Table of Contents
BACKUPS
nc-backup-auto
Perform automatic backups. Creates backups of your database and NC directory, packs into compressed tar.gz file.
How to enable
- Navigate to
nc-backup-auto
in the TUI or the WebUI. - Change
ACTIVE
toyes
. - Change
DESTDIR
to a desired location for the backups. - Change
INCLUDEDATA
toyes
(optional), to backup your data as well. - Change
BACKUPDAYS
to the number of days to perform the backup. - Change
BACKUPLIMIT
to the number of backups to be kept. If limit is reached, then the new backup will replace the older one. - Click Run or Start.
nc-backup
Perform a manual backup. Creates a backup of your database and NC directory, packs into compressed tar.gz file.
How to configure
- Navigate to
nc-backup
in the TUI or the WebUI. - Change
DESTDIR
to the desired location you want your backup to be. - Change
INCLUDEDATA
toyes
if you want to include the Nextcloud data to the backup as well. - Change
BACKUPLIMIT
to the number of backups to be kept. If limit is reached, then the new backup will replace the older one. - Click Run or Start.
nc-export-ncp
Export NextCloudPi configuration
Note: This exports only the settings from NCP.
NO NC data, NC database or NC configuration are included.
How to configure
- Create the directory where you want the NCP settings to be saved.
- Set export directory path.
- Click “Apply”
nc-import-ncp
Import NextCloudPi configuration
Note: This imports only the settings from NCP.
NO NC data, NC database or NC configuration are included
How to configure
- Set import file name and path.
- Click “Apply”
nc-restore
Restore a previously backuped Nextcloud instance.
If the data
folder of Nextcloud was not included in the backup: After restoring, edit /var/www/nextcloud/config/config.php and point your Nextcloud instance to the path where the data is. After that run nc-scan to make Nextcloud aware of the new files.
file: config.php
...
'datadirectory' => '//ncdata',
...
'logfile' => '//ncdata/nextcloud.log',
...
nc-rsync
To get the rsync connection between the ncp and a backup-server working you need to establish two main steps:
- The backup-server needs to have a user. This user needs diskspace, the permission for ssh-autologin and the right to use rsync.
- On your ncp, root needs to be allowed to ssh-autologin to the user of the backup-server.
Step 1:
Please check what you need to do on your server side. In case you use a Synology NAS (DiskStation, RackStation), you need to enable ssh (“Control Panel”, “Terminal & SNMP”), give the user – which you use to backup the data – administration access (“Control Panel”, “User”), and enable Rsync (“Control Panel”, “File Sharing”, “File Services”).
https://github.com/Pant/nextcloudpi-readthedocs/blob/master/docs/Configure/.md
Step 2:
- Login to your ncp on the terminal
- change to the root account (sudo -s)
- go to the home directory of the root (cd ~)
- follow these steps to create the auto-login for the root user: http://linuxproblem.org/art_9.html (a: root user, A: the IP of the ncp, b: user at the backup-server, B: IP of the backup server)
- make sure that ssh-access works for the root user to the backup-server
After these steps you should be able to backup your data with rsync between the ncp and the backup-server. Test this with the following command:
rsync -e 'ssh -p 22' -av /home/pi/ b@B:/path/to/your/backup/
If this works check the following next command:
rsync -e 'ssh -p 22' -aAv /home/pi/ b@B:/path/to/your/backup/
If this also works (“A” means ACL-support) then you are fine. If this gives and error message (“ACL not supported on server”) then you need to either enable ACL-support on the backup-server-side or you need to tweak the ncp-script in: “/usr/local/etc/ncp-config.d/nc-rsync.sh” and “/usr/local/etc/ncp-config.d/nc-rsync-auto.sh” and remove the “A”-option in the rsync-command of the script (this counts for ncp version 0.64.2, the ACL option might be dropped in later versions, please check).
nc-rsync-auto
See comments on nc-rsync. This lets you automatically schedule the rsync process every SYNCDAY.
nc-snapshot-auto
Automatic btrfs snapshots
See How to backup and restore using nc-snapshot
nc-snapshot-sync
Automatic btrfs snapshots sync to external drive or location
nc-snapshot
Manual btrfs snapshots
nc-snapshot-restore
Manual restore a btrfs snapshot (coming shortly with upcoming update from current 1.6.3)
CONFIG
nc-admin
View or (re)set password for user ncp, the adminstrator of Nextcloud web interface.
nc-database
Enable if you want to change the Nextcloud database location (e.x. to a usb drive).
