How to install and Configure NextCloud 15 on Ubuntu 18.04 Server
CHUONG K. NGUYEN – BSc., MCSEx2, MCSAx2, MCP, MCTS, MCITP, CCNA
In this lab we will download, install and configure NextCloud 15 on Ubuntu 18.04 server. At the end, we will secure the site by employing an SSL certificate for it as well as performing some customization necessary to showcase our newly deployed file repository. The lab contains the following parts.
A/ Install Linux OS
B/ Preparation
C/ Install and configure NextCloud
D/ Optimizing NextCloud
E/ Securing NextCloud
F/ Customizing NextCloud
Details Implementation
A/ Install Ubuntu 18.04 OS
Insert the Ubuntu 18.04 DVD into the drive and boot up the server. Choose to boot from this media.
Choose English as language.
Choose English (US) keyboard.
Choose Install Ubuntu.
At the interface screen confirm that you have a DHCP IP address, hit Done.
At Proxy Address, leave it blank.
Leave mirror address blank.
Choose to use entire disk.
Confirm the selected disk.
Choose to confirm that everything on the disk will be erased (irreversible).
Fill in Your name, server name: mycloud
Enter root user name for the operating system (later we will SSH into the server using this user name): user
Password: ********
Confirm password: ********
Choose to install OpenSSH server.
Do not choose any server snaps. Hit Done.
When installation is done, hit Reboot Now.
After reboot, log into the server and type the following commands
# sudo su
# ifconfig
Note the IP address of the server. This is a DHCP address.
Since this is a fixed server, we should change this IP address to a static one. This is done by changing the 50-cloud.init.yaml file under the netplan directory.
vi /etc/netplan/50-cloud-init.yaml
This is what I see in the file:
Now edit this file to assign the server the IP address of 192.168.1.15, subnet mask of /24, gateway of 192.168.1.1. DNS servers are 8.8.8.8 and 4.2.2.2.
Change it to be like this
When done, Press ESC, then :x to save and exit vi editor. Issue the command
# netplan apply
This is to apply the new IP address change. Type ifconfig to verify the new IP address:
On a computer in the same LAN, we can now SSH into the server as SSH server is listening on port 22.
B/ Preparation – Install Apache and PHP, and MySQL
We will need to install and configure Apache, PHP, and MySQL as follows:
# apt-get install apache2 php7.2 bzip2 # apt-get install libapache2-mod-php php-gd php-json php-mysql php-curl php-mbstring # apt-get install php-intl php-imagick php-xml php-zip # apt-get install mysql-server php-mysql
Since MySQL is installed with a default blank password, we need to reset it to a more secure one.
Type:
# mysql -uroot -p
Enter a blank password to log in. Type:
use mysql;
SET PASSWORD FOR 'root'@'localhost' = PASSWORD("NewPasswordHere");
flush privileges;
quit
Database creation
Next we will create a new database for NextCloud called nextcloud, a new database user, and grant the user with permissions to the database.
# mysql -u root -p
CREATE DATABASE nextcloud; CREATE USER 'nextcloud_user'@'localhost' IDENTIFIED BY 'PasswordHere'; GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud_user'@'localhost'; FLUSH PRIVILEGES; quit
Download and extract NextCloud package
# cd /var/www # wget https://download.nextcloud.com/server/releases/latest-15.tar.bz2 -O nc.tar.bz2 # tar -xvjf nc.tar.bz2 # chown -R www-data:www-data nextcloud # rm nc.tar.bz2
Modify NextCloud Configuration file
# vi /etc/apache2/sites-available/nextcloud.conf
Enter the following contents inside this file:
Alias /nextcloud "/var/www/nextcloud/" <Directory /var/www/nextcloud/> Options +FollowSymlinks AllowOverride All <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /var/www/nextcloud SetEnv HTTP_HOME /var/www/nextcloud </Directory>
Now let’s enable the new site:
# a2ensite nextcloud # a2enmod rewrite headers env dir mime # systemctl restart apache2
Check firewall
Type:
# ufw status
If the status is inactive, you do not need to do anything. If the status is active, we need to add the firewall rules to allow HTTP and HTTPS for accessing the site by adding the two commands below:
# ufw allow http # ufw allow https
C/ Install NextCloud
On a computer in the same LAN, access this URL:
http://192.168.1.15/nextcloud
Make up a user name and password for NextCloud admin.
Specify database, user name, and password (this is the password for the nextcloud_user account). Click Finish Setup when done.
Afer a minute or so, the NextCloud main page appears.
