NextCloud(OwnCloud) setup with Plesk and infinite storage with amazonS3 connection

Category：Plesk

Pub.date：2018-08-11

Set up NextCloud in Plesk. Then, connect the amazonS3 storage service. 
Plesk Onyx Ver. 17.8.11 Update #16 
CentOS Linux 7.5.1804 (Core)‬

## php execution type

FPM application + Apache is easier to set up than FPM application + nginx, so we will do it here.

## https settings

Configure Lets Encrypt settings to set a permanent 301 redirect from HTTP to HTTPS.

## Prepare a MySQL database.

Create one database.

## NextCloud installation

<a href="https://nextcloud.com/install/" target="_blank">https://nextcloud.com/install/</a> 
NextCloud download. zip format is convenient if you want to upload and uncompress from Plesk's file manager. 
This version is NextCloud 13.0.5

Decompress to the document root, where each file will be extracted in the directory named nextcloud. 
This time, I renamed the nextcloud directory name to nc. 
It is recommended to create a separate directory for data.

## NextCloud Initialization

Access to 
https://example.com/nc/

Decide on a user name and password and enter them. 
Enter the data directory and DB information in the advanced settings.

## Advanced Settings of Plesk

Once you have logged into NextCloud, open Settings. Resolve the security & setup warnings.

### /dev/urandom is not readable

message: 
/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in the documentation.

PHP setting > open_basedir 
{WEBSPACEROOT}{/}{:}{TMP}{/} Rewrite as follows.

```
{WEBSPACEROOT}{/}{:}{TMP}{/}{:}{/}dev{/}urandom
```

### Enable HSTS

message: 
The Strict-Transport-Security HTTP header is not set to a minimum of 15552000 seconds. For enhanced security, it is recommended to enable HSTS, which is described in Security Tips.

Add the following to Apache and nginx Configuration > nginx Additional Directives

```
add_header Strict-Transport-Security "max-age=15552000" always;
```

### Setting up PHP OPcache

message: 
PHP OPcache is not properly configured. For better performance, we recommend the following settings in php.ini: 
opcache.enable=1 
opcache.enable_cli=1 
opcache.interned_strings_buffer=8 
opcache.max_accelerated_files=10000 
opcache.memory_consumption=128 
opcache.save_comments=1 
opcache.revalidate_freq=1

Add the following to PHP Configuration > Additional Configuration Directives. Note: This will be changed later.
```
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
```

### Memory cache settings

Memory cache is not set. If possible, please configure memcache to improve performance. More information can be found in the documentation.

As described here, this cannot be set from Plesk, but needs to be set manually. 
https://support.plesk.com/hc/en-us/articles/115000065409-How-to-install-uninstall-memcached-or-memcache-extension-for-PHP-on-Plesk-server- 
Therefore, we decided to use it as is this time.

## log check

When I checked the nextCloud log, I discovered that the following message was recorded every 30 seconds.

message: 
Zend OPcache can't be temporary enabled (it may be only disabled till the end of request) at Unknown#0

It turns out that the opcache.enable=1 in PHP Configuration > Additional Configuration Directives is redundant. 
PHP Configuration > Additional Configuration Directives is rewritten as follows.
```
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
```

That completes the setup of nextCloud.

## Prepare amazon S3

Create a new bucket in S3. Choose a name for the bucket and select a region. Leave everything else as it is by default. 
The bucket name is assumed to have been created in jp.example.nextcloud.

## Prepare for amazon IAM

In IAM (Identity and Access Management), create a user to access the bucket we have created in S3.

### Creating a policy in IAM

The policy content is as follows:
```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::jp.example.nextcloud",
                "arn:aws:s3:::jp.example.nextcloud/*"
            ]
        }
    ]
}
```

The policy name was set to S3NextCloudAccess.

### Creating a user in IAM

The user name should be S3JpExampleNextcloudAccess. 
Check "Programmatic access" for the type of access.

Under "Directly attach an existing policy," select the S3NextCloudAccess that you just created.
At the end, the access key and secret key will be printed out, so you can either save them or download the CSV.

This completes the AWS preparation.

## External storage settings in nextCloud

So far, the initial configuration of NextCloud is complete, and AWS S3 and AWS IAM are ready.

Enable External storage in nextCloud Add Apps.

Register the following information
```
bucket: jp.example.nextcloud
host: s3-ap-northeast-1.amazonaws.com　(For the Tokyo region)
region：ap-northeast-1　(For the Tokyo region)
access key: (About 20 alphanumeric characters)
secret key: (Alphanumeric symbols of about 40 digits)
```

Click on the check mark and when the green mark appears, the connection is complete.

## Check AmazonS3 connection

An AmazonS3 folder will be created in the dashboard (top page). 
Let's save the file in it and make sure the file is saved in AWS.

## Image preview

A preview file of the image will be generated, but the default is to generate an almost full size preview. 
This makes it meaningless to specify S3 as the storage area, and the display speed is slow. It is impossible for a preview file to be 1MB per file. Therefore, add the following settings to config.php.

config/config.php
```
'preview_max_x' => 500,
'preview_max_y' => 500,
```
Now the image previews will be generated with a size of 500x500px or smaller. This is still about 30-50KB per image, so you may want to reduce the maximum preview size even more.

Once the preview has been generated, look for the preview directory in the data directory. 
To recreate the preview, delete the preview directory and then reaccess it. In some cases, you may get a message that it cannot be accessed, but reloading the browser will regenerate it.

## Retention period for files in the Recycle Bin (deleted items)

The initial state is auto. 
Keep files and folders in the Trash for 30 days and automatically delete them whenever you need more space. (Files may not be deleted if space is not needed.)

If you don't want to save files in the Recycle Bin for a long time, you can change it as follows. 
The meaning of this setting is: "The basic behavior is auto, but set the maximum retention period to one day.