From 098028cdac22b74e5e52e9a1833e41d25f0a0f45 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 14:29:50 -0400 Subject: [PATCH 01/41] New var nextcloud_allow_public_ips --- roles/nextcloud/templates/nextcloud.conf.j2 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2 index a2bd40edc..0ab229424 100644 --- a/roles/nextcloud/templates/nextcloud.conf.j2 +++ b/roles/nextcloud/templates/nextcloud.conf.j2 @@ -8,10 +8,13 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud # Apache 2.4 # http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html Require host localhost +{% if nextcloud_allow_public_ips %} # PERMIT ACCESS FROM ALL IPv4 ADDRESSES: Require all granted - # WANT BASIC SECURITY BASED ON IPv4 ADDRESSES? THEN USE THIS LINE INSTEAD: - #Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10 +{% else %} + # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY: + Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10 +{% endif %} # AVOID THIS LINE WHICH CAUSES PROBLEMS IN SCHOOLS WITH 192.168.1.x etc: #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0 From ad08f6ed18b376660e0cec918318107a6860e560 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 14:30:57 -0400 Subject: [PATCH 02/41] nextcloud_allow_public_ips: False --- roles/nextcloud/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 4ee862f2b..f97dc3f67 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -1,5 +1,6 @@ # nextcloud_install: False # nextcloud_enabled: False +# nextcloud_allow_public_ips: False # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! From 1d6236fe22181c612089cce33f804ba4de02e0e8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 15:09:58 -0400 Subject: [PATCH 03/41] Update README.md --- roles/nextcloud/README.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index acb294e04..ed703071e 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -1,14 +1,22 @@ # Nextcloud +Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own Internet-in-a-Box. + This Ansible playbook was derived from an earlier ownCloud playbook thanks to [Josh Dennis](https://github.com/floydianslips) in 2016/2017. -Login to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using: +### Using It + +Administrators verify that Nextcloud is installed on your Internet-in-a-Box (check [/etc/iiab/local_vars.yml](http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F)) and then log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using: Username: Admin Password: changeme +### Future Directions + Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below? -- https://github.com/nextcloud/nextcloudpi -- https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ - https://ownyourbits.com/nextcloudpi/ +- https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ +- https://github.com/nextcloud/nextcloudpi + +Please [contact us](http://internet-in-a-box.org/pages/contributing.html) if you can help! From 7421bdbde1aa7e175e652db208aeb4ff89f1e964 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 15:10:41 -0400 Subject: [PATCH 04/41] Update main.yml --- roles/nextcloud/defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index f97dc3f67..c80e3f80d 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -1,6 +1,9 @@ # nextcloud_install: False # nextcloud_enabled: False + # nextcloud_allow_public_ips: False +# To further refine Nextcloud access controls based on IPv4 addresses, see: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! From 61b536c095590cdd67dfd2b5bcae672d18cda72d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 15:11:20 -0400 Subject: [PATCH 05/41] Update local_vars_min.yml --- vars/local_vars_min.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index d92dab28c..4ef840455 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -220,8 +220,12 @@ mosquitto_enabled: False nodered_install: False nodered_enabled: False +# Store your docs, calendar, contacts & photos on your local server not cloud! nextcloud_install: False nextcloud_enabled: False +nextcloud_allow_public_ips: False +# To further refine Nextcloud access controls based on IPv4 addresses, see: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x From 416f989320817b52778c24184bcb62584bca720f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 15:11:27 -0400 Subject: [PATCH 06/41] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index c5b5d42c5..dd54ae01e 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -220,8 +220,12 @@ mosquitto_enabled: False nodered_install: False nodered_enabled: False -nextcloud_install: True -nextcloud_enabled: True +# Store your docs, calendar, contacts & photos on your local server not cloud! +nextcloud_install: False +nextcloud_enabled: False +nextcloud_allow_public_ips: False +# To further refine Nextcloud access controls based on IPv4 addresses, see: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x From c0e77c79dc7c7cd8756dd1e70f1bddb5cfce8bf5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 15:12:26 -0400 Subject: [PATCH 07/41] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index dd54ae01e..32f7b7eab 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -221,8 +221,8 @@ nodered_install: False nodered_enabled: False # Store your docs, calendar, contacts & photos on your local server not cloud! -nextcloud_install: False -nextcloud_enabled: False +nextcloud_install: True +nextcloud_enabled: True nextcloud_allow_public_ips: False # To further refine Nextcloud access controls based on IPv4 addresses, see: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2 From 1e82f91c98b164802b4476580703d7c348dd473e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 15:12:36 -0400 Subject: [PATCH 08/41] Update local_vars_big.yml --- vars/local_vars_big.