How to install Nextcloud 16.0.4 on Ubuntu 16.04

Nextcloud is an open source software that allows users to store their data; files, contacts, calendars, news feed, TO-DO lists and much more. It is a tool for collaboration and sharing. It is a popular alternative to services like DropBox and iCloud. It is a fork of OwnCloud that is completely FOSS(Free and Open Source).

After completing this guide we are going to have the following:

  • A newly installed Nextcloud server
  • PHP caching provided by APCu and Redis
  • Pretty Links
  • SSL enabled with default self-signed certificates.

Requirements:

  • An Ubuntu VPS with shell access and appropriate privileges
  • A Fully Qualified subdomain Name.

Nextcloud don’t really provide detailed information regarding the minimum requirements only advising 512MB of RAM. In this guide, we will use a VPS with 2GB of memory and 20GB of disk space. The amount of storage space can always be increased depending on the amount of data that is to be stored.

Setting Up the Environment

We will use the following steps to set up our environment

Updating the server & Installing Software Packages; LAMP, APCu, Redis

Since this is a new server setup, it’s always a good idea to upgrade the server before we begin.

 sudo apt update && sudo apt upgrade 

NB: It is always good practice to create a non-root user account, assign sudo privileges to it and disable root login.

Installing LAMP

Here, we will be installing Apache, MySQL and PHP along with several Apache/PHP modules to ensure seamless collaboration between packages.

Note:
Before we run the command to install LAMP, we need to add repository for php7.3, certbot and the latest version of apache2. That can be done as follows

sudo apt install -y software-properties-common 
sudo add-apt-repository -y ppa:ondrej/php
sudo add-apt-repository -y ppa:ondrej/apache2
sudo add-apt-repository -y ppa:certbot/certbot 

Now we can go ahead and install the LAMP stack

sudo apt install lamp-server^

The use of ^(caret) in the package name is important as it suggests that the package being installed is a meta-package that is, a number of programs bundled and installed together.

During the installation, you will be prompted to enter the root password for MySQL. Make sure you use a strong password . This password will be used later during Nextcloud setup.

Once the installation is complete, check to ensure that you are using php version that is greater than 7.0. You can disable all other versions of php on the system. We will be using php7.3 in this guide.

Installing APCu and Redis

We will use the command below to do the installation

sudo apt install php-apcu redis-server php-redis
sudo apt update && sudo apt upgrade

Installing Required PHP modules

sudo apt install -y libapache2-mod-php7.3 php7.3-cli 
php7.3-common php7.3-mbstring php7.3-gd php-imagick 
php7.3-intl php7.3-bz2 php7.3-xml php7.3-mysql php7.3-zip 
php7.3-dev php7.3-curl php7.3-fpm php-dompdf php-apcu 
redis-server php-redis php-smbclient php7.3-ldap unzip nano 
python-certbot-apache certbot wget curl

Enabling Apache Modules

We need to enable a few apache modules to support our configuration. Once enabled, restart apache

sudo a2enmod rewrite headers env dir mime
sudo service apache2 restart

Before we proceed, we can check the IP address on the browser to confirm that Apache is indeed up and running. You should see something like this.

Enabling SSL

Currently the server is running on HTTP port 80. We can however configure it to be accessible via a subdomain and then secure the subdomain with SSL. We will use Let’s Encrypt to secure the subdomain.


NB: Make sure the DNS records for the domain are pointing to the IP address of your VPS. Kindly note that the changes may take some time to propagate. Hopefully propagation will be complete before we get to the point where we need to use it.

Let’s encrypt offers a command line tool to issue certificates. Choose a location to download the Let’s encrypt client and make sure it is executable.

cd /home/user/
sudo wget https://dl.eff.org/certbot-auto && sudo chmod a+x certbot-auto

Once the client is downloaded , run the client as below

sudo ./certbot-auto --apache --agree-tos --rsa-key-size 4096 --email user@domain.com 
--redirect -d subdomain.domain.com

Where:
–apache uses the Apache plugin to fully setup and integrate with the existing Apache configuration
–agree-tos simply pre-agrees to the TOS, preventing it popping up during installation
–rsa-key-size defines the length (and therefore security) of the RSA key. Default is 2048.
–email is the email address to register against the certificate (used for reminders by Let’s Encrypt)
–redirect will create both the SSL virtualhost configuration file and add a redirect for HTTP traffic to HTTPS (80 to 443)
-d is the domain to secure

Once the DNS changes have propagated, navigating to the domain allocated to the server will show an SSL-enabled site.


