Editing Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software (section)

= Replacing Google Drive, Photos, Docs, Sheets, &amp; Keep =

Next up, we’ll be setting up a complete app suite so those of you used to iCloud for photos, Google Docs for online office, backup, etc., don’t feel like you’re making big sacrifices. The programs we’ll be installing are as follows:

# Immich, to replace Google Photos/iCloud Photos
# Onlyoffice, to replace Google Docs &amp; Google Sheets
# Syncthing, to replace iCloud &amp; Google Drive
# Samba, to allow easy access in any file explorer in any operating system to users connected via VPN
# Nextcloud Notes for a Google Keep-like notes system.

<span id="step-1-making-a-new-virtual-machine"></span>
== Step 1: Making a new virtual machine ==

We are going to create a second Ubuntu server virtual machine for our next task – setting up Immich, Onlyoffice, and Syncthing. These instructions are virtually identical to the instructions for installing a virtual machine for Mailcow.

<span id="what-makes-this-virtual-machine-installation-different-from-mailcows-vm-installation"></span>
=== What makes this virtual machine installation different from Mailcow’s VM installation? ===

We want more RAM &amp; CPU power for this instance because:

* Immich is going to transcode videos we upload to video proxies
* Immich is going to run machine learning tasks on your photos (LOCALLY)
* Immich is going to create thumbnails of our photos

<blockquote>Note: What is a video proxy? Video proxies &amp; photo thumbnails are smaller, more compressed versions of the original video or picture that allow you to load them quickly even when your internet connection is slow.
</blockquote>
<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_a05cc5c9.png
</gallery>

<span id="step-1-setting-up-virtual-machine-manager-virsh-1"></span>
=== Step 1: Setting up Virtual Machine Manager (virsh) ===

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_b51c10bd.png
</gallery>

# In '''Virtual Machine Manager''', click '''File &gt; New Virtual Machine''' from the menu.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_151745e3.png
File:lu55028jxef6_tmp_9a251511.png
File:lu55028jxef6_tmp_8bf9cc92.png
</gallery>

<span id="choose-installation-media-1"></span>
==== 1.1 Choose Installation Media ====

* Select '''“Local install media (ISO image or CDROM)”''' and click '''“Forward”'''.
* Click '''“Browse”''' to select your Ubuntu Server ISO.
* Choose the ISO file you prepared earlier (e.g., <code>/var/lib/libvirt/images/ubuntu-server.iso</code>) and click '''“Forward”'''.

<span id="choose-operating-system-version-1"></span>
==== 1.2 Choose Operating System Version: ====

* Virtual Machine Manager may automatically detect the OS. If not, search for <code>ubuntu</code> and choose what is closest to your version. When in total doubt, <code>linux generic 2022</code> works.
* Click'''“Forward”'''.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_f72805e.png
</gallery>

<span id="configure-memory-and-cpu-1"></span>
==== 1.3 Configure Memory and CPU: ====

* Allocate the resources for your VM:
** '''Set RAM''': I would use at LEAST 75% of your machine’s RAM.
** '''Set vCPUs''': I would set this to at least 75% of your CPU’s cores.
* Click “Forward”.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_52d81284.png
</gallery>

<span id="configure-storage-1"></span>
==== 1.4 Configure Storage: ====

* Select '''Create a disk image for the virtual machine'''.
* I would make this as large as you imagine your entire smartphone backup to be, plus extra for padding.
* What is the size of ALL of your photos, videos, and files on your phone? That’s the size to choose here.
* '''When I say videos, I do not mean things you want to watch at home/on your TV – we will have another setup for that. I mean your personal photo albums/videos recorded on your phone.'''
* Make sure the disk image format is QCOW2. This format supports resizing, and other cool features.
* Click '''“Forward”'''.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_f64d0065.png
</gallery>

<span id="set-up-networking-with-the-bridge-interface-1"></span>
==== 1.5 Set Up Networking with the Bridge Interface ====

* Choose '''“Specify shared device name”''' under '''“Network Selection”'''.
* In the Device Name field, type <code>br0</code> (or whatever name you have given your bridge interface).
* This will allow the VM to grab a static IP from the same network as your host machine, making sure it acts like an independent hardware device.
* Click '''“Forward”'''.

<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_60757ece.png
</gallery>

</div>
<span id="finish-customize-before-installing-1"></span>
==== 1.6 Finish &amp; Customize Before Installing ====

* Name your virtual machine (e.g., “androidstuff”), something suitable for what this machine will do.
* Before clicking '''“Finish”''', check the box that says '''“Customize configuration before install”'''.
* Click '''“Finish”'''.

<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_f5a5b1fa.png
</gallery>

</div>
<span id="step-2-install-ubuntu-server-as-a-virtual-machine-1"></span>
=== Step 2: Install Ubuntu Server as a Virtual Machine ===

'''I will be blazing through this since we did this already once - refer to Installing Ubuntu Server with RAID 1, LVM, and LUKS Encryption above.'''

'''Keep in mind the following:'''

We are NOT using LUKS encryption here. There is no need since the image is going to be stored on an encrypted partition.

We are NOT using RAID – this is a disk image that is being stored on a RAID array, so we are not doing that.

We are configuring networking the same as we did before, but we will be using a '''''different''''' IP address!

<span id="start-the-installation-process-in-the-virtual-machine-1"></span>
==== 2.1 Start the installation process in the virtual machine ====

Choose your language and select '''“Try or install Ubuntu Server”'''.

Follow the installation prompts.

<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_ec4e8896.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_578acc67.png
</gallery>

</div>
<span id="configure-static-ip-address-1"></span>
==== 2.2 Configure Static IP Address ====

* When you reach the Network configuration screen, select the network interface that corresponds to your network interface.
* Choose the option '''“Configure network manually”'''.
* Enter the following details:
** IP Address: '''192.168.5.5'''
** Subnet: '''192.168.5.0/24'''
** Gateway: '''192.168.5.1'''
** Nameserver: '''192.168.5.1'''
* Make sure you enter all the details correctly to provide the virtual machine has the correct static IP configuration.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_96b658d9.png
File:lu55028jxef6_tmp_db73416d.png
File:lu55028jxef6_tmp_395bacbb.png
File:lu55028jxef6_tmp_11e6c2bf.png
File:lu55028jxef6_tmp_b4d42965.png
File:lu55028jxef6_tmp_c3cac3b1.png
File:lu55028jxef6_tmp_d358ecfb.png
File:lu55028jxef6_tmp_35442bae.png
File:lu55028jxef6_tmp_42a93091.png
File:lu55028jxef6_tmp_f21e3690.png
File:lu55028jxef6_tmp_220bed13.png
File:lu55028jxef6_tmp_36760d5c.png
File:lu55028jxef6_tmp_eb8a4fe0.png
File:lu55028jxef6_tmp_64120bbe.png
File:lu55028jxef6_tmp_8281f281.png
File:lu55028jxef6_tmp_b6f1ac1f.png
File:lu55028jxef6_tmp_89692e7.png
</gallery>

<span id="partition-the-virtual-drive-1"></span>
==== 2.3 Partition the virtual “drive” ====

* When you reach the Filesystem setup section, select “Use an entire disk” and then choose the disk you want to install Ubuntu Server on.
* Choose the option “Set up this disk as an LVM group”.
* '''Important:''' At this stage, edit the partition sizes as Ubuntu’s installer usually allocates 2 GB for boot which is ridiculous and even worse it only uses half the available space for your LVM &amp; root. The Ubuntu auto partitioner is horrible.
* Reduce the boot partition to 512 MB.
* Delete the old LVM &amp; root partition.
* Create a new LVM taking up the entire disk.
* Create a logical volume for the root filesystem, using all available space.
* '''Do not encrypt the volume''' (it’s unnecessary since the host drive is already encrypted, and it is not my intention for you to have these VMs running on other people’s servers).

