Nextcloud Installation and Configuration

Nextcloud is a self-hosted cloud storage and collaboration platform that gives you complete control over your data. Unlike commercial cloud services, Nextcloud allows organizations and individuals to maintain complete data ownership and privacy. This comprehensive guide covers installation on Linux with PHP, database configuration, Nginx web server setup, SSL encryption, storage configuration, and app installation for file synchronization, calendars, and contacts.

Table of Contents

• Prerequisites
• System Requirements
• Web Server Installation
• PHP Configuration
• Database Setup
• Nextcloud Installation
• Web Server Configuration
• SSL Certificate Configuration
• Storage Configuration
• App Installation
• Security Hardening
• Backup and Maintenance
• Conclusion

Prerequisites

Ensure you have:

• Ubuntu 20.04 LTS or later
• Root or sudo access
• A registered domain name
• Minimum 4GB RAM
• 50GB disk space (plus additional for file storage)
• Basic Linux administration skills

Update system:

sudo apt update && sudo apt upgrade -y

System Requirements

Verify your server meets Nextcloud requirements:

Check system architecture:

lsb_release -a
uname -m

Verify RAM:

free -h

Check available storage:

df -h

Web Server Installation

Install Nginx as the web server for better performance:

sudo apt install -y nginx

Start and enable Nginx:

sudo systemctl start nginx
sudo systemctl enable nginx

Verify Nginx is running:

sudo systemctl status nginx

PHP Configuration

Install PHP and required extensions:

sudo apt install -y php-fpm php-cli php-common php-mysql php-pgsql php-pdo php-gd php-curl php-json php-mbstring php-xml php-zip php-intl php-bcmath php-imagick php-redis php-smbclient php-ldap

Check PHP version:

php --version

Verify extensions:

php -m

Configure PHP-FPM for Nextcloud:

sudo nano /etc/php/8.0/fpm/php.ini

Update critical settings:

memory_limit = 512M
max_execution_time = 300
upload_max_filesize = 500M
post_max_size = 500M
default_phone_number_prefix = "+1"
date.timezone = UTC

Configure PHP-FPM pool:

sudo nano /etc/php/8.0/fpm/pool.d/www.conf

Update settings:

pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.process_idle_timeout = 10s

Restart PHP-FPM:

sudo systemctl restart php8.0-fpm

Database Setup

Install MariaDB:

sudo apt install -y mariadb-server mariadb-client

Start and secure database:

sudo systemctl start mariadb
sudo systemctl enable mariadb
sudo mysql_secure_installation

Create Nextcloud database:

sudo mysql -u root -p << EOF
CREATE DATABASE nextcloud;
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'SecurePass123!';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
FLUSH PRIVILEGES;
EXIT;
EOF

Alternatively, use PostgreSQL:

sudo apt install -y postgresql postgresql-contrib
sudo systemctl start postgresql
sudo systemctl enable postgresql

Create PostgreSQL database:

sudo -u postgres psql << EOF
CREATE DATABASE nextcloud;
CREATE USER nextcloud WITH PASSWORD 'SecurePass123!';
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
\q
EOF

Nextcloud Installation

Create installation directory:

sudo mkdir -p /var/www/nextcloud
sudo chown www-data:www-data /var/www/nextcloud
cd /var/www/nextcloud

Download Nextcloud:

cd /tmp
wget https://download.nextcloud.com/server/releases/latest-26.tar.bz2
tar -xjf latest-26.tar.bz2
sudo cp -r nextcloud/* /var/www/nextcloud/

Set correct permissions:

sudo chown -R www-data:www-data /var/www/nextcloud
sudo find /var/www/nextcloud -type f -exec chmod 640 {} \;
sudo find /var/www/nextcloud -type d -exec chmod 750 {} \;

Create data directory outside web root:

sudo mkdir -p /var/www/nextcloud_data
sudo chown -R www-data:www-data /var/www/nextcloud_data
sudo chmod 700 /var/www/nextcloud_data

Web Server Configuration

Create Nginx configuration:

sudo nano /etc/nginx/sites-available/nextcloud.conf

Add configuration:

upstream php-handler {
    server unix:/var/run/php/php8.0-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com www.example.com;
    
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    root /var/www/nextcloud;
    index index.html index.php;

    client_max_body_size 512M;
    client_body_buffer_size 128k;
    fastcgi_buffers 64 4k;

    location / {
        rewrite ^ /index.php$request_uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|autotest|occ|issue|indie|db_|console).php(?:$|/) {
        return 404;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater|ocs-provider|\.well-known)\.php(?:$|/) {
        fastcgi_pass php-handler;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ \.php(?:$|/) {
        return 404;
    }

    location ~ ^/(?:updater|vendor)(?:$|/) {
        return 404;
    }

    location ~ /\.(?!well-known) {
        deny all;
    }
}

Enable the configuration:

sudo ln -s /etc/nginx/sites-available/nextcloud.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

