Nextcloud Odroid C2 image

odroid-c2

OdroidC2 image with Nextcloud
Version 171119
new

First download my Nextcloud 12.0.3 image for OdroidC2 from here: NextcloudOC2 (752MB)

The image consists of:

  • Ubuntu 16.04.3 LTS 64 Bit
  • Nginx 1.13.6, ngx_cache_purge enabled
  • Nextcloud 12.0.3 (stable)
    • preview-generation and keeweb apps are tweaked and enabled
    • Nextcloud cronjobs (cron.php and preview-generation) enabled
    • cronjob for a regulary, daily backups enabled
    • several scripts are stored in the /root directory
  • PHP 7.1.11
  • MariaDB (utf8mb4)
  • Redis
  • fail2ban
  • ufw (:80 http // :443 https  // :2211 SSH)
  • letsencrypt
  • openssl 1.1.0g
  • htop
  • cronjobs
  • 1.9 GB on eMMC are in use


Updated: Nov., 19th, 2017:
– amendments to /etc/fstab (NGINX-cache and php-sessions moved to tmpfs)
switched from static ip to dhcp


Plug your eMMC to your Desktop and search for your eMMC via

sudo -s
fdisk -l

At my environment the eMMC is called “/dev/mmcblk0“. Extract the previously downloaded image:

unxz NextcloudOC2v171119.img.xz

Then prepare your eMMC for acting as your server, therefore clone the image to your eMMC:

dd if=NextcloudOC2v171119.img of=/dev/mmcblk0

Wait a few minutes until the prompt will be back again and the card was already written for you. Now unplug the eMMC module from your desktop and plug the card to your ODROID-C2. The ODROID-C2 will be reachable via ssh. Please search for the dhcp adress given by your router.

Examplarily you can connect using ssh as that (substitute 192.168.2.230 to your IP!)

ssh nextcloud@192.168.2.230 -p2211

or, if your monitor and keyboard are plugged in to your Odroid C2, connect directly.

Login as user “nextcloud” using the password “nextcloud“. Please be aware, the user “root” is disabled for security reasons, but nextcloud is a member of the sudoers group. So please use sudo -s to act as a privileged user.

First logon:

user: nextcloud
password: nextcloud

Please consider to change the nextcloud password directly:

sudo passwd nextcloud

Now change from your current dhcp IP to a static IP adress. An example can be found at

cat /etc/network/interfaces.d/eth0.example

Backup your etho and substitute the network values properly

cp  /etc/network/interfaces.d/eth0 /etc/network/interfaces.d/eth0.bak
vi  /etc/network/interfaces.d/eth0

to examplarily these:

auto eth0
iface eth0 inet static
 address 192.168.2.230
 netmask 255.255.255.0
 gateway 192.168.2.1
 dns-nameservers 192.168.2.1

Then reboot your server

shutdown -r now

and re-connect to your server using your new static IP.

The image was written to a ~ 2.7 GB partition. Regardless of whether your eMMC has 8GB, 16GB or more GB your partition will be resized using my two scripts:

sudo -s
/root/01resize.sh

Your server will reboot automatically. Please login again and execute the second script:

sudo -s
/root/02resize.sh

After the last automatic reboot your partition has been expanded to the entire available disk space. Your Nextcloud is already reachable at

https://odroid64/login
(or https://your-ip/login)

Logon to your Nextcloud as Administrator (nextcloud_root)

user: nextcloud_root
password: nextcloud_root 

and change the password directly. Then re-logon to your Nextcloud and have a look at all the pre-enabled apps:

– apporder: 0.4.0
– bruteforcesettings: 1.0.2
– calendar: 1.5.6
– checksum: 0.3.5
– contacts: 2.0.1
– dav: 1.3.0
– federatedfilesharing: 1.2.0
– files: 1.7.2
– files_clipboard: 0.6.4
– files_downloadactivity: 1.1.1
– files_pdfviewer: 1.1.1
– files_sharing: 1.4.0
– files_texteditor: 2.4.1
– files_trashbin: 1.2.0
– files_videoplayer: 1.1.0
– gallery: 17.0.0
– keeweb: 0.4.0
– logreader: 2.0.0
– lookup_server_connector: 1.0.0
– nextcloud_announcements: 1.1
– notes: 2.3.1
– notifications: 2.0.0
– oauth2: 1.0.5
– password_policy: 1.2.2
– previewgenerator: 1.0.7
– provisioning_api: 1.2.0
– serverinfo: 1.2.0
– sharebymail: 1.2.0
– theming: 1.3.0
– twofactor_backupcodes: 1.1.1
– twofactor_totp: 1.3.1
– updatenotification: 1.2.0
– workflowengine: 1.2.0


– two cronjobs (cron.php & preview:pre-generate) for user www-data
– one cronjob for a daily backup for user root

 

If you have a dyndns for your server and your router already forwards port 80 and 443 to your server, you could request ssl-certificates by running

letsencrypt certonly -a webroot --webroot-path=/var/www/letsencrypt --rsa-key-size 4096 -d YOUR.DEDYN.IO

Replace YOUR.DEDYN.IO to your DYNDNS properly!

Adjust the ssl.conf

vi /etc/nginx/ssl.conf

and replace the self-signed certificates to the letsencrypt-certificates

#ssl_certificate /etc/ssl/certs/nextcloud.crt;
#ssl_certificate_key /etc/ssl/certs/nextcloud.key;
ssl_certificate /etc/letsencrypt/live/YOUR.DEDYN.IO/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR.DEDYN.IO/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/YOUR.DEDYN.IO/fullchain.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m;
ssl_session_tickets off; ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!AES128';
ssl_prefer_server_ciphers on; ssl_ecdh_curve secp384r1;
ssl_stapling on;
ssl_stapling_verify on;

Replace YOUR.DEDYN.IO to your DYNDNS properly!

Then amend your config.php

sudo -u www-data vi /var/www/nextcloud/config/config.php

with regards to the trusted domains.

array (
0 => 'odroid64',
1 => 'YOUR.DEDYN.IO',
),

Replace YOUR.DEDYN.IO to your DYNDNS properly!

Then restart nginx

service nginx restart

and your Nextcloud is reachable from outside and has an A+ ranking! From this point you should disable the graphical environment to release hundrets of MB RAM.

sudo -s cp /media/boot/boot.ini /media/boot/boot.ini.bak
vi /media/boot/boot.ini

Set setenv nographics from „0“ to “1”

# Server Mode (aka. No Graphics)
# Setting nographics to 1 will disable all video subsystem
# This mode is ideal of server type usage. (Saves ~300Mb of RAM)
setenv nographics "1"

Reboot your Server and the GUI will be disabled. Only round about 300MB of  1.7 GB available RAM are allocated.

The MariaDB-Root password isn’t set yet. Please perform

mysql_secure_installation

and set a root password as simple as that. If you want to restart all Nextcloud related services in an ordered scenario, just call

sudo /root/restart.sh

and all relevant Services

will be restarted. You will either find other scripts in /root

  • 01resize.sh (for initial usage only)
  • 02resize.sh (for initial usage only)
  • backup.sh (regulary backup, cronjob daily at 00:01)

  • fail2ban.sh (overview of ssh and nextcloud status)
  • permissions.sh (apply all permissions required by Nextcloud)
  • renewal.sh (to renew your letsencrypt-certificates)
  • restart.sh (restart all relevant services)
  • update.sh (update, upgrade and cleaning)

Hope you will enjoy Nextcloud on your OdroidC2!


Carsten Rieger