mirrors/nextcloud-documentation
3
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2025-10-26 11:18:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into redhat-centos-new-php

Browse Source
This commit is contained in:
michag86 2017-09-06 15:20:45 +02:00 committed by GitHub
commit 40f430a026
204 changed files with 2668 additions and 1829 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.drone.yml
View File

@ -2,7 +2,4 @@ pipeline:
documentation:
image: nextcloudci/documentation:1.0.11
commands:
- (cd user_manual && make html-all)
- (cd admin_manual && make html-all)
- (cd developer_manual && make html-all)
- (cd user_manual_de && make html-all)
- make all

17
README.rst
View File

@ -13,13 +13,13 @@ See the `Style Guide <https://github.com/nextcloud/documentation/blob/master/sty
Manuals
-------
This repository hosts four manuals:
This repository hosts three manuals:
* **Users' Manual**
* **Administration Manual**
* **Developers Manual**
Please work in the appropriate branch: ``stable9`` is 9.0, ``stable10`` is 10.0, ``stable11`` is 11.0 and ``master`` is version 12.0.
Please work in the appropriate branch: ``stable``-branches are for the respective release (e.g. 11.0 or 12.0), ``master`` is version 13.0.
Please wrap lines at 80 characters.
@ -89,10 +89,6 @@ First, make sure that the following are installed:
on Mac: ``sudo easy_install Sphinx``
* Sphinx PHPDomain (e.g. ``sudo easy_install sphinxcontrib-phpdomain``)
* rst2pdf (e.g. ``sudo easy_install rst2pdf``)
* If you're on Arch Linux, the build script is called sphinx-build2 which
will fail. You will need to provide a link to the expected script name::
sudo ln -s /usr/bin/sphinx-build2 /usr/bin/sphinx-build
...then enter any manual directory, then run ``make html``. The result can
be found in the ``_build/html`` subdirectory. PDFs can be built with the
@ -126,10 +122,11 @@ The Debian/Ubuntu way
The Arch Linux way
~~~~~~~~~~~~~~~~~~
* sudo pacman -S community/python2-rst2pdf
* sudo pacman -S community/python2-sphinx
* aur/sphinxcontrib-phpdomain from AUR
* sudo pacman -S extra/texlive-core texlive-latexextra
* sudo pacman -S python2-sphinx
* sudo pacman -S extra/texlive-core
* sudo pacman -S texlive-latexextra
* sudo pip2 install rst2pdf sphinxcontrib-phpdomain
* sudo ln -s /usr/bin/sphinx-build2 /usr/bin/sphinx-build
* cd user_manual
* make latexpdf
* PDFVIEWER _build/latex/NextcloudUserManual.pdf

9
_shared_assets/themes/nextcloud_com/layout.html
View File

@ -149,7 +149,7 @@
</div>
<div class="col-md-5 col-md-offset-1">
{% if theme_show_search %}
<form class="headersearch" style="margin-bottom:-3px;" action="{{ pathto('search') }}" method="get">
<form class="headersearch" style="margin: 16px 0;" action="{{ pathto('search') }}" method="get">
<input type="text" value="" name="q" id="q" class="form-control" />
<button class="btn btn-default" type="submit" id="searchsubmit">Search</button>
</form>
@ -191,13 +191,14 @@
<div class="row">
<div class="col-lg-12 footer-social-icons">
<p class="text-center"><a target="_blank" href="https://plus.google.com/104036748063781940910/about"><img width=50 src="{{ pathto('_static/img/social/googleplus.svg', 1) }}" title="Follow us on Google Plus!" alt="Follow us on Google Plus!"></img></a>
<a target="_blank" style="margin: 0 7px 0 14px;" href="https://www.facebook.com/Nextclouders"><img width=50 src="{{ pathto('_static/img/social/facebook.svg', 1) }}" title="Like our facebook page!" alt="Like our facebook page!"></img></a>
<a target="_blank" style="margin: 0 14px 0 7px;" href="https://twitter.com/Nextclouders"><img width=50 src="{{ pathto('_static/img/social/twitter.svg', 1) }}" title="Subscribe to our twitter channel!" alt="Subscribe to our twitter channel!"></img></a>
<a target="_blank" href="https://www.facebook.com/Nextclouders"><img width=50 src="{{ pathto('_static/img/social/facebook.svg', 1) }}" title="Like our Facebook page!" alt="Like our Facebook page!"></img></a>
<a target="_blank" href="https://twitter.com/Nextclouders"><img width=50 src="{{ pathto('_static/img/social/twitter.svg', 1) }}" title="Subscribe to our Twitter channel!" alt="Subscribe to our Twitter channel!"></img></a>
<a target="_blank" href="https://nextcloud.com/blogfeed"><img class="img-circle" width=50 src="{{ pathto('_static/img/social/rss.svg', 1) }}" title="Subscribe to our news feed!" alt="Subscribe to our news feed!"></img></a>
<a target="_blank" href="https://newsletter.nextcloud.com/"><img class="img-circle" width=50 src="{{ pathto('_static/img/social/mail.svg', 1) }}" title="Subscribe to our newsletter!" alt="Subscribe to our newsletter!"></img></a></p>
</div>
<div class="text-center">
All documentation licensed under the <a href="https://creativecommons.org/licenses/by/3.0/us/">Creative Commons Attribution 3.0 Unported license</a>.
<p>All documentation licensed under the <a href="https://creativecommons.org/licenses/by/3.0/us/">Creative Commons Attribution 3.0 Unported license</a>.</p>
<p><a href="https://github.com/nextcloud/documentation/graphs/contributors">See who contributed to our documentation/credits</a>.</p>
</div>
</div>
</div>

9
_shared_assets/themes/nextcloud_com/static/styles.css
View File

@ -1080,6 +1080,8 @@ h4:hover a.headerlink {
}
a.headerlink {
display: none;
padding-left: 5px;
text-decoration: none;
}
#menu-support {
@ -1130,4 +1132,9 @@ a.headerlink {
between above the top of the third level list */
#menu-support.menu ul ul ul {
border-top: 1px solid #EFEFEF;
}
}
.terminal-image {
box-shadow: 1px 1px 15px rgba(0, 0, 0, 0.3);
border-radius: 2px;
}

5
_shared_assets/themes/nextcloud_release/static/styles.css
View File

@ -474,3 +474,8 @@ li.next {
}
/* -- End specific css for documentation -- */
.terminal-image {
box-shadow: 1px 1px 15px rgba(0, 0, 0, 0.3);
border-radius: 2px;
}

8
admin_manual/conf.py
View File

@ -44,13 +44,13 @@ master_doc = 'contents'
# built documents.
#
# The short X.Y version.
version = '11'
version = '12'
# The full version, including alpha/beta/rc tags.
release = '11 alpha'
release = '12'
# General information about the project.
project = u'Nextcloud %s Server Administration Manual' % (version)
copyright = u'2012-2016, The Nextcloud developers'
copyright = u'2012-2017, The Nextcloud developers'
# The language for content autogenerated by Sphinx. Refer to documentation
@ -244,7 +244,7 @@ texinfo_documents = [ ('contents', 'Nextcloud Server Admin Manual', u'Nextcloud
epub_title = u'Nextcloud Server Administration Manual'
epub_author = u'The Nextcloud developers'
epub_publisher = u'The Nextcloud developers'
epub_copyright = u'2012-2016, The Nextcloud developers'
epub_copyright = u'2012-2017, The Nextcloud developers'
# The language of the text. It defaults to the language option
# or en if the language is not set.

1
admin_manual/configuration_database/index.rst
View File

@ -7,3 +7,4 @@ Database Configuration
db_conversion.rst
linux_database_configuration.rst
mysql_4byte_support

39
admin_manual/configuration_database/linux_database_configuration.rst
View File

@ -20,37 +20,6 @@ requires that you install and set up the server software first.
scope of this document. Please refer to the documentation for your specific
database choice for instructions.
.. _db-binlog-label:
MySQL / MariaDB with Binary Logging Enabled
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nextcloud is currently using a ``TRANSACTION_READ_COMMITTED`` transaction isolation
to avoid data loss under high load scenarios (e.g. by using the sync client with
many clients/users and many parallel operations). This requires a disabled or
correctly configured binary logging when using MySQL or MariaDB. Your system is
affected if you see the following in your log file during the installation or
update of Nextcloud:
An unhandled exception has been thrown:
exception 'PDOException' with message 'SQLSTATE[HY000]: General error: 1665
Cannot execute statement: impossible to write to binary log since
BINLOG_FORMAT = STATEMENT and at least one table uses a storage engine limited
to row-based logging. InnoDB is limited to row-logging when transaction
isolation level is READ COMMITTED or READ UNCOMMITTED.'
There are two solutions. One is to disable binary logging. Binary logging
records all changes to your database, and how long each change took. The
purpose of binary logging is to enable replication and to support backup
operations.
The other is to change the BINLOG_FORMAT = STATEMENT in your database
configuration file, or possibly in your database startup script, to
BINLOG_FORMAT = MIXED. See `Overview of the Binary
Log <https://mariadb.com/kb/en/mariadb/overview-of-the-binary-log/>`_ and `The
Binary Log <https://dev.mysql.com/doc/refman/5.6/en/binary-log.html>`_ for
detailed information.
.. _db-transaction-label:
Database "READ COMMITED" transaction isolation level
@ -176,7 +145,7 @@ You can quit the prompt by entering::
An Nextcloud instance configured with PostgreSQL would contain the path to the socket on
which the database is running as the hostname, the system username the PHP process is using,
and an empty password to access it, and the name of the database. The :file:`config/config.php` as
and an empty password to access it, and the name of the database. The :file:`config/config.php` as
created by the :doc:`../installation/installation_wizard` would therefore contain entries like
this:
@ -240,9 +209,9 @@ Troubleshooting
How to workaround General error: 2006 MySQL server has gone away
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The database request takes too long and therefore the MySQL server times out. Its
also possible that the server is dropping a packet that is too large. Please
refer to the manual of your database for how to raise the configuration options
The database request takes too long and therefore the MySQL server times out. Its
also possible that the server is dropping a packet that is too large. Please
refer to the manual of your database for how to raise the configuration options
``wait_timeout`` and/or ``max_allowed_packet``.
Some shared hosters are not allowing the access to these config options. For such

4
admin_manual/maintenance/mysql_4byte_support.rst → admin_manual/configuration_database/mysql_4byte_support.rst
View File

@ -2,8 +2,6 @@
Enabling MySQL 4-byte support
=============================
.. note:: This feature is currently **experimental**.
In order to use Emojis (textbased smilies) on your Nextcloud server with a MySQL database, the
installation needs to be tweaked a bit.
@ -11,7 +9,7 @@ installation needs to be tweaked a bit.
2. Make sure the following InnoDB settings are set on your MySQL server::
[mysqld]
innodb_large_prefix=on
innodb_large_prefix=true
innodb_file_format=barracuda
innodb_file_per_table=1

9
admin_manual/configuration_files/big_file_upload_configuration.rst
View File

@ -7,8 +7,6 @@ limit up to what your filesystem and operating system allows. There are certain
hard limits that cannot be exceeded:
* < 2GB on 32Bit OS-architecture
* < 2GB on Windows (32Bit and 64Bit)
* < 2GB with Server Version 4.5 or older
* < 2GB with IE6 - IE8
* < 4GB with IE9 - IE11
@ -82,7 +80,7 @@ nginx
* `client_body_temp_path <http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path>`_
Since nginx 1.7.11 a new config option `fastcgi_request_buffering
<https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_request_buffering`_
<https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_request_buffering>`_
is availabe. Setting this option to ``fastcgi_request_buffering off;`` in your nginx config
might help with timeouts during the upload. Furthermore it helps if you're running out of
disc space on the tmp partition of your system.
@ -162,7 +160,4 @@ To be able to use this input box you need to make sure that:
* your Web server is able to use the ``.htaccess`` file shipped by Nextcloud (Apache only)
* the user your Web server is running as has write permissions to the files ``.htaccess`` and ``.user.ini``
:ref:`strong_perms_label` might prevent write access to these files. As an admin you need
to decide between the ability to use the input box and a more secure Nextcloud installation
where you need to manually modify the upload limits in the ``.htaccess`` and ``.user.ini``
files described above.

34
admin_manual/configuration_files/default_files_configuration.rst
View File

@ -2,15 +2,21 @@
Providing Default Files
=======================
You may distribute a set of default files and folders to all users by placing
them in the :file:`nextcloud/core/skeleton` directory on your Nextcloud server.
These files appear only to new users after their initial login, and existing
users will not see files that are added to this directory after their first
login. The files in the :file:`skeleton` directory are copied into the users'
data directories, so they may change and delete the files without affecting the
originals.
You may distribute a set of default files and folders to all users by placing
them in directory that is readable by the webserver user. This allows you to
overwrite the files that are shipped by default with Nextcloud in
``core/skeleton``. That custom directory should then be configured in the
``config.php`` via the configuration option ``skeletondirectory`` (see
:doc:`../configuration_server/config_sample_php_parameters`). Leave
empty to not copy any skeleton files.
This screenshot shows a set of photos in the :file:`skeleton` directory.
These files will be copied only to new users after their initial login, and
existing users will not see files that are added to this directory after their
first login. The files in the ``skeleton`` directory are copied into the
users data directories, so they may change and delete the files without
affecting the originals.
This screenshot shows a set of photos in the ``skeleton`` directory.
.. image:: ../images/skeleton-files.png
@ -18,12 +24,6 @@ They appear on the user's Nextcloud Files page just like any other files.
.. image:: ../images/skeleton-files1.png
Additional Configuration
------------------------
The configuration option ``skeletondirectory`` available in your
``config.php`` (See
:doc:`../configuration_server/config_sample_php_parameters`) allows
you to configure the directory where the skeleton files are located.
These files will be copied to the data directory of new users. Leave
empty to not copy any skeleton files.
.. note:: Overwriting the files in ``core/skeleton`` is not recommended,
because those changes will be overwritten on the next update of the Nextcloud
server.

16
admin_manual/configuration_files/encryption_configuration.rst
View File

@ -146,7 +146,7 @@ storage mount, see :ref:`external_storage_mount_options_label`
.. _enable-file-recovery-key:
Enabling Users File Recovery Keys
----------------------------------
---------------------------------
If you lose your Nextcloud password, then you lose access to your encrypted
files. If one of your users loses their Nextcloud password their files are
@ -213,11 +213,11 @@ The [module ID] is taken from the ``encryption:list-modules`` command.
Encrypt all data files for all users. For performance reasons, when you enable
encryption on an Nextcloud server only new and changed files are encrypted. This
command gives you the option to encrypt all files. You must first put your
Nextcloud server into single-user mode to prevent any user activity until
Nextcloud server into maintenance mode to prevent any user activity until
encryption is completed::
occ maintenance:singleuser --on
Single user mode is currently enabled
occ maintenance:mode --on
Maintenance mode is currently enabled
Then run ``occ``::
@ -267,14 +267,14 @@ Disabling Encryption
You may disable encryption only with ``occ``. Make sure you have backups of all
encryption keys, including users'. Put your Nextcloud server into
single-user mode, and then disable your encryption module with this command::
maintenance mode, and then disable your encryption module with this command::
occ maintenance:singleuser --on
occ maintenance:mode --on
occ encryption:disable
Take it out of single-user mode when you are finished::
Take it out of maintenance mode when you are finished::
occ maintenance:singleuser --off
occ maintenance:mode --off
Files Not Encrypted
-------------------

3
admin_manual/configuration_files/external_storage/local.rst
View File

@ -15,9 +15,6 @@ are on Ubuntu Linux::
sudo -u www-data chown -R www-data:www-data /localdir
sudo -u www-data chmod -R 0750 /localdir
See :ref:`strong_perms_label` for information on correct file permissions, and
find your HTTP user :ref:`label-phpinfo`.
In the **Folder name** field enter the folder name that you want to appear on
your Nextcloud Files page.

1
admin_manual/configuration_files/index.rst
View File

@ -18,4 +18,3 @@ File Sharing and Management
files_locking_transactional
previews_configuration
file_versioning
files_access_control

23
admin_manual/configuration_server/activity_configuration.rst
View File

@ -30,3 +30,26 @@ Furthermore it is recommended to configure the background job ``Webcron`` or
There is also a configuration option ``activity_expire_days`` available in your
``config.php`` (See :doc:`config_sample_php_parameters`) which allows
you to clean-up older activies from the database.
Better scheduling of activity emails
------------------------------------
In certain scenarios it makes sense to send the activity emails out more regularly,
e.g. you want to send the hourly emails always at the full hour, daily emails before
people start to work in the morning and weekly mails shall be send on monday morning,
so people can read up when starting into the week.
Therefor in Nextcloud 12 a console command was added to allow sending those emails
intentionally. This allows to set up special cron jobs on your server with the known
granularity, instead of relying on the Nextcloud cron feature which is not very flexible
on scheduling.
To implement the samples mentioned above, the following three entries are necessary::
# crontab -u www-data -e
0 * * * * php -f /var/www/nextcloud/occ activity:send-mails hourly
30 7 * * * php -f /var/www/nextcloud/occ activity:send-mails daily
30 7 * * MON php -f /var/www/nextcloud/occ activity:send-mails weekly
If you want to manually send out all activity emails which are queued, you can run
``occ activity:send-mails`` without any argument.

43
admin_manual/configuration_server/background_jobs_configuration.rst
View File

@ -83,3 +83,46 @@ You can verify if the cron job has been added and scheduled by executing::
.. note:: Please refer to the crontab man page for the exact command syntax.
.. _easyCron: http://www.easycron.com/
systemd
~~~~~~~
If systemd is installed on the system, a systemd timer could be an alternative to a cronjob.
This approach requires two files: **nextcloudcron.service** and **nextcloudcron.timer**. Create these two files in ``/etc/systemd/system/``.
**nextcloudcron.service** should look like this::
[Unit]
Description=Nextcloud cron.php job
[Service]
User=www-data
ExecStart=/usr/bin/php -f /var/www/nextcloud/cron.php
[Install]
WantedBy=basic.target
Replace the user ``www-data`` with the user of your http server and ``/var/www/nextcloud/cron.php`` with the location of **cron.php** in your nextcloud directory.
**nextcloudcron.timer** should look like this::
[Unit]
Description=Run Nextcloud cron.php every 15 minutes
[Timer]
OnBootSec=5min
OnUnitActiveSec=15min
Unit=nextcloudcron.service
[Install]
WantedBy=timers.target
The important parts in the timer-unit are ``OnBootSec`` and ``OnUnitActiveSec``.``OnBootSec`` will start the timer 5 minutes after boot, otherwise you would have to start it manually after every boot. ``OnUnitActiveSec`` will set a 15 minute timer after the service-unit was last activated.
Now all that is left is to start and enable the timer by running these commands::
systemctl start nextcloudcron.timer
systemctl enable nextcloudcron.timer
.. note:: Select the option ``Cron`` in the admin menu for background jobs. if left on ``AJAX`` it would execute the AJAX job on every page load.

4
admin_manual/configuration_server/caching_configuration.rst
View File

@ -46,7 +46,7 @@ PHP 5.5 and up include the Zend OPcache in core, and on most Linux
distributions it is enabled by default. However, it does
not bundle a data cache. APCu is a data cache, and it is available in most
Linux distributions. On Red Hat/CentOS/Fedora systems install
``php-pecl-apcu``. On Debian/Ubuntu/Mint systems install ``php5-apcu`` or ``php7.0-apcu``.
``php-pecl-apcu``. On Debian/Ubuntu/Mint systems install ``php-apcu``.
On Ubuntu 14.04 LTS, the APCu version (4.0.2) is too old to use with Nextcloud (requires 4.0.6+).
You may install 4.0.7 from Ubuntu backports with this command::
@ -113,7 +113,7 @@ The Redis PHP module must be version 2.2.6+. If you are running a Linux
distribution that does not package the supported versions of this module, or
does not package Redis at all, see :ref:`install_redis_label`.
On Debian/Ubuntu/Mint install ``redis-server`` and ``php5-redis`` or ``php7.0-redis``. The installer
On Debian/Ubuntu/Mint install ``redis-server`` and ``php-redis``. The installer
will automatically launch ``redis-server`` and configure it to launch at
startup.

