Nextcloud and forum

Hello. I tested you panel a little bit and it looks great! Thanks for the panel guys.

Now I’m going to install Nextcloud and Forum on 1 server, but different domains and I have a few questions to you:

  1. How to add nginx web templates and if the will be working? I can show your 2 of them

    upstream php-handler {
    #server 127.0.0.1:9000;
    server unix:/var/run/php/php7.4-fpm.sock;
    }

         server {
             listen 80;
             listen [::]:80;
             server_name cloud.hakase-labs.io;
             # enforce https
             return 301 https://$server_name:443$request_uri;
         }
    
         server {
             listen 443 ssl http2;
             listen [::]:443 ssl http2;
             server_name cloud.hakase-labs.io;
    
             # Use Mozilla's guidelines for SSL/TLS settings
             # https://mozilla.github.io/server-side-tls/ssl-config-generator/
             # NOTE: some settings below might be redundant
             ssl_certificate /etc/letsencrypt/live/cloud.hakase-labs.io/fullchain.pem;
             ssl_certificate_key /etc/letsencrypt/live/cloud.hakase-labs.io/privkey.pem;
    
             # Add headers to serve security related headers
             # Before enabling Strict-Transport-Security headers please read into this
             # topic first.
             #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
             #
             # WARNING: Only add the preload option once you read about
             # the consequences in https://hstspreload.org/. This option
             # will add the domain to a hardcoded list that is shipped
             # in all major browsers and getting removed from this list
             # could take several months.
             add_header Referrer-Policy "no-referrer" always;
             add_header X-Content-Type-Options "nosniff" always;
             add_header X-Download-Options "noopen" always;
             add_header X-Frame-Options "SAMEORIGIN" always;
             add_header X-Permitted-Cross-Domain-Policies "none" always;
             add_header X-Robots-Tag "none" always;
             add_header X-XSS-Protection "1; mode=block" always;
    
             # Remove X-Powered-By, which is an information leak
             fastcgi_hide_header X-Powered-By;
    
             # Path to the root of your installation
             root /var/www/nextcloud;
    
             location = /robots.txt {
                 allow all;
                 log_not_found off;
                 access_log off;
             }
    
             # The following 2 rules are only needed for the user_webfinger app.
             # Uncomment it if you're planning to use this app.
             #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
             #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
    
             # The following rule is only needed for the Social app.
             # Uncomment it if you're planning to use this app.
             #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
    
             location = /.well-known/carddav {
               return 301 $scheme://$host:$server_port/remote.php/dav;
             }
             location = /.well-known/caldav {
               return 301 $scheme://$host:$server_port/remote.php/dav;
             }
    
             # set max upload size
             client_max_body_size 512M;
             fastcgi_buffers 64 4K;
    
             # Enable gzip but do not remove ETag headers
             gzip on;
             gzip_vary on;
             gzip_comp_level 4;
             gzip_min_length 256;
             gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
             gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
    
             # Uncomment if your server is build with the ngx_pagespeed module
             # This module is currently not supported.
             #pagespeed off;
    
             location / {
                 rewrite ^ /index.php;
             }
    
             location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
                 deny all;
             }
             location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
                 deny all;
             }
    
             location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
                 fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
                 set $path_info $fastcgi_path_info;
                 try_files $fastcgi_script_name =404;
                 include fastcgi_params;
                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                 fastcgi_param PATH_INFO $path_info;
                 fastcgi_param HTTPS on;
                 # Avoid sending the security headers twice
                 fastcgi_param modHeadersAvailable true;
                 # Enable pretty urls
                 fastcgi_param front_controller_active true;
                 fastcgi_pass php-handler;
                 fastcgi_intercept_errors on;
                 fastcgi_request_buffering off;
             }
    
             location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
                 try_files $uri/ =404;
                 index index.php;
             }
    
             # Adding the cache control header for js, css and map files
             # Make sure it is BELOW the PHP block
             location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
                 try_files $uri /index.php$request_uri;
                 add_header Cache-Control "public, max-age=15778463";
                 # Add headers to serve security related headers (It is intended to
                 # have those duplicated to the ones above)
                 # Before enabling Strict-Transport-Security headers please read into
                 # this topic first.
                 #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
                 #
                 # WARNING: Only add the preload option once you read about
                 # the consequences in https://hstspreload.org/. This option
                 # will add the domain to a hardcoded list that is shipped
                 # in all major browsers and getting removed from this list
                 # could take several months.
                 add_header Referrer-Policy "no-referrer" always;
                 add_header X-Content-Type-Options "nosniff" always;
                 add_header X-Download-Options "noopen" always;
                 add_header X-Frame-Options "SAMEORIGIN" always;
                 add_header X-Permitted-Cross-Domain-Policies "none" always;
                 add_header X-Robots-Tag "none" always;
                 add_header X-XSS-Protection "1; mode=block" always;
    
                 # Optional: Don't log access to assets
                 access_log off;
             }
    
             location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
                 try_files $uri /index.php$request_uri;
                 # Optional: Don't log access to other assets
                 access_log off;
             }
         }
    

and this one

server {

  # SSL configuration

  listen 443 ssl http2;

  listen [::]:443 ssl http2;

  ssl_certificate         /etc/ssl/certs/cert.pem;
  ssl_certificate_key     /etc/ssl/private/key.pem;

  server_name dname.de www.dname.de;

  root /var/www/forumv;
  index index.php;


  location ~* /\.git { deny all; return 403; }
  location /build/ { deny all; return 403; }
  location /cache/ { deny all; return 403; }
  location /cgi-bin/ { deny all; return 403; }
  location /uploads/import/ { deny all; return 403; }
  location /conf/ { deny all; return 403; }
  location /tests/ { deny all; return 403; }
  location /vendor/ { deny all; return 403; }

  location ~* ^/index\.php(/|$) {
    include snippets/fastcgi-php.conf;
    fastcgi_param SCRIPT_NAME /index.php;
    fastcgi_param SCRIPT_FILENAME $realpath_root/index.php;
    fastcgi_param X_REWRITE 1;
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
  }

  location ~* \.php(/|$) {
    rewrite ^ /index.php$uri last;
  }

  location / {
    try_files $uri $uri/ @forumv;
  }

  location @forumv {
    rewrite ^ /index.php$uri last;
  }
}
  1. How to set hestiacp for doing backups at 02:00 am everyday? I look in /etc/crontab but there’s nothing.
  2. How to disable php7.3 at all? Looks like there’s no opportunity for that in hestiacp?
    hi

Thank you!

Just made a backup and it seems like it overwrites the older backup. Any idea how to fix it?

Have a look at and do a copy of the default one, so you can adjust it to your requirements: V1.1.0 Templates - Where are they now?

crontab -e -u admin or in backend on crontabs

that’s a question for @lupu but probaly you’ve still somewhere set php-7.3 as default in the server settings, that’s why it’s greyed out.

Increase the max amount of backups under user -> packages.

2 Likes

These 2 commands helped me:

        update-alternatives --set php /usr/bin/php7.4
        systemctl restart nginx

I just thought it should have changed by hestiacp, after installing php7.4 :slight_smile: sorry my bad

Thanks for the answers! Helped me a lot.

php 7.3 is the default version and cannot be removed. phpmyadmin, roundcube are running on 7.3 too

3 Likes

Yes, looks like that, just checked it. Roundcube doesn’t work so I’ll go back to 7.3 on the server :slight_smile:

1 Like

For Backups check ‘default’ package in “Users” -> “Packages” and set how many backups to keep, default is 1

2 Likes

Spent 2 days but still can’t solve this problem with templates… I tried to created templates, when I failed I tried to just change that default configuration in /etc/nginx/conf.d/domains/vanilla.conf and /nextcloud.conf but failed as well… Very hard. I like your panel guys, it’s almost perfect for me, exept those templates and nginx confs. Maybe someone help me here? At least to fix confs in /etc/nginx/conf.d/domains/

I’m giving you originals, but as well might give you my drafts of those conf
https://justpaste.it/51yo1 - Vanilla
https://justpaste.it/2zri8 - Nextcloud

And I also forgot to say, when I add these lines to confs

ssl_certificate /root/ssl/certs/cert.pem;
ssl_certificate_key /root/ssl/private/key.pem;

Even the panel stop working. Dunno why, because my panel kind of separated and has vps. subdomain
It’s 15 year certificate from Cloudflare which works perfectly without panel

ssl_certificate /root/ssl/certs/cert.pem;
ssl_certificate_key /root/ssl/private/key.pem;

are inaccessible by default user Nginx is running on

Default location is /usr/local/hestia/data/users/username/ssl/

I use also the 15 year certificate without any issue and I know other users use also. It should be no issue…

For my set up I used the “/edit/domain/” page with out a issue and created a “custom” config by self. Default templates are also working

2 Likes

sox I tried to run that forum too, but yeah there were always errors in nginx conf. I asked on a freelance site to help me, but a few guys took my tasks, but in a few hours they said that they need to install these panel and refused. Even tho I had the simpliest vanilla.conf than you. Looking at your nextcloud.conf I’m in shock, it’s not so easy to fit this code to nginx.conf, you need to know about the panel and how it works, don’t miss with things. So only the hestia developers can help you, not regular users. Wait for their answers if they have time.

1 Like

I don’t see any issues why it shouldn’t work.

If I check the default example they provide it will not work as it is… How ever with minimal changes it should work

http://docs.hestiacp.com/admin_docs/server_management.html#how-do-templates-work

  1. Go to the /usr/local/hestia/data/templates/web/nginx/php-fpm/

En make a copy from the default.tpl / default.stpl to nextcloud.(s)tpl

nextcloud.tpl can be replaced with

server {
     listen      %ip%:%web_port%;
     server_name %domain_idn% %alias_idn%;
     # enforce https
     return 301 https://$server_name:443$request_uri;
 }

It will just recognise the domain and force to load ssl

For nextcloud.stpl

server {
    listen      %ip%:%web_ssl_port% ssl http2;
    server_name %domain_idn% %alias_idn%;
    root        %sdocroot%;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/%domain%.log combined;
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
    error_log   /var/log/nginx/domains/%domain%.error.log error;

