RomanNum3ral
/
nextcloud-install
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update arch_install.sh

This commit is contained in:
RomanNum3ral 2026-03-19 12:39:47 +00:00
parent 94137f7551
commit fb9737cbe0
1 changed files with 40 additions and 220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

260
arch_install.sh
View File

@ -1,9 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Nextcloud + Apache + PHP 8.3 (php-legacy) + MariaDB + Valkey/Redis on Arch Linux # Nextcloud + Apache + PHP 8.3 (php-legacy) + MariaDB + Valkey on Arch Linux
# Production-oriented, reverse-proxy aware # Production-oriented, reverse-proxy aware
#
# Run as root:
# sudo ./arch_install.sh
set -euo pipefail set -euo pipefail
IFS=$'\n\t' IFS=$'\n\t'
@ -24,7 +21,7 @@ ADMIN_USER="admin"
ADMIN_PASS="changeMe" ADMIN_PASS="changeMe"
TRUST_LOCAL_PROXY="true" TRUST_LOCAL_PROXY="true"
REAL_IP_HEADER="CF-Connecting-IP" # use X-Forwarded-For if not Cloudflare REAL_IP_HEADER="CF-Connecting-IP"
NC_VERSION="33.0.0" NC_VERSION="33.0.0"
NC_TARBALL_URL="https://download.nextcloud.com/server/releases/nextcloud-${NC_VERSION}.tar.bz2" NC_TARBALL_URL="https://download.nextcloud.com/server/releases/nextcloud-${NC_VERSION}.tar.bz2"
@ -35,7 +32,7 @@ PHP_INI="/etc/php-legacy/php.ini"
PHP_FPM_WWW_CONF="/etc/php-legacy/php-fpm.d/www.conf" PHP_FPM_WWW_CONF="/etc/php-legacy/php-fpm.d/www.conf"
PHP_FPM_SERVICE="php-fpm-legacy" PHP_FPM_SERVICE="php-fpm-legacy"
REDIS_SOCK="/run/redis/redis.sock" KV_SOCK="/run/valkey/valkey.sock"
# ========================= # =========================
# HELPERS # HELPERS
@ -52,12 +49,7 @@ require_root() {
} }
check_vars() { check_vars() {
local vars=( local vars=(DOMAIN NC_DIR NC_DATA_DIR DB_NAME DB_USER DB_PASS ADMIN_USER ADMIN_PASS)
DOMAIN NC_DIR NC_DATA_DIR
DB_NAME DB_USER DB_PASS
ADMIN_USER ADMIN_PASS
NC_VERSION NC_TARBALL_URL NC_SHA512_URL
)
for v in "${vars[@]}"; do for v in "${vars[@]}"; do
if [[ -z "${!v}" ]]; then if [[ -z "${!v}" ]]; then
echo "Variable $v is empty. Edit the script first." echo "Variable $v is empty. Edit the script first."
@ -66,13 +58,6 @@ check_vars() {
done done
} }
require_cmd() {
command -v "$1" >/dev/null 2>&1 || {
echo "Required command not found: $1"
exit 1
}
}
enable_php_ext() { enable_php_ext() {
local ext="$1" local ext="$1"
if ! grep -Eq "^[[:space:]]*extension=${ext}\.so" "$PHP_INI"; then if ! grep -Eq "^[[:space:]]*extension=${ext}\.so" "$PHP_INI"; then
@ -104,60 +89,34 @@ set_fpm_value() {
} }
detect_kv_conf() { detect_kv_conf() {
if [[ -f /etc/valkey/valkey.conf ]]; then for f in /etc/valkey/valkey.conf /etc/redis/redis.conf /etc/redis.conf; do
echo "/etc/valkey/valkey.conf" [[ -f "$f" ]] && echo "$f" && return
elif [[ -f /etc/redis/redis.conf ]]; then done
echo "/etc/redis/redis.conf"
elif [[ -f /etc/redis.conf ]]; then
echo "/etc/redis.conf"
else
echo ""
fi
} }
detect_kv_service() { detect_kv_service() {
if systemctl list-unit-files 2>/dev/null | grep -q '^valkey\.service'; then for s in valkey redis; do
echo "valkey" [[ -f "/usr/lib/systemd/system/${s}.service" ]] && echo "$s" && return
elif systemctl list-unit-files 2>/dev/null | grep -q '^redis\.service'; then done
echo "redis"
else
echo ""
fi
} }
# =========================
# PRECHECKS
# =========================
require_root require_root
check_vars check_vars
