nextcloud

How to install Nextcloud 15 on Ubuntu with php7.3-fpm Apache2 and HTTP/2

It is time to install Nextcloud 15, so here is a manual to do this on an Ubuntu 16.04 / 18.04 VPS, secure it with LetsEncrypt and deploy it via Apache2 with php-fpm and HTTP/2.

Requirements:

– an Ubuntu VPS with shell access and appropriate rights
– One DNS A and possibly AAAA record for our Apache vhost

Step 1: LAMP-Stack

First, we install the required LAMP stack via meta-package:

sudo apt install lamp-server^

and we secure the mySQL installation:

sudo mysql_secure_installation

Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No:y

There are three levels of password validation policy:

LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 0
Please set the password for root here.

New password:

Re-enter new password:

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.

Normally, root should only be allowed to connect from
‚localhost‘. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named ‚test‘ that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
– Dropping test database…
Success.

– Removing privileges on test database…
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!

Step 2: install needed packages

First, add the following repository for php7.3, certbot and the newest version of apache2:

sudo apt install -y software-properties-common
sudo add-apt-repository -y ppa:ondrej/php
sudo add-apt-repository -y ppa:ondrej/apache2
sudo add-apt-repository -y ppa:certbot/certbot

Next we check if our VPS is on latest software state and install needed updates:

sudo apt update && sudo apt upgrade -y && sudo apt full-upgrade -y

For installation of nextcloud and further work we need a few php-modules and other packages, which we install with the following command:

sudo apt install -y php7.3-cli php7.3-common php7.3-mbstring php7.3-gd php-imagick php7.3-intl php7.3-bz2 php7.3-xml php7.3-mysql php7.3-zip php7.3-dev php7.3-curl php7.3-fpm php-dompdf php-apcu redis-server php-redis php-smbclient php7.3-ldap unzip nano python-certbot-apache certbot wget curl

Step 3: configure Apache2 and php-fpm

The following commands enable the required Apache2 modules and php-fpm in Apache2:

sudo a2dismod php7.3 mpm_prefork
sudo a2enmod proxy_fcgi setenvif mpm_event rewrite headers env dir mime ssl http2
sudo a2enconf php7.3-fpm

then we edit the apache2.conf to allow the usage of .htaccess-files:

sudo nano /etc/apache2/apache2.conf

and change the following code:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

to:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

To enable HTTP/2, we need to add this line to apache2.conf:

Protocols h2 h2c http/1.1

now we have to prepare the php.ini for nextcloud:

sudo nano /etc/php/7.3/fpm/php.ini

extend with the following directives:

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

Afterwards, the web server and php7.3-fpm must be restarted:

sudo systemctl restart apache2 && sudo systemctl restart php7.3-fpm

Step 3: Create Database

Before we can install Nextcloud, we first have to create a database. To do this, we execute the following commands:

sudo mysql -u root -p

enter your password and then execute:

create database nextcloud;
create user nextcloud@127.0.0.1 identified by 'YOUR_PASSWORD';
grant all privileges on nextcloud.* to nextcloud@127.0.0.1;
flush privileges;
exit;

Step 4: Download Nextcloud and create filesystem

Then we download the latest Release of Nextcloud 15 from nextcloud:

wget https://download.nextcloud.com/server/releases/latest-15.zip

and unzip the downloaded archive:

unzip latest-15.zip

Afterwards we move the folder nextcloud to the right place.

If we just want to deploy Nextcloud on this server, we can move the data to the /var/www/html/ folder and adjust the permissions.

sudo mv nextcloud/* /var/www/html/
sudo chown -R www-data:www-data /var/www/html/

In order to keep the option of other websites open, we move the entire folder into the path /var/www/html/

sudo mv nextcloud/ /var/www/html/
sudo chown -R www-data:www-data /var/www/html/nextcloud

You can delete the downloaded archive now:

sudo rm latest-15.zip

For our nextcloud-files we prepare a directory outside of /var/www/html/nextcloud:

sudo mkdir /nextcloud_data

and change the owner to www-data:

sudo chown -R www-data:www-data /nextcloud_data

Step 5: Create Apache2 vHost and secure with SSL

To create an Apache vhost, we simply copy the default vhost into a new file and edit it:

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-nextcloud.conf
sudo nano /etc/apache2/sites-available/001-nextcloud.conf

Between „VirtualHost„-block we edit or add the following directives:

ServerName nextcloud.your-domain.tld.tld
ServerAdmin webmaster@dyour-domain.tld.tld
DocumentRoot /var/www/html/nextcloud

then we activate this site and disable the default vHost:

sudo a2ensite 001-nextcloud.conf
sudo a2dissite 000-default.conf
sudo systemctl reload apache2

Since we want to reach the site of course via https, we create a LetEncrypt certificate. The easiest way to do this is with Certbot, which we already installed above:

sudo certbot --apache

In the last query, we confirm with „2“ that a redirect should occur.

Certbot then creates a second vhost configuration file, which we then process again:

sudo nano /etc/apache2/sites-available/001-nextcloud-le-ssl.conf

we add the following block under DocumentRoot-directive:

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
Header set Referrer-Policy "strict-origin-when-cross-origin"
# Prevent MIME based attacks
Header set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>
# SSL Configuration - uses strong cipher list - these might need to be downgraded if you need to support older browsers/devices
SSLEngine on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On

<Directory /var/www/html/nextcloud/>
Options +FollowSymlinks
AllowOverride All

<IfModule mod_dav.c>
Dav off
</IfModule>

SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
Satisfy Any

</Directory>

then we have to restart the webserver again:

sudo systemctl restart apache2

Step 6: Configuration Nextcloud

For final configuration, we call our domain in the browser:

and enter the corresponding data, as DB host we enter the IP address 127.0.0.1 and the data directory is /nextcloud_data.

Now, let’s take Nextcloud’s config.php to configure the recommended memory cache:

sudo nano /var/www/html/nextcloud/config/config.php

add the following code:

'memcache.local' => '\OC\Memcache\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
),

Then we have to run the following command to update the database-tables of our nextcloud instance:

sudo -u www-data php7.3 /var/www/html/nextcloud/occ db:convert-filecache-bigint

In the basic settings, we customize the background tasks and use cron:

and configure the user’s cron job accordingly www-data(adjust path and/or user if you use another one):

sudo crontab -u www-data -e

add the following line at the end:

*/15 * * * * php7.3 -f /var/www/html/nextcloud/cron.php

Restart Aapche2 and php-fpm:

sudo systemctl restart apache2 && sudo systemctl restart php7.3-fpm

and refresh your browser

In order to send mails from our Nextcloud, we have to enter a smtp-server, because sending via php-mailer is since NC14 not supported. Now you should no longer see error messages in the GUI.

Now we have a freshly installed Nextcloud 15 and can enjoy… Remember: If you find issues within the Nextcloud, then report here on GitHub.

Problems with the tutorial? Then comment below or contact me per Mail or Mastodon.

Happy nextclouding and do not forget to share 🙂

24 Gedanken zu „How to install Nextcloud 15 on Ubuntu with php7.3-fpm Apache2 and HTTP/2

  1. Please note that it is not neccessary to install libapache2-mod-php7.3 (this is only needed if you use Apache’s mpm_prefork).
    There are 3 options of which only one has to be installed: libapache2-mod-php7.3, php7.3-fpm and php7.3-cgi.

  2. at the web page

    ………………………………………………………………..
    Error

    PHP module dom not installed.

    Please ask your server administrator to install the module.

    PHP module XMLWriter not installed.

    Please ask your server administrator to install the module.

    PHP module XMLReader not installed.

    Please ask your server administrator to install the module.

    PHP module libxml not installed.

    Please ask your server administrator to install the module.

    PHP module mbstring not installed.

    Please ask your server administrator to install the module.

    PHP module GD not installed.

    Please ask your server administrator to install the module.

    PHP module SimpleXML not installed.

    Please ask your server administrator to install the module.

    PHP module cURL not installed.

    Please ask your server administrator to install the module.

    PHP modules have been installed, but they are still listed as missing?

    Please ask your server administrator to restart the web server.

      1. Your command did not work I used
        dpkg –get-selections > ~/InstalledPackages.list

        php-apcu install
        php-apcu-bc install
        php-common install
        php-dompdf install
        php-font-lib install
        php-igbinary install
        php-imagick install
        php-mysql install
        php-pear install
        php-redis install
        php-smbclient install
        php-zip install
        php7.2-cli install
        php7.2-common install
        php7.2-json install
        php7.2-mysql install
        php7.2-opcache install
        php7.2-readline install
        php7.2-zip install
        php7.3-bz2 install
        php7.3-cli install
        php7.3-common install
        php7.3-curl install
        php7.3-dev install
        php7.3-fpm install
        php7.3-gd install
        php7.3-intl install
        php7.3-json install
        php7.3-ldap install
        php7.3-mbstring install
        php7.3-mysql install
        php7.3-opcache install
        php7.3-readline install
        php7.3-xml install
        php7.3-zip

        1. It works, but copy and paste not. It is a double – before list…

          Did you a clean install on Ubuntu? The Output shows more than php7.3, so i think you still on php7.0 or 7.2.
          So it would better if you post more details the next time 😉

          If you on php7.0 or php7.2 you have to disable this before php7.3 will get activated.

          a2dismod php7.0
          a2dismod php7.2

          Then again:

          sudo a2dismod php7.3 mpm_prefork
          sudo a2enmod proxy_fcgi setenvif mpm_event rewrite headers env dir mime ssl http2
          sudo a2enconf php7.3-fpm

          And control the output of the commands.

          1. Hopefully this is last error and this was a fresh install

            Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [1045] Access denied for user ’nextcloud’@’localhost‘ (using password: YES)

  3. Thank you for your detailed documentation. I only installed cerbot after the finalization of the web set-up page of Nextcloud on my browser. It all works fine. But I can not find the /var/www/html/nextcloud/config/config.php.
    It is located at /var/www/html/config/config.php
    In the directory /var/www/html/nextcloud/ are only the .htaccess and .user.ini files!!!
    So when I open the nextcloud page the message appear: Access through untrusted domain and there is no ADD button.

