jason schaefer . com

"arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say."

Tag: php

  • Installing Nextcloud v31 on Debian 13 (trixie) using php8.4-fpm, redis and apcu

    This is a concise tutorial, it is not meant to be a hand holding step by step guide. Please comment or contact me if you find errors.

    Prerequisites:
    Setup a domain/sub domain with an A record to the ip of the server or a CNAME to a “dynamic DNS” hostname. I recommend https://freedns.afraid.org.
    The server needs to have ports 80 and 443 reachable to the public. The DNS must be propagated for letsencrypt to be successful.

    Start the install

    apt-get install apache2 mariadb-server libapache2-mod-fcgid php-fpm php php-gd php-json php-mysql php-curl php-mbstring php-intl php-imagick php-xml php-zip php-bz2 python3-certbot-apache php-apcu redis-server php-redis php-bcmath php-gmp ffmpeg curl coreutils libmagickcore-7.q16-10-extra

    Download Nextcloud

    wget https://download.nextcloud.com/server/releases/latest-31.tar.bz2

    Make sure the md5 matches

    md5sum latest-31.tar.bz2
    curl https://download.nextcloud.com/server/releases/latest-31.tar.bz2.md5

    Extract the tar file and change permissions

    tar xfv latest-31.tar.bz2
    mv nextcloud/ /var/www/example.com/
    chown www-data:www-data -R /var/www/example.com/

    [Setup Apache]

    Create a apache virtual site

    cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example.com.conf

    edit /etc/apache2/sites-available/example.com.conf

    uncomment and change

    ServerName example.com

    change the document root

    DocumentRoot /var/www/example.com

    change log location if you would like

    ErrorLog ${APACHE_LOG_DIR}/example.com_error.log
    CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined

    enable example.com in apache

    a2ensite example.com

    a2enmod proxy_fcgi setenvif rewrite headers env dir mime userdir dav ssl
    a2enconf php8.4-fpm
    service apache2 restart

    Setup Letsencrypt

    certbot --apache -d example.com

    tell it to redirect http to https

    Edit /etc/apache2/sites-enabled/example.com-le-ssl.conf

      <Directory /var/www/example.com/>
        Require all granted
        AllowOverride All
        Options FollowSymLinks MultiViews
    
        <IfModule mod_dav.c>
          Dav off
        </IfModule>
      </Directory>

    To avoid certain race conditions between the /etc/apache2/sites-available/example.com.conf and /etc/apache2/sites-available/000-default.conf
    I prefer to remove example.com.conf and move the http->https redirect into the 000-default.conf

    cat /etc/apache2/sites-available/example.com.conf

    ….snip…


    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with “a2disconf”.
    #Include conf-available/serve-cgi-bin.conf
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =example.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    </VirtualHost>

    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

    copy the rewrite rule at the bottom:

    RewriteEngine on 
    RewriteCond %{SERVER_NAME} =example.com 
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] 

    edit and paste into the default conf

    vi /etc/apache2/sites-enabled/000-default.conf

    This is what 000-default.conf should look like

    <VirtualHost *:80>

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =example.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

    </VirtualHost>

    [Configure PHP]

    edit /etc/php/8.4/fpm/php.ini
    memory_limit = 768M
    upload_max_filesize = 1024M
    post_max_size = 1024M
    max_execution_time = 300

    [Create a database, user and password for nextcloud]

    mariadb -uroot
    
    CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'PASSWORD';
    CREATE DATABASE IF NOT EXISTS nextcloud;
    GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON nextcloud.* TO 'nextcloud'@'localhost';
    FLUSH privileges;

    [Install Nextcloud]

    run the installer at https://example.com/

    [Setup Redis]

    edit /etc/redis/redis.conf
    Under the # Unix socket. section add the following

    port 0
    unixsocket /run/redis/redis-server.sock
    unixsocketperm 770

    add www-data to redis group

    usermod -a -G redis www-data


    /etc/group will now have an entry like this “redis:x:119:www-data”

    systemctl enable redis-server

    Add the following to /var/www/example.com/config/config.php

    This is using APCu for memcache and Redis for distributed caching and file locking. Here we use a socket to connect to redis-server.

      'memcache.local' => '\OC\Memcache\APCu',
    
      'memcache.distributed' => '\OC\Memcache\Redis',
      'memcache.locking' => '\OC\Memcache\Redis',
    
      'redis' => [
        'host'     => '/run/redis/redis-server.sock',
        'port'     => 0,
      ],

    add the following to /etc/php/8.4/fpm/php.ini

    opcache.enable=1
    opcache.enable_cli=1
    opcache.memory_consumption=200
    opcache.interned_strings_buffer=16
    opcache.max_accelerated_files=10000
    opcache.save_comments=1
    opcache.revalidate_freq = 1
    systemctl restart redis-server
    
    systemctl restart apache2

    add apc cli enabling line in here -> /etc/php/8.4/cli/php.ini

    apc.enable_cli=1
    systemctl restart php8.4-fpm.service


    [Setup cron for Nextcloud]

    crontab -u www-data -e
    */5 * * * * php -f /var/www/example.com/cron.php

    done;

  • Apache, MySQL and WordPress install script

    After lots of laborious manual installs and much motivation from my buddy Damian of Mindshare, I decided to write a little script to quickly install and setup a typical environment for WordPress.
    This script does the following:
    – install apache, php and mysql
    – activate typical apache modules
    – create directories
    – download and un-tar WordPress
    – set permissions for wordpress doc root et al
    – create database, user, pass and grant to db.
    – auto setup typical VirtualHost site file in apache for both http and https
    – generate a self signed certificate

    Here is the bash script -> http://jasonschaefer.com/stuff/setupwp.sh.txt
    download, rename, and chmod 755 and run it like so “./setupwp.sh hostname”
    Be sure to understand what the script is doing before you run it :-)