How to Install NextCloud on Ubuntu Server 19.04/18.10/18.04

Posted on

NextCloud is a client-server software suite for storing and sharing files, which works similarly to DropBox and Google Drive. However, NextCloud is free, as long as you provide the web server and storage space.

Trunked from the ownCloud project years ago, NextCloud now offers a better catalog of applications than its ancestor. NextCloud also provides more features than ownCloud.

In this tutorial, we’ll see how to deploy an Ubuntu server to install NextCloud.

Step # 1: Creating a DigitalOcean Droplet

To host your NextCloud platform, I recommend you try a Droplet from DigitalOcean. A Droplet is a DigitalOcean cloud server instance, and charges are per minute. Use this link to get a $ 50 US credit to try DigitalOcean; you have nothing to lose.

DigitalOcean lets you deploy a fully configured, ready-to-use LAMP server (Linux, Apache, MariaDB, and PHP). However, we will manually install the LAMP stack on Ubuntu 18.04 to understand the workings.

To create a new cloud server, click “Create” from the DigitalOcean control panel:

digitalocean create droplet

Then select the Ubuntu 18.04 x64 operating system. Note that versions 18.10 and 19.04 are equally valid. However, these are not LTS (Long Term Support) versions.

As for the resources allocated to the cloud server, I concluded that a minimum of 3GB of RAM is needed to host NextCloud with ClamAV antivirus. With only 2GB of RAM, the ClamAV service could not boot, and NextCloud was very slow.

digitalocean ubuntu droplet

Then specify the desired location for your Droplet:

choose droplet location

Enter the hostname for your new server:

digitalocean droplet hostname

Then click on “Create” to initiate the Droplet creation. Once the Droplet is active, note down its IP address:

droplet ip address

Add this IP address to your domain’s DNS records:

add ip address to dns records

In the meantime, check your email box. You will find a DigitalOcean email containing the “root” password of your Droplet.

Step # 2: Installing Apache, PHP 7.2, and MariaDB

Log in to your server as “root” using an SSH client. Perform a full OS and application update:

apt update -y && apt upgrade -y

Disable AppArmor:

service apparmor stop
update-rc.d -f apparmor remove 
apt-get remove apparmor apparmor-utils

Then install the required software packages:

apt-get -y install apache2 apache2-doc apache2-utils libapache2-mod-php php7.2 php7.2-common php7.2-gd php7.2-mysql php7.2-imap php7.2-cli php7.2-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear mcrypt imagemagick libruby libapache2-mod-python php7.2-curl php7.2-intl php7.2-pspell php7.2-recode php7.2-sqlite3 php7.2-tidy php7.2-xmlrpc php7.2-xsl memcached php-memcache php-imagick php-gettext php7.2-zip php7.2-mbstring php-redis php-soap php7.2-soap php7.2-opcache php-apcu php7.2-fpm certbot software-properties-common redis-server php-redis

Enable the necessary Apache modules:

a2enmod suexec rewrite ssl actions include cgi dav_fs dav auth_digest headers proxy_fcgi alias

Create a new Apache configuration file:

nano /etc/apache2/conf-available/httpoxy.conf

Insert the directives to prevent HTTPOXY attacks:

<IfModule mod_headers.c>
RequestHeader unset Proxy early

Save the file and exit the editor. Activate the new configuration:

a2enconf httpoxy

Check if the “ufw” firewall is active using this command:

ufw status

If the firewall is active, add a rule allowing access to ports 80 and 443:

ufw allow 'Apache Full'
ufw delete allow 'Apache'

Restart the Apache service:

systemctl restart apache2

Generating a Let’s Encrypt SSL Certificate

Let’s Encrypt is a nonprofit certification authority that provides free SSL certificates. To create a Let’s Encrypt certificate, add the “certbot” repository:

add-apt-repository ppa:certbot/certbot

Install the “certbot” package for Apache:

apt install python-certbot-apache

Now use “certbot” to generate an SSL certificate creation request:

certbot --apache -d

Enter your email address:

ubuntu lets encrypt certbot

Accept the terms of use and specify whether you allow Let’s Encrypt to send you their newsletter.

