Difference between revisions of "User:Pineadmin/OpenMediaVault"

From PINE64
Jump to navigation Jump to search
m (Fxc moved page OpenMediaVault to User:Pineadmin/OpenMediaVault: stub and outdated)
 
(16 intermediate revisions by 2 users not shown)
Line 1: Line 1:
'''<span style="color:#FF0000">If you are dealing with confidential files transfer/sharing, please make sure your setup is secured with long and hard to guess random password or PKI keys. Make sure you use DUMMY folders/files for testing first to get yourself familiar and comfortable with the settings.</span>'''
Please go through the [http://files.syabas.com/popcornhour/download/PopcornHourTransformerNAS_UserManual-20180122.pdf OpenMediaVault Basic Setup and all following chapters about OpenMediaVault] before proceed to the more advance setup below.
 
 
== Basic Setup ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. After boot, if the IP Address not showing on the HDMI output, you need to find the IP Address of the device with tools (e.g. [https://www.softperfect.com/products/networkscanner/ netscan]) (hostname: ROCK64, PINE64, PINE64SO)
 
2. Use the IP Address on PC browser to login to the Web Admin Pages: admin / openmediavault  (Remember to change the default password: System -> General Settings -> Web Administrator Password)
 
3. You may want to use Static IP for easy access in future: System -> Network -> Interfaces -> Edit or Add(Ethernet)
 
4. To setup secure https for Web Admin Pages:
    - System -> Certificates -> SSL -> Add -> Create (Set longer "Period of validity" if you do not want to renew the certificate too frequently) -> Save -> Apply
    - System -> General Settings -> Web Administration -> Secure connection
      - Enable SSL/TLS: Enable
      - Certificate: <<<Select Created SSL Certificate>>>
      - Port: 443
      - Force SSL/TLS: Enable
 
5. Setup the [[#Dynamic DNS|Dynamic DNS]] if you need to access the Web Admin Pages through internet. Then, on your internet modem/router: Port Forward to the slave/destination device with port 80(http) or 443(https)
</pre>
 
 
== Shared Folders ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Plug Hard Drive
 
2. Go to Storage -> Physical Disks -> Scan
    - If you want to remove everything on your disk, you can use the "Wipe" button
      - Before that, make sure the disk file systems are all "Storage -> File Systems -> Unmount" first
      - After Wipe, use the "Storage -> File Systems -> Create" to create the new partition
          - Some of the operations or features on OpenMediaVault may not work well with some file systems (e.g. FAT/FAT32/NTFS) because of folders/files permission settings problem, so EXT4 can be of better choice
 
3. Go to Storage -> File Systems -> select the Partition to mount -> Mount -> Apply
 
4. Access Right Management -> User -> Add (Make sure it is under "users" Group)
 
5. Access Right Management -> Shared Folders -> Add
    - You should add the shared folder starting from the root directory of your disk before you add the subfolder as shared folder. Because if you are trying to access to the subfolder directly, you may not able to get pass the parent folder permission. So your permission/privileges/ACL should also be set starting from your parent folder
 
    - Select newly added Shared Folder -> Privileges -> tick Read/Write for your user -> Save -> Apply
    - Select newly added Shared Folder -> ACL (for ext3/ext4 filesystem)
      - Tick Read/Write for your user in User/Groups permissions
      - Set Owner / Group to Read/Write/Execute and Others to None
      - Enable Recursive
      - Save -> Close
</pre>
 
 
== FTP ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" and "[[#Shared Folders|Shared Folders]]" above
 
2. Services -> FTP -> Settings -> Enable -> Save -> Apply
                  -> Shares -> Add -> Apply
 
If you constantly hit by "Permission denied", then you may consider a less secure solution: Services -> FTP -> Settings -> Permit root login (enable)
This may happen when your hard drive is using FAT/FAT32 file system where permission cannot be set and after reboot, the default read only permission is used
</pre>
 
 
== SAMBA (Windows Share) ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" and "[[#Shared Folders|Shared Folders]]" above
 
