Install NextCloud On Ubuntu 22.04 LTS

Install PHP and MySQL packages

Overview

Nextcloud is a file hosting system which allows us to store our personal content like documents, pictures, videos etc and share with others. Here we will see How to Install NextCloud On Ubuntu 22.04 LTS this will be a complete guide. Instead of relying on external service providers for our personal and business documents, Nextcloud gives us the freedom to store them on our own servers or in trusted data centers. its a self managed centralized document and file management system. It is Open-Source hence enabling us to use and adapt the application as we need. We have full control over the application. So we can provide our own security measure to secure our contents.

In this tutorial, we are going see How to Install NextCloud On Ubuntu 22.04 LTS. This will be a detail setup, we will increase the performance of Nextcloud and apply the security. the steps we are going to follow.

1. Install Required Packages

apt update && apt upgrade

2. install Apache and MySQL Server

apt install apache2 mariadb-server 

3. Install PHP and other Dependencies and Restart Apache

apt install libapache2-mod-php php-bz2 php-gd php-mysql php-curl php-mbstring php-imagick php-zip php-ctype php-curl php-dom php-json php-posix php-bcmath php-xml php-intl php-gmp zip unzip wget

4. Enable required Apache modules and restart Apache:

a2enmod rewrite dir mime env headers
systemctl restart apache2

2. Configure MySQL Server

1. Login to MySQL Prompt, Just type

mysql

2. Create MySQL Database and User for Nextcloud and Provide Permissions.

CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'passw@rd';
CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
FLUSH PRIVILEGES;
quit;

3. Download, Extract and Apply Permissions.

Now download the latest Nextcloud archive file, Go to the Nextcloud Download Page. Or you can download from this direct link: https://download.nextcloud.com/server/releases/latest.zip

cd /var/www/
wget https://download.nextcloud.com/server/releases/latest.zip
unzip latest.zip

2. Remove the zip file, which is not necessary now.

rm -rf latest.zip

3. Change the ownership of the nextcloud content directory to the HTTP user.

chown -R www-data:www-data /var/www/nextcloud/

4. Install NextCloud From the Command Line

We are going to install nextcloud on ubuntu 22.04 from the command line, it will save our time as we are providing all the database and admin credentials for installation. It will install nextcloud silently, we dont have to go through web setup.

1. Run the CLI Command

cd /var/www/nextcloud
sudo -u www-data php occ  maintenance:install --database \
"mysql" --database-name "nextcloud"  --database-user "nextcloud" --database-pass \
"passw@rd" --admin-user "admin" --admin-pass "admin123"

If everything goes well the command will output “Nextcloud was successfully installed”. We provided very simple user/password, during production setup this must be complex password.

2. nextcloud allows access only from localhost, it could through error “Access through untrusted domain”. we need to allow accessing nextcloud by using ip or domain name.

nano /var/www/nextcloud/config/config.php

‘trusted_domains’ =>
array (
0 => ‘localhost’,
1 => ‘nc.yoursite.com’, // we Included the Sub Domain
),

3. Configure Apache to load Nextcloud from the /var/www/nextcloud folder.

nano /etc/apache2/sites-enabled/000-default.conf

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/nextcloud // Chan
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Now, Restart Apache Server

systemctl restart apache2

Now, Go to the Browser and type http:// [ ip or fqdn ] of the server, The below Nextcloud login page will appear.

The Basic NextCloud Installation on Ubuntu 22.04 is completed, Now we are going to Work for the Performance and Security.

5. Install and Configure PHP-FPM with Apache

Here we will install PHP-FPM, which is faster then the mpm-prefork module, which is the default method of executing php files on apache. 1. Install php-fpm
apt install php8.1-fpm
// Check the php-fpm is running
service php8.1-fpm status

2. Check the php-fpm version and Socket.

php-fpm8.1 -v
ls -la /var/run/php/php8.1-fpm.sock

3. Disable apache prefork module

a2dismod php8.1
a2dismod mpm_prefork

4. Enable php-fpm

a2enmod mpm_event proxy_fcgi setenvif
a2enconf php8.1-fpm

5. Set required php.ini variables

nano /etc/php/8.1/fpm/php.ini

max_execution_time = 1000
max_input_time = 1000
max_input_vars = 3000
memory_limit = 512M
post_max_size = 96M
upload_max_filesize = 64M

