Difference between revisions of "User:Pineadmin/OpenMediaVault"

From PINE64
Jump to navigation Jump to search
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
'''<span style="color:#FF0000">If you are dealing with confidential files transfer/sharing, please make sure your setup is secured with long and hard to guess random password or PKI keys. Make sure you use DUMMY folders/files for testing first to get yourself familiar and comfortable with the settings.</span>'''
Please go through the [http://files.syabas.com/popcornhour/download/PopcornHourTransformerNAS_UserManual-20180122.pdf OpenMediaVault Basic Setup and all following chapters about OpenMediaVault] before proceed to the more advance setup below.
 
 
== Basic Setup ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. After boot, if the IP Address not showing on the HDMI output, you need to find the IP Address of the device with tools (e.g. [https://www.softperfect.com/products/networkscanner/ netscan]) (hostname: ROCK64, PINE64, PINE64SO)
 
2. Use the IP Address on PC browser to login to the Web Admin Pages: admin / openmediavault
    - Remember to change the default password: System -> General Settings -> Web Administrator Password (PLEASE REMEMBER YOUR NEW PASSWORD BECAUSE ONCE YOU HAVE SAVED IT, YOU WILL NOT ABLE TO USE THE OLD DEFAULT PASSWORD ANYMORE)
 
3. You may want to use Static IP for easy access in future: System -> Network -> Interfaces -> Edit or Add(Ethernet)
 
4. To setup secure https for Web Admin Pages:
    - System -> Certificates -> SSL -> Add -> Create (Set longer "Period of validity" if you do not want to renew the certificate too frequently) -> Save -> Apply
    - System -> General Settings -> Web Administration -> Secure connection
      - Enable SSL/TLS: Enable
      - Certificate: <<<Select Created SSL Certificate>>>
      - Port: 443
      - Force SSL/TLS: Enable
    - Please add exception for this self-signed certificate if your browser prompt you to do so (NOTE THAT, SELF-SIGNED CERTIFICATE HAS DISADVANTAGES, PLEASE BE AWARE OF ITS LIMITATION)
 
5. Setup the [[#Dynamic DNS|Dynamic DNS]] if you need to access the Web Admin Pages through internet. Then, on your internet modem/router: Port Forward to the slave/destination device with port 80(http) or 443(https)
</pre>
 
 
== Shared Folders ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Plug Hard Drive
 
2. Go to Storage -> Physical Disks -> Scan
    - If you want to remove everything on your disk, you can use the "Wipe" button (PLEASE NOTE THAT THIS WILL FORMAT THE STORAGE DEVICE. ALL FILES ON THE STORAGE DEVICE WILL BE ERASED AND WILL BECOME UNRECOVERABLE)
      - Before that, make sure the disk file systems are all "Storage -> File Systems -> Unmount" first
      - After Wipe, use the "Storage -> File Systems -> Create" to create the new partition
          - Some of the operations or features on OpenMediaVault may not work well with some file systems (e.g. FAT/FAT32/NTFS) because of specific folders/files permission settings requirement problem, so EXT4 can be of better choice
 
3. Go to Storage -> File Systems -> select the Partition to mount -> Mount -> Apply
    - On the technical side, the partition will be mounted under /srv/...
 
4. Access Right Management -> User -> Add (Make sure it is under "users" Group)
 
5. Access Right Management -> Shared Folders -> Add
    - You should add the shared folder starting from the root directory of your disk before you add the subfolder as shared folder. Because if you are trying to access to the subfolder directly, you may not able to get pass the parent folder permission. So your permission/privileges/ACL should also be set starting from the root folder
 
    - Select newly added Shared Folder -> Privileges -> tick Read/Write for your user -> Save -> Apply
    - Select newly added Shared Folder -> ACL (for ext3/ext4 filesystem)
      - Tick Read/Write for your user in User/Groups permissions
      - Set Owner / Group to Read/Write/Execute and Others to None
      - Enable Recursive
      - Save -> Close
</pre>
 
 
== FTP ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" and "[[#Shared Folders|Shared Folders]]" above
 
2. Services -> FTP -> Settings -> Enable -> Save -> Apply
                  -> Shares -> Add -> Apply
 
If you constantly hit by "Permission denied", then you may consider a less secure solution: Services -> FTP -> Settings -> Permit root login (enable)
This may happen when your hard drive is using FAT/FAT32 file system where permission cannot be set and after a reboot, the default read only permission is used
</pre>
 
 
== SAMBA (Windows Share) ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" and "[[#Shared Folders|Shared Folders]]" above
 
2. Services -> SMB/CIFS -> Settings -> Enable -> Save -> Apply
                        -> Shares -> Add -> Apply
</pre>
 
 
== NFS ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" and "[[#Shared Folders|Shared Folders]]" above
 
2. Services -> NFS -> Settings -> Enable -> Save -> Apply
                  -> Shares -> Add -> Apply
 
Some of the NFS clients (e.g. Kodi/XBMC) required insecure NFS, please change the "secure" to "insecure" in the "Extra options" field
</pre>
 
 
== Rsync (Clone/Backup) ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
You required 2 devices (e.g. 2 ROCK64, PINE64, SOPINE or etc) to Clone/Backup from master to slave or bidirectional
 
1. Go through the "[[#Basic_Setup|Basic Setup]]" and "[[#Shared Folders|Shared Folders]]" above
 
2. [On slave/destination device]
    Services -> Rsync -> Server -> Settings -> Enable -> Save -> Apply
                                -> Modules -> Add -> General
    - Make sure to choose correct "User"
    - Enable "Authenticate users"
    - Fill in "Hosts allow" for more security
                                                  -> User -> Add
 
3. Services -> Rsync -> Jobs -> Add (Type: Remote, Mode: Push, Destination server: [USER]@[HOST]::[Rsync Server Module Name])
    - [HOST] can be <<<CNAME>>>.ddns.net for [[#Dynamic DNS|Dynamic DNS]]
    - For testing: select Job -> Run
    - For bidirectional Rsync: Add another Job to Pull from slave/destination device (Don't enable Delete because deleted file/folder may be copied over again)
 
4. Diagnostics -> System Logs
 
5. Setup the [[#Dynamic DNS|Dynamic DNS]] if you need to rsync clone/backup through internet. Then, on your internet modem/router: Port Forward to the slave/destination device with port 873
</pre>
 
 
== SSH ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" above
 
2. Services -> SSH -> Permit root login (enable)  (Remember to always disable it back for security reason)
 
3. SSH to the device with Putty: root / openmediavault
    - Remember to change the default password (PLEASE REMEMBER YOUR NEW PASSWORD BECAUSE ONCE YOU HAVE SAVED IT, YOU WILL NOT ABLE TO USE THE OLD DEFAULT PASSWORD ANYMORE)
</pre>
 
 
== System Monitoring ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" above
 
2. System -> Monitoring -> Enable -> Save -> Apply
 
3. Diagnostics -> System Information -> Performance statistics
</pre>
 
 
== Notification ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" above
 
2. System -> Notification -> Settings
    - Enable
    - for GMAIL
      - SMTP server: smtp.gmail.com
      - SMTP port: 587
      - Use SSL/TLS secure connection: Enable
      - Sender email: <<<Your GMAIL Address>>>
      - Authentication required: Enable
      - Username: <<<Your GMAIL Address>>>
      - Password: <<<Your GMAIL Password>>>
      - Recipient: <<<Your Recipient Emails>>>
      - At your GMAIL account, you also need to enable: GMAIL -> Settings -> Accounts and Import -> Change account settings -> Other Google Account settings -> Sign-in & security -> Apps with account access -> Allow less secure apps: ON
    - Save -> Apply
    - Use "Send a test email" for testing
</pre>
 
 
== Wi-Fi ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" above
 
2. While Ethernet network cable is still plugged, plug in the USB Wi-Fi dongle ([https://www.cloudmedia.com/?product=usb-802-11bgn-rtl8188eu RTL8188EU]) and reboot the device
 
3. Login to the Web Admin Pages and go to System -> Network -> Interfaces -> Add(Wi-Fi)
    - General settings
      - Name: wlan0
    - Wi-Fi
      - SSID: <<<Your Wireless Router Wi-Fi SSID>>>
      - Password: <<<Your Wireless Router Wi-Fi Password>>>
    - IPv4
      - Method: DHCP
      - ...
 
4. Save -> Apply
 
5. Make sure your Ethernet network is set to DHCP: System  =>  Network  =>  Interfaces  =>  Select the Network Interface (e.g. eth0)  =>  Edit  =>  IPv4 Method (DHCP)  =>  Save  =>  Apply
    - It is normal that you may experience communication failure on the Control Panel because your Popcorn Hour Transformer NAS may had obtained a new DHCP IP Address
 
5. Unplug Ethernet network cable and reboot the device. Give it some time to detect the Ethernet network cable is unplugged. Finally, the Wi-Fi (e.g. wlan0) IP Address will be shown on your TV
 
6. If you wish to use static IP for your Wi-Fi, then go to: System  =>  Network  =>  Interfaces  =>  Select the Network Interface (e.g. wlan0)  =>  Edit
</pre>
 


== Dynamic DNS ==
== Dynamic DNS ==
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
[YOU CAN SKIP THIS IF YOU ARE USING STATIC IP ON YOUR INTERNET WAN OR YOU ALREADY KNOW HOW TO SETUP DYNAMIC DNS ON YOUR INTERNET MODEM/ROUTER]
[YOU CAN SKIP THIS IF YOU ARE USING STATIC IP ON YOUR INTERNET WAN OR YOU ALREADY KNOW HOW TO SETUP DYNAMIC DNS ON YOUR INTERNET MODEM/ROUTER]


1. Go through the "[[#Basic_Setup|Basic Setup]]" above
1. SSH to the device


2. [[#SSH|SSH]] to the device
2. # apt-get install ddclient  (no-ip.com example)
 
* Dynamic DNS service provider: other
3. # apt-get install ddclient  (no-ip.com example)
* Dynamic DNS server: dynupdate.no-ip.com
 
* Dynamic DNS update protocol: dyndns2
Dynamic DNS service provider: other
* Username for dynamic DNS service: <<<USERNAME/EMAIL>>>
Dynamic DNS server: dynupdate.no-ip.com
* Password for dynamic DNS service: <<<PASSWORD>>>
Dynamic DNS update protocol: dyndns2
* Re-enter password to verify: <<<PASSWORD>>>
Username for dynamic DNS service: <<<USERNAME/EMAIL>>>
* Network interface used for dynamic DNS service: web
Password for dynamic DNS service: <<<PASSWORD>>>
* DynDNS fully qualified domain names: <<<CNAME>>>.ddns.net
Re-enter password to verify: <<<PASSWORD>>>
* Run ddclient on PPP connect? No
Network interface used for dynamic DNS service: web
* Run ddclient as daemon? Yes
DynDNS fully qualified domain names: <<<CNAME>>>.ddns.net
* Interval between ddclient runs: 300
Run ddclient on PPP connect? No
Run ddclient as daemon? Yes
Interval between ddclient runs: 300


# dpkg-reconfigure ddclient  (To Re-run configuration wizard above)
# dpkg-reconfigure ddclient  (To Re-run configuration wizard above)


4. # vi /etc/ddclient.conf
3. # nano /etc/ddclient.conf


Change: use=if, if=web
Change: use=if, if=web
To:    use=web, web=checkip.dyndns.com, web-skip='Current IP Address'
To:    use=web, web=checkip.dyndns.com, web-skip='Current IP Address'


##########
##########
protocol=dyndns2
protocol=dyndns2
use=web, web=checkip.dyndns.com, web-skip='Current IP Address'
use=web, web=checkip.dyndns.com, web-skip='Current IP Address'
server=dynupdate.no-ip.com
server=dynupdate.no-ip.com
login=<<<USERNAME/EMAIL>>>
login=<<<USERNAME/EMAIL>>>
password='<<<PASSWORD>>>'
password='<<<PASSWORD>>>'
<<<CNAME>>>.ddns.net
<<<CNAME>>>.ddns.net
##########
##########


5. # systemctl restart ddclient (Restart ddclient after changed in configuration)
After edit, press [CTRL+x] =>  press [y]  =>  press [Enter] to exit


6. Diagnostics:
4. # systemctl restart ddclient  (Restart ddclient after changed in configuration)
 
5. Diagnostics:


# ddclient -daemon=0 -debug -verbose -noquiet
# ddclient -daemon=0 -debug -verbose -noquiet
# systemctl status ddclient
# systemctl status ddclient
</pre>


== NextCloud ==
== NextCloud ==
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
Reference: https://forum.openmediavault.org/index.php/Thread/17738-NextCloud-Installation/
Reference: https://forum.openmediavault.org/index.php/Thread/17738-NextCloud-Installation/


1. Go through the "[[#Basic_Setup|Basic Setup]]" and "[[#Shared Folders|Shared Folders]]" above
1. SSH to the device
 
2. [[#SSH|SSH]] to the device


# apt-get update
# apt-get update
# apt-get upgrade
# apt-get upgrade
  - Configuring openmediavault -> Press [Tab] -> Press [Enter] on Ok
* Configuring openmediavault => Press [Tab] => Press [Enter] on Ok
# apt-get install php5-curl php5-gd
# apt-get install php5-curl php5-gd


3. Create the [[#Shared Folders|shared folder]] for all your Nginx's web pages
2. Create the Shared Folders for all your Nginx's web pages
    - Name: www
Name: www
    - Path: www/
Path: www/
    - Click on the ACL
Click on the ACL
      - User/Groups permissions: Tick Read/Write for both www-data user and group
** User/Groups permissions: Tick Read/Write for both www-data user and group
      - Set Owner / Group to Read/Write/Execute and Others to None
** Set Owner / Group to Read/Write/Execute and Others to None
 
4. Create the [[#Shared Folders|sub shared folder]] for your NextCloud web pages
    - Name: nextcloud
    - Path: www/nextcloud
    - Click on the ACL
      - User/Groups permissions: Tick Read/Write for both www-data user and group
      - Set Owner / Group to Read/Write/Execute and Others to None
 
5. Go to System -> Plugins -> Tick openmediavault-nginx -> Install
 
6. Services -> Nginx -> Settings -> Enable -> Save -> Apply
 
7. Services -> Nginx -> Pools -> Add
    - Name: pool_nextcloud
    - User: www-data
    - Group: www-data
    - Extra options: <<<Copy Texts In Between ########## Below>>>
 
##########
clear_env = no
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
##########
 
    - Save -> Apply
 
8. Services -> Nginx -> Servers -> Add
    - General
      - Directory: nextcloud
    - SSL
      - Enable SSL: Enable
      - Port: 91
      - Certificate: <<<Select Created SSL Certificate>>>
          - System -> Certificates -> SSL -> Add -> Create (Set longer "Period of validity" if you do not want to renew the certificate too frequently) -> Save -> Apply
      - Only use SSL: Enable
    - PHP
      - Enable PHP: Enable
      - PHP-FPM Pool: pool_nextcloud
    - Extra options: <<<Copy Texts In Between ########## Below>>>
 
##########
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
 
location = /robots.txt {
log_not_found off;
allow all;
access_log off;
}
 
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
 
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
 
# set max upload size
client_max_body_size 50G;
fastcgi_buffers 64 4K;
 
# Disable gzip to avoid the removal of the ETag header
gzip off;


# Uncomment if your server is build with the ngx_pagespeed module
3. Create the sub shared folder for your NextCloud web pages
# This module is currently not supported.
* Name: nextcloud
#pagespeed off;
* Path: www/nextcloud
* Click on the ACL
** User/Groups permissions: Tick Read/Write for both www-data user and group
** Set Owner / Group to Read/Write/Execute and Others to None


