xavye/ascoetpi
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Ajouter opencloud/install.md

Browse Source
This commit is contained in:
xavye
2026-01-18 16:49:57 +00:00
parent 52f2613015
commit fe11ea9d55
1 changed files with 275 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

275
opencloud/install.md Normal file
View File

@@ -0,0 +1,275 @@
<summary>
Some words why I switched and a bit of comparison</summary>
<p>So a few weeks ago I read about Opencloud: It comes with an integrated markdown editor and when integrating Radicale (CalDAV/ CardDAV server) I can also host my calendar and contacts with it, like I did with Nextcloud.</p>
<p>But right now some features are still missing: You can not see or edit your calendar and contacts in the opencloud webpanel (which Im okay with) and it also does not send notifications, if you have reminders set for calendar events. You would need to manage this with external apps.<br>
And right now there are not many apps for Opencloud itself, but its a quite young project, so it might change in the future.<br>
Like there is no eMail integration like Nextcloud has. And there are <a href="https://apps.nextcloud.com/">dozens or so of apps</a> you can install and use with Nextcloud, like 2FA, Talk, whiteboard etc. pp. But I dont need this for my self-hosted cloud setup <img src="https://dietpi.com/forum/images/emoji/twitter/slight_smile.png?v=15" title=":slight_smile:" class="emoji" alt=":slight_smile:" loading="lazy" width="20" height="20"><br>
You can integrate collabora into Opencloud tho, and create workspaces. And there is also a <a href="https://github.com/orgs/opencloud-eu/projects/2/views/3">roadmap for Openclouds future</a>, the file-download-on-demand feature is right around the corner.</p>
<p>Opencloud is written in Golang, so it has a webserver integrated, It does not need PHP nor a database, everything is file-based. So you can just manipulate the files on your SBC without the need to refresh a database. Same goes for the calendar and contact data, everything in <a href="https://radicale.org">Radicale</a> is stored as vcf or ics files.</p>
</details>
<p><strong>Before we start a quick note:</strong><br>
You can not run Opencloud on a subpath, like <a href="https://example.org/opencloud">example.org/opencloud</a>, it will not work.<br>
I tried to make it work, but somewhere in the code they trim the URL that you specify in the config file. So maybe you could change the code and try to run it on a subpath, but a lot of stuff is relying on that URL and will likely have unwanted side effects and break the app.<br>
Now I think its a smart move to stay consistent through out the whole app with this canonical URL.</p>
<p>As it must run on the “root” of the domain, you can create just a subdomain, like <a href="https://cloud.example.org">cloud.example.org</a> or just run it on the second-level-domain <code>example.org</code> if you like.<br>
I use a DynDNS domain which has already a sub-domain in it (like <a href="https://domain.ddns.net">domain.ddns.net</a>, so I just created a new one for opencloud, which also points to my public IP.</p>
<h1><a name="p-95220-how-i-installed-opencloud-radicale-bare-metal-including-systemd-services-1" class="anchor" href="#p-95220-how-i-installed-opencloud-radicale-bare-metal-including-systemd-services-1" aria-label="Heading link"></a>How I installed opencloud &amp; radicale bare-metal (including systemd services):</h1>
<h2><a name="p-95220-install-opencloud-2" class="anchor" href="#p-95220-install-opencloud-2" aria-label="Heading link"></a>Install opencloud</h2>
<ul>
<li>Download the binary from github: <a href="https://github.com/opencloud-eu/opencloud/releases" class="inline-onebox">Releases · opencloud-eu/opencloud · GitHub</a></li>
<li>copy it to <code>/opt/opencloud/opencloud</code></li>
<li>create a system user <code>opencloud</code> and a directory for it, tweak permissions:</li>
</ul>
<pre data-code-wrap="bash"><code class="lang-bash">useradd --system --no-create-home --shell /usr/sbin/nologin opencloud
mkdir /mnt/dietpi_userdata/opencloud
chown -R opencloud:opencloud /mnt/dietpi_userdata/opencloud
chmod 700 /mnt/dietpi_userdata/opencloud
</code></pre>
<ul>
<li>Create the config and data directory and config file</li>
</ul>
<pre data-code-wrap="bash"><code class="lang-bash">cd /mnt/dietpi_userdata/opencloud
sudo -u opencloud mkdir ./config ./data
sudo -u opencloud touch ./config/config.env
</code></pre>
<p>content for <code>config.env</code>:</p>
<pre data-code-wrap="ini"><code class="lang-ini">OC_CONFIG_DIR=/mnt/dietpi_userdata/opencloud/config/
OC_BASE_DATA_PATH=/mnt/dietpi_userdata/opencloud/data
OC_URL=http://&lt;LAN_IP&gt;:9200
PROXY_LOG_LEVEL=info
</code></pre>
<p>Replace <code>&lt;LAN_IP&gt;</code> with the IP of your device (like <code>http://192.168.0.1:9200</code>), we will test after the init if the service is running.<br>