187
admin_manual/configuration_server/config_sample_php_parameters.rst
View File

@ -228,6 +228,18 @@ language" override this setting after they have logged in.
Defaults to ``en``
::
'force_language' => 'en',
With this setting a language can be forced for all users. If a language is
forced, the users are also unable to change their language in the personal
settings. If users shall be unable to change their language, but users have
different languages, this value can be set to ``true`` instead of a language
code.
Defaults to ``false``
::
'defaultapp' => 'files',
@ -247,16 +259,6 @@ Defaults to ``files``
``true`` enables the Help menu item in the user menu (top right of the
Nextcloud Web interface). ``false`` removes the Help item.
::
'enable_avatars' => true,
``true`` enables avatars, or user profile photos. These appear on the User
page, on user's Personal pages and are used by some apps (contacts, mail,
etc). ``false`` disables them.
Defaults to ``true``
::
'allow_user_to_change_display_name' => true,
@ -338,11 +340,13 @@ IMAP (OC_User_IMAP), SMB (OC_User_SMB), and FTP (OC_User_FTP).
'lost_password_link' => 'https://example.org/link/to/password/reset',
If your user backend does not allow to reset the password (e.g. when it's a
If your user backend does not allow password resets (e.g. when it's a
read-only user backend like LDAP), you can specify a custom link, where the
user is redirected to, when clicking the "reset password" link after a failed
login-attempt.
In case you do not want to provide any link, replace the url with 'disabled'
Mail Parameters
---------------
@ -543,12 +547,12 @@ accessible at. So if Nextcloud is accessible via "https://mycloud.org/nextcloud"
the correct value would most likely be "/nextcloud". If Nextcloud is running
under "https://mycloud.org/" then it would be "/".
Note that above rule is not valid in every case, there are some rare setup
Note that the above rule is not valid in every case, as there are some rare setup
cases where this may not apply. However, to avoid any update problems this
configuration value is explicitly opt-in.
After setting this value run `occ maintenance:update:htaccess` and when following
conditions are met Nextcloud uses URLs without index.php in it:
After setting this value run `occ maintenance:update:htaccess`. Now, when the
following conditions are met Nextcloud URLs won't contain `index.php`:
- `mod_rewrite` is installed
- `mod_env` is installed
@ -859,14 +863,6 @@ Defaults to ``UTC``
Append all database queries and parameters to the log file. Use this only for
debugging, as your logfile will become huge.
::
'cron_log' => true,
Log successful cron runs.
Defaults to ``true``
::
'log_rotate_size' => false,
@ -1059,10 +1055,6 @@ concerns:
- OC\\Preview\\TIFF
- OC\\Preview\\Font
.. note:: Troubleshooting steps for the MS Word previews are available
at the :doc:`../configuration_files/collaborative_documents_configuration`
section of the Administrators Manual.
The following providers are not available in Microsoft Windows:
- OC\\Preview\\Movie
@ -1101,6 +1093,14 @@ See command line (occ) methods ``ldap:show-remnants`` and ``user:delete``
Defaults to ``51`` minutes
::
'sort_groups_by_name' => false,
Sort groups in the user settings by name instead of the user count
By enabling this the user count beside the group name is disabled as well.
Comments
--------
@ -1123,10 +1123,19 @@ Defaults to ``\OC\Comments\ManagerFactory``
Replaces the default System Tags Manager Factory. This can be utilized if an
own or 3rdParty SystemTagsManager should be used that for instance uses the
filesystem instead of the database to keep the comments.
filesystem instead of the database to keep the tags.
Defaults to ``\OC\SystemTag\ManagerFactory``
::
'mail_template_class' => '\OC\Mail\EMailTemplate',
Replaces the default mail template layout. This can be utilized if the
options to modify the mail texts with the theming app is not enough.
The class must extend ``\OC\Mail\EMailTemplate``
Maintenance
-----------
@ -1147,15 +1156,6 @@ are kicked out of Nextcloud instantly.
Defaults to ``false``
::
'singleuser' => false,
When set to ``true``, the Nextcloud instance will be unavailable for all
users who are not in the ``admin`` group.
Defaults to ``false``
SSL
---
@ -1170,12 +1170,6 @@ Extra SSL options to be used for configuration.
Defaults to an empty array.
::
'enable_certificate_management' => false,
Allow the configuration of system wide trusted certificates
Memory caching backend configuration
------------------------------------
@ -1218,20 +1212,53 @@ Defaults to ``none``
::
'redis' => array(
'redis' => [
'host' => 'localhost', // can also be a unix domain socket: '/tmp/redis.sock'
'port' => 6379,
'timeout' => 0.0,
'password' => '', // Optional, if not defined no password will be used.
'dbindex' => 0, // Optional, if undefined SELECT will not run and will use Redis Server's default DB Index.
),
],
Connection details for redis to use for memory caching.
Connection details for redis to use for memory caching in a single server configuration.
For enhanced security it is recommended to configure Redis
to require a password. See http://redis.io/topics/security
for more information.
::
'redis.cluster' => [
'seeds' => [ // provide some/all of the cluster servers to bootstrap discovery, port required
'localhost:7000',
'localhost:7001'
],
'timeout' => 0.0,
'read_timeout' => 0.0,
'failover_mode' => \RedisCluster::FAILOVER_ERROR
],
Connection details for a Redis Cluster
Only for use with Redis Clustering, for Sentinel-based setups use the single
server configuration above, and perform HA on the hostname.
Redis Cluster support requires the php module phpredis in version 3.0.0 or
higher for PHP 7+ or phpredis in version 2.2.8 for PHP 5.6.
Available failover modes:
- \\RedisCluster::FAILOVER_NONE - only send commands to master nodes (default)
- \\RedisCluster::FAILOVER_ERROR - failover to slaves for read commands if master is unavailable (recommended)
- \\RedisCluster::FAILOVER_DISTRIBUTE - randomly distribute read commands across master and slaves
WARNING: FAILOVER_DISTRIBUTE is a not recommended setting and we strongly
suggest to not use it if you use Redis for file locking. Due to the way Redis
is synchronised it could happen, that the read for an existing lock is
scheduled to a slave that is not fully synchronised with the connected master
which then causes a FileLocked exception.
See https://redis.io/topics/cluster-spec for details about the Redis cluster
::
'memcached_servers' => array(
@ -1300,7 +1327,7 @@ Using Object Store with Nextcloud
'objectstore' => [
'class' => 'OC\\Files\\ObjectStore\\Swift',
'arguments' => [
// trystack will user your facebook id as the user name
// trystack will use your facebook id as the user name
'username' => 'facebook100000123456789',
// in the trystack dashboard go to user -> settings -> API Password to
// generate a password
@ -1352,11 +1379,25 @@ Global settings for Sharing
'sharing.managerFactory' => '\OC\Share20\ProviderFactory',
Replaces the default Share Provider Factory. This can be utilized if
own or 3rdParty Share Providers be used that for instance uses the
own or 3rdParty Share Providers are used that for instance use the
filesystem instead of the database to keep the share information.
Defaults to ``\OC\Share20\ProviderFactory``
::
'sharing.maxAutocompleteResults' => 0,
Define max number of results returned by the user search for auto-completion
Default is unlimited (value set to 0).
::
'sharing.minSearchStringLength' => 0,
Define the minimum length of the search string before we start auto-completion
Default is no limit (value set to 0)
All other configuration options
-------------------------------
@ -1382,16 +1423,23 @@ can be 'WAL' or 'DELETE' see for more details https://www.sqlite.org/wal.html
'mysql.utf8mb4' => false,
If this setting is set to true MySQL can handle 4 byte characters instead of
3 byte characters
During setup, if requirements are met (see below), this setting is set to true
and MySQL can handle 4 byte characters instead of 3 byte characters.
If you want to convert an existing 3-byte setup into a 4-byte setup please
set the parameters in MySQL as mentioned below and run the migration command:
./occ db:convert-mysql-charset
The config setting will be set automatically after a successful run.
Consult the documentation for more details.
MySQL requires a special setup for longer indexes (> 767 bytes) which are
needed:
[mysqld]
innodb_large_prefix=true
innodb_file_format=barracuda
innodb_file_per_table=true
innodb_large_prefix=ON
innodb_file_format=Barracuda
innodb_file_per_table=ON
Tables will be created with
* character set: utf8mb4
@ -1405,8 +1453,6 @@ https://mariadb.com/kb/en/mariadb/xtradbinnodb-server-system-variables/#innodb_l
http://www.tocker.ca/2013/10/31/benchmarking-innodb-page-compression-performance.html
http://mechanics.flite.com/blog/2014/07/29/using-innodb-large-prefix-to-avoid-error-1071/
WARNING: EXPERIMENTAL
::
'supportedDatabases' => array(
@ -1616,7 +1662,7 @@ Defaults to ``true``
'filelocking.ttl' => 60*60,
Set the time-to-live for locks in secconds.
Set the lock's time-to-live in seconds.
Any lock older than this will be automatically cleaned up.
@ -1634,6 +1680,18 @@ is highly recommended to *avoid data loss*.
Defaults to ``none``
::
'filelocking.debug' => false,
Enable locking debug logging
Note that this can lead to a very large volume of log items being written which can lead
to performance degradation and large log files on busy instance.
Thus enabling this in production for longer periods of time is not recommended
or should be used together with the ``log.condition`` setting.
::
'upgrade.disable-web' => false,
@ -1677,6 +1735,25 @@ configuration. DO NOT ADD THIS SWITCH TO YOUR CONFIGURATION!
If you, brave person, have read until here be aware that you should not
modify *ANY* settings in this file without reading the documentation.
::
'lookup_server' => 'https://lookup.nextcloud.com',
use a custom lookup server to publish user data
::
'gs.enabled' => false,
set to true if the server is used in a setup based on Nextcloud's Global Scale architecture
::
'gs.federation' => 'internal',
by default federation is only used internally in a Global Scale setup
If you want to allow federation outside of your environment set it to 'global'
.. ALL_OTHER_SECTIONS_END
.. Generated content above. Don't change this.

37
admin_manual/configuration_server/external_sites.rst
View File

@ -2,36 +2,47 @@
Linking External Sites
======================
You can embed external Web sites inside your Nextcloud pages with the External
Sites app, as this screenshot shows.
You can embed external websites or documents inside your Nextcloud pages with the External
sites app, as this screenshot shows.
.. figure:: ../images/external-sites-1.png
:scale: 60%
:scale: 70%
*Click to enlarge*
This is useful for quick access to important Web pages such as the
This is useful for quick access to important pages such as the
Nextcloud manuals and informational pages for your company, and for presenting
external pages inside your custom Nextcloud branding, if you use your own custom
themes.
The External sites app is included in all versions of Nextcloud. Go to **Apps >
Not Enabled** to enable it. Then go to your Nextcloud Admin page to create your
links, which are saved automatically. There is a dropdown menu to select an
icon, but there is only one default icon so you don't have to select one. Hover
your cursor to the right of your links to make the trashcan icon appear when you
The External sites app is included in all versions of Nextcloud. Go to **Settings > Apps >
Disabled apps** to enable it. Then go to your Nextcloud **Settings > Admin > Additional
settings** to create your links, which are saved automatically.
Each link can have a unique icon, icons are currently loaded from ``apps/external/img/``.
If you select a language, the link will only be displayed for users with the selected language.
This allows you to have different documentation links for users depending on their language.
It is also possible to add links for a special device (recognized by the user agent).
Currently the following options are available: All devices, Android app, iOS app, Desktop client and all others (Browsers).
Hover your cursor over a row to make the trashcan icon appear when you
want to remove them.
.. figure:: ../images/external-sites-2.png
:scale: 80%
*Click to enlarge*
The links appear in the Nextcloud dropdown menu on the top left after
refreshing your page, and have globe icons.
The links appear in the Nextcloud menu on the top or in the settings menu, after
reloading the page.
.. figure:: ../images/external-sites-3.png
Configurations preventing embedding
-----------------------------------
Your links may or may not work correctly due to the various ways that Web
browsers and Web sites handle HTTP and HTTPS URLs, and because the External
Sites app embeds external links in IFrames. Modern Web browsers try very hard
@ -56,4 +67,4 @@ On this page, X-Frame-Options prevents the embedding.
.. figure:: ../images/external-sites-5.png
There isn't much you can do about these issues, but if you're curious you can
see what is happening.
see what is happening.

17
admin_manual/configuration_server/harden_server.rst
View File

@ -119,11 +119,22 @@ VirtualHost file::
<VirtualHost *:443>
ServerName cloud.nextcloud.com
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>
This example configuration will make all subdomains only accessible via HTTPS. If you have subdomains not accessible via HTTPS, remove ``includeSubdomains;``.
.. warning::
We recommend the additional setting ``; preload`` to be added to that header.
Then the domain will be added to an hardcoded list that is shipped with all
major browsers and enforce HTTPS upon those domains. See the `HSTS preload
website for more information <https://hstspreload.org/>`_. Due to the policy
of this list you need to add it to the above example for yourself once you
are sure that this is what you want. `Removing the domain from this list
<https://hstspreload.org/#removal>`_ could take some months until it reaches
all installed browsers.
This example configuration will make all subdomains only accessible via HTTPS.
If you have subdomains not accessible via HTTPS, remove ``includeSubdomains;``.
This requires the ``mod_headers`` extension in Apache.

6
admin_manual/configuration_server/index.rst
View File

@ -1,6 +1,6 @@
==============================
Nextcloud Server Configuration
==============================
====================
Server Configuration
====================
.. toctree::
:maxdepth: 2

39
admin_manual/configuration_server/language_configuration.rst
View File

@ -1,19 +1,16 @@
Language Configuration
======================
Default language
----------------
In normal cases Nextcloud will automatically detect the language of the Web-GUI.
If this does not work properly or you want to make sure that Nextcloud always
starts with a given language, you can use the **default_language** parameter.
starts with a given language, you can set a **default_language** parameter in the
:file:`config/config.php`.
Please keep in mind, that this will not effect a users language preference,
which has been configured under "personal -> language" once he has logged in.
Please check `Transifex language codes
<https://www.transifex.com/explore/languages/>`_ for the list of valid language
codes.
Parameters
----------
.. note:: The default_language paramenter is only used, when the browser does not
send any language, and the user hasn't configured own language preferences.
::
@ -21,4 +18,24 @@ Parameters
"default_language" => "en",
This parameters can be set in the :file:`config/config.php`
Force language
--------------
If you want to force a specific language, users will no longer be able to change
their language in the personal settings. You can set a **force_language** parameter
in the :file:`config/config.php`.
::
<?php
"force_language" => "en",
If users shall be unable to change their language, but users have different languages,
this value can be set to ``true`` instead of a language code.
.. note:: Please check `Transifex language codes
<https://www.transifex.com/explore/languages/>`_ for the list of valid language
codes.

4
admin_manual/configuration_server/logging_configuration.rst
View File

@ -19,8 +19,8 @@ By default the log level is set to **2** (WARN). Use **DEBUG** when you have a p
Logging level parameters are set in the :file:`config/config.php` file, or on the Admin page of your Nextcloud Web GUI.
ownCloud
~~~~~~~~
Nextcloud
~~~~~~~~~
All log information will be written to a separate log file which can be
viewed using the log viewer on your Admin page. By default, a log

41
admin_manual/configuration_server/occ_command.rst
View File

@ -44,8 +44,7 @@ occ Command Directory
Run occ As Your HTTP User
-------------------------
The HTTP user is different on the various Linux distributions. See
:ref:`strong_perms_label` to learn how to find your HTTP user.
The HTTP user is different on the various Linux distributions:
* The HTTP user and group in Debian/Ubuntu is www-data.
* The HTTP user and group in Fedora/CentOS is apache.
@ -538,7 +537,7 @@ see a list of modules only if you have enabled the Encryption app. Use
``encryption:set-default-module [module name]`` to set your desired module.
``encryption:encrypt-all`` encrypts all data files for all users. You must first
put your Nextcloud server into :ref:`single-user
put your Nextcloud server into :ref:`maintenance
mode<maintenance_commands_label>` to prevent any user activity until encryption
is completed.
@ -548,12 +547,12 @@ user::
sudo -u www-data php occ encryption:decrypt freda
Users must have enabled recovery keys on their Personal pages. You must first
put your Nextcloud server into :ref:`single-user
put your Nextcloud server into :ref:`maintenance
mode <maintenance_commands_label>` to prevent any user activity until
decryption is completed.
Use ``encryption:disable`` to disable your encryption module. You must first put
your Nextcloud server into :ref:`single-user mode <maintenance_commands_label>`
your Nextcloud server into :ref:`maintenance mode <maintenance_commands_label>`
to prevent any user activity.
``encryption:enable-master-key`` creates a new master key, which is used for all
@ -713,7 +712,7 @@ Verify your app::
sudo -u www-data php occ integrity:check-app --path=/pathto/app appname
When it returns nothing, your app is signed correctly. When it returns a message then there is an error. See `Code Signing
<https://docs.nextcloud.org/server/11/developer_manual/app/code_signing.html#how-to-get-your-app-signed>`_ in the Developer manual for more detailed information.
<https://docs.nextcloud.org/server/12/developer_manual/app/code_signing.html#how-to-get-your-app-signed>`_ in the Developer manual for more detailed information.
.. TODO ON RELEASE: Update version number above on release
``integrity:sign-core`` is for Nextcloud core developers only.
@ -864,12 +863,12 @@ Use these commands when you upgrade Nextcloud, manage encryption, perform
backups and other tasks that require locking users out until you are finished::
maintenance
maintenance:mimetype:update-db Update database mimetypes and update
filecache
maintenance:mimetype:update-js Update mimetypelist.js
maintenance:mode set maintenance mode
maintenance:repair repair this installation
maintenance:singleuser set single user mode
maintenance:data-fingerprint update the systems data-fingerprint after a backup is restored
maintenance:mimetype:update-db Update database mimetypes and update filecache
maintenance:mimetype:update-js Update mimetypelist.js
maintenance:mode set maintenance mode
maintenance:repair repair this installation
maintenance:update:htaccess Updates the .htaccess file
``maintenance:mode`` locks the sessions of all logged-in users, including
administrators, and displays a status screen warning that the server is in
@ -879,18 +878,10 @@ logged-in users must refresh their Web browsers to continue working::
sudo -u www-data php occ maintenance:mode --on
sudo -u www-data php occ maintenance:mode --off
Putting your Nextcloud server into single-user mode allows admins to log in and
work, but not ordinary users. This is useful for performing maintenance and
troubleshooting on a running server::
sudo -u www-data php occ maintenance:singleuser --on
Single user mode enabled
Turn it off when you're finished::
sudo -u www-data php occ maintenance:singleuser --off
Single user mode disabled
After restoring a backup of your data directory or the database, you should always
call ``maintenance:data-fingerprint`` once. This changes the ETag for all files
in the communication with sync clients, allowing them to realize a file was modified.
The ``maintenance:repair`` command runs automatically during upgrades to clean
up the database, so while you can run it manually there usually isn't a need
@ -1132,9 +1123,7 @@ You can install Nextcloud entirely from the command line. After downloading the
tarball and copying Nextcloud into the appropriate directories you can use ``occ``
commands in place of running the graphical Installation Wizard.
Apply correct permissions to your Nextcloud directories; see
:ref:`strong_perms_label`. Then choose your ``occ`` options. This lists your
available options::
Then choose your ``occ`` options. This lists your available options::
sudo -u www-data php /var/www/nextcloud/occ
Nextcloud is not installed - only a limited number of commands are available

8
admin_manual/configuration_server/security_setup_warnings.rst
View File

@ -8,6 +8,12 @@ might see, and what to do about them.
.. figure:: ../images/security-setup-warning-1.png
You can use the `Nextcloud Security Scan <https://scan.nextcloud.com>`_ to see
if your system is up to date and well secured. We have ran this scan over public
IP addresses in the past to try and reach out to `extremely outdated systems <https://nextcloud.com/blog/nextcloud-releases-security-scanner-to-help-protect-private-clouds/>`_
and might again in the future. Please, protect your privacy and keep your server
up to date! Privacy means little without security.
Cache Warnings
--------------
@ -53,7 +59,7 @@ describe how to enable HTTPS on the Apache and Nginx Web servers.
:ref:`use_https_label`
:doc:`../installation/nginx_examples`
:doc:`../installation/nginx`
The test with getenv(\"PATH\") only returns an empty response
-------------------------------------------------------------

10
admin_manual/configuration_server/server_tuning.rst
View File

@ -1,6 +1,6 @@
=======================
Nextcloud Server Tuning
=======================
=============
Server Tuning
=============
Using cron to perform background jobs
-------------------------------------
@ -73,8 +73,6 @@ Enable HTTP2 for faster loading
HTTP2 has `huge speed improvements <https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage/>`_ over HTTP with multiple request. Most `browsers already support HTTP2 over SSL (HTTPS) <http://caniuse.com/#feat=http2>`_. So refer to your server manual for guides on how to use HTTP2.
.. _opcache:
Enable PHP OPcache
------------------
@ -82,7 +80,7 @@ The `OPcache <http://php.net/manual/en/intro.opcache.php>`_ improves the perform
.. code:: ini
opcache.enable=On
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000

31
admin_manual/configuration_server/theming.rst
View File

@ -2,7 +2,21 @@
Theming
=======
In the administrative settings you can modify the appearance of Nextcloud:
Nextcloud has two ways of theming. There is a theming app that provides a web
UI to set up theming. The second option allows to overwrite most of the files
but a customized theme needs to be created and maintained. For more information on
this check out the `developers documentation <../../developer_manual/core/theming.html>`_.
We recommend to use the theming app, because the Nextcloud team maintains this
and verifies that all adjustments to the server work with the theming. It
covers also most use cases like replacing the name, logos and colors.
Theming app
===========
Check in the apps management that the theming app is enabled. Then the
administrator settings show a section where you can modify the appearance of
your Nextcloud:
* Name
* Web Address
@ -30,3 +44,18 @@ This requires the following additional dependencies:
- PHP module imagick
- SVG support for imagick (e.g. `libmagickcore5-extra`)
Theming of mobile app URLs and IDs
==================================
The themes supported to change the URLs to the mobile apps (Android & iOS) that
is shown when the web UI is opened on one of those devices. Then there was a
header shown, that redirects the user to the app in the app store. By default
this redirects to the Nextcloud apps. In some cases it is wanted that this
links to branded versions of those apps. In those cases the IDs and URLs can be
set via the occ command::
occ config:app:set theming AndroidClientUrl --value "https://play.google.com/store/apps/details?id=com.nextcloud.client"
occ config:app:set theming iTunesAppId --value "1125420102"
occ config:app:set theming iOSClientUrl --value "https://itunes.apple.com/us/app/nextcloud/id1125420102?mt=8"
This feature was added in version 12.0.1 and 13.

