Nextcloud - Private Cloud auf dem eigenen Server

Nextcloud ist eine Open-Source-Plattform für Dateisynchronisation und Collaboration. Als selbst gehostete Alternative zu Dropbox und Google Drive behält man die volle Kontrolle über seine Daten.

Nextcloud-Features

Kernfunktionen

- Dateisynchronisation
- Kalender und Kontakte
- E-Mail-Client
- Videokonferenzen (Talk)
- Office-Integration
- Aufgabenverwaltung
- Notizen
- Passwort-Manager

Apps-Ökosystem

| Kategorie | Apps | |-----------|------| | Productivity | Deck, Tasks, Notes | | Communication | Talk, Mail | | Office | Collabora, OnlyOffice | | Security | Two-Factor, E2E Encryption | | Integration | External Storage, LDAP |

Voraussetzungen

Systemanforderungen

- PHP 8.1+ (8.2 empfohlen)
- MySQL/MariaDB oder PostgreSQL
- Apache/Nginx
- 512 MB RAM (2 GB+ empfohlen)
- Redis (empfohlen)

PHP-Erweiterungen

apt install php8.2-fpm php8.2-mysql php8.2-xml php8.2-curl php8.2-gd \
    php8.2-mbstring php8.2-zip php8.2-intl php8.2-bcmath php8.2-gmp \
    php8.2-imagick php8.2-apcu php8.2-redis

Installation

Datenbank erstellen

CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'sicheres_passwort';
GRANT ALL ON nextcloud.* TO 'nextcloud'@'localhost';
FLUSH PRIVILEGES;

Nextcloud herunterladen

cd /var/www
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
tar -xjf latest.tar.bz2
chown -R www-data:www-data nextcloud

Datenverzeichnis

mkdir -p /var/nextcloud-data
chown www-data:www-data /var/nextcloud-data

Nginx-Konfiguration

# /etc/nginx/sites-available/nextcloud

upstream php-handler {
    server unix:/run/php/php8.2-fpm.sock;
}

server {
    listen 80;
    server_name cloud.example.de;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name cloud.example.de;

    ssl_certificate /etc/letsencrypt/live/cloud.example.de/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cloud.example.de/privkey.pem;

    root /var/www/nextcloud;

    add_header Strict-Transport-Security "max-age=31536000" always;
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Robots-Tag "noindex, nofollow" always;

    client_max_body_size 512M;
    client_body_timeout 300s;
    fastcgi_buffers 64 4K;

    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_types application/javascript application/json text/css text/xml;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ^~ /.well-known {
        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }
        location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation { try_files $uri $uri/ =404; }
        return 301 /index.php$request_uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }

    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
        fastcgi_max_temp_file_size 0;
    }

    location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map|html|ttf|bcmap|mp4|webm)$ {
        try_files $uri /index.php$request_uri;
        expires 6M;
        access_log off;
    }

    location ~ \.woff2?$ {
        try_files $uri /index.php$request_uri;
        expires 7d;
        access_log off;
    }

    location /remote {
        return 301 /remote.php$request_uri;
    }

    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }
}

Web-Installation

1. https://cloud.example.de aufrufen
2. Admin-Account erstellen
3. Datenverzeichnis: /var/nextcloud-data
4. Datenbank konfigurieren:
   - Typ: MySQL/MariaDB
   - Benutzer: nextcloud
   - Passwort: sicheres_passwort
   - Name: nextcloud
   - Host: localhost
5. Installation abschließen

CLI-Installation

cd /var/www/nextcloud
sudo -u www-data php occ maintenance:install \
    --database "mysql" \
    --database-name "nextcloud" \
    --database-user "nextcloud" \
    --database-pass "sicheres_passwort" \
    --admin-user "admin" \
    --admin-pass "admin_passwort" \
    --data-dir "/var/nextcloud-data"

