Securing your data in you own Cloud
© 2021 Dennis Leeuw dleeuw at made-it dot com
License: GPLv2 or later
Raspberry PI 4 with 4 GB RAM
64GB SD card
Extra storage: Seagate Expansion SSD 1TB
OS: Raspbian
Inserted the SD card in a cardreader connected it my Debian desktop machine and created a partition table with 4 primary partitions:
| p1 | 16GB | W95 FAT32(b) | toggled the bootable flag |
| p2 | 16GB | Linux(83) | |
| p3 | 16GB | Linux(83) | |
| p4 | Rest (11,5G) | Linux(83) |
sudo mkfs.fat -F 32 /dev/mmcblk0p1 sudo mount /dev/mmcblk0p1 /mnt cd /mnt sudo unzip ~/Downloads/NOOBS_lite_v3_6.zip cd sudo umount /mnt
Boot from SD: Select Raspbian Lite without Desktop ~1 GB
After install system reboots in CLI, login with username: pi and password: raspberry
Change password!
lsblk shows that entire disk is repartitioned
ip addr show
sudo systemctl enable ssh sudo systemctl start sshUse ssh pi@your.ip.address and login with the newly set password. Set IP address fixed in your network configuration. Disconnect keyboard, mouse and screen from the pi it is now remote manageable.
Connect the external harddisk. lsblk told me it was /dev/sda with a single partion of 931.5 GB. Changed the type from ID 7 to 83 (linux).
sudo mkfs.ext4 /dev/sda1 sudo blkidCopy the UUID part and create an entry in /etc/fstab like this:
UUID=da17c338-15a2-453d-b58a-0fc7cad85279 /srv ext4 defaults,errors=remount-ro,noatime 0 1run:
mount -aTo see of if all works.
sudo apt-get install apache2 sudo mkdir -p /srv/www/
Enable modules needed by NextCloud:
sudo a2enmod rewrite headers env dir mime
Create a file called /etc/apache2/sites-available/nextcloud.conf with the following contents:
Alias /nextcloud "/srv/www/nextcloud/"Enable the new site:Require all granted AllowOverride All Options FollowSymLinks MultiViews Satisfy Any Dav off
sudo a2ensite nextcloud.conf sudo systemctl reload apache2
LATER ENABLE SSL!
sudo apt-get install mariadb-server
Adjust /etc/mysql/mariadb.conf.db/50-server.cnf and add the following lines under [server]:
skip_name_resolve = 1 innodb_buffer_pool_size = 128M innodb_buffer_pool_instances = 1 innodb_flush_log_at_trx_commit = 2 innodb_log_buffer_size = 32M innodb_max_dirty_pages_pct = 90 query_cache_type = 1 query_cache_limit = 2M query_cache_min_res_unit = 2k query_cache_size = 64M tmp_table_size= 64M max_heap_table_size= 64M slow_query_log = 1 slow_query_log_file = /var/log/mysql/slow.log long_query_time = 1Add under [mysqld]:
transaction_isolation = READ-COMMITTED binlog_format = ROW innodb_large_prefix=on innodb_file_format=barracuda innodb_file_per_table=1
Run:
grep -r ^socket /etc/mysql/*and note the location and name of the socket. You need this to configure PHP later on.
sudo apt-get install php php-bz2 php-curl php-gd php-intl php-json php-mbstring php-mysql php-xml php-zip
Adjust /etc/php/7.3/apache2/php.ini. Under [Pdo_mysql] set the socket path and name you noted in the mariadb config, something like:
pdo_mysql.default_socket=/run/mysqld/mysqld.sockand add after the line:
pdo_mysql.allow_local_infile=On pdo_mysql.allow_persistent=On pdo_mysql.cache_size=2000 pdo_mysql.max_persistent=-1 pdo_mysql.max_links=-1 pdo_mysql.default_port= pdo_mysql.default_host= pdo_mysql.default_user= pdo_mysql.default_password= pdo_mysql.connect_timeout=60 pdo_mysql.trace_mode=Off
Now we need to create a database and a database user:
sudo mysql
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password'; CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; GRANT ALL PRIVILEGES on nextcloud.* to 'username'@'localhost'; FLUSH privileges; quit;
cd /srv sudo curl https://download.nextcloud.com/server/releases/nextcloud-21.0.1.zip -o nextcloud-21.0.1.zip cd /srv/www/ sudo unzip /srv/nextcloud-21.0.1.zip sudo chown -R www-data:www-data /srv/www/nextcloud/
goto the http://ip.of.ser.ver/nextcloud/
Fill in an admin name and password, your choice will be configured, so make sure you remember them!
Fill in the database details.
Handy apps to install additionally: