host OS: Ubuntu 22.04.4 LTS
Summary
- DNS cloud.server.com is registered
- a wildcard SSL certificate is obtained
- Home router and load balancer set to redirect traffic right
- docker and docker-compose installed
- docker-compose file created
- docker-compose up -d
- (optional) compile ImageMagick (inside the container) to support HIEC
- (optional) update ffmpeg and codecs
Commands
snap remove docker apt install docker.io apt install docker-compose vi docker-compose.yml docker-compose up -d
Docker compose file example
| example settigs | |
|---|---|
| port to bind | 8880 |
| HOST FS paths | /docker/mariadb/var/lib/mysql /docker/nextcloud/var/www/html |
| credentials | NEXTCLOUD_ADMIN_USER=user1 NEXTCLOUD_ADMIN_PASSWORD=password997 |
| host | cloud.example.com |
| reverse proxy | with SSL offload |
docker-compose.yml
version: '2'
volumes:
nextcloud:
db:
services:
db:
image: mariadb:10.11.7
restart: always
command: --transaction-isolation=READ-COMMITTED --log-bin=mysqld-bin --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
volumes:
- /docker/mariadb/var/lib/mysql:/var/lib/mysql:rw
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- type: tmpfs
target: /tmp
environment:
- MYSQL_ROOT_PASSWORD=rootdbpassword
- MYSQL_PASSWORD=userdbpassword
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MARIADB_AUTO_UPGRADE=yes
imaginary:
image: nextcloud/aio-imaginary:latest
restart: always
environment:
- PORT=9000
ports:
- 9000:9000
command: –cap-add=sys_nice -concurrency 50 -enable-url-source -log-level debug
app:
image: nextcloud:28.0.3
hostname: cloud.example.com
restart: always
ports:
- 8880:80
links:
- db
- imaginary
volumes:
- /docker/nextcloud/var/www/html:/var/www/html:rw
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- type: tmpfs
target: /tmp:exec
devices:
- /dev/dri/renderD128:/dev/dri/renderD128
- /dev/dri/card0:/dev/dri/card0
environment:
- MYSQL_PASSWORD=userdbpassword
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db
- OVERWRITEHOST=cloud.example.com
- OVERWRITEPROTOCOL=https
- NEXTCLOUD_ADMIN_USER=user1
- NEXTCLOUD_ADMIN_PASSWORD=password997
- PHP_UPLOAD_LIMIT=32G
- PHP_MEMORY_LIMIT=32G
- APACHE_BODY_LIMIT=0
to use host system timezone in containers add
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
Check logs
docker-compose logs app docker-compose logs db
Add some components
docker exec -it root_app_1 bash
apt update apt install -y imagemagick ffmpeg
Example Update Nextcloud 22.2.0 to Nextcloud 22.2.3
edit compose file
vi docker-compose.yml
update version
image: nextcloud:22.2.3
same with the major version, but only with increment by 1 (like 22.2.3 → 23.0.5 → 24.0.2)
Restart docker-compose
docker-compose down ; docker-compose up -d --build --force-recreate; docker-compose logs --follow # Update Nextcloud
Reverse proxy config example
server {
listen 80;
server_name cloud.server.com;