    What could be the reason?
    Thank you for your advice.

    1. Your welcome. 🙂

      Did you follow the complete guide? In which Directory Did you move the files? First or Second command with mv?

      What does ls -lah /var/www/html/ and ls -lah /var/www/html/nextcloud show?

      Regards

      1. Thank you Markus for your help and advice. here you have the following outputs.

        ls -lah /var/www/html/
        total 164K
        drwxr-xr-x 16 www-data www-data 4.0K Jan 9 15:02 .
        drwxr-xr-x 3 root root 4.0K Jan 9 11:46 ..
        -rw-r–r– 1 www-data www-data 92 Jan 9 15:02 .htaccess
        drwxr-xr-x 32 www-data www-data 4.0K Dec 10 11:26 3rdparty
        -rw-r–r– 1 www-data www-data 12K Dec 10 11:21 AUTHORS
        -rw-r–r– 1 www-data www-data 34K Dec 10 11:21 COPYING
        drwxr-xr-x 39 www-data www-data 4.0K Dec 10 11:24 apps
        drwxr-xr-x 2 www-data www-data 4.0K Jan 10 11:35 config
        -rw-r–r– 1 www-data www-data 3.6K Dec 10 11:21 console.php
        drwxr-xr-x 18 www-data www-data 4.0K Dec 10 11:26 core
        -rw-r–r– 1 www-data www-data 4.9K Dec 10 11:21 cron.php
        drwxrwx— 5 www-data www-data 4.0K Jan 9 15:05 data
        -rw-r–r– 1 www-data www-data 156 Dec 10 11:21 index.html
        -rw-r–r– 1 www-data www-data 3.1K Dec 10 11:21 index.php
        drwxr-xr-x 6 www-data www-data 4.0K Dec 10 11:21 lib
        drwxr-xr-x 2 www-data www-data 4.0K Jan 11 16:22 nextcloud
        -rw-r–r– 1 www-data www-data 283 Dec 10 11:21 occ
        drwxr-xr-x 2 www-data www-data 4.0K Dec 10 11:21 ocm-provider
        drwxr-xr-x 2 www-data www-data 4.0K Dec 10 11:21 ocs
        drwxr-xr-x 2 www-data www-data 4.0K Dec 10 11:21 ocs-provider
        -rw-r–r– 1 www-data www-data 2.9K Dec 10 11:21 public.php
        -rw-r–r– 1 www-data www-data 5.1K Dec 10 11:21 remote.php
        drwxr-xr-x 4 www-data www-data 4.0K Dec 10 11:21 resources
        -rw-r–r– 1 www-data www-data 26 Dec 10 11:21 robots.txt
        drwxr-xr-x 12 www-data www-data 4.0K Dec 10 11:24 settings
        -rw-r–r– 1 www-data www-data 2.2K Dec 10 11:21 status.php
        drwxr-xr-x 3 www-data www-data 4.0K Dec 10 11:21 themes
        drwxr-xr-x 2 www-data www-data 4.0K Dec 10 11:23 updater
        -rw-r–r– 1 www-data www-data 363 Dec 10 11:25 version.php

        ls -lah /var/www/html/nextcloud
        total 16K
        drwxr-xr-x 2 www-data www-data 4.0K Jan 11 16:22 .
        drwxr-xr-x 16 www-data www-data 4.0K Jan 9 15:02 ..
        -rw-r–r– 1 www-data www-data 2.8K Dec 10 11:21 .htaccess
        -rw-r–r– 1 www-data www-data 163 Dec 10 11:21 .user.ini

        best regards and a happy successfull New Year 2019

        herman

  4. Before php7.3 installation on Ubuntu 18.04
    sudo apt install -y libapache2-mod-php7.3 php7.3-cli……
    add repository
    sudo add-apt-repository universe

    1. Hi,
      they are enabled by default. This also applies to the Server installation when using the Alternate Installer.
      If you buy a VPS it depends on the configuration of your Service Provider.
      I always use the repository of ondrej for apache2 and php.

      Regards Markus

  5. This is the new error:

    sudo apachectl -t
    AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‚ServerName‘ directive globally to suppress this message
    Syntax OK

    1. White Spaces and special characters have been removed. Copy and Paste should not bring any errors. I will investigate this even more closely, if there is a connection with the new editor of WordPress 5.
      Thank you for contacting me.

    2. Maybe this could help:
      Error Debian Apache Webserver :
      Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for Server Name
      Solution: Rechnernamen festlegen
      # echo DOMAIN > /etc/hostname
      # /bin/hostname -F /etc/hostname

  6. AH00526: Syntax error on line 32 of /etc/apache2/sites-enabled/001-nextcloud-le-ssl.conf:
    SSLCertificateFile: file ‚/etc/letsencrypt/live/cloud.realprivacy.xyz/fullchain.pem‘ does not exist or is empty
    Action ‚-t‘ failed.
    The Apache error log may have more information.

Schreibe einen Kommentar zu Dan Antworten abbrechen

Deine E-Mail-Adresse wird nicht veröffentlicht.