Linux - instalace a nastavení Nextcloud s Nginx a PostgreSQL + HTTPS Lets Encrypt

Modelová situace: Máme Linux server a chceme na něm nainstalovat a zprovoznit vlastní Nextcloud server, který poběží na webserveru Nginx s databázovým serverem PostgreSQL. Dále požadajeme nastavit HTTPS protokol, kdy vygenerujeme certifikáty pomocí certbotu pro Lets Encrypt.

ODPOVĚĎ

Předchozí díly dotazů na Nginx:
1.) Linux - instalace a nastavení Nginx, PHP a MySQL (LEMP)
2.) Linux - instalace a nastavení Nginx, PostgreSQL a phpPgAdmin

Toto je pokračování kdy nastavíme Nextcloud server běžící na Nginx a PostgreSQL + HTTPS Lets Encrypt

#založení uživatele nextcloud do PostgreSQL
sudo -i -u postgres
createuser --interactive -P nextcloud
heslo
n
y
n

#založení databáze nextcloud do PostgreSQL pro uživatele nextcloud
createdb -O nextcloud nextcloud

#založit nginx virtualhost nextcloud na portu 80
vim /etc/nginx/sites-available/nextcloud.conf

upstream php-handler {
server unix:/var/run/php/php7.2-fpm.sock;
}

server {
listen 80;
listen [::]:80;
server_name cloud.cloud.up4.cz;

add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;

fastcgi_hide_header X-Powered-By;

root /var/www/nextcloud;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}

client_max_body_size 512M;
fastcgi_buffers 64 4K;

gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

location / {
rewrite ^ /index.php;
}

location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}

location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}

location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;

access_log off;
}

location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
access_log off;
}
}

ln -s /etc/nginx/sites-available/nextcloud.conf /etc/nginx/sites-enabled/
#reload nginx konfigurace
systemctl reload nginx

#https lets encrypt cert pro doménu cloud.cloud.up4.cz
apt install certbot python3-certbot-nginx
certbot --nginx -d cloud.cloud.up4.cz

#stáhnout nextcloud server
data umístit do /var/www/nextcloud

#změnit práva
chown www-data:www-data -R /var/www/nextcloud

#provést instalaci nextcloud přes web browser
https:// c l o u d .cloud.up4.cz

Možné chyby:

#Nextcloud Internal Server Error

Internal Server Error
The server was unable to complete your request.
If this happens again, please send the technical details below to the server administrator.
More details can be found in the server log.
Technical details
Remote Address: 192.168.3.200
Request ID: t6KcLCEp6JHHKgzLqOqh

#opravit oprávnění
chown www-data:www-data -R /var/www/nextcloud


#Nextcloud Access through untrusted domain

Access through untrusted domain
Please contact your administrator. If you are an administrator, edit the "trusted_domains" setting in config/config.php like the example in config.sample.php.

#oprava
vim /var/www/nextcloud/config/config.php

'trusted_domains' =>
array (
0 => 'cloud.cloud.up4.cz',
1 => '192.168.3.200'
)

#PHP module not installed

PHP module zip not installed.
Please ask your server administrator to install the module.
PHP module dom not installed.
PHP module XMLWriter not installed.
PHP module XMLReader not installed.
PHP module libxml not installed.
PHP module mbstring not installed.
PHP module GD not installed.
PHP module SimpleXML not installed.
PHP module cURL not installed.
PHP modules have been installed, but they are still listed as missing?

#doinstalovat PHP moduly (balíčky)
apt install php7.3-zip php7.3-xml php7.3-mbstring php7.3-curl php7.3-gd