Install Nextcloud 30 Hub 9 on Ubuntu 24.04 LTS

Nextcloud 30 Hub 9 was released yesterday, and this time the changes are significant in terms of features, apps, improvements, and the UI. There’s a fresh UI update, which I personally like. It’s more compact, and the round shapes are gone for good. Almost every core app has received a redesign. The Talk UI has also been revamped and looks fantastic. You can read more about the changes and features below. If you want to try it out, follow this guide to install Nextcloud 30 Hub 9 on an Ubuntu 24.04 LTS server with Apache and MariaDB.

If you have an older version of Nextcloud set up, you can go to the Admin settings and upgrade it from there if an update is available.

The feature set is extensive, and this article is not intended to cover all of it or discuss it in depth. I recommend heading over to the release blog post to check out the details for yourself.

Core features in Nextcloud 30 Hub 9:

A big design redo
Auto-magic with Windmill
Nextcloud Whiteboard
Federated Talk calls
Improved AI and Nextcloud Assistant
Request files

What you need for this installation:

Server with Ubuntu 24.04 OS
Minimum 1GB RAM and 20GB HDD space
1cpu core
A domain name pointed to the server IP

What we will cover in this article:

Enable firewall with few ports
Install LAMP stack (PHP-FPM, Apache, MariaDB)
Redis for cache
Get a free SSL certificate from Let’s Encrypt

1- Prepare the server

You may not need to run the upgrade command since Ubuntu 24.04 LTS is new, but to be thorough, let’s run it anyway.

apt update && apt upgrade

By default, the SSH port is 22. If yours is different, adjust the command accordingly below. We will also open ports 80 and 443 in the firewall.

ufw default allow outgoing
ufw default deny incoming
ufw allow 22
ufw allow 80
ufw allow 443
ufw enable
ufw status

Ubuntu Firewall

2- Install LAMP stack

Let’s install LAMP stack. Ubuntu 24.04 comes with PHP 8.3, which is what we need here.

apt install apache2 mariadb-server libapache2-mod-php php php-gmp php-bcmath php-gd php-json php-mysql php-cli php-curl php-mbstring php-intl php-imagick php-xml php-zip php-fpm php-redis php-apcu php-opcache php-ldap php-bz2 bzip2 zip unzip imagemagick vim ffmpeg redis-server

To enable PHP FPM, execute the following commands.

a2enconf php8.3-fpm
a2dismod php8.3
a2dismod mpm_prefork
a2enmod mpm_event

Enable a few Apache modules with:

a2enmod ssl rewrite headers proxy proxy_http deflate cache proxy_wstunnel http2 proxy_fcgi env expires

systemctl enable apache2
systemctl enable php8.3-fpm
systemctl enable mariadb

systemctl restart apache2

3- Configure PHP

Since we are using PHP FPM, we’ll update the FPM configuration file.

vim /etc/php/8.3/fpm/php.ini

I have mentioned line numbers for your reference in the snippet below.

Check PHP timezone manual for your timezone.

output_buffering = off (line 236)
max_execution_time = 180 (line 419)
memory_limit = 512M (line 445)
post_max_size = 1G (line 713)
upload_max_filesize = 1G (line 865)
date.timezone = Europe/Berlin (line 989)

opcache.enable=1 (line 1782)
opcache.enable_cli=1 (line 1785)
opcache.memory_consumption=512 (line 1788)
opcache.interned_strings_buffer=96 (line 1791)
opcache.max_accelerated_files=10000 (line 1795)
opcache.revalidate_freq=1 (line 1813)
opcache.save_comments=1 (line 1820)

systemctl restart php8.3-fpm

4- Tune PHP FPM

This is optional and depends on your needs. If the default settings work for you, feel free to skip this step.

cd /etc/php/8.3/fpm/pool.d
vim www.conf

Enable or change the values accordingly.

pm = dynamic  (line 116)
pm.max_children = 12  (line 127)
pm.start_servers = 6  (line 132)
pm.min_spare_servers = 4  (line 137)
pm.max_spare_servers = 8  (line 142)
pm.max_requests = 0  (line 159)

systemctl restart php8.3-fpm

5- Create database

Run mysql_secure_installation to set up the initialization options for MariaDB startup.

You can now log in to the database server and create the Nextcloud database. Make sure to change “PASSWORD” to your own.

mysql

create database nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

grant all on nextcloud.* to 'ncuser'@'localhost' identified by 'PASSWORD';

flush privileges;
exit

6- Download Nextcloud

cd /var/www
wget https://download.nextcloud.com/server/releases/nextcloud-30.0.0.zip

Unzip Nextcloud archive and move it to the web root directory (html).

unzip nextcloud-30.0.0.zip
rm /var/www/html/index.html
shopt -s dotglob
mv nextcloud/* html/

Create a data directory outside of the html directory.

mkdir /var/www/data

chown -R www-data:www-data /var/www/html
chown -R www-data:www-data /var/www/data

Do the cleanup tasks with:

rm -r nextcloud
rm nextcloud-30.0.0.zip

7- Apache virtual host

cd /etc/apache2/sites-available/
vim nextcloud.conf

Add the following, and replace DOMAIN.COM with your own.

<VirtualHost *:80>
	ServerName DOMAIN.COM

	DocumentRoot /var/www/html

	<Directory "/var/www/html">
		AllowOverride All
		Options -Indexes +FollowSymLinks
	</Directory>

	ErrorLog /var/log/apache2/nextcloud_error.log
</VirtualHost>

Enable this configuration and restart Apache.

a2dissite 000-default.conf
a2ensite nextcloud.conf

apachectl -t
systemctl restart apache2

8- Install certbot

apt install certbot

You can now obtain an SSL certificate using the certbot command. Replace DOMAIN.COM with your own.

certbot certonly --webroot -w /var/www/html -d DOAMIN.COM

To enable automatic renewal, set up a cron job.

crontab -e

It will run every morning at 4:30 AM, to check the certificate validity and perform renewal.

30 4 * * * certbot renew

9- Update virtual host

At this point, we have the SSL certificates and can update our virtual host configuration with the port 443 block.

vim /etc/apache2/sites-available/nextcloud.conf

Don’t forget to replace DOMAIN.COM and update the path to the certificate files.

<VirtualHost *:443>
	ServerName DOMAIN.COM

	DocumentRoot /var/www/html

	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
	SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
	SSLHonorCipherOrder On

	Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
	Header always set X-Frame-Options "SAMEORIGIN"
	Header always set X-Content-Type-Options "nosniff"
	Header always set X-XSS-Protection "0"
	Header always set X-Permitted-Cross-Domain-Policies "none"
	Header always set Referrer-Policy "no-referrer-when-downgrade"
	Header always set Permissions-Policy "camera=(self), geolocation=(self), microphone=(self)"

	Protocols h2 http/1.1

	<Directory "/var/www/html">
		AllowOverride All
		Options -Indexes +FollowSymLinks
	</Directory>

	<FilesMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|ttf|woff)$">
		Header set Cache-Control "max-age=31536000, public"
	</FilesMatch>

	ErrorLog /var/log/apache2/nextcloud_error.log

	SSLEngine on
	SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN.COM/privkey.pem
	SSLCertificateFile /etc/letsencrypt/live/DOMAIN.COM/fullchain.pem
</VirtualHost>

Also you can add redirection from HTTP to HTTPS in the port 80 block.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Restart Apache afterward.

apachectl -t
systemctl restart apache2

10- Install Nextcloud

Once all the above steps are completed, you can now browse to the domain name in your browser to get started. Most of the installation steps are the same.