Page MenuHomePhabricator
Create Task
Maniphest T362605

NextCloud for WMCH
Closed, ResolvedPublic
Actions

Description

Wikimedia CH requested a new NextCloud to share documents with the community without using proprietary software.

This is in line with the Tech Strategy - stub here:

https://meta.wikimedia.org/wiki/Wikimedia_CH/Information_Technology_Strategy

2023/early-2024 configuration (concluded)

Self-hosted demo with classic PHP-FPM on node members2 (proposed by Ilario)

  • request 200GB additional storage
    • create ext4 partition with fsck
    • add entry in /etc/fstab/
  • create database utf8mb4_general_ci and user credentials
  • setup DNS record
  • setup virtualhost
  • setup PHP-FPM
  • install needed operating system packages (php8.2-mysql php8.2-dom php8.2-xml php8.2-curl php8.2-gd php8.2-zip php8.2-mbstring)
  • setup web environment
  • setup Let's Encrypt certificates with certbot
  • first web configuration
  • communicate first credentials
  • HTTP headers hardening

2024 configuration

Nextcloud as a service from Cloud68 with Collabora.

Revisions and Commits

rWCIN wikimedia-ch-wmch-infrastructure
rWCIN901de1f9ee51 members2: enable nextcloud
rWCINee54b3956596 members2: install Nextcloud

Related Objects
Search...

Event Timeline

ValerioBoz-WMCH created this task.Apr 16 2024, 6:54 AM
valerio.bozzolan triaged this task as High priority.Apr 24 2024, 8:32 AM
valerio.bozzolan updated the task description. (Show Details)
valerio.bozzolan closed subtask T363295: server members2: support PHP 8.0+ for Nextcloud as Resolved.
valerio.bozzolan subscribed.Apr 24 2024, 8:46 AM

Announced in Tech Boost bulletin.

https://meta.wikimedia.org/wiki/Talk:Wikimedia_CH/Tech_boost/Diary#Self-Hosting_a_Nextcloud

valerio.bozzolan updated the task description. (Show Details)Apr 24 2024, 9:04 AM

I'm particularly OK with these:

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Header always set X-Frame-Options           "SAMEORIGIN"
Header always set X-Content-Type-Options    "nosniff"
Header always set Referrer-Policy           "strict-origin-when-cross-origin"

But I'm not bold enough in enabling Content-Security-Policy or Permissions-Policy. Tips welcome.

valerio.bozzolan added a commit: rWCINee54b3956596: members2: install Nextcloud.Apr 24 2024, 12:00 PM
valerio.bozzolan added a commit: rWCIN901de1f9ee51: members2: enable nextcloud.
ValerioBoz-WMCH closed subtask T365342: Evaluate Collabora VS OnlyOffice - deploy Collabora - WMCH Nextcloud as Resolved.Sep 16 2024, 1:42 PM
ValerioBoz-WMCH closed this task as Resolved.Sep 16 2024, 1:44 PM

Management liked the prototype. We now proceed by delegating everything to our new technology partner C68, and keeping our self-hosted prototype only to run additional tests on demand.

ValerioBoz-WMCH reopened this task as Open.Oct 4 2024, 1:06 PM

Ilario asked me to keep this Nextcloud installation as "internal" installation, like

https://intern.wikimedia.ch/

ValerioBoz-WMCH added a parent task: T380568: Demo community tools for WMCH.Nov 29 2024, 11:31 AM
ValerioBoz-WMCH added a subtask: T380631: WMCH Nextcloud: setup outgoing email notifications.
ValerioBoz-WMCH added a subtask: T380634: WMCH Nextcloud: show news on the dashboard.
ValerioBoz-WMCH updated the task description. (Show Details)Nov 29 2024, 11:36 AM
ValerioBoz-WMCH closed subtask T380631: WMCH Nextcloud: setup outgoing email notifications as Resolved.Nov 29 2024, 11:42 AM
ValerioBoz-WMCH closed subtask T381153: WMCH Nextcloud: auto-accept shared as Declined.Dec 2 2024, 9:09 AM
ValerioBoz-WMCH closed subtask T382154: WMCH Nextcloud: enable Forms application as Resolved.Dec 13 2024, 3:47 PM
ValerioBoz-WMCH closed subtask T382174: WMCH Nextcloud: set default Dashboard view as Resolved.Dec 18 2024, 7:34 AM
ValerioBoz-WMCH closed subtask T382393: WMCH Nextcloud: personalize a bit as Resolved.Dec 18 2024, 7:41 AM
ValerioBoz-WMCH closed subtask T380634: WMCH Nextcloud: show news on the dashboard as Resolved.Jan 10 2025, 8:53 AM
ValerioBoz-WMCH closed this task as Resolved.Jan 10 2025, 9:02 AM

Basic features are implemented since December 2024 \o/

https://nextcloud.wikimedia.ch/

ValerioBoz-WMCH closed subtask T386462: WMCH Nextcloud: adopt wikimedia.ch sender as Resolved.Feb 14 2025, 4:43 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits