This article will guide you through the installation and configuration of NextCloud so it can be used as file storage portal for clients. The customisation of the website and apps are only briefly covered as this is well documented on the NextCloud site.
Step 1: Install the OS
Later on the process it helps if you are accessing NextCloud through the FQDN that will eventually be public. To make this happen, add an entry on the local DNS server to resolve the URL.
Install Linux 18.0.4 LTS. NextCloud does support other versions however this guide was written against this version. We have assumed you already have suitable drives and partitions created and formatted. If not, use parted to create them. Please note that the storage partitions such as /dev/sdb1 and the UUIDs used may vary in your deployment.
Elevate to root by typing su and entering the password set during the installation of Ubuntu.
Step 2: Add Storage
Create a mount point for the drive or partition that is being used as the mass storage device, and mount that storage into the operating system.
mkdir /media/datastorage
mount /dev/sdb1 /media/datastorageWe will want this storage to be mounted at startup so we have to edit the fstab file:
Use the blkid command to list the available drives and note down the UUID of the drive that will contain the stored data.
nano /etc/fstabAdd the line below, ensuring the UUID is that of the drive you want to mount. Save and exit.
UUID=c3f8d5ea-8a33-4193-a9e5-6571f7144128 /media/datastorage ext4 defaults 0 0
Use the mount -a command to check the edit you have just made to the file.
Step 3: Install the Pre-Requisites
Now we have a machine set up with the necessary storage partitions we can begin installing the necessary packages that NextCloud requires:
apt-get install apache2 mariadb-server mariadb-client libapache2-mod-php7.2 unzip
apt-get install php7.2-gd php7.2-json php7.2-mysql php7.2-curl php7.2-mbstring
apt-get install php7.2-intl php-imagick php7.2-xml php7.2-zip
apt-get install php-apcu
apt-get install clamav clamav-daemon
apt-get upgradeNow we need to make sure that the Apache web server will follow the shortcuts created by NextCloud
sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/" /etc/apache2/apache2.confStop and start the apache service to let this new setting take effect, then set the service to begin when the system is booted.
systemctl stop apache2.service
systemctl start apache2.service
systemctl enable apache2.service
systemctl stop mariadb.service
systemctl start mariadb.service
systemctl enable mariadb.serviceStep 4: Database Installation
mysql_secure_installationWhen prompted, answer the questions below by following the guide.
- Enter current password for root
- Set root password? [Y/n]: n
- Remove anonymous users? [Y/n]: Y
- Disallow root login remotely? [Y/n]: Y
- Remove test database and access to it? [Y/n]: Y
- Reload privilege tables now? [Y/n]: Y
Restart the database service for the changes to take effect.
systemctl restart mariadb.serviceStep 5: PHP Configuration
Now we can start the configuration of the PHP settings required by the NextCloud web pages.
nano /etc/php/7.2/apache2/php.iniFind and check the values on the following lines. Edit them if necessary to match the ones listed here.
memory_limit = 512M
upload_max_filesize = 10GUncomment the following lines:
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1Step 6: Create the Database
Next we need to create a suitable database for NextCloud to use to store file and user information. Take note of the credentials you set here as you will need them in the final stages of the NextCloud wizard later on. Capital letters and semi-colons are important here.
mysql -u root -p
CREATE DATABASE nextcloud;
CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'your_password_here';
GRANT ALL ON nextcloud.* TO 'nextclouduser'@'localhost' IDENTIFIED BY 'your_password_here' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;Step 7: Install NextCloud
The system is now ready for NextCloud to be installed. The links listed here were known to be working at the time of writing. The link for the latest version can be found on the NextCloud download page.
cd /tmp
wget https://download.nextcloud.com/server/releases/nextcloud-16.0.3.zip
unzip nextcloud-16.0.3.zip
mv nextcloud /var/www/html/nextcloud/
chown -R www-data:www-data /var/www/html/nextcloud/
chmod -R 755 /var/www/html/nextcloud/Step 8: Configure Apache
NextCloud is now installed but the Apache web server doesn’t know anything about it yet.
nano /etc/apache2/sites-available/nextcloud.conf
Then copy and paste the content below into the file and save it. You will need to adjust the URLs used to match your deployment.
<VirtualHost *:80>
ServerAdmin admin@cwc2019partnercontent.com
DocumentRoot /var/www/html/nextcloud/
DocumentRoot /var/www/html/nextcloud/
ServerName cwc2019partnercontent.com
ServerAlias www.cwc2019partnercontent.com
Alias /nextcloud "/var/www/html/nextcloud/"
<Directory /var/www/html/nextcloud/>
Options +FollowSymlinks
AllowOverride All
Require all granted
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>Save the file as you exit.
Get the Apache web server to take notice of all the changes that this install has just made and make it handle web requests in the way we need it to.
a2ensite nextcloud.conf
a2enmod rewrite
a2enmod headers
a2enmod env
a2enmod dir
a2enmod mimeWe need to remove the default site that Apache installs so that the root of the site is NextCloud.
a2dissite 000-default.confTo make the storage partition available to Apache so it can serve the files we need to make some permission changes.
chown -R www-data:www-data /media/datastorage
chmod -R 755 /media/datastorageGet Apache to reload its configuration to take all the changes.
systemctl reload apache2Step 8: Finalising the Install
Web to the Apache server by opening a browser and webbing to the FQDN you set up at the very beginning. You should be presented with the NextCloud final setup.
Set up an administrative user.
The storage filepath will be /media/datastorage unless you used a different one during the initial stages of this document.
Fill in the database fields using the database credentials you used when creating the database in Step 6.