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_3d6c5298.png
File:lu55028jxef6_tmp_751040c0.png
</gallery>

<span id="finalize-installation-do-not-install-docker-1"></span>
==== 2.4 Finalize installation &amp; do not install docker ====

* Set up your username and password.
* '''Choose to install OpenSSH server.'''

<blockquote>'''WARNING:''' DO NOT CHOOSE TO INSTALL DOCKER USING THE PROMPT AFTER THIS!
</blockquote>
* After configuring the partition sizes, proceed with the installation process as usual, following the prompts to set up any additional software you want to install.
* Once the installation is complete, the system will automatically apply your network &amp; partitioning settings.
* When prompted, remove the installation media (ISO) disk image from the virtual machine settings.
* Restart the virtual machine.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_ce86cb27.png
File:lu55028jxef6_tmp_b291175e.png
File:lu55028jxef6_tmp_b1c36016.png
</gallery>

<span id="remove-the-cdrom-1"></span>
==== 2.5 Remove the CDROM ====

* Go to '''View —&gt; Details''' in '''Virtual Machine Manager'''
* Go to '''“SATA CDROM”''' on the left side.
* Confirm that the '''“source path”''' is the ubuntu iso we downloaded for installing Ubuntu server on this virtual machine
* Click '''“remove”''' in the lower right corner.
* UNCHECK '''“delete associated storage files”''' – we will use this image again later!
* Click delete.
* You may have to turn off the VM to do this.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_fb68028c.png
File:lu55028jxef6_tmp_28adba83.png
File:lu55028jxef6_tmp_85359533.png
File:lu55028jxef6_tmp_74771b5d.png
File:lu55028jxef6_tmp_83560fb2.png
File:lu55028jxef6_tmp_f5637068.png
File:lu55028jxef6_tmp_e789b00f.png
</gallery>

<span id="set-up-static-ip-mapping-in-pfsense-2"></span>
==== 2.6 Set Up Static IP Mapping in pfSense: ====

* Log into your '''pfSense''' router.
* Go to '''Status &gt; Diagnostics &gt; ARP Table'''.
* Find the MAC address associated with your server’s IP (in our case this is, '''192.168.5.5'''), copy it.
* Go to '''Services &gt; DHCP Server'''.
* Scroll to the bottom and click '''“Add Static Mapping”'''.
* Enter the MAC address and IP address of your server.
* Give it a descriptive name (such as “androidstuff static IP”).
* Set the hostname to <code>androidstuff</code>.
* Save and apply changes.

<blockquote>'''Note:''' This makes sure that this IP address is reserved for this computer to connect to, so that no other device can take it (unless they are spoofing MAC addresses, but if someone does, that’s a different story).
</blockquote>
<span id="set-up-this-virtual-machine-to-start-at-boot-1"></span>
==== 2.7 Set up this virtual machine to start at boot: ====

Type the following into the terminal at <code>happycloud</code>, which is our main server that we are creating all of these virtual machines on at <code>192.168.5.2</code>:

<pre>virsh autostart androidstuff</pre>
* Check that this is set up properly by typing <code>virsh dominfo androidstuff</code> and seeing if the autostart line is set to enable.
* If you don’t do this, you will realize once it is too late &amp; you’ve left your house after you have rebooted your server (for whatever reason) that none of your services are working. This will suck.
* This command makes it so that the virtual machine starts each time we boot the computer.

You’ve now successfully set up an '''Ubuntu Server''' virtual machine using Virtual Machine Manager, configured with a static IP address and LVM partitioning. We have a virtual machine that we just created that we can use to set up our second server for android backups, image search using machine learning &amp; face detection with local models that don’t connect to the internet. '''EXCITED'''??? I AM! :D :D :D

<span id="step-2-setting-up-syncthing-for-android-backups"></span>

== Step 2: Setting up Syncthing for android backups ==

<span id="step-1-install-syncthing"></span>
=== Step 1: Install syncthing ===

<span id="add-the-syncthing-repository"></span>
==== 1.1 Add the Syncthing Repository ====

First, we need to add the Syncthing repository and its PGP key for package verification.

<ol style="list-style-type: decimal;">
<li><p>Create a directory for the keyring:</p>
<pre>sudo mkdir -p /etc/apt/keyrings</pre></li>
<li><p>Download the Syncthing release PGP key:</p>
<pre>sudo curl -L -o /etc/apt/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg</pre></li>
<li><p>Add the Syncthing stable repository to your APT sources:</p>
<pre>echo &quot;deb [signed-by=/etc/apt/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable&quot; | sudo tee /etc/apt/sources.list.d/syncthing.list</pre></li></ol>

<span id="make-sure-syncthing-repository-takes-priority"></span>
==== 1.2 Make Sure Syncthing Repository Takes Priority ====

To make sure the system packages don’t take preference over the ones in the Syncthing repository:

<ul>
<li><p>Create a preferences file for APT:</p>
<pre>sudo nano /etc/apt/preferences.d/syncthing</pre></li>
<li><p>Add the following content to the file:</p>
<pre>Package: *
Pin: origin apt.syncthing.net
Pin-Priority: 990</pre></li>
<li><p>Save &amp; exit the editor (in nano, press <code>Ctrl+X</code>, then <code>Y</code>, then <code>Enter</code>).</p></li></ul>

<span id="install-syncthing"></span>
==== 1.3 Install Syncthing ====

Now that we’ve added the repository and made sure its priority, let’s install Syncthing:

<ul>
<li><p>Update the package lists and make sure your system is up to date:</p>
<pre>sudo apt-get update
sudo apt-get upgrade -y</pre></li>
<li><p>Install Syncthing:</p>
<pre>sudo apt-get install syncthing -y</pre></li></ul>

<span id="step-2-setting-up-syncthing-as-a-system-service"></span>
=== Step 2: Setting Up Syncthing as a System Service ===

To have Syncthing start automatically on system boot, even without user login, we’ll set it up as a <code>systemd</code> service that runs as our user, even if we haven’t logged in yet.