Konfiguration

config.php

<?php
// /var/www/nextcloud/config/config.php

$CONFIG = array (
  'instanceid' => 'xxxxxxxxxx',
  'passwordsalt' => 'xxxxxxxxxxxxxxxxxxxxxxxxxx',
  'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'trusted_domains' =>
  array (
    0 => 'cloud.example.de',
  ),
  'datadirectory' => '/var/nextcloud-data',
  'dbtype' => 'mysql',
  'version' => '28.0.0.11',
  'overwrite.cli.url' => 'https://cloud.example.de',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'sicheres_passwort',
  'installed' => true,

  // Performance
  'memcache.local' => '\OC\Memcache\APCu',
  'memcache.distributed' => '\OC\Memcache\Redis',
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
    'host' => '/var/run/redis/redis-server.sock',
    'port' => 0,
    'timeout' => 0.0,
  ),

  // E-Mail
  'mail_smtpmode' => 'smtp',
  'mail_smtphost' => 'smtp.example.de',
  'mail_smtpport' => 587,
  'mail_smtpsecure' => 'tls',
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'noreply@example.de',
  'mail_smtppassword' => 'mail_passwort',
  'mail_from_address' => 'noreply',
  'mail_domain' => 'example.de',

  // Sicherheit
  'default_phone_region' => 'DE',
  'default_locale' => 'de_DE',
  'default_language' => 'de',

  // Logging
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'loglevel' => 2,
);

Redis konfigurieren

apt install redis-server

# /etc/redis/redis.conf
unixsocket /var/run/redis/redis-server.sock
unixsocketperm 770

usermod -a -G redis www-data
systemctl restart redis-server

PHP-Tuning

; /etc/php/8.2/fpm/pool.d/www.conf

pm = dynamic
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 18

; Memory
php_admin_value[memory_limit] = 512M
php_admin_value[upload_max_filesize] = 512M
php_admin_value[post_max_size] = 512M
php_admin_value[max_execution_time] = 3600

; OPcache
php_admin_value[opcache.enable] = 1
php_admin_value[opcache.interned_strings_buffer] = 16
php_admin_value[opcache.max_accelerated_files] = 10000
php_admin_value[opcache.memory_consumption] = 128
php_admin_value[opcache.save_comments] = 1
php_admin_value[opcache.revalidate_freq] = 1

Cron-Jobs

Background Jobs

# /etc/cron.d/nextcloud
*/5 * * * * www-data php -f /var/www/nextcloud/cron.php

Oder Systemd-Timer

# /etc/systemd/system/nextcloud-cron.service
[Unit]
Description=Nextcloud cron.php

[Service]
User=www-data
ExecStart=/usr/bin/php -f /var/www/nextcloud/cron.php

# /etc/systemd/system/nextcloud-cron.timer
[Unit]
Description=Run Nextcloud cron.php every 5 minutes

[Timer]
OnBootSec=5min
OnUnitActiveSec=5min
Unit=nextcloud-cron.service

[Install]
WantedBy=timers.target

systemctl enable nextcloud-cron.timer
systemctl start nextcloud-cron.timer

OCC-Befehle

Wichtige Befehle

cd /var/www/nextcloud

# Status
sudo -u www-data php occ status

# Wartungsmodus
sudo -u www-data php occ maintenance:mode --on
sudo -u www-data php occ maintenance:mode --off

# Datenbank-Update
sudo -u www-data php occ db:add-missing-indices
sudo -u www-data php occ db:convert-filecache-bigint

# File-Scan
sudo -u www-data php occ files:scan --all
sudo -u www-data php occ files:scan username

# App-Verwaltung
sudo -u www-data php occ app:list
sudo -u www-data php occ app:install appname
sudo -u www-data php occ app:enable appname

