novpn

Security Researcher | InfoSec | Lover of Automated Things

Navigation
 » Home
 » About Me
 » Github
 » XML Feed

Guide to Install Nextcloud on Synology NAS

25 Sep 2016 » Tutorial

Disclaimer: If on the rare occasion you do corrupt your computer/NAS or any data on it do keep in mind it is not my fault. I didn’t force you to implement any commands. As a result I am not liable for any damages that may occur.

From Dropbox to Google Drive there are TONS of different “cloud” based backup/sync platforms out there. But do you trust all those 3rd parties with your personal private data just out there?

Now, let’s get down and dirty on installing a fresh version of Nextcloud on our Synology server! At the time of this writing the following is the versions of hardware/software/firmware I’ll be using in this tutorial.

  • Synology 12 Bay DS2415+
  • Synology DSM 6.0.2-8451 Update 1 ( 2016/09/01 )
  • Nextcloud 10.0.0
  • PHP 5.6

Creating the Nextcloud Volume


This first step is creating the “Nextcloud” volume within the Synology Storage Manager.

Go to Storage Manager > Volume > Create

Create new volume

Depending on how you setup your RAID configuration your prefrences may differ. In my case I’ll be setting mine up in the following format.

  • Choose a mode : Custom
  • Choose a action: Multiple Vomlumes on RAID
  • Create or select a Disk Group: Disk Group 1 ( Choose whatever disk group your want your Nextcloud server on )
  • Select a file system : Btrfs
  • Allocate volume capacity : 500 ( Enter the amount of storage you will want to assign for Nextcloud )
  • Edit description : Nextcloud ( Name the volume )
  • Confirm settings : Apply

After that is completed you should now see your volume available within the Storage Manager

New volume

Installing Web Station


Now with our newly created Nextcloud volume let’s go ahead and install the “Web Station” application and create a virtual host within the volume.

Click on your Package Center and on the left hand column select the “Utilities” category. Scroll down just a bit and you find the “Web Station” application.

Web Station

Now click “Install” and select the following options.

  • Select a destination volume to install the package : Volume 3 ( Please select the Nextcloud volume you created in previous step. )
  • Confirm settings : Apply

Note: Some users had issues where Web Station share folder did not install in the proper defined volume location. To change this/verify go to Control Panel > Shared Folder. From there select the “web” folder that Web Station automatically creates and click “Edit”. From there you can now assign that folder to the proper volume.

Now that the Web Station application has been installed on your Nextcloud volume lets browse over to the volumes folder. Open up File Station and on the left hand side you should see a folder called “web”. Inside that folder create a new folder called “nextcloud” as so.

Nextcloud Folder

Now that we have the application installed, and folder created let’s now take a look at the PHP settings within the “Web Station” application.

Go to Web Station > PHP Settings and check “Customize PHP open_basedir” and add the following to the end. ( Be sure to add your proper volume number! )

:/dev/urandom:/volume3/nextcloud

phpdirbase

Installing Nextcloud


In the browser of your choice head on over to https://nextcloud.com/install/. You will need to download the Nextcloud server image

Download Nextcloud

Once you have extracted the zip folder place all content withing the nextcloud archive within your /web/nextcloud folder on the synology. You can transfer your files via FTP/Web/Explorer/etc. Folder Structure

We will also need to create a nextcloud folder outside of the web folder ( this will be used for the data ). Head over to Control Panel > Shared Folder and create a new folder called “nextcloud”

Create nextcloud folder

Setting Folder Permissions


Once both of those folders have been created and nextcloud files have been placed into your /web/nextcloud directory on your Synology we now need to change permissions.

We will now need to SSH into the Synology server. First off ensure SSH is enabled on the Synology server by going to Control Panel > Terminal & SNMP and make sure “Enable SSH service” is checked.

Enable SSH

Once we have made sure of SSH being enabled we now can SSH into the box. If using Windows you can download PuTTY, or use windows bash. Linux already comes with ssh installed so no need to worry. Once inside escalate your privilages to root using sudo su from there change into your directory, create the bash script, change permissions to run script, then execute.

