This post shows students and new users steps to install and configure Nextcloud on Ubuntu Linux with Nginx and Let’s Encrypt free SSL certificate.
Nextcloud is a truly open source, self-hosted file sync and file share platform similar to Dropbox, OneDrive, and other proprietary online storage services. It is a fork of Nextcloud and 100% open source.
With the Nextcloud app which can be installed on mobile and desktops, you can access & sync your files, contacts, and data across all devices and platforms.
If you’re looking for a true self-hosted file share and sync platform, then Nextcloud should be a good place to start. We’ll show you how to install and configure Nextcloud on your Ubuntu server with a link to the Let’s Encrypt SSL post.
Also, for students and new users learning Linux, Ubuntu Linux is the easiest place to start learning. Ubuntu is the modern, open-source Linux operating system for desktops, servers and other devices.
To get started with installing and configuring Nextcloud on Ubuntu Linux, follow the steps below.
How to install Nginx on Ubuntu Linux
As mentioned above, we’re going to be using the Nginx web server to run Nextcloud. Nextcloud requires a web server to function, and Nginx is the most popular open-source web server available today.
To install Nginx on Ubuntu, run the commands below:
sudo apt update sudo apt install nginx
After installing Nginx, the commands below can stop, start and enable Nginx services to start up every time your server starts up.
sudo systemctl stop nginx.service sudo systemctl start nginx.service sudo systemctl enable nginx.service
To test whether Nginx is installed and functioning, open your web browser and browse to the server’s IP address or hostname.
http://localhost
If you see the above page in your browser, then Nginx is working as expected.
How to install MariaDB on Ubuntu Linux
A database server is required for Nextcloud to function. Nextcloud stores its content in a database, and MariaDB is probably the best database server available to run Nextcloud.
MariaDB is fast, secure and the default server for almost all Linux servers. To install MariaDB, run the commands below:
sudo apt install mariadb-server sudo apt install mariadb-client
After installing MariaDB, the commands below can stop, start and enable MariaDB services to start up when the server boots.
sudo systemctl stop mariadb.service sudo systemctl start mariadb.service sudo systemctl enable mariadb.service
Next, run the commands below to secure the database server with a root password if you were not prompted to do so during the installation.
sudo mysql_secure_installation
When prompted, use the guide below to answer:
If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): PRESS ENTER Switch to unix_socket authentication [Y/n] n Change the root password? [Y/n] n Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] y Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y All done!
To verify and validate that MariaDB is installed and working, log in to the database console using the commands below:
sudo mysql -u root -p
You should automatically be logged in to the database server since we initiated the login request as root. Only the root can log in without a password and from the server console.
The server was successfully installed if you see a similar screen as shown above.
How to install PHP on Ubuntu Linux
Also, PHP is required to run Nextcloud. PHP packages are added to Ubuntu repositories. The versions of the repositories might not be the latest. If you need to install the latest versions, you’ll need to add a third-party PPA repository.
Run the commands below to a third-party repository with the latest versions of PHP.
sudo apt-get install software-properties-common sudo add-apt-repository ppa:ondrej/php
At the time of this writing, the latest PHP version is 8.0.
sudo apt update
Next, run the commands below to install PHP 8.0 and related modules.
sudo apt install php7.4-fpm php7.4-imagick php7.4-common php7.4-mysql php7.4-gmp php7.4-imap php7.4-json php7.4-pgsql php7.4-ssh2 php7.4-sqlite3 php7.4-ldap php7.4-curl php7.4-intl php7.4-mbstring php7.4-xmlrpc php7.4-gd php7.4-xml php7.4-cli php7.4-zip
Next, you’ll want to change some great PHP configuration settings with Nextcloud. Run the commands below to open the PHP default configuration file.
sudo nano /etc/php/7.4/fpm/php.ini
Then change the line settings to be something like the lines below. Save your changes and exit.
file_uploads = On allow_url_fopen = On short_open_tag = On memory_limit = 256M upload_max_filesize = 100M max_execution_time = 360 date.timezone = America/Chicago
How to create a Nextcloud database on Ubuntu
At this point, we’re ready to create the Nextcloud database. As mentioned above, Nextcloud uses databases to store its content.
To create a database for Nextcloud, run the commands below:
sudo mysql -u root -p
Then create a database called nextcloud
CREATE DATABASE nextcloud;
Next, create a database user called nextclouduser and set a password
CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'new_password_here';
Then grant the user full access to the database.
GRANT ALL ON nextcloud.* TO 'nextclouduser'@'localhost' WITH GRANT OPTION;
Finally, save your changes and exit.
FLUSH PRIVILEGES; EXIT;
How to download Nextcloud on Ubuntu
We’re ready to download Nextcloud and begin configuring it. First, run the commands below to download the latest version of Nextcloud from its repository.
Next, extract the downloaded content into the Nginx root directory. This will create a folder called nextcloud.
wget https://download.nextcloud.com/server/releases/nextcloud-22.2.0.zip -P /tmp sudo unzip /tmp/nextcloud-22.2.0.zip -d /var/www
Then run the command below to allow the www-data user to own the new Nextcloud directory.
sudo chown -R www-data:www-data /var/www/nextcloud/ sudo chmod -R 755 /var/www/nextcloud/
How to configure Nginx for Nextcloud
We have downloaded Nextcloud content into a new folder we called Nextcloud. Now, let’s configure Nginx to create a new server block to use with our Nextcloud website. You can create as many server blocks with Nginx.