We will then later change it to the actual domain.<br>
(I set PROXY_LOG_LEVEL to info to be able to create a filter for <a href="https://github.com/fail2ban/fail2ban">fail2ban</a>)</p>
<p>Opencloud will create a yaml file inside <code>./config</code> on first start, it contains keys, tokens and passworts, for example the admin passwort you need for the logging into the web panel.</p>
<ul>
<li>Then we create a systemd service:<br>
nano<code>/etc/systemd/system/opencloud.service</code><br>
with the contents:</li>
</ul>
<pre data-code-wrap="ini"><code class="lang-ini">[Unit]
Description=OpenCloud Service
After=network.target
[Service]
Type=simple
User=opencloud
Group=opencloud
WorkingDirectory=/opt/opencloud
EnvironmentFile=/mnt/dietpi_userdata/opencloud/config/config.env
ExecStart=/opt/opencloud/opencloud server
Restart=on-failure
RestartSec=5
Environment=PATH=/usr/bin:/usr/local/bin
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
</code></pre>
<p><strong>Dont start the service yet!</strong></p>
<p>First we need to initialize opencloud, it also needs to use our <code>.env</code> file for the init to create the files in the correct places.</p>
<pre data-code-wrap="bash"><code class="lang-bash">sudo -u opencloud env $(cat /mnt/dietpi_userdata/opencloud/config/config.env | xargs) /opt/opencloud/opencloud init
</code></pre>
<p>A prompt should appear:</p>
<blockquote>
<p>Do you want to configure OpenCloud with certificate checking disabled?</p>
</blockquote>
<p>If you use a self-signed certificate (if you use DynDNS and certbot / letsencrypt), choose <code>yes</code>.<br>
If you know what you are doing, choose <code>no</code>.<br>
Well config SSL within the reverse proxy and Opencloud (running on port <code>9200</code>) will not be accessible directly from public internet, so this is fine.</p>
<p>It will also show you the admin passwort you need for login into the web panel. There should be now also a new file in <code>/mnt/dietpi_userdata/opencloud/config</code> called <code>opencloud.yaml</code>, it cointains also the password.</p>
<p>Now enable and start the service</p>
<pre data-code-wrap="bash"><code class="lang-bash">systemctl daemon-reload
systemctl enable --now opencloud.service
</code></pre>
<p>You should now be able to reach it on port <code>9200</code> via <code>http</code>.</p>
<hr>
<h2><a name="p-95220-proxy-config-3" class="anchor" href="#p-95220-proxy-config-3" aria-label="Heading link"></a>Proxy config</h2>
<p>Is use nginx for the proxy, you can use this as a blueprint for lighty or apache I guess</p>
<ul>
<li>create the file: <code>nano /etc/nginx/sites-available/opencloud</code><br>
(Replace <code>cloud.example.org</code> with your domain. It also contains already the proxy config for Radicale / CalDAV)<br>
<strong>If you dont want to use radicale, please delete the corresponding blocks from the nginx config!</strong></li>
</ul>
<details open="">
<summary>
/etc/nginx/sites-available/opencloud</summary>
<pre data-code-wrap="nginx"><code class="lang-nginx">server {
server_name cloud.example.org
listen 443 ssl;
http2 on;
ssl_certificate /etc/letsencrypt/live/cloud.example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.example.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
http2_max_concurrent_streams 512;
location / {
proxy_pass https://127.0.0.1:9200;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_ssl_verify off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
proxy_buffering off;
proxy_request_buffering off;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
keepalive_timeout 3600s;
keepalive_requests 100000;
proxy_next_upstream off;
client_max_body_size 10M;
}
# ----------------------------
# RADICALE CalDAV
# ----------------------------
location /caldav/ {
proxy_pass http://127.0.0.1:5232/;
proxy_set_header X-Script-Name /caldav;
proxy_set_header X-Remote-User $http_x_remote_user;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_buffering off;
}
location = /.well-known/caldav {
return 301 /caldav/;
}
# ----------------------------
# RADICALE CardDAV
# ----------------------------
location /carddav/ {
proxy_pass http://127.0.0.1:5232/;
proxy_set_header X-Script-Name /carddav;
proxy_set_header X-Remote-User $http_x_remote_user;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_buffering off;
}
location = /.well-known/carddav {
return 301 /carddav/;
}
}
</code></pre>
</details>
<p>I guess you can also use QUIC/HTTP3, but in NGINX only one directive is allowed for QUIC for the whole config!<br>
QUIC runs on UDP and is stateless, so it makes no sense to define it in multiple server blocks. If you already have QUIC set up in your default config it should be fine.</p>
<ul>
<li>link the config and reload nginx</li>
</ul>