That’s pretty much all there is to it. Let’s Encrypt handles everything from certificate generation to Apache configuration, meaning nothing needs to be done beyond what’s illustrated above.

It is recommended that you add the following snippet to the Let’s Encrypt-created vhost.conf file for security purposes.

<Directory /var/www/html/>    
Options +FollowSymlinks    
AllowOverride All  

<IfModule mod_dav.c>     
Dav off   

</IfModule>   
SetEnv HOME /var/www/html   
SetEnv HTTP_HOME /var/www/html  
</Directory> 

<IfModule mod_headers.c>     
Header always set Strict-Transport-Security "max-age=15768000; preload" 
 </IfModule>

The text above may be pasted under the ServerName line in the file located at /etc/apache2/sites-available/000-default-le-ssl.conf

Since the certificate is only valid for 90 days, we can create a cron job to renew the certificate automatically as below

sudo crontab -e
 0 0 * * 0 /home/user/certbot-auto renew

Before we proceed with installation of Nextcloud, kindly check your subdomain to ensure that it is accessible and SSL-secured.

Installing Nextcloud

With the server environment ready, we can now go an to install Nextcloud.
Navigate to the webroot directory and download and unzip the Nextcloud package as shown below:

cd /var/www/html/
sudo wget https://download.Nextcloud.com/server/releases/latest.zip
sudo unzip latest.zip

Once unzipped, there will be a nextcloud folder situated under /var/www/html/ . At the moment it is owned by the root user. We need to change the ownership so that Apache can have write-access.

sudo chown -R www-data:www-data /var/www/html/nextcloud

Creating the Nextcloud Database

Open a MySQL session using the following command

mysql -u root -p

The password is the one that was defined during the initial installation of the LAMP stack.
Now we can create a dedicated database and user using the following SQL commands

CREATE DATABASE nextcloud;
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'database_password';
GRANT ALL PRIVILEGES ON nextcloud . * TO 'nextcloud'@'localhost';

Once that is done, exit the MySQL session.


On your browser, navigate to subdomain/nextcloud. Hopefully at this point the DNS changes have propagated.

If there are no errors then the installation has been a success. From here we will only need to provide the following details to complete the installation.
• a username and password for the admin account
• Location for the data directory
• database user as configured earlier – nextcloud
• database user password
• database name – nextcloud
• database location – localhost

NB: Data Directory
When selecting the location for the data directory, keeping it in the webroot is only okay and secure provided .htaccess rules work. Apache by default is set up such that these rules are not defined. Failure to define these rules will make your data publicly available and this is a huge security risk. We do not want that.


If the data directory is placed outside /var/www, ensure that the user www-data can write to it. The ownership of the data directory can be modified with the following command.


sudo chown -R www-data:www-data /path/to/data/directory


Once this is done, we can now finish the setup on the web interface and log in.

Enable .htaccess

The .htaccess file doesn’t work because we’ve put Nextcloud in the main /var/www/html webroot controlled by the apache.conf file. By default it is set to disallow .htaccess overrides and we’ll need to change that:

We change that by editing the apache2.conf file as follows:
We change

 
 <Directory /var/www/>                
    Options Indexes FollowSymLinks
    AllowOverride None         
    Require all granted
 </Directory> 

To

<Directory /var/www/>                
    Options Indexes FollowSymLinks
    AllowOverride All         
    Require all granted
 </Directory> 

Once done, save & quit and restart apache

sudo service apache2 restart

Enable Caching

The variation in speed between a Nextcloud server without cache and one that has is massive especially when the file count becomes huge and more multimedia files find their way onto the server.

Caching is very important for maintaining speed and optimizing performance. APCu will handle the caching initially while Redis will manage file locking.

Once the amount of data grows and APCu starts demanding more resources, it would be recommended to configure Redis to take a more active role in distributed caching.


