This article will guide you how to install Nextcloud 22 on Ubuntu 20.04 with Apache web server and SSL certificate from Let’s encrypt.
Before we start the process, you should point your domain to the server IP. This will be required by LE for retrieving SSL certificate.
Login to your server and update the system. You can also setup the firewall to begin with. Port 22 is used for SSH, if you have changed this port make sure to change it in the command below.
apt update && apt upgrade
ufw allow 22
ufw allow 80
ufw allow 443
ufw enableInstallation of web server
Now we will install PHP, Apache, MariaDB and all other required packages.
apt install vim apache2 mariadb-server libapache2-mod-php php php-gmp php-bcmath php-gd php-json php-mysql php-curl php-mbstring php-intl php-imagick php-xml php-zip bzip2 zip unzip imagemagick php-fpm redis-server php-redis php-fileinfo php-apcu ffmpegI use vim for editing files on the server. If your preference is something else you can remove vim from the installation above.
Enable some Apache modules with:
a2enmod ssl rewrite headers proxy proxy_http deflate cache proxy_wstunnel http2 proxy_fcgi envI have enabled http2 module too. If you want to use http2, click the link below to enable PHP-FPM for Apache.
Enable and start Apache
systemctl enable apache2
systemctl start apache2Update PHP configuration
Before we jump in to create a database you might want to update some PHP settings in php.ini.
vim /etc/php/7.4/apache2/php.inioutput_buffering = off (line 215)
max_execution_time = 120 (line 388)
memory_limit = 512M (line 409)
post_max_size = 100M (line 694)
upload_max_filesize = 100M (line 846)
date.timezone = Europe/London (line 962)I have mentioned line numbers where you can find the settings. Change them accordingly for your needs. For timezone check out PHP timezone manual.
Database setup
We will secure the database 1st and then create nextcloud database.
/usr/bin/mysql_secure_installationFollow the questions and set password, remove test database/user etc when asked.
Now let’s login to the database server:
mysql -u root -pEnter root password when asked which you have set above. Run the following commands one by one to create nextcloud database, setup user and assign privileges.
create database nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
grant all on nextcloud.* to 'ncuser'@'localhost' identified by 'PASSWORD';
flush privileges;
exitChange PASSWORD to a real strong password.
We are done with the initial setup, it’s time to download Nextcloud.
Download and setup Nextcloud
cd /var/www
wget https://download.nextcloud.com/server/releases/nextcloud-22.2.0.zip
unzip nextcloud-22.2.0.zip
rm -r /var/www/html/*
shopt -s dotglob
mv nextcloud/* html/
chown -R www-data:www-data /var/www/htmlWe will need proper permissions on Nextcloud directories and files, for that we will download and use a bash script. It’s from Nextcloud, so don’t worry about security etc.
wget https://github.com/nextcloud/vm/blob/master/static/setup_secure_permissions_nextcloud.sh
chmod +x setup_secure_permissions_nextcloud.sh
./setup_secure_permissions_nextcloud.shOnce done remove the script for security sake.
rm setup_secure_permissions_nextcloud.shApache configuration for Nextcloud
We will create nextcloud.conf file in sites-available.
cd /etc/apache2/sites-available
vim nextcloud.confPaste the following in it:
<VirtualHost *:80>
ServerName DOMAIN.COM
ServerAlias www.DOMAIN.COM
DocumentRoot /var/www/html
<Directory "/var/www/html">
AllowOverride All
Options -Indexes +FollowSymLinks
</Directory>
ErrorLog /var/log/apache2/DOMAIN-error.log
CustomLog /var/log/apache2/DOMAIN-requests.log combined
</VirtualHost>Change the words marked in bold.
Note: we will update this file later after getting a certificate.
Enable the site and restart Apache:
a2ensite nextcloud
systemctl restart apache2You should now be able to access and see Nextcloud in the browser. But don’t start the installation yet.
Install certbot and get a certificate
To start with certbot and SSL setup, you can follow this article to install and get a certificate from Let’s Encrypt. Once you get the certificate successfully, it’s time to update nextcloud.conf file. Final configuration will look like, make changes where applicable.
<VirtualHost *:80>
ServerName DOMAIN.COM
ServerAlias www.DOMAIN.COM
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
<Directory "/var/www/html">
AllowOverride All
Options -Indexes +FollowSymLinks
</Directory>
ErrorLog /var/log/apache2/DOMAIN-error.log
CustomLog /var/log/apache2/DOMAIN-requests.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName DOMAIN.COM
ServerAlias www.DOMAIN.COM
DocumentRoot /var/www/html
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
<Directory "/var/www/html">
AllowOverride All
Options -Indexes +FollowSymLinks
</Directory>
ErrorLog /var/log/apache2/DOMAIN-error.log
CustomLog /var/log/apache2/DOMAIN-requests.log combined
SSLEngine on
SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN.COM/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/DOMAIN.COM/fullchain.pem
</VirtualHost>Restart Apache:
systemctl restart apache2Final step
Now you can browse to the URL and install Nextcloud. Most of the information you will have already at hand like database credentials, data directory path(/var/www/html/data) etc.
If you go to Settings -> Overview you may see the following. If there are things to fix, checkout the hacks and improvements guide.
There are still ways to improve this setup for example add Redis cache, move data directory. You can checkout the Nextcloud Hacks article for more details.
