Migrating my Nextcloud instance to OpenSUSE 16.0 is not totally transparent since the 16.0 makes a number of key changes - namely replacing yast with a mixture of myrlyn (for Software Management) and cockpit (for other management tasks), and replacing AppArmor with SELinux.
So here goes...
First of all, the new installer for OpenSUSE, agama, is still a bit rough round the edges. While a bit more up-to-date in the looks department, and probably easier to use for a novice, it has a few design issues. If you don't want the standard setup, it's not entirely clear what to click on to edit which installation settings. Sometimes it's a button, sometimes a menu, sometimes a non-highlighted clickable bit of text. In that respect the old installer was rather better.
Anyway, I wanted to not use BTRFS this time just so the Nextcloud console didn't show me the same repeated details for every subvolume since OpenSUSE creates them in abundance. Since I rsnapshot the vital parts of the volume daily I'm not risking much.
So, logging this somewhat on-the-fly as I do things...
- Install with LAMP and Desktop profiles
- ...and discover cockpit isn't installed
- ...and discover updates aren't installed (unlike the old installer)
- Run myrlyn and install updates
- Run myrlyn and install cockpit, and cockpit-client-launcher
- Discover a weird broken dependency incompatibility with busybox-hostname
- Solution is to select the "deinstall busybox-hostname" option
- systemctl enable cockpit.socket
- systemctl start cockpit.socket
- Edit application menu to move cockpit client launcher from the Internet section to the System section because that bugs me
- Run myrlyn and install the various PHP dependencies that Nextcloud needs
- Tweak /etc/php8/apache2/php.ini and /etc/php8/apache2/php.ini to meet Nextcloud requirements (see link above)
- Fire up cockpit client launcher and start+enable apache and mariadb
- Run mysql_secure_installation to clean things up and set a secure root password
- Run the commands to set up the nextcloud user and database:
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL PRIVILEGES on nextcloud.* to 'username'@'localhost'; - Run the command the restore the Nextcloud database backup
mysql -h [server] -u [username] -p[password] [db_name] < nextcloud-sqlbkp.bak - Restore /srv/www and /srv/data directories from backup
- Edit /etc/sysconfig/apache2 to make sure the modules ssl, headers and rewrite are included, and it starts with the SSL option
- Restore /etc/apache2 from backup - includes vhosts definitions and ssl details
- Run myrlyn and install certbot, and cerbot-systemd-timer
- Restore /etc/letsencrypt from backup
- Tweak SELinux to allow webserver write access to nextcloud directories
semanage fcontext -a -t httpd_sys_rw_content_t '/srv/data(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/htdocs/nextcloud/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/htdocs/nextcloud/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/htdocs/nextcloud/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/htdocs/nextcloud/.user.ini'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/htdocs/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?' - Update restored Nextcloud files to match SELinux policies
restorecon -Rv '/srv/www/htdocs/nextcloud/'
restorecon -Rv '/srv/data/' - Allow web updates (slightly naughty)
setsebool -P httpd_unified on - Go into cockpit and add ports 80 and 443 to the firewall rules
- Allow PHP jit to work
setsebool -P httpd_execmem on - Allow other Nextcloud functions to work
setsebool -P httpd_can_network_connect on
setsebool -P httpd_can_sendmail on - Restore /etc/cron.d from backup and restart the service