Now let’s configure both APCu and Redis having installed them already earlier on.
Open the Redis configuration file and make the following changes

sudo vim /etc/redis/redis.conf

Find and change port 6379 to port 0
Uncomment the following lines

unixsocket /var/run/redis/redis.sock
unixsocketperm 770

While at the same time changing the permissions from 700 to 770
Save and quit.

Now add the Apache user www-data to the redis group as follows

sudo usermod -a -G redis www-data

Once that is done, restart apache and redis server.

sudo service apache2 restart
sudo service redis-server start

Check to confirm that Redis is up and running.

service redis-server status

Once you have confirmed that redis is up and running, we can go ahead and add the caching configuration to the Nextcloud config file
Open the Nextcloud config

sudo vim /var/www/html/Nextcloud/config/config.php

and add the following lines

'memcache.local' => '\OC\Memcache\Redis',
 'memcache.locking' => '\OC\Memcache\Redis',
 'filelocking.enabled' => 'true',
 'redis' => 
 array (
 'host' => '/var/run/redis/redis.sock',
 'port' => 0,
 'timeout' => 0.0,
 ),

The changes may require a reboot to take effect. Before we do that we can enable redis to start on boot as follows:

sudo systemctl enable redis-server

With that, caching is now configured!

Pretty Links.

This isn’t a necessary step but it does add to the overall aesthetics of the server and the application.
Here we will just be removing the index.php in every URL. Let’s open the Nextcloud config and add the following.

sudo vim /var/www/html/nextcloud/config/config.php
'htaccess.RewriteBase' => '/nextcloud',

Finally, navigate to the following directory and run the command below:

cd /var/www/html/nextcloud
sudo -u www-data php occ maintenance:update:htaccess

You should get a notification that htaccess has been updated successfully

Refresh subdomain/nextcloud to confirm that the index.php has been removed from the URL page.

Updating Maximum Upload

This is an easy step to miss until we try to upload files that are bigger than the defined limit.
By default, PHP comes with a file-upload limit of 2MB. Since this is a personal cloud, we need to allow more flexibility to allow us to upload files that are bigger in size.

To do that, let’s open the PHP config file and update the upload limits as follows

sudo vim /etc/php/7.3/apache2/php.ini
upload_max_filesize =2048M
post_max_size = 2058M

These figures can be tweaked to suit your requirements, however be sure to always give post_max_size a bit more than upload_max_filesize to prevent errors when uploading files that match the maximum allowed upload size.


Once done restart apache using sudo service apache2 restart

Nextcloud and PHP Opcache

Since Nextcloud version 12, additional configuration is required in order to correctly setup PHP Opcache.
You will get the following error until this is resolved

Re-open the php.ini and add the following at the bottom of the file

sudo vim /etc/php/7.3/apache2/php.ini

 ; Nextcloud Opcache settings
 opcache.enable=1
 opcache.enable_cli=1
 opcache.interned_strings_buffer=8
 opcache.max_accelerated_files=10000
 opcache.memory_consumption=128
 opcache.save_comments=1
 opcache.revalidate_freq=1

Save, quit and restart apache with sudo service apache2 restart

Note Regarding Encryption and Backups

Encryption

As we are running our Nextcloud installation on a remote host, it’s a good idea to talk about encryption.

Encrypting your data guarantees that should anyone gain access to your the data hosted on the server, the content of the files won’t be readable.

Encryption however is a complex topic far much beyond the scope of this guide and getting it wrong could lead to data loss.
Nextcloud server-side encryption is not recommended and it is advisable that you consider client-side encryption or any other method of enforcing OS filesystem encryption instead.

Kindly check out Nextcloud admin manual for more details regarding encryption.

Backups

You should never use Nextcloud as a replacement for your typical backup solutions. It is a tool for collaboration and sharing and it’s not advisable to solely rely it as the solution for protecting your data.

Never assume that your data us safe in some remote datacenter . Cloud service providers usually offer no liability and don’t take any responsibility for lost data should the server fail.

The Nextcloud admin manual has outlined how to backup Nextcloud data including the most critical files that need to be backed up. They have also recommended some approaches on how you can achieve that.

Conclusion

Nextcloud is a service platform that empowers self-hosting data and that gives it a big plus over the other solutions.

I hope you had as much fun as I did while doing the whole setup

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *