Nextcloud 21 with Collabora & HPB

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone i'm jacob kaufman i'm the nerd in the street and today we are installing next cloud 21 collabora online and the next cloud high performance backend all right everyone so if you found this video just looking for a next cloud installation tutorial welcome we'll get started in just a minute if you're a returning viewer i do just want to take a minute to talk about what's going to be different about today's next cloud installation versus previous ones that i've showed on this channel for one thing next cloud 21 is brand new was just released last month it's got a number of new features like a new whiteboard app and improvements to the talk app and the markdown text editor app so plenty of new things in the base next cloud installation secondly since i last covered collabora online they have begun publishing native linux packages for their program that means you don't need to use docker to set this up on your server anymore over the past couple of years i've had people asking me questions about collabora setup they've had trouble with some of the docker commands and they want help troubleshooting and for many months now my answer has been that that video is outdated and that you really ought to be using the native linux packages these days instead of docker the native packages take up less resources on your server so it's less you have to install and it's less that has to run since it's not in a container that means you can have lower powered hardware and support more users on the collaborate instance at the same time the native packages also offer easier configuration in my opinion so in today's video we will be using those native packages there will be no docker today and finally the third big difference between this video and previous next cloud videos is that we'll be installing the new high performance backend this was introduced alongside next cloud 21 and it's a rust binary that basically handles notifications for your server now with a standard installation a next cloud server is running fully on php and php is a scripting language it doesn't really do anything unless you make a request to it so in order to get notifications any next cloud clients which would include the website or desktop or mobile clients they have to check in with the server every 30 seconds to check if there are any new notifications and if you have multiple tabs of next cloud open in your web browser all of those tabs are checking separately every 30 seconds since tabs in your web browser can't communicate with each other so three tabs in your web browser would be a request to your server every 10 seconds or three users would be a request every 10 seconds 10 tabs or 10 users would be a request every 3 seconds and every time the server's handling one of those requests it has to turn around and check the mysql database to see if there are any new notifications and then it has to send them back so that really adds up so this new high performance back end like i said it's a binary it was written in rust you don't need rust installed on your server to run it but it basically just sits there and handles notifications it establishes a websocket connection with any clients and it's actually able to send notifications proactively when they're ready so rather than a fetching system where clients have to check periodically for notifications this new high performance backend is a push system where the server can just send the notification when it's ready now by default the clients are still going to check in with the server every five minutes to see if there are any notifications just in case that high performance back-end fails we don't want the clients to be left without notifications for a long period of time so every five minutes they'll just check as a fallback to make sure that they're in sync notification wise but this new system removes a lot of load from the server especially if you've got a lot of users on your system or if you tend to have it open in a lot of windows or tabs at once it's a really interesting new feature it's an interesting way that they're handling a bottleneck in their system rather than trying to optimize the heck out of their php program they're just providing an auxiliary component to take over some of the functionality so we are going to set that up because it's so new i would expect that the first part of this video to get outdated will be the high performance back-end setup the documentation is still a little shaky and i wouldn't be surprised if that setup does change in the near future but for right now i am going to show you how to set it up just so we can take a look at it all the commands i'm about to run are listed in a link in the description of this video so take a look at that if you're following along at home but without further ado we'll go ahead and cut to the desktop and get started installing next cloud 21 alright and here we are on the desktop we're going to be using lynnode today if you don't have a server already you can go to lenod.nots.com to get started with them of course you can also use digitalocean vulture or any other cloud hosting provider of your choice if you don't have your own physical server to use and you can find links to some of those alternatives down in the description as well but i'm going to go ahead and create a linode here we're going to be using debbie and tin for our operating system today these instructions should be very similar on ubuntu 20.04 we're just using debian because it's a little bit lighter weight without all of canonical's software on top i'll select my region here and i am going to use the cheapest plan possible you can select a higher plan if you need more storage but in terms of the actual resources here ram and cpu you shouldn't need too much if you're only going to have one or two people using your server i'll set a label here just to make this easier to identify i'll set a tag and i will enter in a root password but i will also select my ssh key so i don't have to type that password in manually that's everything that we need to set here so i'll click create and while that's provisioning we're going to copy the ip address and come over