How can I install Nextcloud correctly with ISPConfig?

Discussion in 'General' started by Milly, Jan 24, 2020.

  1. Milly

    Milly Member

    Hi, I can't get Nextcloud to work correctly using ISPConfig.

    How can I install Nextcloud securely and with the correct permissions to folders and the correct certificates?

    Thank you

    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Debian GNU/Linux 10 (buster)
    [INFO] ISPConfig is installed.

    ##### ISPCONFIG #####
    ISPConfig version is 3.1.15p2


    ##### VERSION CHECK #####

    [INFO] php (cli) version is 7.3.11-1~deb10u1

    ##### PORT CHECK #####

    [WARN] Port 22 (SSH server) seems NOT to be listening

    ##### MAIL SERVER CHECK #####


    ##### RUNNING SERVER PROCESSES #####

    [INFO] I found the following web server(s):
    Apache 2 (PID 4267)
    [INFO] I found the following mail server(s):
    Postfix (PID 1085)
    [INFO] I found the following pop3 server(s):
    Dovecot (PID 508)
    [INFO] I found the following imap server(s):
    Dovecot (PID 508)
    [INFO] I found the following ftp server(s):
    PureFTP (PID 846)

    ##### LISTENING PORTS #####
    (only ()
    Local (Address)
    [anywhere]:993 (508/dovecot)
    [anywhere]:995 (508/dovecot)
    [localhost]:10023 (790/postgrey)
    [localhost]:10024 (1120/amavisd-new)
    [localhost]:10025 (1085/master)
    [localhost]:10026 (1120/amavisd-new)
    [anywhere]:22090 (535/sshd)
    [localhost]:10027 (1085/master)
    [anywhere]:587 (1085/master)
    [localhost]:11211 (445/memcached)
    [anywhere]:110 (508/dovecot)
    [anywhere]:143 (508/dovecot)
    [anywhere]:465 (1085/master)
    [anywhere]:21 (846/pure-ftpd)
    ***.***.***.***:53 (454/named)
    ***.***.***.***:53 (454/named)
    [localhost]:53 (454/named)
    [anywhere]:25 (1085/master)
    [localhost]:953 (454/named)
    *:*:*:*::*:993 (508/dovecot)
    *:*:*:*::*:995 (508/dovecot)
    *:*:*:*::*:10024 (1120/amavisd-new)
    *:*:*:*::*:10026 (1120/amavisd-new)
    *:*:*:*::*:3306 (638/mysqld)
    *:*:*:*::*:22090 (535/sshd)
    *:*:*:*::*:587 (1085/master)
    [localhost]10 (508/dovecot)
    [localhost]43 (508/dovecot)
    *:*:*:*::*:8080 (4267/apache2)
    *:*:*:*::*:80 (4267/apache2)
    *:*:*:*::*:8081 (4267/apache2)
    *:*:*:*::*:465 (1085/master)
    *:*:*:*::*:21 (846/pure-ftpd)
    *:*:*:*::*:53 (454/named)
    *:*:*:*::*:25 (1085/master)
    *:*:*:*::*:953 (454/named)
    *:*:*:*::*:443 (4267/apache2)




    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    f2b-roundcube tcp -- [anywhere]/0 [anywhere]/0 multiport dports 80,443
    f2b-auth tcp -- [anywhere]/0 [anywhere]/0 multiport dports 80,443
    f2b-pure-ftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21
    f2b-auth tcp -- [anywhere]/0 [anywhere]/0 multiport dports 80,443
    f2b-ispconfig tcp -- [anywhere]/0 [anywhere]/0 multiport dports 8080
    f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25,465,587,143,993,110,995
    f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain f2b-sshd (1 references)
    target prot opt source destination
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain f2b-postfix-sasl (1 references)
    target prot opt source destination
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain f2b-ispconfig (1 references)
    target prot opt source destination
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain f2b-auth (2 references)
    target prot opt source destination
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    RETURN all -- [anywhere]/0 [anywhere]/0
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain f2b-pure-ftpd (1 references)
    target prot opt source destination
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain f2b-apache-postflood (1 references)
    target prot opt source destination
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain f2b-roundcube (1 references)
    target prot opt source destination
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    RETURN all -- [anywhere]/0 [anywhere]/0
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Create an ispconfig website, ensure that php-mode is php-fpm and suexec is enabled, and then install nextcloud into the web folder and configure nextcloud to use the private folder of the website to store documents. All files and folders from nextcloud must be owned by the web user and client group of the website, but that's automatically the case when you install nextcloud by using an ssh user of that website or upload it by using an FTP user of that website.
     
    Milly likes this.
  3. Milly

    Milly Member

    From ISPConfog add the database, database user, add the website cloud.domain.com

    But I have problems with the permissions because it does not enter.

    [email protected]:/var/www/clients/client0/web1# ls -la
    total 40
    drwxr-xr-x 10 root root 4096 Jan 24 17:03 .
    drwxr-xr-x 3 root root 4096 Jan 24 17:03 ..
    drwxr-xr-x 2 web1 client0 4096 Jan 24 17:03 cgi-bin
    drwxr-xr-x 2 root root 4096 Jan 24 18:04 log
    drwx--x--- 2 web1 client0 4096 Jan 24 17:03 private
    drwx------ 2 web1 client0 4096 Jan 24 17:03 .ssh
    drwxr-xr-x 2 root root 4096 Jan 24 17:03 ssl
    drwxrwx--- 2 web1 client0 4096 Jan 24 17:03 tmp
    drwxr-xr-x 15 www-data www-data 4096 Jan 24 17:23 web
    drwx--x--- 2 web1 client0 4096 Jan 24 17:03 webdav
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Seems as if you manually have set wrong permissions, because the web folder is never owned by www-data in ISPConfig and if you change it to www-data, then the permmissions are wrong and writing to that folder must fail. The web folder must be owned by web1:client0 in your case, so change it back to that owner. and all files and folders inside the web folder must be owned by web1:client0 as well.
     
    Milly likes this.
  5. Milly

    Milly Member

    Excellent thanks

    My mistake was not using ftp to send the files

    From ssh download nextcloud to /tmp and then change the permissions of /web to move the files.

    I went back to the previous permissions created by ISPConfig (web1: client0) as you told me and now it works.
     
    Th0m and till like this.

Share This Page