1
admin_manual/configuration_user/index.rst
View File

@ -13,4 +13,5 @@ User Management
user_auth_ftp_smb_imap
user_auth_ldap
user_auth_ldap_cleanup
user_auth_ldap_api
user_provisioning_api

4
admin_manual/configuration_user/two_factor-auth.rst
View File

@ -7,7 +7,7 @@ Starting with Nextcloud 10, it is possible to use two factor authentication
Several 2FA apps are already available including
`TOTP <https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm>`_,
SMS 2-factor and `U2F <https://en.wikipedia.org/wiki/Universal_2nd_Factor>`_.
Developers can `built new two-factor provider apps <https://docs.nextcloud.com/server/11/developer_manual/app/two-factor-provider.html>`_.
Developers can `built new two-factor provider apps <https://docs.nextcloud.com/server/12/developer_manual/app/two-factor-provider.html>`_.
.. TODO ON RELEASE: Update version number above on release
Enabling Two Factor Authentication
@ -19,5 +19,5 @@ you want, 2FA will be installed and enabled on your Nextcloud server.
.. figure:: ../images/2fa-app-install.png
Once 2FA has been enabled, users have to `activate it in their personal settings. <https://docs.nextcloud.com/server/11/user_manual/user_2fa.html>`_
Once 2FA has been enabled, users have to `activate it in their personal settings. <https://docs.nextcloud.com/server/12/user_manual/user_2fa.html>`_
.. TODO ON RELEASE: Update version number above on release

17
admin_manual/configuration_user/user_auth_ldap.rst
View File

@ -389,9 +389,24 @@ Enable LDAP password changes per user:
* Additional requirements for Active Directory:
* At least a 128-bit transport encryption must be used for the communication between Nextcloud and the LDAP server
* At least a 128-bit transport encryption must be used for the communication between Nextcloud and the LDAP server.
* Make sure that the ``fUserPwdSupport`` char of the dSHeuristics is configured to employ the ``userPassword`` attribute as ``unicodePwd`` alias. While this is set accordingly on AD LDS by default, this is not the case on AD DS.
Default password policy DN:
This feature requires OpenLDAP with ppolicy. The DN of a default password policy will be used for password expiry handling in the absence of any user specific password policy. Password expiry handling features the following:
* When a LDAP password is about to expire, display a warning message to the user showing the number of days left before it expires. Password expiry warnings are displayed through the notifications app for Nextcloud.
* Prompt LDAP users with expired passwords to reset their password during login, provided that an adequate number of grace logins is still available.
Leave the setting empty to keep password expiry handling disabled.
For the password expiry handling feature to work, LDAP password changes per user must be enabled and the LDAP server must be running OpenLDAP with its ppolicy module configured accordingly.
* Example:
| *cn=default,ou=policies,dc=my-company,dc=com*
Special Attributes
^^^^^^^^^^^^^^^^^^

306
admin_manual/configuration_user/user_auth_ldap_api.rst Normal file
View File

@ -0,0 +1,306 @@
======================
LDAP Configuration API
======================
Any used method requires the a header "OCS-APIREQUEST" set to "true". And any method takes an optional "format" parameter, which accepts "xml" (default) or "json".
Methods
=======
Creating a configuration
------------------------
Creates a new and empty LDAP configuration. It returns its ID. Authentication is done by sending a
basic HTTP authentication header.
**Syntax: ocs/v2.php/apps/user_ldap/api/v1/config**
* HTTP method: POST
Example
^^^^^^^
* POST ``https://admin:secret@example.com/ocs/v2.php/apps/user_ldap/api/v1/config`` -H "OCS-APIREQUEST: true"
* Creates a new, empty configuration
XML Output
^^^^^^^^^^
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
<meta>
<status>ok</status>
<statuscode>200</statuscode>
<message>OK</message>
</meta>
<data>
<configID>s01</configID>
</data>
</ocs>
Deleting a configuration
------------------------
Deletes a given LDAP configuration. Authentication is done by sending a basic HTTP authentication header.
**Syntax: ocs/v2.php/apps/user_ldap/api/v1/config/{configID}**
* HTTP method: DELETE
Example
^^^^^^^
* DELETE ``https://admin:secret@example.com/ocs/v2.php/apps/user_ldap/api/v1/config/s02 -H "OCS-APIREQUEST: true"``
* deletes the LDAP configuration
XML Output
^^^^^^^^^^
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
<meta>
<status>ok</status>
<statuscode>200</statuscode>
<message>OK</message>
</meta>
<data/>
</ocs>
Reading a configuration
-----------------------
Returns all keys and values of the specified LDAP configuration. Authentication is done by sending a basic HTTP authentication header.
**Syntax: ocs/v2.php/apps/user_ldap/api/v1/config/{configID}**
* HTTP method: GET
* url argument: showPassword - int, optional, default 0, whether to return the password in clear text
Example
^^^^^^^
* GET ``https://admin:secret@example.com/ocs/v2.php/apps/user_ldap/api/v1/config/s02?showPassword=1 -H "OCS-APIREQUEST: true"``
* fetches the LDAP configuration
XML Output
^^^^^^^^^^
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
<meta>
<status>ok</status>
<statuscode>200</statuscode>
<message>OK</message>
</meta>
<data>
<ldapHost>ldap://ldap.server.tld</ldapHost>
<ldapPort>389</ldapPort>
<ldapBackupHost></ldapBackupHost>
<ldapBackupPort></ldapBackupPort>
<ldapBase>ou=Department XLII,dc=example,dc=com</ldapBase>
<ldapBaseUsers>ou=users,ou=Department XLII,dc=example,dc=com</ldapBaseUsers>
<ldapBaseGroups>ou=Department XLII,dc=example,dc=com</ldapBaseGroups>
<ldapAgentName>cn=root,dc=example,dc=com</ldapAgentName>
<ldapAgentPassword>Secret</ldapAgentPassword>
<ldapTLS>1</ldapTLS>
<turnOffCertCheck>0</turnOffCertCheck>
<ldapIgnoreNamingRules/>
<ldapUserDisplayName>displayname</ldapUserDisplayName>
<ldapUserDisplayName2>uid</ldapUserDisplayName2>
<ldapGidNumber>gidNumber</ldapGidNumber>
<ldapUserFilterObjectclass>inetOrgPerson</ldapUserFilterObjectclass>
<ldapUserFilterGroups></ldapUserFilterGroups>
<ldapUserFilter>(&amp;(objectclass=nextcloudUser)(nextcloudEnabled=TRUE))</ldapUserFilter>
<ldapUserFilterMode>1</ldapUserFilterMode>
<ldapGroupFilter>(&amp;(|(objectclass=nextcloudGroup)))</ldapGroupFilter>
<ldapGroupFilterMode>0</ldapGroupFilterMode>
<ldapGroupFilterObjectclass>nextcloudGroup</ldapGroupFilterObjectclass>
<ldapGroupFilterGroups></ldapGroupFilterGroups>
<ldapGroupMemberAssocAttr>memberUid</ldapGroupMemberAssocAttr>
<ldapGroupDisplayName>cn</ldapGroupDisplayName>
<ldapLoginFilter>(&amp;(|(objectclass=inetOrgPerson))(uid=%uid))</ldapLoginFilter>
<ldapLoginFilterMode>0</ldapLoginFilterMode>
<ldapLoginFilterEmail>0</ldapLoginFilterEmail>
<ldapLoginFilterUsername>1</ldapLoginFilterUsername>
<ldapLoginFilterAttributes></ldapLoginFilterAttributes>
<ldapQuotaAttribute></ldapQuotaAttribute>
<ldapQuotaDefault>20 MB</ldapQuotaDefault>
<ldapEmailAttribute>mail</ldapEmailAttribute>
<ldapCacheTTL>600</ldapCacheTTL>
<ldapUuidUserAttribute>auto</ldapUuidUserAttribute>
<ldapUuidGroupAttribute>auto</ldapUuidGroupAttribute>
<ldapOverrideMainServer></ldapOverrideMainServer>
<ldapConfigurationActive>1</ldapConfigurationActive>
<ldapAttributesForUserSearch>uid;sn;givenname</ldapAttributesForUserSearch>
<ldapAttributesForGroupSearch></ldapAttributesForGroupSearch>
<ldapExperiencedAdmin>0</ldapExperiencedAdmin>
<homeFolderNamingRule>attr:mail</homeFolderNamingRule>
<hasPagedResultSupport></hasPagedResultSupport>
<hasMemberOfFilterSupport>1</hasMemberOfFilterSupport>
<useMemberOfToDetectMembership>1</useMemberOfToDetectMembership>
<ldapExpertUsernameAttr></ldapExpertUsernameAttr>
<ldapExpertUUIDUserAttr></ldapExpertUUIDUserAttr>
<ldapExpertUUIDGroupAttr></ldapExpertUUIDGroupAttr>
<lastJpegPhotoLookup>0</lastJpegPhotoLookup>
<ldapNestedGroups>0</ldapNestedGroups>
<ldapPagingSize>500</ldapPagingSize>
<turnOnPasswordChange>1</turnOnPasswordChange>
<ldapDynamicGroupMemberURL></ldapDynamicGroupMemberURL>
<ldapDefaultPPolicyDN></ldapDefaultPPolicyDN>
</data>
</ocs>
Modifying a configuration
-------------------------
Updates a configuration with the provided values. Authentication is done by sending a basic HTTP authentication header.
**Syntax: ocs/v2.php/apps/user_ldap/api/v1/config/{configID}**
* HTTP method: PUT
* url argument: configData - array, see table below for the fields. All fields are optional. The values must be url-encoded.
Example
^^^^^^^
* PUT ``https://admin:secret@example.com/ocs/v2.php/apps/user_ldap/api/v1/config/s01 -H "OCS-APIREQUEST: true" -d "configData[ldapHost]=ldap%3A%2F%2Fldap.server.tld &configData[ldapPort]=389"``
* fetches the LDAP configuration
XML Output
^^^^^^^^^^
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
<meta>
<status>ok</status>
<statuscode>200</statuscode>
<message>OK</message>
</meta>
<data/>
</ocs>
Configuration Keys
==================
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| Key | Mode | Required | Description |
+===============================+======+==========+=======================================================================================================================+
| ldapHost | rw | yes | LDAP server host, supports protocol |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapPort | rw | yes | LDAP server port |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapBackupHost | rw | no | LDAP replica host |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapBackupPort | rw | no | LDAP replica port |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapOverrideMainServer | rw | no | Whether replica should be used instead |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapBase | rw | yes | Base |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapBaseUsers | rw | no | Base for users, defaults to general base if not specified |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapBaseGroups | rw | no | Base for groups, defaults to general base if not specified |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapAgentName | rw | no | DN for the (service) user to connect to LDAP |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapAgentPassword | rw | no | Password for the service user |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapTLS | rw | no | Whether to use StartTLS |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| turnOffCertCheck | rw | no | Turns off certificate validation for TLS connections |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapIgnoreNamingRules | rw | no | Backwards compatibility, do not set it. |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapUserDisplayName | rw | yes | Attribute used as display name for users |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapUserDisplayName2 | rw | no | Additional attribute, if set show on brackets next to the main attribute |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapGidNumber | rw | no | group ID attribute, needed for primary groups on OpenLDAP (and compatible) |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapUserFilterObjectclass | rw | no | set by the Settings Wizard (web UI) |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapUserFilterGroups | rw | no | set by the Settings Wizard (web UI) |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapUserFilter | rw | yes | LDAP Filter used to retrieve user |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapUserFilterMode | rw | no | used by the Settings Wizard, set to 1 for manual editing |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapAttributesForUserSearch | rw | no | attributes to be matched when searching for users. separate by ; |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapGroupFilter | rw | no | LDAP Filter used to retrieve groups |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapGroupFilterMode | rw | no | used by the Settings Wizard, set to 1 for manual editing |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapGroupFilterObjectclass | rw | no | set by the Settings Wizard (web UI) |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapGroupFilterGroups | rw | no | set by the Settings Wizard (web UI) |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapGroupMemberAssocAttr | rw | no | attribute that indicates group members, one of: member, memberUid, uniqueMember, gidNumber |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapGroupDisplayName | rw | no | Attribute used as display name for groups, required if groups are used |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapAttributesForGroupSearch | rw | no | attributes to be matched when searching for groups. separate by ; |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapLoginFilter | rw | yes | LDAP Filter used to authenticate users |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapLoginFilterMode | rw | no | used by the Settings Wizard, set to 1 for manual editing |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapLoginFilterEmail | rw | no | set by the Settings Wizard (web UI) |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapLoginFilterUsername | rw | no | set by the Settings Wizard (web UI) |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapLoginFilterAttributes | rw | no | set by the Settings Wizard (web UI) |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapQuotaAttribute | rw | no | LDAP attribute containing the quote value (per user) |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapQuotaDefault | rw | no | Default Quota, if specified quota attribute is empty |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapEmailAttribute | rw | no | LDAP attribute containing the email address (takes first if multiple are stored) |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapCacheTTL | rw | no | How long results from LDAP are cached, defaults to 10min |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapUuidUserAttribute | r | no | set in runtime |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapUuidGroupAttribute | r | no | set in runtime |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapConfigurationActive | rw | no | whether this configuration is active. 1 is on, 0 is off. |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapExperiencedAdmin | rw | no | used by the Settings Wizard, set to 1 for manual editing |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| homeFolderNamingRule | rw | no | LDAP attribute to use a user folder name |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| hasPagedResultSupport | r | no | set in runtime |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | r | no | set in runtime |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| useMemberOfToDetectMembership | rw | no | Whether to use memberOf to detect group memberships |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapExpertUsernameAttr | rw | no | LDAP attribute to use as internal username. Might be modified (e.g. to avoid name collisions, character restrictions) |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapExpertUUIDUserAttr | rw | no | override the LDAP servers UUID attribute to identify LDAP user records |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapExpertUUIDGroupAttr | rw | no | override the LDAP servers UUID attribute to identify LDAP group records |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| lastJpegPhotoLookup | r | no | set in runtime |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapNestedGroups | rw | no | Whether LDAP supports nested groups |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapPagingSize | rw | no | Number of results to return per page |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| turnOnPasswordChange | rw | no | Whether users are allowed to change passwords (hashing must happen on LDAP!) |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapDynamicGroupMemberURL | rw | no | URL for dynamic groups |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+
| ldapDefaultPPolicyDN | rw | no | PPolicy DN for password rules |
+-------------------------------+------+----------+-----------------------------------------------------------------------------------------------------------------------+

157
admin_manual/configuration_user/user_configuration.rst
View File

@ -13,19 +13,20 @@ On the User management page of your Nextcloud Web UI you can:
* View and set quotas
* Create and edit their email addresses
* Send an automatic email notification to new users
* Disable and Enable users
* Delete them with a single click
The default view displays basic information about your users.
.. figure:: ../images/users-config.png
The Group filters on the left sidebar lets you quickly filter users by their
The Group filters on the left sidebar lets you quickly filter users by their
group memberships, and create new groups.
.. figure:: ../images/users-config-1.png
Click the gear icon on the lower left sidebar to set a default storage quota,
and to display additional fields: **Show storage location, Show last log in,
Click the gear icon on the lower left sidebar to set a default storage quota,
and to display additional fields: **Show storage location, Show last log in,
Show user backend, Send email to new users,** and **Show email address**.
.. figure:: ../images/users-config-2.png
@ -36,25 +37,25 @@ User accounts have the following properties:
The unique ID of an Nextcloud user, and it cannot be changed.
*Full Name*
The user's display name that appears on file shares, the Nextcloud Web
interface, and emails. Admins and users may change the Full Name anytime. If
The user's display name that appears on file shares, the Nextcloud Web
interface, and emails. Admins and users may change the Full Name anytime. If
the Full Name is not set it defaults to the login name.
*Password*
The admin sets the new user's first password. Both the user and the admin can
The admin sets the new user's first password. Both the user and the admin can
change the user's password at anytime.
*Groups*
You may create groups, and assign group memberships to users. By default new
You may create groups, and assign group memberships to users. By default new
users are not assigned to any groups.
*Group Admin*
Group admins are granted administrative privileges on specific groups, and
Group admins are granted administrative privileges on specific groups, and
can add and remove users from their groups.
*Quota*
The maximum disk space assigned to each user. Any user that exceeds the quota
cannot upload or sync data. You have the the option to include external
The maximum disk space assigned to each user. Any user that exceeds the quota
cannot upload or sync data. You have the the option to include external
storage in user quotas.
Creating a New User
@ -62,128 +63,152 @@ Creating a New User
To create a user account:
* Enter the new user's **Login Name** and their initial **Password**
* Enter the new user's **Login Name** and their initial **Password**
* Optionally, assign **Groups** memberships
* Click the **Create** button
.. figure:: ../images/users-create.png
Login names may contain letters (a-z, A-Z), numbers (0-9), dashes (-),
underscores (_), periods (.) and at signs (@). After creating the user, you
may fill in their **Full Name** if it is different than the login name, or
Login names may contain letters (a-z, A-Z), numbers (0-9), dashes (-),
underscores (_), periods (.) and at signs (@). After creating the user, you
may fill in their **Full Name** if it is different than the login name, or
leave it for the user to complete.
If you have checked **Send email to new user** in the control panel on the
lower left sidebar, you may also enter the new user's email address, and
Nextcloud will automatically send them a notification with their new login
information. You may edit this email using the email template editor on your
If you have checked **Send email to new user** in the control panel on the
lower left sidebar, you may also enter the new user's email address, and
Nextcloud will automatically send them a notification with their new login
information. You may edit this email using the email template editor on your
Admin page (see :doc:`../configuration_server/email_configuration`).
Set the **Send email to new user**-checkbox allows you to leave the **Password**
field empty. The user will get an activation-email to set his own password.
Reset a User's Password
~~~~~~~~~~~~~~~~~~~~~~~
You cannot recover a user's password, but you can set a new one:
* Hover your cursor over the user's **Password** field
* Click on the **pencil icon**
* Enter the user's new password in the password field, and remember to provide
* Click on the **pencil icon**
* Enter the user's new password in the password field, and remember to provide
the user with their password
If you have encryption enabled, there are special considerations for user
password resets. Please see
If you have encryption enabled, there are special considerations for user
password resets. Please see
:doc:`../configuration_files/encryption_configuration`.
Renaming a User
~~~~~~~~~~~~~~~
Each Nextcloud user has two names: a unique **Login Name** used for
authentication, and a **Full Name**, which is their display name. You can edit
Each Nextcloud user has two names: a unique **Login Name** used for
authentication, and a **Full Name**, which is their display name. You can edit
the display name of a user, but you cannot change the login name of any user.
To set or change a user's display name:
* Hover your cursor over the user's **Full Name** field
* Click on the **Pencil icon**
* Click on the **Pencil icon**
* Enter the user's new display name
Granting Administrator Privileges to a User
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nextcloud has two types of administrators: **Super Administrators** and **Group
Administrators**. Group administrators have the rights to create, edit and
delete users in their assigned groups. Group administrators cannot access
system settings, or add or modify users in the groups that they are not **Group
Administrators** for. Use the dropdown menus in the **Group Admin** column to
Nextcloud has two types of administrators: **Super Administrators** and **Group
Administrators**. Group administrators have the rights to create, edit and
delete users in their assigned groups. Group administrators cannot access
system settings, or add or modify users in the groups that they are not **Group
Administrators** for. Use the dropdown menus in the **Group Admin** column to
assign group admin privileges.
.. figure:: ../images/users-groups.png
**Super Administrators** have full rights on your Nextcloud server, and can
access and modify all settings. To assign the **Super Administrators** role to
**Super Administrators** have full rights on your Nextcloud server, and can
access and modify all settings. To assign the **Super Administrators** role to
a user, simply add them to the ``admin`` group.
Managing Groups
~~~~~~~~~~~~~~~
You can assign new users to groups when you create them, and create new groups
when you create new users. You may also use the **Add Group** button at the top
of the left pane to create new groups. New group members will immediately
You can assign new users to groups when you create them, and create new groups
when you create new users. You may also use the **Add Group** button at the top
of the left pane to create new groups. New group members will immediately
have access to file shares that belong to their new groups.
Setting Storage Quotas
~~~~~~~~~~~~~~~~~~~~~~
Click the gear on the lower left pane to set a default storage quota. This is
automatically applied to new users. You may assign a different quota to any user
by selecting from the **Quota** dropdown, selecting either a preset value or
entering a custom value. When you create custom quotas, use the normal
Click the gear on the lower left pane to set a default storage quota. This is
automatically applied to new users. You may assign a different quota to any user
by selecting from the **Quota** dropdown, selecting either a preset value or
entering a custom value. When you create custom quotas, use the normal
abbreviations for your storage values such as 500 MB, 5 GB, 5 TB, and so on.
You now have a configurable option in ``config.php`` that controls whether
external storage is counted against user's quotas. This is still
experimental, and may not work as expected. The default is to not count
external storage as part of user storage quotas. If you prefer to include it,
You now have a configurable option in ``config.php`` that controls whether
external storage is counted against user's quotas. This is still
experimental, and may not work as expected. The default is to not count
external storage as part of user storage quotas. If you prefer to include it,
then change the default ``false`` to ``true``.::
'quota_include_external_storage' => false,
Metadata (such as thumbnails, temporary files, and encryption keys) takes up
about 10% of disk space, but is not counted against user quotas. Users can check
their used and available space on their Personal pages. Only files that
originate with users count against their quotas, and not files shared with them
that originate from other users. For example, if you upload files to a
different user's share, those files count against your quota. If you re-share a
file that another user shared with you, that file does not count against your
Metadata (such as thumbnails, temporary files, and encryption keys) takes up
about 10% of disk space, but is not counted against user quotas. Users can check
their used and available space on their Personal pages. Only files that
originate with users count against their quotas, and not files shared with them
that originate from other users. For example, if you upload files to a
different user's share, those files count against your quota. If you re-share a
file that another user shared with you, that file does not count against your
quota, but the originating user's.
Encrypted files are a little larger than unencrypted files; the unencrypted size
Encrypted files are a little larger than unencrypted files; the unencrypted size
is calculated against the user's quota.
Deleted files that are still in the trash bin do not count against quotas. The
trash bin is set at 50% of quota. Deleted file aging is set at 30 days. When
deleted files exceed 50% of quota then the oldest files are removed until the
Deleted files that are still in the trash bin do not count against quotas. The
trash bin is set at 50% of quota. Deleted file aging is set at 30 days. When
deleted files exceed 50% of quota then the oldest files are removed until the
total is below 50%.
When version control is enabled, the older file versions are not counted
When version control is enabled, the older file versions are not counted
against quotas.
When a user creates a public share via URL, and allows uploads, any uploaded
When a user creates a public share via URL, and allows uploads, any uploaded
files count against that user's quota.
Disable and Enable users
~~~~~~~~~~~~~~~~~~~~~~~~
.. figure:: ../images/users-actions.png
Sometimes you may want to disable a user without permanently deleting his
settings and files. The user can be activated any time again, without data-loss.
Hover your cursor over their name on the **Users** page until the "..."-menu icon
appears at the far right. After clicking on it, you will see the **Disable** option.
The user will not longer be able to access his Nextcloud until you enable him again.
Keep in mind that the files, which were shared by this user will not longer be accessible.
You will find all disabled users in the **disabled**-section on the left pane.
Enabling users is as easy as disabling them. Just click on the "..."-menu, and
select **Enable**.
Deleting users
~~~~~~~~~~~~~~
Deleting a user is easy: hover your cursor over their name on the **Users** page
until a trashcan icon appears at the far right. Click the trashcan, and they're
gone. You'll see an undo button at the top of the page, which remains until you
refresh the page. When the undo button is gone you cannot recover the deleted
user.
.. figure:: ../images/users-actions.png
All of the files owned by the user are deleted as well, including all files they
Deleting a user is easy: hover your cursor over their name on the **Users** page
until the "..."-menu icon appears at the far right. After clicking on it, you will
see the **Delete** option. Clicking on it, delets a user with all his data immediately.
You'll see an undo button at the top of the page, which remains for some seconds.
When the undo button is gone you cannot recover the deleted user.
All of the files owned by the user are deleted as well, including all files they
have shared. If you need to preserve the user's files and shares, you must first
download them from your Nextcloud Files page, which compresses them into a zip
file, or use a sync client to copy them to your local computer. See
:doc:`../configuration_files/file_sharing_configuration` to learn how to create
download them from your Nextcloud Files page, which compresses them into a zip
file, or use a sync client to copy them to your local computer. See
:doc:`../configuration_files/file_sharing_configuration` to learn how to create
persistent file shares that survive user deletions.