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 45101b7ed..971fd83cd 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -220,8 +220,12 @@ mosquitto_enabled: True nodered_install: True nodered_enabled: True +# Store your docs, calendar, contacts & photos on your local server not cloud! nextcloud_install: True nextcloud_enabled: True +nextcloud_allow_public_ips: False +# To further refine Nextcloud access controls based on IPv4 addresses, see: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x From 1f48938b98b8f814efaaebe3db850a23ebfaae57 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 15:17:03 -0400 Subject: [PATCH 09/41] Update default_vars.yml --- vars/default_vars.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4a11785b7..435e0a989 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -344,8 +344,12 @@ nodered_enabled: False nodered_port: 1880 nodered_web_path: nodered +# Store your docs, calendar, contacts & photos on your local server not cloud! nextcloud_install: False nextcloud_enabled: False +nextcloud_allow_public_ips: False +# To further refine Nextcloud access controls based on IPv4 addresses, see: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x From 785c73d1bcbe982a240fc30141eef85f54da4d7d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 15:41:49 -0400 Subject: [PATCH 10/41] Show IP options in /etc/apache2/sites-available/nextcloud.conf --- roles/nextcloud/templates/nextcloud.conf.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2 index 0ab229424..f3f717a63 100644 --- a/roles/nextcloud/templates/nextcloud.conf.j2 +++ b/roles/nextcloud/templates/nextcloud.conf.j2 @@ -11,7 +11,11 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud {% if nextcloud_allow_public_ips %} # PERMIT ACCESS FROM ALL IPv4 ADDRESSES: Require all granted + # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY: + #Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10 {% else %} + # PERMIT ACCESS FROM ALL IPv4 ADDRESSES: + #Require all granted # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY: Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10 {% endif %} From c52c4e9705290f1fcd967b2ad40bb15bc13d2963 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 16:02:07 -0400 Subject: [PATCH 11/41] Generalize+explain LAN-side 172.18.96.1/255.255.224.0 --- roles/nextcloud/templates/nextcloud.conf.j2 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2 index f3f717a63..ef80b4b59 100644 --- a/roles/nextcloud/templates/nextcloud.conf.j2 +++ b/roles/nextcloud/templates/nextcloud.conf.j2 @@ -12,14 +12,15 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud # PERMIT ACCESS FROM ALL IPv4 ADDRESSES: Require all granted # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY: - #Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10 + #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10 {% else %} # PERMIT ACCESS FROM ALL IPv4 ADDRESSES: #Require all granted # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY: - Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10 + Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10 {% endif %} - # AVOID THIS LINE WHICH CAUSES PROBLEMS IN SCHOOLS WITH 192.168.1.x etc: +{# Reminder that {{ lan_ip }}/{{ lan_netmask }} is 172.18.96.1/255.255.224.0 #} + # AVOID THIS LINE AS IT OVERLY RESTRICTS SCHOOLS W/ 192.168.1.x, 10.x.y.z: #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0 From b0b496f6eb84d92764e49db7d7a2ee49de0e5efd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 16:18:52 -0400 Subject: [PATCH 12/41] overwrite.cli.url issue in /opt/nextcloud/config/config.php --- roles/nextcloud/tasks/enable_or_disable.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/tasks/enable_or_disable.yml b/roles/nextcloud/tasks/enable_or_disable.yml index bd829222d..f97c51e12 100644 --- a/roles/nextcloud/tasks/enable_or_disable.yml +++ b/roles/nextcloud/tasks/enable_or_disable.yml @@ -100,8 +100,8 @@ # become_user: "{{ apache_user }}" # when: nextcloud_enabled and returned_count == "0" -# 2019-09-04: THE NEXT 5 LINES ARE INEFFECTIVE AND LIKELY USELESS -- name: Remove overwrite.cli.url line (Rewrite URL) from /opt/nextcloud/config/config.php +# 2019-09-04: NEXT 5 LINES APPEAR INEFFECTIVE DURING 1ST INSTALL? (possibly "overwrite.cli.url" appears later, when web install's completed using http://box/nextcloud ?) +- name: Try to remove overwrite.cli.url line (Rewrite URL) from /opt/nextcloud/config/config.php lineinfile: regexp: "overwrite.cli.url" state: absent From 