Nextcloud hacks and improvements

In this article we will go through Nextcloud hacks and improvements. Add configurations to safeguard Nextcloud installation.

Move data directory

There could be two reasons to move the data directory from the web server path.

• Security
• Different mount point

Regardless of the reason, we will move it. I prefer using the copy command. I assume the web server path is /var/www/html; please change it if it’s different.

cp -r /var/www/html/data /var/www/data

This will recursively copy the data directory to /var/www. Remember, you can move it anywhere you like. Now we will edit the config.php file to change the directory path.

vim /var/www/html/config/config.php

From

'datadirectory' => '/var/www/html/data',

To

'datadirectory' => '/var/www/data',

You can now refresh the Nextcloud instance, and everything should be okay. The data directory from html can now be deleted or removed.

Just make sure you don’t delete anything else. You can use the rm -r command.

Disclaimer: As mentioned, be careful with the rm command. I will not be responsible if you mistakenly delete something important. 🙂

Setup Cron for background jobs

With a fresh installation, Nextcloud opts for AJAX for background jobs. The preferred way is to set up a system Cron job on the server.

crontab -e -u www-data

Add:

*/5 * * * * php -f /var/www/html/cron.php

Change the path to cron.php if it is different.

Redis cache

You can add Redis cache to your Nextcloud setup for transactional file locking. Just add the following to the config.php file.

Make sure the Redis server and PHP Redis cache module are installed.

vim /var/www/html/config/config.php

'maintenance_window_start' => 1,
'filelocking.enabled' => true,
'memcache.locking' => '\OC\Memcache\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.local' => '\\OC\\Memcache\\Redis',
'redis' => 
  array (
   'host' => 'localhost',
   'port' => 6379,
 ),

Save.

Remove index.php from URLs

Set proper permissions on .htaccess if they are not already set.

chown www-data:www-data /var/www/html/.htaccess

Add the following line to the $CONFIG array in config.php:

vim /var/www/html/config/config.php

'htaccess.RewriteBase' => '/',

Update .htaccess with occ:

sudo -u www-data php occ maintenance:update:htaccess

Default phone region

Add the following to config.php:

'default_phone_region' => 'DE',

Use the two character country code.

Rescan files

In some cases, such as migration, you may encounter issues like missing files or indexes. This command will update them.

sudo -u www-data php occ files:scan --all -vvv

The above command will scan files for all users. If you want to scan files for a specific user, the command would be:

sudo -u www-data php occ files:scan --all USER_ID -vvv

Clear files cache

You can clear the file cache that contains orphaned files.

sudo -u www-data php occ files:cleanup -vvv

Reset passwords with occ

You can reset any user password with occ command. admin is the username.

You can reset any user’s password with the occ command. In the following command, admin is the username.

sudo -u www-data php occ user:resetpassword admin

New account skeleton

After logging into the Nextcloud instance, you will see some default files.

To provide an empty account for new users, add the following line to the config.php file.

'skeletondirectory' => '',

If you want new users to see your own set of files in their account, you can create a directory anywhere in the web server path and copy your files/directories to it.

The preferred location is the root path /var/www/html/template. Then, change the skeletondirectory to:

'skeletondirectory' => '/var/www/html/template',