Setup Nextcloud 29 for private photo/video storage and sharing using Ubuntu and docker compose on Intel NUC minipc
...
(and some other) mini PC
Tested on hardware
- Topton N200 router (4 core [4E] N100, 16GB, 2TB nvme) + Ubuntu 24.04
- Intel(R) Client Systems NUC10i7FNK (6 core [6P] i7-10710U, 64GB, 4TB nvme) + Ubuntu 24.04 noble
- Topton i7-1355U router (10 core [2P/8E] i7-1355U,32GB, 4TB nvme) + Ubuntu 24.04
Docker install
https://docs.docker.com/engine/install/ubuntu/
...
Code Block |
---|
server {
listen 80;
server_name cloud.example.com;
return 301 https://$server_name$request_uri;
location / {
}
}
server {
#listen 443 quic;
listen 443 ssl;
http2 on;
server_name cloud.example.com;
ssl_certificate /docker/etc/ssl/private/key-and-certificates.pem;
ssl_certificate_key /docker/etc/ssl/private/key-and-certificates.pem;
client_max_body_size 16G;
client_body_timeout 600s;
add_header Strict-Transport-Security 'max-age=15552000; includeSubDomains';
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 1h;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate "/docker/etc/ssl/certs/my-certificate-authotities.ca";
resolver 1.1.1.1 8.8.4.4 valid=300s;
resolver_timeout 5s;
location ^~ /.well-known {
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
return 301 /index.php$request_uri;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
#add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400';
add_header X-protocol $server_protocol always;
include /etc/nginx/mime.types;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.0.1:8880;
}
}
|
...
Code Block |
---|
language | yml |
---|
title | docker-compose.yml |
---|
|
services:
web:
image: nginx
container_name: cloud-web
restart: always
ports:
- 80:80
- 443:443/tcp
- 443:443/udp
- 8080:8080
volumes:
- /docker/etc/nginx:/etc/nginx
- /docker/etc/ssl:/etc/ssl:ro
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
db:
image: mariadb:10.11.7
container_name: cloud-db
restart: always
command: --transaction-isolation=READ-COMMITTED --log-bin=mysqld-bin --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed --log_bin_trust_function_creators=true
volumes:
- /docker/mariadb/var/lib/mysql:/var/lib/mysql:rw
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- type: tmpfs
target: /tmp
environment:
- MYSQL_ROOT_PASSWORD=db_admin_pass
- MYSQL_PASSWORD=db_user_pass
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MARIADB_AUTO_UPGRADE=yes
- REDIS_HOST=redis
- REDIS_PORT=6379
redis:
image: redis:alpine
container_name: cloud-cache
restart: always
app:
image: nextcloud:29.0.1
container_name: cloud-server
hostname: cloud.example.com
restart: always
ports:
- 8880:80
links:
- db
- redis
volumes:
- /docker/nextcloud/var/www/html:/var/www/html:rw
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- type: tmpfs
target: /tmp:exec
devices:
- /dev/dri:/dev/dri
environment:
- MYSQL_PASSWORD=db_user_pass
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db
- OVERWRITEHOST=cloud.example.com
- OVERWRITEPROTOCOL=https
- NEXTCLOUD_ADMIN_USER=nc_admin_user
- NEXTCLOUD_ADMIN_PASSWORD=nc_admin_pass
- NEXTCLOUD_UPLOAD_LIMIT=20G
- PHP_UPLOAD_LIMIT=32G
- PHP_MEMORY_LIMIT=32G
- APACHE_BODY_LIMIT=0
|
...
Code Block |
---|
apt update
apt install -y --allow-unauthenticated sudo vim git wget exiftool vainfo intel-media-va-driver-non-free ffmpeg
# add HW media conversion support (for Intel graphics)
# group id to be checked on host system
groupadd -g 993 render
groupadd -g 109 render2
usermod -a -G video www-data
usermod -a -G render www-data
usermod -a -G render2 www-data |
install some tools and compile ImageMagick
Code Block |
---|
# Compile latest ImageMagick
apt install -y build-essential autoconf libtool
apt build-dep -y imagemagick libmagickcore-dev libde265 libheif
cd /usr/src/
git clone https://github.com/strukturag/libde265.git
git clone https://github.com/strukturag/libheif.git
cd libde265/
./autogen.sh
./configure
make -j 6
make install
cd /usr/src/libheif/
./autogen.sh#git checkout develop-v1.18.0
mkdir build
cd build
cmake --preset=release ..
./configure
make -j 6
make install
cd /usr/src/
#wget https://www.imagemagick.org/download/ImageMagick.tar.gz
#wget https://imagemagick.org/download/ImageMagick.tar.gz
#wget https://imagemagick.org/archive/ImageMagick.tar.gz
wget https://download.imagemagick.org/archive/ImageMagick.tar.gz
tar xf ImageMagick.tar.gz
cd ImageMagick-7*
./configure --with-heic=yes
make -j 6
make install
ldconfig
|
...