4a16ea4e7a63cb0d21f9830d34ff1c3a77f6bb7b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 16:22:23 -0400 Subject: [PATCH 13/41] Update enable_or_disable.yml --- roles/nextcloud/tasks/enable_or_disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/enable_or_disable.yml b/roles/nextcloud/tasks/enable_or_disable.yml index f97c51e12..ff753abf9 100644 --- a/roles/nextcloud/tasks/enable_or_disable.yml +++ b/roles/nextcloud/tasks/enable_or_disable.yml @@ -100,7 +100,7 @@ # become_user: "{{ apache_user }}" # when: nextcloud_enabled and returned_count == "0" -# 2019-09-04: NEXT 5 LINES APPEAR INEFFECTIVE DURING 1ST INSTALL? (possibly "overwrite.cli.url" appears later, when web install's completed using http://box/nextcloud ?) +# 2019-09-04: NEXT 5 LINES APPEAR INEFFECTIVE DURING 1ST INSTALL? (possibly "overwrite.cli.url" appears later, when Nextcloud's web install completes using http://box/nextcloud ?) - name: Try to remove overwrite.cli.url line (Rewrite URL) from /opt/nextcloud/config/config.php lineinfile: regexp: "overwrite.cli.url" From 1a6f3b52b6bad2350a02c7e07d7fd434128517a9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 17:01:20 -0400 Subject: [PATCH 14/41] Update nextcloud.conf.j2 --- roles/nextcloud/templates/nextcloud.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2 index ef80b4b59..2d0f43e41 100644 --- a/roles/nextcloud/templates/nextcloud.conf.j2 +++ b/roles/nextcloud/templates/nextcloud.conf.j2 @@ -1,3 +1,5 @@ +# Ansible template that becomes /etc/apache2/sites-available/nextcloud.conf + Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud From 92d453a7c3d8be1ccc76c1fbfad34911527a9bba Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 17:49:20 -0400 Subject: [PATCH 15/41] Mark+deprecate ancient code for future removal? --- roles/nextcloud/templates/nextcloud.conf.j2 | 62 +++++++++++---------- 1 file changed, 34 insertions(+), 28 deletions(-) diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2 index 2d0f43e41..6a575d0a1 100644 --- a/roles/nextcloud/templates/nextcloud.conf.j2 +++ b/roles/nextcloud/templates/nextcloud.conf.j2 @@ -3,7 +3,10 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud - Options -Indexes + # 2019-09-04 commenting out towards future removal + #Options -Indexes + + Options +FollowSymlinks AllowOverride All @@ -25,31 +28,34 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud # AVOID THIS LINE AS IT OVERLY RESTRICTS SCHOOLS W/ 192.168.1.x, 10.x.y.z: #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0 - - # Apache 2.2 - Order Deny,Allow - Deny from all - Allow from 127.0.0.1 - Allow from ::1 - - - ErrorDocument 404 /core/templates/404.php - - - php_value upload_max_filesize 512M - php_value post_max_size 512M - php_value memory_limit 512M - php_value mbstring.func_overload 0 - - - SetEnv htaccessWorking true - - - ModPagespeed Off - - - RewriteEngine on - RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last] - RewriteRule ^\.well-known/carddav /remote.php/carddav/ [R] - RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R] + + # 2019-09-04 commenting out towards future removal + # + ## Apache 2.2 + #Order Deny,Allow + #Deny from all + #Allow from 127.0.0.1 + #Allow from ::1 + # + # + #ErrorDocument 404 /core/templates/404.php + # + # 2019-09-04 commenting out towards future removal + # + #php_value upload_max_filesize 512M + #php_value post_max_size 512M + #php_value memory_limit 512M + #php_value mbstring.func_overload 0 + # + # + #SetEnv htaccessWorking true + # + # + #ModPagespeed Off + # + # + #RewriteEngine on + #RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last] + #RewriteRule ^\.well-known/carddav /remote.php/carddav/ [R] + #RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R] From 1dc807d41a7b8a8bdd2fd28fcc008f90a5396208 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 18:02:29 -0400 Subject: [PATCH 16/41] apache_high_php_limits: True for Nextcloud too --- roles/httpd/defaults/main.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/httpd/defaults/main.yml b/roles/httpd/defaults/main.yml index 845d7abeb..3bb677795 100644 --- a/roles/httpd/defaults/main.yml +++ b/roles/httpd/defaults/main.yml @@ -1,6 +1,9 @@ # Make this False to disable http://box/common/services/power_off.php button: -apache_allow_sudo: True +# apache_allow_sudo: True -# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -apache_high_php_limits: False +# apache_high_php_limits: False + +# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml +# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! From 389ae2baf116e9f10923ec2f1ec28fbfef560a2e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 18:02:53 -0400 Subject: [PATCH 17/41] apache_high_php_limits: True for Nextcloud too --- roles/nextcloud/defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index c80e3f80d..4ea588e39 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -8,6 +8,9 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! +# If using Nextcloud intensively, consider setting apache_high_php_limits in: +# /etc/iiab/local_vars.yml + # REMOVE /opt/nextcloud/version.php TO FORCE AN INSTALL OR REINSTALL OR UPGRADE nextcloud_url: /nextcloud From 8a4c83b0cdcc883047d32040b2cf4015d54c08f1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 18:03:46 -0400 Subject: [PATCH 18/41] apache_high_php_limits: True for Nextcloud too --- vars/local_vars_big.