# Add Alt-Svc header to negotiate HTTP/3.
#add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400';
return 301 https://$server_name$request_uri;
location / {
}
}
server {
#listen 443 quic;
listen 443 ssl;
http2 on;
server_name cloud.server.com;
#http3 on;
#http3_hq on;
#quic_retry on;
#quic_gso on;
#quic_mtu 65527;
#quic_active_connection_id_limit 6;
#http3_stream_buffer_size 64k;
#http3_max_concurrent_pushes 10;
#http3_max_concurrent_streams 128;
ssl_certificate /etc/ssl/private/cloud.server.com.pem;
ssl_certificate_key /etc/ssl/private/cloud.server.com.pem;
client_max_body_size 16G;
client_body_timeout 600s;
#add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400';
add_header Strict-Transport-Security 'max-age=15552000; includeSubDomains';
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 1h;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate "/etc/ssl/certs/cloud.server.com.ca";
resolver 1.1.1.1 8.8.4.4 valid=300s;
resolver_timeout 5s;
location ^~ /.well-known {
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
return 301 /index.php$request_uri;
}
location / {
#add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400';
add_header X-protocol $server_protocol always;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8880;
}
location /s/blank.mp4 { return 501 'NO FILE'; }
}
Add HIEC and MOV support
docker exec -it root_app_1 bash
add deb-src
cp /etc/apt/sources.list /etc/apt/sources.list.backup
see https://wiki.debian.org/SourcesList
example with UA mirrors
apt update apt install lsb-release cp -f /etc/apt/sources.list ~ cat <<EOF >/etc/apt/sources.list deb http://debian.volia.net/debian $(lsb_release -sc) main contrib non-free deb-src http://debian.volia.net/debian $(lsb_release -sc) main contrib non-free deb http://mirror.mirohost.net/debian-security $(lsb_release -sc)-security main contrib non-free non-free-firmware deb-src http://mirror.mirohost.net/debian-security $(lsb_release -sc)-security main contrib non-free deb http://debian.netforce.hosting/debian $(lsb_release -sc)-updates main contrib non-free non-free-firmware deb-src http://debian.netforce.hosting/debian $(lsb_release -sc)-updates main contrib non-free EOF
to use updated video codecs
# to use ffmpeg 4.4/libavcodec58 cat <<EOF >>/etc/apt/sources.list deb http://debian.ids-services.de/debian-multimedia/ $(lsb_release -sc) main deb-src http://debian.ids-services.de/debian-multimedia/ $(lsb_release -sc) main EOF apt update -oAcquire::AllowInsecureRepositories=true apt install -y --allow-unauthenticated deb-multimedia-keyring
COPY/PASTE
Regular update COPY/PASTE starts there
Debian 12 example apt sources settings for Ukraine
cat <<EOF >>/etc/apt/sources.list deb http://debian.volia.net/debian bookworm main contrib non-free deb-src http://debian.volia.net/debian bookworm main contrib non-free deb http://mirror.mirohost.net/debian-security bookworm-security main contrib non-free non-free-firmware deb-src http://mirror.mirohost.net/debian-security bookworm-security main contrib non-free deb http://debian.netforce.hosting/debian bookworm-updates main contrib non-free non-free-firmware deb-src http://debian.netforce.hosting/debian bookworm-updates main contrib non-free deb http://debian.ids-services.de/debian-multimedia/ bookworm main deb-src http://debian.ids-services.de/debian-multimedia/ bookworm main EOF apt update -oAcquire::AllowInsecureRepositories=true apt install -y --allow-unauthenticated deb-multimedia-keyring
Compile latest ImageMagick with HEIC support
apt update apt install -y sudo vim ffmpeg git wget exiftool apt install -y build-essential autoconf libtool apt build-dep -y imagemagick libmagickcore-dev libde265 libheif cd /usr/src/ git clone https://github.com/strukturag/libde265.git git clone https://github.com/strukturag/libheif.git cd libde265/ ./autogen.sh ./configure make -j 6 make install cd /usr/src/libheif/ ./autogen.sh ./configure make -j 6 make install cd /usr/src/ #wget https://www.imagemagick.org/download/ImageMagick.tar.gz #wget https://imagemagick.org/download/ImageMagick.tar.gz #wget https://imagemagick.org/archive/ImageMagick.tar.gz wget https://download.imagemagick.org/archive/ImageMagick.tar.gz tar xf ImageMagick.tar.gz cd ImageMagick-7* ./configure --with-heic=yes make -j 6 make install ldconfig
apt-cache policy ffmpeg apt remove ffmpeg apt install ffmpeg=7:5.1.4-0+deb12u1