to our domain control panel now you do need a domain name to use let's encrypt to get an ssl tls certificate because let's encrypt uses the domain name to identify you when issuing that certificate so i'll come into my domain control panel here and i'm going to add an a record i'll use the host name next cloud so our domain name is going to be nextcloud.netstreet.com and i'll paste in my ip address there i am going to turn the time to live down because i'm planning on deleting this later now it might take a few minutes for that domain name record to propagate but while that's happening we can go ahead and open up a terminal and ssh into our server here using the ip address i'll type in my ssh passphrase and we are logged in now the first thing i'm going to do here is entirely optional as you can see my host name right now is just localhost i'd like to have a more personalized prompt here so i'm going to go ahead and set a hostname on this machine to do that i'll run hostname ctl set hostname next cloud and i'm also going to nano into my etsy hosts file and i'm going to add a new entry here 127.0.1.1 and i'll type in nextcloud there as well now there's a reason i'm not putting the entire nextcloud.nernonthestreet.com fully qualified domain name in here this would technically be valid configuration but it actually messes up the apache configuration that we're going to do the reasoning for that's a little bit outside the scope of this video but if you're a nerd club member i'm putting a link to a behind-the-scenes video in the description of this video if you want to learn a little bit more about when and how apache uses this etsy host's file like i said though it's outside the scope of this video so all you need to know is that we're putting our host name not our fully qualified domain name in our etsy hosts file we'll save that we'll exit we'll ssh into the same server again and you can see that now we have a root at next cloud prompt so now we can run an apt update just to make sure all of our package lists are up to date before we install all of our required packages here and it looks like all the packages are up to date which is nice i'm going to copy and paste this apt install command in just because it's a lot to type but we will go through some of these just to see what they are so apache 2 is the web server that we're using today mariadb is our database server it's mysql compatible php common is going to bring in the php scripting language the next cloud's written in we've got lib apache 2 mod php to hook php in with apache phpmysql will allow php programs to access our mariodb database and we've got various other php modules that are listed in the next cloud admin guide for example php image magic is going to allow php programs to use the image magic image processing software which it uses to create thumbnails in next cloud now toward the end here we've got rita's server and this is going to be our memory caching server today in the past i've showed how to use apcu because it's the easiest and simplest caching server to set up but today we're using redus because the high performance back-end that we're going to set up later requires this one rather than either of the other options so we've got that that we're installing and finally we've got python cert bot apache that is going to be the apache plugin for certbot which is also going to pull in the base certbot program as a dependency to allow us to generate our ssl certificate later so i'll go ahead and install all of these things all right and that is all done installing the first thing we're actually going to configure here is our redus memory caching server to do that i'll nano into etsyridisreadis.conf and i'm going to do a search for unix socket now by default redus is going to listen using a networking stack it's not going to listen from any external networking interfaces it's only going to listen for connections from local hosts but it is going to be listening over a tcp socket which means that we theoretically have a little bit more overhead encapsulating that data into tcp segments and theoretically it might also be a little bit less secure since it's relying on the networking stack on your machine since this is a small server and we want to get the best performance and best security possible we're going to use a unix socket instead so we'll uncomment this unix socket line it's going to use this particular file for its socket and that way programs can access redus without having to go through networking at all we're also going to uncomment the unix socket permission option here and the default is 700 which means that only the redus user is able to access the memory caching server we're going to add apache to the redus group later so we also want to give the readers group access to the server so we'll change this permission to 770 so that the user and the group can access the server and other people cannot after that i'm going to come up just a little bit here and this port 6379 line this is the default tcp port that we'd be listing through since we're not going to be using that we'll just disable tcp altogether by setting that to port zero we'll save that configuration file and we will add the apache user to the redis group with user mod dash a capital g that's to add a user to an additional group the group name is readus and the user is www data next we're going to configure apache so we will copy our default virtual host configuration file from etsy apache 2 sites available 000 default.conf to etsy apache 2 sites available nextcloud.conf we will nano into that new nextcloud.com file and we'll come down here the first thing we'll set as our server name we're going to set that to nextcloud.nernonthestreet.com that way apache knows that when somebody connects to this host name it needs to send this website certbot's also going to read that value later when we generate the ssl certificate the server admin option here doesn't really do anything but we can set it just for fun and the document root i'm going to set this to var www next cloud and that is going to be the directory where the next cloud application files are extracted to later we'll save that virtual host configuration file and we'll enable that virtual host