mirror of
https://git.42l.fr/neil/sncf.git
synced 2024-05-01 13:42:45 +02:00
Ajouter 'Manually setup Nextcloud'
neil
commit
f42cb56ecf
132
Manually-setup-Nextcloud.md
Normal file
132
Manually-setup-Nextcloud.md
Normal file
|
|
@ -0,0 +1,132 @@
|
|||
Here's the process I followed to configure forms.42l.fr in production from a local development instance. It took me two hours. Sorry if the tutorial is not very clean – feel free to improve it.
|
||||
|
||||
There is currently no automatic configuration method. If you have the courage, feel free to develop one.
|
||||
|
||||
Note: This process has been followed on Nextcloud 19.0.1 with Nextcloud Forms 2.0.3 and sncf 1.0.0. Some details might not be exactly the same depending on the version and it might break things, or not. Feel free to ask advice if needed. Good luck.
|
||||
|
||||
|
||||
1. Pre-configuration
|
||||
- [reverse-proxy only] Route your public-facing (sub-)domain to your future Nextcloud instance address. This is temporary: once it'll be fully configured, it should route to sncf instead.
|
||||
- [reverse-proxy only] Set up basic-auth as long as your instance isn't fully configured.
|
||||
- [reverse-proxy only] Do NOT route `/.well-known/caldav` and `/.well-known/carddav` as indicated in Nextcloud tutorial. This is not necessary for our usage.
|
||||
- Set up your database (create an user and a database for Nextcloud).
|
||||
|
||||
2. Install Nextcloud WITHOUT the default apps.
|
||||
- Use PostgreSQL or MariaDB as database for best performance.
|
||||
- Even if the login form won't be public-facing in the end, choose a strong admin password.
|
||||
- [reverse-proxy only] Set-up the trusted-proxies configuration parameter as per the Nextcloud documentation.
|
||||
3. Login as admin.
|
||||
- Delete all your files (from the trash, too.)
|
||||
- In Settings -> Administration -> Overview tab, there should only be two warnings about carddav and caldav. If there are more, fix them.
|
||||
4. Manage applications.
|
||||
- Remove or disable the following apps:
|
||||
- Accessibility
|
||||
- Activity
|
||||
- Brute-force settings
|
||||
- Collaborative tags
|
||||
- Comments
|
||||
- Contacts Interaction
|
||||
- Deleted files
|
||||
- Federation
|
||||
- File sharing
|
||||
- First run wizard
|
||||
- Log Reader
|
||||
- Monitoring
|
||||
- Nextcloud announcements
|
||||
- Notifications
|
||||
- Password policy
|
||||
- PDF viewer
|
||||
- Photos
|
||||
- Privacy
|
||||
- Recommendations
|
||||
- Right click
|
||||
- Share by mail
|
||||
- Support
|
||||
- Text
|
||||
- Update notification
|
||||
- Usage survey
|
||||
- Versions
|
||||
- Video player
|
||||
- Install and enable the following apps:
|
||||
- Forms
|
||||
- AppOrder
|
||||
- Custom CSS
|
||||
- Theming (should be already enabled).
|
||||
- At the time of Nextcloud 19.0.1, those four applications should be the only ones activated on your instance.
|
||||
5. In Users (`/settings/users`):
|
||||
- In the Settings (bottom-left) menu, set the default quota to 0B (as a precautionary measure).
|
||||
6. Some more little tweaks left! Go to Settings.
|
||||
- Administration -> Sharing
|
||||
- Disable "Allow resharing"
|
||||
- Disable "Allow sharing with groups"
|
||||
- Disable "Allow username autocompletion in share dialog"
|
||||
- Uncheck all checkboxes in "Federated Cloud Sharing" section
|
||||
- Administration -> Groupware
|
||||
- Uncheck all
|
||||
- Administration -> App order
|
||||
- Uncheck Files.
|
||||
- Sort Forms first.
|
||||
- Check "Force the default order for all users".
|
||||
- Administration -> Theming
|
||||
- Set the name, web link, slogan, logo and color you want (default color for 42l Forms is `#1C65EF`)
|
||||
- Set the legal notice and privacy policy link.
