Nextcloud Notes
(new) Nextcloud on a self-hosted Ubuntu VM
KVM commands
virt-manager # desktop user interface for managing virtual machines through libvirt
virsh nodeinfo # information about the host computer
virsh list --all
virsh start nextcloud
virsh shutdown nextcloud
virsh dominfo nextcloud
virsh domblklist nextcloud # information about virtual disks
Transfer to new Nextcloud instance
On old server...
- Look at
www-nextcloud/config/config.php
to get database host, database name, and database admin username & password
- Set Nextcloud instance to maintenance mode (edit
www-nextcloud/config/config.php
)
- Use rsync to make a copy of the Nextcloud directory tree
rsync -Aavx www-nextcloud/ www-nextcloud-dirbkp_`date +"%Y%m%d"`/
- Make a dump of the database. Notice that we are placing the dump in the copy of the Nextcloud directory tree that we made in the previous step.
mysqldump --single-transaction -h localhost -u oc_admin -p????????? nextcloud > www-nextcloud-dirbkp_`date +"%Y%m%d"`/www-nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
- Take Nextcloud out of maintenance mode (edit
www-nextcloud/config/config.php
)
- Make compressed archive
tar -zcvf www-nextcloud-dirbkp_`date +"%Y%m%d"`.tar.gz www-nextcloud-dirbkp_`date +"%Y%m%d"`
- copy archive to new server
scp www-nextcloud-dirbkp_20200903.tar.gz dalep@biostatnextcloud.emp.vumc.io:/home/dalep/.
On new server...
systemctl stop snap.nextcloud.apache # stop apache
cd ~
sudo vim /var/snap/nextcloud/current/nextcloud/config/config.php # put server into maintenance mode
mkdir www-nextcloud
mv www-nextcloud-dirbkp_`date +"%Y%m%d"`.tar.gz www-nextcloud/
cd www-nextcloud/
tar -zxvf www-nextcloud-dirbkp_`date +"%Y%m%d"`.tar.gz
sudo mv /var/snap/nextcloud/common/nextcloud/data /var/snap/nextcloud/common/nextcloud/data.save
###sudo mkdir /var/snap/nextcloud/common/nextcloud/data ###gets recreated automatically since the nextcloud log lives in data/
cd www-nextcloud-dirbkp_`date +"%Y%m%d"`/
sudo rsync -Aaxv data/ /var/snap/nextcloud/common/nextcloud/data/
sudo chown -R root.root /var/snap/nextcloud/common/nextcloud/data/
###sudo cat /var/snap/nextcloud/current/nextcloud/config/config.php # to see database password
###sudo nextcloud.mysql-client -h localhost -u nextcloud -p??? -e "DROP DATABASE nextcloud"
###sudo nextcloud.mysql-client -h localhost -u nextcloud -p??? -e "CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci"
###sudo nextcloud.mysql-client -h localhost -u nextcloud -p??? nextcloud < /home/dalep/www-nextcloud/www-nextcloud-dirbkp_`date +"%Y%m%d"`/www-nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
systemctl start snap.nextcloud.apache # start apache
sudo vim /var/snap/nextcloud/current/nextcloud/config/config.php # put server into production mode
sudo nextcloud.occ files:scan --all
### Give it 10 minutes for everything to come up. Collabora might get disabled; enable it. When creating an .odt file - the file gets created but Collabora doesn't see to come up. Closing and reopening the file usually brings up Collabora so it can be edited.
