November 29, 2022

Install NextCloud On Ubuntu 22.04 LTS – Complete Guide



Overview

Nextcloud is a file hosting system which allows us to store our personal content like documents, pictures, videos etc and share with others. Here we will see How to Install NextCloud On Ubuntu 22.04 LTS this will be a complete guide. Instead of relying on external service providers for our personal and business documents, Nextcloud gives us the freedom to store them on our own servers or in trusted data centers. its a self managed centralized document and file management system. It is Open-Source hence enabling us to use and adapt the application as we need. We have full control over the application. So we can provide our own security measure to secure our contents.

In this tutorial, we are going see How to Install NextCloud On Ubuntu 22.04 LTS. This will be a detail setup, we will increase the performance of Nextcloud and apply the security. the steps we are going to follow.


1. Install PHP and MySQL packages
2. Configure MySQL Server
3. Download, Extract and Apply Permission
4. Install Nextcloud from the Command Line
5. Install and Configure PHP-FPM with Apache

6. Create info.php Page for php feature check
7. Enable Opcache in php
8. Enable APCu in php
9. Install and Configure Redis

10. Install SSL and Enable HTTP2
11. Pretty URLs



1. Install Required Packages

1. Update and Upgrade the Ubuntu Packages

# apt update && apt upgrade


2. install Apache and MySQL Server

# apt install apache2 mariadb-server 


3. Install PHP and other Dependencies and Restart Apache

# apt install libapache2-mod-php php-bz2 php-gd php-mysql php-curl php-mbstring php-imagick php-zip php-ctype php-curl php-dom php-json php-posix php-bcmath php-xml php-intl php-gmp zip unzip wget


4. Enable required Apache modules and restart Apache:

# a2enmod rewrite dir mime env headers
# systemctl restart apache2


2. Configure MySQL Server


1. Login to MySQL Prompt, Just type

# mysql


2. Create MySQL Database and User for Nextcloud and Provide Permissions.

CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'passw@rd';
CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
FLUSH PRIVILEGES;
quit;


3. Download, Extract and Apply Permissions.

Now download the latest Nextcloud archive file, Go to the Nextcloud Download Page. Or you can download from this direct link: https://download.nextcloud.com/server/releases/latest.zip


1. Download and unzip at the /var/www folder

# cd /var/www/
# wget https://download.nextcloud.com/server/releases/latest.zip
# unzip latest.zip


2. Remove the zip file, which is not necessary now.

# rm -rf latest.zip


3. Change the ownership of the nextcloud content directory to the HTTP user.

# chown -R www-data:www-data /var/www/nextcloud/


4. Install NextCloud From the Command Line


We are going to install nextcloud on ubuntu 22.04 from the command line, it will save our time as we are providing all the database and admin credentials for installation. It will install nextcloud silently, we dont have to go through web setup. For detail Nextcloud Command line installation, visit this page.


1. Run the CLI Command

# cd /var/www/nextcloud
# sudo -u www-data php occ  maintenance:install --database \
"mysql" --database-name "nextcloud"  --database-user "nextcloud" --database-pass \
"passw@rd" --admin-user "admin" --admin-pass "admin123"

If everything goes well the command will output “Nextcloud was successfully installed”. We provided very simple user/password, during production setup this must be complex password.

2. nextcloud allows access only from localhost, it could through error “Access through untrusted domain”. we need to allow accessing nextcloud by using ip or domain name.

# vi /var/www/nextcloud/config/config.php

  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'nc.mailserverguru.com',     // we Included the Sub Domain
  ),

  .....
:x    // saving the file


3. Configure Apache to load Nextcloud from the /var/www/nextcloud folder.

# vi /etc/apache2/sites-enabled/000-default.conf

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/nextcloud    // Chan
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Now, Restart Apache Server

# systemctl restart apache2

Now, Go to the Browser and type http:// [ ip or fqdn ] of the server, The below Nextcloud login page will appear.

install nextcloud on ubuntu


The Basic NextCloud Installation on Ubuntu 22.04 is completed, Now we are going to Work for the Performance and Security.



5. Install and Configure PHP-FPM with Apache

Here we will install PHP-FPM, which is faster then the mpm-prefork module, which is the default method of executing php files on apache.

1. Install php-fpm

# apt install php8.1-fpm
# service php8.1-fpm status    // Check the php-fpm is running


2. Check the php-fpm version and Socket.

# php-fpm8.1 -v
# ls -la /var/run/php/php8.1-fpm.sock


3. Disable apache prefork module

# a2dismod php8.1
# a2dismod mpm_prefork


4. Enable php-fpm

# a2enmod mpm_event proxy_fcgi setenvif
# a2enconf php8.1-fpm


5. set required php.ini variables

# vi /etc/php/8.1/fpm/php.ini

upload_max_filesize = 64M 
post_max_size = 96M 
memory_limit = 512M 
max_execution_time = 600
max_input_vars = 3000 
max_input_time = 1000

:x


6. php-fpm pool Configurations

# vi /etc/php/8.1/fpm/pool.d/www.conf

pm.max_children = 64
pm.start_servers = 16
pm.min_spare_servers = 16
pm.max_spare_servers = 32

:x

# service php8.1-fpm restart

7. Apache directives for php files processing by php-fpm

# vi /etc/apache2/sites-enabled/000-default.conf 

<VirtualHost *:80>

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/nextcloud


	<Directory /var/www/nextcloud>
          Options Indexes FollowSymLinks
          AllowOverride All
          Require all granted
	</Directory>

	<FilesMatch ".php$"> 
         SetHandler "proxy:unix:/var/run/php/php8.1-fpm.sock|fcgi://localhost/"          
	</FilesMatch>


	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

:x

# service apache2 restart


6. Create info.php Page for php feature check


Create an info.php page, it will show us either php-fpm, opcache, apcu are enabled with the php.

