firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
47fa24bda21b63cc39b1d879fd3eae201cb85518
firefrost-operations-manual/docs/nextcloud-deployment.md
Firefrost Automation 9ecd39b7ac 🔥❄️ PHASE 0.5 COMPLETE - All 7 Services Operational 
MASSIVE UPDATE - 11+ Hour Marathon Session Complete:

Infrastructure:
- Firefrost_Infrastructure_Manifest.md → v1.5 (Phase 0.5 100%)
- All 7 management services deployed and operational
- Three-tier documentation architecture complete
- Zero downtime, zero data loss

Services Deployed Tonight (Ghost VPS):
- MkDocs (docs.firefrostgaming.com) - Public documentation
- Wiki.js Subscribers (subscribers.firefrostgaming.com) - Premium content
- Wiki.js Staff (staff.firefrostgaming.com) - Internal SOPs
- NextCloud (downloads.firefrostgaming.com) - World downloads

Documentation:
- session-handoff.md - Complete Phase 0.5 session added
- SANDBOX-BRIEFING.md - Updated to v2.0 with current status
- mkdocs-deployment.md - Created
- wikijs-deployment.md - Created
- nextcloud-deployment.md - Created
- FIREFROST-PROJECT-SCOPE-V2.md - Updated progress

Technical Achievements:
- PostgreSQL multi-database setup (3 databases)
- Nginx reverse proxy for all services
- SSL certificates for all domains
- Automation system utilized throughout
- GitHub mirror fully operational

Session Stats:
- Duration: 11+ hours (morning + evening)
- Services: 7/7 (100%)
- Downtime: ZERO
- Data Loss: ZERO
- Jack Alerts: ZERO (perfect health session)

Next Phase: Phase 1 (DDoS Protection + LuckPerms)

