- Setting up Auditing & Logging of Files/Objects Using Native Windows File Server Tools - 16th October 2020
- Designing Key Performance Indicators (KPI) - 15th July 2020
- DDOS Attacks and Website Hacking - 6th July 2020
To keep things simple in this tutorial, in this setup, the NextCloud server and the data will be on the same server. However, for more advanced users, the DB can be on an separate MySQL server instead of on localhost if needed. The nextcloud servers can also be abstracted from the storage volume (i.e. the files can be stored on a separate volume/mount). If the files are stored on a separate volume, then the design can include elastic scaling by having the nextcloud servers behind an elastic load balancers with each server connecting to a RAID enabled nfs server that has the volume with all the data.
Installation Requirements
- Active Internet Connection
- Open firewall ports for HTTP (80) and HTTPS (443)
- Internet accessible domain that points to your NextCloud server (free domains are available on np-ip.com)
- Operating System – The NextCloud server is a Linux only platform. Clients can run on Wnidows, Mac OS, iOS and Android
- Ubuntu 16.04 (or later) LTS (recommended)
- Red Hat Enterprise Linux 8 (recommended)
- Debian 10 (Buster)
- SUSE Linux Enterprise Server 15
- openSUSE Leap 42.1+
- CentOS 8
- Memory: Minimum of 128MB RAM. 512MB recommended
1. LAMP Stack
Next cloud requires a LAMP stack (previously covered in my tutorial on setting up a self-hosted webserver). The steps covering the installation of the LAMP stack in the webserver tutorial can be reused, or alternatively, a third party, LAMP stack specific tutorial can be used too.
If using the LAMP stack installation section of the webserver tutorial, then please note, DO NOT SETUP TLS/SSL CERTIFICATION (LETSENCRYPT.ORG AND CERTBOT). THIS WILL BE COVERED LATER IN THIS TUTORIAL. It is critical to not install the certification until the correct time in the setup process as incorrect TLS/SSL certification installation will cause the overall installation process to fail.
2. Download and Install the NextCloud Software
Download NextCloud into a folder named nextcloud in your home directory.
1 |
sudo curl -O <nextcloud bz2 download link from nextcloud website> |
Extract nextcloud:
1 |
sudo tar -xjf nextcloud-x.y.z.tar.bz2 |
Copy nextcloud to it’s directory. It must be saved outside of the apache root (/var/www/html
) for security purposes, as storing it there would open all nextcloud files/folders to the wider internet)
1 |
sudo cp -r nextcloud /var/www/ |
Add permissions for apache as a group and user to access the folder:
1 |
sudo chown www-data:www-data /var/www/nextcloud/ -R |
3. Setup the NextCloud Data Base (DB)
Log in to phpmyadmin and a DB with the following
DB Collation: <code>utf8mb4_collation_ci</code>
User with complete access to the nextcloud DB only (not the entire DB instance)
Run the following SQL query:
1 |
FLUSH PRIVILEGES; |
4. Configure Apache
Configure Apache for use by nextcloud by creating a virtual host file.
Create the file:
1 |
sudo nano /etc/apache2/sites-available/nextcloud.conf |
Paste the following into the file and change the highlighted text in red to the correct domain that points to your NextCloud server:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
<VirtualHost *:80> DocumentRoot "/var/www/nextcloud" ServerName nextcloud.your-domain.com ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <Directory /var/www/nextcloud/> Options +FollowSymlinks AllowOverride All <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /var/www/nextcloud SetEnv HTTP_HOME /var/www/nextcloud Satisfy Any </Directory> </VirtualHost> |
Create a symlink to the corresponding file in the sites-enabled folder:
1 |
sudo ln -s /etc/apache2/sites-available/nextcloud.conf /etc/apache2/sites-enabled/nextcloud.conf |
Enable the following apache modules:
1 |
sudo a2enmod rewrite headers env dir mime setenvif ssl |
Install the following php modules:
1 |
sudo apt install php7.0-common php7.0-gd php7.0-json php7.0-curl php7.0-zip php7.0-xml php7.0-mbstring |
Restart apache:
1 |
sudo systemctl restart apache2 |
5. Configure NextCloud
Create a folder for the user data to be stored:
1 |
sudo mkdir /var/www/nextcloud-data/ |
Assign permissions to the folder for apache to be able to use it:
1 |
sudo chown www-data:www-data /var/www/nextcloud-data -R |
Complete the installation wizard via the website: <code><web url of your domain (it will not require “/nextcloud” ></code>
The DB user, password, name will be what was setup when the DB was created (above) the host will be local host
6. Secure the platform with encryption using TLS/SSL
Secure the installation with SSL certification from letsencrypt.
Install letsencrypt client (certbot). First, install the certbot package repository:
1 |
sudo add-apt-repository ppa:certbot/certbot |
Then, update the repository:
1 |
sudo apt-get update |
Install apache plugin:
1 |
sudo apt-get install python-certbot-apache |
Setup the SSL certificate. The certificate can only be setup for domains that are successfully pointing to this particular server; they cannot be used for domains pointing to servers that do not have this instance of this certbot client running (i.e. this server). i.e. the certificate is server instance specific. For advanced users who are using multiple NextCloud servers, it would be best to place the certificate on the load balancer.
1 |
sudo certbot --apache -d <example.com> |
Complete the wizard accordingly
If an error occurs (“the Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA”), then use the following command:
1 |
sudo certbot --authenticator webroot --webroot-path /var/www/nextcloud/ --installer apache -d <domain name> |
Test if installation and setup was successful by visiting: https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest
Test if setup was successful:
1 |
sudo certbot renew --dry-run |
Test if automatic system scheduler has scheduled certbot for automatically renewing/revalidating the certificate. Certbot should be scheduled for running within the next 12 hours in the returned table:
1 |
sudo systemctl list-timers |
Add in the HSTS security header to the SSL config file:
Edit the file:
1 |
sudo nano /etc/apache2/sites-available/nextcloud-le-ssl.conf |
Paste the following lines in the file after <code>SSLCertificateKeyFile</code> line.
1 2 3 |
<IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15768000; preload" </IfModule> |
Restart apache:
1 |
sudo systemctl reload apache2 |
7. Final Steps
Congratulations! NextCloud has been installed. You can now use a nextcloud app (easily available on the app store or on google play), to connect to your NextCloud storage. You can also log in via the web interface by going to your registered NextCloud domain.
Related posts:
Z Tech Blog
Z Tech is a technologist, senior programme director, business change lead and Agile methodology specialist. He is a former solutions architect, software engineer, infrastructure engineer and cyber security manager. He writes here in his spare time about technology, tech driven business change, how best to adopt Agile practices and cyber security.