Install Nextcloud 23 on Ubuntu 20.04

In this article, we will install Nextcloud 23 on Ubuntu 20.04 with PHP 8. Nextcloud 23 does not recommend to use PHP 7.3 anymore, so it’s time to just install PHP 8.

If you have Nextcloud 22 installed already, you can simply upgrade to Nextcloud Hub II or 23 from the Admin settings page.

Note: Nextcloud at this time does not support PHP 8.1, so we have to stick to PHP 8.0.

Install PHP 8

Add the following PPA to install PHP 8 maintained by a Debian maintainer.

add-apt-repository ppa:ondrej/php -y

Update and upgrade:

apt update && apt upgrade -y

Install the required packages:

apt install libapache2-mod-php8.0 php8.0 php8.0-gmp php8.0-bcmath php8.0-gd php8.0-mysql php8.0-curl php8.0-mbstring php8.0-intl php8.0-imagick php8.0-xml php8.0-zip php8.0-fpm php8.0-redis php8.0-fileinfo php8.0-apcu php8.0-opcache

Install other packages

apt install vim apache2 mariadb-server bzip2 zip unzip imagemagick ffmpeg redis

Enable Apache PHP 8.0 and other modules:

a2enmod php8.0 ssl rewrite headers proxy proxy_http deflate cache proxy_wstunnel http2 proxy_fcgi env
systemctl enable apache2
systemctl start apache2

Update PHP configuration

vim /etc/php/8.0/apache2/php.ini
output_buffering = off (line 266)
max_execution_time = 120 (line 409)
memory_limit = 512M (line 430)
post_max_size = 100M (line 703)
upload_max_filesize = 100M (line 855)
date.timezone = Europe/London (line 973)

I have mentioned the line numbers for easiness. For timezone check out PHP timezone manual.

Database setup

/usr/bin/mysql_secure_installation

Login to the database server:

mysql -u root -p

Run the following commands:

create database nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

grant all on nextcloud.* to 'ncuser'@'localhost' identified by 'PASSWORD';

flush privileges;
exit

Change PASSWORD to a real strong password.

Download Nextcloud 23

Let’s download Nextcloud 23 and set it up.

cd /var/www

wget https://download.nextcloud.com/server/releases/nextcloud-23.0.0.zip

unzip nextcloud-23.0.0.zip

rm -r /var/www/html/*

shopt -s dotglob

mv nextcloud/* html/

chown -R www-data:www-data /var/www/html

It’s best to have proper permissions on your installation files and directories. Download and use permissions script from Nextcloud:

wget https://github.com/nextcloud/vm/blob/master/static/setup_secure_permissions_nextcloud.sh

chmod +x setup_secure_permissions_nextcloud.sh

./setup_secure_permissions_nextcloud.sh

Remove the script once done.

rm setup_secure_permissions_nextcloud.sh

Apache configuration for Nextcloud

Create a vhost configuration file in sites-available directory.

cd /etc/apache2/sites-available

vim nextcloud.conf

Paste the following in it:

Change the words marked in bold.

<VirtualHost *:80>
	ServerName DOMAIN.COM
	ServerAlias www.DOMAIN.COM
	DocumentRoot /var/www/html

	<Directory "/var/www/html">
		AllowOverride All
		Options -Indexes +FollowSymLinks
	</Directory>

	ErrorLog /var/log/apache2/DOMAIN-error.log
	CustomLog /var/log/apache2/DOMAIN-requests.log combined
</VirtualHost>

Note: we will update this file later after getting a certificate from Let’s encrypt.

a2ensite nextcloud

systemctl restart apache2

Install certbot and get a certificate

To start with certbot and SSL setup, you can follow this article to install and get a certificate from Let’s Encrypt. Once you get the certificate successfully, it’s time to update nextcloud.conf file. Final configuration will look like, make changes where applicable.

<VirtualHost *:80>
	ServerName DOMAIN.COM
	ServerAlias www.DOMAIN.COM
	DocumentRoot /var/www/html
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

	<Directory "/var/www/html">
		AllowOverride All
		Options -Indexes +FollowSymLinks
	</Directory>

	ErrorLog /var/log/apache2/DOMAIN-error.log
	CustomLog /var/log/apache2/DOMAIN-requests.log combined
</VirtualHost>

<VirtualHost *:443>
	ServerName DOMAIN.COM
	ServerAlias www.DOMAIN.COM
	DocumentRoot /var/www/html

	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
	SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
	SSLHonorCipherOrder On
	Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
	Header always set X-Frame-Options DENY
	Header always set X-Content-Type-Options nosniff

	<Directory "/var/www/html">
		AllowOverride All
		Options -Indexes +FollowSymLinks
	</Directory>

	ErrorLog /var/log/apache2/DOMAIN-error.log
	CustomLog /var/log/apache2/DOMAIN-requests.log combined

	SSLEngine on
	SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN.COM/privkey.pem
	SSLCertificateFile /etc/letsencrypt/live/DOMAIN.COM/fullchain.pem
</VirtualHost>

Restart Apache:

systemctl restart apache2

Now go to the web browser and initiate the installation process.

nextcloud-settings-overview

There are still ways to improve this setup for example add Redis cache, move data directory. You can checkout the Nextcloud hacks article for more details.

2 Comments

Leave a Reply

Your email address will not be published.

  1. Hi, great article and a big help for installing nextcloud ! After this install, Nextcloud works like a charm, but my webbased mail client and postfixadmin are no longer available when I type in their addresses. A certificate error appears instead. Any thoughts ?