    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
    ssl_stapling on;
    ssl_stapling_verify on;

    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
    
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;
    fastcgi_hide_header X-Powered-By;
    
    location = /robots.txt {
             allow all;
             log_not_found off;
             access_log off;
         }

             # The following 2 rules are only needed for the user_webfinger app.
         # Uncomment it if you're planning to use this app.
         #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
         #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

         # The following rule is only needed for the Social app.
         # Uncomment it if you're planning to use this app.
         #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;

         location = /.well-known/carddav {
           return 301 $scheme://$host:$server_port/remote.php/dav;
         }
         location = /.well-known/caldav {
           return 301 $scheme://$host:$server_port/remote.php/dav;
         }

         # set max upload size
         client_max_body_size 512M;
         fastcgi_buffers 64 4K;

         # Enable gzip but do not remove ETag headers
         gzip on;
         gzip_vary on;
         gzip_comp_level 4;
         gzip_min_length 256;
         gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
         gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

         # Uncomment if your server is build with the ngx_pagespeed module
         # This module is currently not supported.
         #pagespeed off;

         location / {
             rewrite ^ /index.php;
         }
    
 location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
             deny all;
         }
         location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
             deny all;
         }

         location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
             fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
             set $path_info $fastcgi_path_info;
             try_files $fastcgi_script_name =404;
             include fastcgi_params;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             fastcgi_param PATH_INFO $path_info;
             fastcgi_param HTTPS on;
             # Avoid sending the security headers twice
             fastcgi_param modHeadersAvailable true;
             # Enable pretty urls
             fastcgi_param front_controller_active true;
             fastcgi_pass    %backend_lsnr%;
             fastcgi_intercept_errors on;
             fastcgi_request_buffering off;
         }

         location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
             try_files $uri/ =404;
             index index.php;
         }

         # Adding the cache control header for js, css and map files
         # Make sure it is BELOW the PHP block
         location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
             try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463";
             # Add headers to serve security related headers (It is intended to
             # have those duplicated to the ones above)
             # Before enabling Strict-Transport-Security headers please read into
             # this topic first.
             #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
             #
             # WARNING: Only add the preload option once you read about
             # the consequences in https://hstspreload.org/. This option
             # will add the domain to a hardcoded list that is shipped
             # in all major browsers and getting removed from this list
             # could take several months.
             add_header Referrer-Policy "no-referrer" always;
             add_header X-Content-Type-Options "nosniff" always;
             add_header X-Download-Options "noopen" always;
             add_header X-Frame-Options "SAMEORIGIN" always;
             add_header X-Permitted-Cross-Domain-Policies "none" always;
             add_header X-Robots-Tag "none" always;
             add_header X-XSS-Protection "1; mode=block" always;

             # Optional: Don't log access to assets
             access_log off;
         }

         location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
             try_files $uri /index.php$request_uri;
             # Optional: Don't log access to other assets
             access_log off;
         }
     }

This could work fine but hasn’t been tested yet…

For vanilla some thing similar needs to be done…

3 Likes

Thank you sir. I’ll check it out today and write here if it’s okay or not. Much appreciate!

2 Likes

Didn’t create nexеcloud templates, just changeg the default ones.
default.tpl as you said I replaces with

server {
     listen      %ip%:%web_port%;
     server_name %domain_idn% %alias_idn%;
     # enforce https
     return 301 https://$server_name:443$request_uri;
 }

And default.stpl with the second one. Everything was fine util I filled up the starting page with database, login and password. It started installing things and I saw it in htop but then the main page broken.

1 Like

Owncloud template didn’t fit as well :slight_smile:

1 Like

Check the error log of the domain and see what is going wrong
Only thing you can do…

1 Like

Also do not edit any default templates, you need to copy them, otherwise they get overwritten during a update.

2 Likes
[email protected]:~# nginx -t
nginx: [emerg] "fastcgi_busy_buffers_size" must be less than the size of all "fa                                                                             stcgi_buffers" minus one buffer in /etc/nginx/nginx.conf:148
nginx: configuration file /etc/nginx/nginx.conf test failed

148? It’s only }

there’s also this one in php7.4 error.log
[13-Jun-2020 15:27:50] WARNING: [pool domain.com] server reached max_children setting (8), consider raising it

Please if it’s possible in the next version add nextcloud template, it’s way popular than owncloud :slight_smile:

1 Like

I’ll consider it, thanks

1 Like

try to look for fastcgi_buffers in nginx.conf and increase it.

in :/usr/local/hestia/data/templates/web/php-fpm/

Create a copy of your current version and increase the max children and rebuild the user…

The owncloud.tpl comes from vesta original. Personally I don’t like to ship Hestia with 1001 different templates maybe we need to look for a way that is easier to maintain and install all the templates…

1 Like

Man just find a good programmer that can add nextcloud and vanilla templates to this beatiful panel or wait until the devs add it the next version. Yeah I know it’s hard to wait but what can you do.

And I agree that nextcloud and popular forums templates should be added. Personally I hope to help with vanilla soon.