NextCloud is a client-server software suite for storing and sharing files, which works similarly to DropBox and Google Drive. However, NextCloud is free, as long as you provide the web server and storage space.
Trunked from the ownCloud project years ago, NextCloud now offers a better catalog of applications than its ancestor. NextCloud also provides more features than ownCloud.
In this tutorial, we’ll see how to deploy an Ubuntu server to install NextCloud.
Step # 1: Creating a DigitalOcean Droplet
To host your NextCloud platform, I recommend you try a Droplet from DigitalOcean. A Droplet is a DigitalOcean cloud server instance, and charges are per minute. Use this link to get a $ 50 US credit to try DigitalOcean; you have nothing to lose.
DigitalOcean lets you deploy a fully configured, ready-to-use LAMP server (Linux, Apache, MariaDB, and PHP). However, we will manually install the LAMP stack on Ubuntu 18.04 to understand the workings.
To create a new cloud server, click “Create” from the DigitalOcean control panel:
Then select the Ubuntu 18.04 x64 operating system. Note that versions 18.10 and 19.04 are equally valid. However, these are not LTS (Long Term Support) versions.
As for the resources allocated to the cloud server, I concluded that a minimum of 3GB of RAM is needed to host NextCloud with ClamAV antivirus. With only 2GB of RAM, the ClamAV service could not boot, and NextCloud was very slow.
Then specify the desired location for your Droplet:
Enter the hostname for your new server:
Then click on “Create” to initiate the Droplet creation. Once the Droplet is active, note down its IP address:
Add this IP address to your domain’s DNS records:
In the meantime, check your email box. You will find a DigitalOcean email containing the “root” password of your Droplet.
Step # 2: Installing Apache, PHP 7.2, and MariaDB
Log in to your server as “root” using an SSH client. Perform a full OS and application update:
apt update -y && apt upgrade -y
service apparmor stop update-rc.d -f apparmor remove apt-get remove apparmor apparmor-utils
Then install the required software packages:
apt-get -y install apache2 apache2-doc apache2-utils libapache2-mod-php php7.2 php7.2-common php7.2-gd php7.2-mysql php7.2-imap php7.2-cli php7.2-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear mcrypt imagemagick libruby libapache2-mod-python php7.2-curl php7.2-intl php7.2-pspell php7.2-recode php7.2-sqlite3 php7.2-tidy php7.2-xmlrpc php7.2-xsl memcached php-memcache php-imagick php-gettext php7.2-zip php7.2-mbstring php-redis php-soap php7.2-soap php7.2-opcache php-apcu php7.2-fpm certbot software-properties-common redis-server php-redis
Enable the necessary Apache modules:
a2enmod suexec rewrite ssl actions include cgi dav_fs dav auth_digest headers proxy_fcgi alias
Create a new Apache configuration file:
Insert the directives to prevent HTTPOXY attacks:
<IfModule mod_headers.c> RequestHeader unset Proxy early </IfModule>
Save the file and exit the editor. Activate the new configuration:
Check if the “ufw” firewall is active using this command:
If the firewall is active, add a rule allowing access to ports 80 and 443:
ufw allow 'Apache Full' ufw delete allow 'Apache'
Restart the Apache service:
systemctl restart apache2
Generating a Let’s Encrypt SSL Certificate
Let’s Encrypt is a nonprofit certification authority that provides free SSL certificates. To create a Let’s Encrypt certificate, add the “certbot” repository:
Install the “certbot” package for Apache:
apt install python-certbot-apache
Now use “certbot” to generate an SSL certificate creation request:
certbot --apache -d cloud.webhostinghero.net
Enter your email address:
Finally, “certbot” offers to configure Apache to redirect all traffic “HTTP” to “https.” Select option # 2 to apply this choice:
systemctl restart apache2
By default, Apache uses the FastCGI module to manage PHP processes. However, we will use PHP-FPM (PHP FastCGI Process Manager) because it’s more efficient.
Activate the PHP-FPM module for Apache:
PHP-FPM uses FastCGI “pools” to handle PHP runtime requests. Edit the default pool configuration file:
At the very end of the file, change the memory limit for this PHP-FPM pool:
php_admin_value[memory_limit] = 512M
Enable and start the PHP-FPM service:
systemctl enable php7.2-fpm systemctl start php7.2-fpm
Modify the Apache configuration file created by “certbot”:
cp /etc/apache2/sites-available/000-default-le-ssl.conf /etc/apache2/sites-available/000-default-le-ssl.conf.old nano /etc/apache2/sites-available/000-default-le-ssl.conf
Insert these directives before the closing tag “</ VirtualHost>”:
[...] <Directory /var/www/html> AllowOverride All </Directory> <IfModule proxy_fcgi_module> # Enable http authorization headers <IfModule setenvif_module> SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 </IfModule> <FilesMatch ".+\.ph(ar|p|tml)$"> SetHandler "proxy:unix:/run/php/php7.2-fpm.sock|fcgi://localhost" </FilesMatch> <FilesMatch ".+\.phps$"> # Deny access to raw php sources by default # To re-enable it's recommended to enable access to the files # only in specific virtual host or directory Require all denied </FilesMatch> # Deny access to files without filename (e.g. '.php') <FilesMatch "^\.ph(ar|p|ps|tml)$"> Require all denied </FilesMatch> </IfModule> </VirtualHost> </IfModule>
systemctl restart apache2
We will then verify that PHP-FPM now handles PHP scripts. Create a file called “info.php” at the root of the main website:
Add the following code to the file and exit the editor:
<?php phpinfo(); ?>
Now point your web browser to “info.php” on your server and make sure PHP-FPM is active:
Then scroll down to the “Environment” section and check that PHP is running with as the “www-data” user:
Redis Server Activation
Redis is an in-memory data structure used as a database or a caching system for ultra fast access.