|
||||
- Set the favicon if you want.
|
||||
- Custom CSS section: add the following hackish code:
|
||||
|
||||
```css
|
||||
#contactsmenu {
|
||||
display: none !important;
|
||||
}
|
||||
|
||||
#settings {
|
||||
display:none !important;
|
||||
}
|
||||
|
||||
.app-sidebar-tabs__content > ul:nth-child(2) {
|
||||
display:none !important;
|
||||
}
|
||||
|
||||
.app-sidebar-tabs__content > ul:nth-child(4) > li:nth-child(1) {
|
||||
display:none !important;
|
||||
}
|
||||
|
||||
.app-sidebar-tabs__content > ul:nth-child(4) > li:nth-child(2) {
|
||||
display:none !important;
|
||||
}
|
||||
```
|
||||
|
||||
⚠️ This will hide the user menu from your interface to provide a better end-user experience (the routes will be restricted anyway). If you need to re-enable your icons for some time, go to `http://your-instance-url/settings/user`, then Theming section again, then comment out this CSS code and save. Note that this will affect all users. If you don't want that, tweak your own CSS.
|
||||
|
||||
|
||||
7. You're almost done. Open Nextcloud's config file `config/config.php`.
|
||||
- Consider adding `'simpleSignUpLink.shown' => false` to remove Nextcloud's recommendation (which doesn't match this Forms service at all).
|
||||
- Add `'defaultapp' => 'apporder'` to redirect users to the Forms app upon login.
|
||||
|
||||
Now your Nextcloud instance should be ready. Let's move on to sncf.
|
||||
|
||||
8. Copy `config.toml.sample` to `config.toml` and edit it.
|
||||
- If you're at this step, you should be able to configure most of it yourself.
|
||||
- `sncf_url` is your public-facing (sub-)domain.
|
||||
- `nextcloud_url` is the (supposedly) local IP address of your Nextcloud instance, preceeded by the protocol (probably `http://`).
|
||||
- `admin_username` and `admin_password` are plaintext credentials for the admin acount you just created.
|
||||
- You are advised to enable `debug_mode` at least during the first days in production. The debug mode won't slow down sncf, but will help you to understand when something's wrong by printing a *lot* of data to stdout.
|
||||
|
||||
9. Compile (`cargo run --release`) and run sncf.
|
||||
- [reverse-proxy only] Route your public-facing address to sncf instead of Nextcloud.
|
||||
- [reverse-proxy only] [optional] You might want to set up direct access to Nextcloud without going through sncf, for technical purposes. You can do that on a secret port or route (not `/admin/`, though). Be sure to strenghten this access (at least with basic auth) to avoid transforming it into a backdoor for evil people.
|
||||
|
||||
10. Open a browser in private navigation mode.
|
||||
- Try accessing `https://<sncf_url>/`. It should display the main page.
|
||||
- Try accessing `https://<sncf_url>/link`. It should generate an administration link. If you're already logged in – as admin – it will directly redirect you to Forms. So please try in private navigation mode.
|
||||
- Try accessing your administration link. It should redirect you to Forms.
|
||||
- Try creating a form and sharing it with peers. Enjoy.
|
||||
- If one of those steps fail, check the error message from sncf and try fixing the problem. Check if your version of sncf is compatible with Nextcloud's and Nextcloud Forms'.
|
||||
- If you think it's a bug, please file an issue with all the debug log, configuration, environment setup and error messages you can.
|
||||
|
||||
11. **Important**: Configure a fail2ban instance.
|
||||
- There is currently no built-in rate-limiter or protection mechanism for `/link` and `/admin/{admin_token}` pages. This is being discussed in #8 and #9.
|
||||
- One request to `/link` without cookie means **one created account on Nextcloud**.
|
||||
- To lower the risk of getting DoS'd, you should restrict those two routes to a few access per day and per IP.
|
||||
- You can try 5 requests to `/link` per 48h and 12 requests to `/admin/{admin_token}` per 24h. If it's too restrictive, adjust it.
|
||||
|
||||
12. [reverse-proxy only] When you're good to go, remove the basic auth from your configuration to let people in.
|
||||
Loading…
Reference in a new issue