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 971fd83cd..319692fe2 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -127,7 +127,7 @@ pi_swap_file_size: 1024 # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True -# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 +# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 # WARNING: Enabling this might cause excess use of RAM/disk or other resources! apache_high_php_limits: False # SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority @@ -221,6 +221,7 @@ nodered_install: True nodered_enabled: True # Store your docs, calendar, contacts & photos on your local server not cloud! +# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER nextcloud_install: True nextcloud_enabled: True nextcloud_allow_public_ips: False From dd273103e8b91d48f2aa86453022e1b6f3aa9e76 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 18:03:50 -0400 Subject: [PATCH 19/41] apache_high_php_limits: True for Nextcloud too --- vars/local_vars_medium.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 32f7b7eab..2ad760148 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -127,7 +127,7 @@ pi_swap_file_size: 1024 # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True -# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 +# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 # WARNING: Enabling this might cause excess use of RAM/disk or other resources! apache_high_php_limits: False # SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority @@ -221,6 +221,7 @@ nodered_install: False nodered_enabled: False # Store your docs, calendar, contacts & photos on your local server not cloud! +# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER nextcloud_install: True nextcloud_enabled: True nextcloud_allow_public_ips: False From 05a542679b2dd4fd606cc962f8e03b2a1b4e8b05 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 18:03:55 -0400 Subject: [PATCH 20/41] apache_high_php_limits: True for Nextcloud too --- vars/local_vars_min.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 4ef840455..08a7d8259 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -127,7 +127,7 @@ pi_swap_file_size: 1024 # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True -# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 +# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 # WARNING: Enabling this might cause excess use of RAM/disk or other resources! apache_high_php_limits: False # SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority @@ -221,6 +221,7 @@ nodered_install: False nodered_enabled: False # Store your docs, calendar, contacts & photos on your local server not cloud! +# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER nextcloud_install: False nextcloud_enabled: False nextcloud_allow_public_ips: False From d85d6af70622e29638937034f7ea2e684f2dc53e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 18:04:00 -0400 Subject: [PATCH 21/41] apache_high_php_limits: True for Nextcloud too --- vars/default_vars.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 435e0a989..48dd30269 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -222,7 +222,7 @@ exFAT_enabled: True # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True -# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 +# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 # WARNING: Enabling this might cause excess use of RAM/disk or other resources! apache_high_php_limits: False # SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority @@ -345,6 +345,7 @@ nodered_port: 1880 nodered_web_path: nodered # Store your docs, calendar, contacts & photos on your local server not cloud! +# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER nextcloud_install: False nextcloud_enabled: False nextcloud_allow_public_ips: False From 1469ad24c47e78d65154edbde6f161b7a9a5a109 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 18:06:11 -0400 Subject: [PATCH 22/41] apache_high_php_limits: True for Nextcloud too --- roles/httpd/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 80b505a66..4a31bd4c7 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -74,7 +74,7 @@ - { src: 'proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf' } #- { src: 'php.ini.j2', dest: '/etc/php.ini', mode: '0644' } # @jvonau suggests removing this in https://github.com/iiab/iiab/issues/1147 -# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 # WARNING: Enabling this might cause excess use of RAM/disk or other resources! - name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress and/or Moodle intensively lineinfile: @@ -85,7 +85,7 @@ with_items: - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M' } + - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } From b5bccb9d712ddf3692b1f9be18f2e33de19655ab Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 19:13:55 -0400 Subject: [PATCH 23/41] roles/httpd/tasks/main.yml