<span id="create-a-systemd-service-file"></span>
==== 2.1 Create a Systemd Service File ====

<ol style="list-style-type: decimal;">
<li><p>Create a new service file:</p>
<pre>sudo nano /etc/systemd/system/syncthing@$USER.service</pre></li>
<li><p>Add the following content to the file:</p>
<pre>[Unit]
Description=Syncthing
Documentation=man:syncthing
After=network.target

[Service]
User=%i
ExecStart=/usr/bin/syncthing -no-browser -gui-address=0.0.0.0:8384
Restart=on-failure
RestartSec=5
SuccessExitStatus=3 4
RestartForceExitStatus=3 4
# Harder
ProtectSystem=full
PrivateTmp=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target</pre></li>
<li><p>Save and exit the editor, hit <code>Ctrl+X</code> then <code>Y</code> to save.</p></li></ol>

<span id="configure-the-service"></span>
==== 2.2 Configure the Service ====

<ol style="list-style-type: decimal;">
<li><p>Enable the service:</p>
<pre>sudo systemctl enable syncthing@$USER.service</pre></li>
<li><p>Start the service:</p>
<pre>sudo systemctl start syncthing@$USER.service</pre></li></ol>

<span id="step-3-securing-syncthings-web-interface"></span>
=== Step 3: Securing Syncthing’s Web Interface ===

By default, Syncthing’s web interface is accessible from any device that can reach your server. This makes it very important to secure the interface with a strong password.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_a1d1627a.png
File:lu55028jxef6_tmp_7548e599.png
File:lu55028jxef6_tmp_79b6bf05.png
File:lu55028jxef6_tmp_e4e01235.png
File:lu55028jxef6_tmp_3e71e99.png
</gallery>

<span id="access-the-web-interface-1"></span>
==== 3.1 Access the Web Interface ====

# Open a web browser and navigate to <code>http://192.168.5.5:8384</code> or <code>http://androidstuff.home.arpa</code>.
# You should see the Syncthing web interface.

<span id="add-a-gui-password"></span>
==== 3.2 Add a GUI Password ====

# In the web interface, click on the “Actions” button (gear icon) in the top right corner.
# Select '''“Settings”''' from the dropdown menu.
# In the Settings page, scroll down to the '''“GUI”''' section.
# Find the '''“GUI Authentication User”''' field and enter a username.
# In the '''“GUI Authentication Password”''' field, enter a strong password.
# Check '''“Use HTTPS for GUI”''' so we can visit the server using https://androidstuff.home.arpa:8384 instead. It’s a good habit. :)

<blockquote>'''Note:''' Choose a complex password so some random person who attaches to your home wifi if you forget to set up a guest network that has no LAN access can’t mess with your Syncthing configuration.
</blockquote>
<ol start="7" style="list-style-type: decimal;">
<li>Click '''“Save”''' at the bottom of the page.</li>
<li>Syncthing will prompt you to confirm the changes. Click '''“Yes”''' to apply the new settings.</li>
<li>You’ll be logged out and prompted to log in with your new credentials.</li>
<li>Attempt to access the interface again. You should be prompted for the username and password you set. If not, you messed something up. Do not pass go, do not collect $200, until this asks you for a password to log in.</li></ol>

<span id="step-4-configuring-syncthing-discovery-settings"></span>

=== Step 4: Configuring Syncthing Discovery Settings ===

<span id="understanding-discovery-methods-why-we-dont-use-them."></span>
==== 4.1 Understanding Discovery Methods &amp; why we DON’T USE THEM. ====

Discovery methods are how the syncthing app on your phone will “find” the server you set up as your backup server.

<blockquote>'''NOTE:''' Our server has a static IP: <code>192.168.5.5</code>. We went through the trouble to make sure it always lives at <code>192.168.5.5</code> via static mappings in '''pfSense''' and configuring a static IP in the server’s networking settings. Our server will '''always''' be present at <code>192.168.5.5</code> or <code>androidstuff.home.arpa</code> while we are connected via VPN. All Syncthing “discovery” is doing is trying to find our machine, but why use a find feature when we already know where it is? This adds another point of failure for no good reason! Think of it like making your iPhone invisible &amp; then enabling '''“find my iPhone.”'''
</blockquote>
This setup we are installing syncthing onto has the following:

# A static IP configured, so that it is '''always''' <code>192.168.5.5</code>
# A static IP mapping configured in our router, so that no other device on our network can ever steal <code>192.168.5.5</code> from the computer running syncthing.
# A static hostname of <code>androidstuff</code> that does not change.
# Dynamic DNS for our main internet connection, so when we are outside our network our '''pfSense''' router &amp; <code>FreeDNS</code> will make sure that <code>louishomeserver.chickenkiller.com</code> always points to our home network IP address.

'''I will showcase local discovery failing on video.''' It ''“works”'' when I initially connect to my server via QR code &amp; visiting it in the browser, but fails when I try to connect again. This is because my VPN is on network <code>192.168.6.0/24</code> and my Syncthing is on <code>192.168.5.0/24</code>. I was hoping local discovery would be “smart” enough to remember the last IP address my server was on since it had not changed, but it did not.

'''NEVER RELY ON SOMETHING ELSE TO BE “SMART” IN SOLVING A PROBLEM THAT DOES NOT HAVE TO EXIST IN THE FIRST PLACE!'''

<span id="local-discovery-do-not-trust"></span>

==== 4.2 Local Discovery – DO NOT TRUST! ====

Local discovery allows Syncthing to find other devices on your local network automatically. Key word, ''local'' – meaning your subnet of <code>192.168.5.0/24</code>. What if you connect via your VPN, which is on <code>192.168.6.0/24</code>?

When we first add the QR code of our Syncthing instance to our Android phone Syncthing app, Syncthing will connect to our desktop server running Syncthing. HOWEVER: our Android application will NOT find the Syncthing server the NEXT time we connect. THIS IS BAD!!

This is even worse than it not working at all, as it will give the false impression that it works. This is how people who have set up “backup solutions” end up as customers of Rossmann Repair Group paying $2000 to recover a hard drive that fell off a balcony.

<span id="connecting-reliably-to-syncthing-without-discovery-hassles"></span>
===== Connecting Reliably to Syncthing without Discovery Hassles =====

This situation is actually '''worse''' than if Syncthing had no Local Discovery feature at all. If it didn’t work from the start, you’d know you couldn’t rely on it and would just hardcode the IP of your Syncthing server right into your Android app, using the server’s local IP to connect directly.

What’s dangerous is that Syncthing’s Android app connects the first time by scanning the QR code on the server, making it seem like it’s actually discovering your computer. But it’s not. Next time you try to connect—especially if you’re on a different subnet via VPN—it’ll fail to find the server.

'''Syncthing doesn’t even remember the last IP address it used, so it ends up trying to rediscover it, failing again.'''