204
admin_manual/configuration_user/user_provisioning_api.rst
View File

@ -20,8 +20,8 @@ All POST requests require the ``Content-Type: application/x-www-form-urlencoded`
Instruction Set For Users
=========================
**users / adduser**
-------------------
Add a new user
--------------
Create a new user on the Nextcloud server. Authentication is done by sending a
basic HTTP authentication header.
@ -49,7 +49,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -61,8 +61,8 @@ XML Output
<data/>
</ocs>
**users / getusers**
--------------------
Search/get users
----------------
Retrieves a list of users from the Nextcloud server. Authentication is done by
sending a Basic HTTP Authorization header.
@ -87,7 +87,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -102,8 +102,8 @@ XML Output
</data>
</ocs>
**users / getuser**
-------------------
Get data of a single user
-------------------------
Retrieves information about a single user. Authentication is done by sending a
Basic HTTP Authorization header.
@ -125,7 +125,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -134,14 +134,24 @@ XML Output
<status>ok</status>
</meta>
<data>
<email>frank@example.org</email>
<quota>0</quota>
<enabled>true</enabled>
<id>Frank</id>
<quota>0</quota>
<email>frank@example.org</email>
<displayname>Frank K.</displayname>
<phone>0123 / 456 789</phone>
<address>Foobar 12, 12345 Town</address>
<website>https://nextcloud.com</website>
<twitter>Nextcloud</twitter>
<groups>
<element>group1</element>
<element>group2</element>
</groups>
</data>
</ocs>
**users / edituser**
--------------------
Edit data of a single user
--------------------------
Edits attributes related to a user. Users are able to edit email, displayname
and password; admins can also edit the quota value. Authentication is done by
@ -150,7 +160,18 @@ sending a Basic HTTP Authorization header.
**Syntax: ocs/v1.php/cloud/users/{userid}**
* HTTP method: PUT
* PUT argument: key, the field to edit (email, quota, display, password)
* PUT argument: key, the field to edit:
+ email
+ quota
+ displayname
+ display (**deprecated** use `displayname` instead)
+ phone
+ address
+ website
+ twitter
+ password
* PUT argument: value, the new value for the field
Status codes:
@ -173,7 +194,7 @@ Examples
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -184,8 +205,8 @@ XML Output
<data/>
</ocs>
**users / disableuser**
-----------------------
Disable a user
--------------
Disables a user on the Nextcloud server so that the user cannot login anymore.
Authentication is done by sending a Basic HTTP Authorization header.
@ -208,7 +229,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -220,8 +241,8 @@ XML Output
<data/>
</ocs>
**users / enableuser**
----------------------
Enable a user
-------------
Enables a user on the Nextcloud server so that the user can login again.
Authentication is done by sending a Basic HTTP Authorization header.
@ -244,7 +265,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -256,8 +277,8 @@ XML Output
<data/>
</ocs>
**users / deleteuser**
----------------------
Delete a user
-------------
Deletes a user from the Nextcloud server. Authentication is done by sending a
Basic HTTP Authorization header.
@ -280,7 +301,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -291,8 +312,8 @@ XML Output
<data/>
</ocs>
**users / getgroups**
---------------------
Get user´s groups
-----------------
Retrieves a list of groups the specified user is a member of. Authentication is
done by sending a Basic HTTP Authorization header.
@ -314,7 +335,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -330,8 +351,8 @@ XML Output
</data>
</ocs>
**users / addtogroup**
----------------------
Add user to group
-----------------
Adds the specified user to the specified group. Authentication is done by
sending a Basic HTTP Authorization header.
@ -360,7 +381,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -371,8 +392,8 @@ XML Output
<data/>
</ocs>
**users / removefromgroup**
---------------------------
Remove user from group
----------------------
Removes the specified user from the specified group. Authentication is done by
sending a Basic HTTP Authorization header.
@ -402,7 +423,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -413,8 +434,8 @@ XML Output
<data/>
</ocs>
**users / createsubadmin**
--------------------------
Promote user to subadmin
------------------------
Makes a user the subadmin of a group. Authentication is done by sending a Basic
HTTP Authorization header.
@ -443,7 +464,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -454,8 +475,8 @@ XML Output
<data/>
</ocs>
**users / removesubadmin**
--------------------------
Demote user from subadmin
-------------------------
Removes the subadmin rights for the user specified from the group specified.
Authentication is done by sending a Basic HTTP Authorization header.
@ -484,7 +505,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -495,8 +516,8 @@ XML Output
<data/>
</ocs>
**users / getsubadmingroups**
-----------------------------
Get user´s subadmin groups
--------------------------
Returns the groups in which the user is a subadmin. Authentication is done by
sending a Basic HTTP Authorization header.
@ -521,7 +542,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -534,12 +555,49 @@ XML Output
<element>testgroup</element>
</data>
</ocs>
Resend the welcome email
------------------------
The request to this endpoint triggers the welcome email for this user again.
**Syntax: ocs/v1.php/cloud/users/{userid}/welcome**
* HTTP method: POST
Status codes:
* 100 - successful
* 101 - email address not available
* 102 - sending email failed
Example
^^^^^^^
* POST
``https://admin:secret@example.com/ocs/v1.php/cloud/users/Frank/welcome``
* Sends the welcome email to ``Frank``
XML Output
^^^^^^^^^^
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
<meta>
<status>ok</status>
<statuscode>100</statuscode>
<message/>
</meta>
<data/>
</ocs>
Instruction Set For Groups
==========================
**groups / getgroups**
----------------------
Search/get groups
-----------------
Retrieves a list of groups from the Nextcloud server. Authentication is done by
sending a Basic HTTP Authorization header.
@ -564,7 +622,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -579,8 +637,8 @@ XML Output
</data>
</ocs>
**groups / addgroup**
---------------------
Create a group
--------------
Adds a new group. Authentication is done by
sending a Basic HTTP Authorization header.
@ -607,7 +665,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -618,8 +676,8 @@ XML Output
<data/>
</ocs>
**groups / getgroup**
---------------------
Get members of a group
----------------------
Retrieves a list of group members. Authentication is done by sending a Basic
HTTP Authorization header.
@ -641,7 +699,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -656,8 +714,8 @@ XML Output
</data>
</ocs>
**groups / getsubadmins**
-------------------------
Get subadmins of a group
------------------------
Returns subadmins of the group. Authentication is done by
sending a Basic HTTP Authorization header.
@ -682,7 +740,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -696,8 +754,8 @@ XML Output
</data>
</ocs>
**groups / deletegroup**
------------------------
Delete a group
--------------
Removes a group. Authentication is done by
sending a Basic HTTP Authorization header.
@ -721,7 +779,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -731,12 +789,12 @@ XML Output
</meta>
<data/>
</ocs>
Instruction Set For Apps
=========================
**apps / getapps**
------------------
Instruction Set For Apps
========================
Getlist of apps
---------------
Returns a list of apps installed on the Nextcloud server. Authentication is done
by sending a Basic HTTP Authorization
@ -761,7 +819,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -777,8 +835,8 @@ XML Output
</data>
</ocs>
**apps / getappinfo**
---------------------
Get app info
------------
Provides information on a specific application. Authentication is done by
sending a Basic HTTP Authorization header.
@ -800,7 +858,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -831,8 +889,8 @@ XML Output
</data>
</ocs>
**apps / enable**
-----------------
Enable an app
-------------
Enable an app. Authentication is done by sending a Basic HTTP Authorization
header.
@ -854,7 +912,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>
@ -864,8 +922,8 @@ XML Output
</meta>
</ocs>
**apps / disable**
------------------
Disable an app
--------------
Disables the specified app. Authentication is
done by sending a Basic HTTP Authorization header.
@ -888,7 +946,7 @@ Example
XML Output
^^^^^^^^^^
::
.. code-block:: xml
<?xml version="1.0"?>
<ocs>

3
admin_manual/contents.rst
View File

@ -10,7 +10,8 @@ Table of Contents
installation/index
configuration_server/index
configuration_user/index
configuration_files/index
configuration_files/index
file_workflows/index
configuration_database/index
configuration_mimetypes/index
maintenance/index

5
admin_manual/configuration_files/files_access_control.rst → admin_manual/file_workflows/access_control.rst
View File

@ -98,6 +98,11 @@ option.
* **File collaborative tag:** Either the file itself, or any of the file
owner's parent folders needs to be tagged with the tag.
.. note:: Tags used in access control rules should be restricted tags,
otherwise any user can remove the tag to access the file again.
The best way to do this is with the :doc:`automated_tagging`.
* **File mimetype:** The mimetype of the file, e.g. ``text/plain``
* **File size:** The size of the file (*Only available on upload*)

31
admin_manual/file_workflows/automated_tagging.rst Normal file
View File

@ -0,0 +1,31 @@
==========================
Automated Tagging of Files
==========================
Nextcloud's Files Automated Tagging app allows to assign collaborative tags
to files and folders based on rules, similar to :doc:`access_control`.
Assigning restricted and invisible tags
---------------------------------------
The main functionality of this app is to allow users to indirectly assign
restricted and invisible tags to files they upload.
This is especially useful for retention and :doc:`access_control`, so people
that got the files shared can not remove the tag to stop the retention or
allow access against the owners will.
.. figure:: images/automated_tagging_sample_rule.png
:alt: Sample rule to assign a restricted tag.
In the sample you can see a simple rule with only one condition.
It will tag all files with the restricted tag ``Protected file`` that are
uploaded into a folder that is tagged with ``Protect content``. No user can
remove the tag ``Protected file`` and therefor access control and retention
both work fine without users being able to work around them.
Available rules
---------------
The available rules can be seen in the access control section: :ref:`available-rules-label`.

BIN
admin_manual/file_workflows/images/automated_tagging_sample_rule.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

0
admin_manual/configuration_files/images/files_access_control_block_mimetype.png → admin_manual/file_workflows/images/files_access_control_block_mimetype.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 12 KiB

0
admin_manual/configuration_files/images/files_access_control_collaborative_tags.png → admin_manual/file_workflows/images/files_access_control_collaborative_tags.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

0
admin_manual/configuration_files/images/files_access_control_sample_rules.png → admin_manual/file_workflows/images/files_access_control_sample_rules.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 35 KiB

After

Width:  |  Height:  |  Size: 35 KiB

BIN
admin_manual/file_workflows/images/retention_sample.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

11
admin_manual/file_workflows/index.rst Normal file
View File

@ -0,0 +1,11 @@
==============
File Workflows
==============
.. toctree::
:maxdepth: 2
access_control
automated_tagging
retention

33
admin_manual/file_workflows/retention.rst Normal file
View File

@ -0,0 +1,33 @@
==================
Retention of Files
==================
Nextcloud's Files Retention app allows to automatically delete files that
are tagged with a collaborative tag and have a certain age.
Sample
------
.. figure:: images/retention_sample.png
:alt: Sample rule to delete files after 14 days.
The rule from the sample will delete all files tagged with ``Temporary file`` after 14 days.
Common misconfigurations
------------------------
Public collaborative tag
========================
Similar to :doc:`access_control` retention should use ``restricted`` or ``invisible``
tags. Otherwise any user can remove the tag and the file is not removed after the given
period. Use :doc:`automated_tagging` to assign such tags to newly uploaded files.
File age
========
Currently retention is based on the creation date of the file. The sync client sends
the **original** creation date to the server, while uploading through the web interface
will create a new file with a **new** creation date.
We hope to be able to add a ``upload date`` to the filesystem soon, which would make more
sense. Until then this potentially unexpected behaviour has to be taken into account.

BIN
admin_manual/images/external-sites-1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 50 KiB

After

Width:  |  Height:  |  Size: 77 KiB

BIN
admin_manual/images/external-sites-2.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 28 KiB

After

Width:  |  Height:  |  Size: 23 KiB

BIN
admin_manual/images/external-sites-3.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 30 KiB

BIN
admin_manual/images/ldap-advanced-2-directory.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 41 KiB

After

Width:  |  Height:  |  Size: 28 KiB

BIN
admin_manual/images/users-actions.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
admin_manual/images/users-config-1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 5.9 KiB

After

Width:  |  Height:  |  Size: 19 KiB

BIN
admin_manual/images/users-config-2.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 7.9 KiB

After

Width:  |  Height:  |  Size: 67 KiB

BIN
admin_manual/images/users-create.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 27 KiB

After

Width:  |  Height:  |  Size: 54 KiB

BIN
admin_manual/images/users-groups.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 36 KiB

15
admin_manual/index.rst
View File

@ -1,9 +1,6 @@
=============================================================
Nextcloud |version| Server Administration Manual Introduction
=============================================================
============
Introduction
------------
============
Welcome to the Nextcloud Server Administration Guide. This guide describes
administration tasks for Nextcloud, the flexible open source file synchronization
@ -22,8 +19,8 @@ Nextcloud server is available:
See :doc:`../release_notes` for more information on the different Nextcloud
editions.
Nextcloud Videos and Blogs
--------------------------
Videos and Blogs
----------------
See the `official Nextcloud channel
<https://www.youtube.com/channel/UCQjN5Fs5QSz1loJqLb5bkew>`_
@ -45,8 +42,8 @@ respective manuals:
* `Nextcloud Android App`_
* `Nextcloud iOS App`_
.. _`Nextcloud User Manual`: https://docs.nextcloud.com/server/11/user_manual/
.. _`Nextcloud/ownCloud Desktop Client`: https://doc.owncloud.org/desktop/2.2/
.. _`Nextcloud User Manual`: https://docs.nextcloud.com/server/12/user_manual/
.. _`Nextcloud/ownCloud Desktop Client`: https://doc.owncloud.org/desktop/2.3/
.. _`Nextcloud Android App`: https://docs.nextcloud.com/android/
.. _`Nextcloud iOS App`: https://docs.nextcloud.com/ios/

7
admin_manual/installation/apps_management_installation.rst
View File

@ -8,7 +8,7 @@ applications.
Supported Apps
--------------
See :doc:`apps_supported` for a list of supported Enterprise edition apps.
See :doc:`apps_supported` for a list of supported apps.
Viewing Enabled Apps
--------------------
@ -42,9 +42,6 @@ page by default.
Click the app name to view a description of the app and any of the app settings in the Application View field. Clicking the **Enable** button will enable the app. If the app is not part of the Nextcloud installation, it will be downloaded from the app store, installed and enabled.
Click the gear icon on the lower left to browse experimental apps in the `ownCloud Apps
Store <https://apps.owncloud.com/>`_. Install experimental apps at your own risk.
Sometimes the installation of a third-party app fails silently, possibly because
``'appcodechecker' => true,`` is enabled in ``config.php``. When ``appcodechecker`` is
enabled it checks if third-party apps are using the private API, rather than the public
@ -52,7 +49,7 @@ API. If they are then they will not be installed.
.. note:: If you would like to create or add your own Nextcloud app, please
refer to the `developer manual
<https://docs.nextcloud.org/server/11/developer_manual/app/index.html>`_.
<https://docs.nextcloud.org/server/12/developer_manual/app/index.html>`_.
.. TODO ON RELEASE: Update version number above on release
Using Custom App Directories

23
admin_manual/installation/apps_supported.rst
View File

@ -1,25 +1,25 @@
===========================
Supported Apps in Nextcloud
===========================
==============
Supported Apps
==============
AGPL Apps
---------
Below is the list of apps supported for Nextcloud |version|. Supported here means that we'll accept bugreports and resolve them in these apps with regard to functionality and compatibility with Nextcloud |version|. To get access to work-arounds, long term support, priority bug fixing and custom consulting, contact Nextcloud GmbH.
* Activity
* Admin Audit Log
* AntiVirus
* Calendar
* Circles
* Collaborative Tags
* Comments
* Contacts
* Encryption
* External Sites
* External Storage
* Federated File Sharing (allows file sharing across Nextcloud instances)
* Federation (allows usernname auto-complete across Nextcloud instances)
* Files (cannot be disabled)
* Files Access Control
* Files Automated Tagging
* Files External (external storage)
* Files PDF Viewer
* Files Sharing
* Files Text Editor
@ -28,15 +28,26 @@ AGPL Apps
* Files Video Player
* First Run Wizard
* Gallery
* Logreader
* Lookup Server Connector
* Nextant
* Nextcloud Announcements
* Notifications
* Object Storage (Swift)
* Password Policy
* Provisioning API
* Server info (monitoring app)
* Sharebymail
* Socialsharing (Diaspora, email, Facebook, Google+ and Twitter)
* Sharepoint (external storage)
* Template Editor (for notification emails)
* Theming
* Update Notifications
* User External
* User LDAP
* User Shibboleth/SAML
* Video Calls (former Spreed)
* WebDAV Endpoint (handles old and new webdav endpoints)
* Workflow Engine (cannot be disabled)
All apps are licensed under the AGPL.

11
admin_manual/installation/command_line_installation.rst
View File

@ -1,6 +1,6 @@
==========================================
Installing Nextcloud from the Command Line
==========================================
============================
Installing from Command Line
============================
It is now possible to install Nextcloud entirely from the command line. This is
convenient for scripted operations, headless servers, and sysadmins who prefer
@ -38,11 +38,6 @@ Supported databases are::
See :ref:`command_line_installation_label` for more information.
Finally, apply the correct strong permissions to your Nextcloud files and
directories (see :ref:`strong_perms_label`). This is an extremely important
step. It helps protect your Nextcloud installation, and ensures that it will run
correctly.
BINLOG_FORMAT = STATEMENT
-------------------------

18
admin_manual/installation/deployment_recommendations.rst
View File

@ -1,6 +1,6 @@
====================================
Nextcloud Deployment Recommendations
====================================
==========================
Deployment Recommendations
==========================
What is the best way to install and maintain Nextcloud? The answer to that is
*"it depends"* because every Nextcloud customer has their own
@ -414,7 +414,7 @@ Provider setup:
* Least load to Apache servers (2-n)
* Memcached/Redis for shared session storage (2-n)
* Database cluster with single Master, multiple slaves and proxy to split
requests accordingly (2-n) - HAProxy or `MaxScale`_ are possible proxy
requests accordingly (2-n) - `MaxScale`_ is a possible proxy
solutions to load balance the writes to the master and reads to the slaves
(see "Database load balancer" below)
* GPFS or Ceph via phprados (2-n, 3 to be safe, Ceph 10+ nodes to see speed
@ -456,8 +456,6 @@ When Galera cluster is used as DB cluster solution, we recommend to use
`MaxScale`_ as load balancer infront of the cluster to distribute writes to
the master node and reads to the slaves.
As alternative also `HAProxy can be used as load balancer for the DB`_.
Software Considerations
-----------------------
@ -553,11 +551,11 @@ References
.. TODO ON RELEASE: Update version number below on release
.. _Maintenance:
https://docs.nextcloud.org/server/11/admin_manual/maintenance/index.html
https://docs.nextcloud.org/server/12/admin_manual/maintenance/index.html
.. _User Authentication with LDAP:
https://docs.nextcloud.org/server/11/admin_manual/configuration_user/user_auth_ldap.html
https://docs.nextcloud.org/server/12/admin_manual/configuration_user/user_auth_ldap.html
.. _Configuring Memory Caching:
https://docs.nextcloud.org/server/11/admin_manual/configuration_server/caching_configuration.html
https://docs.nextcloud.org/server/12/admin_manual/configuration_server/caching_configuration.html
.. _Nextcloud Server or Enterprise Edition:
https://nextcloud.com/enterprise/
@ -579,8 +577,6 @@ References
http://galeracluster.com/documentation-webpages/isolationlevels.html#understanding-isolation-levels
.. _contact the Nextcloud team:
https://nextcloud.com/contact/
.. _HAProxy can be used as load balancer for the DB:
https://severalnines.com/blog/avoiding-deadlocks-galera-set-haproxy-single-node-writes-and-multi-node-reads
.. _MaxScale:
https://mariadb.com/products/mariadb-maxscale
.. _HAProxy:

3
admin_manual/installation/index.rst
View File

@ -15,5 +15,4 @@ Installation
php_56_installation
php_70_installation
selinux_configuration
nginx_examples
nginx_nextcloud_9x
nginx