SSL Certificate Configuration

Install Certbot:

sudo apt install -y certbot python3-certbot-nginx

Obtain SSL certificate:

sudo certbot certonly --nginx -d example.com -d www.example.com

The Nginx configuration already references these certificates. Test the setup:

sudo openssl x509 -in /etc/letsencrypt/live/example.com/fullchain.pem -noout -dates

Set up auto-renewal:

sudo systemctl enable certbot.timer
sudo systemctl start certbot.timer

Storage Configuration

Access Nextcloud admin interface:

Navigate to https://example.com in your browser and complete the setup wizard with:

• Admin username
• Admin password
• Database: MariaDB/MySQL
• Database name: nextcloud
• Database user: nextcloud
• Database password: SecurePass123!

Configure additional storage directory:

1. Login to admin panel
2. Settings → Administration → System
3. Configure file storage location to /var/www/nextcloud_data

Enable external storage:

1. Settings → Administration → External Storage
2. Add SMB/CIFS, WebDAV, or other storage backends

App Installation

Install essential apps through the admin panel:

1. Calendar and Contacts App
2. Collaborative Documents (Collabora Online integration)
3. Talk (communication platform)
4. Notes

Install via command line:

sudo -u www-data php /var/www/nextcloud/occ app:install calendar
sudo -u www-data php /var/www/nextcloud/occ app:install contacts
sudo -u www-data php /var/www/nextcloud/occ app:install tasks
sudo -u www-data php /var/www/nextcloud/occ app:install notes

Enable apps:

sudo -u www-data php /var/www/nextcloud/occ app:enable calendar
sudo -u www-data php /var/www/nextcloud/occ app:enable contacts

List all installed apps:

sudo -u www-data php /var/www/nextcloud/occ app:list

Security Hardening

Configure trusted proxies if behind a reverse proxy:

sudo nano /var/www/nextcloud/config/config.php

Add:

'trusted_proxies' => ['127.0.0.1', '::1'],
'overwritehost' => 'example.com',
'overwriteprotocol' => 'https',

Disable unnecessary services:

sudo -u www-data php /var/www/nextcloud/occ app:disable sharebymail

Enable brute-force protection:

1. Settings → Administration → Security
2. Enable "Brute-force protection"

Configure rate limiting in Nginx:

sudo nano /etc/nginx/sites-available/nextcloud.conf

Add to server block:

limit_req_zone $binary_remote_addr zone=general:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;

location /login {
    limit_req zone=login burst=10;
}

location / {
    limit_req zone=general burst=20;
}

Backup and Maintenance

Create backup script:

sudo nano /usr/local/bin/nextcloud-backup.sh

Add:

#!/bin/bash

BACKUP_DIR="/backups/nextcloud"
NEXTCLOUD_DIR="/var/www/nextcloud"
DATA_DIR="/var/www/nextcloud_data"
DATE=$(date +%Y%m%d_%H%M%S)

mkdir -p $BACKUP_DIR

# Place Nextcloud in maintenance mode
sudo -u www-data php $NEXTCLOUD_DIR/occ maintenance:mode --on

# Database backup
mysqldump -u nextcloud -p'SecurePass123!' nextcloud | gzip > "$BACKUP_DIR/nextcloud-db-$DATE.sql.gz"

# Files backup
tar -czf "$BACKUP_DIR/nextcloud-config-$DATE.tar.gz" "$NEXTCLOUD_DIR/config"
tar -czf "$BACKUP_DIR/nextcloud-data-$DATE.tar.gz" "$DATA_DIR"

# Disable maintenance mode
sudo -u www-data php $NEXTCLOUD_DIR/occ maintenance:mode --off

# Keep only 30 days of backups
find $BACKUP_DIR -type f -mtime +30 -delete

echo "Backup completed: $DATE"

Make executable:

sudo chmod +x /usr/local/bin/nextcloud-backup.sh

Schedule backups:

sudo crontab -e

Add:

0 3 * * * /usr/local/bin/nextcloud-backup.sh >> /var/log/nextcloud-backup.log 2>&1

Update Nextcloud:

sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
sudo -u www-data php /var/www/nextcloud/occ upgrade
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off

Conclusion

Nextcloud is now fully configured as a self-hosted cloud storage and collaboration platform. With proper security hardening, regular backups, and app installation, you have a feature-rich alternative to commercial cloud services. Maintain regular updates, monitor storage usage, and configure automatic backups to ensure data integrity and availability. Nextcloud empowers you to maintain complete control over your digital workspace.