Nextcloud 15 on Ubuntu 18.04 LTS Server
This guide assumes you have a working Ubuntu 18.04 LTS server installation and you have sudo provileges.
Credits:
Become root
It's much easier to type in commands without having to worry about typing "sudo" in front of every command and having to authenticate each time. The command below will allow you to become root and only authenticate once:
sudo su
Type in the password of your user account with root prileges:
[sudo] password for SOME_USER:
Install MySQL
Install MySQL with the following command:
sudo apt install mysql-server
Check if MySQL server is running:
sudo systemctl status mysql
You should get an output similar to below:
● mysql.service - MySQL Community Server
Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: en
Active: active (running) since Wed 2019-01-02 11:31:30 UTC; 1min 18s ago
Main PID: 2578 (mysqld)
Tasks: 27 (limit: 4915)
CGroup: /system.slice/mysql.service
└─2578 /usr/sbin/mysqld --daemonize --pid-file=/run/mysqld/mysqld.pid
Jan 02 11:31:30 cloud systemd[1]: Starting MySQL Community Server...
Jan 02 11:31:30 cloud systemd[1]: Started MySQL Community Server.
Secure MySQL
MySQL server package comes with a script called mysql_secure_installation that can perform several security related operations.
Run the script by typing:
sudo mysql_secure_installation
You will be asked to setup VALIDATE PASSWORD plugin. You can simply press ENTER to skip or "Y" to setup:
Securing the MySQL server deployment.
Connecting to MySQL using a blank password.
VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?
Press y|Y for Yes, any other key for No
On the next prompt you will be asked to set up the password for the MySQL root user. Specify and confirm the password:
New password:
Re-enter new password:
On the next prompt you will be asked to remove the MySQL anonymous user. You should select "Y" in this prompt:
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.
Remove anonymous users? (Press y|Y for Yes, any other key for No) :
On the next prompt you will be asked to Disallow root login remotely. You should select "Y" in this prompt:
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) :
On the next prompt you will be asked to remove the test database and the access to it. You should select "Y" in this prompt:
Remove test database and access to it? (Press y|Y for Yes, any other key for No) :
On the next prompt you will be asked to reload the privilege tables. You should select "Y" in this prompt:
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) :
Create the MySQL Database
Login to the MySQL shell:
sudo mysql
Run the following SQL statements to create a database named nextcloud, user named nextclouduser and to grant all necessary permissions to the user where SOME_PASSWORD is a strong password you specify:
CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL ON nextcloud.* TO 'nextclouduser'@'localhost' IDENTIFIED BY 'SOME_PASSWORD';
FLUSH PRIVILEGES;
EXIT;
Install PHP and Apache
Install PHP and Apache2 packages:
sudo apt install apache2 php php-gd php-json php-mysql php-curl php-mbstring php-intl php-imagick php-xml php-zip php-ldap php-smbclient php-soap libapache2-mod-php
Download Nextcloud
As of writing this article, the latest Nextcloud version was 15.0.0. Visit the Nextcloud Downloads page to get the link the latest version:
Once you have the link, download using wget to your system:
wget https://download.nextcloud.com/server/releases/nextcloud-15.0.0.zip
Install unzip if you don't already have it:
apt install unzip
Unzip the Nextcloud archive you downloaded previously:
unzip nextcloud-15.0.0.zip
Move the nextcloud directory that got created when you unzipped the Nextcloud archive to the /var/www/html/ directory:
mv nextcloud /var/www/html
Setup Apache user to have full access to the Nextcloud directory:
sudo chown -R www-data: /var/www/html/nextcloud/
Configure Apache
Ensure you have obtained a 3rd party PEM certificate, key and PEM certificate chain file and placed them in the corresponding directories before proceeding below.
