In this Howto I will show you to install Nextcloud 17 on a Plesk VPS with nginx only
If you want to install Nextcloud via the Extension „Nextcloud“ (Beta-State) then follow this guides:
webdeasy English-Version
or
webdeasy German Version
Then come back and switch to nginx-only.
Nextcloud recommends the use of a MemoryCache. If we have ssh-access to our server, we install redis for this. Redis is an in-memory database with a simple key-value data structure and belongs to the family of NoSQL databases.
If you want to know more, follow this link.
The following command installs the appropriate package:
sudo apt-get install redis-server
please check the status of redis:
sudo systemctl status redis
Output:
Prepare vHost:
In Plesk we create the subdomain under domains:
and secure it with LetsEncrypt:
Within the subdomain we use the file manager:
and remove all files and directories:
Now we have to download the Nextcloud-Webinstaller from the following URL to our workstation:
Before we upload it to our Webspace in Plesk, we have to edit the following line in an editor of our choice:
Change from:
// Nextcloud version
define('NC_VERSION', '16.0.3');
to:
// Nextcloud version
define('NC_VERSION', '17.0.0');
and then upload:
In Apache/NGINX settings of the subdomain, we set the following values for Additional nginx directives (Customize Domain / Subdomain):
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:updater|ocs-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
location ~ \.(?:css|js|woff2?|svg|gif)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
}
NGINX-Settings:
In PHP settings we set the version to 7.2.x or 7.3.x and enter the following value under OPEN-Base-Dir:
{WEBSPACEROOT}{/}{:}{TMP}{/}:/dev/urandom:/proc/meminfo
in section disable_functions you have to delete opcache_get_status and insert none.
Don’t forget to adjust the upload_max_filesize and post_max_size values.
as example we can use the following values if you want to upload files not greater than 2 GB:
Then set pm to dynamic and adjust, as example:
At the bottom of the page under Additional configuration instructions, we set following parameters:
opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1 [php-fpm-pool-settings] env[PATH] = /usr/local/bin:/usr/bin:/bin
To allow uploading large files, we have to adjust the nginxClientMaxBodySize in panel.ini of Plesk:
We can do this in two ways, the easiest way is to edit the file with nano:
sudo nano /opt/psa/admin/conf/panel.ini
and we add the following content:
[webserver] nginxClientMaxBodySize = 2048M
or you can install the „Panel.ini Editor“-Extension of Plesk and edit the file in Plesk:
Do not to forget to save this file.
Among the hosting settings, we have to set the 301 redirect (http to https) and run php set to FPM Application served by nginx:
Prepare Database
Add a database within the subdomain:
and accept or adjust the following settings and write them down for later use:
Finish the installation
Via the web browser, we call our Nextcloud-Webinstaller and complete the Installation now:
https://nextcloud.your-domain.tld/setup-nextcloud.php
In the next step, we enter a single „.“ into the field:
And after another click on „Next“, we should see the success of the installation:
The next step is to adjust the settings:
If we are logged in, we have to edit the config.php in config directory in Plesk via File Manager and insert the following block for the cache behind the „Trusted Domains-Array“ (if redis is installed):
'memcache.distributed' => '\\OC\\Memcache\\Redis', 'memcache.local' => '\OC\Memcache\\Redis', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'redis' => array( 'host' => 'localhost', 'port' => 6379, ),
it should look like this:
If we have ssh-access (as root or Plesk-User), then we can create a CRON job (adjust user) for Nextcloud-Background-Jobs:
you can find the user in the domain view of plesk:
as example with my User as root:
sudo crontab -u nextclouding.de -e
if you have ssh-Access as Plesk-User „nextclouding.de“ than:
crontab -e
and enter the following lines (customize domain and subdomain):
for php7.2:
SHELL="/bin/sh" */15 * * * * /opt/plesk/php/7.2/bin/php -f 'nextcloud.your-domain.tld/cron.php' > /dev/null
for php7.3:
SHELL="/bin/sh" */15 * * * * /opt/plesk/php/7.3/bin/php -f 'nextcloud.your-domain.tld/cron.php' > /dev/null
Sometimes it is also possible to add a task via the GUI:
Otherwise, we use an external WebCron service, for example EasyCron.
The URL that needs to be called is:
https://nextcloud.domain.tld/nextcloud/cron.php
Among the basic settings, we check Nextcloud for errors and subsequently also in Plesk in the subdomain under logs.
If you have problems or questions, suggestions, don’t hesitate to contact me.