99
admin_manual/installation/installation_wizard.rst
View File

@ -22,14 +22,11 @@ You're finished and can start using your new Nextcloud server.
Of course, there is much more that you can do to set up your Nextcloud server for
best performance and security. In the following sections we will cover important
installation and post-installation steps. Note that you must follow the
instructions in :ref:`Setting Strong Permissions <strong_perms_label>` in order
to use the :doc:`occ Command <../configuration_server/occ_command>`.
installation and post-installation steps.
* :ref:`Data Directory Location <data_directory_location_label>`
* :ref:`Database Choice <database_choice_label>`
* :ref:`Trusted Domains <trusted_domains_label>`
* :ref:`Setting Strong Permissions <strong_perms_label>`
.. _data_directory_location_label:
@ -49,8 +46,7 @@ Nextcloud data in a different location for other reasons (e.g. on a storage
server). It is best to configure your data directory location at installation,
as it is difficult to move after installation. You may put it anywhere; in this
example is it located in ``/var/oc_data``. This directory must already exist,
and must be owned by your HTTP user (see
:ref:`strong_perms_label`).
and must be owned by your HTTP user.
.. _database_choice_label:
@ -113,94 +109,3 @@ is not whitelisted the following error appears:
.. figure:: images/install-wizard-a4.png
:scale: 75%
:alt: Error message when URL is not whitelisted
.. _strong_perms_label:
Setting Strong Directory Permissions
------------------------------------
For hardened security we recommend setting the permissions on your Nextcloud
directories as strictly as possible. This should be done immediately after the
initial installation and before running the setup. Your HTTP user must own the
``config/``, ``data/`` and ``apps/`` directories so that you can configure
Nextcloud, create, modify and delete your data files, and install apps via the
Nextcloud Web interface.
You can find your HTTP user in your HTTP server configuration files. Or you can
use :ref:`label-phpinfo` (Look for the **User/Group** line).
* The HTTP user and group in Debian/Ubuntu is ``www-data``.
* The HTTP user and group in Fedora/CentOS is ``apache``.
* The HTTP user and group in Arch Linux is ``http``.
* The HTTP user in openSUSE is ``wwwrun``, and the HTTP group is ``www``.
.. note:: When using an NFS mount for the data directory, do not change its
ownership from the default. The simple act of mounting the drive will set
proper permissions for Nextcloud to write to the directory. Changing
ownership as above could result in some issues if the NFS mount is
lost.
The easy way to set the correct permissions is to copy and run this script.
Replace the ``ocpath`` variable with the path to your Nextcloud directory, and
replace the ``htuser`` and ``htgroup`` variables with your HTTP user and group::
#!/bin/bash
ocpath='/var/www/nextcloud'
datapath='/var/www/nextcloud/data'
htuser='www-data'
htgroup='www-data'
rootuser='root'
printf "Creating possible missing Directories\n"
mkdir -p $ocpath/data
mkdir -p $ocpath/updater
printf "chmod Files and Directories\n"
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
printf "chown Directories\n"
chown -R ${rootuser}:${htgroup} ${ocpath}/
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
chown -R ${htuser}:${htgroup} ${ocpath}/config/
chown -R ${htuser}:${htgroup} ${datapath}
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
chown -R ${htuser}:${htgroup} ${ocpath}/updater/
chmod +x ${ocpath}/occ
printf "chmod/chown .htaccess\n"
if [ -f ${ocpath}/.htaccess ]
then
chmod 0644 ${ocpath}/.htaccess
chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
fi
if [ -f ${datapath}/.htaccess ]
then
chmod 0644 ${datapath}/.htaccess
chown ${rootuser}:${htgroup} ${datapath}/.htaccess
fi
If you have customized your Nextcloud installation and your filepaths are
different than the standard installation, then modify this script accordingly.
This lists the recommended modes and ownership for your Nextcloud directories
and files:
* All files should be read-write for the file owner, read-only for the
group owner, and zero for the world
* All directories should be executable (because directories always need the
executable bit set), read-write for the directory owner, and read-only for
the group owner
* The :file:`apps/` directory should be owned by ``[HTTP user]:[HTTP group]``
* The :file:`config/` directory should be owned by ``[HTTP user]:[HTTP group]``
* The :file:`themes/` directory should be owned by ``[HTTP user]:[HTTP group]``
* The :file:`data/` directory should be owned by ``[HTTP user]:[HTTP group]``
* The :file:`[ocpath]/.htaccess` file should be owned by ``root:[HTTP group]``
* The :file:`data/.htaccess` file should be owned by ``root:[HTTP group]``
* Both :file:`.htaccess` files are read-write file owner, read-only group and
world
These strong permissions prevent upgrading your Nextcloud server;
see :ref:`set_updating_permissions_label` for a script to quickly change
permissions to allow upgrading.

229
admin_manual/installation/nginx_nextcloud_9x.rst → admin_manual/installation/nginx.rst
View File

@ -2,21 +2,35 @@
Nginx Configuration
===================
The following configuration should be used when Nextcloud is placed in the
webroot of your Nginx installation. Be careful about line breaks if you copy
the examples, as long lines may be broken for page formatting.
This page covers example Nginx configurations to use with running an Nextcloud
server. This page is community-maintained. (Thank you, contributors!)
Some environments might need a ``cgi.fix_pathinfo`` set to ``1`` in their
``php.ini``.
- You need to insert the following code into **your Nginx configuration file.**
- Adjust **server_name**, **root**, **ssl_certificate** and
**ssl_certificate_key** to suit your needs.
- Make sure your SSL certificates are readable by the server (see `nginx HTTP
SSL Module documentation <http://wiki.nginx.org/HttpSslModule>`_).
- ``add_header`` statements are only taken from the current level and are not
cascaded from or to a different level. All necessary ``add_header``
statements must be defined in each level needed. For better readability it
is possible to move *common* add header statements into a separate file
and include that file wherever necessary. However, each ``add_header``
statement must be written in a single line to prevent connection problems
with sync clients.
- Be careful about line breaks if you copy the examples, as long lines may be
broken for page formatting.
- Some environments might need a ``cgi.fix_pathinfo`` set to ``1`` in their
``php.ini``.
Thanks to `@josh4trunks <https://github.com/josh4trunks>`_ for providing /
Thanks to `@josh4trunks <https://github.com/josh4trunks>`_ for providing /
creating these configuration examples.
Nextcloud in the webroot of nginx
---------------------------------
The following config should be used when Nextcloud is placed in the webroot of
your nginx installation.
The following configuration should be used when Nextcloud is placed in the
webroot of your nginx installation. In this example it is
``/var/www/nextcloud`` and it is accessed via ``http(s)://cloud.example.com``
.. code-block:: nginx
@ -31,105 +45,117 @@ your nginx installation.
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name cloud.example.com;
ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|woff|svg|gif)$ {
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
@ -137,8 +163,8 @@ your nginx installation.
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
@ -148,7 +174,7 @@ your nginx installation.
Nextcloud in a subdir of nginx
------------------------------
The following config should be used when Nextcloud is placed within a subdir of
The following config should be used when Nextcloud is placed within a subdir of
your nginx installation.
.. code-block:: nginx
@ -157,47 +183,46 @@ your nginx installation.
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name cloud.example.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name cloud.example.com;
ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000;
#add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
# rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta
# rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta
# last;
#rewrite ^/.well-known/host-meta.json
#rewrite ^/.well-known/host-meta.json
# /nextcloud/public.php?service=host-meta-json last;
location = /.well-known/carddav {
@ -208,23 +233,25 @@ your nginx installation.
}
location /.well-known/acme-challenge { }
location ^~ /nextcloud {
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /nextcloud/core/templates/403.php;
error_page 404 /nextcloud/core/templates/404.php;
location /nextcloud {
rewrite ^ /nextcloud/index.php$uri;
}
@ -236,38 +263,37 @@ your nginx installation.
deny all;
}
location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|woff|svg|gif)$ {
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /nextcloud/index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended
# to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read
# Before enabling Strict-Transport-Security headers please read
# into this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
@ -275,12 +301,51 @@ your nginx installation.
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /nextcloud/index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}
Tips and Tricks
---------------
Suppressing Log Messages
========================
If you're seeing meaningless messages in your logfile, for example ``client
denied by server configuration: /var/www/data/htaccesstest.txt``, add this section to
your nginx configuration to suppress them:
.. code-block:: nginx
location = /data/htaccesstest.txt {
allow all;
log_not_found off;
access_log off;
}
JavaScript (.js) or CSS (.css) files not served properly
========================================================
A common issue with custom nginx configs is that JavaScript (.js)
or CSS (.css) files are not served properly leading to a 404 (File not found)
error on those files and a broken webinterface.
This could be caused by the:
.. code-block:: nginx
location ~* \.(?:css|js)$ {
block shown above not located **below** the:
.. code-block:: nginx
location ~ \.php(?:$|/) {
block. Other custom configurations like caching JavaScript (.js)
or CSS (.css) files via gzip could also cause such issues.

334
admin_manual/installation/nginx_examples.rst
View File

@ -1,334 +0,0 @@
============================
Nginx Example Configurations
============================
This page covers example Nginx configurations to use with running an Nextcloud
server. Note that Nginx is not officially supported, and this page is
community-maintained. (Thank you, contributors!)
- You need to insert the following code into **your Nginx configuration file.**
- The configuration assumes that Nextcloud is installed in
``/var/www/nextcloud`` and that it is accessed via
``http(s)://cloud.example.com``.
- Adjust **server_name**, **root**, **ssl_certificate** and
**ssl_certificate_key** to suit your needs.
- Make sure your SSL certificates are readable by the server (see `nginx HTTP
SSL Module documentation <http://wiki.nginx.org/HttpSslModule>`_).
- ``add_header`` statements are only taken from the current level and are not
cascaded from or to a different level. All necessary ``add_header``
statements must be defined in each level needed. For better readability it
is possible to move *common* add header statements into a separate file
and include that file wherever necessary. However, each ``add_header``
statement must be written in a single line to prevent connection problems
with sync clients.
Example Configurations
----------------------
- :doc:`nginx_nextcloud_9x`
You can use Nextcloud over plain http, but we strongly encourage you to use
SSL/TLS to encrypt all of your server traffic, and to protect user's logins and
data in transit.
- Remove the server block containing the redirect
- Change **listen 443 ssl** to **listen 80;**
- Remove **ssl_certificate** and **ssl_certificate_key**.
- Remove **fastcgi_params HTTPS on;**
Suppressing Log Messages
========================
If you're seeing meaningless messages in your logfile, for example `client
denied by server configuration: /var/www/data/htaccesstest.txt
<https://forum.owncloud.org/viewtopic.php?f=17&t=20217>`_, add this section to
your nginx configuration to suppress them:
.. code-block:: nginx
location = /data/htaccesstest.txt {
allow all;
log_not_found off;
access_log off;
}
JavaScript (.js) or CSS (.css) files not served properly
========================================================
A common issue with custom nginx configs is that JavaScript (.js)
or CSS (.css) files are not served properly leading to a 404 (File not found)
error on those files and a broken webinterface.
This could be caused by the:
.. code-block:: nginx
location ~* \.(?:css|js)$ {
block shown above not located **below** the:
.. code-block:: nginx
location ~ \.php(?:$|/) {
block. Other custom configurations like caching JavaScript (.js)
or CSS (.css) files via gzip could also cause such issues.
Performance Tuning
==================
* `nginx (<1.9.5) <ngx_http_spdy_module <http://nginx.org/en/docs/http/ngx_http_spdy_module.html>`_
* `nginx (+1.9.5) <ngx_http_http2_module <http://nginx.org/en/docs/http/ngx_http_v2_module.html>`_
To use http_v2 for nginx you have to check two things:
1.) be aware that this module is not built in by default due to a dependency
to the openssl version used on your system. It will be enabled with the
``--with-http_v2_module`` configuration parameter during compilation. The
dependency should be checked automatically. You can check the presence of
http_v2 with ``nginx -V 2>&1 | grep http_v2 -o``. An example of how to
compile nginx can be found in section "Configure nginx with the
``nginx-cache-purge`` module" below.
2.) When you have used SPDY before, the nginx config has to be changed from
``listen 443 ssl spdy;`` to ``listen 443 ssl http2;``
nginx: caching Nextcloud gallery thumbnails
===========================================
One of the optimizations for Nextcloud when using nginx as the Web server is to
combine FastCGI caching with "Cache Purge", a `3rdparty nginx module
<http://wiki.nginx.org/3rdPartyModules>`_ that adds the ability to purge
content from `FastCGI`, `proxy`, `SCGI` and `uWSGI` caches. This mechanism
speeds up thumbnail presentation as it shifts requests to nginx and minimizes
php invocations which otherwise would take place for every thumbnail presented
every time.
The following procedure is based on an Ubuntu 14.04 system. You may need to
adapt it according your OS type and release.
.. note::
Unlike Apache, nginx does not dynamically load modules. All modules needed
must be compiled into nginx. This is one of the reasons for nginx´s
performance. It is expected to have an already running nginx installation
with a working configuration set up as described in the Nextcloud
documentation.
nginx module check
==================
As a first step, it is necessary to check if your nginx installation has the
``nginx cache purge`` module compiled in::
nginx -V 2>&1 | grep ngx_cache_purge -o
If your output contains ``ngx_cache_purge``, you can continue with the
configuration, otherwise you need to manually compile nginx with the module
needed.
Compile nginx with the ``nginx-cache-purge`` module
===================================================
1. **Preparation:**
::
cd /opt
wget http://nginx.org/keys/nginx_signing.key
sudo apt-key add nginx_signing.key
sudo vi /etc/apt/sources.list.d/nginx.list
Add the following lines (if different, replace ``{trusty}`` by your
distribution name)::
deb http://nginx.org/packages/mainline/ubuntu/ trusty nginx
deb -src http://nginx.org/packages/mainline/ubuntu/ trusty nginx
Then run ``sudo apt-get update``
.. note:: If you're not overly cautious and wish to install the latest and
greatest nginx packages and features, you may have to install nginx from its
mainline repository. From the nginx homepage: "In general, you should
deploy nginx from its mainline branch at all times." If you would like to
use standard nginx from the latest mainline branch but without compiling in
any additional modules, just run ``sudo apt-get install nginx``.
2. **Download the nginx source from the ppa repository**
::
cd /opt
sudo apt-get build-dep nginx
sudo apt-get source nginx
3. **Download module(s) to be compiled in and configure compiler arguments**
::
ls -la
Please replace ``{release}`` with the release downloaded::
cd /opt/nginx-{release}/debian
If folder "modules" is not present, do:
::
sudo mkdir modules
cd modules
sudo git clone https://github.com/FRiCKLE/ngx_cache_purge.git
sudo vi /opt/nginx-{release}/debian/rules
If not present, add the following line at the top under::
#export DH_VERBOSE=1:
MODULESDIR = $(CURDIR)/debian/modules
And at the end of every ``configure`` command add::
--add-module=$(MODULESDIR)/ngx_cache_purge
Don't forget to escape preceding lines with a backslash ``\``.
The parameters may now look like::
--with-cc-opt="$(CFLAGS)" \
--with-ld-opt="$(LDFLAGS)" \
--with-ipv6 \
--add-module=$(MODULESDIR)/ngx_cache_purge
4. **Compile and install nginx**
::
cd /opt/nginx-{release}
sudo dpkg-buildpackage -uc -b
ls -la /opt
sudo dpkg --install /opt/nginx_{release}~{distribution}_amd64.deb
5. **Check if the compilation and installation of the ngx_cache_purge module
was successful**
::
nginx -V 2>&1 | grep ngx_cache_purge -o
It should now show: ``ngx_cache_purge``
Show nginx version including all features compiled and installed::
nginx -V 2>&1 | sed s/" --"/"\n\t--"/g
6. **Mark nginx to be blocked from further updates via apt-get**
::
sudo dpkg --get-selections | grep nginx
For every nginx component listed run ``sudo apt-mark hold <component>``
7. **Regular checks for nginx updates**
Do a regular visit on the `nginx news page <http://nginx.org>`_ and proceed
in case of updates with items 2 to 5.
Configure nginx with the ``nginx-cache-purge`` module
=====================================================
1. **Preparation**
Create a directory where nginx will save the cached thumbnails. Use any
path that fits to your environment. Replace ``{path}`` in this example with
your path created:
::
sudo mkdir -p /usr/local/tmp/cache
2. **Configuration**
::
sudo vi /etc/nginx/sites-enabled/{your-nextcloud-nginx-config-file}
Add at the *beginning*, but *outside* the ``server{}`` block:
.. code-block:: nginx
# cache_purge
fastcgi_cache_path {path} levels=1:2 keys_zone=NEXTCLOUD:100m inactive=60m;
map $request_uri $skip_cache {
default 1;
~*/thumbnail.php 0;
~*/apps/galleryplus/ 0;
~*/apps/gallery/ 0;
}
.. note:: Please adopt or delete any regex line in the ``map`` block according
your needs and the Nextcloud version used.
As an alternative to mapping, you can use as many ``if`` statements in
your server block as necessary:
.. code-block:: nginx
set $skip_cache 1;
if ($request_uri ~* "thumbnail.php") { set $skip_cache 0; }
if ($request_uri ~* "/apps/galleryplus/") { set $skip_cache 0; }
if ($request_uri ~* "/apps/gallery/") { set $skip_cache 0; }
Add *inside* the ``server{}`` block, as an example of a configuration:
.. code-block:: nginx
# cache_purge (with $http_cookies we have unique keys for the user)
fastcgi_cache_key $http_cookie$request_method$host$request_uri;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
location ~ \.php(?:$/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
fastcgi_request_buffering off; #Available since nginx 1.7.11
# cache_purge
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache NEXTCLOUD;
fastcgi_cache_valid 60m;
fastcgi_cache_methods GET HEAD;
}
.. note:: Note regarding the ``fastcgi_pass`` parameter:
Use whatever fits your configuration. In the example above, an ``upstream``
was defined in an nginx global configuration file.
This may look like:
.. code-block:: nginx
upstream php-handler {
server unix:/var/run/php5-fpm.sock;
# or
# server 127.0.0.1:9000;
}
3. **Test the configuration**
::
sudo nginx -s reload
* Open your browser and clear your cache.
* Logon to your Nextcloud instance, open the gallery app, move through your
folders and watch while the thumbnails are generated for the first time.
* You may also watch with eg. ``htop`` your system load while the
thumbnails are processed.
* Go to another app or logout and relogon.
* Open the gallery app again and browse to the folders you accessed before.
Your thumbnails should appear more or less immediately.
* ``htop`` will not show up additional load while processing, compared to
the high load before.

94
admin_manual/installation/selinux_configuration.rst
View File

@ -4,52 +4,72 @@
SELinux Configuration
=====================
When you have SELinux enabled on your Linux distribution, you may run into
permissions problems after a new Nextcloud installation, and see ``permission
denied`` errors in your Nextcloud logs.
When you have SELinux enabled on your Linux distribution, you may run into
permissions problems after a new Nextcloud installation, and see ``permission
denied`` errors in your Nextcloud logs.
The following settings should work for most SELinux systems that use the
default distro profiles. Run these commands as root, and remember to adjust the filepaths
The following settings should work for most SELinux systems that use the
default distro profiles. Run these commands as root, and remember to adjust the filepaths
in these examples for your installation::
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?'
restorecon -v -R '/var/www/html/nextcloud/data'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
restorecon -v -R '/var/www/html/nextcloud/config'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
restorecon -v -R '/var/www/html/nextcloud/apps'
If you uninstall Nextcloud you need to remove the Nextcloud directory labels. To do
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini'
restorecon -Rv '/var/www/html/nextcloud/'
If you uninstall Nextcloud you need to remove the Nextcloud directory labels. To do
this execute the following commands as root after uninstalling Nextcloud::
semanage fcontext -d -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?'
restorecon -v -R '/var/www/html/nextcloud/data'
semanage fcontext -d -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
restorecon -v -R '/var/www/html/nextcloud/config'
semanage fcontext -d -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
restorecon -v -R '/var/www/html/nextcloud/apps'
semanage fcontext -d '/var/www/html/nextcloud/data(/.*)?'
semanage fcontext -d '/var/www/html/nextcloud/config(/.*)?'
semanage fcontext -d '/var/www/html/nextcloud/apps(/.*)?'
semanage fcontext -d '/var/www/html/nextcloud/.htaccess'
semanage fcontext -d '/var/www/html/nextcloud/.user.ini'
If you have customized SELinux policies and these examples do not work, you must give the
restorecon -Rv '/var/www/html/nextcloud/'
If you have customized SELinux policies and these examples do not work, you must give the
HTTP server write access to these directories::
/var/www/html/nextcloud/data
/var/www/html/nextcloud/config
/var/www/html/nextcloud/apps
Enable updates via the web interface
------------------------------------
To enable updates via the web interface, you may need this to enable writing to the directories::
setsebool httpd_unified on
When the update is completed, disable write access::
setsebool -P httpd_unified off
Disallow write access to the whole web directory
------------------------------------------------
For security reasons it's suggested to disable write access to all folders in /var/www/ (default)::
setsebool -P httpd_unified off
Allow access to a remote database
---------------------------------
An additional setting is needed if your installation is connecting to a remote database::
setsebool -P httpd_can_network_connect_db on
Allow access to LDAP server
---------------------------
Use this setting to allow LDAP connections::
setsebool -P httpd_can_connect_ldap on
Allow access to remote network
------------------------------
@ -58,6 +78,13 @@ the app store. To allow this access use the following setting::
setsebool -P httpd_can_network_connect on
Allow access to network memcache
--------------------------------
This setting is not required if ``httpd_can_network_connect`` is already on::
setsebool -P httpd_can_network_memcache on
Allow access to SMTP/sendmail
-----------------------------
@ -73,11 +100,38 @@ If you have placed your datadir on a CIFS/SMB share use the following setting::
setsebool -P httpd_use_cifs on
Allow access to FuseFS
----------------------
If your data folder resides on a Fuse Filesystem (e.g. EncFS etc), this setting is required as well::
setsebool -P httpd_use_fusefs on
Allow access to GPG for Rainloop
--------------------------------
If you use a the rainloop webmail client app which supports GPG/PGP, you might need this::
setsebool -P httpd_use_gpg on
Troubleshooting
---------------
For general Troubleshooting of SELinux and its profiles try to install the package ``setroubleshoot`` and run::
For general Troubleshooting of SELinux and its profiles try to install the
package ``setroubleshoot`` and run::
sealert -a /var/log/audit/audit.log > /path/to/mylogfile.txt
to get a report which helps you configuring your SELinux profiles.
Another tool for troubleshooting is to enable a single ruleset for your
Nextcloud directory::
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud(/.*)?'
restorecon -RF /var/www/html/nextcloud
It is much stronger security to have a more fine-grained ruleset as in the
examples at the beginning, so use this only for testing and troubleshooting. It
has a similar effect to disabling SELinux, so don't use it on production
systems.

309
admin_manual/installation/source_installation.rst
View File

@ -1,41 +1,76 @@
============================
Manual Installation on Linux
============================
=====================
Installation on Linux
=====================
If there are no packages for your Linux distribution, or you prefer installing
from the source tarball, you can setup Nextcloud from scratch using a classic
LAMP stack (Linux, Apache, MySQL/MariaDB, PHP). This document provides a
complete walk-through for installing Nextcloud on Ubuntu 14.04 LTS Server with
Apache and MariaDB, using `the Nextcloud .tar archive
<https://nextcloud.com/install/>`_.
If there are no packages for your Linux distribution, you have the option to
install `Snap Packages <http://snapcraft.io/docs/core/install/>`_. See
:ref:`snaps_label`
In case you prefer installing from the source tarball, you can setup Nextcloud
from scratch using a classic LAMP stack (Linux, Apache, MySQL/MariaDB, PHP).
This document provides a complete walk-through for installing Nextcloud on
Ubuntu 16.04 LTS Server with Apache and MariaDB, using `the Nextcloud .tar
archive <https://nextcloud.com/install/>`_.
* :ref:`vm_label`
* :ref:`snaps_label`
* :ref:`prerequisites_label`
* :ref:`ubuntu_installation_label`
* :ref:`binlog_format_label`
* :ref:`apache_configuration_label`
* :ref:`pretty_urls_label`
* :ref:`pretty_urls_label`
* :ref:`enabling_ssl_label`
* :ref:`installation_wizard_label`
* :ref:`strong_perms_label`
* :ref:`selinux_tips_label`
* :ref:`php_ini_tips_label`
* :ref:`php_fpm_tips_label`
* :ref:`other_HTTP_servers_label`
.. note:: Admins of SELinux-enabled distributions such as CentOS, Fedora, and
Red Hat Enterprise Linux may need to set new rules to enable installing
.. note:: Admins of SELinux-enabled distributions such as CentOS, Fedora, and
Red Hat Enterprise Linux may need to set new rules to enable installing
Nextcloud. See :ref:`selinux_tips_label` for a suggested configuration.
.. _vm_label:
Installing on Windows (Virtual Machine)
---------------------------------------
If you are using Windows, the easiest way to get Nextcloud up an running is using our Virtual Machine. The VM is mainly maintainted by Tech and Me and are offered in several different versions. The main version is for VMware version 10 and comes in different sizes. The standard size is 20 GB, but you can also download a 500 GB and a 1 TB version. Tech and Me also provides a Hyper-V version for all Hyper-V users.
You can find complete instructions and downloads here: https://github.com/nextcloud/vm or here https://www.techandme.se/nextcloud-vm/
Of course you can also install it on other OSes than Windows and you are not limited to any OS really as long as your hypervisor can mount OVA, VMDK, or VHD.
.. _snaps_label:
Installing via Snap Packages
----------------------------
A snap is a zip file containing an application together with its dependencies,
and a description of how it should safely be run on your system, especially
the different ways it should talk to other software. Most importantly snaps are
designed to be secure, sandboxed, containerised applications isolated from the
underlying system and from other applications.
To install the Nextcloud Snap Package, run the following command in a terminal::
sudo snap install nextcloud
.. note:: The `snapd technology <http://snapcraft.io/docs/core/>`_ is the core
that powers snaps, and it offers a new way to package, distribute, update and
run OS components and applications on a Linux system. See more about snaps on
`snapcraft.io <http://snapcraft.io/>`_.
.. _prerequisites_label:
Prerequisites
-------------
Prerequisites for Manual Installation
-------------------------------------
The Nextcloud .tar archive contains all of the required PHP modules. This
section lists all required and optional PHP modules. Consult the `PHP manual
<http://php.net/manual/en/extensions.php>`_ for more information on modules.
Your Linux distribution should have packages for all required modules. You can
check the presence of a module by typing ``php -m | grep -i <module_name>``.
The Nextcloud .tar archive contains all of the required PHP modules. This
section lists all required and optional PHP modules. Consult the `PHP manual
<http://php.net/manual/en/extensions.php>`_ for more information on modules.
Your Linux distribution should have packages for all required modules. You can
check the presence of a module by typing ``php -m | grep -i <module_name>``.
If you get a result, the module is present.
Required:
@ -67,7 +102,7 @@ Database connectors (pick the one for your database:)
authentication, depends on this)
* PHP module fileinfo (highly recommended, enhances file analysis performance)
* PHP module bz2 (recommended, required for extraction of apps)
* PHP module intl (increases language translation performance and fixes sorting
* PHP module intl (increases language translation performance and fixes sorting
of non-ASCII characters)
* PHP module mcrypt (increases file encryption performance)
* PHP module openssl (required for accessing HTTPS resources)
@ -75,7 +110,7 @@ Database connectors (pick the one for your database:)
Required for specific apps:
* PHP module ldap (for LDAP integration)
* PHP module smbclient (SMB/CIFS integration, see
* PHP module smbclient (SMB/CIFS integration, see
:doc:`../configuration_files/external_storage/smb`)
* PHP module ftp (for FTP storage / external user authentication)
* PHP module imap (for external user authentication)
@ -85,14 +120,14 @@ Recommended for specific apps (*optional*):
* PHP module exif (for image rotation in pictures app)
* PHP module gmp (for SFTP storage)
For enhanced server performance (*optional*) select one of the following
For enhanced server performance (*optional*) select one of the following
memcaches:
* PHP module apcu (>= 4.0.6)
* PHP module memcached
* PHP module redis (>= 2.2.6, required for Transactional File Locking)
See :doc:`../configuration_server/caching_configuration` to learn how to select
See :doc:`../configuration_server/caching_configuration` to learn how to select
and configure a memcache.
For preview generation (*optional*):
@ -105,47 +140,54 @@ For command line processing (*optional*):
* PHP module pcntl (enables command interruption by pressing ``ctrl-c``)
You dont need the WebDAV module for your Web server (i.e. Apaches
You dont need the WebDAV module for your Web server (i.e. Apaches
``mod_webdav``), as Nextcloud has a built-in WebDAV server of its own,
SabreDAV.
If ``mod_webdav`` is enabled you must disable it for Nextcloud. (See
If ``mod_webdav`` is enabled you must disable it for Nextcloud. (See
:ref:`apache_configuration_label` for an example configuration.)
.. _ubuntu_installation_label:
Example Installation on Ubuntu 16.04 LTS Server
-----------------------------------------------
On a machine running a pristine Ubuntu 16.04 LTS server, install the
required and recommended modules for a typical Nextcloud installation, using
Apache and MariaDB, by issuing the following commands in a terminal::
On a machine running a pristine Ubuntu 16.04 LTS server, you have two options:
You can either install the Nextcloud `Snap Package <http://snapcraft.io/>`_, just run the
following command in a terminal::
sudo snap install nextcloud
Or you can use .deb packages to install the required and recommended modules for a typical Nextcloud
installation, using Apache and MariaDB, by issuing the following commands in a
terminal::
apt-get install apache2 mariadb-server libapache2-mod-php7.0
apt-get install php7.0-gd php7.0-json php7.0-mysql php7.0-curl php7.0-mbstring
apt-get install php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip
* This installs the packages for the Nextcloud core system.
``libapache2-mod-php7.0`` provides the following PHP extensions: ``bcmath bz2
calendar Core ctype date dba dom ereg exif fileinfo filter ftp gettext hash
iconv libxml mhash openssl pcre Phar posix Reflection session shmop
SimpleXML soap sockets SPL standard sysvmsg sysvsem sysvshm tokenizer wddx
xmlreader xmlwriter zlib``. If you are planning
on running additional apps, keep in mind that they might require additional
* This installs the packages for the Nextcloud core system.
``libapache2-mod-php7.0`` provides the following PHP extensions: ``bcmath bz2
calendar Core ctype date dba dom ereg exif fileinfo filter ftp gettext hash
iconv libxml mhash openssl pcre Phar posix Reflection session shmop
SimpleXML soap sockets SPL standard sysvmsg sysvsem sysvshm tokenizer wddx
xmlreader xmlwriter zlib``. If you are planning
on running additional apps, keep in mind that they might require additional
packages. See :ref:`prerequisites_label` for details.
* At the installation of the MySQL/MariaDB server, you will be prompted to
create a root password. Be sure to remember your password as you will need it
* At the installation of the MySQL/MariaDB server, you will be prompted to
create a root password. Be sure to remember your password as you will need it
during Nextcloud database setup.
Now download the archive of the latest Nextcloud version:
* Go to the `Nextcloud Download Page <https://nextcloud.com/install>`_.
* Go to **Download Nextcloud Server > Download > Archive file for
* Go to **Download Nextcloud Server > Download > Archive file for
server owners** and download either the tar.bz2 or .zip archive.
* This downloads a file named nextcloud-x.y.z.tar.bz2 or nextcloud-x.y.z.zip
* This downloads a file named nextcloud-x.y.z.tar.bz2 or nextcloud-x.y.z.zip
(where x.y.z is the version number).
* Download its corresponding checksum file, e.g. nextcloud-x.y.z.tar.bz2.md5,
or nextcloud-x.y.z.tar.bz2.sha256.
* Download its corresponding checksum file, e.g. nextcloud-x.y.z.tar.bz2.md5,
or nextcloud-x.y.z.tar.bz2.sha256.
* Verify the MD5 or SHA256 sum::
md5sum -c nextcloud-x.y.z.tar.bz2.md5 < nextcloud-x.y.z.tar.bz2
@ -159,25 +201,25 @@ Now download the archive of the latest Nextcloud version:
wget https://nextcloud.com/nextcloud.asc
gpg --import nextcloud.asc
gpg --verify nextcloud-x.y.z.tar.bz2.asc nextcloud-x.y.z.tar.bz2
* Now you can extract the archive contents. Run the appropriate unpacking
* Now you can extract the archive contents. Run the appropriate unpacking
command for your archive type::
tar -xjf nextcloud-x.y.z.tar.bz2
unzip nextcloud-x.y.z.zip
* This unpacks to a single ``nextcloud`` directory. Copy the Nextcloud directory
to its final destination. When you are running the Apache HTTP server you may
* This unpacks to a single ``nextcloud`` directory. Copy the Nextcloud directory
to its final destination. When you are running the Apache HTTP server you may
safely install Nextcloud in your Apache document root::
cp -r nextcloud /path/to/webserver/document-root
where ``/path/to/webserver/document-root`` is replaced by the
where ``/path/to/webserver/document-root`` is replaced by the
document root of your Web server::
cp -r nextcloud /var/www
On other HTTP servers it is recommended to install Nextcloud outside of the
On other HTTP servers it is recommended to install Nextcloud outside of the
document root.
.. _binlog_format_label:
@ -187,11 +229,11 @@ BINLOG_FORMAT = STATEMENT
If your Nextcloud installation fails and you see this in your Nextcloud log::
An unhandled exception has been thrown: exception PDOException with message
'SQLSTATE[HY000]: General error: 1665 Cannot execute statement: impossible to
write to binary log since BINLOG_FORMAT = STATEMENT and at least one table
uses a storage engine limited to row-based logging. InnoDB is limited to
row-logging when transaction isolation level is READ COMMITTED or READ
An unhandled exception has been thrown: exception PDOException with message
'SQLSTATE[HY000]: General error: 1665 Cannot execute statement: impossible to
write to binary log since BINLOG_FORMAT = STATEMENT and at least one table
uses a storage engine limited to row-based logging. InnoDB is limited to
row-logging when transaction isolation level is READ COMMITTED or READ
UNCOMMITTED.'
See :ref:`db-binlog-label`.
@ -201,9 +243,9 @@ See :ref:`db-binlog-label`.
Apache Web Server Configuration
-------------------------------
On Debian, Ubuntu, and their derivatives, Apache installs with a useful
configuration so all you have to do is create a
:file:`/etc/apache2/sites-available/nextcloud.conf` file with these lines in
On Debian, Ubuntu, and their derivatives, Apache installs with a useful
configuration so all you have to do is create a
:file:`/etc/apache2/sites-available/nextcloud.conf` file with these lines in
it, replacing the **Directory** and other filepaths with your own filepaths::
Alias /nextcloud "/var/www/nextcloud/"
@ -220,11 +262,11 @@ it, replacing the **Directory** and other filepaths with your own filepaths::
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
Then create a symlink to :file:`/etc/apache2/sites-enabled`::
ln -s /etc/apache2/sites-available/nextcloud.conf /etc/apache2/sites-enabled/nextcloud.conf
Additional Apache Configurations
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -232,56 +274,74 @@ Additional Apache Configurations
it by running::
a2enmod rewrite
Additional recommended modules are ``mod_headers``, ``mod_env``, ``mod_dir`` and ``mod_mime``::
a2enmod headers
a2enmod env
a2enmod dir
a2enmod mime
If you're running ``mod_fcgi`` instead of the standard ``mod_php`` also enable::
a2enmod setenvif
* You must disable any server-configured authentication for Nextcloud, as it
uses Basic authentication internally for DAV services. If you have turned on
authentication on a parent folder (via e.g. an ``AuthType Basic``
directive), you can turn off the authentication specifically for the
Nextcloud entry. Following the above example configuration file, add the
* You must disable any server-configured authentication for Nextcloud, as it
uses Basic authentication internally for DAV services. If you have turned on
authentication on a parent folder (via e.g. an ``AuthType Basic``
directive), you can turn off the authentication specifically for the
Nextcloud entry. Following the above example configuration file, add the
following line in the ``<Directory>`` section::
Satisfy Any
* When using SSL, take special note of the ServerName. You should specify one
in the server configuration, as well as in the CommonName field of the
certificate. If you want your Nextcloud to be reachable via the internet,
* When using SSL, take special note of the ServerName. You should specify one
in the server configuration, as well as in the CommonName field of the
certificate. If you want your Nextcloud to be reachable via the internet,
then set both of these to the domain you want to reach your Nextcloud server.
* Now restart Apache::
service apache2 restart
* If you're running Nextcloud in a subdirectory and want to use CalDAV or
CardDAV clients make sure you have configured the correct
* If you're running Nextcloud in a subdirectory and want to use CalDAV or
CardDAV clients make sure you have configured the correct
:ref:`service-discovery-label` URLs.
.. _pretty_urls_label:
Pretty URLs
-----------
Pretty URLs are created automatically when ``.htaccess`` is writable by the
HTTP user, ``mod_env`` and ``mod_rewrite`` are installed, and
``'overwrite.cli.url'`` in your ``config.php`` is set to any non-null value.
Pretty URLs remove the ``index.php``-part in all Nextcloud URLs, for example
in sharing links like ``https://example.org/nextcloud/index.php/s/Sv1b7krAUqmF8QQ```,
making URLs shorter and thus prettier.
``mod_env`` and ``mod_rewrite`` must be installed on your webserver and the :file:`.htaccess`
must be writable by the HTTP user. Then you can set in the :file:`config.php` two variables::
'overwrite.cli.url' => 'https://example.org/nextcloud',
'htaccess.RewriteBase' => '/nextcloud',
if your setup is available on ``https://example.org/nextcloud`` or::
'overwrite.cli.url' => 'https://example.org',
'htaccess.RewriteBase' => '/',
if it isn't installed in a subfolder. Finally run this occ-command to update
your .htaccess file::
sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess
After each update, these changes are automatically applied to the ``.htaccess``-file.
.. _enabling_ssl_label:
Enabling SSL
------------
.. note:: You can use Nextcloud over plain HTTP, but we strongly encourage you
to use SSL/TLS to encrypt all of your server traffic, and to protect
.. note:: You can use Nextcloud over plain HTTP, but we strongly encourage you
to use SSL/TLS to encrypt all of your server traffic, and to protect
user's logins and data in transit.
Apache installed under Ubuntu comes already set-up with a simple
@ -293,9 +353,9 @@ the default site. Open a terminal and run::
service apache2 reload
.. note:: Self-signed certificates have their drawbacks - especially when you
plan to make your Nextcloud server publicly accessible. You might
plan to make your Nextcloud server publicly accessible. You might
want to consider getting a certificate signed by a commercial signing
authority. Check with your domain name registrar or hosting service
authority. Check with your domain name registrar or hosting service
for good deals on commercial certificates.
.. _installation_wizard_label:
@ -305,35 +365,25 @@ Installation Wizard
After restarting Apache you must complete your installation by running either
the graphical Installation Wizard, or on the command line with the ``occ``
command. To enable this, temporarily change the ownership on your Nextcloud
directories to your HTTP user (see :ref:`strong_perms_label` to learn how to
find your HTTP user)::
command. To enable this, change the ownership on your Nextcloud directories to
your HTTP user:
chown -R www-data:www-data /var/www/nextcloud/
.. note:: Admins of SELinux-enabled distributions may need to write new SELinux
rules to complete their Nextcloud installation; see
:ref:`selinux_tips_label`.
.. note:: Admins of SELinux-enabled distributions may need to write new SELinux
rules to complete their Nextcloud installation; see
:ref:`selinux_tips_label`.
To use ``occ`` see :doc:`command_line_installation`.
To use ``occ`` see :doc:`command_line_installation`.
To use the graphical Installation Wizard see :doc:`installation_wizard`.
Setting Strong Directory Permissions
------------------------------------
After completing installation, you must immediately set the directory
permissions in your Nextcloud installation as strictly as possible for stronger
security. Please refer to :ref:`strong_perms_label`.
Now your Nextcloud server is ready to use.
.. _selinux_tips_label:
SELinux Configuration Tips
--------------------------
See :doc:`selinux_configuration` for a suggested configuration for
See :doc:`selinux_configuration` for a suggested configuration for
SELinux-enabled distributions such as Fedora and CentOS.
.. _php_ini_tips_label:
@ -341,7 +391,7 @@ SELinux-enabled distributions such as Fedora and CentOS.
php.ini Configuration Notes
---------------------------
Keep in mind that changes to ``php.ini`` may have to be configured on more than one
Keep in mind that changes to ``php.ini`` may have to be configured on more than one
ini file. This can be the case, for example, for the ``date.timezone`` setting.
**php.ini - used by the Web server:**
@ -365,68 +415,68 @@ php-fpm Configuration Notes
**Security: Use at least PHP >= 5.6.6**
Due to `a bug with security implications <https://bugs.php.net/bug.php?id=64938>`_
Due to `a bug with security implications <https://bugs.php.net/bug.php?id=64938>`_
in older PHP releases with the handling of XML data you are highly encouraged to run
at least PHP 5.6.6 when in a threaded environment.
**System environment variables**
When you are using ``php-fpm``, system environment variables like
PATH, TMP or others are not automatically populated in the same way as
when using ``php-cli``. A PHP call like ``getenv('PATH');`` can therefore
return an empty result. So you may need to manually configure environment
variables in the appropropriate ``php-fpm`` ini/config file.
When you are using ``php-fpm``, system environment variables like
PATH, TMP or others are not automatically populated in the same way as
when using ``php-cli``. A PHP call like ``getenv('PATH');`` can therefore
return an empty result. So you may need to manually configure environment
variables in the appropropriate ``php-fpm`` ini/config file.
Here are some example root paths for these ini/config files:
+--------------------+-----------------------+
| Ubuntu/Mint | CentOS/Red Hat/Fedora |
+--------------------+-----------------------+
+--------------------+-----------------------+
| ``/etc/php5/fpm/`` | ``/etc/php-fpm.d/`` |
+--------------------+-----------------------+
+--------------------+-----------------------+
In both examples, the ini/config file is called ``www.conf``, and depending on
In both examples, the ini/config file is called ``www.conf``, and depending on
the distro version or customizations you have made, it may be in a subdirectory.
Usually, you will find some or all of the environment variables
Usually, you will find some or all of the environment variables
already in the file, but commented out like this::
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
Uncomment the appropriate existing entries. Then run ``printenv PATH`` to
Uncomment the appropriate existing entries. Then run ``printenv PATH`` to
confirm your paths, for example::
$ printenv PATH
/home/user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:
/sbin:/bin:/
If any of your system environment variables are not present in the file then
If any of your system environment variables are not present in the file then
you must add them.
When you are using shared hosting or a control panel to manage your `Nextcloud VM
<https://github.com/nextcloud/vm>`_ or server, the configuration files are almost certain to be located
somewhere else, for security and flexibility reasons, so check your
documentation for the correct locations.
<https://github.com/nextcloud/vm>`_ or server, the configuration files are almost
certain to be located somewhere else, for security and flexibility reasons, so
check your documentation for the correct locations.
Please keep in mind that it is possible to create different settings for
``php-cli`` and ``php-fpm``, and for different domains and Web sites.
Please keep in mind that it is possible to create different settings for
``php-cli`` and ``php-fpm``, and for different domains and Web sites.
The best way to check your settings is with :ref:`label-phpinfo`.
**Maximum upload size**
If you want to increase the maximum upload size, you will also have to modify
your ``php-fpm`` configuration and increase the ``upload_max_filesize`` and
``post_max_size`` values. You will need to restart ``php5-fpm`` and your HTTP
If you want to increase the maximum upload size, you will also have to modify
your ``php-fpm`` configuration and increase the ``upload_max_filesize`` and
``post_max_size`` values. You will need to restart ``php5-fpm`` and your HTTP
server in order for these changes to be applied.
**.htaccess notes for Apache**
Nextcloud comes with its own ``nextcloud/.htaccess`` file. Because ``php-fpm``
can't read PHP settings in ``.htaccess`` these settings and permissions must
Nextcloud comes with its own ``nextcloud/.htaccess`` file. Because ``php-fpm``
can't read PHP settings in ``.htaccess`` these settings and permissions must
be set in the ``nextcloud/.user.ini`` file.
.. _other_HTTP_servers_label:
@ -434,8 +484,11 @@ be set in the ``nextcloud/.user.ini`` file.
Other Web Servers
-----------------
:doc:`nginx_examples`
:doc:`nginx`
`Other HTTP servers (Nextcloud)
<https://github.com/nextcloud/documentation/wiki/Alternate-Web-server-notes>`_

2
admin_manual/installation/system_requirements.rst
View File

@ -60,4 +60,4 @@ Additionally the following InnoDB settings need to be set::
innodb_file_format=barracuda
innodb_file_per_table=true
See :doc:`../maintenance/mysql_4byte_support` for more information.
See :doc:`../configuration_database/mysql_4byte_support` for more information.