Finally, “certbot” offers to configure Apache to redirect all traffic “HTTP” to “https.” Select option # 2 to apply this choice:

ubuntu certbot letsencrypt redirect to https

Restart Apache:

systemctl restart apache2

Configuring PHP-FPM

By default, Apache uses the FastCGI module to manage PHP processes. However, we will use PHP-FPM (PHP FastCGI Process Manager) because it’s more efficient.

Activate the PHP-FPM module for Apache:

a2enconf php7.2-fpm

PHP-FPM uses FastCGI “pools” to handle PHP runtime requests. Edit the default pool configuration file:

nano /etc/php/7.2/fpm/pool.d/www.conf

At the very end of the file, change the memory limit for this PHP-FPM pool:

php_admin_value[memory_limit] = 512M

Enable and start the PHP-FPM service:

systemctl enable php7.2-fpm
systemctl start php7.2-fpm

Modify the Apache configuration file created by “certbot”:

cp /etc/apache2/sites-available/000-default-le-ssl.conf /etc/apache2/sites-available/000-default-le-ssl.conf.old
nano /etc/apache2/sites-available/000-default-le-ssl.conf

Insert these directives before the closing tag “</ VirtualHost>”:


<Directory /var/www/html>
        AllowOverride All
<IfModule proxy_fcgi_module> 
   # Enable http authorization headers 
   <IfModule setenvif_module> 
   SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 
   <FilesMatch ".+\.ph(ar|p|tml)$"> 
       SetHandler "proxy:unix:/run/php/php7.2-fpm.sock|fcgi://localhost" 
   <FilesMatch ".+\.phps$"> 
       # Deny access to raw php sources by default 
       # To re-enable it's recommended to enable access to the files 
       # only in specific virtual host or directory 
       Require all denied 
   # Deny access to files without filename (e.g. '.php') 
   <FilesMatch "^\.ph(ar|p|ps|tml)$"> 
       Require all denied 


Restart Apache:

systemctl restart apache2

We will then verify that PHP-FPM now handles PHP scripts. Create a file called “info.php” at the root of the main website:

nano /var/www/html/info.php

Add the following code to the file and exit the editor:

<?php phpinfo(); ?>

Now point your web browser to “info.php” on your server and make sure PHP-FPM is active:

ubuntu apache php-fpm enabled

Then scroll down to the “Environment” section and check that PHP is running with as the “www-data” user:

ubuntu phpinfo www-data user

Redis Server Activation

Redis is an in-memory data structure used as a database or a caching system for ultra fast access.

As NextCloud can host a large number of files, it’s crucial to use an application such as Redis to improve the performance.

Use these commands to enable and start the Redis server:

systemctl enable redis-server
systemctl start redis-server

MySQL Activation and configuration

We’ll now proceed to the installation of MariaDB. Import the GPG key that will be used to validate the authenticity of the software packages:

apt-key adv --recv-keys --keyserver hkp:// 0xF1656F24C74CD1D8

Now add the APT repository for MariaDB:

add-apt-repository 'deb [arch=amd64] bionic main'

Install MariaDB:

apt -y install mariadb-server mariadb-client

During installation, you will be prompted to enter a password for the MariaDB server:

ubuntu mariadb server installation password

Once the installation is complete, modify the MariaDB configuration file:

nano /etc/mysql/mariadb.conf.d/50-server.cnf

Under the [mysqld] section, add the following two lines:

transaction_isolation = READ-COMMITTED
binlog_format = ROW

Start the MariaDB service and secure the server:

systemctl start mariadb

Now answer the questions as follows:

Enter current password for root (enter for none):  
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Step #3: Installing ClamAV

ClamAV is a free antivirus. Type this command to install it:

apt install -y clamav clamav-daemon

Activate and then start the “clamav-daemon” service:

systemctl enable clamav-daemon
systemctl start clamav-daemon

Step #4: Installing NextCloud

Now that the Ubuntu server is ready, we can proceed to install NextCloud. As a first step, connect to the MySQL server to create the database:

mysql -u root -p

Create the database:

MariaDB [(none)]> CREATE DATABASE nextcloud;

Set the access permissions:

MariaDB [(none)]> GRANT ALL ON nextcloud.* to 'nextcloud'@'localhost' IDENTIFIED BY 'enter_password_here';
MariaDB [(none)]> exit

By default, NextCloud stores user files in a subdirectory of the public directory “/var/www/html/data”). Although Apache restricts access to this directory, it’s best to use another location outside the public Web directory:

mkdir /var/nc_data
chown -R www-data:www-data /var/nc_data

Now change the owner and permissions:

chown -R www-data:www-data /var/www/html
chmod -R 0755 /var/www/html

Delete the “info.php” file created previously:

rm /var/www/html/info.php

Download the NextCloud Setup Wizard:

cd /var/www/html
sudo -u www-data wget
chmod 0755 setup-nextcloud.php

Then go to the installation script using your web browser and click on “Next”:

nextcloud installation wizard

After verifying the server dependencies, specify the location where you want to install NextCloud. Enter a period to install NextCloud at the root of the site.

nextcloud installation directory

Once the installation is complete, click on “Next.” You will be prompted to choose a username and password for the administrator. Enter the data folder path created previously (/var/nc_data).

nextcloud storage and mysql setup

Select MySQL / MariaDB and enter the database information. Click on “Finish setup” when done.

Back to your SSH client, edit the NextCloud “.htaccess” file:

sudo -u www-data nano /var/www/html/.htaccess

At the very end of the file, insert these guidelines:

<IfModule mod_headers.c>  
Header set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"  

Save the file and exit the editor. Now modify the main configuration file:

sudo -u www-data nano /var/www/html/config/config.php

Insert the parameters identified in red:

$CONFIG = array ( 
 'instanceid' => 'ocohns1bm2ex', 
 'passwordsalt' => 'OY01SSFAKGTT+8m4eAkX7sEzT0sFm+', 
 'secret' => 'ZftslFtIB9Do+h1naFHLGzrHj4RT5oDbrBT45Ex9vmeC6uD3', 
 'trusted_domains' =>  
 array ( 
   0 => '', 
 'datadirectory' => '/var/nc_data', 
 'dbtype' => 'mysql', 
 'version' => '', 
 'overwrite.cli.url' => '', 
 'dbname' => 'nextcloud', 
 'dbhost' => 'localhost', 
 'dbport' => '', 
 'dbtableprefix' => 'oc_', 
 'mysql.utf8mb4' => true, 
 'dbuser' => 'nextcloud', 
 'dbpassword' => 'db_password_here', 
 'installed' => true, 
 'memcache.local' => '\OC\Memcache\APCu', 
 'memcache.distributed' => '\OC\Memcache\Redis', 
 'redis' => [ 
   'host' => '', 
   'port' => 6379, 

Access NextCloud using your web browser and click on “Settings” from the user menu:

nextcloud settings

Then click on “Overview” in the left column and make sure there are no warnings:

nextcloud settings overview security setup warnings

Step # 5: Adding a Cron job

To automate the NextCloud maintenance, add a “cron” job for the “www-data” user account:

crontab -u www-data -e

Add this line to the end of the file, followed by a carriage return:

*/15 * * * * /usr/bin/php -f /var/www/html/nextcloud/cron.php

Save the file and exit the editor. Back to NextCloud, click on “Basic Settings” in the left column and select “Cron” in the “Background jobs” section:

nextcloud cron job

Step # 6: Integrating ClamAV

To integrate the ClamAV antivirus, you need to download it. From the user menu, click on “Apps.” Search for “Antivirus for files”:

nextcloud app antivirus clamav

Step # 7: Adding a NextCloud User

Adding a user is quite simple. Click on “Users” from the user menu and then on the “New user” button:

nextcloud add new user

Enter the new user information, and that’s it! A welcome email will be sent to the user.


After testing ownCloud on CentOS 7 and NextCloud on Ubuntu 18.04, it’s easy to see that NextCloud has much more to offer than ownCloud. Its interface is more refined and intuitive. Also, installing a LAMP stack (Linux, Apache, MySQL, and PHP) on Ubuntu requires less configuration, and therefore less time, than on a CentOS server.

In return, ownCloud on CentOS requires fewer resources. Indeed, it is possible to install ownCloud and ClamAV on a CentOS 7.6 server with only 2GB of RAM. The web interface is also faster and lighter than that of NextCloud.

Leave a Reply

Your email address will not be published. Required fields are marked *