Configuring Nextcloud (revision 2)

Introduction

This page describes how Alexis Huxley installed the Nextcloud (a fork of ownCloud) server software on his own systems.

The basic procedure is:

1. install a dumb back-end webserver
2. configure a front-end webserver to proxy to it
3. install Nextcloud on the back-end webserver
4. install plugins

I last used and updated the procedure on 21/03/2020, but I abandonned Nextcloud because:

• the mail client was unable to connect to my work email account and was singularly unhelpful regarding why
• upload of photos from my phone using the Andoid app was unreliable

Apache installation

1. Run:

   apt-get -y install apache2

2. Disable default sites and ports by running:

   rm /etc/apache2/sites-available/*
   sed -r -i 's/^(Listen 80)/#\1/' /etc/apache2/ports.conf
   FQHN=$(hostname -f)
   

3. Create /etc/apache2/sites-available/$FQHN-ssl.conf, containing:

   <VirtualHost *:443>
       ServerName FQHN
       DocumentRoot /var/www/html
       ErrorLog ${APACHE_LOG_DIR}/FQHN-error.log
       CustomLog ${APACHE_LOG_DIR}/FQHN-access.log combined
       LogLevel warn
       ServerSignature Off
   
       SSLEngine On
       SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
       SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
   </VirtualHost>

   and substitute the markers by running:

   sed -i "s/FQHN/$FQHN/g" /etc/apache2/sites-available/$FQHN-ssl.conf

4. Run:

   a2enmod ssl
   a2ensite $FQHN-ssl
   systemctl restart apache2

5. Test by running:

   date > /var/www/html/index.html
   w3m -dump https://$FQHN/
   rm -f  /var/www/html/index.html

6. See the section ‘Heavyweight web services: proxying to a backend webserver’ of Configuring web services (revision 2).

Nextcloud installation

1. On the backend webserver run:

   apt-get -y install php7.3-mysql php7.3-common php7.3-bz2 php7.3-intl \
     php7.3-ldap php-smbclient php-ssh2 php7.3-imap php7.3-gmp \
     php-imagick ffmpeg libreoffice php7.3-cli php7.3-gd php7.3-zip php7.3-xml \
     php7.3-curl php7.3-mbstring libapache2-mod-php

   (This list is taken from the official documentation for Nextcloud 18.)

2. Edit /etc/apache2/sites-available/$FQHN-ssl.conf and add:

   <Directory /var/www/html/>
     Require all granted
     AllowOverride All
     Options FollowSymLinks MultiViews
     <IfModule mod_dav.c>
       Dav off
     </IfModule>
   </Directory>

3. Run:

   a2enmod rewrite
   a2enmod env
   a2enmod dir
   a2enmod mime
   systemctl reload apache2

4. Go here, click ‘Download for server’, then click ‘Details and Download options’ and copy the link for the ‘.tar.bz2’ download.
5. On the backend webserver run:

   wget <link>
   tar xjf ~/nextcloud-*.tar.bz2 --strip-components=1 --directory=/var/www/html
   chown -R www-data:www-data /var/www/html
   

6. Create /var/www/html/config/config.php containing only:

   <?php
   $CONFIG = array(
   );

   and then run:

   chown www-data:www-data /var/www/html/config/config.php

7. Configure pretty URLs within Nextcloud by adding to /var/www/html/config/config.php between the round brackets:

   'overwrite.cli.url' => 'https://nextcloud.pasta.freemyip.com',
   'htaccess.RewriteBase' => '/',

8. Add both the back-end and front-end webserver names to /var/www/html/config/config.php between the round brackets:

   'trusted_domains' => array (
       0 => 'nuvole.pasta.net',
       1 => 'nextcloud.pasta.freemyip.com',
     ),
   'overwritehost' => 'nextcloud.pasta.freemyip.com',

9. Visit https://$FQHN/, which should prompt for admin account details and database details.
10. Create a database as follows:

    apt-get install mariadb-server
    mariadb
    create database nextcloud;
    create user 'nextcloud'@localhost identified by '<set-a-password>';
    grant all on nextcloud.* to 'nextcloud'@localhost;
    \q

11. Go to https://<nextcloud-server>/nextcloud/.
12. set the admin’s login to admin
13. set the admin’s password
14. Expand the ‘Storage & database’ section.
15. leave the default data folder
16. There is probably no option except to use MariaDB/Mysql, but if there is then set the database type to MySQL/MariaDB.
17. click ‘Finish Setup’ and wait.
18. Dismiss the popup that appears about client software.

Apps

1. Due to timeouts, the Community Document Server needs to be downloaded manually from here.

Security and performance

1. For security run:

   a2enmod headers

   and add the following to the vhost config:

   <IfModule mod_headers.c>
       Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
   </IfModule>

2. For performance run:

   apt-get -y install php-apcu

   and edit /var/www/html/config/config.php and add to it:

   'memcache.local' => '\OC\Memcache\APCu',

3. Run:

   service apache2 restart

4. Configure the logging of client IPs.
5. Connect as a normal user.
6. Connect as the admin and go to: N–>Settings–>Administration–>Basic Settings; there should be no warnings.
7. Go to https://scan.nextcloud.com/ and enter the server URL.

See also

• Computing