9
admin_manual/issues/code_signing.rst
View File

@ -46,8 +46,7 @@ version branch in version.php to something else than "stable".
Is Code Signing Mandatory For Apps?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Code signing is optional for all third-party applications. Applications
with a tag of "Official" on apps.owncloud.com require code signing.
Code signing is required for all applications on apps.nextcloud.com.
.. _code_signing_fix_warning_label:
@ -167,9 +166,9 @@ In above error output it can be seen that:
2. In the Nextcloud core the unrequired extra file "/test.php" has been found.
3. It was not possible to verify the signature of the calendar application.
The solution is to upload the correct "index.php" and "version.php" files, and
delete the "test.php" file. For the calendar exception contact the developer of
the application. For other means on how to receive support please take a look at
The solution is to upload the correct "index.php" and "version.php" files, and
delete the "test.php" file. For the calendar exception contact the developer of
the application. For other means on how to receive support please take a look at
https://nextcloud.com/support/. After fixing these problems verify by clicking
"Rescan…".

6
admin_manual/issues/general_troubleshooting.rst
View File

@ -37,7 +37,7 @@ configuration report with the :ref:`occ config command
.. _FAQ page: https://help.nextcloud.com/c/faq
.. _bugtracker: https://github.com/nextcloud/server/issues
.. _webchat: http://webchat.freenode.net/?channels=nextcloud
https://docs.nextcloud.org/server/11/developer_manual/bugtracker/index.html
https://docs.nextcloud.org/server/12/developer_manual/bugtracker/index.html
.. TODO ON RELEASE: Update version number above on release
General Troubleshooting
@ -261,8 +261,8 @@ and if running in a subfolder like ``nextcloud``:
For the first case the :file:`.htaccess` file shipped with Nextcloud should do
this work for your when running Apache. You only need to make sure that your
Web server is using this file. When running NGINX please refer to
:doc:`../installation/nginx_examples`.
Web server is using this file. When running Nginx please refer to
:doc:`../installation/nginx`.
If your Nextcloud instance is installed in a subfolder called ``nextcloud`` and

8
admin_manual/maintenance/backup.rst
View File

@ -1,6 +1,6 @@
====================
Backing up Nextcloud
====================
======
Backup
======
To backup an Nextcloud installation there are four main things you need to retain:
@ -28,7 +28,7 @@ MySQL/MariaDB
MySQL or MariaDB, which is a drop-in MySQL replacement, is the recommended
database engine. To backup MySQL/MariaDB::
mysqldump --lock-tables -h [server] -u [username] -p[password] [db_name] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
mysqldump --single-transaction -h [server] -u [username] -p[password] [db_name] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
SQLite
^^^^^^

27
admin_manual/maintenance/enable_maintenance.rst
View File

@ -1,27 +0,0 @@
==============================
Maintenance Mode Configuration
==============================
You must put your Nextcloud server into maintenance mode before performing
upgrades, and for performing troubleshooting and maintenance. Please
see :doc:`../configuration_server/occ_command` to learn how to put your server into
the various maintenance modes (``maintenance:mode, maintenance:singleuser``,
and ``maintenance:repair``) with the ``occ`` command.
``maintenance:mode`` locks the sessions of logged-in users and prevents new
logins. This is the mode to use for upgrades. You must run ``occ`` as the HTTP user,
like this example on Ubuntu Linux::
$ sudo -u www-data php occ maintenance:mode --on
You may also put your
server into this mode by editing :file:`config/config.php`. Change
``"maintenance" => false`` to ``"maintenance" => true``:
::
<?php
"maintenance" => true,
Then change it back to ``false`` when you are finished.

BIN
admin_manual/maintenance/images/updater-1-update-available.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 179 KiB

BIN
admin_manual/maintenance/images/updater-2-open-updater.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 135 KiB

BIN
admin_manual/maintenance/images/updater-3-running-step.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 137 KiB

BIN
admin_manual/maintenance/images/updater-4-failed-step.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 148 KiB

BIN
admin_manual/maintenance/images/updater-5-continue-update.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 140 KiB

BIN
admin_manual/maintenance/images/updater-6-maintenance-mode.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 159 KiB

BIN
admin_manual/maintenance/images/updater-7-disable-maintenance.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 165 KiB

BIN
admin_manual/maintenance/images/updater-8-keep-maintenance.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 166 KiB

BIN
admin_manual/maintenance/images/updater-9-upgrade-page.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.3 MiB

BIN
admin_manual/maintenance/images/updater-cli-2-start-updater.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 43 KiB

BIN
admin_manual/maintenance/images/updater-cli-3-running-step.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
admin_manual/maintenance/images/updater-cli-4-failed-step.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
admin_manual/maintenance/images/updater-cli-5-continue-update.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
admin_manual/maintenance/images/updater-cli-6-run-command.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

BIN
admin_manual/maintenance/images/updater-cli-7-maintenance.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 55 KiB

BIN
admin_manual/maintenance/images/updater-cli-8-no-interaction.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 107 KiB

7
admin_manual/maintenance/index.rst
View File

@ -5,12 +5,11 @@ Maintenance
.. toctree::
:maxdepth: 2
enable_maintenance
backup
restore
upgrade
package_upgrade
update
manual_upgrade
restore
package_upgrade
migrating
mysql_4byte_support
migrating_owncloud

32
admin_manual/maintenance/manual_upgrade.rst
View File

@ -1,20 +1,9 @@
========================
Manual Nextcloud Upgrade
========================
================
Upgrade Manually
================
Always start by making a fresh backup and disabling all 3rd party apps.
Put your server in maintenance mode. This prevents new logins, locks the
sessions of logged-in users, and displays a status screen so users know what is
happening. There are two ways to do this, and the preferred method is to use the
:doc:`occ command <../configuration_server/occ_command>`, which you must run as
your HTTP user. This example is for Ubuntu Linux::
sudo -u www-data php occ maintenance:mode --on
The other way is by entering your ``config.php`` file and changing
``'maintenance' => false,`` to ``'maintenance' => true,``.
1. Back up your existing Nextcloud Server database, data directory, and
``config.php`` file. (See :doc:`backup`, for restore information see :doc:`restore`)
2. Download and unpack the latest Nextcloud Server release (Archive file) from
@ -63,17 +52,12 @@ The other way is by entering your ``config.php`` file and changing
12. The upgrade operation takes a few minutes to a few hours, depending on the
size of your installation. When it is finished you will see a success
message, or an error message that will tell where it went wrong.
Assuming your upgrade succeeded, disable the maintenance mode::
sudo -u www-data php occ maintenance:mode --off
message, or an error message that will tell where it went wrong.
Login and take a look at the bottom of your Admin page to
verify the version number. Check your other settings to make sure they're
correct. Go to the Apps page and review the core apps to make sure the right
ones are enabled. Re-enable your third-party apps. Then apply strong
permissions to your Nextcloud directories (:ref:`strong_perms_label`).
ones are enabled. Re-enable your third-party apps.
Previous Nextcloud Releases
---------------------------
@ -106,9 +90,9 @@ help::
See `the nextcloud.com support page <https://nextcloud.com/support/>`_ for further
resources.
Sometimes, Nextcloud can get *stuck in a upgrade*. This is usually due to the
process taking too long and encountering a PHP time-out. Stop the upgrade
process this way::
Sometimes, Nextcloud can get *stuck in a upgrade* if the web based upgrade
process is used. This is usually due to the process taking too long and
encountering a PHP time-out. Stop the upgrade process this way::
sudo -u www-data php occ maintenance:mode --off

33
admin_manual/maintenance/migrating_owncloud.rst Normal file
View File

@ -0,0 +1,33 @@
=======================
Migrating from ownCloud
=======================
.. note:: Especially when migrating from ownCloud to Nextcloud you should
create a backup of the config, database and the data directory,
in case something goes wrong.
Currently migrating from ownCloud is like performing a manual update.
So it is quite easy, to migrate from one ownCloud version to at least one Nextcloud version.
However this does only work with versions that are close enough database and code-wise.
See the table below for a version map, where migrating is easily possible:
+-----------------+-----------------+
| ownCloud | Nextcloud |
+=================+=================+
| 10.0.1 or later | 12.0.1 or later |
+-----------------+-----------------+
| 10.0.0 | 12.0.0 |
+-----------------+-----------------+
| 9.1.x | 10.0.x |
+-----------------+-----------------+
| 9.0.x | 10.0.x |
+-----------------+-----------------+
| 9.0.x | 9.0.x |
+-----------------+-----------------+
After downloading the correct version of Nextcloud from our
`older releases page <https://nextcloud.com/changelog/>`_,
proceed like described in the :doc:`manual_upgrade` manual.
Afterwards you can use the Nextcloud updater to update your instance to the newest version.

16
admin_manual/maintenance/package_upgrade.rst
View File

@ -1,6 +1,6 @@
===============================
Upgrade Nextcloud From Packages
===============================
====================
Upgrade via Packages
====================
Upgrade Quickstart
@ -48,8 +48,6 @@ using Snappy Base 16.04 as it's currently unreleased.
* Make a :doc:`fresh backup <backup>`.
* Upgrade your Nextcloud snap: sudo snap refresh nextcloud
* Run :ref:`occ upgrade <command_line_upgrade_label>`.
* :ref:`Apply strong permissions <strong_perms_label>` to your
Nextcloud directories.
* Take your Nextcloud server out of :ref:`maintenance mode
<maintenance_commands_label>`.
* Re-enable third-party apps.
@ -79,14 +77,6 @@ This example is for CentOS/RHEL/Fedora::
sudo -u apache php occ upgrade
Setting Strong Directory Permissions
------------------------------------
After upgrading, verify that your Nextcloud directory permissions are set
according to :ref:`strong_perms_label`.
If the upgrade fails, then you must try a manual upgrade.
.. _skipped_release_upgrade_label:

9
admin_manual/maintenance/restore.rst
View File

@ -1,6 +1,6 @@
===================
Restoring Nextcloud
===================
================
Restoring Backup
================
To restore a Nextcloud installation there are four main things you need to
restore:
@ -16,6 +16,9 @@ restore:
When you have completed your restoration, see the ``Setting Strong Directory
Permissions`` section of :doc:`../installation/installation_wizard`.
Also make sure to run the :ref:`maintenance:data-fingerprint <maintenance_commands_label>` command
afterwards, to ensure your sync clients can recover from the restored backup.
Restore Folders
---------------

324
admin_manual/maintenance/update.rst
View File

@ -1,177 +1,227 @@
==========================================
Upgrading Nextcloud with the Nextcloud App
==========================================
============================
Upgrade via build-in Updater
============================
The Updater app automates many of the steps of upgrading an Nextcloud
installation. It is useful for installations that do not have root access,
such as shared hosting, for installations with a smaller number of users
and data, and it automates updating
The build-in updater automates many of the steps of upgrading an Nextcloud
installation. It is useful for installations that do not have root access,
such as shared hosting, for installations with a smaller number of users
and data, and it automates updating
:doc:`manual installations <../installation/source_installation>`.
The Updater app has :ref:`command-line options <updater_cli_label>`.
**Downgrading** is not supported and risks corrupting your data! If you want
to revert to an older Nextcloud version, install it from scratch and then
restore your data from backup. Before doing this, file a support ticket (if
you have paid support) or ask for help in the Nextcloud forums to see if your
.. warning::
**Downgrading** is not supported and risks corrupting your data! If you want
to revert to an older Nextcloud version, install it from scratch and then
restore your data from backup. Before doing this, file a support ticket if
you have paid support or ask for help in the Nextcloud forums to see if your
issue can be resolved without downgrading.
You should maintain regular backups (see :doc:`backup`), and make a backup
before every update. The Updater app does not backup your database or data
You should maintain regular backups (see :doc:`backup`), and make a backup
before every update. The build-in updater does not backup your database or data
directory.
The Updater app performs these operations:
What does the Updater do?
-------------------------
* Creates an ``updater_backup`` directory under your Nextcloud data directory
* Downloads and extracts updated package content into the
``updater_backup/packageVersion`` directory
* Makes a copy of your current Nextcloud instance, except for your data
directory, to ``updater_backup/currentVersion-randomstring``
* Moves all directories except ``data``, ``config`` and ``themes`` from the
current instance to ``updater_backup/tmp``
* Moves all directories from ``updater_backup/packageVersion`` to the current
version
* Copies your old ``config.php`` to the new ``config/`` directory
.. note::
The updater itself only replaces the existing files with the ones from the
version it updates to. The migration steps needs to be executed afterwards.
The command line mode provides a way to do this right after the code was
successfully replaced.
Using the Updater app to update your Nextcloud installation is just a few
The build-in updater performs these operations:
* **Check for expected files:** checks if only the expected files of a
Nextcloud installation are present, because it turned out that some files
that were left in the Nextcloud directory caused side effects that risked
the update procedure.
* **Check for write permissions:** checks if all files that need to be
writable during the update procedure are actually writable.
* **Enable maintenance mode:** enables the maintenance mode so that no other
actions are executed while running the update of the code.
* **Create backup:** creates a backup of the existing code base in
``/updater-INSTANCEID/backups/nextcloud-CURRENTVERSION/`` inside of the
data directory (this does not contain the ``/data`` directory nor the
database).
* **Downloading:** downloads the code in the version it should update to. This
is also shown in the web UI before the update is started. This archive is
downloaded to ``/updater-INSTANCEID/downloads/``.
* **Extracting:** extracts the archive to the same folder.
* **Replace entry points:** replaces all Nextcloud entry points with dummy
files so that when those files are replaced all clients still get the proper
maintenance mode response. Examples for those endpoints are ``index.php``,
``remote.php`` or ``ocs/v1.php``.
* **Delete old files:** deletes all files except the above mentioned entry
points, the data and config dir as well as non-shipped apps and themes. (And
the updater itself of course)
* **Move new files in place:** moves the files from the extracted archive in
place.
* **Keep maintenance mode active?:** asks you if the maintenance mode should
be kept active. This allows the admin to use the web based updater but run
the actual migration steps (``occ upgrade``) on the command line. If the
maintenance mode is kept active command line access is required. To use the
web based upgrade page disable the maintenance mode and click the link to
get to the upgrade page. (This step is only available in the web based
updater.)
* **Done** the update of the code is done and you either need to go to the
linked page or to the command line to finish the upgrade by executing the
migration steps.
Using the web based Updater
---------------------------
Using the build-in Updater to update your Nextcloud installation is just a few
steps:
1. You should see a notification at the top of any Nextcloud page when there is
a new update available.
2. Even though the Updater app backs up important directories, you should
always have your own current backups (See :doc:`backup` for details.)
3. Verify that the HTTP user on your system can write to your whole Nextcloud
directory; see the :ref:`set_updating_permissions_label` section below.
4. Navigate to your Admin page and click the **Update Center** button under
Updater. This takes you to the Updater control panel.
1. You should see a notification at the top of any Nextcloud page when there is
a new update available. Go to the admin settings page and scroll to the
section "Version". This section has a button to open the updater. This
section as well as the update notification is only available if the update
notication app is enabled in the apps management.
5. Click Update, and carefully read the messages. If there are any problems it
will tell you. The most common issue is directory permissions; your HTTP
user needs write permissions to your whole Nextcloud directory. (See
:ref:`strong_perms_label`.) Another common issue is SELinux rules
(see :ref:`selinux-config-label`.) Otherwise you will see messages
about checking your installation and making backups.
.. figure:: images/updater-1-update-available.png
6. Click Proceed, and then it performs the remaining steps, which takes a few
minutes.
2. Click the button "Open updater".
7. If your directory permissions are correct, a backup was made, and
downloading the new Nextcloud archive succeeded you will see the following
screen. Click the Start Update button to complete your update:
.. figure:: images/updater-2-open-updater.png
.. figure:: images/upgrade-2.png
:scale: 75%
:alt: Nextcloud upgrade wizard screen.
3. Verify the information that is shown and click the button "Start update"
to start the update.
.. note:: If you have a large Nextcloud installation and have shell access,
you should use the ``occ upgrade`` command, running it as your HTTP user,
instead of clicking the Start Update button, in order to avoid PHP
timeouts.
This example is for Ubuntu Linux::
.. figure:: images/updater-3-running-step.png
$ sudo -u www-data php occ upgrade
4. In case an error happens or the check failed the updater stops processing
and gives feedback. You can now try to solve the problem and click the
"Retry update" button. This will continue the update and re-run the failed
step. It will not re-run the previous succeeded steps.
See :doc:`../configuration_server/occ_command` to learn more.
.. figure:: images/updater-4-failed-step.png
8. It runs for a few minutes, and when it is finished displays a success
message, which disappears after a short time.
5. In case you close the updater, before it finished you can just open the
updater page again and proceed at the last succeeded step. Closing the web
page will still execute the running step but will not continue with the next
one, because this is triggered by the open updater page.
Refresh your Admin page to verify your new version number. In the Updater
section of your Admin page you can see the current status and backups. These
are backups of your old and new Nextcloud installations, and do not contain your
data files. If your update works and there are no problems you can delete the
backups from this screen.
.. figure:: images/updater-5-continue-update.png
If the update fails, then you must update manually. (See :doc:`Manually
upgrading <manual_upgrade>`.)
6. Once all steps are executed the updater will ask you a final question:
"Keep maintenance mode active?". This allows you to use either the web based
upgrade page or the command line based upgrade procedure (``occ upgrade``).
Command line access is required if the maintenance mode is kept active.
.. _set_updating_permissions_label:
.. figure:: images/updater-6-maintenance-mode.png
Setting Permissions for Updating
--------------------------------
For hardened security we highly recommend setting the permissions on your
Nextcloud directory as strictly as possible. These commands should be executed
immediately after the initial installation. Please follow the steps in
:ref:`strong_perms_label`.
These strict permissions will prevent the Updater app from working, as it needs
your whole Nextcloud directory to be owned by the HTTP user. Run this script to
set the appropriate permissions for updating. Replace the ``ocpath`` variable
with the path to your Nextcloud directory, and replace the ``htuser`` and
``htgroup`` variables with your HTTP user and group.::
7. Done. You now can continue either to the web based upgrade page or run
``occ upgrade``. The two examples "Web based upgrade" and "Command line
based upgrade" shows how the screens then look like.
#!/bin/bash
# Sets permissions of the Nextcloud instance for updating
ocpath='/var/www/nextcloud'
htuser='www-data'
htgroup='www-data'
chown -R ${htuser}:${htgroup} ${ocpath}
You can find your HTTP user in your HTTP server configuration files. Or you can
use :ref:`label-phpinfo` (Look for the **User/Group** line).
**Web based upgrade**
* The HTTP user and group in Debian/Ubuntu is ``www-data``.
* The HTTP user and group in Fedora/CentOS is ``apache``.
* The HTTP user and group in Arch Linux is ``http``.
* The HTTP user in openSUSE is ``wwwrun``, and the HTTP group is ``www``.
This is how the web based update would continue:
After the update is completed, re-apply the strong directory permissions
immediately by running the script in :ref:`strong_perms_label`.
.. image:: images/updater-7-disable-maintenance.png
.. _updater_cli_label:
.. image:: images/updater-9-upgrade-page.png
Command Line Options
--------------------
**Command line based upgrade**
The Updater app includes command-line options to automate updates, to create
checkpoints and to roll back to older checkpoints. You must run it as your HTTP
user. This example on Ubuntu Linux displays command options::
This is how the command line based update would continue:
sudo -u www-data php updater/application.php list
See usage for commands, like this example for the ``upgrade:checkpoint``
command::
.. image:: images/updater-8-keep-maintenance.png
sudo -u www-data php updater/application.php upgrade:checkpoint -h
You can display a help summary::
sudo -u www-data php updater/application.php --help
When you run it without options it runs a system check::
.. code::
sudo -u www-data php nextcloud/updater/application.php
Nextcloud updater 1.0 - CLI based Nextcloud server upgrades
Checking system health.
- file permissions are ok.
Current version is 9.0.0.12
No updates found online.
Done
Create a checkpoint::
$ sudo -u www-data php ./occ upgrade
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Set log level to debug
Updating database schema
Updated database
Updating <files_pdfviewer> ...
Updated <files_pdfviewer> to 1.1.1
Updating <gallery> ...
Updated <gallery> to 17.0.0
Updating <activity> ...
Updated <activity> to 2.5.2
Updating <comments> ...
Updated <comments> to 1.2.0
Updating <theming> ...
Updated <theming> to 1.3.0
Starting code integrity check...
Finished code integrity check
Update successful
Maintenance mode is kept active
Reset log level
sudo -u www-data php updater/application.php upgrade:checkpoint --create
Created checkpoint 9.0.0.12-56d5e4e004964
Using the command line based Updater
------------------------------------
List checkpoints::
The command line based updater works in the exact same way the web based
updater works. The steps and checks are the very same.
sudo -u www-data php updater/application.php upgrade:checkpoint --list
Restore an earlier checkpoint::
The steps are basically the same as for the web based updater:
sudo -u www-data php nextcloud/updater/application.php upgrade:checkpoint
--restore=9.0.0.12-56d5e4e004964
1. You should see a notification at the top of any Nextcloud page when there is
a new update available. Go to the admin settings page and scroll to the
section "Version". This section has a button to open the updater. This
section as well as the update notification is only available if the update
notication app is enabled in the apps management.
Add a line like this to your crontab to automatically create daily
checkpoints::
.. image:: images/updater-1-update-available.png
2. Instead of clicking that button you can now invoke the command line based
updater by going into the `updater/` directory in the Nextcloud directory
and executing the `updater.phar` as the web server user. (i.e.
``sudo -u www-data php updater.phar``)
.. image:: images/updater-cli-2-start-updater.png
:class: terminal-image
3. Verify the information that is shown and enter "Y" to start the update.
.. image:: images/updater-cli-3-running-step.png
:class: terminal-image
.. image:: images/updater-cli-4-failed-step.png
:class: terminal-image
4. In case an error happens or the check failed the updater stops processing
and gives feedback. You can now try to solve the problem and re-run the
updater command. This will continue the update and re-run the failed step.
It will not re-run the previous succeeded steps.
.. image:: images/updater-cli-5-continue-update.png
:class: terminal-image
6. Once all steps are executed the updater will ask you a final question:
"Should the "occ upgrade" command be executed?". This allows you to directly
execute the command line based upgrade procedure (``occ upgrade``). If you
select "No" then it will finish with
`Please now execute "./occ upgrade" to finish the upgrade.`.
.. image:: images/updater-cli-6-run-command.png
:class: terminal-image
7. Once the ``occ upgrade`` is done you get asked if the maintenance mode
should be kept active.
.. image:: images/updater-cli-7-maintenance.png
:class: terminal-image
Batch mode for command line based updater
-----------------------------------------
It is possible to run the command line based updater in a non-interactive mode.
The updater then doesn't ask any interactive questions. It is assumed that if
an update is available it should be installed and the ``occ upgrade`` command
is executed as well. After finishing the maintenance mode will be turned off
except an error occured during the ``occ upgrade`` or the replacement of the
code.
To execute this, run the command with the ``--no-interaction`` option. (i.e.
``sudo -u www-data php updater.phar --no-interaction``)
.. image:: images/updater-cli-8-no-interaction.png
:class: terminal-image
2 15 * * * sudo -u www-data php /path/to/nextcloud/updater/application.php
upgrade:checkpoint --create > /dev/null 2>&1

