nextcloud

How to install Nextcloud 14 on Ubuntu 18.04 with php7.2-fpm Apache2 and HTTP/2

Today we install Nextcloud 14 on an Ubuntu 18.04 VPS, secure it with LetsEncrypt and deploy it via Apache2 with php-fpm and HTTP / 2.

Requirements:

– an Ubuntu VPS with shell access and appropriate rights
– One DNS A and possibly AAAA record for our Apache vhost

Step 1: LAMP-Stack

First, we install the required LAMP stack via meta-package:

sudo apt install lamp-server^

and secure the mySQL installation:

sudo mysql_secure_installation

Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No:y

There are three levels of password validation policy:

LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 0
Please set the password for root here.

New password:

Re-enter new password:

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.

Normally, root should only be allowed to connect from
‚localhost‘. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named ‚test‘ that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
– Dropping test database…
Success.

– Removing privileges on test database…
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!

Step 2: install needed packages

For the installation of nextcloud and further work we need a few php-modules and other packages, which we install with the following command:

sudo apt install -y libapache2-mod-php7.2 php7.2-cli php7.2-common php7.2-mbstring php7.2-gd php-imagick php7.2-intl php7.2-bz2 php7.2-xml php7.2-mysql php7.2-zip php7.2-dev php7.2-curl php7.2-fpm php-dompdf php-apcu redis-server php-redis php-smbclient php7.2-ldap unzip nano python-certbot-apache

Step 3: configure Apache2 and php-fpm

The following commands enable the required Apache2 modules and php-fpm in Apache2:

sudo a2dismod php7.2 mpm_prefork
sudo a2enmod proxy_fcgi setenvif mpm_event rewrite headers env dir mime ssl http2
sudo a2enconf php7.2-fpm

then we edit the apache2.conf:

sudo nano /etc/apache2/apache2.conf

and change the following code:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

to:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

To enable HTTP/2, we need to add this line to apache2.conf:

Protocols h2 h2c http/1.1

we edit php.ini:

sudo nano /etc/php/7.2/fpm/php.ini

and extend them with the following directives:

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

Afterwards, the web server and php7.2-fpm must be restarted:

sudo systemctl restart apache2
sudo systemctl restart php7.2-fpm

Step 3: Create Database

Before we can use Nextcloud, we first have to create a database. To do this, we execute the following commands:

sudo mysql -u root -p
create database nextcloud;
create user nextcloud@127.0.0.1 identified by 'YOUR_PASSWORD';
grant all privileges on nextcloud.* to nextcloud@127.0.0.1;
flush privileges;
exit;

 

Step 4: Download Nextcloud and create filesystem

Then we download the latest Release of Nextcloud 14:

wget https://download.nextcloud.com/server/releases/latest.zip

and unzip the downloaded archive:

unzip latest.zip

Afterwards we move the unzipped folder to the right place. If we just want to deploy Nextcloud on this server, we can move the data to the /var/www/html/ folder and adjust the permissions.

sudo mv nextcloud/* /var/www/html/
sudo chown -R www-data:www-data /var/www/html/

In order to keep the option of other websites open, we move the entire folder into the path /var/www/html/

sudo mv nextcloud/ /var/www/html/
sudo chown -R www-data:www-data /var/www/html/nextcloud

 

You can delete the downloaded archive now:

sudo rm latest.zip

For our data we prepare a directory outside of /var/www/html/nextcloud:

sudo mkdir /nextcloud_data

and change the owner to www-data:

sudo chown -R www-data:www-data /nextcloud_data

Step 5: Create Apache2 vHost and secure with SSL

To create an Apache vhost, we simply copy the default vhost into a new file and edit it:

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-nextcloud.conf
sudo nano /etc/apache2/sites-available/001-nextcloud.conf

Between „VirtualHost„-block we edit or add the following directives:

ServerName nextcloud.your-domain.tld.tld
ServerAdmin webmaster@dyour-domain.tld.tld
DocumentRoot /var/www/html/nextcloud

then we activate this site and disable the default vHost:

sudo a2ensite 001-nextcloud.conf
sudo a2dissite 000-default.conf
sudo systemctl reload apache2

Since we want to reach the site of course via https, we create a LetEncrypt certificate. The easiest way to do this is with Certbot, which we already installed above:

sudo certbot --apache

In the last query, we confirm with „2“ that a redirect should occur.
Certbot then creates a second vhost configuration file, which we then process again:

sudo nano /etc/apache2/sites-available/001-nextcloud-le-ssl.conf

we add the following block behind DocumentRoot:

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# Prevent MIME based attacks
Header set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>
# SSL Configuration - uses strong cipher list - these might need to be downgraded if you need to support older browsers/devices
SSLEngine on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On

<Directory /var/www/html/nextcloud/>
Options +FollowSymlinks
AllowOverride All

<IfModule mod_dav.c>
Dav off
</IfModule>

SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
Satisfy Any

</Directory>

then we have to restart the webserver again:

sudo systemctl restart apache2

 

Step 6: Configuration Nextcloud

For final configuration, we call our domain in the browser:

and enter the corresponding data, as DB host we enter the IP address 127.0.0.1 and the data directory is /nextcloud_data.

Now, let’s take Nextcloud’s config.php to configure the recommended memory cache:

sudo nano /var/www/html/nextcloud/config/config.php

add the following code:

'memcache.local' => '\OC\Memcache\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
),

In the basic settings, we customize the background tasks and use cron:

and configure the user’s cron job accordingly www-data(adjust path and/or user if you use another one):

sudo crontab -u www-data -e

add the following line:

*/15 * * * * php -f /var/www/html/nextcloud/cron.php

at the end:

sudo systemctl restart apache2
sudo systemctl restart php7.2-fpm

and refresh the browser

In order to send mails from our Nextcloud, we have to enter a smtp-server, because sending via php-mailer is no longer supported. Once we have done that, you should no longer see error messages in the GUI.

Now we have a freshly installed Nextcloud 14 and can enjoy… If you find issues within the Nextcloud, then report here on GitHub.

Problems with the tutorial? Then comment below or mail me. Perhaps you want to connect OnlyOffice or Collabora?

Otherwise Happy Nextclouding and below are share buttons 🙂

5 Gedanken zu „How to install Nextcloud 14 on Ubuntu 18.04 with php7.2-fpm Apache2 and HTTP/2

  1. nice guide 🙂 but i think you forgot to mention the cronjob for the certbot letsencrypt renewal. i usually run it once every two weeks.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.