I get it. If it can’t find the server on a different subnet when you’re using a VPN, fine, but it’s dangerous that Syncthing doesn’t try the last known IP to see if it still works.

'''TL;DR – to avoid becoming a data recovery customer, don’t trust local or global discovery. Just use the IP address of the server, which in our case is <code>192.168.5.5</code>, and check that it works three separate times under three separate conditions before ever assuming that it is working, as you should with ANY backup solution!'''

<span id="global-discovery"></span>
==== 4.3 Global Discovery ====

Global discovery helps Syncthing find your devices over the internet. It works by periodically announcing your device’s presence to global discovery servers.

* '''Privacy Implications:''' Higher risk, as it involves sharing your device’s information with external servers. This could potentially expose:
** Your IP address
** The fact that you’re using Syncthing
** When your device is online

The bigger issue with this is not privacy, ''it’s that it is unnecessary'' and adds another point of failure over entering the hostname manually.

<span id="configuring-discovery-settings"></span>
==== 4.2 Configuring Discovery Settings ====

# '''Access Syncthing Settings'''
## Open the Syncthing web interface (typically <code>https://192.168.5.5</code> or <code>https://androidstuff.home.arpa:8384</code>).
## Click on the “Actions” button (gear icon) in the top right corner.
## Select “Settings” from the dropdown menu.
# '''Adjust Discovery Settings'''
## In the Settings page, scroll to the “Connections” section.
## Find the following options:
##* '''Enable Local Discovery:''' Keep this checked.
##* '''Enable Global Discovery:''' Uncheck this box.
## Click “Save” at the bottom of the page.
## Syncthing will prompt you to confirm the changes. Click “Yes” to apply the new settings.

<span id="step-5-connecting-server-syncthing-to-android-syncthing"></span>
=== Step 5: Connecting server syncthing to android syncthing ===

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_90112fd.png
File:lu55028jxef6_tmp_5f13fe67.png
File:lu55028jxef6_tmp_98846264.png
File:lu55028jxef6_tmp_7cd671c.png
File:lu55028jxef6_tmp_9884f00d.png
File:lu55028jxef6_tmp_1527f750.png
File:lu55028jxef6_tmp_27000b93.png
File:lu55028jxef6_tmp_2a5ef23.png
File:lu55028jxef6_tmp_66c6b48d.png
</gallery>

<span id="connect-to-your-vpn."></span>
==== 5.0 – Connect to your VPN. ====

Your android phone must be connected to your VPN for you to connect to your server if your phone is not on the same wifi network as the virtual machine running the syncthing server.

<span id="install-syncthing-from-the-f-droid-store."></span>
==== 5.1 Install syncthing from the f-droid store. ====

* Go to the ''[https://f-droid.org/en/packages/com.github.catfriend1.syncthingandroid/ F-Droid Store to install syncthing-fork]''
* Upon starting syncthing, provide it permissions for notifications.
* Permissions for location are not necessary.

<span id="avoid-becoming-a-data-recovery-customer"></span>

==== 5.2 Avoid becoming a data recovery customer ====

'''Delete the Camera Folder''': Not from the device, just from the sync list, within syncthing. Tap on the camera folder &amp; hit the trash bin in the upper right.

There’s a good reason for that. You might think, “Why? I WANT to sync and back up my photos and videos!!” Here’s the thing: sometimes, camera apps switch folders without you knowing. I’ve seen cases where photos were saved in a different folder INSIDE the DCIM folder, and the gallery app only showed one specific folder.

I’m not a predatory technician that ''[https://www.youtube.com/watch?v=OVZTBhVV5tI&pp=ygUVZHJpdmVzYXZlcnMgIHJvc3NtYW5u bills people $3000 for a bad iPhone screen or charge port]''. But they are out there, and someone was close to paying $500 to a different scam artist data recovery company because their gallery app wasn’t checking a 2nd folder inside of the DCIM folder where another program was saving photos to.

We are not going to back up the camera folder ''within'' the DCIM folder. We are going to back up the '''entire DCIM folder.'''

For those who don’t know, on 99% of Android devices, '''DCIM''' is a folder in the root directory of the ''“visible”'' filesystem within which the subfolders storing your recorded videos &amp; pictures reside.

Next, I am going to do something different. I wanted to show you what happens when you use local discovery/dynamic rather than inserting your actual server IP address into the server field. This meant including screenshots from a LATER step, after I had already added folders that we are going to sync, to show you how syncthing fails with local discovery. '''It’s important to me that you understand how this fails with images for yourself, so you don’t create a setup that makes you a data recovery customer.'''

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_621c170c.png
File:lu55028jxef6_tmp_fb6bf453.png
File:lu55028jxef6_tmp_364a837e.png
File:lu55028jxef6_tmp_d9c45480.png
File:lu55028jxef6_tmp_1948d4b.png
File:lu55028jxef6_tmp_2bfff860.png
File:lu55028jxef6_tmp_2a5c001f.png
</gallery> hEREEEEEEEEEEEEEE<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_cc3f5925.png
File:lu55028jxef6_tmp_62d8fd43.png
File:lu55028jxef6_tmp_f74f4252.png
File:lu55028jxef6_tmp_cb876287.png
File:lu55028jxef6_tmp_123b314.png
File:lu55028jxef6_tmp_4e264fbe.png
</gallery>

'''Here is what will happen if you set this up with dynamic, disconnect, and then reconnect. Note how it shows up as “idle” for syncing and “disconnected” on the android phone; it is transferring NOTHING, even though the desktop syncthing server GUI shows that we are out of sync.'''

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_b52ee6c4.png
File:lu55028jxef6_tmp_30c1edaf.png
</gallery>

<span id="add-a-device-to-syncthing-android-app"></span>
==== 5.3 Add a device to syncthing android app ====

# On the top, you’ll see '''Folders''' and '''Devices'''.
# Tap '''Devices'''.
# Tap the plus in the upper right corner to add a device.
# Tap the QR code next to '''Device ID''' in the upper right.
# Go back to the '''Ubuntu Server Syncthing Web Interface'''.
#* Open a web browser and navigate to <code>http://192.168.5.5:8384</code> or [http://androidstuff.home.arpa:8384/ http://androidstuff.home.arpa:8384].
# Obtain Device ID and QR Code
#* In the web interface, click on the blue gobbledygook of numbers &amp; letters next to '''“Identification”''' under '''“This Device”''' (gear icon) in the top right.
#* Select '''“Show ID”'''.
#* You’ll see a QR code and the device ID. ''SCAN YOURS. DO NOT SCAN MINE. I SHOWED A PICTURE OF MINE SO YOU CAN SEE WHAT IT LOOKS LIKE.''
# Configure Device Settings on Android
#* '''Device Name:''' Enter a recognizable name (e.g., “Ubuntu Server”).
#* '''Addresses:''' ''DO NOT CHOOSE DYNAMIC. USING DYNAMIC WILL CAUSE IT TO NOT SYNC WHEN YOU DISCONNECT &amp; RECONNECT FROM YOUR NETWORK. IT WILL WORK THE FIRST TIME, AND THEN NEVER SYNC AGAIN, AND YOU WILL BE PAYING DATA RECOVERY DOUCHEBAGS TO RECOVER YOUR PHONE.''