# Benutzer
sudo -u www-data php occ user:add username
sudo -u www-data php occ user:resetpassword username

Wichtige Apps

Installation

Einstellungen → Apps → Empfohlene Apps

Empfehlungen

# Collaboration
Nextcloud Office (Collabora)
OnlyOffice
Talk (Videokonferenzen)
Deck (Kanban)

# Produktivität
Calendar
Contacts
Tasks
Notes
Bookmarks

# Sicherheit
Two-Factor TOTP
End-to-End Encryption
Suspicious Login

# Integration
External Storage
LDAP user and group backend

Office-Integration

Collabora Online

# Docker
docker run -t -d -p 9980:9980 \
    -e "extra_params=--o:ssl.enable=false" \
    --restart always \
    --cap-add MKNOD \
    collabora/code

# Nginx-Proxy für Collabora
server {
    listen 443 ssl;
    server_name office.example.de;

    ssl_certificate /etc/letsencrypt/live/office.example.de/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/office.example.de/privkey.pem;

    location ^~ /browser {
        proxy_pass http://127.0.0.1:9980;
        proxy_set_header Host $host;
    }

    location ^~ /hosting/discovery {
        proxy_pass http://127.0.0.1:9980;
        proxy_set_header Host $host;
    }

    location ^~ /cool {
        proxy_pass http://127.0.0.1:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }
}

Externe Speicher

S3-Speicher

Einstellungen → Externe Speicher

Speichertyp: Amazon S3
Bucket: nextcloud-data
Region: eu-central-1
Access Key: AKIA...
Secret Key: ...

SMB/CIFS

Speichertyp: SMB/CIFS
Host: fileserver.local
Share: nextcloud
Benutzer: smbuser
Passwort: ...

Updates

Web-Updater

Einstellungen → Übersicht → Auf neue Version prüfen

CLI-Update

cd /var/www/nextcloud
sudo -u www-data php occ maintenance:mode --on
sudo -u www-data php updater/updater.phar
sudo -u www-data php occ maintenance:mode --off
sudo -u www-data php occ db:add-missing-indices

Backup

Skript

#!/bin/bash
# /usr/local/bin/nextcloud-backup.sh

DATE=$(date +%Y-%m-%d)
BACKUP_DIR=/backup/nextcloud

# Wartungsmodus
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on

# Datenbank
mysqldump -u nextcloud -p nextcloud > $BACKUP_DIR/db-$DATE.sql

# Daten
rsync -a /var/nextcloud-data/ $BACKUP_DIR/data-$DATE/

# Konfiguration
cp /var/www/nextcloud/config/config.php $BACKUP_DIR/config-$DATE.php

# Wartungsmodus aus
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off

# Alte Backups löschen
find $BACKUP_DIR -name "*.sql" -mtime +7 -delete

Troubleshooting

Warnungen beheben

# Fehlende Indizes
sudo -u www-data php occ db:add-missing-indices

# BigInt-Konvertierung
sudo -u www-data php occ db:convert-filecache-bigint

# Mime-Types
sudo -u www-data php occ maintenance:repair

# Cache leeren
sudo -u www-data php occ maintenance:repair --include-expensive

Performance-Probleme

- Redis konfigurieren
- APCu aktivieren
- PHP-FPM tunen
- Datenbank optimieren

Zusammenfassung

| Befehl (occ) | Funktion | |--------------|----------| | status | Status anzeigen | | maintenance:mode | Wartungsmodus | | files:scan | Dateien scannen | | app:list | Apps auflisten | | db:add-missing-indices | DB optimieren |

| Verzeichnis | Inhalt | |-------------|--------| | /var/www/nextcloud | Installation | | /var/nextcloud-data | Benutzerdaten | | config/config.php | Konfiguration |

| App | Funktion | |-----|----------| | Talk | Videokonferenzen | | Deck | Kanban-Board | | Calendar | Kalender | | Contacts | Kontakte |

Fazit

Nextcloud ist die führende selbst gehostete Cloud-Lösung. Mit der richtigen Konfiguration ersetzt es Dropbox, Google Drive und Microsoft 365. Die Office-Integration mit Collabora ermöglicht kollaboratives Arbeiten. Talk bietet verschlüsselte Videokonferenzen. Für Unternehmen und Privatpersonen, die Wert auf Datenschutz legen, ist Nextcloud die beste Wahl.