# =========================
# PACKAGES
# =========================
log "Updating system and installing packages" log "Updating system and installing packages"
pacman -Syu --noconfirm pacman -Syu --noconfirm
pacman -S --needed --noconfirm \ pacman -S --needed --noconfirm \
apache mariadb valkey cronie \ apache mariadb valkey cronie \
php-legacy php-legacy-fpm php-legacy-gd php-legacy-intl php-legacy-sodium \ php-legacy php-legacy-fpm php-legacy-gd php-legacy-intl php-legacy-sodium \
php-legacy-apcu php-legacy-redis php-legacy-imagick \ php-legacy-apcu php-legacy-redis php-legacy-imagick \
curl wget tar bzip2 unzip sudo curl wget tar bzip2 unzip sudo
require_cmd mariadb
require_cmd httpd
require_cmd "${PHP_BIN}"
KV_CONF="$(detect_kv_conf)" KV_CONF="$(detect_kv_conf)"
KV_SERVICE="$(detect_kv_service)" KV_SERVICE="$(detect_kv_service)"
if [[ -z "${KV_CONF}" ]]; then
echo "Could not find Valkey/Redis config file."
echo "Looked for /etc/valkey/valkey.conf, /etc/redis/redis.conf, and /etc/redis.conf"
exit 1
fi
if [[ -z "${KV_SERVICE}" ]]; then
echo "Could not find valkey.service or redis.service"
exit 1
fi
# ========================= # =========================
# DIRECTORIES # DIRECTORIES
# ========================= # =========================
@ -175,16 +134,8 @@ fi
systemctl enable --now mariadb systemctl enable --now mariadb
mariadb <<'SQL'
DELETE FROM mysql.user WHERE User='';
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db LIKE 'test\_%';
FLUSH PRIVILEGES;
SQL
mariadb <<SQL mariadb <<SQL
CREATE DATABASE IF NOT EXISTS \`${DB_NAME}\` CREATE DATABASE IF NOT EXISTS \`${DB_NAME}\` CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
CREATE USER IF NOT EXISTS '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASS}'; CREATE USER IF NOT EXISTS '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASS}';
GRANT ALL PRIVILEGES ON \`${DB_NAME}\`.* TO '${DB_USER}'@'localhost'; GRANT ALL PRIVILEGES ON \`${DB_NAME}\`.* TO '${DB_USER}'@'localhost';
FLUSH PRIVILEGES; FLUSH PRIVILEGES;
@ -201,21 +152,7 @@ done
set_ini_value "memory_limit" "512M" set_ini_value "memory_limit" "512M"
set_ini_value "upload_max_filesize" "1024M" set_ini_value "upload_max_filesize" "1024M"
set_ini_value "post_max_size" "1024M" set_ini_value "post_max_size" "1024M"
set_ini_value "max_execution_time" "360"
set_ini_value "max_input_time" "360"
set_ini_value "output_buffering" "Off" set_ini_value "output_buffering" "Off"
set_ini_value "date.timezone" "UTC"
if ! grep -Eq '^[[:space:]]*zend_extension[[:space:]]*=.*opcache' "$PHP_INI"; then
printf "\nzend_extension=opcache\n" >> "$PHP_INI"
fi
set_ini_value "opcache.enable" "1"
set_ini_value "opcache.enable_cli" "0"
set_ini_value "opcache.interned_strings_buffer" "16"
set_ini_value "opcache.max_accelerated_files" "10000"
set_ini_value "opcache.memory_consumption" "256"
set_ini_value "opcache.save_comments" "1"
set_ini_value "opcache.revalidate_freq" "60"
set_fpm_value "user" "http" set_fpm_value "user" "http"
set_fpm_value "group" "http" set_fpm_value "group" "http"
@ -223,39 +160,23 @@ set_fpm_value "listen" "/run/php-fpm-legacy/php-fpm.sock"
set_fpm_value "listen.owner" "http" set_fpm_value "listen.owner" "http"
set_fpm_value "listen.group" "http" set_fpm_value "listen.group" "http"
