nextcloud

How to install Nextcloud 19 on Ubuntu 20.04 with postgreSQL 12 php7.4-fpm Apache2 and HTTP/2

Nextcloud 19 (NextcloudHub) was released, if you want to read a review, good old Oliver wrote about it.

If you want to know what has changed, read the ChangeLog

If you are ready, then let us install Nextcloud 19 on Ubuntu 20.04 LTS

Requirements:

– a VPS with Ubuntu 20.04 LTS minimal Image installed (you can get one here @netcup with 5€ Discount or start at Hetzner Cloud with 20€ start credits)
– shell access and appropriate rights
– One DNS A and possibly AAAA record for our Apache vhost

Step 1: Install Firewall

First of all, you should install a firewall to secure your VPS (if not installed) and allow incoming traffic to port 80/443 and 22 (ssh) only. For Securing ssh-access you can use fail2ban and passwordless authentication. Many guides for this are out there.

apt install ufw -y
ufw allow http
ufw allow https
ufw allow ssh
ufw enable

Accept with „y“

Step 2: Install postgreSQL 12

First, we install the postgreSQL as Database-Server:

apt install -y postgresql postgresql-contrib

Now you can connect to postgreSQL with:

root@db01:/# sudo -u postgres psql
psql (12.2 (Ubuntu 12.2-4))
Type "help" for help.

postgres=#

you can get information about connection with:

postgres=#  \conninfo
You are connected to database "postgres" as user "postgres" via socket in "/var/run/postgresql" at port "5432".

and end session with:

postgres-#  \q

Step 3: Install Apache2

With the following command we will install the Apache-Webserver:

apt install -y apache2 apache2-utils

Step 4: Install php7.4-fpm an recommended moduls

the package php-smbclient was removed from the offical repository, so you have to add ondrej’s ppa:

echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/php.list

and add the key:

apt-key adv --recv-keys --keyserver hkps://keyserver.ubuntu.com:443 4F4EA0AAE5267A6C

Now you can install php7.4 and moduls with the following command:

apt update && apt install -y php7.4-cli php7.4-common php7.4-mbstring php7.4-gd php-imagick php7.4-intl php7.4-bz2 php7.4-xml php7.4-pgsql php7.4-zip php7.4-dev php7.4-curl php7.4-fpm php-dompdf redis-server php-redis php-smbclient php7.4-ldap php7.4-bcmath php7.4-gmp

Step 5: Configure Apache2 and php7.4-fpm

Now we enable the needed modules in Apache2 with:

a2enmod proxy_fcgi setenvif mpm_event rewrite headers env dir mime ssl http2

and after that we activate php7.4-fpm:

a2enconf php7.4-fpm

now we have edit the apache2.conf to allow the usage of .htaccess-files:

nano /etc/apache2/apache2.conf

and change the following code:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

to:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

To enable HTTP/2, we need to add this line to apache2.conf:

Protocols h2 h2c http/1.1

now we have to prepare the php.ini for nextcloud:

nano /etc/php/7.4/fpm/php.ini

extend with the following directives:

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

and adjust the following Lines:

max_execution_time = 300
max_input_time = 600
memory_limit = 512M
upload_max_filesize = 10240M

Afterwards, the web server and php7.4-fpm must be restarted:

systemctl restart apache2 php7.4-fpm

Step 6: Install Certbot and other tools

To request a ssl-sert from LetsEncrypt we use Certbot and the apache-plugin:

apt install -y python3-certbot-apache certbot wget curl sudo unzip

Step 7: Create Database

Before we can install Nextcloud, we first have to create a database in postgreSQL. To do this, we execute the following commands:

sudo -u postgres psql

then execute:

CREATE USER nextcloud WITH PASSWORD 'your-password';
CREATE DATABASE nextclouddb TEMPLATE template0 ENCODING 'UNICODE';
ALTER DATABASE nextclouddb OWNER TO nextcloud;
GRANT ALL PRIVILEGES ON DATABASE nextclouddb TO nextcloud;
\q