Code Block |
---|
echo "LimitRequestBody 0" > /etc/apache2/conf-enabled/apache-limits.conf
sed -i '/memory_limit/d' /usr/local/etc/php/conf.d/nextcloud.ini
sed -i '/upload_max_filesize/d' /usr/local/etc/php/conf.d/nextcloud.ini
sed -i '/post_max_size/d' /usr/local/etc/php/conf.d/nextcloud.ini
echo "memory_limit=15G" >>sed -i '/max_execution_time/d' /usr/local/etc/php/conf.d/nextcloud.ini
echo "upload_max_filesize=32G" >>sed -i '/max_input_time/d' /usr/local/etc/php/conf.d/nextcloud.ini
sed -i '/max_file_uploads/d' /usr/local/etc/php/conf.d/nextcloud.ini
echo "postmemory_max_sizelimit=32G15G" >>/usr/local/etc/php/conf.d/nextcloud.ini
service apache2 reload |
add apps
echo "upload_max_filesize=32G" >>/usr/local/etc/php/conf.d/nextcloud.ini
echo "post_max_size=32G" >>/usr/local/etc/php/conf.d/nextcloud.ini
echo "max_execution_time = 3600" >>/usr/local/etc/php/conf.d/nextcloud.ini
echo "max_input_time = 3600" >>/usr/local/etc/php/conf.d/nextcloud.ini
echo "max_file_uploads = 100" >>/usr/local/etc/php/conf.d/nextcloud.ini
service apache2 reload |
add apps
Code Block |
---|
cd /var/www/html
|
Code Block |
---|
cd /var/www/html
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install memories"
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install recognize"
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install previewgeneratormemories"
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install workflow_media_converterrecognize"
#sudosudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install imageconverterpreviewgenerator"
#sudosudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install videoworkflow_media_converter"
sudo#sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ recognize:download-modelsapp:install imageconverter"
sudo#sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ memories:places-setup"
|
use facerecognition instead of recognize
recognize is more user-friendly, easy to install and allows manual sort of unrecognized faces, but in case for some reason need another face recognition tool there is also facerecognition available
Code Block |
---|
|
app:install video_converter"
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:remove recognizerecognize:download-models"
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install facerecognitionmemories:places-setup"
|
in case memories:place-setup fail see https://memories.gallery/troubleshooting/#general-error-2006-mysql-server-has-gone-away and transaction-size can be reduced to avoid this error
Code Block |
---|
default places-setup transaction-size is 500
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ memories:places-setup --transaction-size=100 |
use facerecognition instead of recognize
recognize is more user-friendly, easy to install and allows manual sort of unrecognized faces, but in case for some reason need another face recognition tool there is also facerecognition available
Code Block |
---|
|
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:remove recognize"
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ app:install facerecognition"
docker-php-ext-configure bz2
docker-php-ext-install bz2
apt install -y libavdevice-dev libavfilter-dev libavformat-dev
apt install -y libavcodec-dev libswresample-dev libswscale-dev
apt install -y libavutil-dev
cd /usr/src/
git clone https://github.com/daviskingdocker-php-ext-configure bz2
docker-php-ext-install bz2
apt install -y libavdevice-dev libavfilter-dev libavformat-dev
apt install -y libavcodec-dev libswresample-dev libswscale-dev
apt install -y libavutil-dev
cd /usr/src/
git clone https://github.com/davisking/dlib.git
cd dlib/dlib
mkdir build
cd build
cmake -DBUILD_SHARED_LIBS=ON ..
make
sudo make install
cd /usr/src/
git clone https://github.com/goodspb/pdlib.git
cd pdlib
phpize
./configure --enable-debug
# you may need to indicate the dlib install location
# PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure --enable-debug
make
sudo make install
echo "extension=pdlib.so" > /usr/local/etc/php/conf.d/docker-php-ext-pdlib.ini
cd /var/www/html/
sudo -u www-data /bin/bash -c "./occ config:app:set facerecognition max_image_area --value 786432"
sudo -u www-data /bin/bash -c "./occ config:app:set facerecognition min_image_size --value 128"
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=32G ./occ face:setup -M 32G -m 1"
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=32G ./occ face:setup -M 32G -m 4"
sudo -u www-data /bin/bash -c "./occ face:background_job -t 900" |
...
Cleanup build directory
Code Block |
---|
cd /usr/src/
rm ImageMagick.tar.gz
rm imagick-*.tgz
rm -Rf ImageMagick-*
rm -Rf imagick-* |
Enable preview for HEIC
Code Block |
---|
cd /usrvar/srcwww/html
rmvi ImageMagick.tar.gz
rm imagick-*.tgz
rm -Rf ImageMagick-*
rm -Rf imagick-* |
Enable preview for HEIC
Code Block |
---|
cd /var/www/html
vi config/config.php |
Code Block |
---|
|
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\HEIC',
5 => 'OC\\Preview\\MP3',
6 |
Code Block |
---|
|
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNGTXT',
17 => 'OC\\Preview\\JPEGMovie',
), |
Enable redis for file locking
Code Block |
---|
2'memcache.locking' => '\\OC\\PreviewMemcache\\GIFRedis',
3'redis' => 'OC\\Preview\\BMP',
array (
4 'host' => 'OC\\Preview\\HEICredis',
5 'port' => 'OC\\Preview\\MP3'6379,
6 => 'OC\\Preview\\TXT',
7), |
Setup trusted proxy
Code Block |
---|
'trusted_proxies' => 'OC\\Preview\\Movie',
)['192.168.0.1', '192.168.0.2'], |
Crontab
on host system
Code Block |
---|
*/5 * * * * /usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=10G /usr/local/bin/php -f /var/www/html/cron.php" |
...
cli for facerecognition
Code Block |
---|
|
/usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "./occ face:reset --all"
/usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "./occ face:stats"
/usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "./occ face:progress"
/usr/bin/docker exec cloud-server sudo -u www-data /bin/bash -c "./occ face:background_job -t 900" |
...