From 4bd5f729c5599cedf006ee54971ddd066008b6d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomislav=20Kopi=C4=87?= Date: Sat, 10 Feb 2024 11:01:32 +0100 Subject: [PATCH] Added the configs --- config/nextcloud/config | 36 +++++++++++ config/nextcloud/wrapper | 6 ++ config/nginx/nextcloud | 99 +++++++++++++++++++++++++++++++ config/nginx/nginx.conf | 75 +++++++++++++++++++++++ config/php/99-nextcloud.ini | 25 ++++++++ config/php/cloud.conf | 30 ++++++++++ config/redis/redis.conf | 55 +++++++++++++++++ config/udev/60-io-scheduler.rules | 7 +++ config/udev/65-disk-power.rules | 1 + 9 files changed, 334 insertions(+) create mode 100644 config/nextcloud/config create mode 100644 config/nextcloud/wrapper create mode 100644 config/nginx/nextcloud create mode 100644 config/nginx/nginx.conf create mode 100644 config/php/99-nextcloud.ini create mode 100644 config/php/cloud.conf create mode 100644 config/redis/redis.conf create mode 100644 config/udev/60-io-scheduler.rules create mode 100644 config/udev/65-disk-power.rules diff --git a/config/nextcloud/config b/config/nextcloud/config new file mode 100644 index 0000000..6ff0fd2 --- /dev/null +++ b/config/nextcloud/config @@ -0,0 +1,36 @@ + 'dbpersistent' => true, + 'default_phone_region' => 'GB', + 'jpeg_quality' => '60', + 'enable_previews' => true, + 'enabledPreviewProviders' => [ + 'OC\Preview\BMP', + 'OC\Preview\GIF', + 'OC\Preview\JPEG', + 'OC\Preview\SVG', + 'OC\Preview\MarkDown', + 'OC\Preview\MP3', + 'OC\Preview\Movie', + 'OC\Preview\PNG', + 'OC\Preview\TXT', + 'OC\Preview\XBitmap', + ], + 'preview_max_x' => '1000', + 'preview_max_y' => '1000', + 'preview_max_scale_factor' => 10, + 'preview_concurrency_all' => 3, + 'preview_concurrency_new' => 1, + 'preview_max_memory' => 128, + 'loglevel' => 4, + 'logfile' => '/var/log/nextcloud.log', + 'memcache.local' => '\OC\Memcache\APCu', + 'memcache.locking' => '\OC\Memcache\Redis', + 'redis' => [ + 'host' => '/run/redis/redis-server.sock', + 'port' => 0, + 'dbindex' => 1, + 'timeout' => 2, + ], + 'tempdirectory' => '/nextcloud/data/tmp/', + 'filelocking.enabled' => true, + 'session_relaxed_expiry' => false, +); diff --git a/config/nextcloud/wrapper b/config/nextcloud/wrapper new file mode 100644 index 0000000..991d286 --- /dev/null +++ b/config/nextcloud/wrapper @@ -0,0 +1,6 @@ +#!/bin/bash +if [[ $USER == "nextcloud" ]]; then + php --define apc.enable_cli=1 /nextcloud/occ $@ +else + sudo -u nextcloud php --define apc.enable_cli=1 /nextcloud/occ $@ +fi diff --git a/config/nginx/nextcloud b/config/nginx/nextcloud new file mode 100644 index 0000000..4b98e2b --- /dev/null +++ b/config/nginx/nextcloud @@ -0,0 +1,99 @@ +map $arg_v $asset_immutable { + "" ""; + default "immutable"; +} + +server { + + listen 80; + server_name _; + + root /nextcloud/; + sendfile on; + + client_max_body_size 4096M; + client_body_timeout 900s; + + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header Strict-Transport-Security "15552000" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; + fastcgi_hide_header X-Powered-By; + + index index.php index.html /index.php$request_uri; + + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ^~ /.well-known { + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + return 301 /index.php$request_uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + location ~ \.php(?:$|/) { + + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + set $path_info $fastcgi_path_info; + + try_files $fastcgi_script_name =404; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass unix:///run/php/cloudMain.sock; + fastcgi_read_timeout 300s; + fastcgi_intercept_errors on; + + } + + location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463, $asset_immutable"; + access_log off; # Optional: Don't log access to assets + + location ~ \.wasm$ { + default_type application/wasm; + } + } + + location ~ \.woff2?