To do that, run the commands below to create a new configuration file called nextcloud.conf in the /etc/nginx/sites-available/ directory to host our Nextcloud server block.
sudo nano /etc/nginx/sites-available/nextcloud.conf
In the file, copy and paste the content below into the file and save.
upstream php-handler {
server unix:/var/run/php/php7.4-fpm.sock;
}
server {
listen 80;
listen [::]:80;
root /var/www;
index index.php index.html index.htm;
server_name example.com;
location ^~ /nextcloud {
client_max_body_size 512M;
fastcgi_buffers 8 4K;
fastcgi_ignore_headers X-Accel-Buffering;
gzip off;
error_page 403 /nextcloud/core/templates/403.php;
error_page 404 /nextcloud/core/templates/404.php;
location /nextcloud {
rewrite ^ /nextcloud/index.php$uri;
}
location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|changelog|data)/ {
return 404;
}
location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console|core/skeleton/) {
return 404;
}
location ~ ^/nextcloud/core/signature\.json {
return 404;
}
location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[sm]-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_read_timeout 180;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/nextcloud/(?:updater|oc[sm]-provider)(?:$|/) {
try_files $uri $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ /nextcloud/.*\.(?:css|js) {
try_files $uri /nextcloud/index.php$uri$is_args$args;
add_header Cache-Control "max-age=15778463" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Robots-Tag "none" always;
add_header X-Download-Options "noopen" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
access_log off;
}
location ~ /nextcloud/.*\.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map|json) {
try_files $uri /nextcloud/index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200" always;
access_log off;
}
}
}
Save the file and exit.
After saving the file above, run the commands below to enable the new file that contains our Nextcloud server block and other important Nginx modules.
Restart Nginx after that.
sudo ln -s /etc/nginx/sites-available/nextcloud.conf /etc/nginx/sites-enabled/
Reload Nginx when the configuration above.
sudo systemctl restart nginx.service
Now that Nextcloud is downloaded, and the necessary services are configured open your browser and start the Nextcloud installation by visiting your server’s domain name or IP address followed by /nextcloud :
http://example.com/nextcloud
However, we want to make sure our server is protected with Let’s Encrypt free SSL certificates. So, continue below to learn how to generate a Let’s Encrypt SSL certificate for websites.
How to setup Let’s Encrypt for Nextcloud
We have written a great post on generating and managing Let’s Encrypt SSL certificates for the Nginx web servers. You can use that post, to apply it here for your Nextcloud website.
To read the post on how to generate Let’s Encrypt SSL certificates for a website, click on the link below:
How to Setup Let’s Encrypt on Ubuntu Linux with Nginx
If you successfully generate a Let’s Encrypt SSL certificate, you should reopen the server block for our Nextcloud website by running the commands below.
sudo nano /etc/nginx/sites-available/nextcloud.conf
The new Nextcloud server block configurations should look similar to the line below. Take notes of the highlighted lines.
- The first server block listens on port 80. It contains a 301 redirect to redirect HTTP to HTTPS.
- The second server block listens on port 443. It contains a 301 redirect to redirect www to the non-www domain.
upstream php-handler {
server unix:/var/run/php/php7.4-fpm.sock;
}
server {
listen 80;
listen [::]:80;
root /var/www;
index index.php index.html index.htm;
server_name example.com www.example.com;
include snippets/well-known.conf;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www;
index index.php index.html index.htm;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
include snippets/well-known.conf;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www;
index index.php index.html index.htm;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 30s;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
return 301 https://$server_name:443$request_uri;
}
location ^~ /nextcloud {
client_max_body_size 512M;
fastcgi_buffers 8 4K;
fastcgi_ignore_headers X-Accel-Buffering;
gzip off;
error_page 403 /nextcloud/core/templates/403.php;
error_page 404 /nextcloud/core/templates/404.php;
location /nextcloud {
rewrite ^ /nextcloud/index.php$uri;
}
location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|changelog|data)/ {
return 404;
}
location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console|core/skeleton/) {
return 404;
}
location ~ ^/nextcloud/core/signature\.json {
return 404;
}
location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[sm]-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_read_timeout 180;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/nextcloud/(?:updater|oc[sm]-provider)(?:$|/) {
try_files $uri $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ /nextcloud/.*\.(?:css|js) {
try_files $uri /nextcloud/index.php$uri$is_args$args;
add_header Cache-Control "max-age=15778463" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Robots-Tag "none" always;
add_header X-Download-Options "noopen" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
access_log off;
}
location ~ /nextcloud/.*\.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map|json) {
try_files $uri /nextcloud/index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200" always;
access_log off;
}
}
}
Save the file above, then restart Nginx and PHP using the commands below.
sudo systemctl reload nginx
Finally, if everything went as planned, you should be able to start the Nextcloud setup wizard by browsing to the server hostname or IP address over HTTPS.
https://example.com/nextcloud
A Nextcloud setup wizard should appear. Follow the wizard to complete the setup.
- Create an admin account and password
- leave Data folder default
- Select MySQL/MariaDB
- Enter the database username
- Enter the database user password
- Enter the database name
- Leave database host as the local host if Nextcloud and the database server are on the same host.
Click Finish setup
Wait for the setup to complete. Then log in and begin configuring your environment.
That should do it!
Conclusion:
This post showed you how to set up Nextcloud on Ubuntu Linux with Nginx and Let’s Encrypt. Please use the comment form below if you find any errors above or have something to add.
