Nextcloud Part 2 - FPM
Now that the Nextcloud MariaDB is up and running, I can deploy a new workload for the Nextcloud FPM container into the Nextcloud namespace. There are a few pre-requisites to take care of first.
Redis
Redis is an in-memory key value store. Nextcloud uses it to prevent file locking problems. It doesn’t require persistent storage or any special configuration. If I wanted to customize the Redis configuration, I would do that with a Config Map mounted at /etc/redis/redis.conf.
Deploy by going to Project..Default..Workloads..Deploy:
- Name - nextcloud-redis
- Docker Image - redis:5.0.8 (as of this post)
- Namespace - nextcloud
- Port - redis, 6379, TCP, ClusterIP (Internal Only)
Nextcloud FPM
I need to create a new persistent volume which will be mounted at /var/www/html on both the Nextcloud FPM container as well as the NGINX container by going to create new volume at Global..Cluster..Persistent Volumes:
- Name - nextcloudfpm-www
- Volume Plugin- NFS Share
- Capacity - 100 GiB (still don’t know what this does, it doesn’t seem to reserve anything, but making this larger to accomodate file sharing)
- Path - /Container/nextcloud-www
- Server - 192.168.x.x
- Read Only - No
- Access modes - Many Nodes Read-Write
I’m going to get away from my bad habit of storing both secrets and configuration values into the same secret. I need a secret nextcloudfpm-secret for actual secrets like passwords and a Config Map called nextcloudfpm-config for everything else. They will both be brought into the workload as environment variables. I need the following keys and values:
- MYSQL_DATABASE - nextclouddb
- MYSQL_USER - nextcloud
- MYSQL_PASSWORD -
- MYSQL_HOST - nextclouddb.nextcloud.svc.cluster.local
- NEXTCLOUD_ADMIN_USER - admin
- NEXTCLOUD_ADMIN_PASSWORD -
- REDIS_HOST - nextcloud-redis-nextcloud.svc.cluster.local
- SMTP_HOST- mail.domain.tld
- SMTP_SECURE - ssl
- SMTP_PORT - 465 (for SSL)
- SMTP_NAME - nextcloud@domain.tld
- SMTP_PASSWORD -
- MAIL_FROM_ADDRESS - nextcloud@domain.tld
- MAIL_DOMAIN - domain.tld
Next, deploy the Nextcloud FPM workload into the nextcloud namespace with Project..Default..Workloads..Deploy:
- Name - nextcloud-fpm
- Docker Image - nextcloud:18.0.3-fpm-alpine (as of this post)
- Port Mapping - fpm,9000,tcp,ClusterIP (internal only)
- Environment Variables - Inject from nextcloudfpm-secret and nextcloudfrpm-config
- Volumes (add new persistent volume claim) - nextcloudfrpm-www-vol from nextcloudfpm-www using Many Nodes Read-Write which is mounted at /var/www/html
After deploying, checking the logs shows it was successful:
Configuring Redis as session handler
[11-Apr-2020 11:25:51] NOTICE: fpm is running, pid 1
[11-Apr-2020 11:25:51] NOTICE: ready to handle connections
At this point, Nextcloud still not usable. I still need to set up the nginx reverse proxy to handle the static content and configure nginx-ingress for external access and Let's Encrypt.
UPDATE: I had a problem getting OnlyOffice and the companion documentserver_community app to work. I tracked the problem down to a binary that's used for document conversion, x2t, requires glibc which isn't available in the alpine version of the nextcloud-fpm Docker image. Once I switched to nextcloud:18.0.3-fpm and changed ownership of the files on the volume (www-data uses a different uid/gid in the two images), it all worked properly.
chown -R www-data:root /var/www
chmod -R g=u /var/www