2. Services -> SMB/CIFS -> Settings -> Enable -> Save -> Apply
                        -> Shares -> Add -> Apply
</pre>
 
 
== NFS ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" and "[[#Shared Folders|Shared Folders]]" above
 
2. Services -> NFS -> Settings -> Enable -> Save -> Apply
                  -> Shares -> Add -> Apply
 
To access from Kodi/XBMC, use "insecure" instead of "secure" on "Extra options"
</pre>
 
 
== Rsync (Clone/Backup) ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
You required 2 devices (e.g. 2 ROCK64, PINE64, SOPINE or etc) to Clone/Backup from master to slave or bidirectional
 
1. Go through the "[[#Basic_Setup|Basic Setup]]" and "[[#Shared Folders|Shared Folders]]" above
 
2. [On slave/destination device]
    Services -> Rsync -> Server -> Settings -> Enable -> Save -> Apply
                                -> Modules -> Add -> General
    - Make sure to choose correct "User"
    - Enable "Authenticate users"
    - Fill in "Hosts allow" for more security
                                                  -> User -> Add
 
3. Services -> Rsync -> Jobs -> Add (Type: Remote, Mode: Push, Destination server: [USER]@[HOST]::[Rsync Server Module Name])
    - [HOST] can be <<<CNAME>>>.ddns.net for [[#Dynamic DNS|Dynamic DNS]]
    - For testing: select Job -> Run
    - For bidirectional Rsync: Add another Job to Pull from slave/destination device (Don't enable Delete because deleted file/folder may be copied over again)
 
4. Diagnostics -> System Logs
 
5. Setup the [[#Dynamic DNS|Dynamic DNS]] if you need to rsync clone/backup through internet. Then, on your internet modem/router: Port Forward to the slave/destination device with port 873
</pre>
 
 
== SSH ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" above
 
2. Services -> SSH -> Permit root login (enable)  (Remember to always disable it back for security reason)
 
3. SSH to the device with Putty: root / openmediavault  (Remember to change the default password)
</pre>
 
 
== System Monitoring ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" above
 
2. System -> Monitoring -> Enable -> Save -> Apply
 
3. Diagnostics -> System Information -> Performance statistics
</pre>
 
 
== Notification ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" above
 
2. System -> Notification -> Settings
    - Enable
    - for GMAIL
      - SMTP server: smtp.gmail.com
      - SMTP port: 587
      - Use SSL/TLS secure connection: Enable
      - Sender email: <<<Your GMAIL Address>>>
      - Authentication required: Enable
      - Username: <<<Your GMAIL Address>>>
      - Password: <<<Your GMAIL Password>>>
      - Recipient: <<<Your Recipient Emails>>>
      - At your GMAIL account, you also need to enable: GMAIL -> Settings -> Accounts and Import -> Change account settings -> Other Google Account settings -> Sign-in & security -> Apps with account access -> Allow less secure apps: ON
    - Save -> Apply
    - Use "Send a test email" for testing
</pre>
 
 
== Wi-Fi ==
 
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. Go through the "[[#Basic_Setup|Basic Setup]]" above
 
2. While Ethernet network cable is still plugged, plug in the USB Wi-Fi dongle and reboot the device
 
3. Login to the Web Admin Pages and go to System -> Network -> Interfaces -> Add(Wi-Fi)
    - General settings
      - Name: <<<Select wlan0>>>
    - Wi-Fi
      - SSID: <<<Your Wireless Router Wi-Fi SSID>>>
      - Password: <<<Your Wireless Router Wi-Fi Password>>>
    - IPv4
      - Method: DHCP or Static
      - ...
 
4. Save -> Apply
 
5. Unplug Ethernet network cable and reboot the device
</pre>
 


== Dynamic DNS ==
== Dynamic DNS ==
[YOU CAN SKIP THIS IF YOU ARE USING STATIC IP ON YOUR INTERNET WAN OR YOU ALREADY KNOW HOW TO SETUP DYNAMIC DNS ON YOUR INTERNET MODEM/ROUTER]


<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
1. SSH to the device
[YOU CAN SKIP THIS IF YOU KNOW HOW TO SETUP DYNAMIC DNS ON YOUR INTERNET MODEM/ROUTER]


1. Go through the "[[#Basic_Setup|Basic Setup]]" above
2. # apt-get install ddclient  (no-ip.com example)
 
* Dynamic DNS service provider: other
2. [[#SSH|SSH]] to the device
* Dynamic DNS server: dynupdate.no-ip.com
 
* Dynamic DNS update protocol: dyndns2
3. # apt-get install ddclient  (no-ip.com example)
* Username for dynamic DNS service: <<<USERNAME/EMAIL>>>
 
* Password for dynamic DNS service: <<<PASSWORD>>>
Dynamic DNS service provider: other
* Re-enter password to verify: <<<PASSWORD>>>
Dynamic DNS server: dynupdate.no-ip.com
* Network interface used for dynamic DNS service: web
Dynamic DNS update protocol: dyndns2
* DynDNS fully qualified domain names: <<<CNAME>>>.ddns.net
Username for dynamic DNS service: <<<USERNAME/EMAIL>>>
* Run ddclient on PPP connect? No
Password for dynamic DNS service: <<<PASSWORD>>>
* Run ddclient as daemon? Yes
Re-enter password to verify: <<<PASSWORD>>>
* Interval between ddclient runs: 300
Network interface used for dynamic DNS service: web
DynDNS fully qualified domain names: <<<CNAME>>>.ddns.net
Run ddclient on PPP connect? No
Run ddclient as daemon? Yes
Interval between ddclient runs: 300


# dpkg-reconfigure ddclient  (To Re-run configuration wizard above)
# dpkg-reconfigure ddclient  (To Re-run configuration wizard above)


4. # vi /etc/ddclient.conf
3. # nano /etc/ddclient.conf


Change: use=if, if=web
Change: use=if, if=web
To:    use=web, web=checkip.dyndns.com, web-skip='Current IP Address'
To:    use=web, web=checkip.dyndns.com, web-skip='Current IP Address'


##########
##########
protocol=dyndns2
protocol=dyndns2
use=web, web=checkip.dyndns.com, web-skip='Current IP Address'
use=web, web=checkip.dyndns.com, web-skip='Current IP Address'
server=dynupdate.no-ip.com
server=dynupdate.no-ip.com
login=<<<USERNAME/EMAIL>>>
login=<<<USERNAME/EMAIL>>>
password='<<<PASSWORD>>>'
password='<<<PASSWORD>>>'
<<<CNAME>>>.ddns.net
<<<CNAME>>>.ddns.net
##########
##########
 
After edit, press [CTRL+x]  =>  press [y]  =>  press [Enter] to exit


5. # systemctl restart ddclient  (Restart ddclient after changed in configuration)
4. # systemctl restart ddclient  (Restart ddclient after changed in configuration)


6. Diagnostics:
5. Diagnostics:


# ddclient -daemon=0 -debug -verbose -noquiet
# ddclient -daemon=0 -debug -verbose -noquiet
# systemctl status ddclient
# systemctl status ddclient
</pre>


== NextCloud ==
== NextCloud ==
<pre<noinclude></noinclude> style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
Reference: https://forum.openmediavault.org/index.php/Thread/17738-NextCloud-Installation/
Reference: https://forum.openmediavault.org/index.php/Thread/17738-NextCloud-Installation/


1. Go through the "[[#Basic_Setup|Basic Setup]]" and "[[#Shared Folders|Shared Folders]]" above
1. SSH to the device
 
2. [[#SSH|SSH]] to the device


# apt-get update
# apt-get update
# apt-get upgrade
# apt-get upgrade
  - Configuring openmediavault -> Press [Tab] -> Press [Enter] on Ok
* Configuring openmediavault => Press [Tab] => Press [Enter] on Ok
# apt-get install php5-curl php5-gd
# apt-get install php5-curl php5-gd


3. Create the [[#Shared Folders|shared folder]] for all your Nginx's web pages
2. Create the Shared Folders for all your Nginx's web pages
    - Name: www
Name: www
    - Path: www/
Path: www/
    - Click on the ACL
Click on the ACL
      - User/Groups permissions: Tick Read/Write for both www-data user and group
** User/Groups permissions: Tick Read/Write for both www-data user and group
      - Set Owner / Group to Read/Write/Execute and Others to None
** Set Owner / Group to Read/Write/Execute and Others to None
 
4. Create the [[#Shared Folders|sub shared folder]] for your NextCloud web pages
    - Name: nextcloud
    - Path: www/nextcloud
    - Click on the ACL
      - User/Groups permissions: Tick Read/Write for both www-data user and group
      - Set Owner / Group to Read/Write/Execute and Others to None
 
5. Go to System -> Plugins -> Tick openmediavault-nginx -> Install
 
6. Services -> Nginx -> Settings -> Enable -> Save -> Apply
 
7. Services -> Nginx -> Pools -> Add
    - Name: pool_nextcloud
    - User: www-data
    - Group: www-data
    - Extra options: <<<Copy Texts In Between ########## Below>>>
 
##########
clear_env = no
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
##########
 
    - Save -> Apply
 
8. Services -> Nginx -> Servers -> Add
    - Directory: nextcloud
    - Port: 90  (Because the OpenMediaVault Web Admin Pages is already using Port 80)
    - Enable PHP: Enable
    - PHP-FPM Pool: pool_nextcloud
    - Extra options: <<<Copy Texts In Between ########## Below>>>
 
##########
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
 
location = /robots.txt {
log_not_found off;
allow all;
access_log off;
}
 
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
 
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
 
# set max upload size
client_max_body_size 50G;
fastcgi_buffers 64 4K;
 
# Disable gzip to avoid the removal of the ETag header
gzip off;
 
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
 
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
 
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
 
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
 
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS off;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass $socket;
fastcgi_intercept_errors on;
}


location ~ ^/(?:updater|ocs-provider)(?:$|/) {
3. Create the sub shared folder for your NextCloud web pages
try_files $uri/ =404;
* Name: nextcloud
index index.php;
* Path: www/nextcloud
}
* Click on the ACL
** User/Groups permissions: Tick Read/Write for both www-data user and group
** Set Owner / Group to Read/Write/Execute and Others to None


# Adding the cache control header for js and css files
4. Go to System  =>  Plugins  =>  Tick openmediavault-nginx  =>  Install
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}


location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
5. Services  =>  Nginx  =>  Settings  =>  Enable  =>  Save  =>  Apply
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
##########


9. Go to System -> Plugins -> Tick openmediavault-mysql -> Install
6. Services  =>  Nginx  => Pools  => Add
* Name: pool_nextcloud
* User: www-data
* Group: www-data
* Extra options: <<<Copy Texts In Between ########## Below>>>


10. Services -> MySQL -> Enable -> Save -> Apply
##########
                      -> Reset Password
clear_env = no
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
##########


11. Go to https://nextcloud.com/ -> Download -> Get Nextcloud Server -> Download -> Web Installer (Bottom Tab) -> Download setup-nextcloud.php to your PC
* Save  => Apply


12. Use [[#FTP|FTP]]/[[#SAMBA (Windows Share)|SAMBA]]/etc to transfer setup-nextcloud.php to www/nextcloud/
7. Services  =>  Nginx  =>  Servers  =>  Add
* General
** Directory: nextcloud
* SSL
** Enable SSL: Enable
** Port: 91
** Certificate: <<<Select Created SSL Certificate>>>
* System  =>  Certificates  =>  SSL  =>  Add  =>  Create (Set longer "Period of validity" if you do not want to renew the certificate too frequently) =>  Save  =>  Apply
** Only use SSL: Enable
* PHP
** Enable PHP: Enable
** PHP-FPM Pool: pool_nextcloud
* Extra options: <<<Copy Texts In Between ########## Below>>>


13. Go to http://<<<DEVICE_IP>>>:90/setup-nextcloud.php
##########
    - Next
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    - Dependency check: Enter a single "." -> Next
add_header X-Content-Type-Options nosniff;
    - Wait until: 504 Gateway Time-out
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = /robots.txt {
log_not_found off;
allow all;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 50G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass $socket;
fastcgi_intercept_errors on;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
##########