Misc notes
What do these do?
sudo -u www-data php occ files:scan --all
sudo -u www-data php occ files:scan-app-data
sudo -u www-data php occ files:cleanup
sudo -u www-data php occ db:add-missing-indices
scan files after a bulk transfer
sudo nextcloud.occ files:scan --all
Databases and tables on new server
dalep@biostatnextcloud:~$ sudo nextcloud.mysql-client
[sudo] password for dalep:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 45
Server version: 5.7.31 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| nextcloud |
| performance_schema |
| sys |
+--------------------+
5 rows in set (0.00 sec)
mysql> use nextcloud;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+-----------------------------+
| Tables_in_nextcloud |
+-----------------------------+
| oc_accounts |
| oc_activity |
| oc_activity_mq |
| oc_addressbookchanges |
| oc_addressbooks |
| oc_appconfig |
| oc_authtoken |
| oc_bruteforce_attempts |
| oc_calendar_invitations |
| oc_calendar_reminders |
| oc_calendar_resources |
| oc_calendar_resources_md |
| oc_calendar_rooms |
| oc_calendar_rooms_md |
| oc_calendarchanges |
| oc_calendarobjects |
| oc_calendarobjects_props |
| oc_calendars |
| oc_calendarsubscriptions |
| oc_cards |
| oc_cards_properties |
| oc_collres_accesscache |
| oc_collres_collections |
| oc_collres_resources |
| oc_comments |
| oc_comments_read_markers |
| oc_credentials |
| oc_dav_cal_proxy |
| oc_dav_shares |
| oc_deck_assigned_labels |
| oc_deck_assigned_users |
| oc_deck_attachment |
| oc_deck_board_acl |
| oc_deck_boards |
| oc_deck_cards |
| oc_deck_labels |
| oc_deck_stacks |
| oc_direct_edit |
| oc_directlink |
| oc_federated_reshares |
| oc_file_locks |
| oc_filecache |
| oc_filecache_extended |
| oc_files_trash |
| oc_flow_checks |
| oc_flow_operations |
| oc_flow_operations_scope |
| oc_group_admin |
| oc_group_folders |
| oc_group_folders_acl |
| oc_group_folders_groups |
| oc_group_folders_manage |
| oc_group_folders_trash |
| oc_group_user |
| oc_groups |
| oc_jobs |
| oc_ldap_group_mapping |
| oc_ldap_group_members |
| oc_ldap_user_mapping |
| oc_login_flow_v2 |
| oc_mail_accounts |
| oc_mail_aliases |
| oc_mail_attachments |
| oc_mail_classifiers |
| oc_mail_coll_addresses |
| oc_mail_mailboxes |
| oc_mail_messages |
| oc_mail_recipients |
| oc_migrations |
| oc_mimetypes |
| oc_mounts |
| oc_notes_meta |
| oc_notifications |
| oc_notifications_pushtokens |
| oc_oauth2_access_tokens |
| oc_oauth2_clients |
| oc_preferences |
| oc_privacy_admins |
| oc_properties |
| oc_recent_contact |
| oc_richdocuments_assets |
| oc_richdocuments_direct |
| oc_richdocuments_wopi |
| oc_schedulingobjects |
| oc_share |
| oc_share_external |
| oc_storages |
| oc_systemtag |
| oc_systemtag_group |
| oc_systemtag_object_mapping |
| oc_talk_commands |
| oc_talk_guests |
| oc_talk_participants |
| oc_talk_rooms |
| oc_talk_signaling |
| oc_text_documents |
| oc_text_sessions |
| oc_text_steps |
| oc_trusted_servers |
| oc_twofactor_backupcodes |
| oc_twofactor_providers |
| oc_user_transfer_owner |
| oc_users |
| oc_vcategory |
| oc_vcategory_to_object |
| oc_webauthn |
| oc_whats_new |
+-----------------------------+
107 rows in set (0.01 sec)
mysql>