64
admin_manual/maintenance/upgrade.rst
View File

@ -1,12 +1,13 @@
====================================
How to Upgrade Your Nextcloud Server
====================================
==============
How to Upgrade
==============
There are three ways to upgrade your Nextcloud server:
* With the :doc:`Updater App <update>`.
* :doc:`Manually upgrading <manual_upgrade>` with the Nextcloud ``.tar`` archive
from our `Download page <https://nextcloud.com/install/>`_.
* :doc:`Upgrading <package_upgrade>` via the snap packages.
* Manually upgrading is also an option for users on shared hosting; download
and unpack the Nextcloud tarball to your PC. Delete your existing Nextcloud
files, except ``data/`` and ``config/`` files, on your hosting account. Then
@ -34,27 +35,21 @@ installations may take several hours to complete the upgrade.
file a support ticket (if you have paid support) or ask for help in the
Nextcloud forums to see if your issue can be resolved without downgrading.
.. not sure about notifications
.. Update Notifier and Updater App Are Not the Same
.. ------------------------------------------------
Update Notifications
--------------------
.. Nextcloud has two update tools: the Nextcloud core update notifier, and the
.. Updater app. Figure 1 shows what you see when the Updater app is enabled:
.. both
.. the core notifier and the Updater app control panel are visible on your
.. admin
.. page.
Nextcloud has an update notification app, that informs the administrator about
the availablilty of an update. Then you decide which update method to use.
.. .. figure:: images/2-updates.png
.. :alt: Both update mechanisms displayed on Admin page.
.. figure:: images/2-updates.png
:alt: Both update notifications displayed on Admin page.
.. *Figure 1: The top yellow banner is the update notifier, and the Updates
.. section is the Updater app.*
*Figure 1: The top banner is the update notification that is shown on every
page, and the Updates section can be found in the admin page*
.. The core update notifier has only one function, and that is to display a
.. notification when a new Nextcloud release is available. Then you decide which
.. upgrade method to use. When you maintain your Nextcloud server via your Linux
.. package manager you should ensure that the Updater app is disabled.
From there the web based updater can be used to fetch this new code. There is
also an CLI based updater available, that does exactly the same as the web
based updater but on the command line.
Prerequisites
-------------
@ -67,3 +62,32 @@ Nextcloud release. Any apps that are not developed by Nextcloud show a 3rd party
designation. **Install unsupported apps at your own risk**. Then, before the
upgrade, all 3rd party apps must be disabled. After the upgrade is complete you
may re-enable them.
Maintenance mode
----------------
You can put your Nextcloud server into maintenance mode before performing
upgrades, or for performing troubleshooting or maintenance. Please see
:doc:`../configuration_server/occ_command` to learn how to put your server into
the maintenance mode (``maintenance:mode``) or execute repair commands
(``maintenance:repair``) with the ``occ`` command.
The :doc:`build-in Updater <update>` does this for you before replacing the
existing Nextcloud code with the code of the new Nextcloud version.
``maintenance:mode`` locks the sessions of logged-in users and prevents new
logins. This is the mode to use for upgrades. You must run ``occ`` as the HTTP
user, like this example on Ubuntu Linux::
$ sudo -u www-data php occ maintenance:mode --on
You may also put your server into this mode by editing :file:`config/config.php`.
Change ``"maintenance" => false`` to ``"maintenance" => true``:
::
<?php
"maintenance" => true,
Then change it back to ``false`` when you are finished.

1
admin_manual/operations/index.rst
View File

@ -10,5 +10,4 @@ creating a custom theme for your Nextcloud server.
considerations_on_monitoring
scaling_multiple_machines.rst
theming.rst

12
admin_manual/operations/theming.rst
View File

@ -1,12 +0,0 @@
=================
Theming Nextcloud
=================
.. toctree::
:maxdepth: 2
:hidden:
Theming can be done very easily using the shipped `theming app <../configuration_server/theming.html>`_, which is enabled by default.
For more individual theming options please head over to the `developers documentation <../../developer_manual/core/theming.html>`_.

48
admin_manual/release_notes.rst
View File

@ -1,9 +1,47 @@
=================================
Nextcloud |version| Release Notes
=============
Release Notes
=============
Changes in Nextcloud |version|
------------------------------
A detailed log of all changes can be found in the official `Changelog
<https://nextcloud.com/changelog/>`_. There are also all current and previous
versions linked.
Updates to Nginx configuration
==============================
* In the Nginx configuration the Same-Origin header was removed. This is now
handled in PHP and keeping it will result in a wrong header. Please remove
those lines in your Nginx config:
``add_header X-Frame-Options "SAMEORIGIN";``
See :doc:`installation/nginx`
* For improvements in serving HTTP requests the Nginx configuration now has
HTTP 2 enabled. Please update your Nginx config accordingly. See
:doc:`installation/nginx`
* The GZip configuration for Nginx was updated. See :doc:`installation/nginx`
for details.
Common questions
----------------
Could not install core app bundle
=================================
The following error message is shown during the update: "Repair warning: Could
not install core app bundle: Could not download app <app>".
Changes in 11
-------------
This basically means that Nextcloud could not fetch the app from the appstore
automatically. This could have multiple reasons: either you disabled the
appstore with the config.php flag or your server could not reach the app store.
The instance will work fine, but the features that are usually provided by this
app are not available.
tbd
Theming changes
===============
With Nextcloud 12, CSS files have been merged into one server.css so in order
to keep your theme working you should consolidate your existing css styles into
a server.css file. As for the example theme the styles.css file has been
renamed to server.css.

64
developer_manual/android_library/examples.rst
View File

@ -80,17 +80,17 @@ Code example
private void startFolderCreation(String newFolderPath) {
CreateRemoteFolderOperation createOperation = new CreateRemoteFolderOperation(newFolderPath, false);
createOperation.execute( mClient , this , mHandler);
createOperation.execute(mClient, this, mHandler);
}
@Override
public void onRemoteOperationFinish(RemoteOperation operation, RemoteOperationResult result) {
if (operation instanceof CreateRemoteFolderOperation) {
if (result.isSuccess()) {
// do your stuff here
// do your stuff here
}
}
//
}
Read folder
@ -107,7 +107,7 @@ Code example
.. code-block:: java
private void startReadRootFolder() {
ReadRemoteFolderOperation refreshOperation = new ReadRemoteFolderOperation(FileUtils.PATH_SEPARATOR); 
ReadRemoteFolderOperation refreshOperation = new ReadRemoteFolderOperation(FileUtils.PATH_SEPARATOR);
// root folder
refreshOperation.execute(mClient, this, mHandler);
}
@ -121,7 +121,7 @@ Code example
// do your stuff here
}
}
//
}
Read file
@ -148,7 +148,7 @@ Code example
// do your stuff here
}
}
//
}
Delete file or folder
@ -164,7 +164,7 @@ Code example
private void startRemoveFile(String filePath) {
RemoveRemoteFileOperation removeOperation = new RemoveRemoteFileOperation(remotePath);
removeOperation.execute( mClient , this , mHandler);
removeOperation.execute(mClient, this, mHandler);
}
@Override
@ -174,7 +174,7 @@ Code example
// do your stuff here
}
}
//
}
@ -197,7 +197,7 @@ Code example
}
@Override
public void onRemoteOperationFinish( RemoteOperation operation, RemoteOperationResult result) {
public void onRemoteOperationFinish(RemoteOperation operation, RemoteOperationResult result) {
if (operation instanceof DownloadRemoteFileOperation) {
if (result.isSuccess()) {
// do your stuff here
@ -206,7 +206,7 @@ Code example
}
@Override
public void onTransferProgress( long progressRate, long totalTransferredSoFar, long totalToTransfer, String fileName) {
public void onTransferProgress(long progressRate, long totalTransferredSoFar, long totalToTransfer, String fileName) {
mHandler.post( new Runnable() {
@Override
public void run() {
@ -227,8 +227,8 @@ Code example
.. code-block:: java
private void startUpload (File fileToUpload, String remotePath, String mimeType) {
UploadRemoteFileOperation uploadOperation = new UploadRemoteFileOperation( fileToUpload.getAbsolutePath(), remotePath, mimeType);
private void startUpload(File fileToUpload, String remotePath, String mimeType) {
UploadRemoteFileOperation uploadOperation = new UploadRemoteFileOperation(fileToUpload.getAbsolutePath(), remotePath, mimeType);
uploadOperation.addDatatransferProgressListener(this);
uploadOperation.execute(mClient, this, mHandler);
}
@ -244,7 +244,7 @@ Code example
@Override
public void onTransferProgress(long progressRate, long totalTransferredSoFar, long totalToTransfer, String fileName) {
mHandler.post( new Runnable() {
mHandler.post(new Runnable() {
@Override
public void run() {
// do your UI updates about progress here
@ -269,24 +269,24 @@ Code example
private void startFileMove(String filePath, String newFilePath, boolean overwrite) {
MoveRemoteFileOperation moveOperation = new MoveRemoteFileOperation(filePath, newFilePath, overwrite);
moveOperation.execute( mClient , this , mHandler);
moveOperation.execute(mClient, this, mHandler);
}
@Override
public void onRemoteOperationFinish(RemoteOperation operation, RemoteOperationResult result) {
if (operation instanceof MoveRemoteFileOperation) {
if (result.isSuccess()) {
// do your stuff here
// do your stuff here
}
}
//
}
Read shared items by link
-------------------------
Get information about what files and folder are shared by link (the object
mClient contains the information about the server url and account)
mClient contains the information about the server URL and account).
Code example
~~~~~~~~~~~~
@ -295,16 +295,16 @@ Code example
private void startAllSharesRetrieval() {
GetRemoteSharesOperation getSharesOp = new GetRemoteSharesOperation();
getSharesOp.execute( mClient , this , mHandler);
getSharesOp.execute(mClient, this, mHandler);
}
@Override
public void onRemoteOperationFinish( RemoteOperation operation, RemoteOperationResult result) {
public void onRemoteOperationFinish(RemoteOperation operation, RemoteOperationResult result) {
if (operation instanceof GetRemoteSharesOperation) {
if (result.isSuccess()) {
ArrayList< OCShare > shares = new ArrayList< OCShare >();
for (Object obj: result.getData()) {
shares.add(( OCShare) obj);
shares.add((OCShare) obj);
}
// do your stuff here
}
@ -327,21 +327,21 @@ Code example
private void startSharesRetrievalForFileOrFolder(String filePath, boolean getReshares) {
GeteRemoteSharesForFileOperation operation = new GetRemoteSharesForFileOperation(filePath, getReshares, false);
operation.execute( mClient, this, mHandler);
operation.execute(mClient, this, mHandler);
}
private void startSharesRetrievalForFilesInFolder(String folderPath, boolean getReshares) {
GetRemoteSharesForFileOperation operation = new GetRemoteSharesForFileOperation(folderPath, getReshares, true);
operation.execute( mClient, this, mHandler);
operation.execute(mClient, this, mHandler);
}
@Override
public void onRemoteOperationFinish( RemoteOperation operation, RemoteOperationResult result) {
public void onRemoteOperationFinish(RemoteOperation operation, RemoteOperationResult result) {
if (operation instanceof GetRemoteSharesForFileOperation) {
if (result.isSuccess()) {
ArrayList< OCShare > shares = new ArrayList< OCShare >();
for (Object obj: result.getData()) {
shares.add(( OCShare) obj);
shares.add((OCShare) obj);
}
// do your stuff here
}
@ -367,7 +367,7 @@ Code example
private void startCreationOfPublicShareForFile(String filePath, String password) {
CreateRemoteShareOperation operation = new CreateRemoteShareOperation(filePath, ShareType.PUBLIC_LINK, "", false, password, 1);
operation.execute( mClient , this , mHandler);
operation.execute(mClient, this, mHandler);
}
private void startCreationOfGroupShareForFile(String filePath, String groupId) {
@ -381,10 +381,10 @@ Code example
}
@Override
public void onRemoteOperationFinish( RemoteOperation operation, RemoteOperationResult result) {
public void onRemoteOperationFinish(RemoteOperation operation, RemoteOperationResult result) {
if (operation instanceof CreateRemoteShareOperation) {
if (result.isSuccess()) {
OCShare share = (OCShare) result.getData ().get(0);
OCShare share = (OCShare) result.getData().get(0);
// do your stuff here
}
}
@ -405,14 +405,14 @@ Code example
private void startShareRemoval(OCShare share) {
RemoveRemoteShareOperation operation = new RemoveRemoteShareOperation((int) share.getIdRemoteShared());
operation.execute( mClient, this, mHandler);
operation.execute(mClient, this, mHandler);
}
@Override
public void onRemoteOperationFinish( RemoteOperation operation, RemoteOperationResult result) {
public void onRemoteOperationFinish(RemoteOperation operation, RemoteOperationResult result) {
if (operation instanceof RemoveRemoteShareOperation) {
if (result.isSuccess()) {
// do your stuff here
// do your stuff here
}
}
}
@ -425,6 +425,6 @@ Tips
* Paths must not be on URL Encoding
* Correct path: ``https://example.com/nextcloud/remote.php/dav/PopMusic``
* Wrong path: ``https://example.com/nextcloud/remote.php/dav/Pop%20Music/``
* There are some forbidden characters to be used in folder and files names on the server, same on the Nextcloud Android Library "\","/","<",">",":",""","|","?","*"
* There are some forbidden characters to be used in folder and file names on the server, same on the Nextcloud Android Library "\","/","<",">",":",""","|","?","*"
* Upload and download actions may be cancelled thanks to the objects uploadOperation.cancel(), downloadOperation.cancel()
* Unit tests, before launching unit tests you have to enter your account information (server url, user and password) on TestActivity.java
* Unit tests, before launching unit tests you have to enter your account information (server URL, user and password) on TestActivity.java

12
developer_manual/android_library/index.rst
View File

@ -13,13 +13,13 @@ library under the MIT license.
Android Nextcloud Client development
------------------------------------
If you are interested in working on the Nextcloud android client, you can find
the source code `in github <https://github.com/nextcloud/android/>`_. The
If you are interested in working on the Nextcloud Android client, you can find
the source code `in GitHub <https://github.com/nextcloud/android/>`_. The
setup and process of contribution is
`documented here <https://github.com/nextcloud/android/blob/master/SETUP.md>`_.
You might want to start with doing one or two `starter issue <https://github.com/nextcloud/android/issues?q=is%3Aopen+is%3Aissue+label%3A%22starter+issue%22>`_
to get into the code and note our :doc:`../general/index`
You might want to start with doing one or two `starter issues <https://github.com/nextcloud/android/issues?q=is%3Aopen+is%3Aissue+label%3A%22starter+issue%22>`_
to get into the code and note our :doc:`../general/index`.
Nextcloud Android Library
-------------------------
@ -27,12 +27,12 @@ Nextcloud Android Library
This document will describe how to the use Nextcloud Android Library. The
Nextcloud Android Library allows a developer to communicate with any Nextcloud
server; among the features included are file synchronization, upload and
download of files, delete rename files and folders, etc.
download of files, delete or rename files and folders, etc.
This library may be added to a project and seamlessly integrates any
application with Nextcloud.
The tool needed is any IDE for Android preferred IDE at the moment is Android Studio.
The tool needed is any IDE for Android; the preferred IDE at the moment is Android Studio.
.. toctree::
:maxdepth: 2

19
developer_manual/android_library/library_installation.rst
View File

@ -5,13 +5,11 @@ Obtaining the library
---------------------
The Nextcloud Android library may be obtained from the following Github repository:
The Nextcloud Android library may be obtained from the following GitHub repository:
`https://github.com/nextcloud/android-library <https://github.com/nextcloud/android-library>`_
Once obtained, this code should be compiled. The Github repository not only contains the library, but also a sample project, sample_client
sample_client properties/android/librerias
, which will assist in learning how to use the library.
Once obtained, this code should be compiled. The GitHub repository not only contains the library, but also a sample project, *sample_client*, which will assist in learning how to use the library.
Add the library to a project
@ -19,14 +17,14 @@ Add the library to a project
There are different methods to add an external library to a project, we will describe two.
#. Add the library as a gradle dependency via jitpack
#. Add the library as a Gradle dependency via JitPack
#. Add the library repo to your Android project as a git submodule
#. Add the library repo to your Android project as a Git submodule
Add the library as a gradle dependency
Add the library as a Gradle dependency
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Simply open your::
@ -37,15 +35,16 @@ and add the dependency::
compile 'com.github.nextcloud:android-library:<version>'
<version> refers to the exact version you would like to include in your application. This could be -SNAPSHOT for always using the latest code revision of the master branch. Alternatively you can also specifiy a version number which refers to a fixed release, e.g. 1.0.0. (compile 'com.github.nextcloud:android-library:1.0.0')
<version> refers to the exact version you would like to include in your application. This could be -SNAPSHOT for always using the latest code revision of the master branch. Alternatively you can also specifiy a version number which refers to a fixed release, e.g. 1.0.0. (compile 'com.github.nextcloud:android-library:1.0.0').
Add the library project to your project as a git submodule
Add the library project to your project as a Git submodule
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Basically get the code and compile it having it integrated via a git submodule
Basically get the code and compile it having it integrated via a Git submodule.
Go into your own apps directory on the command line and add the Nextcloud Android library as a submodule::
git submodule add https://github.com/nextcloud/android-library nextcloud-android-library
Import/Open your app in Android Studio and you are done. All the public classes and methods of the library will be available for your own app.

2
developer_manual/app/backgroundjobs.rst
View File

@ -11,7 +11,7 @@ Background/cron jobs are usually registered in the :file:`appinfo/app.php` by us
<?php
\OCP\Backgroundjob::addRegularTask('\OCA\MyApp\Cron\SomeTask', 'run');
The class for the above example would live in :file:`cron/sometask.php`. Try to keep the method as small as possible because its hard to test static methods. Simply reuse the app container and execute a service that was registered in it.
The class for the above example would live in :file:`cron/sometask.php`. Try to keep the method as small as possible because its hard to test static methods. Simply reuse the app container and execute a service that was registered in it:
.. code-block:: php

15
developer_manual/app/code_signing.rst
View File

@ -45,8 +45,7 @@ version branch in version.php to something else than "stable".
Is Code Signing Mandatory For Apps?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Code signing is optional for all third-party applications. Applications
with a tag of "Official" on apps.owncloud.com require code signing.
Code signing is required for all applications on apps.nextcloud.com.
Technical details
-----------------
@ -59,7 +58,7 @@ private key.
This Root Authority is only used for signing certificate signing requests (CSRs)
for additional certificates. Certificates issued by the Root Authority must
always to be limited to a specific scope, usually the application identifier.
always be limited to a specific scope, usually the application identifier.
This enforcement is done using the ``CN`` attribute of the certificate.
Code signing is then done by creating a ``signature.json`` file with the
@ -122,16 +121,16 @@ examples will assume that you are trying to sign an application named
your GitHub account to show your mail address in your profile. Nextcloud
might ask you for further information to verify that you're the legitimate
owner of the application. Make sure to keep the private key file (``contacts.key``)
secret and not disclose it to any third-parties.
secret and not disclose it to any third parties.
3. Nextcloud will provide you with the signed certificate.
4. Run ``./occ integrity:sign-app`` to sign your application, and specify
your private and the public key as well as the path to the application.
your private and public keys as well as the path to the application.
A valid example looks like: ``./occ integrity:sign-app --privateKey=/Users/lukasreschke/contacts.key
--certificate=/Users/lukasreschke/CA/contacts.crt --path=/Users/lukasreschke/Programming/contacts``
The occ tool will store a ``signature.json`` file within the ``appinfo`` folder
of your application. Then compress the application folder and upload it to
apps.owncloud.com. Be aware that doing any changes to the application after it
apps.nextcloud.com. Be aware that doing any changes to the application after it
has been signed requires another signing. So if you do not want to have some
files shipped remove them before running the signing command.
@ -141,7 +140,7 @@ certificate.
If you maintain an app together with multiple people it is recommended to
designate a release manager responsible for the signing process as well
as the uploading to apps.owncloud.com. If there are cases where this is not
as the uploading to apps.nextcloud.com. If there are cases where this is not
feasible and multiple certificates are required Nextcloud can create them on a
case by case basis. We do not recommend developers to share their private key.
@ -175,7 +174,7 @@ manual.
- Another exception has prevented the code verification. There are currently
these following exceptions:
- ``Signature data not found.```
- ``Signature data not found.``
- The app has mandatory code signing enforced but no ``signature.json``
file has been found in its ``appinfo`` folder.

3
developer_manual/app/container.rst
View File

@ -125,7 +125,7 @@ The container works in the following way:
$c->query('AuthorService')
);
* The **AppName** is queried and returned from the baseclass
* The **AppName** is queried and returned from the base class
* The **Request** is queried and returned from the server container
* **AuthorService** is queried::
@ -294,7 +294,6 @@ Types:
* **OCP\\AppFramework\\Utility\\IControllerMethodReflector**
* **OCP\\Contacts\\IManager**
* **OCP\\IDateTimeZone**
* **OCP\\IDb**
* **OCP\\IDBConnection**
* **OCP\\Diagnostics\\IEventLogger**
* **OCP\\Diagnostics\\IQueryLogger**

Some files were not shown because too many files have changed in this diff Show More