D/ Optimizing NextCloud
We will install and configure php-opcache and Redis to enhance the speed of NextCloud. First, we will install and configure php-opcache.
# apt-get install php-opcache
To configure php-opcache, edit the file as follows:
; configuration for php opcache module ; priority=10 zend_extension=opcache.so opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1
Save the file and restart apache2:
# systemctl restart apache2
Make sure to access the site to verify that it is still accessible.
Install and configure Redis
# apt-get install redis-server php-redis
To configure Redis, edit the file /var/www/nextcloud/config/config.php, it should look similar to this (with the exception that it has your server and password information in it):
Add this section at the end:
'memcache.locking' => '\OC\Memcache\Redis', 'memcache.distributed' => '\OC\Memcache\Redis', 'memcache.local' => '\OC\Memcache\Redis', 'redis' => [ 'host' => 'localhost', 'port' => 6379, 'timeout' => 3, ],
It now looks like this:
Now restart apache2:
# systemctl restart apache2
Remember to test the site again to ensure accessibility.
Accessing NextCloud Remotely
You can access NextCloud remotely anywhere on the Internet if you have the following in place:
-
A public IP address, best if you can map it to a DNS name such as mycloud.mydomain.com. In my case:
C:\Users\User>ping mycloud.dalaris.com Pinging mycloud.dalaris.com [98.200.105.12] with 32 bytes of data: Reply from 98.200.105.12: bytes=32 time=2ms TTL=64 Reply from 98.200.105.12: bytes=32 time=2ms TTL=64 Reply from 98.200.105.12: bytes=32 time=1ms TTL=64 Reply from 98.200.105.12: bytes=32 time<1ms TTL=64
Port forwarding on your router. Forward port 80 to access the insecure site. Later we will install an SSL certificate for nextcloud, port 443 needs to be forwarded. In my case:
Backup this file: /etc/apache2/sites-available/nextcloud.conf
# cd /etc/apache2/sites-available/ # cp nextcloud.conf nextcloud.conf.bkp
Now edit this file using vi editor:
# vi /etc/apache2/sites-available/nextcloud.conf
Currently it looks like this:
Change it so it looks like this:
<VirtualHost *:80> ServerName mycloud.dalaris.com ServerAdmin cloudmaster@dalaris.com DocumentRoot /var/www/nextcloud Alias /nextcloud "/var/www/nextcloud/" <directory /var/www/nextcloud> Require all granted AllowOverride All Options FollowSymLinks MultiViews SetEnv HOME /var/www/nextcloud SetEnv HTTP_HOME /var/www/nextcloud </directory>
</VirtualHost>
Now add this site to the trusted domain by entering this line:
#
sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 2 --value=mycloud.dalaris.com
The system will indicate the following:
System config value trusted_domains => 2 set to string mycloud.dalaris.com
Restart Apache server:
# systemctl restart apache2
And sure enough, I am now able to access the site remotely by using this URL: http://mycloud.dalaris.com/nextcloud.
E/ Secure NextCloud with an SSL certificate
# apt-get update # apt-get install software-properties-common # add-apt-repository universe # add-apt-repository ppa:certbot/certbot # apt-get update # apt-get install python-certbot-apache
Install a certificate:
# certbot --apache
Follow the steps as shown in the log below:
# certbot –apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): frank@dalaris.com
- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(A)gree/(C)ancel: A
- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: N
Which names would you like to activate HTTPS for?
- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: mycloud.dalaris.com
- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mycloud.dalaris.com
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/nextcloud-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/nextcloud-le-s sl.conf
Enabling available site: /etc/apache2/sites-available/nextcloud-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP ac cess.
- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/nextcloud.conf to ssl vhost in / etc/apache2/sites-available/nextcloud-le-ssl.conf
- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Congratulations! You have successfully enabled https://mycloud.dalaris.com
Restart Apache server:
# systemctl restart apache2
As you can see, the site is now completely secure with a certificate.
The certificate is expired in three months. At that point in time, it will automatically renew it. There is actually a cron job (a scheduled task) in the OS that is setup to perform this renewal. To see this crob job, type this command:
# cat /etc/cron.d/certbot
The output is something like this:
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e ‘sleep int(rand(43200))’ && certbot -q renew
This command runs twice daily to try and renew the certificate for us.
F/ Customizing NextCloud
NextCloud allows you to set up a personal theme to your liking, just choose Settings, Theming, and you can change the logo, background image, and the title of the web site. I went as far as getting the following personalization for NextCloud:
Congratulations, we have successfully completed the NextCloud installation and its configurations. We now have a fully operational NextCloud platform to store our files. Keep up the good work.