Databases and tables on old server
bioapp@bio1000lp:~/www-nextcloud/config$ mysql --user oc_admin -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 755623
Server version: 5.5.65-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| nextcloud |
| test |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> use nextcloud;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [nextcloud]> show tables;
+-----------------------------+
| Tables_in_nextcloud |
+-----------------------------+
| oc_accounts |
| oc_activity |
| oc_activity_mq |
| oc_addressbookchanges |
| oc_addressbooks |
| oc_appconfig |
| oc_authtoken |
| oc_bruteforce_attempts |
| oc_calendar_invitations |
| oc_calendar_resources |
| oc_calendar_rooms |
| oc_calendarchanges |
| oc_calendarobjects |
| oc_calendarobjects_props |
| oc_calendars |
| oc_calendarsubscriptions |
| oc_cards |
| oc_cards_properties |
| oc_collres_accesscache |
| oc_collres_collections |
| oc_collres_resources |
| oc_comments |
| oc_comments_read_markers |
| oc_credentials |
| oc_dav_shares |
| oc_deck_assigned_labels |
| oc_deck_assigned_users |
| oc_deck_attachment |
| oc_deck_board_acl |
| oc_deck_boards |
| oc_deck_cards |
| oc_deck_labels |
| oc_deck_stacks |
| oc_directlink |
| oc_federated_reshares |
| oc_file_locks |
| oc_filecache |
| oc_files_trash |
| oc_flow_checks |
| oc_flow_operations |
| oc_group_admin |
| oc_group_folders |
| oc_group_folders_acl |
| oc_group_folders_groups |
| oc_group_folders_manage |
| oc_group_folders_trash |
| oc_group_user |
| oc_groups |
| oc_jobs |
| oc_ldap_group_mapping |
| oc_ldap_group_members |
| oc_ldap_user_mapping |
| oc_login_flow_v2 |
| oc_migrations |
| oc_mimetypes |
| oc_mounts |
| oc_notifications |
| oc_notifications_pushtokens |
| oc_oauth2_access_tokens |
| oc_oauth2_clients |
| oc_preferences |
| oc_privacy_admins |
| oc_properties |
| oc_schedulingobjects |
| oc_share |
| oc_share_external |
| oc_storages |
| oc_systemtag |
| oc_systemtag_group |
| oc_systemtag_object_mapping |
| oc_trusted_servers |
| oc_twofactor_backupcodes |
| oc_twofactor_providers |
| oc_users |
| oc_vcategory |
| oc_vcategory_to_object |
| oc_whats_new |
+-----------------------------+
77 rows in set (0.00 sec)
MariaDB [nextcloud]>
/var/snap/nextcloud/current/
dalep@biostatnextcloud:~$ ls -la /var/snap/nextcloud/current/
total 32
drwxr-xr-x 8 root root 4096 Jul 1 15:49 .
drwxr-xr-x 5 root root 4096 Aug 13 20:48 ..
drwxr-xr-x 3 root root 4096 Jul 1 15:49 apache
drwx------ 4 root root 4096 Sep 4 18:12 certs
drwxr-x--- 6 root root 4096 Sep 4 18:11 mysql
drwxr-xr-x 4 root root 4096 Jul 1 15:49 nextcloud
drwxr-x--- 2 root root 4096 Jul 1 15:49 php
drwxr-x--- 2 root root 4096 Sep 4 18:41 redis
dalep@biostatnextcloud:~$
dalep@biostatnextcloud:~$ ls -la /var/snap/nextcloud/current/nextcloud/
total 16
drwxr-xr-x 4 root root 4096 Jul 1 15:49 .
drwxr-xr-x 8 root root 4096 Jul 1 15:49 ..
drwxr-xr-x 2 root root 4096 Sep 4 18:11 config
drwxr-x--- 12 root root 4096 Sep 4 18:12 extra-apps
dalep@biostatnextcloud:~$
/var/snap/nextcloud/common/
dalep@biostatnextcloud:~$ ls -la /var/snap/nextcloud/common/
total 16
drwxr-xr-x 4 root root 4096 Jul 1 18:01 .
drwxr-xr-x 5 root root 4096 Aug 13 20:48 ..
