#!/bin/bash
NEXTCLOUD_DOWNLOAD_URL="https://download.nextcloud.com/server/releases/latest.tar.bz2"
ROOT_MYSQL_PASSWORD="penguin"
NEXCLOUD_MYSQL_PASSWORD="penguin"
NEXTCLOUD_MYSQL_ADMIN_PASSWORD="penguin"
domain_name="tuxmail.io"
wireguard_static_ip="94.158.244.150"
# Make sure Apache, MySQL, PHP and other dependencies needed for Nextcloud are installed
apt install -y libapache2-mod-php php-bz2 php-gd php-mysql php-curl php-zip php-mbstring php-imagick php-ctype php-curl php-dom php-json php-posix php-bcmath php-xml php-intl php-gmp zip unzip wget apache2 mariadb-server libarchive-tools
# Enable required modules and restart Apache
a2enmod rewrite dir mime env headers
systemctl restart apache2
# Create MySQL database and user for Nextcloud and set permissions
mysql -u root -p$ROOT_MYSQL_PASSWORD < 'localhost',/a \ 1 => 'nextcloud.$domain_name'," /var/www/nextcloud/config/config.php
# Create Apache config for nextcloud
cat << EOF > "/etc/apache2/sites-enabled/nextcloud.conf"
ServerName nextcloud.$domain_name
ServerAdmin webmaster@localhost
DocumentRoot /var/www/nextcloud
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
SetHandler "proxy:unix:/var/run/php/php8.1-fpm.sock|fcgi://localhost/"
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined
EOF
# Add A record for nextcloud domain
pdnsutil add-record "$domain_name" nextcloud A "$wireguard_static_ip"
# Secure nextcloud, disable Apache prefork module
a2dismod php8.1
a2dismod mpm_prefork
# Enable php-fpm
a2enmod mpm_event proxy_fcgi setenvif
a2enconf php8.1-fpm
# Increase the max php upload size
sed -i '/upload_max_filesize/c\upload_max_filesize = 64M' /etc/php/8.1/fpm/php.ini
# Increase the max post size
sed -i '/post_max_size/c\post_max_size = 96M' /etc/php/8.1/fpm/php.ini
# Increase the memory limit
sed -i '/memory_limit/c\memory_limit = 512M' /etc/php/8.1/fpm/php.ini
# Increase the max execution time
sed -i '/max_execution_time/c\max_execution_time = 600' /etc/php/8.1/fpm/php.ini
# Increase the max input vars
sed -i '/max_input_vars/c\max_input_vars = 3000' /etc/php/8.1/fpm/php.ini
# Increase the max input time
sed -i '/max_input_time/c\max_input_time = 1000' /etc/php/8.1/fpm/php.ini
# Increase pm.max_children
sed -i '/^pm.max_children/c\pm.max_children = 64' /etc/php/8.1/fpm/pool.d/www.conf
# Increase pm.start_servers
sed -i '/^pm.start_servers/c\pm.start_servers = 16' /etc/php/8.1/fpm/pool.d/www.conf
# Increase pm.min_spare_servers
sed -i '/^pm.min_spare_servers/c\pm.min_spare_servers = 16' /etc/php/8.1/fpm/pool.d/www.conf
# Increase pm.max_spare_servers
sed -i '/^pm.max_spare_servers/c\pm.max_spare_servers = 32' /etc/php/8.1/fpm/pool.d/www.conf
# Restart php8.1-fpm
service php8.1-fpm restart
# Restart apache2
service apache2 restart
# Increase php file execution and website loading performance
sed -i '/\[opcache\]/a\
opcache.enable=1\
opcache.enable_cli=1\
opcache.interned_strings_buffer=8\
opcache.max_accelerated_files=10000\
opcache.memory_consumption=128\
opcache.save_comments=1\
opcache.revalidate_freq=60' /etc/php/8.1/fpm/php.ini
# Restart apache and php-fpm
systemctl restart php8.1-fpm
systemctl restart apache2
# Install APCu for memory caching.
apt install -y php8.1-apcu
# Configure Nextcloud to use APCu for memory caching
sed -i "/);/i \ \'memcache.local\' => \'\\\\OC\\\\Memcache\\\\APCu\'," /var/www/nextcloud/config/config.php
# Restart apache and php-fpm
systemctl restart php8.1-fpm
systemctl restart apache2
# Install Redis Server and Redis php extension
apt-get install -y redis-server php-redis
# Start and Enable Redis
systemctl start redis-server
systemctl enable redis-server
# Configure Redis to use Unix Socket than ports
sed -i '/^port/c\port 0' /etc/redis/redis.conf
sed -i '/^# unixsocket /c\unixsocket /var/run/redis/redis.sock' /etc/redis/redis.conf
sed -i '/^# unixsocketperm/c\unixsocketperm 770' /etc/redis/redis.conf
# Add Apache user to the Redis group
usermod -a -G redis www-data
# Configure Nextcloud for using Redis for File Locking
sed -i "/memcache.local/a\
'filelocking.enabled' => 'true',\\
'memcache.locking' => '\OC\Memcache\Redis',\\
'redis' => [\\
'host' => '/var/run/redis/redis.sock',\\
'port' => 0,\\
'dbindex' => 0,\\
'password' => '',\\
'timeout' => 1.5,\\
]," /var/www/nextcloud/config/config.php
# Enable Redis session locking in PHP
cat << EOF >> "/etc/php/8.1/fpm/php.ini"
redis.session.locking_enabled=1
redis.session.lock_retries=-1
redis.session.lock_wait_time=10000
EOF
# Restart php-fpm and apache
systemctl restart php8.1-fpm
systemctl restart apache2
# Install certbot if not installed
apt-get install python3-certbot-apache -y
# Request certificate for our nextcloud subdomain
printf "1\n" | certbot --non-interactive --apache --agree-tos --redirect --hsts --staple-ocsp --email "$user1_email_address@$domain_name" -d nextcloud.$domain_name
# Enable apache HTTP2 module and configure site for the http2 protocols
a2enmod http2
# Add Protocols h2 h2c http/1.1 to /etc/apache2/sites-enabled/nextcloud-le-ssl.conf
sed -i "/ServerName/a\ Protocols h2 h2c http/1.1" /etc/apache2/sites-enabled/nextcloud-le-ssl.conf
# Restart apache2
systemctl restart apache2
# Prevent man-in-the-middle attacks
sed -i "/ServerName/a\\
\\
Header always set Strict-Transport-Security \"max-age=15552000; includeSubDomains\"\\
" /etc/apache2/sites-enabled/nextcloud-le-ssl.conf
# Make URLs shorter and prettier
sed -i "/);/i \ 'htaccess.RewriteBase' => '/'," /var/www/nextcloud/config/config.php
sudo -u www-data php --define apc.enable_cli=1 /var/www/nextcloud/occ maintenance:update:htaccess
# Bugfix
echo apc.enable_cli=1 >> /etc/php/8.1/mods-available/apcu.ini
# Enable the calendar
sudo -u www-data php /var/www/nextcloud/occ app:enable calendar
# Set the calendar app to be the default landing page upon login for nextcloud
sed -i "/);/i \ 'defaultapp' => 'calendar'," /var/www/nextcloud/config/config.php