Terminal Commands

Here is the bash script I used to change the permissions. ( Remember to change the volume number or directory name to whatever you made yours! )

#!/bin/bash
chown -R http:http /volume3/web/nextcloud/
chown -R http:http /volume3/web/nextcloud/apps/
chown -R http:http /volume3/web/nextcloud/config/
chown -R http:http /volume3/web/nextcloud/themes/
chown -R http:http /volume3/nextcloud/
chown http:http /volume3/web/nextcloud/.htaccess
find /volume3/web/nextcloud/ -type f -print0 | xargs -0 chmod 777
find /volume3/web/nextcloud/ -type d -print0 | xargs -0 chmod 777
find /volume3/nextcloud/ -type d -print0 | xargs -0 chmod 777
chmod 777 /volume3/web/nextcloud/.htaccess

Don’t flip out just yet… I know what your thinking 777!!! We change this later on.

Virtual host & Database Setup


Head back on over to Web Station and under “Virtual Host” tab click create a new host, and setup as the following. ( Be sure to use your document root )

Virtual host setup

Now that we have the Virual host setup we now lastly need a database to store our lovely bits.

Open up “Package Center” and under “Utilities” tab scroll until you find “MariaDB” and Install. Once install has finished open up MariaDB from your main menu and change the default password ( blank ) and volume location if needed. MariaDB

Setting up Nextcloud


Point your browser to your Nextcloud server virtual host https://YOUR.SYNOLOGY.IP.ADDRESS/nextcloud and now you should see a Nextcloud setup page!

Nextcloud welcome

Now enter in your details accordingly…

Nextcloud welcome

Security Hardening


The first bash script we created weakened the security on the Nextcloud making folder and files readable, writable, and executable to EVERYONE. Let’s make a few tweaks now to change those permissions back.

Always refer to the documentation to setup your cloud server https://docs.nextcloud.com/server/9/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions

Below is a bash script I’ll use to configure my directory permissions. Please setup your Synology permissions to your likings.

#!/bin/bash
mkdir -p /volume3/web/nextcloud/assets
find /volume3/web/nextcloud -type f -print0 | xargs -0 chmod 0640
find /volume3/nextcloud -type f -print0 | xargs -0 chmod 0640
find /volume3/web/nextcloud -type d -print0 | xargs -0 chmod 0750
find /volume3/nextcloud -type d -print0 | xargs -0 chmod 0750
chown -R root:http /volume3/web/nextcloud
chown -R http:http /volume3/web/nextcloud/apps/
chown -R http:http /volume3/web/nextcloud/assets/
chown -R http:http /volume3/web/nextcloud/config/
chown -R http:http /volume3/web/nextcloud/data/
chown -R http:http /volume3/web/nextcloud/themes/
chown -R http:http /volume3/web/nextcloud/updater/
chmod +x /volume3/web/nextcloud/occ
chown root:http /volume3/web/nextcloud/.htaccess
chown root:http /volume3/nextcloud/.htaccess
chown http:http /volume3/web/nextcloud/.user.ini

NOTE: The above script sets strong permissions that will prevent upgrading your Nextcloud server. When you need to upgrade your Nextcloud server use the following command below, then after upgrade is successful re-run the above script to re-harden. Also, the last line in the above script is changing ownership so you are able to change your Max upload file limit within the browser. If you do not want this simply delete it from the script.

chown -R http:http /volume3/web/nextcloud

Encryption is always an important feature to have especially if it’s private data you may have on your own cloud server. On the top right hand corner of your Nextcloud page click the down arrow and click “Admin”. On the left hand side you should see a tab called “Encryption” once on the page checkmark the “Enable server-side encryption” and click “Enable encryption”.

You will come up with a message saying “No encryption module loaded…”. Add the encryption module by going to your “Apps” page.

Apps page

On the left hand side click “Not enabled” and scroll until you find “Defualt encryption module” and enable.

Enable encryption

Now head back to Admin > Encryption and make sure the Default encryption module button is filled. You will now get a pop up saying “Encryption app is enabled but…” Just sign out and sign back in and head on over back to the encryption page and make sure everything looks fine!

And BAM we are finally done setting up our Nextcloud server on our Synology! Enjoy your cloud server remember to check for updates when they release! Hope everything was smooth and thank you for reading!