How to install Nextcloud 25 on Ubuntu 22.04 LTS

Nextcloud 25 or Nextcloud Hub 3 features a complete new revamped UI, it looks clean and modern. If you have Nextcloud already installed and want to upgrade, check out this article. If you want to install fresh, then read on how to install Nextcloud 25 on Ubuntu 22.04 LTS.

System configuration

Update your system and enable firewall.

apt update && apt upgrade
ufw default allow outgoing
ufw default deny incoming
ufw allow 22
ufw allow 80
ufw allow 443
ufw enable

Port 22 is for ssh, if you have changed it to a different port. Enable that.

LAMP stack installation

Install all the latest available packages from the repository.

apt install apache2 mariadb-server libapache2-mod-php8.1 php8.1 php8.1-gmp php8.1-bcmath php8.1-gd php-json php8.1-mysql php8.1-curl php8.1-mbstring php8.1-intl php8.1-imagick php8.1-xml php8.1-zip php8.1-fpm php8.1-redis php8.1-apcu php8.1-opcache php8.1-ldap bzip2 zip unzip imagemagick vim ffmpeg redis-server

Enable PHP 8.1 FPM and it’s Apache configuration. This is to use http2.

a2enconf php8.1-fpm
a2dismod php8.1
a2dismod mpm_prefork
a2enmod mpm_event

Enable required Apache modules.

a2enmod ssl rewrite headers proxy proxy_http deflate cache proxy_wstunnel http2 proxy_fcgi env expires
systemctl restart apache2

Enable services at boot time.

systemctl enable apache2
systemctl enable php8.1-fpm
systemctl enable mariadb

PHP configuration

We are using PHP FPM, so we will modify the PHP FPM ini configuration file.

vim /etc/php/8.1/fpm/php.ini
output_buffering = off (line 226)
max_execution_time = 180 (line 409)
memory_limit = 512M (line 430)
post_max_size = 200M (line 698)
upload_max_filesize = 200M (line 850)
date.timezone = Europe/Berlin (line 968)

opcache.enable=1 (line 1767)
opcache.enable_cli=1 (line 1770)
opcache.memory_consumption=128 (line 1773)
opcache.interned_strings_buffer=8 (line 1776)
opcache.max_accelerated_files=10000 (line 1780)
opcache.revalidate_freq=1 (line 1798)
opcache.save_comments=1 (line 1805)

*Line numbers are for information only

You can set post_max_size and upload_max_filesize according to your needs. I have set it to 200MB.

Check PHP timezone manual for your timezone.

Save and restart PHP FPM.

systemctl restart php8.1-fpm

Database configuration

Use the mysql_secure_installation script to perform the initial setup.

/usr/bin/mysql_secure_installation
mariadb-intial-configuration-ubuntu-22-04-server

Now login to the database server and create nextcloud database.

mysql -u root -p

create database nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
grant all on nextcloud.* to 'ncuser'@'localhost' identified by 'PASSWORD';

flush privileges;
exit

Download Nextcloud 25

Switch to www directory.

cd /var/www
wget https://download.nextcloud.com/server/releases/nextcloud-25.0.0.zip

Unzip and move it to the web server root directory.

unzip nextcloud-25.0.0.zip
rm -r /var/www/html/*
shopt -s dotglob
mv nextcloud/* html/

Change the owner and group of html directory.

chown -R www-data:www-data /var/www/html

Apache virtual host

Create a nextcloud.conf file in sites-available directory.

vim /etc/apache2/sites-available/nextcloud.conf

Paste the following in it, change where necessary (Bold).

<VirtualHost *:80>
	ServerName DOMAIN.COM
	ServerAlias DOMAIN.COM
	DocumentRoot /var/www/html

	<Directory "/var/www/html">
		AllowOverride All
		Options -Indexes +FollowSymLinks
	</Directory>

	ErrorLog /var/log/apache2/DOMAIN.COM-error.log
</VirtualHost>

Enable this configuration and restart Apache.

a2dissite 000-default.conf
a2ensite nextcloud.conf

apachectl configtest
systemctl restart apache2

Now input your server URL/domain in the browser to start the installation process.

SSL certificate

Install Certbot and get a certificate for web root.

snap install certbot --classic
certbot certonly --webroot -w /var/www/html -d DOAMIN.COM

Check the certbot complete guide for other options and renewal.

Final Apache configuration

And finally edit the virtual host configuration /etc/apache2/sites-available/nextcloud.conf after getting SSL certificate.

What it do:

  • Redirect from http(80) to https(443)
  • HSTS strong ciphers
  • Cache static files
  • Enable http2
<VirtualHost *:80>
	ServerName DOMAIN.COM
	ServerAlias www.DOMAIN.COM
	DocumentRoot /var/www/html
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

	<Directory "/var/www/html">
		AllowOverride All
		Options -Indexes +FollowSymLinks
	</Directory>

	ErrorLog /var/log/apache2/DOMAIN.COM-error.log
</VirtualHost>

<VirtualHost *:443>
	ServerName DOMAIN.COM
	ServerAlias www.DOMAIN.COM
	DocumentRoot /var/www/html

	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
	SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
	SSLHonorCipherOrder On
	Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
	Header always set X-Frame-Options DENY
	Header always set X-Content-Type-Options nosniff

	Protocols h2 http/1.1

	<Directory "/var/www/html">
		AllowOverride All
		Options -Indexes +FollowSymLinks
	</Directory>

	<FilesMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|ttf|woff)$">
		Header set Cache-Control "max-age=31536000, public"
	</FilesMatch>

	ErrorLog /var/log/apache2/DOMAIN.COM-error.log

	SSLEngine on
	SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN.COM/privkey.pem
	SSLCertificateFile /etc/letsencrypt/live/DOMAIN.COM/fullchain.pem
</VirtualHost>

Save, test and restart Apache.

apachectl configtest
systemctl restart apache2 

That’s pretty much it. Enjoy sharing.


Check out the quick hacks article to improve the setup.

Leave a Reply

Your email address will not be published. Required fields are marked *