php-imagemagic update
#apt install -y php-imagick cd /usr/src/ wget http://pecl.php.net/get/imagick-3.7.0.tgz tar -xvzf imagick-3.7.0.tgz cd imagick-3.7.0/ phpize ./configure make -j 6 make install echo "LimitRequestBody 0" > /etc/apache2/conf-enabled/apache-limits.conf service apache2 reload
remove temporary files
cd /usr/src/ rm ImageMagick.tar.gz rm imagick-*.tgz rm php.tar.xz rm php.tar.xz.asc rm -Rf ImageMagick-* rm -Rf imagick-*
check if php-imagemagic is ok
php -r 'phpinfo();' |grep ImageMagick
example output
Imagick compiled with ImageMagick version => ImageMagick 7.1.1-31 Q16-HDRI x86_64 22148 https://imagemagick.org Imagick using ImageMagick library version => ImageMagick 7.1.1-31 Q16-HDRI x86_64 22148 https://imagemagick.org ImageMagick copyright => (C) 1999 ImageMagick Studio LLC ImageMagick release date => 2024-04-21 ImageMagick number of supported formats: => 275 ImageMagick supported formats => 3FR, 3G2, 3GP, A, AAI, AI, APNG, ART, ARW, ASHLAR, AVI, AVIF, AVS, B, BAYER, BAYERA, BGR, BGRA, BGRO, BIE, BMP, BMP2, BMP3, BRF, C, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CR3, CRW, CUBE, CUR, CUT, DATA, DCM, DCR, DCRAW, DCX, DDS, DFONT, DJVU, DNG, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, EPT, EPT2, EPT3, ERF, EXR, FARBFELD, FAX, FF, FFF, FILE, FITS, FL32, FLV, FRACTAL, FTP, FTS, FTXT, G, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, GROUP4, HALD, HDR, HEIC, HEIF, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, J2C, J2K, JBG, JBIG, JNG, JNX, JP2, JPC, JPE, JPEG, JPG, JPM, JPS, JPT, JSON, K, K25, KDC, LABEL, M, M2V, M4V, MAC, MAP, MASK, MAT, MATTE, MDC, MEF, MIFF, MKV, MNG, MONO, MOS, MOV, MP4, MPC, MPEG, MPG, MPO, MRW, MSL, MSVG, MTV, MVG, NEF, NRW, NULL, O, ORA, ORF, OTB, OTF, PAL, PALM, PAM, PANGO, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PHM, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, POCKETMOD, PPM, PS, PS2, PS3, PSB, PSD, PTIF, PWP, QOI, R, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGB565, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, RWL, SCR, SCREENSHOT, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, SRW, STEGANO, STI, STRIMG, SUN, SVG, SVGZ, TEXT, TGA, THUMBNAIL, TIFF, TIFF64, TILE, TIM, TM2, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIFF, VIPS, VST, WBMP, WEBM, WEBP, WMV, WPG, X, X3F, XBM, XC, XCF, XPM, XPS, XV, XWD, Y, YAML, YCBCR, YCBCRA, YUV
check if imagemagic is ok
convert -version
example output
Version: ImageMagick 7.1.1-31 Q16-HDRI x86_64 22148 https://imagemagick.org Copyright: (C) 1999 ImageMagick Studio LLC License: https://imagemagick.org/script/license.php Features: Cipher DPC HDRI OpenMP(4.5) Delegates (built-in): bzlib djvu fontconfig freetype heic jbig jng jp2 jpeg lcms lqr lzma openexr pangocairo png tiff webp x xml zlib zstd Compiler: gcc (12.2)
check ffmpeg
ffmpeg
example output
ffmpeg version 5.1.4-0+deb12u1 Copyright (c) 2000-2023 the FFmpeg developers built with gcc 12 (Debian 12.2.0-14) configuration: --prefix=/usr --extra-version=0+deb12u1 --toolchain=hardened --libdir=/usr/lib/x86_64-linux-gnu --incdir=/usr/include/x86_64-linux-gnu --arch=amd64 --enable-gpl --disable-stripping --enable-gnutls --enable-ladspa --enable-libaom --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libcodec2 --enable-libdav1d --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libglslang --enable-libgme --enable-libgsm --enable-libjack --enable-libmp3lame --enable-libmysofa --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librabbitmq --enable-librist --enable-librubberband --enable-libshine --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libssh --enable-libsvtav1 --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libx265 --enable-libxml2 --enable-libxvid --enable-libzimg --enable-libzmq --enable-libzvbi --enable-lv2 --enable-omx --enable-openal --enable-opencl --enable-opengl --enable-sdl2 --disable-sndio --enable-libjxl --enable-pocketsphinx --enable-librsvg --enable-libmfx --enable-libdc1394 --enable-libdrm --enable-libiec61883 --enable-chromaprint --enable-frei0r --enable-libx264 --enable-libplacebo --enable-librav1e --enable-shared WARNING: library configuration mismatch avutil configuration: --disable-chromaprint --disable-decoder=amrnb --disable-decoder=libopenjpeg --disable-doc --disable-ffmpeg --disable-ffplay --disable-ffprobe --disable-gnutls --disable-liblensfun --disable-libopencv --disable-podpages --disable-programs --disable-sndio --disable-stripping --disable-swresample --enable-avfilter --enable-frei0r --enable-gcrypt --enable-gpl --enable-ladspa --enable-libaom --enable-libaribb24 --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libcodec2 --enable-libdav1d --enable-libdavs2 --enable-libdc1394 --enable-libdrm --enable-libfdk-aac --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libglslang --enable-libgme --enable-libgsm --enable-libiec61883 --enable-libjack --enable-libkvazaar --enable-libmp3lame --enable-libmysofa --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenh264 --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librabbitmq --enable-librist --enable-librsvg --enable-librubberband --enable-libshine --enable-libsmbclient --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libsvtav1 --enable-libtesseract --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxavs2 --enable-libxml2 --enable-libxvid --enable-libzimg --enable-libzmq --enable-libzvbi --enable-lv2 --enable-nonfree --enable-omx --enable-openal --enable-opencl --enable-opengl --enable-openssl --enable-postproc --enable-pthreads --enable-shared --enable-version3 --enable-vulkan --incdir=/usr/include/x86_64-linux-gnu/ffmpeg-5 --libdir=/usr/lib/x86_64-linux-gnu --prefix=/usr --toolchain=hardened --enable-vaapi --enable-libmfx --enable-libvmaf --enable-libilbc --enable-libjxl --disable-altivec --shlibdir=/usr/lib/x86_64-linux-gnu avcodec configuration: --disable-chromaprint --disable-decoder=amrnb --disable-decoder=libopenjpeg --disable-doc --disable-ffmpeg --disable-ffplay --disable-ffprobe --disable-gnutls --disable-liblensfun --disable-libopencv --disable-podpages --disable-programs --disable-sndio --disable-stripping --disable-swresample --enable-avfilter --enable-frei0r --enable-gcrypt --enable-gpl --enable-ladspa --enable-libaom --enable-libaribb24 --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libcodec2 --enable-libdav1d --enable-libdavs2 --enable-libdc1394 --enable-libdrm --enable-libfdk-aac --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libglslang --enable-libgme --enable-libgsm --enable-libiec61883 --enable-libjack --enable-libkvazaar --enable-libmp3lame --enable-libmysofa --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenh264 --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librabbitmq --enable-librist --enable-librsvg --enable-librubberband --enable-libshine --enable-libsmbclient --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libsvtav1 --enable-libtesseract --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxavs2 --enable-libxml2 --enable-libxvid --enable-libzimg --enable-libzmq --enable-libzvbi --enable-lv2 --enable-nonfree --enable-omx --enable-openal --enable-opencl --enable-opengl --enable-openssl --enable-postproc --enable-pthreads --enable-shared --enable-version3 --enable-vulkan --incdir=/usr/include/x86_64-linux-gnu/ffmpeg-5 --libdir=/usr/lib/x86_64-linux-gnu --prefix=/usr --toolchain=hardened --enable-vaapi --enable-libmfx --enable-libvmaf --enable-libilbc --enable-libjxl --disable-altivec --shlibdir=/usr/lib/x86_64-linux-gnu avformat configuration: --disable-chromaprint --disable-decoder=amrnb --disable-decoder=libopenjpeg --disable-doc --disable-ffmpeg --disable-ffplay --disable-ffprobe --disable-gnutls --disable-liblensfun --disable-libopencv --disable-podpages --disable-programs --disable-sndio --disable-stripping --disable-swresample --enable-avfilter --enable-frei0r --enable-gcrypt --enable-gpl --enable-ladspa --enable-libaom --enable-libaribb24 --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libcodec2 --enable-libdav1d --enable-libdavs2 --enable-libdc1394 --enable-libdrm --enable-libfdk-aac --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libglslang --enable-libgme --enable-libgsm --enable-libiec61883 --enable-libjack --enable-libkvazaar --enable-libmp3lame --enable-libmysofa --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenh264 --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librabbitmq --enable-librist --enable-librsvg --enable-librubberband --enable-libshine --enable-libsmbclient --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libsvtav1 --enable-libtesseract --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxavs2 --enable-libxml2 --enable-libxvid --enable-libzimg --enable-libzmq --enable-libzvbi --enable-lv2 --enable-nonfree --enable-omx --enable-openal --enable-opencl --enable-opengl --enable-openssl --enable-postproc --enable-pthreads --enable-shared --enable-version3 --enable-vulkan --incdir=/usr/include/x86_64-linux-gnu/ffmpeg-5 --libdir=/usr/lib/x86_64-linux-gnu --prefix=/usr --toolchain=hardened --enable-vaapi --enable-libmfx --enable-libvmaf --enable-libilbc --enable-libjxl --disable-altivec --shlibdir=/usr/lib/x86_64-linux-gnu avdevice configuration: --disable-chromaprint --disable-decoder=amrnb --disable-decoder=libopenjpeg --disable-doc --disable-ffmpeg --disable-ffplay --disable-ffprobe --disable-gnutls --disable-liblensfun --disable-libopencv --disable-podpages --disable-programs --disable-sndio --disable-stripping --disable-swresample --enable-avfilter --enable-frei0r --enable-gcrypt --enable-gpl --enable-ladspa --enable-libaom --enable-libaribb24 --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libcodec2 --enable-libdav1d --enable-libdavs2 --enable-libdc1394 --enable-libdrm --enable-libfdk-aac --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libglslang --enable-libgme --enable-libgsm --enable-libiec61883 --enable-libjack --enable-libkvazaar --enable-libmp3lame --enable-libmysofa --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenh264 --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librabbitmq --enable-librist --enable-librsvg --enable-librubberband --enable-libshine --enable-libsmbclient --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libsvtav1 --enable-libtesseract --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxavs2 --enable-libxml2 --enable-libxvid --enable-libzimg --enable-libzmq --enable-libzvbi --enable-lv2 --enable-nonfree --enable-omx --enable-openal --enable-opencl --enable-opengl --enable-openssl --enable-postproc --enable-pthreads --enable-shared --enable-version3 --enable-vulkan --incdir=/usr/include/x86_64-linux-gnu/ffmpeg-5 --libdir=/usr/lib/x86_64-linux-gnu --prefix=/usr --toolchain=hardened --enable-vaapi --enable-libmfx --enable-libvmaf --enable-libilbc --enable-libjxl --disable-altivec --shlibdir=/usr/lib/x86_64-linux-gnu avfilter configuration: --disable-chromaprint --disable-decoder=amrnb --disable-decoder=libopenjpeg --disable-doc --disable-ffmpeg --disable-ffplay --disable-ffprobe --disable-gnutls --disable-liblensfun --disable-libopencv --disable-podpages --disable-programs --disable-sndio --disable-stripping --disable-swresample --enable-avfilter --enable-frei0r --enable-gcrypt --enable-gpl --enable-ladspa --enable-libaom --enable-libaribb24 --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libcodec2 --enable-libdav1d --enable-libdavs2 --enable-libdc1394 --enable-libdrm --enable-libfdk-aac --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libglslang --enable-libgme --enable-libgsm --enable-libiec61883 --enable-libjack --enable-libkvazaar --enable-libmp3lame --enable-libmysofa --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenh264 --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librabbitmq --enable-librist --enable-librsvg --enable-librubberband --enable-libshine --enable-libsmbclient --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libsvtav1 --enable-libtesseract --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxavs2 --enable-libxml2 --enable-libxvid --enable-libzimg --enable-libzmq --enable-libzvbi --enable-lv2 --enable-nonfree --enable-omx --enable-openal --enable-opencl --enable-opengl --enable-openssl --enable-postproc --enable-pthreads --enable-shared --enable-version3 --enable-vulkan --incdir=/usr/include/x86_64-linux-gnu/ffmpeg-5 --libdir=/usr/lib/x86_64-linux-gnu --prefix=/usr --toolchain=hardened --enable-vaapi --enable-libmfx --enable-libvmaf --enable-libilbc --enable-libjxl --disable-altivec --shlibdir=/usr/lib/x86_64-linux-gnu swscale configuration: --disable-chromaprint --disable-decoder=amrnb --disable-decoder=libopenjpeg --disable-doc --disable-ffmpeg --disable-ffplay --disable-ffprobe --disable-gnutls --disable-liblensfun --disable-libopencv --disable-podpages --disable-programs --disable-sndio --disable-stripping --disable-swresample --enable-avfilter --enable-frei0r --enable-gcrypt --enable-gpl --enable-ladspa --enable-libaom --enable-libaribb24 --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libcodec2 --enable-libdav1d --enable-libdavs2 --enable-libdc1394 --enable-libdrm --enable-libfdk-aac --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libglslang --enable-libgme --enable-libgsm --enable-libiec61883 --enable-libjack --enable-libkvazaar --enable-libmp3lame --enable-libmysofa --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenh264 --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librabbitmq --enable-librist --enable-librsvg --enable-librubberband --enable-libshine --enable-libsmbclient --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libsvtav1 --enable-libtesseract --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxavs2 --enable-libxml2 --enable-libxvid --enable-libzimg --enable-libzmq --enable-libzvbi --enable-lv2 --enable-nonfree --enable-omx --enable-openal --enable-opencl --enable-opengl --enable-openssl --enable-postproc --enable-pthreads --enable-shared --enable-version3 --enable-vulkan --incdir=/usr/include/x86_64-linux-gnu/ffmpeg-5 --libdir=/usr/lib/x86_64-linux-gnu --prefix=/usr --toolchain=hardened --enable-vaapi --enable-libmfx --enable-libvmaf --enable-libilbc --enable-libjxl --disable-altivec --shlibdir=/usr/lib/x86_64-linux-gnu swresample configuration: --disable-decoder=amrnb --disable-decoder=libopenjpeg --disable-gnutls --disable-liblensfun --disable-libopencv --disable-podpages --disable-sndio --disable-stripping --enable-avfilter --enable-chromaprint --enable-frei0r --enable-gcrypt --enable-gpl --enable-ladspa --enable-libaom --enable-libaribb24 --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libcodec2 --enable-libdav1d --enable-libdavs2 --enable-libdc1394 --enable-libdrm --enable-libfdk-aac --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libglslang --enable-libgme --enable-libgsm --enable-libiec61883 --enable-libjack --enable-libkvazaar --enable-libmp3lame --enable-libmysofa --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenh264 --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librabbitmq --enable-librist --enable-librsvg --enable-librubberband --enable-libshine --enable-libsmbclient --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libsvtav1 --enable-libtesseract --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxavs2 --enable-libxml2 --enable-libxvid --enable-libzimg --enable-libzmq --enable-libzvbi --enable-lv2 --enable-nonfree --enable-omx --enable-openal --enable-opencl --enable-opengl --enable-openssl --enable-postproc --enable-pthreads --enable-shared --enable-version3 --enable-vulkan --incdir=/usr/include/x86_64-linux-gnu --libdir=/usr/lib/x86_64-linux-gnu --prefix=/usr --toolchain=hardened --enable-vaapi --enable-libvpl --enable-libvmaf --enable-libilbc --enable-libjxl --cc=x86_64-linux-gnu-gcc --cxx=x86_64-linux-gnu-g++ --disable-altivec --shlibdir=/usr/lib/x86_64-linux-gnu postproc configuration: --disable-chromaprint --disable-decoder=amrnb --disable-decoder=libopenjpeg --disable-doc --disable-ffmpeg --disable-ffplay --disable-ffprobe --disable-gnutls --disable-liblensfun --disable-libopencv --disable-podpages --disable-programs --disable-sndio --disable-stripping --disable-swresample --enable-avfilter --enable-frei0r --enable-gcrypt --enable-gpl --enable-ladspa --enable-libaom --enable-libaribb24 --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libcodec2 --enable-libdav1d --enable-libdavs2 --enable-libdc1394 --enable-libdrm --enable-libfdk-aac --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libglslang --enable-libgme --enable-libgsm --enable-libiec61883 --enable-libjack --enable-libkvazaar --enable-libmp3lame --enable-libmysofa --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenh264 --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librabbitmq --enable-librist --enable-librsvg --enable-librubberband --enable-libshine --enable-libsmbclient --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libsvtav1 --enable-libtesseract --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxavs2 --enable-libxml2 --enable-libxvid --enable-libzimg --enable-libzmq --enable-libzvbi --enable-lv2 --enable-nonfree --enable-omx --enable-openal --enable-opencl --enable-opengl --enable-openssl --enable-postproc --enable-pthreads --enable-shared --enable-version3 --enable-vulkan --incdir=/usr/include/x86_64-linux-gnu/ffmpeg-5 --libdir=/usr/lib/x86_64-linux-gnu --prefix=/usr --toolchain=hardened --enable-vaapi --enable-libmfx --enable-libvmaf --enable-libilbc --enable-libjxl --disable-altivec --shlibdir=/usr/lib/x86_64-linux-gnu libavutil 57. 28.100 / 57. 28.100 libavcodec 59. 37.100 / 59. 37.100 libavformat 59. 27.100 / 59. 27.100 libavdevice 59. 7.100 / 59. 7.100 libavfilter 8. 44.100 / 8. 44.100 libswscale 6. 7.100 / 6. 7.100 libswresample 4. 7.100 / 4. 10.100 libpostproc 56. 6.100 / 56. 6.100 Hyper fast Audio and Video encoder