<blockquote>'''How dynamic failed:''' I used “dynamic” as an example of why it doesn’t make sense to use autodiscovery when you KNOW where your server is. I chose dynamic, and it connected &amp; worked. When I disconnected from my network &amp; reconnected, the ''Devices'' tab in the Syncthing Android app showed me to be ''disconnected'' and the ''Folders'' tab showed the folders to be ''idle'' even though the web GUI for Syncthing said that my folder was ''Out of sync'' and ''Remote Devices'' showed my phone as ''Disconnected''.
</blockquote>
<ul>
<li><p>FILL IN '''“Address”''' when adding a device as follows, if you used the setup I was using within this guide to Syncthing.</p>
<pre>tcp://192.168.5.5:22000</pre></li>
<li><p>OR</p>
<pre>tcp://androidstuff.home.arpa:22000</pre></li>
<li><p>The format is <code>tcp://</code>, then your IP address, then <code>:22000</code> for the port.</p></li>
<li><p>No need to check “Introduce new devices”.</p></li>
<li><p>'''Did you include the <code>tcp://</code> at the beginning, and the <code>:22000</code> at the end for the port? You’d better have!'''</p></li>
<li><p>Save and continue.</p></li></ul>

<ol start="8" style="list-style-type: decimal;">
<li><p>'''Approve the Connection on Ubuntu Server'''</p>
<ul>
<li><p>Return to the Ubuntu Server web interface.</p></li>
<li><p>You should see a prompt to add a new device.</p></li>
<li><p>Verify the Device ID matches your Android device.</p></li>
<li><p>Click '''“Add Device”'''.</p></li>
<li><p>Set a name for the Android device (e.g., “Android Phone”).</p></li>
<li><p>Click '''“Save”'''.</p></li></ul>
</li>
<li><p>'''Check the Connection'''</p>
<ul>
<li>On both devices, check that the other device appears as connected. The connection might take a few moments to establish.</li></ul>
</li></ol>

<blockquote>'''Note:''' Make sure that port <code>22000</code> (or your configured Syncthing port) is open in your Ubuntu Server’s firewall for incoming connections from your local network. B'''y default <code>ufw</code> is not running and blocking things when you first boot Ubuntu Server''' but that may change at a later date, same way they snuck in the suggestion of pre-installing a snap version of Docker.
</blockquote>
Now you’ve added your Ubuntu Server Syncthing instance to your phone; no open ports, will sync whenever you are on wifi with your VPN on, and continuously back up your phone. Beautiful. :)

<blockquote>'''REMEMBER – DO NOT SET “ADDRESSES” TO “DYNAMIC” – TAP “DYNAMIC” AND REPLACE IT WITH''' <code>tcp://youripaddress:22000</code> '''REPLACING “youripaddress” WITH THE IP ADDRESS OF THE VIRTUAL MACHINE THAT IS RUNNING SYNCTHING.'''
</blockquote>
<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_65626c83.png
File:lu55028jxef6_tmp_135ac5ce.png
File:lu55028jxef6_tmp_ffc850bf.png
File:lu55028jxef6_tmp_23122602.png
File:lu55028jxef6_tmp_4468da5a.png
File:lu55028jxef6_tmp_a83ae883.png
</gallery>

<span id="step-6-configuring-syncthing-for-organized-android-backups"></span>
=== Step 6: Configuring Syncthing for Organized Android Backups ===

<span id="configure-android-syncthing-app"></span>
==== 6.1 Configure Android Syncthing App ====

# Open Syncthing on your Android device.
# For each folder you want to sync:
#* Tap the plus icon in the upper right in the folders part of the app.
#* Tap folder label and label it.
#* Tap the directory and choose your directory you want to sync (it’ll let you choose everything besides the download folder on android).
# '''MAKE SURE TO TOGGLE THE SERVER SWITCH UNDER WHERE YOU TAPPED TO CHOOSE THE DIRECTORY YOU WANTED TO SYNC SO THAT IT ACTUALLY BACKS UP.'''
#* Choose ''send &amp; receive'' if you want two-way folder sync.
#* Choose ''send'' if you want it to only send files to your server.
#* Choose ''receive'' if you only want it to receive files from your server

A good rule of thumb: For smaller folders and stuff you transfer to your phone to read on a trip, audiobooks, etc., I choose ''SEND &amp; RECEIVE'' so I can transfer both ways. For stuff like videos I record and photos I take (the DCIM folder), I choose ''SEND ONLY''. I have a 256 GB phone, and over 1.3 terabytes of videos I have recorded… I can’t sync all of that to my phone or it will fill up. But I have less than 1 GB of audiobooks, books, and max 20 GB of movies I am watching at any given time on my phone.

<ol start="7" style="list-style-type: decimal;">
<li>'''Tap checkbox in upper right corner when done.'''</li></ol>

<span id="syncing-on-wifi-only-yes-or-no"></span>
==== 6.2 Syncing on wifi only – yes or no? ====

Your Android device can connect to Syncthing, and you can configure Syncthing while you’re on the go. But by default, your Android device must be on wifi in order for file transfer and backup to occur. Even if you are connected to your VPN, your Android device is not going to transfer files if you are not on wifi.

The way you change this is by editing the folder settings in the Syncthing Android app, and disabling the “sync on wifi only” option. I would suggest doing this for folders with SMALL files like documents, audiobooks, and not for folders with LARGE files like the DCIM folder with your recorded videos and camera pictures.

Unlimited plans have data caps; try using 200 GB in 10 days on any ''“unlimited”'' wireless data plan in the United States and watch your ''“unlimited 5G”'' turn into a 56k modem. The only reason they can market using this wankery is because consumer protection law in the United States is a joke.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxef6_tmp_32088dd0.png
File:lu55028jxef6_tmp_40872f6d.png
File:lu55028jxef6_tmp_5f537918.png
File:lu55028jxef6_tmp_5b05dae0.png
File:lu55028jxef6_tmp_a7b2093d.png
File:lu55028jxef6_tmp_16c65783.png
File:lu55028jxef6_tmp_19a75a7a.png
File:lu55028jxef6_tmp_ceaf4d3d.png
File:lu55028jxef6_tmp_9bd9aead.png
</gallery>

<span id="accept-folders-on-ubuntu-server"></span>
==== 6.3 Accept Folders on Ubuntu Server ====

# On the Syncthing web interface of your Ubuntu server, you’ll see notifications for new folders.
# For each folder: Click '''“Add”'''.
# CHANGE THE BASE DIRECTORY FROM <code>~/(foldernamehere)</code> '''to''' <code>~/androidbackup/(foldernamehere)</code> so you don’t clog up your base directory. This makes it easy to see in one click what everything we’re backing up from the android phone is.
# Click '''Save'''.

