One of my goals for 2020 was to stop using Google's products. There are a lot of reasons why, but that's not the point of this post. I found out about Nextcloud last month and it turns out it's a great replacement for a lot of Google. I don't actually use all of its features, but I've migrated my calendar, reminders, contacts, bookmarks, video calls, photos, and news feeds and I'm really happy with it so far.
There are a lot of companies that will host Nextcloud for you where you just sign up for an account like anything else, but in case you're interested in hosting Nextcloud for yourself this post is basically a brain dump of how I did that. It took me a while to cobble together all the pieces I needed to get everything working from end to end, so I'm hoping this might save someone else from having to do the same. If you know your way around servers and Nextcloud already you can just skim the headings like a checklist to make sure you don't forget an important step. But if you want a succinct overview of the actual steps I did and commands I ran, each section contains those details. By the end you'll see how I installed Nextcloud on my own server, secured it, set up backups, and set up external storage for my photos.
Some parts are pieced together from other partial guides or longer blog posts, so where relevant the references lead to those sources. This post is more of a quick start with just the essential steps. Anything in <pointy-brackets>
is meant to be replaced. So the actual command I ran was e.g. adduser kira
, not adduser <name>
.
I do this using an Ansible role, my Nextcloud, duplicity and since a few days a backup cloud provider called Backblaze. The backups themselves are done already for quite a while, but I used Hetzner storage boxes for that until switching. Backup strategy. Generally speaking everyone should be aware of the 3-2-1-Backup strategy. And while there. Backblaze B2 is enterprise-grade, S3 compatible storage that companies around the world use to store and serve data while improving their cloud OpEx vs. Amazon S3 and others. Developers use it to easily build apps and manage services. IT leaders use it to backup.
ssh root@<server-ip-address>
adduser <name>
usermod -aG sudo <name>
rsync --archive --chown=<name>:<name> ~/.ssh /home/<name>
Close this ssh session and log in as your new user to make sure it works:
logout
ssh <name>@<server-ip-address>
Leave this ssh session open. The rest of the commands below are meant to be run on your server, unless otherwise stated.
There should be a way to do this in the admin section for your server. On Linode's there's a 'Domains' section in the left admin menu. From there I clicked 'Add a Domain' in the top right, then filled in the domain name, my email address, and selected 'Insert default records from one of my Linodes' from the 'Insert Defaults Records' dropdown, then I selected my new Nextcloud server from the list of Linodes. The steps might be slightly different depending what cloud server provider you're using. By the end you need DNS records pointing your domain name to your Nextcloud server. If you did this through Linode (or whatever you're using), you'll also need to update the nameservers with your domain registar.
sudo ufw allow OpenSSH
sudo ufw allow https
sudo ufw allow http
sudo ufw enable
sudo snap install nextcloud
sudo nextcloud.manual-install <username> <password>
sudo nextcloud.occ config:system:set trusted_domains 1 --value=<your-domain.name>
sudo nextcloud.enable-https lets-encrypt
I managed to forget my password in the time between installing Nextcloud and trying to log in for the first time. If that happens to you, you can reset it by running sudo nextcloud.occ user:resetpassword <username>
.
* Doing this means you will be required to generate 'app passwords' in order to log in to your Nextcloud account in third party apps or other devices (to use Nextcloud to sync your calendar or reminders to your phone, for example.) There's a tiny box with a button that says 'Create new app password' at the bottom of the 'Security' admin section (under 'Personal', not 'Administration') where you can do that.
Install and set up Backblaze
sudo apt install python3-pip
sudo pip3 install b2
sudo b2 authorize_account <keyID>
Create a new user to run the backups and disable password access for it, for security 2
sudo adduser ncbackup
sudo usermod -s /sbin/nologin ncbackup
*Create directories for the backups and logs
sudo mkdir -p /home/ncbackup/backups/logs
Create the backup script and make it runnable **
sudo touch /usr/sbin/ncbackup.sh
sudo chmod +x /usr/sbin/ncbackup.sh
sudo vim /usr/sbin/ncbackup.sh
and copy the contents of the backup script below into your new file, or write your own that accomplishes the same things: ***ncbackup
user run the backup script as the root usersudo visudo
* If you want to undo this for some reason you can run sudo usermod -s /bin/bash ncbackup
** Note this means you will have 6 copies of all your data on your server all the time -- 5 backups and the live versions. The backups are compressed, but it can still add up to a lot of space. Keep an eye on how much storage your server is using. Running it out of space will probably be one of the first issues you run into. I explain how to get notified when that's close to happening at the end.
*** You don't have to use vim here. Your server probably has nano installed or you can install the editor of your choice. To change the default editor on your server, run sudo update-alternatives --config editor
, and choose the one you want.
sudo crontab -u ncbackup -e
0 2 * * * sudo /usr/sbin/ncbackup.sh && curl -fsS -m 10 --retry 5 -o /dev/null <your-ping-url>
This will run your backups once per day at 2am (in your server's timezone, probably UTC), but you can set whatever time and frequency you want, just remember to update your healthcheck to match.
Backups are only useful if you can use them to restore your data. Make sure yours work before you need them.
To test your entire server backups you can just try restoring the whole server using Linode's (or whoever's) UI. Testing the archived backups we uploaded to Backblaze is a little more involved but you'll be glad you know how to do it when you need it.
scp /local/path/to/your/backup/ <user>@<new-server-ip-address>:~
ssh into your new server for the rest of these commands
tar -xvzf <backup-name>.tar.gz
sudo mv <backup-data-dir>/ /var/snap/nextcloud/current/
sudo chown -R root:root /var/snap/nextcloud/current/<backup-data-dir>/
sudo nextcloud.import /var/snap/nextcloud/current/<backup-data-dir>/
rm <backup-name>.tar.gz
This should be all you need to restore your Nextcloud installation. It might take a while for the DNS records to propagate, so if you want to test that your restored cloud is working in the meantime you can check it directly at its IP address if you add that to the list of trusted domains:
sudo nextcloud.occ config:system:set trusted_domains 2 --value=<new-server-ip-address>
Note this will only be available over http, so you might get a dramatic warning about security when you visit the ip address directly. To remove the ip address from the list of trusted domains once you're satisfied, run:
sudo nextcloud.occ config:system:delete trusted_domains 2
It's not going to be clear exactly what the environmental impact of your server is, but it won't be nothing. You can get a rough idea how much CO2 your server emits with tools like this one. Then you can buy carbon offsets from a reputable carbon offset vendor, like Less. I spent $10/year to offset half a tonne of CO2.
I know carbon offsetting is a long and complicated topic, and the environmental impact of computing infrastructure goes way beyond CO2 emissions, but the point is just to be aware that doing all this stuff on your computer has potentially negative consequences in the real world and to at least try to minimize them where you can and mitigate them where you can't.
* Make sure the name you give the external storage folder isn't already taken. I called mine 'Photos', which already existed in my Nextcloud files, and it conflicted in strange and surprising ways. If you want to call your external storage folder 'Photos' make sure to go delete the 'Photos' folder that's already there first.
If you choose the cheapest Linode server like I did it doesn't come with much storage, and depending on how much data you have and how many backups you're leaving on the server you might run it out of storage pretty quickly. There's an app called 'Quota warning' in the monitoring category you can install to get notified if you're approaching your server's storage limits. You can configure when and how it notifies you in 'Additional settings' after it's installed.
That's it! I hope this helps someone avoid hours of searching through documentation, blog posts, and outdated forums. Good luck!
Discuss this post on Hacker News, Dev.to or Reddit
댓글 영역