with a2 insight next cloud i do have a whole video about virtual hosts if you want to learn more about the configuration that goes on in that file before we reload apache here we're also going to enable a couple of modules with a2 in mod rewrite and headers the rewrite module is needed for the simple url scheme that will enable the next cloud later and the headers module is needed for hsts an ssl option that we'll also enable later so we'll run that and you can see that we now no longer just need to reload apache we actually need to restart apache so we'll run systemctl restart redis apache 2 to restart both redus and apache making all of the configuration we've done so far take effect now we can go ahead and download nextcloud we're going to use wgit for that and i'm going to open up my web browser again and go to nextcloud.com to get the download link up at the top right we'll go to git next cloud and server packages and underneath the details and download options we're going to copy the tar.bz2 link we'll come back to our terminal and paste that in that's going to be downloaded and saved to our root users home directory on the server and we will extract that file using tar xvf that's extract verbose and the file name of the archive which is going to be next cloud dash theversionnumber.tar.bz2 then we're going to use a dash capital c to set our destination where we're extracting to and we'll set that to var www now the reason i'm doing it this way is because i already know this next cloud tar.bz2 file contains a directory called nextcloud that all the files are inside of so we're going to extract davar www and we're going to end up with a folder var www.nextcloud which is what we configured in apache earlier so we'll run that and since we used the verbose option you can see it go through all the different files there and that is complete so if we do an ls-alh on var www next cloud you can see that that directory does exist now you can see the permissions are currently set so that nobody owns those files we do need apache to own those files to do that we'll run chon capital r for recursive www data and a colon to set both the user and the group var www next cloud we'll run that and if we run our ls command again you can see all of these files and directories are now owned by our apache user now by default next cloud is going to create a data directory inside of this far www folder and that's where it's going to store your files that you upload into next cloud personally i like to make a dedicated data directory somewhere else just so that if the apache configuration goes haywire at any point all of my personal files aren't served by the web server so i'm going to run make dur slash nc data this is just going to create a directory on the root of our server we do still need to give apache permission to access that directory so to do that i'll run ch own www data colon slash nc data and finally we can remove the next cloud tar.bz2 file since we've already extracted this we don't need the archive sitting there anymore so at this point if we open up a web browser we can go to nextcloud.nernthestreet.com and you can see it will load our next cloud setup page here before we actually complete this there are a couple more things we need to do for one thing up in our url bar here we are currently connected with regular old http firefox is hiding that from us for some reason but we do have a little insecure icon here because we're not using ssl so to take care of that we'll come back to our terminal and we'll run certbot dash dash apache that's going to walk us through the process for setting up ssl tls it's going to ask for an email address first i'm going to agree to the terms of service not subscribe to the email list and it's going to read our apache configuration and offer the nextcloud.netstreet.com domain name i'll hit enter to accept that it'll verify that this server is in control of that domain name and once it's done that it's going to offer to set up a redirect for us which we will take it up on by selecting the option two there so tls has now been configured and if we just refresh this page we will be redirected to https nextcloud.netstreet.com you can see that it's also going to ask us for our database information and we haven't set that up yet either so we'll come back to our terminal again and the first thing we'll run is mysql underscore secure underscore installation this is a script that's going to walk us through some good security practices for our database the first thing it will ask us to do is set a root password which i'll go ahead and enter in here for everything else we can just accept the defaults and once that's done we can access the mariodb server using the mariadb command we're going to create a database next cloud we will create a user next cloud at localhost it should only be logging in from this server identified by and will give the database user its own password and finally we will grant all privileges on our next cloud database and all tables of that database to our next cloud user and once again it's only allowed to access that database when logging in from localhost after that we can quit out of mariodb and we can come back to our web browser and now we can fill out this setup page so i'm going to enter in a username for my admin account and another super secure password for it there for the data folder here we are going to change that to the slash nc data directory that we created and for our database i'll enter in the database user we just created the database user's password and the database name which is also nextcloud now down here we've got an option to install recommended apps we are not going to do this and the reason is because one of the things this will install is collaborative editing if we just do a quick search for next cloud store collabora the first option here is a built-in code server and this is actually an app image package of the server component of calabra the reason we're not using this has to do with a lot of the same reasons we're not using the docker package for collabora this app image package is going to run a little bit slower than a native installation it's also not going to be quite as straightforward to configure also it's not always up to date when next cloud 21 was released this checkbox actually errored out when you finished installing the setup for a good week or two they didn't update this code server to support next cloud 21 very quickly the client app was updated almost immediately but the server app they would install it automatically and it would fail which isn't great qa on their part since we're going to be setting up our own collabora server later using the native collabora packages we're not going to install this built-in code server we will uncheck this recommended apps option and if you want any of the other apps like the calendar app or the talk app or the mail client you can install those manually from the next cloud app store very easily so i'll click finish setup and eventually that will redirect us to our next cloud dashboard if this is your first time using next cloud you can read the slide show there if you want to i'm just going to skip through that and i'll go to the top right menu and go to our settings app underneath the administration section i'll go to the overview and as usual there are going to be a number of security and setup warnings here we're going to take care of all of these in just a couple of fell swoops here we'll come back to our terminal and the first thing we'll address is the php configuration on our server so we'll nano into etsy php 7.3 apache 2 php.ini and inside of there i'm going to do a search for memory limit this is set to 128 megabytes by default we need to raise that to 512 megabytes i'm also going to do a search for output underscore buffering and the second search result here the one that's set to 4096 by default we're going to change that to off with a capital o to disable output buffering altogether we'll save that file next we're going to address our apache configurations so i'll nano into etsy apache 2 sites enabled nextcloud.le ssl.conf so this is the copy of our configuration file that certbot created for us earlier and down here underneath the document root section inside of this 443 virtual host i'm going to copy and paste this configuration in just because it's a lot to type but once again i am going to explain what it is here so first we're saying if we have the module headers enabled which we did enable earlier we're going to set the hsts http strict transport security header in the http data of every packet that we send out this is going to tell any web browser that connects that for the next 180 days set in seconds there it should not attempt to make any unencrypted connections to this website when you type in this host's name your web browser should go straight to 443 it should not need to use that redirect from regular http next we're saying that inside of the var www next cloud directory we are going to allow overrides for our configuration that's going to allow the dot ht access file the next cloud includes to work so we'll save that configuration we'll restart apache with systemctl restart apache2 and after that we can check out how we're doing in terms of those warnings that gets rid of a good number of them there and the only stuff that's left has to do with our next cloud configuration so to edit that we're going to nano into var www next cloud config config.php now this is just a php file that's being included in all the other php files in nextcloud so we don't need to restart the web server anything that we change in here will take effect immediately or the next time that we access the next cloud page the first option that we're going to add here does not actually address any messages the next cloud was giving us but we are going to use the simple url scheme like i mentioned earlier right now if we look at our next cloud server the url we're browsing to is nextcloud.netstreet.com index.php settings admin overview by default every single url on your next cloud server is going to include index.php if i hover over some other links here you can see in the bottom left that all of those urls have index.php in them we're just going to shorten that in the real meat of the configuration to do that is already present in the dot htaccess file by default we just need to set the htaccess dot rewrite base option and we're going to set that to just a forward slash while we're in this file we're also going to set our default phone region that next cloud was asking us for we'll set that to us and then we'll also set up our redus memory caching here so we'll set memcache.local to backslash oc backslash memcache backslash redus we're also going to set memcache.distributed and the difference between apcu that i've shown how to use in the past and read us which we're using today is that redus can actually support a distributed configuration where you have several different front-end next cloud servers that are serving the same backend database and files when you're doing that you need the servers to use the same distributed memcache server so that they don't get out of sync with each other even though we only have one server today we're still going to set the distributed option we're going to set that to the exact same thing oc memcache redus and finally we will put in the parameters for our redis server that is going to be inside of square brackets for an array our host is going to be the unix socket path that we set up so that's going to be var run readis redus server dot sock and we also want to set a port but that port will be zero since once again this is a native unix socket we'll save that to make that rewrite base option take effect we're going to run sudo u w w data so we're running a command as the web server the command we're running is going to be php and we want to run the var www next cloud occ script that stands for own cloud console and the command within that script we want to run is maintenance colon update colon ht access we'll run that we get a message.htaccess has been updated so now if we come back to our next cloud server and refresh this you can see that we now get that nice green check mark because all of our setup and security checks are passing and also if i come up here to my url bar i can just delete index.php and this page still loads exactly the same way all of the links within next cloud have also been updated so