comments cleanup --- roles/httpd/tasks/main.yml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 4a31bd4c7..705ec13e1 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -23,18 +23,12 @@ tags: - download -# 2019-05-30: Irrelevant (never invoked) -#- name: Install php{{ php_version }}-sqlite (raspbian-8 or debian-8) -# package: -# name: "php{{ php_version }}-sqlite" -# when: is_raspbian_8 or is_debian_8 -# #when: is_debian and ansible_distribution_major_version == "8" - # 2019-05-30: It's interesting that http://box.lan/admin and everything seems # to work even without php{{ php_version }}-sqlite3 as confirmed on Ubuntu # 16.04 (SEE PR #1697). And likely all others? @tim-moody writes "I think # we decided that because sqlite3 and php are part of the base install the # connector should be too." +# # We might *try* deprecating this here as we transition beyond {raspbian-9, # debian-9, ubuntu-18} in coming months to verify that roles/osm-vector-maps # is the only role that needs it? @@ -76,7 +70,7 @@ # For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress and/or Moodle intensively +- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively lineinfile: path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" regexp: "{{ item.regexp }}" From 23c56725b85c97cf4d8fa32eb3a23792f760fe5e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 20:11:49 -0400 Subject: [PATCH 24/41] Explain apache_high_php_limits in default_vars.yml --- vars/default_vars.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 48dd30269..166730c40 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -220,12 +220,17 @@ exFAT_enabled: True # 3-BASE-SERVER +# See also Apache vars {default_language, language_priority} @ top of this file +# +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +apache_high_php_limits: False +# WARNING: Enabling this might cause excess use of RAM/disk or other resources! +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84 +# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php//apache2/php.ini +# # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True -# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -apache_high_php_limits: False -# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml mysql_install: True From fe05a157e28280b46548d44f6bb923ab02fa37dc Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 20:11:53 -0400 Subject: [PATCH 25/41] Explain apache_high_php_limits in local_vars.yml --- vars/local_vars_min.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 08a7d8259..f7ac38e14 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -125,12 +125,17 @@ pi_swap_file_size: 1024 # 3-BASE-SERVER +# See also Apache vars {default_language, language_priority} @ top of this file +# +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +apache_high_php_limits: False +# WARNING: Enabling this might cause excess use of RAM/disk or other resources! +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84 +# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php//apache2/php.ini +# # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True -# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -apache_high_php_limits: False -# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # roles/mysql runs here (mandatory) From 81e34647fc5d2df67d4fc7a0f9eacd3719a12769 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 20:11:57 -0400 Subject: [PATCH 26/41] Explain apache_high_php_limits in local_vars.yml --- vars/local_vars_medium.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 2ad760148..d2008274e 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -125,12 +125,17 @@ pi_swap_file_size: 1024 # 3-BASE-SERVER +# See also Apache vars {default_language, language_priority} @ top of this file +# +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +apache_high_php_limits: False +# WARNING: Enabling this might cause excess use of RAM/disk or other resources! +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84 +# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php//apache2/php.ini +# # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True -# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -apache_high_php_limits: False -# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # roles/mysql runs here (mandatory) From eaa66443ae9c9097e973de5a2ab77d9cd02cb9df Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 20:12:01 -0400 Subject: [PATCH 27/41] Explain apache_high_php_limits in local_vars.yml --- vars/local_vars_big.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 319692fe2..4de0d984f 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -125,12 +125,17 @@ pi_swap_file_size: 1024 # 3-BASE-SERVER +# See also Apache vars {default_language, language_priority} @ top of this file +# +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +apache_high_php_limits: False +# WARNING: Enabling this might cause excess use of RAM/disk or other resources! +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84 +# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php//apache2/php.ini +# # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True -# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -apache_high_php_limits: False -# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # roles/mysql runs here (mandatory) From 3666f36d7f151b26799edf679a8af625ef1b07c2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 20:51:55 -0400 Subject: [PATCH 28/41] Update README.md --- roles/nextcloud/README.md | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index ed703071e..4f853ed4b 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -1,12 +1,33 @@ # Nextcloud -Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own Internet-in-a-Box. +Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own [Internet-in-a-Box](http://internet-in-a-box.org). This Ansible playbook was derived from an earlier ownCloud playbook thanks to [Josh Dennis](https://github.com/floydianslips) in 2016/2017. +### Install It + +(1) Set these 2 variable in [/etc/iiab/local_vars.yml](http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F) prior to installing Internet-in-a-Box: + + nextcloud_install: True + nextcloud_enabled: True + +(2) If you want to access Nextcloud from public IPv4 addresses, then also set: + + nextcloud_allow_public_ips: True + +(3) Strongly consider setting `apache_high_php_limits: True` in the 3-BASE-SERVER section, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware! So after install is complete, verify and evaluate these 5 settings in /etc/php//apache2/php.ini: + +- upload_max_filesize +- post_max_size +- memory_limit (Nextcloud recommends 512+ MB) +- max_execution_time +- max_input_time + +Some thoughtful PHP recommendations (while largely tailored to WordPress!) can be found here: https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84 + ### Using It -Administrators verify that Nextcloud is installed on your Internet-in-a-Box (check [/etc/iiab/local_vars.yml](http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F)) and then log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using: +Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using: Username: Admin Password: changeme From 15756e22118a933420a273396ce70f933da0f7f5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 21:05:20 -0400 Subject: [PATCH 29/41] Update README.md --- roles/nextcloud/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 4f853ed4b..306d33c33 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -15,7 +15,9 @@ This Ansible playbook was derived from an earlier ownCloud playbook thanks to [J nextcloud_allow_public_ips: True -(3) Strongly consider setting `apache_high_php_limits: True` in the 3-BASE-SERVER section, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware! So after install is complete, verify and evaluate these 5 settings in /etc/php//apache2/php.ini: +To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` after it's created by template [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2) + +(3) Strongly consider setting `apache_high_php_limits: True` in the 3-BASE-SERVER section, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware! So after install is complete, verify and evaluate these 5 settings in /etc/php/[ACTUAL PHP VERSION]/apache2/php.ini: - upload_max_filesize - post_max_size @@ -23,7 +25,7 @@ This Ansible playbook was derived from an earlier ownCloud playbook thanks to [J - max_execution_time - max_input_time -Some thoughtful PHP recommendations (while largely tailored to WordPress!) can be found here: https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84 +Useful PHP recommendations for these settings (while largely tailored to WordPress!) can be found in [/opt/iiab/iiab/roles/httpd/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84) ### Using It From 437e73143f28fd28759002fcc2c2b859d2a8e37e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 21:38:45 -0400 Subject: [PATCH 30/41] Update main.yml --- roles/httpd/defaults/main.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/roles/httpd/defaults/main.yml b/roles/httpd/defaults/main.yml index 3bb677795..9aadcea3f 100644 --- a/roles/httpd/defaults/main.yml +++ b/roles/httpd/defaults/main.yml @@ -1,9 +1,15 @@ +# default_language: en +# language_priority: en es fr + +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +# apache_high_php_limits: False +# WARNING: Enabling this might cause excess use of RAM/disk or other resources! +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84 +# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php//apache2/php.ini + # Make this False to disable http://box/common/services/power_off.php button: # apache_allow_sudo: True -# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# apache_high_php_limits: False - # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! From f5a3069b6c02ee8087ff05f22aca89a5d881e3c4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 21:39:01 -0400 Subject: [PATCH 31/41] Update main.yml --- roles/nextcloud/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 4ea588e39..f8b0cec6b 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -1,16 +1,16 @@ +# If using Nextcloud intensively, consider