Author: Nabeel Ahmed
Last Updated: Tue, Mar 29, 2022NextCloud is an open-source self-hosted cloud storage server and workspace tool. Its extensive plug-in community offers solutions for most file-hosting and collaborative needs.
Install unzip.
$ sudo apt-get install unzip
Install the server dependencies.
$ sudo apt-get install nginx mysql-server
Install the PHP dependencies.
$ sudo apt-get install php7.4 php7.4-cli php7.4-common php7.4-json php7.4-fpm php7.4-curl php7.4-mysql php7.4-gd php7.4-opcache php7.4-xml php7.4-zip php7.4-mbstring
Verify php7.4-fpm is installed.
$ php-fpm7.4 --version
PHP 7.4.3 (fpm-fcgi)
Start and enable php7.4-fpm.
$ sudo systemctl start php7.4-fpm
$ sudo systemctl enable php7.4-fpm
Verify php7.4-fpm is running.
$ sudo systemctl status php7.4-fpm
Active: active (running)
Verify MySQL is installed.
$ mysql --version
mysql Ver 8.0.xx-0ubuntu0.20.04.x
Start and enable MySQL to run on boot.
$ sudo systemctl start mysql
$ sudo systemctl enable mysql
Verify MySQL is running.
$ sudo systemctl status mysql
Active: active (running)
Enter MySQL console as a root user.
$ sudo mysql -u root
Create a new database called nextcloud.
mysql> CREATE DATABASE nextcloud;
Create a new privileged user inside the nextcloud database. Replace username with a username and password with a strong password of your choice.
mysql> CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON nextcloud.* TO 'username'@'localhost';
mysql> FLUSH PRIVILEGES;
NextCloud uses this user to authenticate a connection with MySQL.
Exit MySQL.
mysql> exit;
Verify Nginx is installed.
$ nginx -v
nginx version: nginx/1.18.x
Start and enable Nginx to run on boot.
$ sudo systemctl start nginx
$ sudo systemctl enable nginx
Verify Nginx is running.
$ sudo systemctl status nginx
Active: active (running)
Download the latest release of NextCloud to /var/www/.
$ sudo wget https://download.nextcloud.com/server/releases/latest.zip -P /var/www/
Change directory to /var/www/ and extract latest.zip.
$ cd /var/www/
$ sudo unzip -q latest.zip
$ sudo rm latest.zip
After extracting,
latest.zipis no longer required. You may delete it.
Change the ownership of the NextCloud folder.
$ sudo chown -R www-data:www-data nextcloud
Change directory to /etc/nginx/sites-available/ and delete the default Nginx server block.
$ cd /etc/nginx/sites-available/
$ sudo rm default
$ sudo rm /etc/nginx/sites-enabled/default
Create and edit a new Nginx server block.
$ sudo nano nextcloud
Add the following server configuration to the file.
upstream php-handler {
server unix:/var/run/php/php7.4-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name _;
root /var/www/nextcloud;
index index.php index.html /index.php$request_uri;
# Limit Upload Size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Gzip Compression
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Recommended Security Headers
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
fastcgi_hide_header X-Powered-By;
# Recommended Hidden Paths
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
include fastcgi_params;
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
fastcgi_send_timeout 600s;
fastcgi_read_timeout 600s;
}
# Cache-Control on Assets
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
expires 6M;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
Create server block link of nextcloud in sites-enabled.
$ sudo ln -s /etc/nginx/sites-available/nextcloud -t /etc/nginx/sites-enabled/
Restart Nginx for the changes to take effect.
$ sudo systemctl restart nginx
Navigate to your server's IP address in a web browser.
http://192.0.2.123/
You should see a setup page asking to Create an admin account. Enter a username and a strong password of your choice for the main admin account.
Inside the Storage & database section, the field for Data Folder is /var/www/nextcloud/data.
Under the Configure the database section, enter the username and password created in Step 6 during the Database Setup.
The Database name field is nextcloud, and Database host is localhost.
Finally, click the Install button at the end of the form. NextCloud redirects to the dashboard when it finishes installing.
Installing may take several minutes to complete depending on server specifications.
A cache can improve NextCloud's performance by allowing faster access to assets.
Install Redis and the php-redis module.
$ sudo apt-get install redis-server php-redis
Verify Redis installed.
$ redis-server --version
Redis server v=5.0.x
Start and enable Redis to run on boot.
$ sudo systemctl start redis-server
$ sudo systemctl enable redis-server
Verify Redis is running.
$ sudo systemctl status redis-server
Change directory to /etc/redis/ and edit redis.conf.
$ cd /etc/redis/
$ sudo nano redis.conf
Uncomment unixsocket and unixsocketperm. Change unixsocketperm to 770.
unixsocket /var/run/redis/redis-server.sock
unixsocketperm 770
Restart Redis.
$ sudo systemctl restart redis-server
Add www-data to the redis group.
$ sudo usermod -a -G redis www-data
Change directory to /var/www/nextcloud/config/ and edit config.php.
$ cd /var/www/nextcloud/config/
$ sudo nano config.php
Append the following configuration parameters to the $CONFIG array.
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
'host' => '/run/redis/redis-server.sock',
'port' => 0,
],
Restart php7.4-fpm to apply changes.
$ sudo systemctl restart php7.4-fpm
NextCloud should now be using Redis as a cache.
A secure connection to NextCloud ensures encrypted communication. This is crucial for production servers exposed to the internet to maximize security.
Change directory to /etc/nginx/sites-available/ and edit nextcloud.
$ cd /etc/nginx/sites-available/
$ sudo nano nextcloud
At the bottom of the file, add the following server block code. Replace example.com with your domain.
server {
listen 80;
listen [::]:80;
server_name example.com;
# Redirect non-HTTPS traffic to HTTPS
return 301 https://$server_name:443$request_uri;
}
At the top of the file, add the following configuration in the original server block. Replace example.com with your domain.
-- original --
server {
listen 80;
listen [::]:80;
server_name _;
root /var/www/nextcloud;
index index.php index.html /index.php$request_uri;
...
}
-- new --
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_certificate /path/to/ssl/certificate.pem;
ssl_certificate_key /path/to/ssl/certificate.key;
root /var/www/nextcloud;
index index.php index.html /index.php$request_uri;
...
}
In the same server block, under the location ~ \.php(?:$|/) block, add the fastcgi_param HTTPS on; module. It should look like the following.
-- original --
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
...
}
-- new --
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
# Enable HTTPS
fastcgi_param HTTPS on;
...
}
Restart Nginx to apply changes.
$ sudo systemctl restart nginx
NextCloud should now be communicating through HTTPS.
You should have a working NextCloud server. For more information, refer to the official NextCloud documentation.