drwxr-xr-x 3 root root 4096 Jul 1 18:01 backups
drwxr-x--- 4 root root 4096 Jul 1 16:11 nextcloud
dalep@biostatnextcloud:~$
dalep@biostatnextcloud:~$ sudo ls -la /var/snap/nextcloud/common/nextcloud/
total 16
drwxr-x--- 4 root root 4096 Jul 1 16:11 .
drwxr-xr-x 4 root root 4096 Jul 1 18:01 ..
drwxrwx--- 41 root root 4096 Aug 31 22:27 data
drwxr-x--- 2 root root 4096 Sep 4 18:12 tmp
dalep@biostatnextcloud:~$
/snap/nextcloud/current/
dalep@biostatnextcloud:~$ ls -la /snap/nextcloud/current/
total 275
drwxr-xr-x 26 root root 490 Aug 12 01:01 .
drwxr-xr-x 4 root root 4096 Aug 13 20:48 ..
drwxr-xr-x 2 root root 1136 Aug 12 01:01 bin
drwxr-xr-x 2 root root 52 Aug 12 01:01 certbot_nextcloud_plugin
drwxr-xr-x 2 root root 87 Aug 12 01:00 cgi-bin
drwxr-xr-x 2 root root 79 Aug 12 01:00 conf
drwxr-xr-x 4 root root 39 Aug 12 01:01 config
drwxr-xr-x 2 root root 82 Aug 12 01:00 docs
drwxr-xr-x 3 root root 707 Aug 12 01:00 error
drwxr-xr-x 15 root root 248 May 27 19:15 etc
drwxr-xr-x 4 root root 60 Aug 12 01:00 fixes
drwxr-xr-x 13 root root 473 Aug 12 00:51 htdocs
drwxr-xr-x 3 root root 3187 Aug 12 01:00 icons
drwxr-xr-x 5 root root 1120 Aug 12 01:00 include
drwxr-xr-x 8 root root 285 Aug 12 01:00 lib
-rw-r--r-- 1 root root 275393 Aug 12 00:36 LICENSE
drwxr-xr-x 2 root root 3 Aug 12 00:39 logs
drwxr-xr-x 3 root root 27 Aug 12 01:00 man
drwxr-xr-x 4 root root 56 Aug 12 01:01 meta
drwxr-xr-x 2 root root 709 Aug 12 01:00 modules
-rw-r--r-- 1 root root 116 Aug 12 00:32 my.cnf
drwxr-xr-x 4 root root 37 Aug 12 01:00 php
-rw-r--r-- 1 root root 587 Aug 12 00:36 README
-rw-r--r-- 1 root root 269 Aug 12 00:32 setup.py
drwxr-xr-x 28 root root 745 Aug 12 01:00 share
drwxr-xr-x 4 root root 92 Aug 12 01:01 snap
drwxr-xr-x 2 root root 99 Aug 12 01:00 support-files
drwxr-xr-x 6 root root 86 May 27 19:15 usr
drwxr-xr-x 2 root root 211 Aug 12 01:01 utilities
drwxr-xr-x 5 root root 48 Aug 12 01:00 var
/snap/nextcloud/current/htdocs/
dalep@biostatnextcloud:~$ sudo ls -la /snap/nextcloud/current/htdocs/
total 80
drwxr-xr-x 13 root root 473 Aug 12 00:51 .
drwxr-xr-x 26 root root 490 Aug 12 01:01 ..