Create a Nextcloud website configuration:
vi /etc/apache2/sites-available/nextcloud.conf
Paste the following ensuring you replace the bold fields with your information:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin someone@domain.tld
DocumentRoot /var/www/html/nextcloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cert.pem
SSLCertificateKeyFile /etc/ssl/private/key.key
SSLCertificateChainFile /etc/ssl/certs/cert_chain.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /var/www/html/nextcloud>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
</IfModule>
Enable required modules:
sudo a2enmod ssl
sudo a2enmod rewrite
sudo a2enmod headers
sudo a2enmod env
sudo a2enmod dir
sudo a2enmod mime
Enable the nextcloud website:
cd /etc/apache2/sites-available/
sudo a2ensite nextcloud
Disable the Default website:
sudo a2dissite 000-default
Restart Apache to activate changes:
systemctl reload apache2
Install Nextcloud
https://IP_ADDRESS
You will be presented with the Nextcloud setup page:
Enter a desired Username and Password to create an admin account, and enter the Database user, Database password, Database name you created earlier and click on the Finish setup button.
Configure Nextcloud Memory Caching
We will be configuring memory caching in order to improve the Nextcloud server performance using Redis for distributed caching as well as local cache for Transactional File Locking.
Install Redis Server and php-redis:
apt install redis-server php-redis
The installer will automatically launch redis-server and configure it to launch at startup. Verify redis-server is running:
ps ax | grep redis
should output similar to below (note the port number 6379):
17056 ? Ssl 0:00 /usr/bin/redis-server 127.0.0.1:6379
17211 pts/0 S+ 0:00 grep --color=auto redis
Edit the Nextcloud config.php file:
vi /var/www/html/nextcloud/config/config.php
Add the following entries right above the bottom ); entry so it looks like below:
'installed' => true,
'memcache.local' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
),
'memcache.locking' => '\OC\Memcache\Redis',
);
Reload Apache:
systemctl reload apache2
Configure PHP OPcache
Find the php.ini file used by Apache:
Create a phpinfo.php file in the /var/www/html/nextcloud directory:
vi /var/www/html/nextcloud/phpinfo.php
Paste the following in the file and save:
<?php
// Show all information, defaults to INFO_ALL
phpinfo();
?>
Load the page in your browser:
https://IP_ADDRESS/phpinfo.php
Should be presented with the following screen:
Look for the Loaded Configuration File line, in this example it's /etc/php/7.2/apache2/php.ini:
Edit the Configuration File:
vi /etc/php/7.2/apache2/php.ini
Look the the [opcache] section of the file and remove the ; (uncomment) and set the following variables as shown below:
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
Reload Apache:
systemctl reload apache2
Delete the phpinfo.php file you created earlier:
rm -rf /var/www/html/nextcloud/phpinfo.php
Convert Database Columns to big int
Take Nextcloud instance offline by editing the /var/www/html/nextcloud/config/config.php file:
vi /var/www/html/nextcloud/config/config.php
Insert the following entry if it doesn't exist right below the 'maintenance' => true, entry, so it looks like below and save the file:
'installed' => true,
'maintenance' => true,
Ensure instance is offline by navigating with a browser to the IP or host name of your Nextcloud server:
https://IP_ADDRESS/
Should present the following screen:
Run the following commands to convert the tables to big int:
cd /var/www/html/nextcloud/
chmod +x occ
sudo -u www-data ./occ db:convert-filecache-bigint
In the following prompt, click "Y' to proceed:
Nextcloud is in maintenance mode - no apps have been loaded
Following columns will be updated:
* filecache.mtime
* filecache.storage_mtime
This can take up to hours, depending on the number of files in your instance!
Continue with the conversion (y/n)? [n]
Put the Nextcloud instance back online by editing the /var/www/html/nextcloud/config/config.php file:
vi /var/www/html/nextcloud/config/config.php
Edit the 'maintenance' => true, entry and set it to 'maintenance' => false, so it looks like below and save the file:
'installed' => true,
'maintenance' => false,
Ensure instance is online by navigating with a browser to the IP or host name of your Nextcloud server:
https://IP_ADDRESS/
Review any additional setup warning under Settings --> Administration --> Overview.
Enable External SMB Storage Support
In order to be able to mount external SMB shares into the Nextcloud instance you must you must install smbclient package:
apt install smbclient
Change the Nextcloud Data Directory to SMB Storage
If you don't wish to use local storage for the Nextcloud Data directory, you can mount a SMB share via fstab and point the "datadirectory" field in the /var/www/html/nextcloud/config.php to that share.
Create a mount point to mount your SMB share:
mkdir /mnt/nextclouddata
Create .smbcredentials file to save the credentials to mount the SMB share where "username" is the name of the user you are logged in as:
vi /home/username/.smbcredentials
Paste the following:
(For non-domain based Share)
#username=MyUsername
#password=MyPassword
# OR: (for Windows 2008 and above Domain based Share)
#username=MyUsername
#password=MyPassword
#domain=MyDomain
# OR: (for cifs on Windows Server 2003 Domain Based Share)
# username=MyDomain/MyUsername
# password=MyPassword
Uncomment (remove the #) from the username,password and if applicable domain from the section you wish to use and replace the MyUsername, MyPassword and MyDomain if applicable with your information.
Change permissions to the .smbcredentials file to prevent unwanted access to your credentials:
chmod 600 /home/username/.smbcredentials
Get the www-data user UID in order to mount the SMB share with the www-data user as the owner :
id -u www-data
Should output similar to below. Take note of the UID (Don't use the UID from below, your system might differ):
33
Edit /etc/fstab:
vi /etc/fstab
Paste the following in a new line under all the existing entries where "SERVER" is your SMB server name/IP, "SHARE" is the SMB share, "33" is the www-data UID from above, and "home/username" is the location of the ".smbcredentials" file you created earlier:
#MOUNT NEXTCLOUD DATA SHARE
//SERVER/SHARE /mnt/nextclouddata cifs uid=33,file_mode=0770,dir_mode=0770,credentials=/home/username/.smbcredentials
mount -a
Ensure you can access the files/directories in that share
Edit /var/www/html/nextcloud/config/config.php
vi /var/www/html/nextcloud/config/config.php
Locate the "datadirectory" field and change it to the /mnt/nextclouddata so it looks like below and save the file:
'datadirectory' => '/mnt/nextclouddata',
Restart Apache:
systemctl restart apache2
Nextcloud Command Line Commands Reference
All commands below must be run from the /var/www/html/nextcloud directory or wherver your Nextcloud installation directory is:
cd /var/www/html/nextcloud
Enable Maintenance Mode
sudo -u www-data php occ maintenance:mode --on
Disable Maintenance Mode
sudo -u www-data php occ maintenance:mode --off
Re-Scan Nextcloud Data for ALL Users
sudo -u www-data php occ files:scan --all -v
Re-Scan Nextcloud Data for specific user
sudo -u www-data php occ files:scan <username> -v
Cleanup Nextcloud Filecache
sudo -u www-data php occ files:cleanup
Remove Deleted Files for ALL Users
sudo -u www-data php occ trashbin:cleanup --all-users
Remove Deleted Files for Specific User
sudo -u www-data php occ trashbin:cleanup <username>
Set Nextcloud deleted file policy
Edit /var/www/html/nextcloud/config/config.php
vi /var/www/html/nextcloud/config/config.php
Edit the trashbin_retention_obligation line as follows:
auto – standard behaviour --> 'trashbin_retention_obligation' => 'auto'
D, auto – change the minimum days (30 Days) a file is kept with standard behaviour --> 'trashbin_retention_obligation' => '30, auto'
auto, D – delete after a number of days (30 Days), but earlier if space is required --> 'trashbin_retention_obligation' => 'auto, 30'
D1, D2 – do not delete before (30 Days), but definitely delete after a certain number of days (35 Days) --> 'trashbin_retention_obligation' => '30, 35'
List ALL Apps
sudo -u www-data php occ app:list
Disable App for a Specific User
sudo -u www-data php occ twofactorauth:disable <username>
Enable App for a Specific User
sudo -u www-data php occ twofactorauth:enable <username>
Disable App for ALL Users
sudo -u www-data php occ app:disable gallery
Enable app for ALL Users
sudo -u www-data php occ app:enable gallery
List all Netxloud Configuration Parameters and Remove Sensitive Data
sudo -u www-data php occ config:list
List All Nextcloud occ Commands
sudo -u www-data php occ
Enable User
sudo -u www-data php occ user:enable username
Disble User
sudo -u www-data php occ user:disable username
Reset User Password
sudo -u www-data php occ user:resetpassword user
Add User to a Group
sudo -u www-data php occ user:add username -g groupname
Repair Nextcloud Installation
sudo -u www-data php /var/www/html/nextcloud/occ maintenance:repair