Categories
Business Freedom and Privacy Nextcloud Technology Tutorial Ubuntu

Installing Nextcloud on Digital Ocean Ubuntu Server Droplet

Disclaimer: As always, my blogs are not supposed to be a well-written piece of technical literature but instead a better-than-crap version of a messy notepad. I hope it’s clear enough to help someone other than myself but I always check them to make sure at least I can understand it, ha.

It seems that there is a nice blog written and that Nextcloud (NC) is also a ‘snap’ to install on a server.

At some point in the process of learning this I assumed you had to install either NGINX or APACHE2 but, apparently it comes packaged with Apache and no one told me. So good news. Now you know. The other cool thing I learned is that it comes with its own LetsEncrypt easy-installer thing…

I noticed the blog starts by assuming you know how to create a sudo user and do your firewall stuff but let’s not assume that because probably there are others out there like me. Thankfully I’ve already written this for myself elsewhere so I’ll be able to paste those instructions right in this instructional as the first few “Big Steps”.

I will follow this nice blog

Any time you see ‘123.123.123.123’ this is your IP address for your server. Replace it with your actual one, of course.

You should also have a nice password manager set up to save yourself much time and pain as you learn. I recommend keepasxc

Let’s get started

Big Step 1 – Set up the Digital Ocean Droplet

  1. Make sure you already have a domain purchased and reserved for your needs. This is optional but I will assume you’re doing this for tutorial.
  2. Initiate your server / droplet
    I won’t give detailed instructions here because there is lots of documentation out there. I selected one with 2GB of ram (at time of writing it’s $10.00 uSD /month for this) only because the teacher recommended it. I didn’t research hardware specs and what I should do. Your needs may be different. I know using Nextcloud Talk uses a bit of RAM but not sure how much for a large conference.. worth investigating perhaps? I might also recommend calling your subdomain ‘nc’ instead of ‘files’ like I did in my example since you might do much more than ‘files’ with NC. “office.domain” or ‘nc.domain’ or ‘cloud.domain’ might make more sense?
  3. In your domain registrar, point your domain to your server’s name host. In my case it will be digital ocean’s which I will pull from the ‘networking’ section after adding the domain to Digital Ocean. In my case I already had a test domain setup, so what I did was set up a subdomain called “files.domain.com”. The reason you want to do this right away is because
  4. Set up your SSH keys
    Before you install the droplet, make sure your SSH keys are set up properly because you are going to use them a lot in the terminal. Here is some ssh tutorial. Note that it’s a little hard for me to find SSH stuff in the DO backend so for the records it’s at settings / security and then a tab (I think…). If you already have a DO space and SSH keys setup, you are already ready and can use those keys again.
  5. SSH into your new server
    ssh root@123.123.123.123

Note 1: Normally at this point when I install a server I do the usual sudo apt update and sudo apt upgrade but the main install script for Postal does this for you it seems.

But… you don’t have a sudo user yet so here you go:

Big Step 2 – Make a sudo (non-root super user) user

Set up a non-root user account on the server
This is a nice detailed tutorial on this if you’d like here.

Otherwise, this summaries it:

  • Log into the server as root: ssh root@123.123.123.123
  • Make sysadmin user (you can name it what you’d like and don’t have to use ‘sysadmin’): adduser sysadmin and follow the prompts (should be password prompt and then a few questions)
  • Add new user to the sudo list: sudo usermod -aG sudo sysadmin
  • Switch to new sysadmin user: su sysadmin
  • (Optional) Test the new-found powers by running this and then cancelling: sudo dpkg-reconfigure tzdata
  • If this last part worked (and conveniently also set up your time stuff!) then you should be good to move forward with your new non-root user.

Helpful note
If you find you are not getting prompted for the questions after running the adduser command, it might be because you accidentally ran useradd command like me… weird how it works both ways…

From here, follow this blog again and make sure you follow his exact firewall rules. The SSH is already done but the rest seem to be an updated way of doing it, and when I was trying the older way I had nothing but headaches.

I would add these notes to go with the end of his blog where he is talking about checking the non-root user. This is how I had to think about it:

  • To be sure non-root user is working before logging out as root, open new terminal window (so both are open)
  • Try to log in with your new non-root user with ssh sysadmin@123.123.123.123
  • If successful, log out of your root user and continue and you can close the original root terminal window

Big Step 3 – Checking the Ports

Just before beginning the install of Nextcloud via snap, just take a minute to check your ports. I wasted the good part of a day over this.

Before moving on, take a moment to check your ports with a website like this and make sure at least 443 and 80 are open for all the domains you have set up for this box and also the IP address.

Big Step 4 – Follow the Nextcloud Install blog!

Thankfully the same author as the blog above also wrote a blog on how to install the Nextcloud snap. I tried other blogs but they were all dying and I think it’s because something has changed between ubuntu 18.04 and 20.04… not sure, but this nextcloud setup blog was the only one that worked for me.

Some of my notes to go with his great blog:

  • I liked the idea of using a command line to covertly create the user / pass for master admin account, rather than exposing that to the internet and hope no one lands there before you do. It shows that all you have to do is run this:

sudo nextcloud.manual-install <username> <password>
for example
sudo nextcloud.manual-install sammy password

However, when I ran it it hung and never finished:

sysadmin@files:/root$ sudo nextcloud.manual-install sammy password
>

Well, it turns out there must have been something ‘weird’ with the auto-generated password I had. It was loaded with special characters so perhaps one of those characters was not acceptable to the NC database? Not sure, but after I removed special characters from the password (not advised!) it worked fine with the syntax above.

