How to install Nextcloud 18 aka NextcloudHub on Debian Buster with postgreSQL 11.5 php7.4-fpm Apache2 and HTTP/2

Nextcloud 18 (NextcloudHub) was released and there are many new News about it:

see the ChangeLog

But now let us install the new NextcloudHub with postreSQL and php7.4-fpm on Debian Buster.

Requirements:

– an VPS with Debian Buster installed
– shell access and appropriate rights
– One DNS A and possibly AAAA record for our Apache vhost

Step 1: Install postgreSQL

First, we install the postgreSQL as Database-Server:

apt install -y postgresql postgresql-contrib

Now you can connect to postgreSQL with:

root@db01:/# sudo -u postgres psql
psql (11.5 (Debian 11.5-1+deb10u1))
Type "help" for help.

postgres=#

you can get information about connection with:

postgres=#  \conninfo
You are connected to database "postgres" as user "postgres" via socket in "/var/run/postgresql" at port "5432".

and end session with:

postgres-#  \q

Step 2: Install Apache2

With the following command we will install the Apache-Webserver:

apt install -y apache2 apache2-utils

Step 3: Install php7.4-fpm an recommended moduls

Before installing php7.4 we have to add the following Repositories to Debian Buster:

sudo apt -y install lsb-release apt-transport-https ca-certificates
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/sury_php.list
sudo apt update

Now we can start to install the needed packages with the following command:

apt install -y php7.4-cli php7.4-common php7.4-mbstring php7.4-gd php-imagick php7.4-intl php7.4-bz2 php7.4-xml php7.4-pgsql php7.4-zip php7.4-dev php7.4-curl php7.4-fpm php-dompdf redis-server php-redis php-smbclient php7.4-ldap

Step 4: Configure Apache2 and php7.4-fpm

Now we enable the needed modules in Apache2 with:

a2enmod proxy_fcgi setenvif mpm_event rewrite headers env dir mime ssl http2

and after that we activate php7.4-fpm:

a2enconf php7.4-fpm

now we have edit the apache2.conf to allow the usage of .htaccess-files:

nano /etc/apache2/apache2.conf

and change the following code:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

to:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

To enable HTTP/2, we need to add this line to apache2.conf:

Protocols h2 h2c http/1.1

now we have to prepare the php.ini for nextcloud:

nano /etc/php/7.4/fpm/php.ini

extend with the following directives:

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

and adjust the following Lines:

max_execution_time = 300
max_input_time = 600
memory_limit = 512M
upload_max_filesize = 10240M

Afterwards, the web server and php7.4-fpm must be restarted:

systemctl restart apache2 php7.4-fpm

Step 5: Install Certbot and other tools

To request a ssl-sert from LetsEncrypt we use Certbot and the apache-plugin:

apt install python-certbot-apache certbot wget curl sudo unzip

Step 6: Create Database

Before we can install Nextcloud, we first have to create a database in postgreSQL. To do this, we execute the following commands:

sudo -u postgres psql

then execute:

CREATE USER nextcloud WITH PASSWORD 'your-password';
CREATE DATABASE nextclouddb TEMPLATE template0 ENCODING 'UNICODE';
ALTER DATABASE nextclouddb OWNER TO nextcloud;
GRANT ALL PRIVILEGES ON DATABASE nextclouddb TO nextcloud;
\q

Step 7: Download Nextcloud and create filesystem

Now it’s time to download the latest Release of Nextcloud 18 from nextcloud:

wget https://download.nextcloud.com/server/releases/latest-18.zip

and unzip the downloaded archive:

unzip latest-18.zip

Afterwards we move the folder nextcloud to the right place.