6. php-fpm pool Configurations

nano /etc/php/8.1/fpm/pool.d/www.conf

pm.max_children = 64
pm.start_servers = 16
pm.min_spare_servers = 16
pm.max_spare_servers = 32

service php8.1-fpm restart

7. Apache directives for php files processing by php-fpm

nano /etc/apache2/sites-enabled/000-default.conf 
ServerAdmin webmaster@localhost DocumentRoot /var/www/nextcloud ###################
<Directory /var/www/nextcloud>
          Options Indexes FollowSymLinks
          AllowOverride All
          Require all granted
	</Directory>

	<FilesMatch ".php$"> 
         SetHandler "proxy:unix:/var/run/php/php8.1-fpm.sock|fcgi://localhost/"          
	</FilesMatch>
########################### ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined
service apache2 restart

6. Create info.php Page for php feature check

Create an info.php page, it will show us either php-fpm, opcache, apcu are enabled with the php.

cd /var/www/nextcloud
nano info.php
<?php phpinfo(); ?>
Now Browse http://nc.yoursite.com/info.php, it will show “Server API FPM/FastCGI” if the php-fpm is enabled on the php.

7. Enable Opcache in php

Opcache is a caching engine for PHP. It stores precompiled script bytecode in shared memory, so parsing php scripts on each request wont be necessary. It increases php file execution and website loading performance.

nano /etc/php/8.1/fpm/php.ini

opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=512
opcache.interned_strings_buffer=64
opcache.max_accelerated_files=10000
opcache.revalidate_freq=60
opcache.save_comments=1

// Now, Restart apache and php-fpm

systemctl restart php8.1-fpm
systemctl restart apache2
Now, Check the http://nc.yoursite.com/info.php again, it will show the “Opcache is Up and Running”

8. Enable APCu in php

APCu is the user data caching. It is a local cache for systems. Nextcloud use this for memory caching.


1. Install APCu

apt install php8.1-apcu

2. Configure Nextcloud to use APCu for memory caching.

nano /var/www/nextcloud/config/config.php
'memcache.local' => '\OC\Memcache\APCu',
// Restart php-fpm and apache
systemctl restart php8.1-fpm
systemctl restart apache2
Now, Check the http://nc.yoursite.com/info.php again, it will show the “APCu support Enabled”

9. Install SSL (if you are not behind reverse proxy) and Enable HTTP2

1. We will install LetsEncrypt certificate, so, first we need the certbot tools.

apt-get install python3-certbot-apache -y
2. with the certbot tool, lets request a Certificate for our domain.
# certbot --apache -d nc.yoursite.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): youremail@gmail.com   // Input Email Address

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2023.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y   // Press Y here

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y   // Press Y here
Account registered.
Requesting a certificate for nc.yoursite.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/nc.yoursite.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/nc.yoursite.com/privkey.pem
This certificate expires on 2022-10-13.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for nc.yoursite.com to /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://nc.yoursite.com
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

3. Enable apache HTTP2 module and configure site for the http2 protocols

a2enmod http2
nano /etc/apache2/sites-enabled/000-default-le-ssl.conf
<VirtualHost *:443>

 Protocols h2 h2c http/1.1

ServerAdmin webmaster@localhost
DocumentRoot /var/www/nextcloud
// Now, Restart Apache
systemctl restart apache2
4. Test the http2 protocol, by sending http2 request to the web server.
curl -I --http2 -s https://nc.yoursite.com/ | grep HTTP
HTTP/2 200
Or, we can Inspect the Browser during accessing nextcloud url, we can easily see the protocol column from the Network tab, it will show h2 as the protocol which is http2.

5. HTTP Strict Transport Security, which instructs browsers not allow any connection to the Nextcloud instance using HTTP, it prevents man-in-the-middle attack.

<VirtualHost *:443>
  ServerName nc.yoursite.com

    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>

 </VirtualHost>

10. Pretty URL’s

Pretty URLs remove the "index.php” part in all Nextcloud URLs. It will make URLs shorter and prettier.

nano /var/www/nextcloud/config/config.php
‘htaccess.RewriteBase’ => ‘/’,
// This command will update the .htaccess file for the redirection
sudo -u www-data php --define apc.enable_cli=1 /var/www/nextcloud/occ maintenance:update:htaccess
//To change region command
nano /var/www/nextcloud/config/config.php

Malaysia//
‘default_phone_region’ => ‘MY’,