drwxr-xr-x 41 root root 929 Aug 12 01:00 3rdparty
drwxr-xr-x 43 root root 1212 Aug 12 01:00 apps
-rw-r--r-- 1 root root 16522 Jul 15 20:22 AUTHORS
drwxr-xr-x 2 root root 116 Aug 12 01:00 config
-rw-r--r-- 1 root root 3967 Jul 15 20:22 console.php
-rw-r--r-- 1 root root 34520 Jul 15 20:22 COPYING
drwxr-xr-x 23 root root 522 Aug 12 01:00 core
-rw-r--r-- 1 root root 5140 Jul 15 20:22 cron.php
-rw-r--r-- 1 root root 3032 Jul 15 20:22 .htaccess
-rw-r--r-- 1 root root 156 Jul 15 20:22 index.html
-rw-r--r-- 1 root root 2960 Jul 15 20:22 index.php
drwxr-xr-x 6 root root 170 Aug 12 01:00 lib
-rw-r--r-- 1 root root 283 Jul 15 20:22 occ
drwxr-xr-x 2 root root 32 Aug 12 01:00 ocm-provider
drwxr-xr-x 2 root root 64 Aug 12 01:00 ocs
drwxr-xr-x 2 root root 32 Aug 12 01:00 ocs-provider
-rw-r--r-- 1 root root 3102 Jul 15 20:22 public.php
-rw-r--r-- 1 root root 5332 Jul 15 20:22 remote.php
drwxr-xr-x 4 root root 142 Aug 12 01:00 resources
-rw-r--r-- 1 root root 26 Jul 15 20:22 robots.txt
-rw-r--r-- 1 root root 2379 Jul 15 20:22 status.php
drwxr-xr-x 3 root root 56 Aug 12 01:00 themes
drwxr-xr-x 2 root root 52 Aug 12 01:00 updater
-rw-r--r-- 1 root root 101 Jul 15 20:22 .user.ini
-rw-r--r-- 1 root root 362 Jul 15 20:29 version.php
dalep@biostatnextcloud:~$
Where are guest VM configuration files stored in KVM/Qumu?
/etc/libvirt/qemu
Where is Nextcloud configuration file stored?
/var/snap/nextcloud/current/nextcloud/config/config.php
virsh commands cheatsheep
virt-manager documentation
Nextcloud version is 19.0.1 as of 2020-08-25
Virtual disk size is 100GB as of 2020-08-25
SSH access to server host
- biostat1553.dhcp.mc.vanderbilt.edu
SSH access to VM
- biostatnextcloud.emp.vumc.io
URLs for Nextcloud instance
Network configuration for VM
IP addr: 10.151.20.239
subnet mask: 255.255.255.0
gateway: 10.151.20.1
DC1 DNS server: 10.108.51.18
DC3 DNS server: 10.101.62.234
The server host is biostat1553. Running Ubuntu 18.04.5 LTS. This is a snap install of Nextcloud. When
installing Ubuntu server, I checked "Nextcloud" as a snap to include. When I went to the VM with a web browser
I was able to create an admin account and configure Nextcloud.
Group folders are enabled.
"Notes" app is enabled.
"LDAP user and group backend" app is enabled.
The Nextcloud VM is named "nextcloud".
The "nextcloud." commands are wrappers around occ commands. They are part of the snap "simplification".
Snappy Nextcloud on github
How to Install and Configure Nextcloud on Ubuntu 18.04 is a good resource.
Nextcloud on github
VM backup and restore
While logged on to the VM host machine biostat1553...
backup
- shutdown vm to be backed up
virsh shutdown nextcloud
- wait for the shutdown to finish
sleep 30s
- make a copy of the configuration file in the backup location
virsh dumpxml nextcloud > vmbackups/nextcloud.xml-backup20200825
- copy the vm disk image to the backup location
sudo cp -p /var/lib/libvirt/images/nextcloud.qcow2 vmbackups/nextcloud.qcow2-backup20200825
- restart the vm
virsh start nextcloud
restore
- if necessary, undefine the vm (remove configuration)
virsh undefine nextcloud
- if necessary, delete the vm's current disk image file
sudo rm /var/lib/libvirt/images/nextcloud.qcow2
- define (create) a new VM using the saved configuration file
virsh define --file vmbackups/nextcloud.xml-backup20200825
- copy the saved vm disk image file back to the original location
sudo cp vmbackups/nextcloud.qcow2-backup20200825 /var/lib/libvirt/images/nextcloud.qcow2
- fix the ownership for the disk image file
sudo chown libvirt-qemu.kvm /var/lib/libvirt/images/nextcloud.qcow2
- start the restored vm
virsh start nextcloud
(old) Nextcloud on the VUMC IT (locked down) VM
Pegasus ticket R00674175 was submitted 9/25/2020. It requests some software be installed as noted by Nextcloud v19 on the "Security & setup warnings" report.
How to use occ on the vm
bioapp@bio1000lp:~/www-nextcloud$ scl enable rh-php72 bash
bash-4.2$ php occ -V
Nextcloud 16.0.6'
URL:
http://bio1000lp.hs.it.vumc.io
URL:
https://vbiostat.app.vumc.org
Security scan of our Nextcloud instance:
https://scan.nextcloud.com
bio1000lp.hs.it.vumc.io
Access to the site is enabled via a whitelist. No one can log on to the site unless they are a member of the biostatnextcloud active directory security group.
As of 2019/11/11 we are running Nextcloud 16.0.6.
I am having trouble with permissions and file ownership in the ~/www-nextcloud directory tree. Some files are being written with
owner : -rw and group : -rw
. Also, some files have ownership of
apache:apache
rather than
bioapp:apache
. When this happens Nextcloud throws a ??? error. I believe Nextcloud writes these files with these characteristics when a Nextcloud update is performed and, maybe when a new Apache process is started.
So far, I can issue the command
chmod -R g+w ~/www-nextcloud/
to get things going.
bioapp@bio1000lp:~$
chmod: changing permissions of ‘www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core/1abd-e05c-server.css’: Operation not permitted
chmod: changing permissions of ‘www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core/1abd-e05c-server.css.deps’: Operation not permitted
chmod: changing permissions of ‘www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core/1abd-e05c-css-variables.css’: Operation not permitted
chmod: changing permissions of ‘www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core/1abd-e05c-css-variables.css.deps’: Operation not permitted
chmod: changing permissions of ‘www-nextcloud/data/appdata_oc6xhh7jnpzb/css/theming/6a15-e05c-theming.css’: Operation not permitted
chmod: changing permissions of ‘www-nextcloud/data/appdata_oc6xhh7jnpzb/css/theming/6a15-e05c-theming.css.deps’: Operation not permitted
bioapp@bio1000lp:~$ cd www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core/
bioapp@bio1000lp:~/www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core$ ll
total 372
drwxrwxr-x 3 bioapp apache 4096 Nov 11 14:14 ./
drwxrwxr-x 15 bioapp apache 227 Nov 1 17:26 ../
-rw-r--r-- 1 apache apache 961 Nov 11 14:14 1abd-e05c-css-variables.css
-rw-r--r-- 1 apache apache 197 Nov 11 14:14 1abd-e05c-css-variables.css.deps
-rw-r--r-- 1 apache apache 435 Nov 11 14:14 1abd-e05c-css-variables.css.gzip
-rw-r--r-- 1 apache apache 1189 Nov 11 14:14 1abd-e05c-results.css
-rw-r--r-- 1 apache apache 199 Nov 11 14:14 1abd-e05c-results.css.deps
-rw-r--r-- 1 apache apache 504 Nov 11 14:14 1abd-e05c-results.css.gzip
-rw-r--r-- 1 apache apache 137241 Nov 11 14:14 1abd-e05c-server.css
-rw-r--r-- 1 apache apache 857 Nov 11 14:14 1abd-e05c-server.css.deps
-rw-r--r-- 1 apache apache 19358 Nov 11 14:14 1abd-e05c-server.css.gzip
-rw-rw-r-- 1 bioapp apache 961 Nov 11 13:24 1abd-fa2a-css-variables.css
-rw-rw-r-- 1 bioapp apache 197 Nov 11 13:24 1abd-fa2a-css-variables.css.deps
-rw-rw-r-- 1 bioapp apache 435 Nov 11 13:24 1abd-fa2a-css-variables.css.gzip
