War is a racket. It always has been. It is possibly the oldest, easily the most profitable, surely the most vicious. It is the only one international in scope. It is the only one in which the profits are reckoned in dollars and the losses in lives, Smedley Butler

Nextcloud

Nextcloud. Definition and features.

Nextcloud is an open-source software suite that provides file hosting, synchronization, and sharing services. It allows its users to set up their own private cloud storage solutions.

It is a free alternative to services like Dropbox or Google Drive, but with a focus on privacy and data ownership. Some of its key features are:

Here are some key features of Nextcloud:

File Storage and Sharing: It allows you to upload, store, and share files securely with others.
Collaboration Tools: It includes features for collaborative editing of documents, calendars, and tasks.
Data Security.
Self-Hosting. You can host Nextcloud on your own desktops, laptops or servers, giving you complete control over your data for free!
Extensibility. It has a rich ecosystem of applications and plugins that allow for additional functionalities, such as video conferencing, email integration, and more.
Cross-Platform Compatibility. It supports Windows, macOS, Linux, Android, and iOS.

Creating the Container, passwordless SSH

As we always do, we will start with a container with Ubuntu Server.

# Updating the system and cleaning up orphan packages
sudo apt update && sudo apt dist-upgrade && sudo apt autoremove

# Let's create a new user named nmaximo7.
adduser nmaximo7
# Adds the user to the sudo group, which grants him the ability to execute commands with administrative (root) privileges using sudo.
usermod -aG sudo nmaximo7

# What is my ip?
ip a
[...]
2: eth0@if6:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether bc:24:11:50:8d:7a brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.52/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::be24:11ff:fe50:8d7a/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever


# Let's give it a name.
# PiHole, Local DNS Records: mynextcloud, 192.168.1.52

# In the client side.
# ssh-copy-id nmaximo7@mynextcloud is used to install your public SSH key on a remote server, allowing you to log in without needing to enter a password each time.
ssh-copy-id nmaximo7@mynextcloud
✦ ❯ ssh nmaximo7@mynextcloud
Welcome to Ubuntu 24.10 (GNU/Linux 6.8.12-5-pve x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro
nmaximo7@NextCloud:~$

MariaDB Setup

MariaDB is an open-source relational database management system that is a fork of MySQL. It was created by the original developers of MySQL after concerns arose regarding Oracle’s acquisition of MySQL (Does it OpenOffice ring a bell?)

# Install MariaDB Server
sudo apt install mariadb-server mariadb-client
# Check MariaDB Status
systemctl status mariadb
* mariadb.service - MariaDB 11.4.3 database server
     Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: enabled)
     Active: active (running) since Wed 2025-01-29 08:26:46 UTC; 27s ago
 [...]

# Secure MariaDB Installation.
# Set a root password, remove anonymous users, disallow remote root login, remove the test database, reload privilege tables.
mariadb-secure-installation
Enter current password for root (enter for none): ... Write your password...
Switch to unix_socket authentication [Y/n] n

Change the root password? [Y/n] n

Remove anonymous users? [Y/n] Y

Disallow root login remotely? [Y/n] Y

Remove test database and access to it? [Y/n] Y

Reload privilege tables now? [Y/n] Y

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

# Start the MariaDB Command-Line Interface (sudo runs the command with superuser privileges)
sudo mariadb

# Creates a new database named nextcloud. It will be used to store all the data for your Nextcloud application.
CREATE DATABASE nextcloud;

# Lists all databases currently available in your MariaDB server.
SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| nextcloud          |
| performance_schema |
| sys                |
+--------------------+
5 rows in set (0.001 sec)

# Gives the user nextcloud from the local machine ('nextcloud'@'localhost') all permission in the nextcloud database and sets the password for the user nextcloud (e.g., yourpassword).
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'yourpassword';

# It reloads the grant tables in the MariaDB server, ensuring that any changes made take effect immediately.
FLUSH PRIVILEGES;

# Exit the MariaDB CLI (Ctrl + D)
exit

Apache Webserver Setup

Apache Web Server is one of the most popular, widely used open-source web server software applications. It serves as a platform for hosting websites and web applications (like WordPress, Joomla, and Drupal). Some key features are:

Open Source.
Cross-Platform.
Modular Architecture, e.g., users are able to load and unload different modules for URL rewriting, authentication, and SSL support.
Virtual Hosting: Apache can host multiple websites on a single server using virtual hosts.
It supports various protocols, including HTTP, HTTPS, and others.
Custom Configuration: Configuration files (e.g., httpd.conf or .htaccess) allow extensive customization of server behavior.
Extensive and comprehensive documentation for troubleshooting and support.