$ { + try_files $uri /index.php$request_uri; + expires 7d; + access_log off; + } + + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; + } + +} diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf new file mode 100644 index 0000000..1431f1d --- /dev/null +++ b/config/nginx/nginx.conf @@ -0,0 +1,75 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + use epoll; + worker_connections 768; + multi_accept off; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + sendfile_max_chunk 512k; + types_hash_max_size 2048; + server_tokens off; + keepalive_timeout 120s; + proxy_buffering on; + proxy_request_buffering off; + proxy_store off; + proxy_cache off; + proxy_max_temp_file_size 0; + proxy_buffers 16 16k; + proxy_buffer_size 16k; + proxy_busy_buffers_size 64k; + fastcgi_buffering on; + fastcgi_request_buffering off; + fastcgi_buffers 16 16K; + fastcgi_busy_buffers_size 64k; + fastcgi_buffer_size 16k; + fastcgi_max_temp_file_size 0; + client_body_buffer_size 4M; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log off; + error_log /var/log/nginx/error.log; + + gzip on; + gzip_vary on; + gzip_comp_level 3; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + diff --git a/config/php/99-nextcloud.ini b/config/php/99-nextcloud.ini new file mode 100644 index 0000000..2403e5f --- /dev/null +++ b/config/php/99-nextcloud.ini @@ -0,0 +1,25 @@ +[PostgresSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = 100 +pgsql.max_links = 100 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 + +[opcache] +opcache.enable=1 +opcache.memory_consumption=64 +opcache.interned_strings_buffer=8 +opcache.max_accelerated_files=16229 +opcache.revalidate_freq=900 +opcache.fast_shutdown=1 +opcache.enable_cli=1 +opcache.revalidate_path=0 +opcache.save_comments=1 +opcache.enable_file_override=1 +opcache.jit = 1255 +opcache.jit_buffer_size = 128M + +[APCu] +apc.shm_segments = 1 +apc.shm_size = 128M diff --git a/config/php/cloud.conf b/config/php/cloud.conf new file mode 100644 index 0000000..22aff17 --- /dev/null +++ b/config/php/cloud.conf @@ -0,0 +1,30 @@ +[nextcloud] + +listen = /run/php/cloudMain.sock +listen.owner = nextcloud +listen.group = www-data +listen.mode = 0660 + +user = nextcloud +group = www-data + +pm = ondemand +pm.max_children = PHPTHR +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 2 +pm.max_requests = 1000 +pm.process_idle_timeout = 180s + +chdir = / + +env[HOSTNAME] = $HOSTNAME +env[TMP] = /tmp/ +env[TMPDIR] = /tmp/ +env[TEMP] = /tmp/ +env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +php_admin_value[upload_tmp_dir] = /nextcloud/data/tmp/ +php_admin_value[memory_limit] = MEMLIM +php_admin_value[upload_max_filesize] = 4096M +php_admin_value[session.save_handler] = redis +php_admin_value[session.save_path] = unix:///run/redis/redis-server.sock diff --git a/config/redis/redis.conf b/config/redis/redis.conf new file mode 100644 index 0000000..81ddc2c --- /dev/null +++ b/config/redis/redis.conf @@ -0,0 +1,55 @@ +bind 127.0.0.1 ::1 +protected-mode yes +port 0 +tcp-backlog 511 +unixsocket /run/redis/redis-server.sock +unixsocketperm 770 +timeout 0 +tcp-keepalive 300 +daemonize yes +supervised no +pidfile /var/run/redis/redis-server.pid +loglevel warning +logfile /var/log/redis/redis-server.log +databases 4 +always-show-logo no +save 900 1 +save 300 10 +save 60 10000 +stop-writes-on-bgsave-error yes +rdbcompression yes +rdbchecksum yes +dbfilename dump.rdb +rdb-del-sync-files no +dir /var/lib/redis +acllog-max-len 128 +maxmemory 16m +maxmemory-policy allkeys-lru +lazyfree-lazy-eviction no +lazyfree-lazy-expire no +lazyfree-lazy-server-del no +replica-lazy-flush no +lazyfree-lazy-user-del no +oom-score-adj no +oom-score-adj-values 0 200 800 +appendonly no +slowlog-log-slower-than 10000 +slowlog-max-len 128 +latency-monitor-threshold 0 +hash-max-ziplist-entries 512 +hash-max-ziplist-value 64 +list-max-ziplist-size -2 +list-compress-depth 0 +set-max-intset-entries 512 +zset-max-ziplist-entries 128 +zset-max-ziplist-value 64 +hll-sparse-max-bytes 3000 +activerehashing yes +client-output-buffer-limit normal 0 0 0 +client-output-buffer-limit replica 256mb 64mb 60 +client-output-buffer-limit pubsub 32mb 8mb 60 +hz 10 +dynamic-hz yes +aof-rewrite-incremental-fsync yes +rdb-save-incremental-fsync yes +jemalloc-bg-thread yes diff --git a/config/udev/60-io-scheduler.rules b/config/udev/60-io-scheduler.rules new file mode 100644 index 0000000..d7e6025 --- /dev/null +++ b/config/udev/60-io-scheduler.rules @@ -0,0 +1,7 @@ +# set scheduler for NVMe +ACTION=="add|change", KERNEL=="nvme[0-9]*", ATTR{queue/scheduler}="none" +# set scheduler for SSD and eMMC +ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="kyber" +ACTION=="add|change", KERNEL=="mmcblk[0-9]*", ATTR{queue/scheduler}="kyber" +# set scheduler for rotating disks +ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="1", ATTR{queue/scheduler}="bfq" diff --git a/config/udev/65-disk-power.rules b/config/udev/65-disk-power.rules new file mode 100644 index 0000000..f7e5621 --- /dev/null +++ b/config/udev/65-disk-power.rules @@ -0,0 +1 @@ +ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="1", RUN+="/sbin/hdparm -B 127 -S 60 $env{DEVNAME}"