Otherwise, you can go to the non-https web page and configure the admin account yourself via the gui.

Note this: Another way to deal with trusted_domains list

I would also add these notes to go with the ‘trusted_domains’ conversation in the blog. This was a bit new to me and caused me a few headaches over the last few weeks so I wanted to leave a record of ‘another way’ to deal with them.

I was greeted with this issue which i needed to solve.

The blog above has the very simple-looking command to add trusted domains to a list that will allow access to the nextcloud instance. The command is as follows:

sudo nextcloud.occ config:system:set trusted_domains 1 --value=example.com

What was not taught here is what’s going on though. the 1 is the array number that gets logged in a php file somewhere in Whoknowswhereville, USA, so for each one that you add (ie www, ip address, main domain, etc,) be sure to incremement it by one.

The defaul 0 will be ‘localhost’ so start with 1 and work up from there. Note also that you must have all the spaces verbatim. If you don’t have a space after the trusted_domains and after the 1, for example, you’ll have to sudo nano edit your mistake out, ha. So choose your poison. I find the sudo nano method below just as easy now that I know how to do it but I think the this one line command is great too if you are slow and steady.

Without further adoo, if you goof up a trusted_domain entry, you can manually edit the whole thing in the php array.

It took me a while, but I finally found it here:

cd /var/snap/nextcloud/current/nextcloud/config

The file is called ‘config.php’ and to edit it you can just do this and scroll down to the ‘trusted_domains’ array and type them in following the local host example:

sudo nano /var/snap/nextcloud/current/nextcloud/config/config.php

After adding the trusted_domains, I was able to access my NC instance.

Big Step 5 – Secure up the traffic with LetsEncrypt!

Make sure your firewall stuff is done – hint.

Here’s a key lesson: this bad boy doesn’t work with ‘regular lets encrypt’ installation method so if you are in the habit of installing them, slow down and stop. This is the command for installing it with the NC snap:

sudo nextcloud.enable-https lets-encrypt

This was thanks to the blog

But before you actually run that command above, let’s revert back to our friend’s blog above and open up the necessary ports:

sudo ufw allow 80,443/tcp

now go ahead and run the let’s encrypt command above and follow along in the blog to make sure you’re doing it right.

Did you get a failed letsencrypt attempt like I did one time? With a message like this?

To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

If so, you probably have a closed port. See my warnings above.

Big Step 6 – Enjoy

Probably there are some great blogs out there for actually using NC but at least now you can go to your domain and get started.

Have a nice day!

Categories
Nextcloud Technology Tutorial

Fixing My Dead Nextcloudpi box in three simple steps

My nextcloudpi box was kicking back errors and wouldn’t start. It was in a degraded state. I then learned about systemctl --failed command which showed something wrong with certbot. Thankfully I already knew that was related to LetsEncrypt.

I realized that it was trying to renew two domains that weren’t there and were expired and would be unable to renew anyway even if they tried so… not sure why they were there in the first place other than perhaps some testing I did a long time ago? So I wanted to remove them completely to rule them out so here are the instructions for anyone else trying the same thing on Nextcloudpi or another server with ‘random letsencrypt domains’

Part 1 – Removing Random LetsEncrypt Domains and Certificates

Should be as simple as running these commands and replacing yourdomain.com with your domain verbatim.

  1. sudo rm -rf /etc/letsencrypt/archive/yourdomain.com
  2. sudo rm -rf /etc/letsencrypt/live/yourdomain.com
  3. sudo rm -rf /etc/letsencrypt/renewal/yourdomain.com.conf

Part 2 – Disabling the Deleted Site from Apache’s Reach

After doing Part 1 above and removing these random domains that should not have been there I ran sudo systemctl restart certbot.service to restart the certbot service. This seemed to work now. However, when I ran sudo systemctl status it still did not show a green light.

After digging deeper by running a sudo journalctl -xe command the log showed here was a syntax error in /etc/apache2/sites-enabled/000-default.conf. After going to line 43 I realized that it was trying to run one of the domains I had deleted in Part 1 above. Thankfully I already knew how to enable and disable apache sites.

to do that I did:

sudo a2dissite 000-default.conf

Then I did a:

sudo systemctl restart apache2.service

Then I did another check on services:

sudo systemctl status

Nice, the apache stuff now seems fixed but…

Part 3 – Fixing some Wifi-Country.service Error Thing

I still have another error which the system seems not willing to go around! Why? Why me? haha

wifi-country.service loaded failed failed Disable WiFi if country not set

So then I found this blog where i pasted the following to the bottom of the file

country=CA
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
ssid="testing"
psk="testingPassword"

Full disclaimer: I have absolutely no idea what this stuff above does, so yeah – copy and paste at your own risk like I did!

There weren’t any instructions to restart a service which I expected. And, as expect, it was still dead. Thankfully my guess was correct and there should have been a service restart command as follows:

sudo systemctl restart wifi-country.service

That seemed to work…

Then I ran sudo systemctl status and everything looked running. Yay!

Then BOOM! System back. Nextcloudpi started syncing again.

I have no idea why things went bad but it’s a good day when you can fix it indeed! Usually doesn’t go this well for me but I guess I”m learning a few things so let’s keep suffering for growth shall we?

Have a good day!