You could earn up to $300 by adding new articles!

Get Started Now

How to Install Nextcloud 12 on Debian 9

Published on: Thu, Dec 28, 2017 at 5:57 pm EST

This guide explains how to install Nextcloud 12 on a Debian 9 VPS. Nextcloud is a popular web-based file manager application.

Before we begin, make sure your server has a LEMP stack installed and it is up-to-date.

 sudo apt update && sudo apt -y upgrade

Download Nextcloud 12

Download the latest NextCloud server zip archive onto your server. To check for the latest version, go to https://nextcloud.com/install and click on the download button to check out the latest version.

 sudo wget https://download.nextcloud.com/server/releases/nextcloud-12.0.2.zip

Once that is downloaded, extract it.

 sudo apt install unzip
 sudo unzip nextcloud-12.0.2.zip

A new directory named nextcloud will be created in the current working directory. Move the directory and all of its content to the root of the Nginx web server and remove the zip file.

 sudo mv nextcloud /var/www/
 sudo rm nextcloud-12.0.2.zip

We will also need to set the appropriate write permissions for the Nginx user.

 sudo chown -R www-data:www-data /var/www/nextcloud/

MariaDB Setup

Log into MariaDB.

 mysql -u root -p

Create a database for Nextcloud. We're naming the database nextcloud but you can change that to your preferred database name.

 CREATE DATABASE nextcloud;

Create the database user. Again, you can change the user name to your preferred user name. Also, replace strong-password with your preferred password.

 CREATE USER nextclouduser@localhost IDENTIFIED BY 'strong-password';

Grant the user all privileges to the database.

 GRANT ALL PRIVILEGES ON nextcloud.* TO nextclouduser@locahost IDENTIFIED BY 'strong-password';

Flush privileges and exit.

 FLUSH PRIVILEGES;
 \q

Enable binary logging in MariaDB. Edit the mysqld configuration file.

 sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

The format of the binary log must be mixed. Add the following three lines in [mysqld] section.

 log-bin        = /var/log/mysql/mariadb-bin
 log-bin-index  = /var/log/mysql/mariadb-bin.index
 binlog_format  = mixed

Save and close the file. Then restart MariaDB.

 sudo systemctl restart mysql

Create an Nginx Config File for Nextcloud

To visit your Nextcloud via domain name, we need to setup a config file in the /etc/nginx/sites-available/ directory.

 sudo nano /etc/nginx/sites-available/nextcloud

Put the following text into the file. Replace the red-colored text with your actual data. Don’t forget to set a record for the domain name.

 server {
    listen 80;
    server_name nextcloud.domain.com;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    # add_header Strict-Transport-Security "max-age=15768000;
    # includeSubDomains; preload;";
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none; 

    # Path to the root of your installation
    root /var/www/nextcloud/;

    location = /robots.txt {
       allow all;
       log_not_found off;
       access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
       return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
       return 301 $scheme://$host/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    location / {
       rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
       deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
       deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
       include fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       fastcgi_param HTTPS on;
       #Avoid sending the security headers twice
       fastcgi_param modHeadersAvailable true;
       fastcgi_param front_controller_active true;
       fastcgi_pass php-handler;
       fastcgi_intercept_errors on;
       fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
       try_files $uri/ =404;
       index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|woff|svg|gif)$ {
       try_files $uri /index.php$uri$is_args$args;
       add_header Cache-Control "public, max-age=15778463";
       # Add headers to serve security related headers (It is intended to
       # have those duplicated to the ones above)
       # Before enabling Strict-Transport-Security headers please read into
       # this topic first.
       # add_header Strict-Transport-Security "max-age=15768000;
       #  includeSubDomains; preload;";
       #
       # WARNING: Only add the preload option once you read about
       # the consequences in https://hstspreload.org/. This option
       # will add the domain to a hardcoded list that is shipped
       # in all major browsers and getting removed from this list
       # could take several months.
       add_header X-Content-Type-Options nosniff;
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
       add_header X-Permitted-Cross-Domain-Policies none;
       # Optional: Don't log access to assets
       access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
       try_files $uri /index.php$uri$is_args$args;
       # Optional: Don't log access to other assets
       access_log off;
    }
 }

Save and close the file. We need to enable it in the /etc/nginx/sites-enabled/ folder too.

 sudo ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/

Test Nginx configuration.

 sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

 sudo systemctl reload nginx

Enable HTTPS

You should now be able to access the Nextcloud web install wizard on your browser by entering the domain name for your Nextcloud installation. However, it is always a good practice to enable secure HTTPS connection to provide critical security and data integrity for both your website and you. We can obtain a free TLS certificate from Let’s Encrypt via Certbot.

 sudo apt install certbot

Next, run the following command to obtain a free TLS certificate using the webroot plugin.

 sudo certbot certonly --webroot -w /var/www/nexcloud -d nextcloud.domain.com

Enter your email and agree to the Terms of Service. Within a few seconds you should see a similar message.

Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/nextcloud.domain.com/fullchain.pem. 

Your TLS certificate has been obtained. Now, let's make some changes to your Nginx config file for Nextcloud.

 sudo nano /etc/nginx/sites-available/nextcloud

Remove the first three lines and add the following to redirect HTTP to HTTPS. Remember to change nextcloud.domain.com to your domain.

 server {
    listen 80;
    server_name nextcloud.domain.com;
    # Enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name **nextcloud.domain.com**;

    ssl_certificate /etc/ssl/nginx/**nextcloud.domain.com**.crt;
    ssl_certificate_key /etc/ssl/nginx/**nextcloud.domain.com**.key;

Save and close the file. Test the Nginx configuration again to make sure everything is working. Reload Nginx for the changes to take effect.

 sudo nginx -t
 sudo systemctl reload nginx

Finish the Nextcloud Installation in Your Browser

Now you can access the Nextcloud web install wizard using HTTPS connection. To complete the installation, you need to create an admin account, enter the path of Nextcloud data folder, and enter the database details created earlier.

Want to contribute ?

You could earn up to $300 by adding new articles!

Get started in the SSD Cloud!