How to setup FrankenPHP and Nextcloud natively?
2.7.6
Almalinux 9, amd64, systemd; no docker; natively.
What did you try? Please completely fill out the help topic template as per the forum rules.
Nothing yet, I don’t know how to set this up yet.
We assume that it’s just an standard Caddyfile as a starting point.
Follow the FrankenPHP docs FrankenPHP: the modern PHP app server
If you have any specific questions then let us (or the FrankenPHP team) know.
As I said, I dont know how to set it up and also I dont know how my Caddyfile has to look like 
Read the docs. There are examples. Try it.
I thought we could make this a wiki Post with Instructions
Sure, you could make a wiki post once you have it working 
I don’t use Nextcloud, so you’ll need to get to the point where you have something running (possibly with errors or w/e) then we can go from there.
Okay, now I am stuck. I have absoluetly no clue how to get the user/group working with frankenphp to match file permissions (user/group) fpm is using.
Remember: It is a native setup with other services as well.
I mean, 
You haven’t shown us any evidence whatsoever of what you’re tried, or what errors you’re getting.
You need to show evidence, logs, config, etc. We can’t read your mind!
I’m sorry if I might sound rude, that’s not my intent here, but we can’t help without understanding where the problem lies.
Currently you can not change the user nor the group which the worker should run, so its not possible at the moment
What do you mean?
Once again, you haven’t posted any evidence, logs, config, etc. I’m not sure how you expect us to help without that.
Nextcloud Screenshot:
{
frankenphp
# Configure when the directive must be executed
# https://caddyserver.com/docs/caddyfile/directives#sorting-algorithm
order mercure after
order vulcain after reverse_proxy
order php_server before file_server
order php before file_server
}
nextclouddomain.com {
file_server
root * /var/www/html/nextcloud
# Execute PHP files in the current directory and serve assets
php_server
# Redirects for DAV apps
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
# redir /.well-known/* /index.php/.well-known/webfinger 301
# redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
redir /.well-known/* /index.php{uri} 301
respond /.well-known/pki-validation 404
respond /.well-known/acme-challenge 404
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /.xml
path /3rdparty/*
path /config/*
path /data/*
path /db_structure
path /README
path /lib/*
path /templates/*
path /occ
path /console.php
path /test.php
}
respond @forbidden "Access denied" 403 {
close
}
}
Nextcloud directory permissions:
PHP-FPM Nextcloud Config:
xcaddy command:
xcaddy build master --with github.com/dunglas/frankenphp/caddy@main \
--with github.com/dunglas/mercure/caddy@main \
--with github.com/dunglas/vulcain/caddy@main \
--output /usr/bin/caddy
Thanks; here are my thoughts and followup questions:
caddy user, or have the www-data group at least.Yes, I know I don’t need that. It’s just for information purposes and to understand how it’s set up.
I am using a systemd config:
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy Web Server
Documentation=https://caddyserver.com/docs/
After=network-online.target
Requires=network-online.target
StartLimitIntervalSec=14400
StartLimitBurst=10
[Service]
Type=notify
User=caddy
Group=caddy
ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
# Do not allow the process to be restarted in a tight loop. If the
# process fails to start, something critical needs to be fixed.
Restart=on-abnormal
# Use graceful shutdown with a reasonable timeout
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
As I said: You can not change the user nor the group of the FrankenPHP Worker. You can only change globally your user and give permission to everything instead of two users.
You can only use one user for everything.
The Problem here is I want to use a seperate user and group but also want to run a seperate user for the normal caddy(frankenphp) webserver
I’m not sure I understand your concern regarding users. Since FrankenPHP is Caddy+PHP in one binary, it doesn’t make sense to use two different users for that. They’re inherently tied together. What’s the actual problem here? Just make sure your Nextcloud files are usable by the caddy user.
Heya, I wrote a guide for Caddy + NextCloud a couple years ago - maybe it will help you:
I used php FPM instead of frankenphp, but it’s a starting point 
So I have played a little bit with it and owned every folder and file to caddy:caddy.
I use xcaddy as above and now we get this
How are you running FrankenPHP? How did you install it or build it? It should have all those extensions in by default if you’re using a stock build of FrankenPHP.
Please provide as much information as possible. We can’t help you if you only give limited info, we need a full picture of what you’re trying. All we can see if what you write here, don’t assume we know more than we do.
Using
xcaddy build master --with github.com/dunglas/frankenphp/caddy@main \
--with github.com/dunglas/mercure/caddy@main \
--with github.com/dunglas/vulcain/caddy@main \
--output /usr/bin/caddy
as command to build.
And then just restart the caddy systemd unit file.