0 > $STATE_FILE reboot elif [ "$STATE" == "0" ]; then # UPDATE EVERYTHING ########################################## resize2fs /dev/sda2 apt-get update apt-get upgrade -y apt-get dist-upgrade -y apt-get autoremove echo 1 > $STATE_FILE reboot elif [ "$STATE" == "1" ]; then # GET STRETCH SOURCES FOR HTTP2 AND PHP7 ########################################## echo "deb http://mirrordirector.raspbian.org/raspbian/ stretch main contrib non-free rpi" >> /etc/apt/sources.list cat > /etc/apt/preferences <<EOF Package: * Pin: release n=jessie Pin-Priority: 600 EOF apt-get update # INSTALL FROM STRETCH ########################################## apt-get install -t stretch apache2 -y apt-get install -t stretch php7.0 php7.0-curl php7.0-gd php7.0-fpm php7.0-cli php7.0-opcache php7.0-mbstring php7.0-xml php7.0-zip -y apt-get install php7.0-APC -y apt-get install libxml2-dev php-zip php-dom php-xmlwriter php-xmlreader php-gd php-curl php-mbstring -y debconf-set-selections <<< "mariadb-server-5.5 mysql-server/root_password password $DBPASSWD" debconf-set-selections <<< "mariadb-server-5.5 mysql-server/root_password_again password $DBPASSWD" apt-get install mariadb-server php7.0-mysql -y # CONFIGURE APACHE AND PHP7 ########################################## cat >/etc/apache2/conf-available/http2.conf <<EOF Protocols h2 h2c http/1.1 H2Push on H2PushPriority * after H2PushPriority text/css before H2PushPriority image/jpeg after 32 H2PushPriority image/png after 32 H2PushPriority application/javascript interleaved SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite 'EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS' EOF cat >> /etc/apache2/apache2.conf <<EOF <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" </IfModule> EOF cat > /etc/php/7.0/mods-available/apcu.ini <<EOF extension=apcu.so apc.enable_cli=0 apc.shm_size=256M apc.ttl=7200 apc.gc_ttl=3600 apc.entries_hint=4096 apc.slam_defense=1 apc.serializer=igbinary EOF cat > /etc/php/7.0/mods-available/opcache.ini <<EOF zend_extension=opcache.so opcache.file_cache=/var/www/nextcloud/.opcache; opcache.fast_shutdown=1 EOF a2enmod http2 a2enconf http2 a2enmod proxy_fcgi setenvif a2enconf php7.0-fpm a2enmod rewrite a2enmod headers a2enmod env a2enmod dir a2enmod mime a2enmod ssl a2ensite default-ssl # INSTALL NEXTCLOUD ########################################## cd /var/www/ wget https://download.nextcloud.com/server/releases/nextcloud-$VER.tar.bz2 -O nextcloud.tar.bz2 tar -xvf nextcloud.tar.bz2 rm nextcloud.tar.bz2 mkdir /var/log/nextcloud mkdir /var/www/nextcloud/.opcache ocpath='/var/www/nextcloud' htuser='www-data' htgroup='www-data' rootuser='root' printf "Creating possible missing Directories

" mkdir -p $ocpath/data mkdir -p $ocpath/updater printf "chmod Files and Directories

" find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640 find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750 printf "chown Directories

" chown -R ${rootuser}:${htgroup} ${ocpath}/ chown -R ${htuser}:${htgroup} ${ocpath}/apps/ chown -R ${htuser}:${htgroup} ${ocpath}/config/ chown -R ${htuser}:${htgroup} ${ocpath}/data/ chown -R ${htuser}:${htgroup} ${ocpath}/themes/ chown -R ${htuser}:${htgroup} ${ocpath}/updater/ chown -R ${htuser}:${htgroup} ${ocpath}/.opcache/ chmod +x ${ocpath}/occ printf "chmod/chown .htaccess

" if [ -f ${ocpath}/.htaccess ] then chmod 0644 ${ocpath}/.htaccess chown ${rootuser}:${htgroup} ${ocpath}/.htaccess fi if [ -f ${ocpath}/data/.htaccess ] then chmod 0644 ${ocpath}/data/.htaccess chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess fi cat > /etc/apache2/sites-available/nextcloud.conf <<EOF Alias /nextcloud "/var/www/nextcloud/" CustomLog /var/log/nextcloud/access.log combined ErrorLog /var/log/nextcloud/error.log <Directory /var/www/nextcloud/> Options +FollowSymlinks AllowOverride All <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /var/www/nextcloud SetEnv HTTP_HOME /var/www/nextcloud </Directory> EOF a2ensite nextcloud mysql -u root -p$DBPASSWD <<EOF CREATE DATABASE nextcloud; CREATE USER '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD'; GRANT ALL PRIVILEGES ON nextcloud.* TO $DBADMIN@localhost; EXIT EOF # CONFIGURE NEXTCLOUD ########################################## cd /var/www/nextcloud/ sudo -u www-data php occ maintenance:install --database \ "mysql" --database-name "nextcloud" --database-user "$DBADMIN" --database-pass \ "$DBPASSWD" --admin-user "$ADMINUSER" --admin-pass "$DBPASSWD" sudo -u www-data php occ background:cron sed -i '$s=^.*$= '\''memcache.local'\'' \=> '\''\\OC\\Memcache\\APCu'\'',

);=' /var/www/nextcloud/config/config.php sed -i "s/post_max_size=.*/post_max_size=$MAX_FILESIZE/" /var/www/nextcloud/.user.ini sed -i "s/post_max_size=.*/upload_max_filesize=$MAX_FILESIZE/" /var/www/nextcloud/.user.ini sed -i "s/post_max_size=.*/post_max_size=$MAX_FILESIZE/" /var/www/nextcloud/.htaccess sed -i "s/post_max_size=.*/upload_max_filesize=$MAX_FILESIZE/" /var/www/nextcloud/.htaccess cat >> /var/www/nextcloud/.htaccess <<EOF <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/nextcloud/$1 [R,L] </IfModule> EOF echo "*/15 * * * * php -f /var/www/nextcloud/cron.php" > /tmp/crontab_http crontab -u www-data /tmp/crontab_http rm /tmp/crontab_http cat > /usr/local/bin/nextcloud-domain.sh <<'EOF' #!/bin/bash IFACE=$( ip r | grep "default via" | awk '{ print $5 }' ) IP=$( ip a | grep "global $IFACE" | grep -oP '\d{1,3}(.\d{1,3}){3}' | head -1 ) cd /var/www/nextcloud sudo -u www-data php occ config:system:set trusted_domains 1 --value=$IP EOF mkdir -p /usr/lib/systemd/system cat > /usr/lib/systemd/system/nextcloud-domain.service <<'EOF' [Unit] Description=Register Current IP as Nextcloud trusted domain Requires=network.target After=mysql.service [Service] ExecStart=/bin/bash /usr/local/bin/nextcloud-domain.sh [Install] WantedBy=multi-user.target EOF systemctl enable nextcloud-domain # CLEANUP ########################################## apt-get autoremove -y apt-get clean rm /var/lib/apt/lists/* -r rm $STATE_FILE halt fi # License # # This script is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This script is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this script; if not, write to the # Free Software Foundation, Inc., 59 Temple Place, Suite 330, # Boston, MA 02111-1307 USA

#!/bin/bash # Nextcloud installation on QEMU emulated Raspbian image # Tested with 2017-01-11-raspbian-jessie.img (and lite) # # Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> # GPL licensed (see end of file) * Use at your own risk! # # Usage: # ./install-nextcloud.sh <IP> # Use the IP of your running QEMU Raspbian image # # Notes: # Set DOWNLOAD=0 if you have already downloaded an image. Rename it to nextcloudpi.img IP=$1 # First argument is the QEMU Raspbian IP address DOWNLOAD=1 # Download the latest image EXTRACT=1 # Extract the image from zip, so start from 0 #IMG=raspbian_latest IMG=raspbian_lite_latest INSTALL_SCRIPT=nextcloud.sh IMGFILE="NextCloudPi_$( date "+%m-%d-%y" ).img-stage0" IMGOUT="NextCloudPi_$( date "+%m-%d-%y" ).img" source library.sh [[ "$DOWNLOAD" == "1" ]] && { wget https://downloads.raspberrypi.org/$IMG -O $IMG.zip || exit; } [[ "$DOWNLOAD" == "1" ]] || [[ "$EXTRACT" == "1" ]] && { unzip $IMG.zip && \ mv *-raspbian-*.img $IMGFILE && \ qemu-img resize $IMGFILE +1G || exit } launch_install_qemu $INSTALL_SCRIPT $IMGFILE $IP || exit pack_image $IMGFILE $IMGOUT # License # # This script is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This script is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this script; if not, write to the # Free Software Foundation, Inc., 59 Temple Place, Suite 330, # Boston, MA 02111-1307 USA

github

References

https://docs.nextcloud.com/server/11/admin_manual/contents.html

https://www.raspberrypi.org/forums/viewtopic.php?f=36&t=160874