Install Nextcloud 22 on Ubuntu 20.04

This article will guide you how to install Nextcloud 22 on Ubuntu 20.04 with Apache web server and SSL certificate from Let’s encrypt.

Before we start the process, you should point your domain to the server IP. This will be required by LE for retrieving SSL certificate.

Login to your server and update the system. You can also setup the firewall to begin with. Port 22 is used for SSH, if you have changed this port make sure to change it in the command below.

apt update && apt upgrade

ufw allow 22
ufw allow 80
ufw allow 443
ufw enable

Installation of web server

Now we will install PHP, Apache, MariaDB and all other required packages.

apt install vim apache2 mariadb-server libapache2-mod-php php php-gmp php-bcmath php-gd php-json php-mysql php-curl php-mbstring php-intl php-imagick php-xml php-zip bzip2 zip unzip imagemagick php-fpm redis-server php-redis php-fileinfo php-apcu ffmpeg

I use vim for editing files on the server. If your preference is something else you can remove vim from the installation above.

Enable some Apache modules with:

a2enmod ssl rewrite headers proxy proxy_http deflate cache proxy_wstunnel http2 proxy_fcgi env

I have enabled http2 module too. If you want to use http2, click the link below to enable PHP-FPM for Apache.

Enable and start Apache

systemctl enable apache2
systemctl start apache2

Update PHP configuration

Before we jump in to create a database you might want to update some PHP settings in php.ini.

vim /etc/php/7.4/apache2/php.ini
output_buffering = off (line 215)
max_execution_time = 120 (line 388)
memory_limit = 512M (line 409)
post_max_size = 100M (line 694)
upload_max_filesize = 100M (line 846)
date.timezone = Europe/London (line 962)

I have mentioned line numbers where you can find the settings. Change them accordingly for your needs. For timezone check out PHP timezone manual.

Database setup

We will secure the database 1st and then create nextcloud database.

/usr/bin/mysql_secure_installation

Follow the questions and set password, remove test database/user etc when asked.

Now let’s login to the database server:

mysql -u root -p

Enter root password when asked which you have set above. Run the following commands one by one to create nextcloud database, setup user and assign privileges.

create database nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

grant all on nextcloud.* to 'ncuser'@'localhost' identified by 'PASSWORD';

flush privileges;
exit

Change PASSWORD to a real strong password.

We are done with the initial setup, it’s time to download Nextcloud.

Download and setup Nextcloud

cd /var/www

wget https://download.nextcloud.com/server/releases/nextcloud-22.2.0.zip

unzip nextcloud-22.2.0.zip

rm -r /var/www/html/*

shopt -s dotglob

mv nextcloud/* html/

chown -R www-data:www-data /var/www/html

We will need proper permissions on Nextcloud directories and files, for that we will download and use a bash script. It’s from Nextcloud, so don’t worry about security etc.

wget https://github.com/nextcloud/vm/blob/master/static/setup_secure_permissions_nextcloud.sh

chmod +x setup_secure_permissions_nextcloud.sh

./setup_secure_permissions_nextcloud.sh

Once done remove the script for security sake.

rm setup_secure_permissions_nextcloud.sh

Apache configuration for Nextcloud

We will create nextcloud.conf file in sites-available.

cd /etc/apache2/sites-available

vim nextcloud.conf

Paste the following in it:

<VirtualHost *:80>
	ServerName DOMAIN.COM
	ServerAlias www.DOMAIN.COM
	DocumentRoot /var/www/html

	<Directory "/var/www/html">
		AllowOverride All
		Options -Indexes +FollowSymLinks
	</Directory>

	ErrorLog /var/log/apache2/DOMAIN-error.log
	CustomLog /var/log/apache2/DOMAIN-requests.log combined
</VirtualHost>

Change the words marked in bold.

Note: we will update this file later after getting a certificate.

Enable the site and restart Apache:

a2ensite nextcloud

systemctl restart apache2

You should now be able to access and see Nextcloud in the browser. But don’t start the installation yet.

Install certbot and get a certificate

To start with certbot and SSL setup, you can follow this article to install and get a certificate from Let’s Encrypt. Once you get the certificate successfully, it’s time to update nextcloud.conf file. Final configuration will look like, make changes where applicable.

<VirtualHost *:80>
	ServerName DOMAIN.COM
	ServerAlias www.DOMAIN.COM
	DocumentRoot /var/www/html
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

	<Directory "/var/www/html">
		AllowOverride All
		Options -Indexes +FollowSymLinks
	</Directory>

	ErrorLog /var/log/apache2/DOMAIN-error.log
	CustomLog /var/log/apache2/DOMAIN-requests.log combined
</VirtualHost>

<VirtualHost *:443>
	ServerName DOMAIN.COM
	ServerAlias www.DOMAIN.COM
	DocumentRoot /var/www/html

	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
	SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
	SSLHonorCipherOrder On
	Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
	Header always set X-Frame-Options DENY
	Header always set X-Content-Type-Options nosniff

	<Directory "/var/www/html">
		AllowOverride All
		Options -Indexes +FollowSymLinks
	</Directory>

	ErrorLog /var/log/apache2/DOMAIN-error.log
	CustomLog /var/log/apache2/DOMAIN-requests.log combined

	SSLEngine on
	SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN.COM/privkey.pem
	SSLCertificateFile /etc/letsencrypt/live/DOMAIN.COM/fullchain.pem
</VirtualHost>

Restart Apache:

systemctl restart apache2

Final step

Now you can browse to the URL and install Nextcloud. Most of the information you will have already at hand like database credentials, data directory path(/var/www/html/data) etc.

If you go to Settings -> Overview you may see the following. If there are things to fix, checkout the hacks and improvements guide.

There are still ways to improve this setup for example add Redis cache, move data directory. You can checkout the Nextcloud Hacks article for more details.

Leave a Reply

Your email address will not be published.