if i click back to my dashboard here we're no longer at index.php apps dashboard now we're just at slash app dashboard all of the urls in this program are now a little bit shorter so that's everything you need to do to get the basic next cloud setup running if i click on my notifications there you can see they're recommending different apps for us to install which i'll just ignore it's also going to ask you if you want to show native desktop notifications i'm going to click no right now the next thing we want to do is set up our collaborate server if we come over to the files section here you can see if i try to add a new file i can add a plain text document but i can't add a rich text document and i can't add a spreadsheet or a presentation either for that stuff we need collabora now calabre is going to require another subdomain it's going to point to the same server but i am just going to quickly come back to my domain name control panel here and that exact same ip address that is being used for next cloud i'm just going to add another record that'll be calabra.netstreet.com we'll type the ip address in there once again i'll set the time to live to the minimum and we'll save that now so that by the time we get to using it in a few minutes it will have propagated back here in our next cloud server i am going to go to the apps section and we do need to install the collabora client app even though we're doing the server part manually so underneath office and text here we'll look for collabora online and once again we're not doing the built-in code server we're just looking for the one called collabora online i'll click download and enable on that and once that is enabled if we come back to our settings section i can scroll down and find our collabora online page of the settings this is where we'll configure our server of course the server's not set up yet so let's come back to our terminal and do that now we're going to run apt install gnu pg we're going to need gnupg to import the signing key for the collaborate packages once that's been installed i'm going to paste a command here to import the collaborate sign-in key from ubuntu's key server i'm going to paste another command this is going to add the calabra online repository to our sources.list configuration file for apt if you want to just edit this file manually you can do that i'm just using this echo command because it's simpler to copy and paste so now if we run an app update you can see that in addition to our normal debian repositories we will also fetch package lists for collabora and now we can run an apt install we're going to install lolwsd that is the libreoffice online websocket daemon the collabora is based on we're also going to install code brand to pull in the calabra front-end packages and we also want hun spell that is our spell checking program if you don't install that then spell checking will not work we'll run this as you can see we're pulling in all of the different calabra applications as dependencies so we've got writer calc impress we'll let that install we do need to set up a virtual host to act as a proxy for the collaborative server so once again i'm going to copy our etsy apache 2 sites available 0 000 default.com file this time i'll copy it to etsy apache 2 sites available collabora.conf we'll nano into that file down here we do need to set our server name again so that will be collabora.netstreet.com but these server admin and document root lines we're actually just going to delete both of those this time because we don't need to serve any files with this virtual host it's just a reverse proxy that's going to point to our collabora server so we'll save this very empty configuration file and we're going to enable that site collabora we'll reload apache 2 and the reason i'm doing this is because we need to set up ssl for that virtual host and it's easiest to do that when the site is enabled so we'll run certbot dash dash apache again it's going to recognize that we have two different domain names now and we'll hit enter to select all of them it'll ask us if we want to get a separate certificate for collabora or if we just want to expand our initial certificate we'll enter capital e to expand the initial certificate there's no benefit to having two separate certificates for those two domain names so it's going to renew that first certificate but this time it's also going to verify that the server's in control of collabra.netstreet.com and once again we will select the option to set up a redirect the redirect was already set for our next cloud virtual host but now it should also be set for our collabora virtual host now there are a couple of apache modules we need to enable for this reverse proxy setup to work and those are proxy and the sub modules proxy underscore ws tunnel that's websocket tunnel and proxy underscore http we're going to nano into etsy apache 2 sites enabled collabora ssl.conf once again we want to make sure we're editing the 443 virtual host that will get redirected to by apache and inside of here i'm going to paste a large chunk of configuration once again because this would be a lot to type out on video but just to go through this we're going to set some options we don't ever want to show indexes for our collaborate application files collabora requires us to allow encoded slashes in urls and then down here we're just going to set up our proxy so we're going to keep the host when proxying requests so that collabora knows who it's talking to anything that tries to access calabra.nernonthestreet.com low leaflet is going to be proxied to our collaborate server running on a different port we'll do the same thing for our discovery file here anything that accesses that via port 443 will be redirected to port 9980 on this machine the same thing for the capabilities file and down here we will proxy our web sockets so once again this is just a file that will be accessed by our web browser but it's going to be proxied to the websocket that collabora is serving on and there are a couple more websockets a couple more regular http files and that's the entire configuration so all of that information just comes from calabra's own documentation but i'll go ahead and save it and we'll run systemctl