COPY/PASTE
Regular updates COPY/PASTE section is over
some extra tuning
change config/config.php
described in core/doc/admin/configuration_server/config_sample_php_parameters.html
config/config.php
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\HEIC',
5 => 'OC\\Preview\\MP3',
6 => 'OC\\Preview\\TXT',
7 => 'OC\\Preview\\Movie',
),
Preview generation CLI issues workaround
Fatal error: Allowed memory size of 2097152 bytes exhausted (tried to allocate 446464 bytes) in /var/www/html/3rdparty/composer/autoload_real.php on line 37
cd /var/www/html sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=2G ./occ preview:generate-all -vvv"
add cron for background task
apt install cron
#chown www-data /var/spool/cron/crontabs/www-data crontab -e -u www-data
#*/5 * * * * /bin/bash -c "PHP_MEMORY_LIMIT=512M php -f /var/www/html/cron.php" */5 * * * * /bin/bash -c "PHP_MEMORY_LIMIT=1G /usr/local/bin/php -f /var/www/html/cron.php"
start cron daemon
#cron service cron start
host system root cron alternative (preferred) so no need to add every nextcloud update
#crontab -e */5 * * * * /usr/bin/docker exec root_app_1 sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=1G /usr/local/bin/php -f /var/www/html/cron.php"
Additional steps
Create missing indices (sometimes needed after update)
cd /var/www/html sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ db:add-missing-indices -vvv"
Clear log (brutal way)
> ./data/nextcloud.log
Increase upload limit
export PHP_UPLOAD_LIMIT=10G
add proxies list
vi config/config.php
'trusted_proxies' =>
array (
0 => '10.0.0.2',
1 => 'proxy.example.com',
),
when PHP settings are OK regenerate preview can be done by
# su - www-data cd /var/www/html/ ./occ preview:generate-all -vvv
iPhone h.265 HDR to h.264 SDR (suitable for streaming on all devices) workaround
add -vf format=yuv420p to video_converter
#vi ./custom_apps/video_converter/lib/Controller/ConversionController.php
$middleArgs = "-vcodec libx264 -vf format=yuv420p -preset ".escapeshellarg($preset). " -strict -2";
# example HDR to SDR for ffmpeg 4.4 and codecs 5.8 npl=100-800 (lighter-darker color filtering for 10->8 bit color conversion)
# -vf zscale=t=linear:npl=550,format=gbrpf32le,tonemap=tonemap=mobius:desat=0,zscale=p=bt709:t=bt709:m=bt709:r=tv,format=yuv420p
https://github.com/liutyi/NextcloudVideo_Converter (Very draft)
disable app suggestion
vi ./config/config.php
'customclient_ios_appid' => '',
remove SingUp footer
'simpleSignUpLink.shown' => false,
sudo -u www-data /bin/bash -c "PHP_MEMORY_LIMIT=512M ./occ config:system:set --type=bool --value=false simpleSignUpLink.shown"
remove footer completely
vi core/templates/layout.public.php
root@97e80e9add6a:/var/www/html# diff core/templates/layout.public.php.back core/templates/layout.public.php
98,114d97
< <?php if (isset($template) && $template->getFooterVisible()) { ?>
< <footer>
< <p><?php print_unescaped($theme->getLongFooter()); ?></p>
< <?php
< if ($_['showSimpleSignUpLink']) {
< ?>
< <p>
< <a href="https://nextcloud.com/signup/" target="_blank" rel="noreferrer noopener">
< <?php p($l->t('Get your own free account')); ?>
< </a>
< </p>
< <?php
< }
< ?>
< </footer>
< <?php } ?>
<
iOS full screen video player for shared folders
https://apps.nextcloud.com/apps/theming_customcss
settings/admin/theming
.plyr__video-wrapper video {
right: 0px;
bottom: 0px;
min-width: 100%;
min-height: 100%;
}
Set Up SendGrid SMTP example
using https://sendgrid.com/ free account with up to 100 emails/month
| Mode | SMTP |
| Encription | SSL/TLS |
| something@yourdomain.name | |
| Auth | Login (need auth: true) |
| Server | smtp.sendgrid.net |
| Port | 465 |
| Login | apikey |
| Password | SG.xxxxKeyxxxxx.xxxxxxxx |
