How to install and Configure NextCloud 15 on Ubuntu 18.04 Server

How to install and Configure NextCloud 15 on Ubuntu 18.04 Server

CHUONG K. NGUYEN – BSc., MCSEx2, MCSAx2, MCP, MCTS, MCITP, CCNA

In this lab we will download, install and configure NextCloud 15 on Ubuntu 18.04 server. At the end, we will secure the site by employing an SSL certificate for it as well as performing some customization necessary to showcase our newly deployed file repository. The lab contains the following parts.


A/ Install Linux OS
B/ Preparation
C/ Install and configure NextCloud
D/ Optimizing NextCloud
E/ Securing NextCloud
F/ Customizing NextCloud

Details Implementation

A/ Install Ubuntu 18.04 OS

Insert the Ubuntu 18.04 DVD into the drive and boot up the server. Choose to boot from this media.

Choose English as language.

Choose English (US) keyboard.

Choose Install Ubuntu.

At the interface screen confirm that you have a DHCP IP address, hit Done.

At Proxy Address, leave it blank.

Leave mirror address blank.

Choose to use entire disk.

Confirm the selected disk.

Choose to confirm that everything on the disk will be erased (irreversible).

Fill in Your name, server name: mycloud

Enter root user name for the operating system (later we will SSH into the server using this user name): user

Password: ********

Confirm password: ********

Choose to install OpenSSH server.

Do not choose any server snaps. Hit Done.

When installation is done, hit Reboot Now.

After reboot, log into the server and type the following commands

# sudo su

# ifconfig

Note the IP address of the server. This is a DHCP address.

Since this is a fixed server, we should change this IP address to a static one. This is done by changing the 50-cloud.init.yaml file under the netplan directory.

vi /etc/netplan/50-cloud-init.yaml

This is what I see in the file:

Now edit this file to assign the server the IP address of 192.168.1.15, subnet mask of /24, gateway of 192.168.1.1. DNS servers are 8.8.8.8 and 4.2.2.2.

Change it to be like this

 

 

 

When done, Press ESC, then :x to save and exit vi editor. Issue the command

# netplan apply

This is to apply the new IP address change. Type ifconfig to verify the new IP address:

On a computer in the same LAN, we can now SSH into the server as SSH server is listening on port 22.

B/ Preparation – Install Apache and PHP, and MySQL

We will need to install and configure Apache, PHP, and MySQL as follows:

# apt-get install apache2 php7.2 bzip2
# apt-get install libapache2-mod-php php-gd php-json php-mysql php-curl php-mbstring
# apt-get install php-intl php-imagick php-xml php-zip
# apt-get install mysql-server php-mysql

Since MySQL is installed with a default blank password, we need to reset it to a more secure one.

Type:

# mysql -uroot -p

Enter a blank password to log in. Type:

use mysql;
SET PASSWORD FOR 'root'@'localhost' = PASSWORD("NewPasswordHere");
flush privileges;
quit

Database creation

Next we will create a new database for NextCloud called nextcloud, a new database user, and grant the user with permissions to the database.

# mysql -u root -p
CREATE DATABASE nextcloud;
CREATE USER 'nextcloud_user'@'localhost' IDENTIFIED BY 'PasswordHere';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud_user'@'localhost';
FLUSH PRIVILEGES;
quit

Download and extract NextCloud package

# cd /var/www
# wget https://download.nextcloud.com/server/releases/latest-15.tar.bz2 -O nc.tar.bz2
# tar -xvjf nc.tar.bz2
# chown -R www-data:www-data nextcloud
# rm nc.tar.bz2

Modify NextCloud Configuration file

# vi /etc/apache2/sites-available/nextcloud.conf

Enter the following contents inside this file:

Alias /nextcloud "/var/www/nextcloud/"
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>

Now let’s enable the new site:

# a2ensite nextcloud
# a2enmod rewrite headers env dir mime
# systemctl restart apache2

Check firewall

Type:

# ufw status

If the status is inactive, you do not need to do anything. If the status is active, we need to add the firewall rules to allow HTTP and HTTPS for accessing the site by adding the two commands below:

# ufw allow http
# ufw allow https

 

C/ Install NextCloud

On a computer in the same LAN, access this URL:

http://192.168.1.15/nextcloud

Make up a user name and password for NextCloud admin.

Specify database, user name, and password (this is the password for the nextcloud_user account). Click Finish Setup when done.

Afer a minute or so, the NextCloud main page appears.

D/ Optimizing NextCloud

We will install and configure php-opcache and Redis to enhance the speed of NextCloud. First, we will install and configure php-opcache.

# apt-get install php-opcache

To configure php-opcache, edit the file as follows:

; configuration for php opcache module
; priority=10
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

Save the file and restart apache2:

# systemctl restart apache2

Make sure to access the site to verify that it is still accessible.

Install and configure Redis

# apt-get install redis-server php-redis

To configure Redis, edit the file /var/www/nextcloud/config/config.php, it should look similar to this (with the exception that it has your server and password information in it):

Add this section at the end:

'memcache.locking' => '\OC\Memcache\Redis',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.local' => '\OC\Memcache\Redis',
'redis' => [
'host' => 'localhost',
'port' => 6379,
'timeout' => 3,
],

It now looks like this:

Now restart apache2:

# systemctl restart apache2

Remember to test the site again to ensure accessibility.

Accessing NextCloud Remotely

You can access NextCloud remotely anywhere on the Internet if you have the following in place:

  • A public IP address, best if you can map it to a DNS name such as mycloud.mydomain.com. In my case:
    C:\Users\User>ping mycloud.dalaris.com
    
    Pinging mycloud.dalaris.com [98.200.105.12] with 32 bytes of data:
    Reply from 98.200.105.12: bytes=32 time=2ms TTL=64
    Reply from 98.200.105.12: bytes=32 time=2ms TTL=64
    Reply from 98.200.105.12: bytes=32 time=1ms TTL=64
    Reply from 98.200.105.12: bytes=32 time<1ms TTL=64
    

    Port forwarding on your router. Forward port 80 to access the insecure site. Later we will install an SSL certificate for nextcloud, port 443 needs to be forwarded. In my case:

Backup this file: /etc/apache2/sites-available/nextcloud.conf

# cd /etc/apache2/sites-available/
# cp nextcloud.conf nextcloud.conf.bkp

Now edit this file using vi editor:

# vi /etc/apache2/sites-available/nextcloud.conf

Currently it looks like this:

Change it so it looks like this:

<VirtualHost *:80>
ServerName mycloud.dalaris.com
ServerAdmin cloudmaster@dalaris.com
DocumentRoot /var/www/nextcloud
Alias /nextcloud "/var/www/nextcloud/"
<directory /var/www/nextcloud>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</directory>

</VirtualHost>

Now add this site to the trusted domain by entering this line:

#

sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 2 --value=mycloud.dalaris.com

The system will indicate the following:

System config value trusted_domains => 2 set to string mycloud.dalaris.com

Restart Apache server:

# systemctl restart apache2

And sure enough, I am now able to access the site remotely by using this URL: http://mycloud.dalaris.com/nextcloud.

E/ Secure NextCloud with an SSL certificate

# apt-get update
# apt-get install software-properties-common
# add-apt-repository universe
# add-apt-repository ppa:certbot/certbot
# apt-get update
# apt-get install python-certbot-apache

 

Install a certificate:

# certbot --apache

Follow the steps as shown in the log below:

# certbot –apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to

cancel): frank@dalaris.com

- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – -
Please read the Terms of Service at

https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must

agree in order to register with the ACME server at

https://acme-v02.api.letsencrypt.org/directory

- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

(A)gree/(C)ancel: A

- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – -
Would you be willing to share your email address with the Electronic Frontier

Foundation, a founding partner of the Let’s Encrypt project and the non-profit

organization that develops Certbot? We’d like to send you email about our work

encrypting the web, EFF news, campaigns, and ways to support digital freedom.

- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

(Y)es/(N)o: N

Which names would you like to activate HTTPS for?
- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

1: mycloud.dalaris.com

- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Select the appropriate numbers separated by commas and/or spaces, or leave input

blank to select all options shown (Enter ‘c’ to cancel): 1

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for mycloud.dalaris.com

Waiting for verification…

Cleaning up challenges

Created an SSL vhost at /etc/apache2/sites-available/nextcloud-le-ssl.conf

Enabled Apache socache_shmcb module

Enabled Apache ssl module

Deploying Certificate to VirtualHost /etc/apache2/sites-available/nextcloud-le-s sl.conf

Enabling available site: /etc/apache2/sites-available/nextcloud-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP ac cess.
- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

1: No redirect – Make no further changes to the webserver configuration.

2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for

new sites, or if you’re confident your site works on HTTPS. You can undo this

change by editing your web server’s configuration.

- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

Redirecting vhost in /etc/apache2/sites-enabled/nextcloud.conf to ssl vhost in / etc/apache2/sites-available/nextcloud-le-ssl.conf

- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Congratulations! You have successfully enabled https://mycloud.dalaris.com

Restart Apache server:

# systemctl restart apache2

As you can see, the site is now completely secure with a certificate.

The certificate is expired in three months. At that point in time, it will automatically renew it. There is actually a cron job (a scheduled task) in the OS that is setup to perform this renewal. To see this crob job, type this command:

# cat /etc/cron.d/certbot

The output is something like this:

SHELL=/bin/sh

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e ‘sleep int(rand(43200))’ && certbot -q renew

This command runs twice daily to try and renew the certificate for us.

F/ Customizing NextCloud

NextCloud allows you to set up a personal theme to your liking, just choose Settings, Theming, and you can change the logo, background image, and the title of the web site. I went as far as getting the following personalization for NextCloud:

Congratulations, we have successfully completed the NextCloud installation and its configurations. We now have a fully operational NextCloud platform to store our files. Keep up the good work.