# Installing Apache2 and necessary packages
sudo apt install php php-apcu php-bcmath php-cli php-common php-curl php-gd php-gmp php-imagick php-intl php-mbstring php-mysql php-zip php-xml apache2

# Checking Apache2 status
root@NextCloud:~# systemctl status apache2
* apache2.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: active (running) since Wed 2025-01-29 11:39:39 UTC; 38s ago
 [...]
# Enable specific PHP extensions on a server running a Debian-based system (like Ubuntu).
sudo phpenmod bcmath gmp imagick intl

# After you run this command, you need to restart your web server for the changes to take effect
sudo systemctl restart apache2

Installing Nextcloud and configuring Apache

# Download Nextcloud
wget https://download.nextcloud.com/server/releases/latest.zip

# Install Unzip Utility
sudo apt install unzip

# Unzip the Downloaded File
unzip latest.zip

# Rename the Directory
mv nextcloud mynextcloud

# Change Ownership of the Directory
# The owner and group of the mynextcloud directory should be set to www-data, which is the user under which the Apache web server runs.
# In other words, we make sure that Apache has the necessary permissions to access and manage the Nextcloud files.
sudo chown -R www-data:www-data mynextcloud

# Let's move the mynextcloud directory to the /var/www directory, which is the default document root for Apache web servers.
sudo mv mynextcloud /var/www

# Disable the Default Apache Site with a2dissite.
# 000-default.conf is the default site configuration file created by Apache.
sudo a2dissite 000-default.conf

# Reload Apache Configuration
systemctl reload apache2

Create a host configuration file for Nextcloud

/etc/apache2/sites-available/nextcloud.conf is the path where the new configuration file for the Nextcloud site will be created.

sudo vi /etc/apache2/sites-available/nextcloud.conf


# It defines a virtual host that listens on port 80 (the default HTTP port). The * means it will respond to requests for any IP address.
    DocumentRoot "/var/www/mynextcloud"
    # It specifies the directory where the Nextcloud files are located. Requests to the server will serve files from this directory.
    ServerName mynextcloud
    # It sets the hostname for the virtual host.

    "/var/www/mynextcloud/">
    # This block defines settings for the specified directory.
        Options MultiViews FollowSymlinks
        AllowOverride All
        Order allow,deny
        Allow from all
   

   TransferLog /var/log/apache2/mynextcloud_access.log
   ErrorLog /var/log/apache2/mynextcloud_error.log


# Enable the site
sudo a2ensite nextcloud.conf

# Reload Apache
sudo systemctl reload apache2

Edit PHP Configuration File

sudo vi /etc/php/8.3/apache2/php.ini, /etc/php/8.3/apache2/php.ini is the path to the PHP configuration file for the version 8.3 running with Apache.

# Maximum amount of memory a script may consume (from 128M to 512M).
# This is important for applications like Nextcloud that may require more memory for processing.
memory_limit = 512M

# Maximum allowed size for uploaded files (50M, 100M or 200M are OK)
# This allows users to upload large files, which is often necessary for cloud storage applications.
upload_max_filesize = 200M

# Maximum execution time of each script (seconds), 30 -> 360
# This is useful for long-running processes or uploads.
max_execution_time = 360

# Maximum size of POST data that PHP will accept
post_max_size = 200M

# Defines the default timezone.
# Adjust this according to your location.
date.timezone = Europe/Madrid

# Opcache improves PHP performance by storing precompiled script bytecode in memory.
opcache.enable=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

# Enable Apache Modules (a2enmod is the command to enable Apache modules)
# E.g., ssl (allow ssl/tls support if using https), env (allows environment variables to be set), etc.
sudo a2enmod dir env headers mime rewrite ssl

# Restart Apache to ensure the new PHP settings take effect
sudo systemctl restart apache2

Configure Netcloud

Open your favorite browser and type your NextCloud’s container IP, [http:] + “//” + “dirIP” (e.g., 192.168.1.52/)
New admin account name (e.g., nmaximo7), new admin password.
Database account(e.g., nextcloud), database password, database name, database host (localhost), and smash the Install button.
Press the Install recommended apps.

Distrobox

Install snapd

Click on your newly created container, go to the Options tab, double-click on Features, and enable Nesting (required for Snap usage in a container) and Fuse.
Make sure that your container is privilege: Summary, Unprivileged No.
Update your system: apt-get update && apt-get upgrade -y
Install snapd: apt-get install -y snapd and squashfuse: apt install squashfuse

Review the LXC Config in /etc/pve/lxc/CTID.conf (e.g., /etc/pve/lxc/104.conf):

    arch: amd64
    cores: 2
    features: nesting=1,keyctl=1,mknod=1
    unprivileged: 0
    hostname: NextCloud
    memory: 4096
    net0: name=eth0,bridge=vmbr0,gw=192.168.1.1,hwaddr=BC:24:11:50:8D:7A,ip=192.168.1.52/24,type=veth
    onboot: 0
    ostype: ubuntu
    rootfs: mypool:subvol-104-disk-0,size=80G
    swap: 512
    lxc.apparmor.profile: unconfined
    # AppArmor: Unconfined Profile
    lxc.cap.drop:
    # To ensure no extra capabilities are restricted

Enable/Start systemd Services: systemctl enable snapd, systemctl start snapd
Reboot.
Install a test snap: snap install hello-world… hello-world 6.4 from Canonical** installed
Install the core snap: sudo snap install core; sudo snap refresh core