error_page 403 /core/templates/403.php;
4. Go to System  =>  Plugins  =>  Tick openmediavault-nginx  =>  Install
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}


location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
5. Services  =>  Nginx  =>  Settings  =>  Enable  =>  Save  =>  Apply
deny all;
}


location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
6. Services  =>  Nginx  =>  Pools  =>  Add
deny all;
* Name: pool_nextcloud
}
* User: www-data
* Group: www-data
* Extra options: <<<Copy Texts In Between ########## Below>>>


location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
##########
fastcgi_split_path_info ^(.+\.php)(/.*)$;
clear_env = no
include fastcgi_params;
env[HOSTNAME] = $HOSTNAME
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
env[PATH] = /usr/local/bin:/usr/bin:/bin
fastcgi_param PATH_INFO $fastcgi_path_info;
env[TMP] = /tmp
fastcgi_param HTTPS on;
env[TMPDIR] = /tmp
#Avoid sending the security headers twice
env[TEMP] = /tmp
fastcgi_param modHeadersAvailable true;
##########
fastcgi_param front_controller_active true;
fastcgi_pass $socket;
fastcgi_intercept_errors on;
}


location ~ ^/(?:updater|ocs-provider)(?:$|/) {
* Save  =>  Apply
try_files $uri/ =404;
index index.php;
}


# Adding the cache control header for js and css files
7. Services  =>  Nginx  =>  Servers  =>  Add
# Make sure it is BELOW the PHP block
* General
location ~* \.(?:css|js|woff|svg|gif)$ {
** Directory: nextcloud
try_files $uri /index.php$uri$is_args$args;
* SSL
add_header Cache-Control "public, max-age=7200";
** Enable SSL: Enable
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
** Port: 91
add_header X-Content-Type-Options nosniff;
** Certificate: <<<Select Created SSL Certificate>>>
add_header X-Frame-Options "SAMEORIGIN";
* System  =>  Certificates  =>  SSL  =>  Add  =>  Create (Set longer "Period of validity" if you do not want to renew the certificate too frequently)  =>  Save  =>  Apply
add_header X-XSS-Protection "1; mode=block";
** Only use SSL: Enable
add_header X-Robots-Tag none;
* PHP
add_header X-Download-Options noopen;
** Enable PHP: Enable
add_header X-Permitted-Cross-Domain-Policies none;
** PHP-FPM Pool: pool_nextcloud
# Optional: Don't log access to assets
* Extra options: <<<Copy Texts In Between ########## Below>>>
access_log off;
}


location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
##########
try_files $uri /index.php$uri$is_args$args;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
# Optional: Don't log access to other assets
add_header X-Content-Type-Options nosniff;
access_log off;
add_header X-Frame-Options "SAMEORIGIN";
}
add_header X-XSS-Protection "1; mode=block";
##########
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = /robots.txt {
log_not_found off;
allow all;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 50G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass $socket;
fastcgi_intercept_errors on;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
##########


9. Go to System -> Plugins -> Tick openmediavault-mysql -> Install
8. Go to System => Plugins => Tick openmediavault-mysql => Install


10. Services -> MySQL -> Enable -> Save -> Apply
9. Services => MySQL => Enable => Save => Apply => Reset Password
                      -> Reset Password


11. Go to https://nextcloud.com/ -> Download -> Get Nextcloud Server -> Download -> Web Installer (Bottom Tab) -> Download setup-nextcloud.php to your PC
10. Go to https://nextcloud.com/ => Download => Get Nextcloud Server => Download => Web Installer (Bottom Tab) => Download setup-nextcloud.php to your PC


12. Use [[#FTP|FTP]]/[[#SAMBA (Windows Share)|SAMBA]]/etc to transfer setup-nextcloud.php to www/nextcloud/
11. Use FTP/SAMBA/etc to transfer setup-nextcloud.php to www/nextcloud/