See you and happy Nextclouding 🙂
22 Gedanken zu „How to install Nextcloud 17 within Plesk with nginx only“
how can i change the nginx directives, if nextcloud was installed in a subfolder. Thank you.
Examples are here:
https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
hello, beautiful guide. on the internet I found this other guide. But the NGINX directives are different!
https://foxly.de/article/10-nextcloud-unter-plesk-installieren/
Thank you
It can be. At the time of publication, these were Nextcloud’s recommended directives. You can always find the latest under the following link:
https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
Many thanks for the great and detailed installation instructions. so far so good
Unfortunately I can’t find a solution to remove the index.php from the webaddress and create the so-called „short url“.
I have already adapted the config.php according to the documentation, even without success. Maybe it is because of the configuration of Plesk?
Maybe somebody has a hint or an approach for me – would be really great.
thanks a lot and best greetings from the bergisch country.
Thank you, Markus, for this brilliant Tutorial. I am using it with NC 18 and with Nginx in Proxy mode because i didn’t succeed to set it up with Nginx and the rewrite to get rid of /index.php/ within the shared links. I am using your open_basedir settings, but I am receiving this PHP Errors every minute. Also I have tested: {WEBSPACEROOT}/logs/:{DOCROOT}{/}{:}{TMP}{/}:/dev/urandom:/proc/meminfo
„`Error PHP: is_writable(): open_basedir restriction in effect. File(/var/www/vhost/example.com/logs) is not within the allowed path(s): (/var/www/vhosts/example.com/logs/:/var/www/vhosts/example.com/httpdocs/:/tmp/:/dev/urandom:/proc/meminfo) at /var/www/vhosts/example.com/httpdocs/lib/private/Log/File.php#62
Error PHP: file_exists(): open_basedir restriction in effect. File(/var/www/vhost/example.com/logs/nextcloud.log) is not within the allowed path(s): (/var/www/vhosts/example.com/logs/:/var/www/vhosts/example.com/httpdocs/:/tmp/:/dev/urandom:/proc/meminfo) at /var/www/vhosts/example.com/httpdocs/lib/private/Log/File.php#59„`
Maybe you have a hint for me.
Hey! For the past few weeks I’ve been getting this error message:
„The read-only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update.“
Which file permissions should I use for „config.php“ with ubuntu, plesk and ngnix?
Thanks!
Hi,
the file permissions for config.php -> „rw- r- – – – -“ user psacln
Markus
That’s exactly the setting I have. Does the error message have any practical consequences? I notice nothing…
Check the content of config.php. is there an entry like ‚config_is_read_only‘ => ?
Thanks, that was the hint. I didn’t add the line to the config-file.
i deleted the line and the error message is gone…
You are welcome 😉
Hi Markus,
thanks for the great blog. With its help I have Nextcloud up and running but can’t get rid of following errors in the admin overview, so the corresponding „location“ commands seem not to work for me:
„Your web server is not properly set up to resolve „/.well-known/caldav“. Further information can be found in the documentation.
Your web server is not properly set up to resolve „/.well-known/carddav“. Further information can be found in the documentation.“
I see in the logs of the webserver 405 errors in regards to PROPFIND and /.well-known/caldav and carddav, has this method to be specifically enabled?
In addition I also have webserver errors in regards to access to /data/.ocdata (403 or 10529#0: *3707821 openat() „/var/www/vhosts/xxx/data/.ocdata“ failed (13: Permission denied))
Any idea what still needs to be done?
Thanks,
Volker
Hi Volker, thank you for your feedback. Which browser you are using? Have you tried another one or to flush the Cache? (F5). I think there was a similar issue with firefox some time ago.
Are you able to use webdav or webcal?
Markus
Are there any Changes need in the configuration because of the security risk with NGINX?
See announcement: https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
Would be fantastic if you could update the articel if needed
Hi, the config of this guide not, perhaps plesk itself. I await an answer from plesk support.
Are the customized nginx-directives affeced by https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/ ?
Hi, the config of this guide not, perhaps plesk itself. I await an answer from plesk support.
Hi at all, the directives are not affected. Plesk itself ist not affected, too. Plesk has updated the affected php-versions today
When Nextcloud security check will say A+
does this mean, that I’ve close the risk mentioned above?
The check says: no known vulnerabilities
I think so, but this answer can give you only nextcloud itself ?
Hi Markus
Thank you very much for this great tutorial! My old question again: is there a way to use pretty url (withouth the index.php in the link bar)? This would make me very happy ?
Best wishes
Lu