Step 8: Download Nextcloud and create filesystem

Now it’s time to download the latest Release of Nextcloud 19 from nextcloud:

wget https://download.nextcloud.com/server/releases/latest-19.zip

and unzip the downloaded archive:

unzip latest-19.zip

Afterwards we move the folder nextcloud to the right place.

we move the entire folder into the path /var/www/html/

mv nextcloud /var/www/html/
chown -R www-data:www-data /var/www/html/nextcloud

You can delete the downloaded archive now:

sudo rm latest-19.zip

For our nextcloud-files we prepare a directory outside of /var/www/html/nextcloud:

mkdir /nextcloud_data

and change the owner to www-data:

chown -R www-data:www-data /nextcloud_data

The document-root for Apache is now /var/www/html/nextcloud

Step 9: Create Apache2 vHost and secure with SSL

To create an Apache vhost, we simply create a new .conf in /etc/apache2/sites-available/:

nano /etc/apache2/sites-available/001-nextcloud.conf

add the following content and adjust your names:

<VirtualHost *:80>
ServerName nextcloud.your-domain.tld
ServerAdmin webmaster@your-domain.tld
DocumentRoot /var/www/html/nextcloud

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

 

then we activate this site and disable the default vHost:

a2ensite 001-nextcloud.conf
a2dissite 000-default.conf
systemctl reload apache2

Since we want to reach the site of course via https, we create a LetEncrypt certificate. The easiest way to do this is with Certbot, which we already installed above:

certbot --apache --rsa-key-size 4096

In the last query, we confirm with „2“ that a redirect should occur.

Certbot then creates a second vhost configuration file, which we then process again:

nano /etc/apache2/sites-available/001-nextcloud-le-ssl.conf

we add the following block under DocumentRoot-directive:

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# Prevent MIME based attacks
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>
# SSL Configuration - uses strong cipher list - these might need to be downgraded if you need to support older browsers/devices
SSLEngine on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On

<Directory /var/www/html/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews

<IfModule mod_dav.c>
Dav off
</IfModule>

SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
Satisfy Any

</Directory>

then we have to reload the webserver again:

systemctl reload apache2

Step 10: Configure Nextcloud

For final configuration, we call our domain in the browser:

and enter the corresponding data, as DB host we enter localhost and the data directory is /nextcloud_data.

You have to finish the Installation with the Button at the botton.

Now wait some time until all Apps have been installed

When finished, let’s take Nextcloud’s config.php to configure the recommended memory cache:

nano /var/www/html/nextcloud/config/config.php

add the following code:

'memcache.local' => '\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
),

It looks like this:

In the basic settings, we customize the background tasks and use cron:

and configure the user’s cron job accordingly www-data(adjust path and/or user if you use another one):

sudo crontab -u www-data -e

add the following line at the end:

*/5 * * * * php7.4 -f /var/www/html/nextcloud/cron.php

Restart Apache2 and php-fpm:

systemctl restart apache2 && sudo systemctl restart php7.4-fpm

then refresh your browser and Check the Security and Setup Warnings in Settings Overview.

Do not forget to configure your mail-settings

Now we have a freshly installed NextcloudHub and can enjoy… Remember: If you find issues within the Nextcloud, then report here on GitHub.

Problems with the tutorial? Then comment below or contact me per Mail or Mastodon.

If you want a managed nextcloud, then look here.

I will be happy if you would support my work here.

Happy nextclouding and do not forget to share 🙂

5 Gedanken zu „How to install Nextcloud 19 on Ubuntu 20.04 with postgreSQL 12 php7.4-fpm Apache2 and HTTP/2

  1. This would work, except php-smbclient is not available in the 20.04 Ubuntu apt repos, so I was not able to make Postgres work with 20.04 and php. It looks like they did make version 1.0 of this library available for Ubuntu 19.04 and 19.10, but it has not made it to the 20.04 repos yet.

    Any suggestions?

  2. I have a working nextcloud server on my Ubuntu 20.04 LTS. When I try to implement HTTP/2, the server stil works but the Clients stops with an error:
    „HTTP transmission error happened. the server file discovery reply is missing“

      1. Hi,
        I was gooeling around about the problem but nothing seems like a good solution.
        Then I stopped the client on Windows PC and removed the
        .db file and started the synchronization again. For now it looks good.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.