Note that non Unix filesystems such as NTFS are not supported because they do not provide a compatible user/permissions system.
You need to use a USB drive that is permanently on and is responsive or the database will fail.
If it ever fails with a white page, move the database back to the SD
How to configure
- Navigate to
nc-database
in the TUI or the WebUI.- Change
DBDIR
to your database location.- Click Run or Start.
nc-datadir
Change the
data
folder location of Nextcloud.Note that non Unix filesystems such as NTFS are not supported because they do not provide a compatible user/permissions system
How to configure
- Navigate to
nc-datadir
in the TUI or the WebUI.- Change
DATADIR
to your data location.- Click Run or Start.
nc-httpsonly
Force secure connection using HTTPS.
How to enable
- Navigate to
nc-httpsonly
in the TUI or the WebUI.- Change
ACTIVE
toyes
.- Click Run or Start.
nc-init
(Re)initiate Nextcloud to a clean configuration. Your configuration, users and data will be lost. Make a backup before proceding.
nc-limits
Configure system limits for NextCloudPi.
Note that
MAXFILESIZE
can be at maximum2G
for now, due to limitation of 32bit php.How to configure
- Navigate to
nc-limits
in the TUI or the WebUI.- Change
MAXFILESIZE
to the desired maximum file size (<=2G).- Change
MEMORYLIMIT
to the memory limit you want (default=768M).- Click Run or Start.
nc-nextcloud
Download and install a specific Nextcloud version. This destroys any existing instance. You need to run nc-init after completing nc-nextcloud, to take care of setting up database and cron jobs.
nc-notify-updates
Get notified for updates (Pending or Installed) through the Nextcloud notification system.
How to enable
- Navigate to
nc-notify-updates
in the TUI or the WebUI.- Change
ACTIVE
toyes
.- Change
USER
to the user you want to be notified (default=admin).- Click Run or Start.
nc-passwd
View or (re)set password for admin user ncp for NCP-web at localhost:4443
nc-prettyURL
Set pretty URLs (no index.php in URL)
nc-scan-auto
Periodically scan NC for externally modified files
Set the time in minutes in Scan Interval.>> If there are too many files this can greatly affect performance. <<<
How to enable
- Navigate to
nc-scan-auto
in the TUI or the WebUI.- Change
ACTIVE
toyes
.- Set RECURSIVE to yes (to scan all subfolders recursively).
- Set NONEXTERNAL to no (to not ignore external files).
- Set
SCANINTERVAL
to the interval (in minutes) you want to scan.- Set PATH to folders to scan
- Click Run or Start.
nc-trusted-domains
Manually add trusted domains
Note that this is normally not needed, as NCP will do this automatically for you in most cases
nc-webui
Enable or disable the WebUI.
How to enable
- Navigate to
nc-webui
in the TUI or the WebUI. - Change
ACTIVE
toyes
.
NETWORKING
NFS
Configure a NFS network file system server. This is a lightweight way to mount your cloud files through LAN in a Linux computer.
SSH
Activate/deactivate
In order to enable SSH, the password for user pi can not remain set to the default raspberry.
You HAVE to create a NEW password for pi if you want this program to enable SSH, it will fail if you dont!
Note: Use normal AlphaNumeric, the only special characters allowed are .,@-_/
- Navigate to
SSH
in the TUI or the WebUI. - Change
ACTIVE
toyes
. - Change the password.
- Confirm new password.
- Click Run or Start.
dnsmasq
This is a DNS server that you might need in case you cannot access you cloud from inside your house by the external URL, such as mycloud.freeDNS.org. This depends on wether your router supports NAT loopback.
See this post for details.
duckDNS
Free Dynamic DNS provider (need account from https://duckdns.org)
freeDNS
FreeDNS client.
Most home users do not have a static IP but rather a dynamic IP that changes from time to time. in order for you to be able to access your Nextcloud instance, from outside of your house, without typing an IP address you need a DDNS service which tracks IP changes and updates the DNS records.
You need to register an account on FreeDNS and setup a (sub)Domain Name.
How to activate
Run the TUI (ncp-config
) or use the WebUI.
Log in to freedns.afraid.com and click “Dynamic DNS”. Right click on “Direct URL” next to your record. Paste it in a text editor and select only the hash (the letters after the “?”).
- Navigate to
DDNS_freeDNS
in the TUI or the WebUI. - Change
ACTIVE
toyes
- Change the
UPDATEHASH
with yours (delete the example and paste with ctrl+shift+V) - Change
DOMAIN
with your Domain Name you have registered. - (Optional) Change the
UPDATEINTERVAL
to the interval time you want the client to update your IP (Dynamic IPs do not change that often so you can leave the default (5mins)). - Click Run or Start.
letsencrypt
In order to trust a connection to a website and send your user name and password, you need a SSL certificate. The SSL certificate ensures that the communication is encrypted, so everything you send can only be viewed by the server and not someone who impersonates him. By default NextCloudPi provides a self signed SSL certificate in order to encrypt your communication but it is strongly recomended that you use a certificate from a certificate authority. The NextCloudPi can run the Let’s Encrypt client which gets a certificate from https://letsencrypt.org for your (sub)Domain Name. NextCloudPi also configures the web server to use it and renews the certificate once a month.
Configure
- Navigate to
letsencrypt
in the TUI or the WebUI. - Change the
DOMAIN
with your (sub)Domain Name. - Change the
EMAIL
with your Email address. (It is recomended to use a valid Email address) - Click Run or Start.
nc-forward-ports
NextCloudPi has implemented a UPnP client to be able to configure the Router to port forward to your Raspberry Pi.
Requirements
You need to enable UPnP on your Router. Also disable it after you configure port forwarding.
How to configure
- Navigate to
nc-forward-ports
in the TUI or the WebUI. - Set the ports your Nextcloud runs on. (It is recomended that you use the defaults)
- Click Run or Start.
nc-static-IP
Set up a static IP address
Static IP (ACTIVE=yes), or DHCP (ACTIVE=no)
no-ip
Use the DDNS (Dynamic DNS) service by noip.com.
Run the TUI (ncp-config
) or use the WebUI.
- Navigate to
no-ip
in the TUI or the WebUI. - Change
ACTIVE
toyes
. - Change
USER
with your user name. - Change
PASS
with your password. - Change
DOMAIN
with your (sub)Domain Name. - Change
TIME
with the interval time you want to update the DNS record. Default 30mins. - Click Run or Start.
samba
Configure SMB/CIFS file server (for Mac/Linux/Windows)
If we intend to modify the data folder through SAMBA, then we have to synchronize NextCloud to make it aware of the changes.
This can be done manually or automatically using [nc-scan
][nc-scan] and [nc-scan-auto
][nc-scan-auto] fromnextcloudpi-config
How to configure
- Navigate to
samba
in the TUI or the WebUI.- Change
ACTIVE
toyes
.- Change
NCUSER
to your Nextcloud User (default=admin).- Change
USER
to the NextCloudPi User (default=pi).- Change
PWD
to the NextCloudPi User’s Password.- Click Run or Start.
spDYN
Free Dynamic DNS provider (need account from spdyn.de)
SECURITY
UFW
Uncomplicated Firewall, program for managing a netfilter firewall
Beware of blocking the SSH port you are using! SSH uses port 22 by default, ports 80 and 443 are for the webserver
fail2ban
As soon as your NextClouPi is connected to the internet it might get attacked. Most attacks are probably automated attacks by botnets or scripts trying to break into your System by simply using standard username/password combinations like admin/admin. fail2ban scans your webserver logs (which can be found under /var/log/apache2/error.log) for failed login attempts. If there are to many failed attempts (default is 6 failed attempts within 10 minutes) fail2ban will ban the attacker’s IP address for a certain amount of time (default is 10 minutes). If you activate mail alerts you will receive emails when fail2ban locks out certain IP addresses.
NextCloudPi uses fail2ban to secure Nextcloud logins as well as SSH logins.
How to activate
Run the TUI (ncp-config
) or use the WebUI.
- Change
ACTIVE
toyes
- Change (optional)
BANTIME
(in seconds, default: 600 = 10 minutes) to change the duration of a ban for a certain IP address after too many failed login attempts. - Change (optional)
FINDTIME
(in seconds, default: 600 = 10 minutes) to change the time slot in which failed login attempts are counted and the IP address gets banned. - Change (optional)
MAXRETRY
(default: 6 attempts) to change the number of failed login attempts that trigger an IP address ban. - Change (optional)
EMAIL
with your personal email to receive ban notifications. - Change (optional)
MAILALERTS
to activate/deactivate email notifications. - Click Run (WebUI) or Start (TUI)
modsecurity
Web Application Firewall for extra security (experimental)
This is a really strong layer of security that makes sure that even if there is a vulnerability in Nextcloud code, it will be blocked by modsecurity in most cases.