13. Go to https://<<<DEVICE_IP>>>:91/setup-nextcloud.php
12. Go to https://<<<DEVICE_IP>>>:91/setup-nextcloud.php
    - Please add exception for the self-signed certificate if your browser prompt you to do so
* Please add exception for the self-signed certificate if your browser prompt you to do so
    - Next
* Next
    - Dependency check: Enter a single "." -> Next
* Dependency check: Enter a single "." => Next
    - Wait until: 504 Gateway Time-out
* Wait until: 504 Gateway Time-out


14. Go to https://<<<DEVICE_IP>>>:91/  (Retry again if you get 404)
13. Go to https://<<<DEVICE_IP>>>:91/  (Retry again if you get 404)
    - Click on Storage & database -> MySQL/MariaDB
* Click on Storage & database => MySQL/MariaDB
        - Database user: root
** Database user: root
        - Database password: <<<Password Reset On Step #10>>>
** Database password: <<<Password Reset On Step #10>>>
        - Database name: nextcloud
** Database name: nextcloud
        - Database host: localhost
** Database host: localhost
    - Finish setup
* Finish setup


15. Services -> Nginx -> Servers -> Edit
14. Services => Nginx => Servers => Edit
    - PHP -> Default config: Disable
* PHP => Default config: Disable


16. Go to https://<<<DEVICE_IP>>>:91/
15. Go to https://<<<DEVICE_IP>>>:91/


17. If installation failed on step #12 onwards:
16. If installation failed on step #12 onwards:
    - Remove all the folders/files/hidden files in www/nextcloud/* through [[#FTP|FTP]]/[[#SAMBA (Windows Share)|SAMBA]]/etc (Note that, removing 13,000+ files may take a while)
* Remove all the folders/files/hidden files in www/nextcloud/* through FTP/SAMBA/etc (Note that, removing 13,000+ files may take a while)
    - Services -> MySQL -> SQL management site -> Enable -> Save -> Apply -> Show
** Services => MySQL => SQL management site => Enable => Save => Apply => Show
        - Tools -> Database Manager -> tick "nextcloud" and "DROP selected databases" -> Submit
* Tools => Database Manager => tick "nextcloud" and "DROP selected databases" => Submit
    - Start over again from step #12
** Start over again from step #12


18. Setup the [[#Dynamic DNS|Dynamic DNS]] if you need to access your NextCloud through internet. Then, on your internet modem/router: Port Forward to the device with port 91
17. Setup the [[#Dynamic DNS|Dynamic DNS]] if you need to access your NextCloud through internet. Then, on your internet modem/router: Port Forward to the device with port 91
</pre>

Revision as of 07:03, 17 October 2019

Please go through the OpenMediaVault Basic Setup and all following chapters about OpenMediaVault before proceed to the more advance setup below.

Dynamic DNS

[YOU CAN SKIP THIS IF YOU ARE USING STATIC IP ON YOUR INTERNET WAN OR YOU ALREADY KNOW HOW TO SETUP DYNAMIC DNS ON YOUR INTERNET MODEM/ROUTER]

1. SSH to the device

2. # apt-get install ddclient (no-ip.com example)

  • Dynamic DNS service provider: other
  • Dynamic DNS server: dynupdate.no-ip.com
  • Dynamic DNS update protocol: dyndns2
  • Username for dynamic DNS service: <<<USERNAME/EMAIL>>>
  • Password for dynamic DNS service: <<<PASSWORD>>>
  • Re-enter password to verify: <<<PASSWORD>>>
  • Network interface used for dynamic DNS service: web
  • DynDNS fully qualified domain names: <<<CNAME>>>.ddns.net
  • Run ddclient on PPP connect? No
  • Run ddclient as daemon? Yes
  • Interval between ddclient runs: 300
  1. dpkg-reconfigure ddclient (To Re-run configuration wizard above)

3. # nano /etc/ddclient.conf

Change: use=if, if=web To: use=web, web=checkip.dyndns.com, web-skip='Current IP Address'

##########
protocol=dyndns2
use=web, web=checkip.dyndns.com, web-skip='Current IP Address'
server=dynupdate.no-ip.com
login=<<<USERNAME/EMAIL>>>
password='<<<PASSWORD>>>'
<<<CNAME>>>.ddns.net
##########