<span id="creating-new-folders-on-ubuntu-server"></span>
==== 6.4 Creating New Folders on Ubuntu Server ====

* It does it for you. What a beautiful program, right? :)

<span id="step-7-verify-and-test-inspect-what-you-expect"></span>
=== Step 7: Verify and Test – INSPECT WHAT YOU EXPECT! ===

'''Don’t become a data recovery customer. Syncthing is used for backing up your phone - arguably the most important part of this entire process.'''

# 99% of the people who show up for data recovery at a data recovery business thought their data was backing up.
# '''It was not.'''
# Use common sense, look through the folders on your server, look at the web interface, make sure things open.

'''You now have working Android backups!'''

* All folders from your Android device will be organized within the <code>~/androidbackup</code> directory.
* Each Android folder will have its own subdirectory for better organization.

<span id="step-3-installing-onlyoffice-workspace-and-wsgidav-to-replace-google-docs"></span>
== Step 3: Installing ONLYOFFICE Workspace and WsgiDAV to replace Google Docs ==

So we have Syncthing, but how do we edit documents we have on our backup server? SSH in? vi? nano?

No.

We are going to use the same virtual machine for this that we used for Syncthing and install something called ONLYOFFICE.

<span id="nextcloud"></span>
=== Nextcloud? ===

The first thing many people are going to suggest is Nextcloud. Nextcloud is that all-in-one cloud suite that will change your contacts from read-write to read-only so that your contacts get deleted when you update ''(without telling you, of course)'', that ''[https://help.nextcloud.com/t/calendar-timezone-bug/178056 can’t tell time]''. Might it surprise you if I told you that it is miserably slow, and that it gave errors unless you clicked a separate submenu to open a document?

<span id="moving-to-onlyoffice"></span>
=== Moving to OnlyOffice ===

OnlyOffice is fast, and it is used by people who actually pay them. This means that their software has to work, and it does!

<span id="step-0-install-docker-properly."></span>
=== Step 0: Install docker properly. ===

<span id="never-use-ubuntus-snap-version-of-docker"></span>
==== Never use Ubuntu’s snap version of docker ====

Ubuntu installs docker by default using the cancerous snap. We do not want to use snap. Ubuntu installer will ask if you want to install Docker, and you should always say No. 

<span id="doesnt-onlyoffices-install-script-install-docker-for-me"></span>
==== Doesn’t onlyoffice’s install script install docker for me? ====

Onlyoffice’s installation script '''DOES''' install docker for you. I am still going to have you do it manually.

* If you choose to not install onlyoffice, and wish to install Immich, I want you to know how to install docker on this virtual machine ''yourself.''
* I don’t want to rely on onlyoffice’s script. It won’t install docker for us if it detects Docker already, so we’re not going to do a double install. What if onlyoffice’s installation script stops installing docker the same way in a new version, or stops installing docker at all within its script?

It’s little work to install Docker the right way for our purposes manually, and it’s good to have it documented so that you can use docker for immich even if you elect not to install Onlyoffice.

<span id="update-and-upgrade-your-system-1"></span>
==== 0.1 Update and upgrade your system ====

<pre>sudo apt update &amp;&amp; sudo apt upgrade -y
sudo apt install curl git wget -y</pre>
<span id="check-for-other-docker-installations-1"></span>
==== 0.2 Check for other Docker installations: ====

Run <code>docker --version</code> and see what is installed. Nothing should be installed yet since this is a fresh system. If something is installed, remove it.

<pre># Just in case you accidentally installed snap version of docker:

sudo snap remove docker

For other versions of docker: 

sudo apt remove docker docker-engine docker.io containerd runc</pre>
<span id="install-docker-using-official-docker-script-1"></span>
==== 0.3 Install Docker using official Docker script: ====

<pre>curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh</pre>
<blockquote>'''Note:''' It’s very important to use the official Docker installation and not the Snap version. The Snap version can cause issues due to its sandboxed nature, making it a mess for mailcow’s requirements. Docker snap makes me sad, and it’ll make you sad too if you try to make things work with it.
</blockquote>
<span id="install-docker-compose-1"></span>
==== 0.4 Install Docker Compose: ====

Ubuntu’s <code>docker-compose-plugin</code> is safe to use, it is not snap cancer.

<pre>sudo apt install docker-compose-plugin -y
sudo systemctl enable --now docker</pre>
<span id="verify-the-install-1"></span>
==== 0.5 Verify the install ====

Run <code>docker compose version</code> and make sure the version is 2.0 or higher. Run <code>docker --version</code> and make sure version is 24.0.0 or higher

<span id="set-proper-permissions-1"></span>
==== 0.6 Set proper permissions: ====

Docker needs to be run as root for some operations, but you can add your user to the docker group to avoid using <code>sudo</code> all the time. To be clear, mailcow’s own [https://docs.mailcow.email/getstarted/install/#check-selinux-specifics documentation] and [https://community.mailcow.email/d/59-mailcow-containers-running-as-root community] suggest starting with root or <code>sudo</code>, and you should trust them more than me. To quote mailcow developers, ''“Controlling the Docker daemon as non-root user does not give you additional security. The unprivileged user will spawn the containers as root likewise. The behaviour of the stack is identical.”'' Run this command to add your user:

<pre>sudo usermod -aG docker $USER</pre>
Log out and log back in, or run:
<code>newgrp docker</code>

<span id="step-1-install-onlyoffice-workspace-community-edition"></span>
=== Step 1: Install ONLYOFFICE Workspace Community Edition ===

It is very important that you follow the right steps. OnlyOffice’s website is a minefield of documentation that will lead to broken installations like this, even if you follow their instructions:

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxemg_tmp_3797c4d2.png
</gallery>

OR

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxemg_tmp_4b463750.png
File:lu55028jxemg_tmp_6712c2a2.png
File:lu55028jxemg_tmp_36c5237e.png
File:lu55028jxemg_tmp_a479215.png
</gallery>

You’re going to avoid the open-source hellscape above, by installing like this:

<ol style="list-style-type: decimal;">
<li><p>SSH into the <code>androidstuff</code> virtual machine we created at <code>192.168.5.5</code></p>
<pre>ssh username@192.168.5.5</pre></li>
<li><p>'''Download the ONLYOFFICE Workspace installation script:'''</p>
<pre>wget https://download.onlyoffice.com/install/workspace-install.sh</pre></li>
<li><p>'''Make the script executable:'''</p>
<pre>chmod +x workspace-install.sh</pre>
<p>This changes the file permissions to allow execution.</p></li>
<li><p>'''Run the installation script:'''</p>
<pre>sudo bash workspace-install.sh -it WORKSPACE -md fakedomainname.com</pre>
<p>Replace “fakedomainname” with your actual domain name from the mailcow section. You can also leave out <code>-md</code> and not install it.</p></li></ol>

<blockquote>'''CAUTION:''' Instructions within documentation on OnlyOffice website will lead to a broken installation. Use the command line above so it actually works.
</blockquote>
<ol start="5" style="list-style-type: decimal;">
<li><p>Once this is done, log in by going to [http://192.168.5.5/ http://192.168.5.5]</p></li>
<li><p>It will prompt you to make a username and a password. Go for it.</p></li>
<li><p>Once logged in, make an HTTPS SSL certificate so we can log in via HTTPS:</p></li></ol>

Go to '''Control Panel''', the big icon on the main home screen.