14. Go to http://<<<DEVICE_IP>>>:90/
8. Go to System  => Plugins  => Tick openmediavault-mysql  => Install
    - Click on Storage & database -> MySQL/MariaDB
        - Database user: root
        - Database password: <<<Password Reset On Setp #10>>>
        - Database name: nextcloud
        - Database host: localhost
    - Finish setup


15. Services -> Nginx -> Servers -> Edit
9. Services => MySQL  => Enable  => Save  => Apply  =>  Reset Password
    - PHP -> Default config: Disable


16. Go to http://<<<DEVICE_IP>>>:90/
10. Go to https://nextcloud.com/  =>  Download  =>  Get Nextcloud Server  => Download  => Web Installer (Bottom Tab)  => Download setup-nextcloud.php to your PC


11. Use FTP/SAMBA/etc to transfer setup-nextcloud.php to www/nextcloud/


If installation failed on step #13 onwards, you can always remove all the folders/files in www/nextcloud/* including hidden files and start over again from step #12.
12. Go to https://<<<DEVICE_IP>>>:91/setup-nextcloud.php
* Please add exception for the self-signed certificate if your browser prompt you to do so
* Next
* Dependency check: Enter a single "."  =>  Next
* Wait until: 504 Gateway Time-out


13. Go to https://<<<DEVICE_IP>>>:91/  (Retry again if you get 404)
* Click on Storage & database  =>  MySQL/MariaDB
** Database user: root
** Database password: <<<Password Reset On Step #10>>>
** Database name: nextcloud
** Database host: localhost
* Finish setup


HTTPS To Be Done...
14. Services  =>  Nginx  =>  Servers  =>  Edit
* PHP  =>  Default config: Disable


15. Go to https://<<<DEVICE_IP>>>:91/


17. Setup the [[#Dynamic DNS|Dynamic DNS]] if you need to access your NextCloud through internet. Then, on your internet modem/router: Port Forward to the device with port 90.
16. If installation failed on step #12 onwards:
* Remove all the folders/files/hidden files in www/nextcloud/* through FTP/SAMBA/etc (Note that, removing 13,000+ files may take a while)
** Services  =>  MySQL  =>  SQL management site  =>  Enable  =>  Save  =>  Apply  =>  Show
* Tools  =>  Database Manager  =>  tick "nextcloud" and "DROP selected databases"  =>  Submit
** Start over again from step #12


</pre>
17. Setup the [[#Dynamic DNS|Dynamic DNS]] if you need to access your NextCloud through internet. Then, on your internet modem/router: Port Forward to the device with port 91

Latest revision as of 13:43, 5 February 2023

Please go through the OpenMediaVault Basic Setup and all following chapters about OpenMediaVault before proceed to the more advance setup below.

Dynamic DNS

[YOU CAN SKIP THIS IF YOU ARE USING STATIC IP ON YOUR INTERNET WAN OR YOU ALREADY KNOW HOW TO SETUP DYNAMIC DNS ON YOUR INTERNET MODEM/ROUTER]

1. SSH to the device

2. # apt-get install ddclient (no-ip.com example)

  • Dynamic DNS service provider: other
  • Dynamic DNS server: dynupdate.no-ip.com
  • Dynamic DNS update protocol: dyndns2
  • Username for dynamic DNS service: <<<USERNAME/EMAIL>>>
  • Password for dynamic DNS service: <<<PASSWORD>>>
  • Re-enter password to verify: <<<PASSWORD>>>
  • Network interface used for dynamic DNS service: web
  • DynDNS fully qualified domain names: <<<CNAME>>>.ddns.net
  • Run ddclient on PPP connect? No
  • Run ddclient as daemon? Yes
  • Interval between ddclient runs: 300
  1. dpkg-reconfigure ddclient (To Re-run configuration wizard above)

3. # nano /etc/ddclient.conf

Change: use=if, if=web To: use=web, web=checkip.dyndns.com, web-skip='Current IP Address'

##########
protocol=dyndns2
use=web, web=checkip.dyndns.com, web-skip='Current IP Address'
server=dynupdate.no-ip.com
login=<<<USERNAME/EMAIL>>>
password='<<<PASSWORD>>>'
<<<CNAME>>>.ddns.net
##########

After edit, press [CTRL+x] => press [y] => press [Enter] to exit

4. # systemctl restart ddclient (Restart ddclient after changed in configuration)

5. Diagnostics:

  1. ddclient -daemon=0 -debug -verbose -noquiet
  2. systemctl status ddclient

NextCloud

Reference: https://forum.openmediavault.org/index.php/Thread/17738-NextCloud-Installation/

1. SSH to the device

  1. apt-get update
  2. apt-get upgrade
  • Configuring openmediavault => Press [Tab] => Press [Enter] on Ok
  1. apt-get install php5-curl php5-gd

2. Create the Shared Folders for all your Nginx's web pages

  • Name: www
  • Path: www/
  • Click on the ACL
    • User/Groups permissions: Tick Read/Write for both www-data user and group
    • Set Owner / Group to Read/Write/Execute and Others to None

3. Create the sub shared folder for your NextCloud web pages

  • Name: nextcloud
  • Path: www/nextcloud
  • Click on the ACL
    • User/Groups permissions: Tick Read/Write for both www-data user and group
    • Set Owner / Group to Read/Write/Execute and Others to None

4. Go to System => Plugins => Tick openmediavault-nginx => Install

5. Services => Nginx => Settings => Enable => Save => Apply

6. Services => Nginx => Pools => Add

  • Name: pool_nextcloud
  • User: www-data
  • Group: www-data
  • Extra options: <<<Copy Texts In Between ########## Below>>>
##########
clear_env = no
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
##########
  • Save => Apply

7. Services => Nginx => Servers => Add

  • General
    • Directory: nextcloud
  • SSL
    • Enable SSL: Enable
    • Port: 91
    • Certificate: <<<Select Created SSL Certificate>>>
  • System => Certificates => SSL => Add => Create (Set longer "Period of validity" if you do not want to renew the certificate too frequently) => Save => Apply
    • Only use SSL: Enable
  • PHP
    • Enable PHP: Enable
    • PHP-FPM Pool: pool_nextcloud
  • Extra options: <<<Copy Texts In Between ########## Below>>>
##########
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

location = /robots.txt {
log_not_found off;
allow all;
access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}

location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}

# set max upload size
client_max_body_size 50G;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass $socket;
fastcgi_intercept_errors on;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}

location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
##########

8. Go to System => Plugins => Tick openmediavault-mysql => Install

9. Services => MySQL => Enable => Save => Apply => Reset Password

10. Go to https://nextcloud.com/ => Download => Get Nextcloud Server => Download => Web Installer (Bottom Tab) => Download setup-nextcloud.php to your PC

11. Use FTP/SAMBA/etc to transfer setup-nextcloud.php to www/nextcloud/

12. Go to https://<<<DEVICE_IP>>>:91/setup-nextcloud.php

  • Please add exception for the self-signed certificate if your browser prompt you to do so
  • Next
  • Dependency check: Enter a single "." => Next
  • Wait until: 504 Gateway Time-out

13. Go to https://<<<DEVICE_IP>>>:91/ (Retry again if you get 404)

  • Click on Storage & database => MySQL/MariaDB
    • Database user: root
    • Database password: <<<Password Reset On Step #10>>>
    • Database name: nextcloud
    • Database host: localhost
  • Finish setup

14. Services => Nginx => Servers => Edit

  • PHP => Default config: Disable

15. Go to https://<<<DEVICE_IP>>>:91/

16. If installation failed on step #12 onwards:

  • Remove all the folders/files/hidden files in www/nextcloud/* through FTP/SAMBA/etc (Note that, removing 13,000+ files may take a while)
    • Services => MySQL => SQL management site => Enable => Save => Apply => Show
  • Tools => Database Manager => tick "nextcloud" and "DROP selected databases" => Submit
    • Start over again from step #12

17. Setup the Dynamic DNS if you need to access your NextCloud through internet. Then, on your internet modem/router: Port Forward to the device with port 91