This is an installation of Nextcloud that borrows some of the "Mail-in-a-Box" code and standards, such as:
See Mail-in-a-Box LDAP.
The primary purpose of this project is be able to easly deploy and maintain a cloud server (Nextcloud) for a home or small business, and together with Mail-in-a-Box LDAP, share a single user account database and similar installation and maintenance experiences. That said, both Mail-in-a-Box and Cloud-in-a-Box work just fine independently as well.
Cloud-in-a-Box works only on Ubuntu 22 (Jammy).
For current users: if you're currently on Ubuntu 20 (Focal) and wish to upgrade to Ubuntu 22 (Jammy), your Nextcloud installation MUST BE AT VERSION 24 OR HIGHER. Do not upgrade to Jammy without first upgrading Nextcloud.
If you're running on Ubuntu 18 (Bionic), you'll have to upgrade to Ubuntu 20 (Focal) first, then check out the latest cloudinabox code, then re-run setup, then upgrade Nextcloud to version 24+, then upgrade to Jammy.
Upgrading from Ubuntu 20 (Focal) to Ubuntu 22 (Jammy) may be done in-place using the system's OS upgrade program /usr/bin/do-release-upgrade, or from backup files (restored into /home/user-data) on a fresh Jammy system.
During setup you will have an opportunity to optionally integrate Nextcloud users and groups with the companion service Mail-in-a-Box LDAP. This permits Mail-in-a-Box users access to Nextcloud without a separate password by configuring the LDAP/Active Directory user and group backend for you.
ssmtp
will be installed and configured to use Mail-in-a-Box LDAP as its mail "smart host".
Once integrated, new users can be added and removed from Nextcloud through the Mail-in-a-Box admin interface.
Note that Mail-in-a-Box LDAP is a fork of Mail-in-a-Box that supports LDAP for users and groups. This integration step works only with Mail-in-a-Box LDAP, not with Mail-in-a-Box.
apt-get install git
git clone https://github.com/downtownallday/cloudinabox.git cloudinabox
git checkout v0.9
cd cloudinabox
sudo setup/start.sh
(or sudo ehdd/start-encrypted.sh
to use encryption-at-rest)To integrate with Mail-in-a-Box LDAP, you will also need root acess to the Mail-in-a-Box LDAP system to:
/home/user-data/ldap/maib_ldap.conf
file (the value of key LDAP_NEXTCLOUD_PASSWORD).ufw allow proto tcp from <cloudinabox-ip> to any port ldaps
).All of these items are prompted for during setup.
A self-signed certificate is installed during a first-time setup. For certbot
(the Let's Encrypt automated certificate signing program) to successfully install a valid certificate for your host, a couple of things must be in place:
The hostname you chose during setup MUST have a valid internet DNS entry. This can be added through your name service provider's web interface, or if you're handling your own DNS, within your own servers. If you're using Mail-in-a-Box for DNS, a custom entry can be added within the admin interface. Let's Encrypt will perform its acme challenge using this host name.
Timing. Cloud-in-a-Box does not have a management interface. Certificate provisioning occurs during the daily run of management/daily_tasks.sh
(Daily Tasks) at 3:00am. To provision a Let's Encrypt certificate immediately, run sudo management/daily_tasks.sh
manually from a shell prompt after setup has completed successfully. Note that the results of Daily Tasks is emailed to the address given during setup. Please be sure email is functioning properly (if you integrated with Mail-in-a-Box LDAP, you can test email with echo "hi" | ssmtp me@domain.tld
).
Similar to Mail-in-a-Box, upgrading Cloud-in-a-Box is simply a matter of re-running setup with the updated source code.
cd cloudinabox
git pull
git checkout v0.9
sudo setup/start.sh
However, Nextcloud upgrades are handled by you using the Nextcloud user interface or directly using occ
commands from the command line. You will find occ
in /usr/local/nextcloud
.
Daily Tasks are run at 3:00am every day, which includes backing up /home/user-data with duplicity
. This is exactly the same as Mail-in-a-Box, where backup files are encrypted and stored in /home/user-data/backup/encrypted. Please be sure to keep a copy of the encryption key somewhere safe (off the system). It can be found in /home/user-data/backup/secret_key.txt
. If your system fails restoration won't be possible without the key even if you posses the backup files.
The source code for backups (management/backup.py), was taken from the Mail-in-a-Box project and is nearly verbatim. Therefore, backups to S3 and rsync are also available, but must be configured manually due to the lack of a management interface. This is accomplished by setting backup preferences in a yaml config file located at /home/user-data/backup/custom.yaml.
Restoring from backup is simply a matter of restoring /home/user-data from duplicity backup files, then re-running setup/start.sh.