we move the entire folder into the path /var/www/html/

mv nextcloud /var/www/html/
chown -R www-data:www-data /var/www/html/nextcloud

You can delete the downloaded archive now:

sudo rm latest-18.zip

For our nextcloud-files we prepare a directory outside of /var/www/html/nextcloud:

mkdir /nextcloud_data

and change the owner to www-data:

chown -R www-data:www-data /nextcloud_data

The document-root for Apache is now /var/www/html/nextcloud

Step 8: Create Apache2 vHost and secure with SSL

To create an Apache vhost, we simply create a new .conf in /etc/apache2/sites-available/:

nano /etc/apache2/sites-available/001-nextcloud.conf

add the following content and adjust your names:

<VirtualHost *:80>
ServerName nextcloud.your-domain.tld
ServerAdmin webmaster@your-domain.tld
DocumentRoot /var/www/html/nextcloud

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

 

then we activate this site and disable the default vHost:

a2ensite 001-nextcloud.conf
a2dissite 000-default.conf
systemctl reload apache2

Since we want to reach the site of course via https, we create a LetEncrypt certificate. The easiest way to do this is with Certbot, which we already installed above:

certbot --apache --rsa-key-size 4096

In the last query, we confirm with „2“ that a redirect should occur.

Certbot then creates a second vhost configuration file, which we then process again:

nano /etc/apache2/sites-available/001-nextcloud-le-ssl.conf

we add the following block under DocumentRoot-directive:

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# Prevent MIME based attacks
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>
# SSL Configuration - uses strong cipher list - these might need to be downgraded if you need to support older browsers/devices
SSLEngine on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On

<Directory /var/www/html/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews

<IfModule mod_dav.c>
Dav off
</IfModule>

SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
Satisfy Any

</Directory>

then we have to reload the webserver again:

systemctl reload apache2

Step 9: Configure Nextcloud

For final configuration, we call our domain in the browser:

and enter the corresponding data, as DB host we enter localhost and the data directory is /nextcloud_data.

You have to finish the Installation with the Button on the botton.

Now, let’s take Nextcloud’s config.php to configure the recommended memory cache:

nano /var/www/html/nextcloud/config/config.php

add the following code:

'memcache.local' => '\OC\Memcache\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
),

It looks like this:

In the basic settings, we customize the background tasks and use cron:

and configure the user’s cron job accordingly www-data(adjust path and/or user if you use another one):

sudo crontab -u www-data -e

add the following line at the end:

*/5 * * * * php7.4 -f /var/www/html/nextcloud/cron.php

Restart Apche2 and php-fpm:

systemctl restart apache2 && sudo systemctl restart php7.4-fpm

Last, we have to add some indices and convert some tables in nextclouddb to big int with the following two commands as user www-data:

sudo -u www-data php7.4 /var/www/html/nextcloud/occ db:add-missing-indices
sudo -u www-data php7.4 /var/www/html/nextcloud/occ db:convert-filecache-bigint

then refresh your browser and Check the Security and Setup Warnings in Settings Overview.

Step 10: ONLYOFFICE if failed during initialization

If the app documentserver_community get not installed during initialization, you could manually install via shell:

cd /var/www/html/nextcloud/apps/
sudo -u www-data wget https://github.com/nextcloud/documentserver_community/releases/download/v0.1.5/documentserver_community.tar.gz
sudo -u www-data tar -xvzf documentserver_community.tar.gz
rm documentserver_community.tar.gz

Check if the app ONLYOFFICE is installed and enabled then enable Community Document Server too, the seetings will published autmatically.

Check that the document server is enabled in ONLYOFFICE Settings:

This is a Guide for fresh Install, if you used OnlyOffice before, then clear all settings in OnlyOffice-App before enabling Community Document Server.

If you forget, the settings will not publish automatically.

the URL for OnlyOffice is:

https://nextcloud.your-domain.tld/index.php/apps/documentserver_community/

Do not forget to configure your mail-settings

Now we have a freshly installed NextcloudHub and can enjoy… Remember: If you find issues within the Nextcloud, then report here on GitHub.

Problems with the tutorial? Then comment below or contact me per Mail or Mastodon.

Happy nextclouding and do not forget to share 🙂