Fire + Frost = Where Passion Meets Precision 🔥❄️
2026-02-09 22:23:17 -06:00

251 lines
5.9 KiB
Markdown
Raw Blame History

# NextCloud Deployment - World Downloads Portal
**Date:** February 9, 2026
**Server:** Ghost VPS (64.50.188.14)
**Status:** ✅ OPERATIONAL
**Service:** 7 of 7 (Phase 0.5: 100% complete)
---
## Deployment Summary
**Duration:** ~2.5 hours (including troubleshooting)
**URL:** https://downloads.firefrostgaming.com
**Components:**
- NextCloud 32.0.5
- PostgreSQL database
- PHP 8.3-FPM
- Nginx reverse proxy
- SSL certificate (Let's Encrypt)
---
## Installation Steps
### 1. PHP Stack Installation
```bash
apt install -y php8.3-fpm php8.3-mysql php8.3-curl php8.3-gd \
php8.3-intl php8.3-mbstring php8.3-xml php8.3-zip \
php8.3-imagick php8.3-bcmath php8.3-gmp php8.3-pgsql unzip curl
```
### 2. PostgreSQL Database
```bash
sudo -u postgres psql << 'SQL'
CREATE USER nextcloud WITH PASSWORD 'FrostFire2026Cloud';
CREATE DATABASE nextcloud OWNER nextcloud;
\c nextcloud
GRANT ALL ON SCHEMA public TO nextcloud;
GRANT ALL ON DATABASE nextcloud TO nextcloud;
\q
SQL
```
**CRITICAL:** ALTER DATABASE OWNER required for proper permissions
### 3. NextCloud Download
```bash
cd /var/www
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
tar -xjf latest.tar.bz2
rm latest.tar.bz2
chown -R www-data:www-data /var/www/nextcloud
```
### 4. Nginx Configuration
**Key points:**
- Remove `$uri/` from try_files to prevent directory listing
- Add rewrite for index.php routing
- Proper FastCGI parameters for HTTPS
**Final working config:**
```nginx
location / {
try_files $uri /index.php$request_uri;
}
```
**NOT:**
```nginx
location / {
try_files $uri $uri/ /index.php$request_uri; # WRONG - causes 403
}
```
### 5. SSL Certificate
```bash
certbot --nginx -d downloads.firefrostgaming.com \
--non-interactive --agree-tos \
--email mkrause612@gmail.com --redirect
```
### 6. Web Installation
- Navigate to https://downloads.firefrostgaming.com
- Admin: mkrause612 / FireFrost2026Admin
- Database: PostgreSQL (NOT MySQL/MariaDB by default)
- Database details:
- User: nextcloud
- Password: FrostFire2026Cloud
- Database: nextcloud
- Host: localhost:5432
### 7. Permissions
```bash
chown -R www-data:www-data /var/www/nextcloud
find /var/www/nextcloud -type d -exec chmod 750 {} \;
find /var/www/nextcloud -type f -exec chmod 640 {} \;
chmod 770 /var/www/nextcloud/data
chmod -R 770 /var/www/nextcloud/apps
```
---
## Challenges Encountered
### 1. PostgreSQL Not Supported (Initial)
**Error:** "Database <pgsql> is not supported"
**Solution:** Install php8.3-pgsql module
**Command:** `apt install -y php8.3-pgsql`
### 2. Directory Index Forbidden (403)
**Error:** "directory index of /var/www/nextcloud/apps/dashboard/ is forbidden"
**Root Cause:** Nginx `try_files $uri $uri/` attempted directory listing
**Solution:** Remove `$uri/` from location blocks
### 3. Redirect Loops
**Error:** "ERR_TOO_MANY_REDIRECTS"
**Root Cause:** Dashboard app + custom redirects
**Solution:** Temporarily disable dashboard, fix Nginx routing
### 4. Browser Cache Issues
**Error:** Stuck on /apps/dashboard even after fixes
**Solution:** Clear browser cookies/cache, use incognito mode
---
## Verification
```bash
# Test HTTPS
curl -I https://downloads.firefrostgaming.com
# Check permissions
ls -la /var/www/nextcloud
# Verify PostgreSQL connection
sudo -u www-data php /var/www/nextcloud/occ config:system:get dbtype
# Check trusted domains
sudo -u www-data php /var/www/nextcloud/occ config:system:get trusted_domains
```
**Expected Results:**
- HTTP/2 200 response
- All files owned by www-data
- dbtype: pgsql
- trusted_domains includes downloads.firefrostgaming.com
---
## Post-Installation Configuration
### Trusted Domains
```bash
sudo -u www-data php occ config:system:set trusted_domains 0 \
--value="downloads.firefrostgaming.com"
sudo -u www-data php occ config:system:set overwrite.cli.url \
--value="https://downloads.firefrostgaming.com"
sudo -u www-data php occ config:system:set overwriteprotocol \
--value="https"
```
### Disable Dashboard (if needed)
```bash
sudo -u www-data php occ app:disable dashboard
```
### Maintenance Mode
```bash
sudo -u www-data php occ maintenance:mode --off
```
---
## Integration with Subscriber System
**Purpose:** World download access for $5+ subscribers
**Workflow (Manual Phase 1):**
1. Subscriber pays via Paymenter
2. Manual NextCloud account creation
3. Email credentials to subscriber
4. Grant access to world backup folders
**Future (Phase 2):**
- Paymenter webhook triggers automatic account creation
- Automated credential emails
- Automated folder permission grants
**Future (Phase 3):**
- SSO/OAuth integration across all services
- Real-time subscription validation
---
## Maintenance
**Updates:**
```bash
sudo -u www-data php /var/www/nextcloud/updater/updater.phar
```
**Backups:**
- Database: pg_dump nextcloud
- Files: /var/www/nextcloud/data/
**Monitoring:**
- Added to Uptime Kuma (pending)
- Check via https://downloads.firefrostgaming.com/login
---
## Key Learnings
1. **PostgreSQL requires php-pgsql module** - not installed by default
2. **Nginx directory listing must be disabled** for NextCloud routing
3. **ALTER DATABASE OWNER critical** for proper permissions
4. **Browser cache can persist** after server fixes
5. **Dashboard app can conflict** with initial setup
6. **Web installation easier** than CLI for complex configs
---
## Files Modified
**Nginx:**
- `/etc/nginx/sites-available/downloads.firefrostgaming.com`
**NextCloud:**
- `/var/www/nextcloud/config/config.php` (auto-generated)
**SSL:**
- `/etc/letsencrypt/live/downloads.firefrostgaming.com/`
---
## Success Criteria
- ✅ HTTPS working (HTTP/2 200)
- ✅ Web interface accessible
- ✅ PostgreSQL connection stable
- ✅ File upload/download functional
- ✅ SSL certificate valid (expires May 11, 2026)
- ✅ Permissions locked down
- ✅ No 403 or redirect errors
---
**Fire + Frost = Where Passion Meets Precision** 🔥❄️
**Phase 0.5: 100% COMPLETE**
Reference in New Issue View Git Blame Copy Permalink