During the installation process a lot of additional settings have been placed in the PHP config file, but we now need to add some more to make the site act as we want it to.
nano /var/www/html/nextcloud/config/config.phpAdd the following lines to the bottom of the file:
'overwritehost' => 'yourdomain.com',
'memcache.local' => '\OC\Memcache\APCu',
'knowledgebaseenabled' => false,
'remember_login_cookie_lifetime' => 60*60*24*1,
'session_lifetime' => 60*60*2,
'skeletondirectory' => '',
'trusted_proxies' => ['192.168.2.16'],
'overwriteprotocol' => 'https',
'overwritecondaddr' => '^192\.168\.2\.16$',
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
'integrity.check.disabled' => true,Also edit the permitted domains array to allow the LAN IP, public IP and URL. If you don’t make this edit you will be served an error page by NextCloud when you try to access the site through different routes.
Restart Apache to get all these PHP changes to take.
systemctl restart apache2.serviceStep 9: Sorting out the Database
During the installation NextCloud, the database does not get optimised and this will trigger errors on the log page later on. This script converts and optimises the database. Some of these commands will report that they have already been done, it just depends on the version of NextCloud you are running.
cd /var/www/html/nextcloud
sudo -u www-data php occ db:convert-filecache-bigint
mysql
SET GLOBAL innodb_file_format=Barracuda;
SET GLOBAL innodb_large_prefix=on;
EXIT;
nano /etc/mysql/mariadb.conf.d/50-server.cnfFind the section labelled ‘InnoDB’ and add these lines to the file:
innodb_large_prefix=true
innodb_file_format=barracuda
innodb_file_per_table=1
Save as you exit and restart the database service.
systemctl restart mariadb.service
mysql
ALTER DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
EXIT;
sudo -u www-data php occ config:system:set mysql.utf8mb4 --type boolean --value="true"After all these changes we need to get NextCloud to repair the database. This process will throw some errors and leave the system in maintenance mode, but we can exit out of that.
sudo -u www-data php occ maintenance:repair
sudo -u www-data php occ maintenance:mode --offOptional Step: Local SSL Certificates
ONLY COMPLETE THE NEXT SECTION IF YOU ARE NOT HOSTING THE SITE BEHIND THE REVERSE PROXY!
For normal installation at CT the SSL certificate and encryption is handled by nginx on the reverse proxy server. If this deployment is not at CT then follow the insructions below to obtain an SSL certificate for the site. Replace the URLs used as necessary to match your new site.
apt-get install python-certbot-apache
certbot --apache -d cwc2019partnercontent.com
nano /etc/letsencrypt/option-ssl-apache.conf
systemclt reload apache2Check that you can now access your site over HTTPS. If successful, continue to the next step. If for any reason this doesn’t work, do not add the next line to the config. Fix this issue first.
If HTTPS is working, add this line to the bottom of file:
nano /etc/letsencrypt/option-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
exit
systemclt reload apache2Step 10: Configure the Anti-Virus
NextCloud automatically runs an antivirus feature to protect the files stored there. The default config needs so updates to make it work well.
nano /etc/clamav/clamd.confEdit the following lines:
MaxDirectoryRecursion 25
MaxFileSize 50M
PCREMaxFileSize 50M
StreamMaxLength 50M
Restart the antivirus service to get the changes to take.
service clamav-freshclam restart
service clamav-daemon restartStep 11: Configure Cron
NextCloud needs a scheduler to perform tasks relating to the website. Several are available but we will use cron.
crontab -u www-data -eYou may be asked which text editor you would like to use. Select 1
*/15 * * * * php -f /var/www/html/nextcloud/cron.phpStep 12: Tidying Up the Email Template
If the name of your site is too long the “Click here to log in” button found in the invite email does not format properly. To get around this we edit the email template to get the button to just say “Login:
nano /var/www/html/nextcloud/lib/private/Mail/EMailTemplate.phpUse the Where is function to search for this text: %7\$s
Replace is with the word Login.
The default email template also has a link to download the NextCloud sync agent which isn’t alway appropriate for the client. You can hide it in the email by commenting out the code that generates it.
For version 16:
Position cursor at line 249 and add the following to the front of the line <!–
Position cursor at line 255 and add the following to the end of the line –>
For version 18:
Position cursor at line 252 and add the following to the front of the line <!–
Position cursor at line 261 and add the following to the end of the line –>
Step 13: Managing Apps
All the following instructions are tweaks made through the settings page if you are logged into the site as an administrator. These are the standard items that are changed but may not be applicable to all deployments.
Enable these Apps
Accessibility, Activity, Antivirus for files Auditing/Logging, Brute-force settings, Collaborative tags, Comments, Deleted Files, File sharing, Log Reader, Monitoring, Notifications, Password Policy, PDF viewer, Ransomeware protection, Share by mail, Text Editor, Theming, Two Factor TOTP Provider, Versions, Video player
Disable these Apps:
Default encryption module, Everyone Group, External storage support, External user support, Federation, First run wizard, Gallery, LDAP user and group backend, Nextcloud announcements, Support, Usage survey
Step 14: Final Settings
Change the administrators profile to some sensible and add a logo as the photo.
Find the Basic Settings menu.
NextCloud requires an email server to send invites and password resets. The easiest one to use is the AWS account managed by Integrated Networks or Software Development. There is a test button which will send an email to the logged in user.
Set background job to Cron if it isn’t already.
Under the Security menu, set the password requirements as needed. Set the Aintivirus to Daemon (Socket)
The Theming menu contains all the customisation for the site and should be used to set the branding and colour scheme as needed.
In the Groupware menu, set it to Disable all
Leave a Reply