-rw-rw-r-- 1 bioapp apache 1189 Nov 11 13:24 1abd-fa2a-results.css
-rw-rw-r-- 1 bioapp apache 199 Nov 11 13:24 1abd-fa2a-results.css.deps
-rw-rw-r-- 1 bioapp apache 504 Nov 11 13:24 1abd-fa2a-results.css.gzip
-rw-rw-r-- 1 bioapp apache 137241 Nov 11 13:24 1abd-fa2a-server.css
-rw-rw-r-- 1 bioapp apache 857 Nov 11 13:24 1abd-fa2a-server.css.deps
-rw-rw-r-- 1 bioapp apache 19358 Nov 11 13:24 1abd-fa2a-server.css.gzip
drwxrwxr-x 2 bioapp bioapp 6 Nov 11 13:29 save/
bioapp@bio1000lp:~/www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core$ cd ~/www-nextcloud/data/appdata_oc6xhh7jnpzb/css/theming/
bioapp@bio1000lp:~/www-nextcloud/data/appdata_oc6xhh7jnpzb/css/theming$ ll
total 12
drwxrwxr-x 2 bioapp apache 166 Nov 11 13:25 ./
drwxrwxr-x 15 bioapp apache 227 Nov 1 17:26 ../
-rw-r--r-- 1 apache apache 0 Nov 11 13:25 6a15-e05c-theming.css
-rw-r--r-- 1 apache apache 0 Nov 11 13:25 6a15-e05c-theming.css.deps
-rw-rw-r-- 1 bioapp apache 967 Nov 11 13:24 6a15-fa2a-theming.css
-rw-rw-r-- 1 bioapp apache 200 Nov 11 13:24 6a15-fa2a-theming.css.deps
-rw-rw-r-- 1 bioapp apache 372 Nov 11 13:24 6a15-fa2a-theming.css.gzip
bioapp@bio1000lp:~/www-nextcloud/data/appdata_oc6xhh7jnpzb/css/theming$
ec2-user
Documentation
Email from Rasmussen, Justin D <justin.rasmussen@vumc.org> re log file location...
For application logs, we request the application owner configure Apache to store logs on /app001. Once you have Apache configured to place the logs on /app001, you will also need to configure it to use the bioapp user and group rather than Apache.
We also made sure to give you the ability to start/stop/restart Apache with the sudo commands. Use sudo systemctl start/stop/restart httpd. We’ve configured the permissions on our end to make sure bioapp is the user/group on that directory so Nextcloud shouldn’t be changing permissions like it has been.
Email from Nancy Williams re LDAP configuration...
Dale try this.
Host is ds.vanderbilt.edu
Port is 636
User DN = cn=<Resource Account VUnetID>,cn=users,dc=ds,dc=vanderbilt,dc=edu
Base DN = dc=ds,dc=vanderbilt,dc=edu
If you need LDAP SSL certs, see https://pegasus.mc.vanderbilt.edu/ViewKnowledge.aspx?id=13760.
Let me know how it goes.
Thank you,
Nancy Williams
System Analyst | Identity & Access Operations - Directory Services
Security Operations and Services | VUMC Enterprise Cybersecurity
Vanderbilt University Medical Center
nancy.a.williams@vumc.org |615-343-5788
Email from Andrew Roeder
...please submit us a request to have the apache user added to the bioapp group. Apache will then have write access to any files which the bioapp group has write access allowed.
You can then set 775 permissions on the nextcloud directory and files so apache can write there.
Email of 10/24/2019
“Brett, Mariadb was failing to start because it was not yet configured. I’ve applied our default configuration and Dale should be able to start the process now and it will run in /app001/mariadb as the bioapp user.
A database password can be set by the bioapp user as the default root password is blank per the documentation for MariaDB.