* Go to '''HTTPS''' on the top of the left menu.
* Click '''Generate and apply'''.
* Be happy.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxemg_tmp_24ca3e8b.png
File:lu55028jxemg_tmp_d8250288.png
File:lu55028jxemg_tmp_9dc6bcc4.png
File:lu55028jxemg_tmp_b9441e34.png
File:lu55028jxemg_tmp_dd4bee59.png
File:lu55028jxemg_tmp_5206382b.png
File:lu55028jxemg_tmp_4a1d5bab.png
File:lu55028jxemg_tmp_7d1ddacb.png
File:lu55028jxemg_tmp_4468b1aa.png
File:lu55028jxemg_tmp_d27c50f2.png
File:lu55028jxemg_tmp_b3292451.png
</gallery>

<span id="step-2-local-file-access"></span>
=== Step 2: Local file access ===

Once you’re in, you’ll set up everything. Enter a password, agree to the terms of the license, and you’re good to go. I suggest entering administration settings and setting up HTTPS - it will make a self-signed certificate for you!

<span id="diving-into-open-sourcey-software"></span>
==== 2.1 Diving into “open sourcey” software ====

You can open a sample document. But what if I want this workspace server to be able to access ''files stored on the server??'' I want to open a document that’s on this computer; here’s where the fun begins. :)

<span id="the-rabbit-hole-to-hell-for-local-file-access"></span>
==== 2.2 The Rabbit Hole to hell for Local File Access ====

So, where do I go? There’s “Shared with me,” “Favorites,” “Reasons,” “Private room,” “Common in projects,” and “Invite users to Portal.” Maybe the settings? Let’s try that. Administrator profile settings, control panel… and oh, look, “Storage” - maybe I can add a local directory!!! … no, it’s all a mirage

<blockquote>'''Open Sourcism:''' You can’t just open a document from your server. It’s not a feature. You need to pass the direct URL to the document using a WebDAV server. Can you believe this? Welcome to the world of open source software!
</blockquote>
<span id="mounting-volumes-in-docker-failed-me"></span>
==== 2.3 Mounting volumes in Docker failed me ====

I went down the rabbit hole to figure this out when I tried weening myself off nextcloud a few years ago.

When you choose to install with Docker, there’s a script that gets downloaded. I explored the directory where this is installed—<code>onlyoffice</code>—and found the <code>document server</code>, <code>control panel</code>, <code>community server</code>, <code>MySQL setup</code>, and <code>mail server</code>.

In the <code>document server</code>, there’s a <code>data</code> directory. So, I thought, “Surely, I can mount it as a volume using Docker.” I searched for <code>:rw</code> to find where they’re specifying all the Docker volumes. It looks like a typical Docker Compose YAML file. I tried adding an argument for my directory, like <code>home/louis/Documents</code>, and mounted it in almost every possible location.

<blockquote>'''Important Note:''' The problem isn’t that the volume isn’t mounted. The issue is that this feature was never implemented in the software. They never thought a document server would need to access files on it. This is, again, the most open sourcey thing I’ve seen in a long time.
</blockquote>
<span id="fighting-open-source-winning"></span>
==== 2.4 Fighting open source &amp; winning ====

There’s a way to get files into this, but it won’t be immediately obvious. Going back to settings, there’s a menu called '''“Connected clouds”'''; we will use this to connect a WebDAV server to serve ourselves files.

We have to set up a webdav server, on our server, to serve files to the same virtual machine.

The whole idea of cloud server software is that you should be able to edit your documents in the cloud. No matter what computer you’re on, your files should be right there. But… my cloud server software can’t even read the files from my cloud server computer. Even if I mount those directories within the Docker volume, it still won’t work. The software wasn’t designed to see items in its own document data directory. But wait, it gets better.

<span id="the-solution"></span>
==== 2.5 The “Solution” ====

There’s a workaround for this. You can connect a new cloud. That you create, within your cloud. schrodinger’s cloud.

# Go through the settings and head to the control panel.
# You’ll see something called storage. You might think, “Oh, that’s where I can change things, right?” Wrong. There’s nothing there for connecting to local storage.
# Go back and find the connect button. It’s on the home screen under documents.
# Click “Connect” and we’re going to connect another cloud to our cloud.

We’re going to create a WebDAV server on our computer to feed files over to OnlyOffice. It’ll look like your directories are available, like it’s reading them off your computer, but we’re actually using WebDAV.

<span id="setting-up-webdav"></span>
==== 2.6 Setting Up WebDAV ====

We’re setting up a separate server to feed files to our server, on our server. There’s this small Python program called <code>wsgidav</code>. It’s a lightweight WebDAV server, not like setting up Apache or Nginx.

<span id="the-directory-problem"></span>
==== 2.7 The Directory Problem ====

Let’s say I want two directories: a <code>documents</code> directory and an <code>Android backup</code> directory. I can’t map both to WebDAV like you can in a Docker container. You can only log into one at a time.

Imagine having five different directories in one Docker volume but only being able to use ''one at a time.'' You’d have to log in differently each time.

You might think, ''“Louis, just create a new directory and symlink all the directories you want into it. What’s the problem?”'' Well, here’s where the open source rabbit hole goes deeper… the documentation for the software has an option called <code>follow symlinks</code>. You can set it to true, but it doesn’t work. Not unless you install a different version of the software because the version you get on PIP doesn’t work.

<blockquote>'''Warning:''' This will gaslight you to tears. You’ll pull your hair out wondering if you set up your symlinks right. It’s like a mirage—everything looks like it should work, but it doesn’t. I’m here to remind you that you are not insane.
</blockquote>
As Ralph Kramden would say, it doesn’t mean to be mean; it was just born that way.

I promise, this is all worth it to never have to use Nextcloud again. This is still better than Nextcloud, which tells you how bad Nextcloud is.

<span id="step-3-setting-up-a-webdav-server-on-linux"></span>
=== Step 3: Setting Up a WebDAV Server on GNU/Linux ===

<span id="install-and-configure-wsgidav"></span>
==== 3.1 Install and Configure WsgiDAV ====

WsgiDAV is a WebDAV server implementation written in Python.