restart apache 2 to make all of that configuration take effect i'm also going to nano into etsy [Music] lolwsdlolwsd.xml that is the libreoffice online websocket demon configuration file the first thing i'm going to do is set up this allowed languages line if we come to the end of that line this is a list of languages that the spell checker will use and it's the order that it will prefer them in now if you want to leave all of these enabled but you want to default to english you can just move in us to the front here however as the message here in the description notes if you allow too many languages it does affect performance of calabra particularly when it's loading so since i'm only ever going to want to spell check in u.s english i'm going to delete all the other options from allowed languages here and leave that as the only language enabled next i'm going to do a search for ssl and down here under ssl settings there are a few things we need to do our ssl option here we're going to set that to false now it says here in the description for this one do not disable for production deployment however this is safe to do in our case because this very next option ssl termination we're going to set that to true so what's happening is the data will be encrypted with ssl from the web browser to apache on this server it is going to be unencrypted going from apache to libreoffice online on the server but that unencrypted data is never going on to any network it's not going onto the wire it's staying local on this machine so this is perfectly secure if somebody were to compromise this machine and be able to read that data while it's passing between two different applications on the same box they would be able to access your ssl certificates anyway and they would be able to access the data when it's decrypted at any stage of the process even if we weren't using this termination option and this makes configuration a bit easier when we're doing it this way where we just configure ssl with apache librefs online doesn't need to know where our cert files are key files are so that's how this is going to be set up finally i'm going to do a search for welcome and there is an option here to show a welcome screen every time that collaborate gets updated similar to the next cloud welcome screens i just don't find those collaborate welcome screens very useful it's a document editor people are probably going to know how to use it without having to click through a slideshow so i'll set that to false we'll save that and we'll go ahead and restart lolwsd and finally if i come back to our web browser we can type in https colon collabora.nerdonthestreet.com as the url of our collabora online server i'll click save and you can see it says collabora online server is reachable and we now have a few more advanced options that i'm not going to touch right now if i come back to our files app here we do now have an option to make a new document spreadsheet or presentation and if i make a test document here it's going to ask us if we want to use a template i'll just make a blank document calabra does load fairly quickly with this native package you can see there it didn't load in sections or tiles like it did when we were using docker in my previous video and we can go ahead and type and if i type some gibberish we can see that the spell checker is working so that's great we now have next cloud we have collabora the last thing we're going to do is set up that fancy new high performance backend like i said right now this browser tab is sending a request to the next cloud server every 30 seconds checking for new notifications since i had next cloud also open in a different web browser earlier this tab is also checking every 30 seconds for new notifications so every 15 seconds my web server is having to respond to a request right now even if i just leave these pages open and don't click anything on them that's a lot of continuous load that we don't need so let's set this high performance back end up to do that we're going to browse to the apps section first we'll go down to the tools category and we're looking for one called client push it's a little bit confusing they refer to this application as several different things in different places in the app store right now it's called client push you can see if we follow the link to the documentation the documentation calls it notify push and then their press release calls it high performance backend so at least three different official names for it we're going to click download and enable and it was downloaded there and enabled it is not going to be functioning by default we're going to come back to our terminal i'm going to run sudo uww data php var www next cloud occ notify underscore push colon setup so when we install that app we'll have a new sub command for occ available we're going to use the own cloud console to set up the notify push application and this is going to sort of walk us through the process it's not going to do all the configuration automatically but it will tell us what we need to do so i'm going to press enter here and it's telling us place the following systemd config at at c systemd system notify push dot service so this is the path to a unit file that it wants us to create and it's telling us what needs to go into that unit file i'm going to create a new tab here and i'm going to ssh into the same server root at nextcloud.nernonthestreet.com and i'm going to go ahead and nano into the file it's telling us to create as you can see it's empty right now because it doesn't exist i'll just copy all of this unit configuration so this is just a simple systemd service it's using this to automatically start the rust binary which is this notify push executable it's passing in the path to the next cloud config file for that executable because the executable will actually read our next cloud config so we don't have to configure it separately there are a couple of environment variables that we're setting when we're running that but aside from that nothing else special is going on here we'll just save that file and then like it's telling us to do we will go ahead and enable it with the dash dash now option to also start it at the same time we'll come back over here and press enter to continue and this is going to fail like i said i would expect that this process is going to change because right now it's telling us to do some more configuration i'm not entirely clear on why it doesn't just do this configuration for us we've got three things failing right now it says we're using an unencrypted https for our push server it says our push server url is set to localhost which doesn't sound right and then it also says our push server is not a trusted proxy now this trusted proxy one we're going to fix that and that's also going to fix the other two the reason i'm confused about why this is set up the way that it is is because this is not an apache config option this is just a next cloud config option this is the public ip address of this server which it was able to find automatically and if we nano into var www next cloud config config.php we'll come down to the bottom here and you can see there's a new section called trusted proxies the setup script made this section for us and it knows what needs to go here but it's not going to put it there for us we need to put a new entry here since there's already a zero into one i'll just add a two to this array and i'm going to paste in the public ip address of our server we'll save that and now if we run that notify push setup command again you can see it says everything is functioning properly the next step here it's telling us to enable some proxy modules which we already did for collabora so we don't need to worry about that and it's giving us three lines of configuration that we need to add to our apache configuration now so this once again is going to have to be manual but i'll come over to our other tab again i'll nano into etsy apache 2 sites enabled next cloud le ssl.conf and i'm going to put in those three proxy lines so that our web browser can access the websocket for this rust daemon i'll save that i'll reload apache 2 and we'll come back over here it told us to restart apache 2 and not reload because it was assuming that we wouldn't have those modules enabled by default but if i press enter you can see it now says reverse proxy seems to be set up correctly and configuration saved if i run the whole setup script again it's just going to tell us everything is good to go now so that is it the high performance back-end should be working now if i come back over here to our next cloud server and i navigate to a different page notifications now would come up instantly not waiting for a 30-second interval and our web browser would only be making a poll to the server every five minutes now how do we actually know that that's working well short of making a packet capture and checking how often our web browser is actually checking with the server we can tell that it's working with the logging for the high performance back-end daemon i'm going to run journalctl dash u notify push to view the logs for the notify push unit using systemd and i'm going to pipe that through cat so we don't have to worry about pagination as you can see by default this is not logging very much it's basically only logging when it's starting and stopping we can fix that by changing our logging settings for the high performance backend i'm going to nano back into our unit configuration file etsy systemd system notify push.service i'm going to add a third environment variable here and this is coming straight from the documentation for the notify push application if we pass in an environment variable log equals notify push equals and then the level of logging we want to perform that will tell this binary that it needs to log more there are several different options we could put here we could use info we could use debug i'm going to put trace just to see absolutely everything that could possibly be logged i'm going to save that i'm going to run system ctl daemon reload to read in the change that i made to that service file and then i'm going to run systemctl restart notify underscore push and now if i run my journal ctl command again i'm going to put dash f for follow i'll get rid of the cat there and now as you can see we're going to get logs when web browsers and desktop clients and mobile clients when anything connects to this notification daemon now it might not be a good idea to always have the trace option on because as you can see it just printed out our database password in plain text in the login here and that was a trace log but if i come back to our web browser and i reload this page you can see that when the page loads we're going to make a connection the debug logging is going to show the process of authenticating when a client connects and then we get an info line every time we have a client authenticate and you can also see there we just had another line pop up sending ping to admin so this executable here that is not running through php or apache this is its own program that's running but it is communicating through that apache reverse proxy that we set up with our web browser staying connected so that it can relay notifications when it needs to so that is everything i wanted to show you guys today this is a fully functional next cloud server now it is highly performant for the resources that we're giving it and it's got all of the apps that we want of course you can install more apps through the app store if you want more functionality out of your server i hope this video was helpful to you if it was you can go to nerdclub.nots.com and join the nerd club for just three dollars a month to help me make more videos about linux and open source software like this one for now though that's everything i had to show you so i'm jacob kaufman i'm the nerd in the street and i'll see you guys in the next one bye [Music] you
Info
Channel: Nerd on the Street
Views: 12,260
Rating: undefined out of 5
Keywords: nerdonthestreet, jacob, kauffmann, jacobgkau, Nextcloud, Collabora, high performance backend, high performance, hpb, notify push, client push, push notifications, Rust, install, set up, setup, installation, how to, tutorial, guide, walkthrough, Apache, reverse proxy, high-performance
Id: l_rtgzKRqTU
Channel Id: undefined
Length: 41min 11sec (2471 seconds)
Published: Sun Mar 21 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.