So I have been slowly migrating away from more well known apps for lesser known one. All in the way of self hosting my daily web apps.
This will be my blog for self hosting stuff in my life.
Other threads about me.
Reserved
@Dynamic_Gravity for nextcloud, how do i go about making the default storage my synology nas? Do I mount it to the vm and somehow direct it to the mounted directory?
If you can make an NFS share on your NAS and then mount that with your VM and then you just update your config file to point at your mount.
That what I do anyway. Works well for TrusNAS. That way you get file level integrity from ZFS and you get multiple file versioning with Nextcloud. No need to setup shadow copy or anything complicated.
I am struggling to find a nginx reverse proxy config that works for nextcloud.
You two are the folks who have helped me with nginx in the past.
server {
server_name cloud.mycloud.com;
access_log /var/log/nginx/reverse-access.log;
error_log /var/log/nginx/reverse-error.log;
location / {
proxy_pass http://10.0.0.2:8080;
}
# listen [::]:443 ssl; # managed by Certbot
# listen 443 ssl; # managed by Certbot
# ssl_certificate /etc/letsencrypt/live/mc1.MYNAME.com/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/mc1.MYNAME.com/privkey.pem; # managed by Certbot
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = cloud.mycloud.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name cloud.Mydomain.com;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}
See their documention they literally provide a template. A really good one
It includes the WebDAV redirects
Yup thats my next route. 10 GBE NAS… 10 GBE compute host… Seperated
I really like where truenas is going. I know @Novasty uses synology but truenas has become turnkey therefore synology is an obsolete method IMHO 
What do you think of my nginx conf?
Its missing a lot
Consult their documentation as I said its good
https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
75w+(depending on the proc) vs 10w+ one is more UPS friendly than the other.
I mean… Just stop being poor
Synology aint being poor, but it does have room for the back up power I use.
Truenas is being poor by your standards since you can build for cheaper and more powerful.
I mean would I go cheaper? I would probably go like two Vdevs composed of raid z3 that mirror each other level expensive
seriously though have you seen truenas. The interface lately… they have put TONS of development into it. It really is well polished
Like Unraid BTFOd for sure
pool: pool0
state: ONLINE
scan: scrub repaired 0B in 16:32:49 with 0 errors on Sun Apr 17 16:32:50 2022
config:
NAME STATE READ WRITE CKSUM
pool0 ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
gptid/1d2072be-116c-11eb-b3bf-002590868ef8 ONLINE 0 0 0
gptid/24169b4e-116c-11eb-b3bf-002590868ef8 ONLINE 0 0 0
mirror-1 ONLINE 0 0 0
gptid/23ef5597-116c-11eb-b3bf-002590868ef8 ONLINE 0 0 0
gptid/2c7ce94e-116c-11eb-b3bf-002590868ef8 ONLINE 0 0 0
mirror-2 ONLINE 0 0 0
gptid/552ef115-8be3-11eb-90bd-002590868ef8 ONLINE 0 0 0
gptid/fe8a5028-8c20-11eb-90bd-002590868ef8 ONLINE 0 0 0
mirror-4 ONLINE 0 0 0
gptid/0b103437-d2d0-11ec-a35e-002590868ef8 ONLINE 0 0 0
gptid/0b1d55c0-d2d0-11ec-a35e-002590868ef8 ONLINE 0 0 0
cache
gptid/0d2febe3-5bbd-11ec-b993-002590868ef8 ONLINE 0 0 0
spares
gptid/7c64786e-8e64-11eb-9cf1-002590868ef8 AVAIL
errors: No known data errors
pool: pool1
state: ONLINE
scan: scrub repaired 0B in 00:00:01 with 0 errors on Tue May 10 17:19:59 2022
config:
NAME STATE READ WRITE CKSUM
pool1 ONLINE 0 0 0
raidz2-0 ONLINE 0 0 0
gptid/e65f4666-d0a0-11ec-ae4c-002590868ef8 ONLINE 0 0 0
gptid/e6893722-d0a0-11ec-ae4c-002590868ef8 ONLINE 0 0 0
gptid/e67338f9-d0a0-11ec-ae4c-002590868ef8 ONLINE 0 0 0
gptid/e6b510b0-d0a0-11ec-ae4c-002590868ef8 ONLINE 0 0 0
raidz2-1 ONLINE 0 0 0
gptid/e69f12fb-d0a0-11ec-ae4c-002590868ef8 ONLINE 0 0 0
gptid/e6ac0c8b-d0a0-11ec-ae4c-002590868ef8 ONLINE 0 0 0
gptid/e6944c06-d0a0-11ec-ae4c-002590868ef8 ONLINE 0 0 0
gptid/e4e185cd-d0a0-11ec-ae4c-002590868ef8 ONLINE 0 0 0
spares
gptid/e67e5603-d0a0-11ec-ae4c-002590868ef8 AVAIL
errors: No known data errors
Performance (pool0 32 TiB), archive (pool1 7 TiB)
pool0 contains my iscsi mounts and media and pool1 contains tarballs, mysqldumps, backups, and other file level documents.
Is it doable to nginx on linode and apache on the physical server? i have been struggling getting the
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php/php7.4-fpm.sock;
}
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server {
listen 80;
listen [::]:80;
server_name cloud.example.com;
# Prevent nginx HTTP Server Detection
server_tokens off;
# Enforce HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.example.com;
# Path to the root of your installation
root /var/www/nextcloud;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
# Prevent nginx HTTP Server Detection
server_tokens off;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size and increase upload timeout:
client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
No not without conflict why would you run two things that do the exact same thing. That would make it seem like your hell bent to do it the hard way
Stick with one that you like and use it.
I managed to get it working. The thing is I’m familiar with Apache for hosting web apps and Nginx for the reverse proxy side of things.
I use one web server software because I have an internal and an external and Id rather just sync configs rather than sit and figure out syntax between the two