<ol style="list-style-type: decimal;">
<li><p>'''Install WsgiDAV and its dependencies:'''</p>
<pre>sudo apt install python3-pip python3-dev libssl-dev libpam0g-dev -y
sudo pip3 install cheroot six python-pam
sudo pip install git+https://github.com/mar10/wsgidav.git</pre>
<blockquote><p>'''CAUTION:''' Do not install pip version of WsgiDAV as it will not work with the follow symlink option! These commands will install Python development files, SSL development files, WsgiDAV from github, and Cheroot (a WSGI server).</p></blockquote></li>
<li><p>'''Create WsgiDAV configuration directory:'''</p></li>
</ol><pre>sudo mkdir -p /etc/wsgidav</pre>
<ol  start="3" style="list-style-type: decimal;"><li><p>'''Generate an SSL certificate for WsgiDAV:'''</p></li></ol>

<pre> sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/wsgidav.key -out /etc/ssl/certs/wsgidav.crt</pre>
This creates a self-signed SSL certificate. In a production environment, use a certificate from a trusted Certificate Authority. When having localhost connect to localhost in your closet… this will do.

<ol start="4" style="list-style-type: decimal;">
<li>'''Create and edit the WsgiDAV configuration file:'''</li></ol>

<pre>sudo nano /etc/wsgidav/wsgidav.yaml</pre>
<ol start="5" style="list-style-type: decimal;">
<li>'''Add the following content to the configuration file, editing <code>/home/louis/webdavroot</code> with the directory you will use for documents:'''</li></ol>

<pre>  host: 0.0.0.0
  port: 8080
  ssl_certificate: /etc/ssl/certs/wsgidav.crt
  ssl_private_key: /etc/ssl/private/wsgidav.key
  enable_https: true
  
  
  fs_dav_provider:
      follow_symlinks: true
  
  `provider_mapping:
      '/webdav': '/home/louis/webdavroot'
  
  
  http_authenticator:
    domain_controller: wsgidav.dc.pam_dc.PAMDomainController
    accept_basic: true
    accept_digest: false
    default_to_digest: false
  
  pam_dc:
    service: &quot;login&quot;
    allow_users: &quot;all&quot;
  
  verbose: 3
  
  property_manager: true
  lock_storage: true
  
  middleware_stack:
    - wsgidav.error_printer.ErrorPrinter
    - wsgidav.http_authenticator.HTTPAuthenticator
    - wsgidav.dir_browser.WsgiDavDirBrowser
    - wsgidav.request_resolver.RequestResolver
  
  dir_browser:
    enable: true
    icon: true
    response_trailer: true</pre>
This configuration sets up SSL, defines shared directories, and configures authentication.

<ol start="7" style="list-style-type: decimal;">
<li><p>'''Add the following content to the service file:'''</p>
<pre>[Unit]
Description=WsgiDAV WebDAV Server
After=network.target

[Service]
ExecStart=/usr/local/bin/wsgidav --config=/etc/wsgidav/wsgidav.yaml
Restart=always

[Install]
WantedBy=multi-user.target</pre>
<p>This creates a systemd service for automatically starting WsgiDAV.</p></li>
<li><p>'''Set correct permissions for the configuration file:'''</p>
<pre>sudo chown root:root /etc/wsgidav/wsgidav.yaml
sudo chmod 644 /etc/wsgidav/wsgidav.yaml</pre>
<p>This make sures only root can modify the configuration file.</p></li>
<li><p>'''Enable and start the WsgiDAV service:'''</p>
<pre>sudo systemctl enable wsgidav.service
sudo systemctl start wsgidav.service</pre>
<p>This enables the service to start on boot and starts it immediately.</p></li></ol>

Now, it’s time to go back to the onlyoffice window we were at before to enter the WebDAV server information. '''See how mine is /webdav? That’s because'''

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxemg_tmp_77f5a739.png
</gallery>

<span id="understanding-file-locations"></span>

==== 3.2 Understanding file locations ====

These lines in the WsgiDAV configuration file are responsible for setting the directory that onlyoffice will see on our system. Obviously, if your name is not louis, yours will be different. Edit it accordingly.

<code>provider_mapping: '/webdav': '/home/louis/webdavroot'</code>

'''Remember, WsgiDAV will only let me have one directory that I can get into when I start it up. The way I got around this was as follows, so that my Documents directory and my androidbackup directories would both be visible by onlyoffice:'''

<pre>ln -s /home/louis/Documents /home/louis/webdavroot
ln -s /home/louis/androidstuff /home/louis/webdavroot</pre>
Now, my '''Documents''' folder in my home directory as well as my '''androidstuff''' syncthing backup directory with all of my phone’s files will be viewable by onlyoffice!

<span id="configure-firewall-ufw"></span>
==== 3.3 Configure Firewall (UFW) ====

UFW (Uncomplicated Firewall) provides a user-friendly interface for managing iptables. There is no need for anything besides onlyoffice to ever contact our WebDAV server, so we are going to make sure only localhost can contact our WebDAV server.

If you think this is ridiculous, it is. Onlyoffice needs to let me access files on my local server that are already there.

<ol style="list-style-type: decimal;">
<li><p>'''Allow all outgoing traffic:'''</p>
<pre>sudo ufw default allow outgoing</pre></li>
<li><p>'''Allow incoming traffic on port 8080 from specific sources:'''</p>
<pre>sudo ufw allow from 192.168.5.5 to any port 8080 proto tcp
sudo ufw allow from 127.0.0.1 to any port 8080 proto tcp
sudo ufw allow from 172.17.0.0/16 to any port 8080 proto tcp
sudo ufw allow from 172.18.0.0/16 to any port 8080 proto tcp</pre>
<p>This allows HTTPS traffic to WsgiDAV only from specific IP ranges.</p></li>
<li><p>'''Enable the firewall:'''</p>
<pre>sudo ufw enable</pre>
<p>This activates the firewall with the configured rules.</p></li></ol>

<span id="step-4-make-sure-this-works"></span>
== Step 4: Make sure this works ==

* Open onlyoffice, and try to open files

<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxemg_tmp_1b047a4c.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxemg_tmp_6153f9b3.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxemg_tmp_dab77d16.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxemg_tmp_f9684b3a.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxemg_tmp_56592c9d.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxemg_tmp_5931a5e.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxemg_tmp_38c777ab.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxemg_tmp_5925a9a4.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxemg_tmp_148a1456.png
</gallery>

</div>
<span id="step-5-optional-set-up-email-in-onlyoffice"></span>
== Step 5 (optional): set up email in onlyoffice ==

<span id="viewing-email-right-in-the-web-browser"></span>
=== Viewing email right in the web browser ===

If you set up onlyoffice as an email client for your mailcow server, you can view your email within onlyoffice. This means you can open documents directly within onlyoffice within the browser tab where you have your email loaded. Very nice!

<span id="freepbx-and-unitel-sip-trunking-setup"></span>