NextCloud and OpenBSD are complimentary to one another. NextCloud is an awesome, secure and private alternative for propietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.
Preface
Back when this tutorial was initially written, things were different. The OpenBSD port relied on PHP 5.6 and there were no package updates. But the port improved (hats off, Gonzalo!) and package updates were introduced to the -stable branch (hats off, Solene!).
A rewrite of this tutorial was long overdue. Right now, it is written for 6.6 -stable and will be updated once 6.7 is released. If you have any questions or desire some help, feel free to reach out.
Installing the system
1. OpenBSD
Install OpenBSD using the install wizard.
- If you desire full disk encryption, follow the official FAQ to set it up.
- You might want to swap the /home and /var partitions during the partitioning.
After the initial boot, apply syspatch
to get the latest errata fixes. Apply two options to the filesystem:
sed -i 's/rw/rw,noatime,softdep/g' /etc/fstab
Install the edited sysctl.conf
and pf.conf
:
# ftp https://h3artbl33d.nl/examples/{sysctl.conf,pf.conf,pf.conf.anchor.block,pf.conf.anchor.icmp,pf.conf.table.ban,pf.conf.table.martians}
# install -o root -g wheel -m 0600 -b pf.conf* /etc/
# install -o root -g wheel -m 0644 -b sysctl.conf /etc/
2. Packages
Install the packages:
# pkg_add nextcloud postgresql-server php-pdo_pgsql pecl73-redis redis
Ambiguous: choose package for php-pdo_pgsql
0: <None>
1: php-pdo_pgsql-7.1.33
2: php-pdo_pgsql-7.2.29
3: php-pdo_pgsql-7.3.16
Your choice: 3
Link PHP:
# ln -sf /usr/local/bin/php-7.3 /usr/local/bin/php
# ln -sf /usr/local/bin/php-config-7.3 /usr/local/bin/php-config
# ln -sf /usr/local/bin/phpize-7.3 /usr/local/bin/phpize
3. Database
Initialize the database:
# su - _postgresql
$ mkdir /var/postgresql/data
$ initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 -W
After initialization, start PostgreSQL:
# rcctl enable postgresql
# rcctl start postgresql
Create the user and database:
# psql -U postgres
Password for user postgres:
postgres=# create database nextcloud;
postgres=# create user nextcloud with encrypted password 'topsecret';
postgres=# grant all privileges on database nextcloud to nextcloud;
postgres=# \q
4. PHP
Enable the extensions:
# cd /etc/php-7.3.sample
# for i in *; do ln -sf ../php-7.3.sample/$i ../php-7.3/; done
Open the configuration for editing:
# vi /etc/php-7.3.ini
Edit the following lines:
371: expose_php = Off
380: max_execution_time = 90
401: memory_limit = 512M
1786: opcache.enable=1
1789: opcache.enable_cli=1
1817: opcache.revalidate_freq=1
Save and exit. Enable and start php-fpm
:
rcctl enable php73_fpm
rcctl start php73_fpm
Enable and start Redis too, which we’ll use for caching and locking:
rcctl enable redis
rcctl start redis
5. Webserver
Since OpenBSD’s httpd
is chrooted, we need to make sure that hostnames can be resolved and tls certificates can be verified from within the chroot:
# mkdir -p /var/www/etc/ssl
# install -m 444 -o root -g bin /etc/resolv.conf /var/www/etc
# install -m 444 -o root -g bin /etc/ssl/cert.pem /etc/ssl/openssl.cnf /var/www/etc/ssl/
Use acme-client
to obtain a certificate for your domain. There is an example configuration in /etc/examples and futher documentation can be found in the manpages.
Once done, download the sample configuration for your host:
# ftp -o /etc/httpd.conf https://h3artbl33d.nl/examples/nc-httpd.conf
Open the configuration and change the hostname from thereisno.cloud
to your own hostname.
Enable and start httpd:
rcctl enable httpd
rcctl start httpd
6. Nextcloud
Allow the installation of Nextcloud:
# touch /var/www/nextcloud/config/CAN_INSTALL
Next, accessing https:///nextcloud
with a web browser allows finishing the installation. Having it setup, open /var/www/nextcloud/config/config.php
with your favorite text editor and append the following config:
'filelocking.enabled' => true,
'memcache.local' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
'timeout' => 0.0,
'password' => '', // Optional, if not defined no password will be used.
),
On OpenBSD, Nextcloud runs from a chroot. That only applies to php-fpm, the cli version of php runs outside that chroot. So, a little adjustment needs to be made in order to prevent the cronjob from failing miserably:
# touch /var/www/nextcloud/config/custom.config.php
Throw the following lines in (where /data is the directory that holds your Nextcloud storage, within /var/www):
<?php
$CONFIG = array (
'datadirectory' => ((php_sapi_name() == 'cli') ? '/var/www' : '') . '/data',
);
And remove the datadirectory line from /var/www/nextcloud/config/config.php. This change prevents Nextcloud from overwriting this custom workaround.
7. Finishing up
Add the following cronjob for the www
user (crontab -u www -e
):
*/5 * * * * /usr/local/bin/php-7.3 -f /var/www/nextcloud/cron.php
Next, set the cronjob method from the default “AJAX” to cron in the settings.
8. Done
Now, you have a fully functional Nextcloud server on OpenBSD! Congratulations.