For an introduction to NixOS and local server installation, please refer to the blog post "Basic Steps to Install Minimal NixOS" that was previously posted.
On the NixOS download page, there is a method provided for quick and easy deployment to AWS. We will use this method to quickly deploy NixOS.
Create EC2 Instance#
Sometimes (such as when writing this blog post), you may not be able to find the NixOS AMI on the download page. In this case, you can search for "nixos" in the AWS console to find the NixOS AMI.
When selecting the AMI, pay attention to the architecture and select "x86_64". The correct AMI should look similar to the image below:
You should choose the appropriate instance type based on your cost and performance requirements. I chose "t2.micro" because it is free.
When using AWS for the first time, you need to create a new key pair. The key pair is the only way to connect to the EC2 instance, so be sure to keep the key pair safe. If you are not using AWS for the first time, it is also recommended to create a new key pair to prevent your key pair from being compromised.
For the network security group, you must open the SSH port (default 22) to connect to the EC2 instance. Since this is a web server, you also need to open ports 80 (HTTP) and 443 (HTTPS).
If you encounter connectivity issues, you can temporarily open all ports for troubleshooting purposes. However, this should only be done in a non-production environment, and be sure to close the ports promptly after troubleshooting.
Although NixOS takes up very little space, we still recommend choosing at least 8GB of storage space. If your instance type supports EBS optimization, please enable it.
Connect to EC2 Instance and Copy Configuration#
Connect to EC2 Instance#
In the AWS console, you can see the public IP address of the EC2 instance. You can use this IP address to connect to the EC2 instance.
For the following steps, let's assume the public IP address is
1.14.51.4and the username isec2-user.
This IP address is from a meme. Interestingly, this IP address is real and owned by a large Chinese internet company (Tencent).
sudo ssh -i /path/to/your/key.pem [email protected]
We have already deployed Nextcloud locally and written the Nix configuration file in a previous blog post. We can download the configuration file from the EC2 instance and copy it to the EC2 instance if it does not cause any destructive operations.
It is recommended to use FileZilla + VS Code for this process as it is convenient. If you do not want to use FileZilla, you can use the scp command.
Copy Configuration File#
In fact, the configurations.nix in AWS and the previously installed NixOS have significant differences. In the 23.05 version, the configuration is as follows:
{ modulesPath, ... }: {
imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ];
}
Yes, I didn't make any modifications. That's how big the difference is.
But that doesn't mean it can't be used. In the local test file, we configured Nextcloud like this:
environment.systemPackages = with pkgs; [
vim
wget
curl
openssh
msmtp
];
services.nextcloud = {
enable = true;
hostName = "nextcloud.tld";
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
adminpassFile = "/path/to/your/nextcloud/adminpass";
adminuser = "root";
};
package = pkgs.nextcloud26;
};
services.postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{ name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
networking.firewall.allowedTCPPorts = [ 80 443 465 587 ];
This is an example file, and there are some placeholders like
/path/to/your/nextcloud/adminpassthat need to be modified according to your actual situation.
We can copy these configurations to the reserved space in the initial configuration file and replace the original configuration file with the edited one.
In FileZilla, you can directly upload the modified file and overwrite the original file.
Note: You need to modify the first line
{ modulesPath, ... }: {to{ config, pkgs, ... }: {
I think you probably haven't learned the syntax of Nix, so let me explain it briefly here.
After overwriting the original configuration file, apply the configuration file.
sudo nixos-rebuild switch
The nixos-rebuild command uses a large amount of space, so make sure your disk space is sufficient. Also, be careful not to use the nixos-rebuild command under nix-shell.
Adjust Configuration#
Different from local deployment, we need to adjust some configurations to fit the AWS environment. The configurations that need to be adjusted can be found on the Nextcloud overview page.
Configure HTTPS#
First, address this warning.
According to the Wiki, you can configure the following to enable HTTPS.
services.nextcloud = {
enable = true;
[...]
hostName = "example.org";
https = true;
};
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
enableACME = true;
};
This configuration uses ACME to automatically obtain free Let's Encrypt certificates. This is a very good choice for most users.
Of course, since we are using ACME, we need to configure it. Before configuring ACME, make sure you have a domain name and have it resolved to your server.
security.acme = {
acceptTerms = true;
email = "[email protected]"; # Replace with your email.
certs = {
"yourdomain.com".extraDomains = [ "www.yourdomain.com" ]; # Replace with your domain and subdomains.
};
};
You may encounter an error
undefined variable 'config', this is because you did not addconfigin{ modulesPath, ... }: {. Please refer to the explanation above.
You do not need to manually install ACME in environment.systemPackages. When you set security.acme.acceptTerms = true, Nix will automatically install it. By default, ACME can automatically renew certificates. So you don't have to worry about the certificate expiring.
If you encounter any issues, you can check the log in /var/log/acme/acme.log.
Set Default Phone Region#
Please refer to this article.
Although it is in English, I believe you can use a translation tool, right?
OPcache Module Not Configured Correctly#
As shown in the image above, there is a warning that the strings buffer is approaching the limit. To resolve this warning, simply increase opcache.interned_strings_buffer as mentioned above.
Here, I set it to 16.
services.nextcloud = {
enable = true;
[...]
phpOptions = {
"opcache.interned_strings_buffer" = "16";
};
};
Email Sending#
Since I deployed Nextcloud on EC2, I used AWS SES to send emails. You can also choose to use other services, such as SendGrid.
SES configuration can be a bit complicated, but in summary, you need to do the following:
- Create an IAM user in the AWS console and grant it permission to send emails with SES.
- Verify your domain in SES.
- Create an SMTP credential in SES. Obtain the SMTP username and password of the IAM user.
- Add recipient email addresses or request to remove the sandbox restriction.
- Configure SMTP in Nextcloud.
services.nextcloud = {
enable = true;
[...]
extraOptions = {
mail_smtpmode = "smtp";
smtpsecure = "ssl";
mail_sendmailmode = "smtp";
mail_from_address = "nextcloud";
mail_domain = "example.com";
mail_smtphost = "smtp.example.com";
mail_smtpport = "465";
mail_smtpauth = 1;
mail_smtpname = "[email protected]";
mail_smtppassword = "password";`
};
};
The SMTP configuration needs to refer to the SMTP credential in the AWS console. The SMTP server address and port need to refer to the information in SES.
Enable App Store#
When using the Nix configuration file to install apps from the app store, the app store is automatically disabled. However, you can manually enable it by adjusting the Nix configuration.
services.nextcloud = {
enable = true;
[...]
appstoreEnable = true;
};
Nix Configuration File Reference#
Basically, copy a part of the configuration file from the local deployment to the EC2 instance, and then make some adjustments as mentioned earlier.
IPFS link to the complete configuration file
Maintenance#
Using block storage is not cost-effective, and in the future, you may need to use object storage to save costs when there are more files. Nix provides a convenient way to mount S3 to Nextcloud.
Due to PHP performance issues, it is not recommended to store a large number of files in Nextcloud.
Just finished setting up and haven't encountered any issues yet. If any issues arise, I will update here. For larger issues, I may write a separate blog post. If you don't want to miss any updates, please follow my blog on the blockchain.