set_fpm_value "listen.mode" "0660" set_fpm_value "listen.mode" "0660"
set_fpm_value "pm" "dynamic"
set_fpm_value "pm.max_children" "64"
set_fpm_value "pm.start_servers" "8"
set_fpm_value "pm.min_spare_servers" "4"
set_fpm_value "pm.max_spare_servers" "16"
systemctl enable --now "${PHP_FPM_SERVICE}" systemctl enable --now "${PHP_FPM_SERVICE}"
systemctl restart "${PHP_FPM_SERVICE}" systemctl restart "${PHP_FPM_SERVICE}"
# ========================= # =========================
# VALKEY / REDIS # VALKEY
# ========================= # =========================
log "Configuring Valkey/Redis" log "Configuring Valkey/Redis"
echo "Using config: ${KV_CONF}"
echo "Using service: ${KV_SERVICE}"
sed -ri 's|^port .*|port 0|' "${KV_CONF}" sed -ri 's|^port .*|port 0|' "${KV_CONF}"
if grep -Eq '^[[:space:]]*unixsocket[[:space:]]+' "${KV_CONF}"; then if grep -Eq '^[[:space:]]*unixsocket[[:space:]]+' "${KV_CONF}"; then
sed -ri "s|^[[:space:]]*unixsocket[[:space:]]+.*|unixsocket ${REDIS_SOCK}|" "${KV_CONF}" sed -ri "s|^[[:space:]]*unixsocket[[:space:]]+.*|unixsocket ${KV_SOCK}|" "${KV_CONF}"
else else
printf "\nunixsocket %s\n" "${REDIS_SOCK}" >> "${KV_CONF}" printf "\nunixsocket %s\nunixsocketperm 770\n" "${KV_SOCK}" >> "${KV_CONF}"
fi fi
if grep -Eq '^[[:space:]]*unixsocketperm[[:space:]]+' "${KV_CONF}"; then
sed -ri 's|^[[:space:]]*unixsocketperm[[:space:]]+.*|unixsocketperm 770|' "${KV_CONF}"
else
printf "unixsocketperm 770\n" >> "${KV_CONF}"
fi
usermod -aG redis http 2>/dev/null || true
usermod -aG valkey http 2>/dev/null || true usermod -aG valkey http 2>/dev/null || true
usermod -aG redis http 2>/dev/null || true
systemctl enable --now "${KV_SERVICE}" systemctl enable --now "${KV_SERVICE}"
systemctl restart "${KV_SERVICE}" systemctl restart "${KV_SERVICE}"
@ -265,32 +186,26 @@ systemctl restart "${KV_SERVICE}"
log "Configuring Apache" log "Configuring Apache"
HTTPD_CONF="/etc/httpd/conf/httpd.conf" HTTPD_CONF="/etc/httpd/conf/httpd.conf"
sed -ri 's|^#(LoadModule proxy_module modules/mod_proxy.so)|\1|' "${HTTPD_CONF}" # Enable core modules
sed -ri 's|^#(LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so)|\1|' "${HTTPD_CONF}" for mod in proxy proxy_fcgi rewrite headers remoteip env mime dir setenvif dav dav_fs dav_lock; do
sed -ri 's|^#(LoadModule rewrite_module modules/mod_rewrite.so)|\1|' "${HTTPD_CONF}" sed -ri "s|^#(LoadModule ${mod}_module)| \1|" "${HTTPD_CONF}"
sed -ri 's|^#(LoadModule headers_module modules/mod_headers.so)|\1|' "${HTTPD_CONF}" done
sed -ri 's|^#(LoadModule remoteip_module modules/mod_remoteip.so)|\1|' "${HTTPD_CONF}" || true
sed -ri 's|^#(LoadModule env_module modules/mod_env.so)|\1|' "${HTTPD_CONF}" || true # CLEANUP: Disable problematic default extra configs
sed -ri 's|^#(LoadModule mime_module modules/mod_mime.so)|\1|' "${HTTPD_CONF}" || true sed -i 's/^[[:space:]]*Include conf\/extra\/httpd-dav.conf/#&/' "${HTTPD_CONF}"
sed -ri 's|^#(LoadModule dir_module modules/mod_dir.so)|\1|' "${HTTPD_CONF}" || true sed -i 's/^[[:space:]]*Include conf\/extra\/httpd-autoindex.conf/#&/' "${HTTPD_CONF}"
sed -ri 's|^#(LoadModule setenvif_module modules/mod_setenvif.so)|\1|' "${HTTPD_CONF}" || true # Specifically remove any wildcard includes added by previous failed runs
sed -i '/IncludeOptional conf\/extra\/\*\.conf/d' "${HTTPD_CONF}"
if ! grep -Eq '^[[:space:]]*ServerName[[:space:]]+' "${HTTPD_CONF}"; then if ! grep -Eq '^[[:space:]]*ServerName[[:space:]]+' "${HTTPD_CONF}"; then
printf "\nServerName %s\n" "${DOMAIN}" >> "${HTTPD_CONF}" printf "\nServerName %s\n" "${DOMAIN}" >> "${HTTPD_CONF}"
fi fi
install -d -m 0755 /etc/httpd/conf/extra # Add the specific Nextcloud include ONLY
if ! grep -Fq "Include conf/extra/nextcloud.conf" "${HTTPD_CONF}"; then
if ! grep -Fq "IncludeOptional conf/extra/*.conf" "${HTTPD_CONF}"; then printf "\nInclude conf/extra/nextcloud.conf\n" >> "${HTTPD_CONF}"
printf "\nIncludeOptional conf/extra/*.conf\n" >> "${HTTPD_CONF}"
fi fi
cat > /etc/httpd/conf/extra/remoteip-nextcloud.conf <<EOF
RemoteIPHeader ${REAL_IP_HEADER}
RemoteIPTrustedProxy 127.0.0.1
RemoteIPTrustedProxy ::1
EOF
cat > /etc/httpd/conf/extra/nextcloud.conf <<EOF cat > /etc/httpd/conf/extra/nextcloud.conf <<EOF
<VirtualHost *:80> <VirtualHost *:80>
ServerName ${DOMAIN} ServerName ${DOMAIN}
@ -304,135 +219,40 @@ cat > /etc/httpd/conf/extra/nextcloud.conf <<EOF
<IfModule mod_dav.c> <IfModule mod_dav.c>
Dav off Dav off
</IfModule> </IfModule>
<IfModule mod_headers.c>
Header always set Referrer-Policy "no-referrer"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
</IfModule>
</Directory> </Directory>
DirectoryIndex index.php index.html
LimitRequestBody 0
SetEnv HOME ${NC_DIR}
SetEnv HTTP_HOME ${NC_DIR}
<FilesMatch "\.php$"> <FilesMatch "\.php$">
SetHandler "proxy:unix:/run/php-fpm-legacy/php-fpm.sock|fcgi://localhost/" SetHandler "proxy:unix:/run/php-fpm-legacy/php-fpm.sock|fcgi://localhost/"
</FilesMatch> </FilesMatch>
ErrorLog "/var/log/httpd/nextcloud_error.log"
CustomLog "/var/log/httpd/nextcloud_access.log" combined
</VirtualHost> </VirtualHost>
EOF EOF
httpd -t
systemctl enable --now httpd systemctl enable --now httpd
systemctl reload httpd systemctl restart httpd
# ========================= # =========================
# DOWNLOAD NEXTCLOUD # DOWNLOAD & INSTALL
# ========================= # =========================
log "Downloading official Nextcloud release" log "Downloading and Deploying Nextcloud"
TMPDIR="$(mktemp -d)" TMPDIR="$(mktemp -d)"
trap 'rm -rf "$TMPDIR"' EXIT
cd "$TMPDIR" cd "$TMPDIR"
curl -fsSLo nextcloud.tar.bz2 "${NC_TARBALL_URL}" curl -fsSLo nextcloud.tar.bz2 "${NC_TARBALL_URL}"
curl -fsSLo nextcloud.tar.bz2.sha512 "${NC_SHA512_URL}"
sha512sum -c nextcloud.tar.bz2.sha512
tar -xjf nextcloud.tar.bz2 tar -xjf nextcloud.tar.bz2
log "Deploying Nextcloud"
rm -rf "${NC_DIR}" rm -rf "${NC_DIR}"
mv nextcloud "${NC_DIR}" mv nextcloud "${NC_DIR}"
chown -R http:http "${NC_DIR}" "${NC_DATA_DIR}" chown -R http:http "${NC_DIR}" "${NC_DATA_DIR}"
find "${NC_DIR}" -type d -exec chmod 0750 {} \;
find "${NC_DIR}" -type f -exec chmod 0640 {} \;
chmod 0750 "${NC_DATA_DIR}"
install -d -o http -g http -m 0750 "${NC_DIR}/config"
install -d -o http -g http -m 0750 "${NC_DIR}/apps"
# =========================
# INSTALL NEXTCLOUD
# =========================
log "Running Nextcloud installer" log "Running Nextcloud installer"
sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" maintenance:install \ sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" maintenance:install \
--database "mysql" \ --database "mysql" --database-name "${DB_NAME}" \
--database-name "${DB_NAME}" \ --database-user "${DB_USER}" --database-pass "${DB_PASS}" \