The downside is that it can break some Apps, so disable it if something doesn’t work for you. Tested with the most common Apps.
Learn more here
nc-audit
Perform a security audit with lynis and debsecan
SYSTEM
nc-automount
Enable this feature if you want your device to automount USB drives.
How to enable
- Navigate to
nc-automount
in the TUI or the WebUI. - Change
ACTIVE
to yes. - Click Run or Start.
IMPORTANT
The order of the “automount” is by the label (alphabetical order).
Example of backup disk label: “zBackup”
“”WARNING If you want add a second drive later, make sure you have added a LABEL to the first and all other drives to be mounted when formating, as they will then be mounted at /media/LABEL instead of /media/USBdrive”” (alphabetical order). /media/USBdrive is a symbolic link generated on the fly by nc-automount, pointing to /media/zBackup. This is why when you add a drive later without having set LABEL’s, your data drive may turn up under /media/USBdrve1 while NC’s config.php is pointing to /media/USBdrive .
nc-hdd-monitor
Monitor HDD health automatically
nc-hdd-test
Check HDD health
Running no test will display test results
nc-ramlogs
Enable mounting logs in RAM to prevent SD degradation (faster, consumes more RAM)
How to restore
- Navigate to
nc-ramlogs
in the TUI or the WebUI. - Change
ACTIVE
toyes
. - Click Run or Start.
nc-swapfile
Change the location and the size of the swap file.
How to configure
- Navigate to
nc-swapfile
in the TUI or the WebUI. - Change
SWAPFILE
to the location you want the new swap file to be. - Change
SWAPSIZE
to the desired size of the swap file (default=1024). - Click Run or Start.
nc-zram
Enable compressed RAM to improve swap performance
TOOLS
nc-fix-permissions
Fix permissions for NC data files, in case they were copied externally
nc-format-USB
Do this if you want to format your USB Drive and make it compatible with linux user/permissions system
Make sure that ONLY the USB drive that you want to format is plugged in.
Be careful, this will destroy ALL data in the USB drive
YOU WILL LOSE ALL YOUR USB DATA
How to run
- Navigate to
nc-format-USB
in the TUI or the WebUI.- Change
LABEL
to a label you like.- Click Run or Start.
nc-maintenance
Turn on or off maintenance mode.
Open maintenance mode (ACTIVE=yes), or close maintenance mode (ACTIVE=no)nc-previews
Generate previews for the gallery
This will make browsing the gallery much more smooth.
For big collections, this can take a LONG time, depending on your hardwarenc-scan
Perform a Nextcloud scan for user files.
How to run
- Navigate to
nc-scan
in the TUI or the WebUI.How to run
- Navigate to
nc-update
in the TUI or the WebUI.
Updates (…..more on updates)
nc-autoupdate-nc
Automatically update Nextcloud.
nc-autoupdate-ncp
Automatically update NextCloudPi.
How to enable
- Navigate to
nc-autoupdate-ncp
in the TUI or the WebUI. - Change
ACTIVE
toyes
. - Change the user to be notified when new updates are installed (default=admin).
- Click Run or Start.
nc-notify-updates
Enable or disable update notifications.
nc-update-nc-apps-auto
Periodically update all installed Nextcloud Apps
nc-update-nc-apps
Update all installed Nextcloud Apps
nc-update-nextcloud
Update current instance to a new Nextcloud version
Set to 0 to update to the latest available version
nc-update
Perform a manual update of NextClouPi.
unattended-upgrades
Enable Automatic installation of security updates to keep your cloud safe.
How to enable
- Navigate to
unattended-upgrades
in the TUI or the WebUI. - Change
ACTIVE
toyes
. - Change
AUTOREBOOT
toyes
if you want your Raspberry Pi to reboot automatically in order to apply updates (optional). - Click Run or Start.
Configuration Reference Document Version
April 29th 2019 up to date with v.1.11.2
November 2nd 2020 | NCPv1.30.0 | NC19.0.4