After edit, press [CTRL+x] => press [y] => press [Enter] to exit

4. # systemctl restart ddclient (Restart ddclient after changed in configuration)

5. Diagnostics:

  1. ddclient -daemon=0 -debug -verbose -noquiet
  2. systemctl status ddclient

NextCloud

Reference: https://forum.openmediavault.org/index.php/Thread/17738-NextCloud-Installation/

1. SSH to the device

  1. apt-get update
  2. apt-get upgrade
  • Configuring openmediavault => Press [Tab] => Press [Enter] on Ok
  1. apt-get install php5-curl php5-gd

2. Create the Shared Folders for all your Nginx's web pages

  • Name: www
  • Path: www/
  • Click on the ACL
    • User/Groups permissions: Tick Read/Write for both www-data user and group
    • Set Owner / Group to Read/Write/Execute and Others to None

3. Create the sub shared folder for your NextCloud web pages

  • Name: nextcloud
  • Path: www/nextcloud
  • Click on the ACL
    • User/Groups permissions: Tick Read/Write for both www-data user and group
    • Set Owner / Group to Read/Write/Execute and Others to None

4. Go to System => Plugins => Tick openmediavault-nginx => Install

5. Services => Nginx => Settings => Enable => Save => Apply

6. Services => Nginx => Pools => Add

  • Name: pool_nextcloud
  • User: www-data
  • Group: www-data
  • Extra options: <<<Copy Texts In Between ########## Below>>>
##########
clear_env = no
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
##########
  • Save => Apply

7. Services => Nginx => Servers => Add

  • General
    • Directory: nextcloud
  • SSL
    • Enable SSL: Enable
    • Port: 91
    • Certificate: <<<Select Created SSL Certificate>>>
  • System => Certificates => SSL => Add => Create (Set longer "Period of validity" if you do not want to renew the certificate too frequently) => Save => Apply
    • Only use SSL: Enable
  • PHP
    • Enable PHP: Enable
    • PHP-FPM Pool: pool_nextcloud
  • Extra options: <<<Copy Texts In Between ########## Below>>>
##########
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

location = /robots.txt {
log_not_found off;
allow all;
access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}

location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}

# set max upload size
client_max_body_size 50G;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass $socket;
fastcgi_intercept_errors on;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}

location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
##########

8. Go to System => Plugins => Tick openmediavault-mysql => Install

9. Services => MySQL => Enable => Save => Apply => Reset Password

10. Go to https://nextcloud.com/ => Download => Get Nextcloud Server => Download => Web Installer (Bottom Tab) => Download setup-nextcloud.php to your PC

11. Use FTP/SAMBA/etc to transfer setup-nextcloud.php to www/nextcloud/

12. Go to https://<<<DEVICE_IP>>>:91/setup-nextcloud.php

  • Please add exception for the self-signed certificate if your browser prompt you to do so
  • Next
  • Dependency check: Enter a single "." => Next
  • Wait until: 504 Gateway Time-out

13. Go to https://<<<DEVICE_IP>>>:91/ (Retry again if you get 404)

  • Click on Storage & database => MySQL/MariaDB
    • Database user: root
    • Database password: <<<Password Reset On Step #10>>>
    • Database name: nextcloud
    • Database host: localhost
  • Finish setup

14. Services => Nginx => Servers => Edit

  • PHP => Default config: Disable

15. Go to https://<<<DEVICE_IP>>>:91/

16. If installation failed on step #12 onwards:

  • Remove all the folders/files/hidden files in www/nextcloud/* through FTP/SAMBA/etc (Note that, removing 13,000+ files may take a while)
    • Services => MySQL => SQL management site => Enable => Save => Apply => Show
  • Tools => Database Manager => tick "nextcloud" and "DROP selected databases" => Submit
    • Start over again from step #12

17. Setup the Dynamic DNS if you need to access your NextCloud through internet. Then, on your internet modem/router: Port Forward to the device with port 91