<pre data-code-wrap="bash"><code class="lang-bash">ln -s /etc/nginx/sites-available/opencloud /etc/nginx/sites-enabled
</code></pre>
<ul>
<li>Now its also time to change <code>OC_URL</code> inside <code>/mnt/dietpi_userdata/opencloud/config/config.env</code> to you actual domain, it should look like</li>
</ul>
<pre data-code-wrap="ini"><code class="lang-ini">OC_URL=https://cloud.example.org
</code></pre>
<ul>
<li>Now restart nginx and opencloud</li>
</ul>
<pre data-code-wrap="bash"><code class="lang-bash">systemctl daemon-reload
systemctl reload nginx.service
systemctl restart opencloud.service
</code></pre>
<p>You are now able to reach opencloud via your domain.</p>
<hr>
<h2><a name="p-95220-install-radicale-4" class="anchor" href="#p-95220-install-radicale-4" aria-label="Heading link"></a>Install Radicale</h2>
<p><strong>(If you dont want to use radicale, please delete the corresponding blocks from the nginx config)</strong></p>
<p>Radicale is availble in the Debian repo, so we can just install it via <code>apt</code></p>
<pre data-code-wrap="bash"><code class="lang-bash">apt install radicale
</code></pre>
<p>It creates a systemd service file we can overwrite with</p>
<pre data-code-wrap="bash"><code class="lang-bash">systemctl edit radicale.service
</code></pre>
<p>At the top of the file is an area marked, where we can insert our overwrites.<br>
We add:</p>
<pre data-code-wrap="ini"><code class="lang-ini">[Service]
User=radicale
Group=radicale
ExecStart=
ExecStart=/usr/bin/radicale --config /mnt/dietpi_userdata/radicale/radicale.conf
ReadWritePaths=
ReadWritePaths=/mnt/dietpi_userdata/radicale/
</code></pre>
<p>Before we restart we need to create the corresponding paths and the config file:</p>
<pre data-code-wrap="bash"><code class="lang-bash">mkdir -p /mnt/dietpi_userdata/radicale/collections
chown -R radicale:radicale /mnt/dietpi_userdata/radicale
chmod 700 /mnt/dietpi_userdata/radicale
sudo -u radicale nano /mnt/dietpi_userdata/radicale/radicale.conf
</code></pre>
<details>
<summary>
content of the radicale.conf</summary>
<pre data-code-wrap="ini"><code class="lang-ini">[server]
hosts = 127.0.0.1:5232
max_connections = 20
timeout = 30
[auth]
type = http_x_remote_user
[rights]
type = owner_only
[storage]
filesystem_folder = /mnt/dietpi_userdata/radicale/collections
predefined_collections = {
"def-addressbook": {
"D:displayname": "Personal Address Book",
"tag": "VADDRESSBOOK"
},
"def-calendar": {
"C:supported-calendar-component-set": "VEVENT,VJOURNAL,VTODO",
"D:displayname": "Personal Calendar",
"tag": "VCALENDAR"
}
}
[web]
type = none
[logging]
level = warning
</code></pre>
</details>
<ul>
<li>Now restart everything</li>
</ul>
<pre data-code-wrap="bash"><code class="lang-bash">systemctl daemon-reload
systemctl restart radicale.service
systemctl restart opencloud.service
</code></pre>
<p>If you browse now the <code>/caldav</code> or <code>/carddav</code> endpoint you should see the message <code>Radicale works!</code>.<br>
Also in the opencloud webpanel, click in the top right corner on the user icon, then on settings.<br>
In the menu on the left side choose <code>Calendar</code>, you should see now some info about your radicale integration on this page.<br>
To access it externally, you can use the username “admin” and as passwort you need to create an app token. You can do this from the menu on the left as well.</p>
<p><em>I hope I did not forget something, I wrote all of this from memory. The 1000 lines of history in bash were not enough to save everything I did when I was testing <img src="https://dietpi.com/forum/images/emoji/twitter/smiley.png?v=15" title=":smiley:" class="emoji" alt=":smiley:" loading="lazy" width="20" height="20"></em></p>
<hr>
<h2><a name="p-95220-references-5" class="anchor" href="#p-95220-references-5" aria-label="Heading link"></a>References:</h2>
<h3><a name="p-95220-radicale-6" class="anchor" href="#p-95220-radicale-6" aria-label="Heading link"></a>Radicale:</h3>
<p><a href="https://radicale.org/v3.html#documentation-1">https://radicale.org/v3.html#documentation-1</a></p>
<h3><a name="p-95220-opencloud-7" class="anchor" href="#p-95220-opencloud-7" aria-label="Heading link"></a>Opencloud:</h3>
<p><a href="https://docs.opencloud.eu/docs/next/dev/server/configuration/config-system">https://docs.opencloud.eu/docs/next/dev/server/configuration/config-system</a><br>
<a href="https://docs.opencloud.eu/docs/next/admin/configuration/radicale-integration">https://docs.opencloud.eu/docs/next/admin/configuration/radicale-integration</a><br>
<a href="https://github.com/opencloud-eu/opencloud">https://github.com/opencloud-eu/opencloud</a><br>
<a href="https://github.com/opencloud-eu/opencloud-compose/blob/main/config/radicale/config">https://github.com/opencloud-eu/opencloud-compose/blob/3bddb65c8bf357285b8b47246351936aae3b75dc/config/radicale/config</a></p>
</div>