roles/nextcloud: Switch to Fedora package

Fedora now includes a packaged version of Nextcloud. This will be _much_ easier to maintain than the tarball-based distribution method. There are some minor differences in how the Fedora package works, compared to the upstream tarball. Notably, it puts the configuration file in `/etc/` and makes it read-only, and it stores persistent data separate from the application. These differences require modifications to the Apache and PHP-FPM configuration, but the package also included examples to make this easier. Since the `config.php` is read-only now, it has to be managed by the configuration policy; it cannot be modified by the Administration web UI.
2021-06-24 19:58:14 -05:00
parent 0add34a9a3
commit b86e0d8f29
10 changed files with 583 additions and 73 deletions
--- a/roles/nextcloud/templates/nextcloud.httpd.conf.j2
+++ b/roles/nextcloud/templates/nextcloud.httpd.conf.j2
@@ -5,7 +5,8 @@ RewriteRule /.* https://%{SERVER_NAME}$0
 Header always set \
 	Strict-Transport-Security "max-age=63072000; includeSubDomains"

-<Directory /var/www/html>
+DocumentRoot /usr/share/nextcloud
+<Directory /usr/share/nextcloud>
 Require all granted
 AllowOverride All
 Options FollowSymLinks MultiViews
@@ -13,4 +14,47 @@ Options FollowSymLinks MultiViews
 <IfModule mod_dav.c>
 Dav off
 </IfModule>
+
+<IfModule mod_rewrite.c>
+  Options -MultiViews
+  RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]
+  RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1]
+  RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff2?|ico|jpg|jpeg|map|webm|mp4)$
+  RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$
+  RewriteCond %{REQUEST_FILENAME} !core/img/manifest.json$
+  RewriteCond %{REQUEST_FILENAME} !/remote.php
+  RewriteCond %{REQUEST_FILENAME} !/public.php
+  RewriteCond %{REQUEST_FILENAME} !/cron.php
+  RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php
+  RewriteCond %{REQUEST_FILENAME} !/status.php
+  RewriteCond %{REQUEST_FILENAME} !/ocs/v1.php
+  RewriteCond %{REQUEST_FILENAME} !/ocs/v2.php
+  RewriteCond %{REQUEST_FILENAME} !/robots.txt
+  RewriteCond %{REQUEST_FILENAME} !/updater/
+  RewriteCond %{REQUEST_FILENAME} !/ocs-provider/
+  RewriteCond %{REQUEST_FILENAME} !/ocm-provider/
+  RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
+  RewriteRule . index.php [PT,E=PATH_INFO:$1]
+  RewriteBase /
+  <IfModule mod_env.c>
+    SetEnv front_controller_active true
+    <IfModule mod_dir.c>
+      DirectorySlash off
+    </IfModule>
+  </IfModule>
+</IfModule>
 </Directory>
+
+Alias /apps-appstore /var/lib/nextcloud/apps
+Alias /custom_apps /var/lib/nextcloud/apps
+
+<Directory /var/lib/nextcloud/apps/>
+Require all granted
+</Directory>
+<Directory /var/lib/nextcloud/data/>
+Require all granted
+</Directory>
+
+Redirect 301 /.well-known/carddav /remote.php/carddav
+Redirect 301 /.well-known/caldav /remote.php/caldav
+Redirect 301 /.well-known/webdav /remote.php/webdav