User:Pineadmin/OpenMediaVault

From PINE64
Revision as of 08:51, 22 January 2018 by Pineadmin (talk | contribs)
Jump to navigation Jump to search

Please go through the OpenMediaVault Basic Setup and all following chapters about other OpenMediaVault features below it before proceed to the more advance setup below.


Dynamic DNS

[YOU CAN SKIP THIS IF YOU ARE USING STATIC IP ON YOUR INTERNET WAN OR YOU ALREADY KNOW HOW TO SETUP DYNAMIC DNS ON YOUR INTERNET MODEM/ROUTER]

1. SSH to the device

2. # apt-get install ddclient  (no-ip.com example)

Dynamic DNS service provider: other
Dynamic DNS server: dynupdate.no-ip.com
Dynamic DNS update protocol: dyndns2
Username for dynamic DNS service: <<<USERNAME/EMAIL>>>
Password for dynamic DNS service: <<<PASSWORD>>>
Re-enter password to verify: <<<PASSWORD>>>
Network interface used for dynamic DNS service: web
DynDNS fully qualified domain names: <<<CNAME>>>.ddns.net
Run ddclient on PPP connect? No
Run ddclient as daemon? Yes
Interval between ddclient runs: 300

# dpkg-reconfigure ddclient  (To Re-run configuration wizard above)

3. # vi /etc/ddclient.conf

Change: use=if, if=web
To:     use=web, web=checkip.dyndns.com, web-skip='Current IP Address'

##########
protocol=dyndns2
use=web, web=checkip.dyndns.com, web-skip='Current IP Address'
server=dynupdate.no-ip.com
login=<<<USERNAME/EMAIL>>>
password='<<<PASSWORD>>>'
<<<CNAME>>>.ddns.net
##########

4. # systemctl restart ddclient  (Restart ddclient after changed in configuration)

5. Diagnostics:

# ddclient -daemon=0 -debug -verbose -noquiet
# systemctl status ddclient


NextCloud

Reference: https://forum.openmediavault.org/index.php/Thread/17738-NextCloud-Installation/

1. SSH to the device

# apt-get update
# apt-get upgrade
   - Configuring openmediavault -> Press [Tab] -> Press [Enter] on Ok
# apt-get install php5-curl php5-gd

2. Create the Shared Folders for all your Nginx's web pages
    - Name: www
    - Path: www/
    - Click on the ACL
      - User/Groups permissions: Tick Read/Write for both www-data user and group
      - Set Owner / Group to Read/Write/Execute and Others to None

3. Create the sub shared folder for your NextCloud web pages
    - Name: nextcloud
    - Path: www/nextcloud
    - Click on the ACL
      - User/Groups permissions: Tick Read/Write for both www-data user and group
      - Set Owner / Group to Read/Write/Execute and Others to None

4. Go to System -> Plugins -> Tick openmediavault-nginx -> Install

5. Services -> Nginx -> Settings -> Enable -> Save -> Apply

6. Services -> Nginx -> Pools -> Add
    - Name: pool_nextcloud
    - User: www-data
    - Group: www-data
    - Extra options: <<<Copy Texts In Between ########## Below>>>

##########
clear_env = no
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
##########

    - Save -> Apply

7. Services -> Nginx -> Servers -> Add
    - General
       - Directory: nextcloud
    - SSL
       - Enable SSL: Enable
       - Port: 91
       - Certificate: <<<Select Created SSL Certificate>>>
          - System -> Certificates -> SSL -> Add -> Create (Set longer "Period of validity" if you do not want to renew the certificate too frequently) -> Save -> Apply
       - Only use SSL: Enable
    - PHP
       - Enable PHP: Enable
       - PHP-FPM Pool: pool_nextcloud
    - Extra options: <<<Copy Texts In Between ########## Below>>>

##########
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

location = /robots.txt {
log_not_found off;
allow all;
access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}

location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}

# set max upload size
client_max_body_size 50G;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass $socket;
fastcgi_intercept_errors on;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}

location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
##########

8. Go to System -> Plugins -> Tick openmediavault-mysql -> Install

9. Services -> MySQL -> Enable -> Save -> Apply
                      -> Reset Password

10. Go to https://nextcloud.com/ -> Download -> Get Nextcloud Server -> Download -> Web Installer (Bottom Tab) -> Download setup-nextcloud.php to your PC

11. Use FTP/SAMBA/etc to transfer setup-nextcloud.php to www/nextcloud/

12. Go to https://<<<DEVICE_IP>>>:91/setup-nextcloud.php
     - Please add exception for the self-signed certificate if your browser prompt you to do so
     - Next
     - Dependency check: Enter a single "." -> Next
     - Wait until: 504 Gateway Time-out

13. Go to https://<<<DEVICE_IP>>>:91/  (Retry again if you get 404)
     - Click on Storage & database -> MySQL/MariaDB
        - Database user: root
        - Database password: <<<Password Reset On Step #10>>>
        - Database name: nextcloud
        - Database host: localhost
     - Finish setup

14. Services -> Nginx -> Servers -> Edit
     - PHP -> Default config: Disable

15. Go to https://<<<DEVICE_IP>>>:91/

16. If installation failed on step #12 onwards:
     - Remove all the folders/files/hidden files in www/nextcloud/* through FTP/SAMBA/etc (Note that, removing 13,000+ files may take a while)
     - Services -> MySQL -> SQL management site -> Enable -> Save -> Apply -> Show
        - Tools -> Database Manager -> tick "nextcloud" and "DROP selected databases" -> Submit
     - Start over again from step #12

17. Setup the Dynamic DNS if you need to access your NextCloud through internet. Then, on your internet modem/router: Port Forward to the device with port 91