# cd /var/www/nextcloud

# vi info.php
    <?php phpinfo(); ?>
:x

Now Browse http://nc.mailserverguru.com/info.php, it will show “Server API FPM/FastCGI” if the php-fpm is enabled on the php.

install nextcloud on ubuntu


7. Enable Opcache in php

Opcache is a caching engine for PHP. It stores precompiled script bytecode in shared memory, so parsing php scripts on each request wont be necessary. It increases php file execution and website loading performance.

# vi /etc/php/8.1/fpm/php.ini

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=60

:x

// Now, Restart apache and php-fpm

# systemctl restart php8.1-fpm
# systemctl restart apache2


Now, Check the http://nc.mailserverguru.com/info.php again, it will show the “Opcache is Up and Running”

install nextcloud on ubuntu



8. Enable APCu in php

APCu is the user data caching. It is a local cache for systems. Nextcloud use this for memory caching.


1. Install APCu

# apt install php8.1-apcu

2. Configure Nextcloud to use APCu for memory caching.

# vi /var/www/nextcloud/config/config.php

'memcache.local' => '\OC\Memcache\APCu',

:x

// Restart php-fpm and apache

# systemctl restart php8.1-fpm
# systemctl restart apache2

Now, Check the http://nc.mailserverguru.com/info.php again, it will show the “APCu support Enabled”

apache php apcu



9. Install and Configure Redis

In Nextcloud, Redis is used for local and distributed caching as well as transactional file locking. we used APCu for Local Cahing which is faster then redis. We will use redis for File locking. Nextcloud’s Transactional File Locking mechanism locks files to avoid file corruption during normal operation.


1. Install Redis Server and redis php extension

# apt-get install redis-server php-redis

// Start and Enable Redis Service

# systemctl start redis-server
# systemctl enable redis-server


2. Configure redis to use Unix Scoket than ports

# vi /etc/redis/redis.conf

port 0
unixsocket /var/run/redis/redis.sock
unixsocketperm 770

:x


3. Add apache user to the redis group

# usermod -a -G redis www-data


4. Configure Nextcloud for using redis for File Locking

# vi /var/www/nextcloud/config/config.php

'filelocking.enabled' => 'true',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
     'host'     => '/var/run/redis/redis.sock',
     'port'     => 0,
     'dbindex'  => 0,
     'password' => '',
     'timeout'  => 1.5,
],


:x


5. Enable Redis session locking in php

# vi /etc/php/8.1/fpm/php.ini

redis.session.locking_enabled=1
redis.session.lock_retries=-1
redis.session.lock_wait_time=10000

:x

// Now, Restart php-fpm and apache

# systemctl restart php8.1-fpm
# systemctl restart apache2

Now, we can check redis use, (by enableing the redis port in the redis configuration) by running command “redis-cli MONITOR” , during nextcloud loading it will show live data in the screen.

Now, that we have finished Performance improvement steps. We are going to work for the Security, First of all we will install SSL certificate for nextcloud.


10. Install SSL and Enable HTTP2


1. We will install LetsEncrypt certificate, so, first we need the certbot tools.

# apt-get install python3-certbot-apache -y

2. with the certbot tool, lets request a Certificate for our domain.

# certbot --apache -d nc.mailserverguru.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): munnavai@gmail.com   // Input Email Address

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y   // Press Y here

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y   // Press Y here
Account registered.
Requesting a certificate for nc.mailserverguru.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/nc.mailserverguru.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/nc.mailserverguru.com/privkey.pem
This certificate expires on 2022-10-13.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for nc.mailserverguru.com to /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://nc.mailserverguru.com
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

3. Enable apache HTTP2 module and configure site for the http2 protocols

# a2enmod http2

# vi /etc/apache2/sites-enabled/000-default-le-ssl.conf

<VirtualHost *:443>

        Protocols h2 h2c http/1.1

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/nextcloud
  ......

:x

// Now, Restart Apache

# systemctl restart apache2

4. Test the http2 protocol, by sending http2 request to the web server.

# curl -I --http2 -s https://nc.mailserverguru.com/ | grep HTTP
HTTP/2 200

Or, we can Inspect the Browser during accessing nextcloud url, we can easily see the protocol column from the Network tab, it will show h2 as the protocol which is http2.

apache http2 check


5. HTTP Strict Transport Security, which instructs browsers not allow any connection to the Nextcloud instance using HTTP, it prevents man-in-the-middle attack.

<VirtualHost *:443>
  ServerName nc.mailserverguru.com

    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>

 </VirtualHost>


11. Pretty URL’s

Pretty URLs remove the "index.php” part in all Nextcloud URLs. It will make URLs shorter and prettier.

# vi /var/www/nextcloud/config/config.php

'htaccess.RewriteBase' => '/',
                                 
:x

// This command will update the .htaccess file for the redirection
# sudo -u www-data php --define apc.enable_cli=1 /var/www/nextcloud/occ maintenance:update:htaccess


So, this is it, we have done our nextcloud complete setup on ubuntu 22.04 LTS. Thanks !!





Add comment

Your email address will not be published. Required fields are marked *