Nextcloud fine tune

aplima · December 10, 2024, 5:13pm

Hello. I’m on my baby steps using NS8.

In this case:

proxmox with
RockyLinux9 (up to date) for NS8
and another VM with Nethsecurity

ISP has ports 443 and 80 blocked. And seems it will not be easy if in any case they ever open them without upgrade to some enterprise solution.

So I portforward 4043 to internal 443 to NethSecurity internal IP.
From there I create reverse proxy to the urls I want to use.

So far ok for Nethsecurity fqdn and NS8 fqdn.

Both work just fine with https://fqdn:4043/cluster-admin, and https://fqdn:4043 for Nethsecurity.

Problems with Webtop and Nextcloud.

With NS7 I could work on nextcloud config.php directly, because it was installed on the OS itself. Now I thing I found where and how, but if I edit where and what with I think it should, then access to Nextcloud breaks.

My intention would be to mach default (internal) nextcloud port with external port (4043). Because when I open https://cloud.mydomain.com:4043

I need to add /login to see login page
After providing user and password I know I will get 404 error. So I add manually the port 4043 to the url on the address bar. And get to access the webpage normally from that point until next login.
This is for webacess. For the desktop application I can’t workaround like this.

So, if anyone could have been through something similar or know where to change nextcloud default port on NS8, I would be grateful.

Thank you.

mrmarkuz · December 11, 2024, 11:43pm

Hi Antonio,

I’m afraid this configuration will cause issues but if there’s really no other option…

Enter the Nextcloud instance (in this example nextcloud1)

runagent -m nextcloud1

Edit config.php using nano:

podman unshare nano $(podman volume inspect nextcloud-app-data --format={{.Mountpoint}})/config/config.php

Add the port to overwritehost:

'overwritehost' => 'nextcloud.domain.tld:4043',

NS8 is using containers and environment variables are used for configuration so you need to edit the file config.env and again change the overwritehost:

OVERWRITEHOST=nextcloud.domain.tld:4043

To be sure the settings are applied I restarted nextcloud:

systemctl --user restart nextcloud

Exit the NC environment:

exit

WAN access should work now, for LAN access we need to open the port 4043 on NS8 too.

Enter as traefik1 user:

runagent -m traefik1

Edit configs/nextcloud1.yml and add the following on the top:

entryPoints:
  customport:
   address: ":4043"

and add customport to the entryPoints (2 occurences) :

entryPoints: http,https,customport

Restart traefik:

systemctl --user restart traefik

Exit traefik:

exit

Open port 4043/tcp on the host firewall:

firewall-cmd --permanent --zone=public --add-port=4043/tcp

Reload the firewall:

firewall-cmd --reload

Now NC should be reachable over port 4043 and the port is kept in the URL.
This configuration change is not persistant, after saving changes in Nextcloud app settings or updates the config.env and the traefik settings will be reverted.

aplima · December 12, 2024, 1:15am

Hi.

Thanks for pointing the way.
I understand what you mean and this is what meant to do. I’m used to docker images of nextcloud.
podman usage is new to me, so I’m struggling with very basic operations.
ie editing files.

This gets me “inside” module: runagent -m nextcloud1

once inside I can’t use nano or vim as if on a “normal” SO. docker allows me to run as “user” so I can install or use commands.

I will read a little more on this, because I can’t elevate to root. So I get permission denied when try to use commands to edit files.

So yes, I understand the concept. I have some other nextclouds with other ports like 8020 or 8030.
SSL from letsencrypt was not a problem to validate. I can use DNS for that, or even manually upload the certificate.

My problem is really this lack of basic knowledge on how to operate under podman logic.

But from what said is possible, I just need to learn how.

Thanks!

mrmarkuz · December 12, 2024, 9:34am

You’re welcome. Podman should be easy to learn for you as you already used Docker.

The advantage of podman over docker is to be able to run containers as user instead of root which provides better security.
The instance environments are user environments.

Either enter the container and use vi that’s available any container…

runagent -m nextcloud1 podman exec -ti nextcloud-app vi config/config.php

…or use following command to use the local nano editor instead of vi in the container:

Some more information about podman and use with NS8:

Podman docs: What is Podman? — Podman documentation

aplima · December 18, 2024, 7:40pm

Hi.

Sorry, been a while.
I did as pointed and it works.
This part:

Blockquote
entryPoints:
customport:
address: “:4043”

did break the access to nextcloud inside and outside so I didnt’ apply.
I have to redo it after each update, it’s a fact, but I can’t overcome the closed ports issue. So it will work with a lot of manual maintenance.

I’ll also have to do the same to webtop, or it won’t be accessible for the same reasons.

Thanks for the help!