setting apache_high_php_limits in: +# /etc/iiab/local_vars.yml + # nextcloud_install: False # nextcloud_enabled: False # nextcloud_allow_public_ips: False -# To further refine Nextcloud access controls based on IPv4 addresses, see: -# https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2 +# Configuration tips for IPv4 access controls and tuning RAM/resources: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# If using Nextcloud intensively, consider setting apache_high_php_limits in: -# /etc/iiab/local_vars.yml - # REMOVE /opt/nextcloud/version.php TO FORCE AN INSTALL OR REINSTALL OR UPGRADE nextcloud_url: /nextcloud From 70c4d9f419d6c578a0a85c6651be80b881ed4f96 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 21:40:03 -0400 Subject: [PATCH 32/41] Update default_vars.yml --- vars/default_vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 166730c40..76c4a3e17 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -222,7 +222,7 @@ exFAT_enabled: True # See also Apache vars {default_language, language_priority} @ top of this file # -# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 apache_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... @@ -354,8 +354,8 @@ nodered_web_path: nodered nextcloud_install: False nextcloud_enabled: False nextcloud_allow_public_ips: False -# To further refine Nextcloud access controls based on IPv4 addresses, see: -# https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2 +# Configuration tips for IPv4 access controls and tuning RAM/resources: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x From 21247f0041e7c1622d0ee352e05ded73a4da6f59 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 21:40:08 -0400 Subject: [PATCH 33/41] Update local_vars_min.yml --- vars/local_vars_min.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index f7ac38e14..ae1f82091 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -127,7 +127,7 @@ pi_swap_file_size: 1024 # See also Apache vars {default_language, language_priority} @ top of this file # -# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 apache_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... @@ -230,8 +230,8 @@ nodered_enabled: False nextcloud_install: False nextcloud_enabled: False nextcloud_allow_public_ips: False -# To further refine Nextcloud access controls based on IPv4 addresses, see: -# https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2 +# Configuration tips for IPv4 access controls and tuning RAM/resources: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x From 7608595347902cac19c55ab391924b0357331f27 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 21:41:26 -0400 Subject: [PATCH 34/41] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index d2008274e..2634e2b19 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -127,7 +127,7 @@ pi_swap_file_size: 1024 # See also Apache vars {default_language, language_priority} @ top of this file # -# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 apache_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... @@ -230,8 +230,8 @@ nodered_enabled: False nextcloud_install: True nextcloud_enabled: True nextcloud_allow_public_ips: False -# To further refine Nextcloud access controls based on IPv4 addresses, see: -# https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2 +# Configuration tips for IPv4 access controls and tuning RAM/resources: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x From a67943aaefa5d6a2a04d745dcbb29bbdca3634d5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 21:41:47 -0400 Subject: [PATCH 35/41] Update local_vars_big.yml --- vars/local_vars_big.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 4de0d984f..b6e5629b3 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -127,7 +127,7 @@ pi_swap_file_size: 1024 # See also Apache vars {default_language, language_priority} @ top of this file # -# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 apache_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... @@ -230,6 +230,9 @@ nodered_enabled: True nextcloud_install: True nextcloud_enabled: True nextcloud_allow_public_ips: False +# Configuration tips for IPv4 access controls and tuning RAM/resources: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md + # To further refine Nextcloud access controls based on IPv4 addresses, see: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2 From 48156f0f068bfe523d785032fafc1e26ee9807be Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 21:42:13 -0400 Subject: [PATCH 36/41] Update main.yml --- roles/moodle/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 803c7de5a..b8f0f5c33 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -1,12 +1,12 @@ +# If using Moodle intensively, consider setting apache_high_php_limits in: +# /etc/iiab/local_vars.yml + # moodle_install: False # moodle_enabled: False # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# If using Moodle intensively, consider setting apache_high_php_limits in: -# /etc/iiab/local_vars.yml - moodle_version: 37 #moodle_repo_url: "https://github.com/moodle/moodle.git" moodle_repo_url: "git://git.moodle.org/moodle.git" From 67de5b8b59b57518de713ed157035699ad9f0b1d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 21:42:21 -0400 Subject: [PATCH 37/41] Update main.yml --- roles/wordpress/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/wordpress/defaults/main.yml b/roles/wordpress/defaults/main.yml index 0f2681b6e..e4b3288a2 100644 --- a/roles/wordpress/defaults/main.yml +++ b/roles/wordpress/defaults/main.yml @@ -1,12 +1,12 @@ +# If using WordPress intensively, consider setting apache_high_php_limits in: +# /etc/iiab/local_vars.yml + # wordpress_install: False # wordpress_enabled: False # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# If using WordPress intensively, consider setting apache_high_php_limits in: -# /etc/iiab/local_vars.yml - wordpress_download_base_url: https://wordpress.org wordpress_src: latest.tar.gz From 0535e76cbdc0d045ee556703045270aa19a36a96 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 21:46:34 -0400 Subject: [PATCH 38/41] Update main.yml --- roles/nextcloud/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index f8b0cec6b..b84d88bbd 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -5,6 +5,7 @@ # nextcloud_enabled: False # nextcloud_allow_public_ips: False + # Configuration tips for IPv4 access controls and tuning RAM/resources: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md From 663227553d2c29c32c9d65ab8c8836205203683c Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 22:01:56 -0400 Subject: [PATCH 39/41] Continued pruning of nextcloud.conf --- roles/nextcloud/templates/nextcloud.conf.j2 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2 index 6a575d0a1..dcba0ae0c 100644 --- a/roles/nextcloud/templates/nextcloud.conf.j2 +++ b/roles/nextcloud/templates/nextcloud.conf.j2 @@ -12,7 +12,10 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud # Apache 2.4 # http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html - Require host localhost + + # 2019-09-04 commenting out towards future removal + #Require host localhost + {% if nextcloud_allow_public_ips %} # PERMIT ACCESS FROM ALL IPv4 ADDRESSES: Require all granted From d3bde1b8a4839197254fdc57e8bd115254662116 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 22:21:53 -0400 Subject: [PATCH 40/41] Update README.md --- roles/nextcloud/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 306d33c33..4819b34a3 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -17,7 +17,7 @@ This Ansible playbook was derived from an earlier ownCloud playbook thanks to [J To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` after it's created by template [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2) -(3) Strongly consider setting `apache_high_php_limits: True` in the 3-BASE-SERVER section, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware! So after install is complete, verify and evaluate these 5 settings in /etc/php/[ACTUAL PHP VERSION]/apache2/php.ini: +(3) Strongly consider setting `apache_high_php_limits: True` in the 3-BASE-SERVER section of /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware! So after install is complete, verify and evaluate these 5 settings in /etc/php/[ACTUAL PHP VERSION]/apache2/php.ini: - upload_max_filesize - post_max_size @@ -25,7 +25,7 @@ To further refine Nextcloud access controls based on IPv4 addresses, you can edi - max_execution_time - max_input_time -Useful PHP recommendations for these settings (while largely tailored to WordPress!) can be found in [/opt/iiab/iiab/roles/httpd/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84) +Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found in [/opt/iiab/iiab/roles/httpd/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84) ### Using It From 89393d1b5bd0fa4cd4cfcc83abeee218d37ebd43 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 4 Sep 2019 22:29:03 -0400 Subject: [PATCH 41/41] Update README.md --- roles/nextcloud/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 4819b34a3..3c96c3ea6 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -11,13 +11,13 @@ This Ansible playbook was derived from an earlier ownCloud playbook thanks to [J nextcloud_install: True nextcloud_enabled: True -(2) If you want to access Nextcloud from public IPv4 addresses, then also set: +(2) If you want to access Nextcloud from IPv4 addresses across the public Internet, then also set: nextcloud_allow_public_ips: True To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` after it's created by template [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2) -(3) Strongly consider setting `apache_high_php_limits: True` in the 3-BASE-SERVER section of /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware! So after install is complete, verify and evaluate these 5 settings in /etc/php/[ACTUAL PHP VERSION]/apache2/php.ini: +(3) Strongly consider also setting `apache_high_php_limits: True` in the 3-BASE-SERVER section of /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware! So after install is complete, verify and evaluate these 5 settings in /etc/php/[ACTUAL PHP VERSION]/apache2/php.ini: - upload_max_filesize - post_max_size