As NextCloud can host a large number of files, it’s crucial to use an application such as Redis to improve the performance.
Use these commands to enable and start the Redis server:
systemctl enable redis-server systemctl start redis-server
MySQL Activation and configuration
We’ll now proceed to the installation of MariaDB. Import the GPG key that will be used to validate the authenticity of the software packages:
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
Now add the APT repository for MariaDB:
add-apt-repository 'deb [arch=amd64] http://mirror.zol.co.zw/mariadb/repo/10.3/ubuntu bionic main'
apt -y install mariadb-server mariadb-client
During installation, you will be prompted to enter a password for the MariaDB server:
Once the installation is complete, modify the MariaDB configuration file:
[mysqld] section, add the following two lines:
[mysqld] ... transaction_isolation = READ-COMMITTED binlog_format = ROW ...
Start the MariaDB service and secure the server:
systemctl start mariadb mysql_secure_installation
Now answer the questions as follows:
Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have a root password set, so you can safely answer 'n'. Change the root password? [Y/n] n ... skipping. By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
Step #3: Installing ClamAV
ClamAV is a free antivirus. Type this command to install it:
apt install -y clamav clamav-daemon
Activate and then start the “clamav-daemon” service:
systemctl enable clamav-daemon systemctl start clamav-daemon
Step #4: Installing NextCloud
Now that the Ubuntu server is ready, we can proceed to install NextCloud. As a first step, connect to the MySQL server to create the database:
mysql -u root -p
Create the database:
MariaDB [(none)]> CREATE DATABASE nextcloud;
Set the access permissions:
MariaDB [(none)]> GRANT ALL ON nextcloud.* to 'nextcloud'@'localhost' IDENTIFIED BY 'enter_password_here'; MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> exit
By default, NextCloud stores user files in a subdirectory of the public directory “/var/www/html/data”). Although Apache restricts access to this directory, it’s best to use another location outside the public Web directory:
mkdir /var/nc_data chown -R www-data:www-data /var/nc_data
Now change the owner and permissions:
chown -R www-data:www-data /var/www/html chmod -R 0755 /var/www/html
Delete the “info.php” file created previously:
Download the NextCloud Setup Wizard:
cd /var/www/html sudo -u www-data wget https://download.nextcloud.com/server/installer/setup-nextcloud.php chmod 0755 setup-nextcloud.php
Then go to the installation script using your web browser and click on “Next”:
After verifying the server dependencies, specify the location where you want to install NextCloud. Enter a period to install NextCloud at the root of the site.
Once the installation is complete, click on “Next.” You will be prompted to choose a username and password for the administrator. Enter the data folder path created previously (/var/nc_data).
Select MySQL / MariaDB and enter the database information. Click on “Finish setup” when done.
Back to your SSH client, edit the NextCloud “.htaccess” file:
sudo -u www-data nano /var/www/html/.htaccess
At the very end of the file, insert these guidelines:
<IfModule mod_headers.c> Header set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" </IfModule>
Save the file and exit the editor. Now modify the main configuration file:
sudo -u www-data nano /var/www/html/config/config.php
Insert the parameters identified in red:
<?php $CONFIG = array ( 'instanceid' => 'ocohns1bm2ex', 'passwordsalt' => 'OY01SSFAKGTT+8m4eAkX7sEzT0sFm+', 'secret' => 'ZftslFtIB9Do+h1naFHLGzrHj4RT5oDbrBT45Ex9vmeC6uD3', 'trusted_domains' => array ( 0 => 'cloud.webhostinghero.net', ), 'datadirectory' => '/var/nc_data', 'dbtype' => 'mysql', 'version' => '184.108.40.206', 'overwrite.cli.url' => 'https://cloud.webhostinghero.net', 'dbname' => 'nextcloud', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => 'db_password_here', 'installed' => true, 'memcache.local' => '\OC\Memcache\APCu', 'memcache.distributed' => '\OC\Memcache\Redis', 'redis' => [ 'host' => '127.0.0.1', 'port' => 6379, ], ); ?>
Access NextCloud using your web browser and click on “Settings” from the user menu:
Then click on “Overview” in the left column and make sure there are no warnings:
Step # 5: Adding a Cron job
To automate the NextCloud maintenance, add a “cron” job for the “www-data” user account:
crontab -u www-data -e
Add this line to the end of the file, followed by a carriage return:
*/15 * * * * /usr/bin/php -f /var/www/html/nextcloud/cron.php
Save the file and exit the editor. Back to NextCloud, click on “Basic Settings” in the left column and select “Cron” in the “Background jobs” section:
Step # 6: Integrating ClamAV
To integrate the ClamAV antivirus, you need to download it. From the user menu, click on “Apps.” Search for “Antivirus for files”:
Step # 7: Adding a NextCloud User
Adding a user is quite simple. Click on “Users” from the user menu and then on the “New user” button:
Enter the new user information, and that’s it! A welcome email will be sent to the user.
After testing ownCloud on CentOS 7 and NextCloud on Ubuntu 18.04, it’s easy to see that NextCloud has much more to offer than ownCloud. Its interface is more refined and intuitive. Also, installing a LAMP stack (Linux, Apache, MySQL, and PHP) on Ubuntu requires less configuration, and therefore less time, than on a CentOS server.
In return, ownCloud on CentOS requires fewer resources. Indeed, it is possible to install ownCloud and ClamAV on a CentOS 7.6 server with only 2GB of RAM. The web interface is also faster and lighter than that of NextCloud.