--database-user "${DB_USER}" \ --admin-user "${ADMIN_USER}" --admin-pass "${ADMIN_PASS}" \
--database-pass "${DB_PASS}" \
--admin-user "${ADMIN_USER}" \
--admin-pass "${ADMIN_PASS}" \
--data-dir "${NC_DATA_DIR}" --data-dir "${NC_DATA_DIR}"
# ========================= # Apply Cache and Trusted Domain configs
# REVERSE PROXY / HTTPS
# =========================
log "Applying reverse-proxy and HTTPS settings"
sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set overwrite.cli.url --value="https://${DOMAIN}"
sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set overwriteprotocol --value="https"
if [[ "${TRUST_LOCAL_PROXY}" == "true" ]]; then
sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set trusted_proxies 0 --value="127.0.0.1"
sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set trusted_proxies 1 --value="::1"
if [[ "${REAL_IP_HEADER}" == "CF-Connecting-IP" ]]; then
sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set forwarded_for_headers 0 --value="HTTP_CF_CONNECTING_IP"
else
sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set forwarded_for_headers 0 --value="HTTP_X_FORWARDED_FOR"
fi
fi
sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set trusted_domains 1 --value="${DOMAIN}" sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set trusted_domains 1 --value="${DOMAIN}"
# =========================
# CACHE / LOCKING
# =========================
log "Configuring APCu and Redis"
sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set memcache.local --value='\OC\Memcache\APCu' sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set memcache.local --value='\OC\Memcache\APCu'
sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set memcache.locking --value='\OC\Memcache\Redis' sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set memcache.locking --value='\OC\Memcache\Redis'
sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set redis --type=json --value="{\"host\":\"${REDIS_SOCK}\",\"port\":0,\"timeout\":1.5}" sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set redis --type=json --value="{\"host\":\"${KV_SOCK}\",\"port\":0,\"timeout\":1.5}"
# ========================= log "Installation Complete!"
# CRON
# =========================
log "Configuring cron background jobs"
systemctl enable --now cronie
cat > /etc/cron.d/nextcloud <<EOF
*/5 * * * * http ${PHP_BIN} -f ${NC_DIR}/cron.php
EOF
chmod 0644 /etc/cron.d/nextcloud
systemctl restart cronie
# =========================
# FINALIZE
# =========================
log "Finalizing"
sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" maintenance:update:htaccess || true
echo
echo "================================================================="
echo " Nextcloud installed successfully"
echo " URL: https://${DOMAIN}"
echo " Admin user: ${ADMIN_USER}"
echo " Admin pass: ${ADMIN_PASS}"
echo " Web root: ${NC_DIR}"
echo " Data dir: ${NC_DATA_DIR}"
echo " PHP: ${PHP_BIN}"
echo " FPM svc: ${PHP_FPM_SERVICE}"
echo " KV conf: ${KV_CONF}"
echo " KV service: ${KV_SERVICE}"
echo "-----------------------------------------------------------------"
echo " Services enabled:"
echo " - httpd"
echo " - ${PHP_FPM_SERVICE}"
echo " - mariadb"
echo " - ${KV_SERVICE}"
echo " - cronie"
echo "================================================================="