Configuring Nextcloud (revision 2.1)

Introduction

This page describes how Alexis Huxley installed the Nextcloud (a fork of ownCloud) server software on his own systems.

The basic procedure is:

1. install a dumb back-end webserver
2. configure a front-end webserver to proxy to it
3. install Nextcloud on the back-end webserver
4. install plugins

Apache installation

1. Run:

   apt-get -y install apache2

2. Disable default sites and ports by running:

   rm /etc/apache2/sites-available/*
   sed -r -i 's/^(Listen 80)/#\1/' /etc/apache2/ports.conf

3. Set some environment varialbes needed in the rest of the procedure:

   FQHN=$(hostname -f)

4. Create /etc/apache2/sites-available/$FQHN-ssl.conf, containing:

   <VirtualHost *:443>
       ServerName FQHN
       CustomLog ${APACHE_LOG_DIR}/FQHN-access.log combined
       ErrorLog ${APACHE_LOG_DIR}/FQHN-error.log
       LogLevel warn
       ServerSignature Off  
   
       SSLEngine On
       SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
       SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
   
       DocumentRoot /var/www/html
   </VirtualHost>

   and substitute the markers by running:

   sed -i "s/FQHN/$FQHN/g" /etc/apache2/sites-available/$FQHN-ssl.conf

5. Run:

   a2enmod ssl
   a2ensite $FQHN-ssl
   systemctl restart apache2

6. Test by running:

   date > /var/www/html/index.html
   w3m -dump https://$FQHN/
   rm /var/www/html/index.html

7. See the section ‘Heavyweight web services: proxying to a backend webserver’ of Configuring web services (revision 2).

Nextcloud installation

1. On the backend webserver run:

   apt-get -y install php7.3-mysql php7.3-common php7.3-bz2 php7.3-intl \
     php7.3-ldap php-smbclient php-ssh2 php7.3-imap php7.3-gmp \
     php-imagick ffmpeg libreoffice php7.3-cli php7.3-gd php7.3-zip php7.3-xml \
     php7.3-curl php7.3-mbstring libapache2-mod-php php7.3-bcmath \
     libmagickcore-6.q16-6-extra php-memcache php-xml-svg

   (This list is taken from the official documentation.)

2. Edit /etc/apache2/sites-available/$FQHN-ssl.conf and add:

   <Directory /var/www/html/>
     Require all granted
     AllowOverride All
     Options FollowSymLinks MultiViews
     <IfModule mod_dav.c>
       Dav off
     </IfModule>
   </Directory>

3. Run:

   a2enmod rewrite
   a2enmod env
   a2enmod dir
   a2enmod mime
   systemctl reload apache2

4. Go here, click ‘Download for server’, then click ‘Details and Download options’ and copy the link for the ‘.tar.bz2’ download.
5. On the backend webserver run:

   wget <link>
   tar xjf ~/nextcloud-*.tar.bz2 --strip-components=1 --directory=/var/www/html
   chown -R www-data:www-data /var/www/html
   

6. Create /var/www/html/config/config.php containing only:

   <?php
   $CONFIG = array(
   );

   and then run:

   chown www-data:www-data /var/www/html/config/config.php

7. Configure pretty URLs within Nextcloud by adding to /var/www/html/config/config.php between the round brackets:

   'overwrite.cli.url' => 'https://nextcloud.pasta.freemyip.com',
   'htaccess.RewriteBase' => '/',

8. Add both the back-end and front-end webserver names to /var/www/html/config/config.php between the round brackets:

   'trusted_domains' => array (
       0 => 'nuvole.pasta.net',
       1 => 'nextcloud.pasta.freemyip.com',
     ),
   'overwritehost' => 'nextcloud.pasta.freemyip.com',

9. Clone the trusted_domains setting to trusted_proxies; this will prevent a security warning later.
10. Visit https://$FQHN/ or preferably the front-end webserver, which should prompt for admin account details and database details. Don’t fill anything in yet; we’ll do that in a moment.
11. Create a database as follows:

    apt-get install mariadb-server
    mariadb
    create database nextcloud;
    create user 'nextcloud'@localhost identified by '<set-a-password>';
    grant all on nextcloud.* to 'nextcloud'@localhost;
    \q

12. Go to https://<nextcloud-server>/nextcloud/.
13. Set the admin’s login to admin.
14. Set the admin’s password.
15. Expand the ‘Storage & database’ section.
16. Leave the default data folder.
17. There is probably no option except to use MariaDB/Mysql, but if there is then set the database type to MySQL/MariaDB.
18. Click ‘Finish Setup’ and wait.
19. Dismiss the popup that appears about client software.
20. Configure the logging of client IPs.
21. Go to Settings–>Basic Settings and set background jobs to run via Cron. Then edit /etc/cron.d/nextcloud and add the following:

    */30 * * * * www-data php -f /var/www/html/cron.php

Security

Click on ‘Overview’ in the left panel and review any security and setup warnings. I had to do the stuff detailed below. But note that I was unable solve the error:

The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If not, this is a security issue and can allow an attacker to spoof their IP address as visible to the Nextcloud. Further information can be found in the documentation.

1. Edit /etc/php/7.3/apache2/php.ini and increase memory_limit to 512M.
2. Edit /etc/apache2/sites-available/$FQHN-ssl.conf, add:

   <IfModule mod_headers.c>
       Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
   </IfModule>

   and run:

   a2enmod headers
   systemctl restart apache2

3. Run:

   apt-get -y install php-apcu

   and edit /var/www/html/config/config.php and add to it:

   'memcache.local' => '\OC\Memcache\APCu',

   and run:

   service apache2 restart

4. Go to https://scan.nextcloud.com/ and enter the server URL.
5. Disable Flows (I don’t need them) by:
   1. Install the OccWeb app.
   2. Use the OccWeb app to run the command:

      config:app:set workflowengine user_scope_disabled --value yes

      (See here for more details.)

See also

• Computing