Compare commits
3 Commits
2822ab8a2f
...
9510d10139
| Author | SHA1 | Date | |
|---|---|---|---|
9510d10139
|
|||
|
da387f0f2b
|
|||
|
2ee73798a0
|
24
caddy-webserver.service
Normal file
24
caddy-webserver.service
Normal file
@@ -0,0 +1,24 @@
|
||||
[Unit]
|
||||
Description=Caddy webserver
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
User=caddy
|
||||
Group=caddy
|
||||
ExecStartPre=/usr/bin/caddy validate --config /srv/www/Caddyfile
|
||||
ExecStart=/usr/bin/caddy start --config /srv/www/Caddyfile
|
||||
ExecReload=/usr/bin/caddy reload --config /srv/www/Caddyfile
|
||||
ExecStop=/usr/bin/caddy stop
|
||||
TimeoutStopSec=5s
|
||||
LimitNOFILE=1048576
|
||||
LimitNPROC=512
|
||||
PrivateTmp=true
|
||||
ProtectHome=full
|
||||
ProtectSystem=full
|
||||
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
||||
#RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
85
nextcloud-snap-caddy-setup.md
Normal file
85
nextcloud-snap-caddy-setup.md
Normal file
@@ -0,0 +1,85 @@
|
||||
1. Install snapd & a web server (caddy in this guide)
|
||||
|
||||
```
|
||||
sudo apt update && sudo apt install --yes snapd caddy
|
||||
```
|
||||
|
||||
|
||||
2. Start snapd systemd unit
|
||||
|
||||
```
|
||||
sudo systemctl start snapd
|
||||
```
|
||||
|
||||
|
||||
3. Install Nextcloud snap
|
||||
|
||||
```
|
||||
sudo snap install nextcloud
|
||||
```
|
||||
|
||||
|
||||
4. Initialize Nextcloud snap and create admin account
|
||||
|
||||
```
|
||||
sudo /snap/bin/nextcloud.manual-install USER PASSWORD
|
||||
```
|
||||
|
||||
|
||||
5. Set trusted domains in Nextcloud
|
||||
|
||||
```
|
||||
sudo /snap/bin/nextcloud.occ config:system:set trusted_domains NUMBER --value=DOMAIN
|
||||
```
|
||||
|
||||
|
||||
6. Set Nextcloud HTTP & HTTPS ports to 8080 & 4443
|
||||
|
||||
```
|
||||
sudo snap set nextcloud ports.http=8080
|
||||
```
|
||||
|
||||
```
|
||||
sudo snap set nextcloud ports.https=4443
|
||||
```
|
||||
|
||||
|
||||
7. Create (or add to) a Caddyfile to reverse proxy to Nextcloud
|
||||
|
||||
```
|
||||
nano /path/to/Caddyfile
|
||||
```
|
||||
|
||||
```
|
||||
DOMAIN {
|
||||
reverse_proxy localhost:8080
|
||||
|
||||
rewrite /.well-known/carddav /remote.php/dav
|
||||
rewrite /.well-known/caldav /remote.php/dav
|
||||
rewrite /.well-known/webfinger /public.php?service=webfinger
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
8. Stop Caddy systemd service & change Caddyfile path
|
||||
|
||||
```
|
||||
sudo systemctl stop caddy
|
||||
```
|
||||
|
||||
```
|
||||
cat /usr/lib/systemd/system/caddy,service | \
|
||||
sed "s|/etc/caddy/Caddyfile|/path/to/Caddyfile|g" | \
|
||||
sudo tee /usr/lib/systemd/system/caddy.service &> /dev/null
|
||||
```
|
||||
|
||||
|
||||
9. Reload systemd daemon and restart Caddy
|
||||
|
||||
```
|
||||
sudo systemctl daemon-reload
|
||||
```
|
||||
|
||||
```
|
||||
sudo systemctl start caddy
|
||||
```
|
||||
3
sshd_lockdown.conf
Normal file
3
sshd_lockdown.conf
Normal file
@@ -0,0 +1,3 @@
|
||||
PermitRootLogin no
|
||||
PasswordAuthentication no
|
||||
PermitEmptyPasswords no
|
||||
Reference in New Issue
Block a user