Please let Dale know he can contact us directly via email or ticket with questions or issues.”
Checking installed prerequisites...
-bash-4.2$ cat /etc/system-release
Red Hat Enterprise Linux Server release 7.7 (Maipo)
-bash-4.2$ php -v
PHP 7.2.10 (cli) (built: Nov 7 2018 05:32:35) ( NTS )
-bash-4.2$ mysql -V
mysql Ver 15.1 Distrib 5.5.64-MariaDB, for Linux (x86_64) using readline 5.1
-bash-4.2$ apachectl -v
Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
Server built: Jun 9 2019 13:01:04
-bash-4.2$ apachectl -t -D DUMP_MODULES | grep 'php'
php7_module (shared)
Since I don't have privileges to modify /var/www/
cd ~
unzip nextcloud-*.zip
mkdir -p www/html
cp -R nextcloud/ ~/www/html/
mkdir ~/www/html/nextcloud/data
chown -R apache:apache ~/www/html/nextcloud
cd /etc/httpd/conf.d/
touch nextcloud.conf
Contents of
/etc/httpd/conf.d/nextcloud.conf
-bash-4.2$ cat /etc/httpd/conf.d/nextcloud.conf
<VirtualHost *:80>
DocumentRoot /app001/www/html/nextcloud/
ServerName bio1000lp.hs.it.vumc.io
<Directory "/app001/www/html/nextcloud/">
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
</VirtualHost>
VUMC Virtual Machine
Monday, August 19, 2019 1:12 PM
The pilot host build for 1009565 - Biostatistics Nextcloud” Server Build has been completed. By end of day, VEC SECURITY ENGINEERING AND OPERATIONS should complete the VPN SSH access to allow the members of GDN_BIO_Admins group, managed by Dale Plummer, to SSH to the host.
The AD group to permit access onto the host (bio_adm) is manageable by Dale Plummer. Users added to that AD group have the ability to sudo to the bioapp application account ie "sudo su - bioapp". Sudo functions within the application account can be viewed with the following command: "sudo -l bioapp". Application related files should be stored in the /app001 volume on the host.
Additional work to the host should be requested through the Pegasus Request Management module using the VUMC IT LINUX - GENERAL REQUEST form. Be sure to specify the host name where work is to be performed. LTM work is requested using the Pegasus Request Management forms relating to VUMC IT LINUX - F5 LTM requests. Applications must be fully configured before submitting requests for LTM work. Requested packages or versions not available in Red Hat repositories will have to be installed by the customer within the application volume.
Additional work to the host should be requested through the Pegasus Request Management module using the VUMC IT LINUX - GENERAL REQUEST form. Be sure to specify the host name where work is to be performed. LTM work is requested using the Pegasus Request Management forms relating to VUMC IT LINUX - F5 LTM requests. Applications must be fully configured before submitting requests for LTM work. Requested packages or versions not available in Red Hat repositories will have to be installed by the customer within the application volume.
PROJECT
- PV Actual Start: 8/14/2019
- PV Requested start: 8/7/2019
- PV Requested finish: 10/4/2019
- Workgroup Assigned: 8/1/2019
- Host build start: 8/14/2019
- Host build finish: 8/19/2019
- Dependent workgroup finish: Pending
- Customer turn over: 8/19/2019
- PV Scheduled Finish: 8/26/2019
HOST INFORMATION
- Name: bio1000lp.hs.it.vumc.io
- Address: 10.100.128.10
AD INFORMATION
- Host access group: bio_adm
- AD GID: 100232
- Manager of AD group: Dale Plummer
- Location: ou=AI Unix,ou=Information Management,ou=Organizational Units,dc=ds,dc=vanderbilt,dc=edu
APPLICATION ACCOUNT
- Name: bioapp
- UID/GID: 1639
- Sudo group: bio_adm
- Application account home directory: /app001
- Application file directory: /app001
PEGASUS WORKGROUP