NEXTCLOUD – LOCAL INSTALLATION (Debian/Ubuntu)

Nextcloud offers a great Administrator’s Manual which includes in-depth instructions for installations in many different iterations (e.g. stand-alone, container-ized, etc.) as well as OS’s. Being an old curmudgeonly SysAdmin (retired), who doesn’t like to RTFM, I needed a clean, clear, and concise recipe for doing Linux based bare-metal Nextcloud installations.

Remember my Personal Rule #14 – It isn’t a good OS and/or Server install unless it has been (re)loaded at least 3 times.

Caveat Emptor: This is not a perfect document. I have used this recipe more than 3 times and I have confidence in its functionality. All that and $4 will still only buy you a fancy cup of coffee (i. e. Your millage may vary.)

Overview

To make ensure the accuracy of this recipe I spun up a VirtualBox VM using the following system specifications:

OS: Debian GNU/Linux 12 (bookworm) x86_64
Host: VirtualBox 1.2
Kernel: 6.1.0-13-amd64
CPU: AMD Ryzen 7 5700G with Radeon Graphics (4) @ 3.792GHz
GPU: 00:02.0 VMware SVGA II Adapter
Memory: 4 GB
Disk (/): 20G

Important: This tutorial is based on a Debian 12 Linux installation. As such all of the informational links point to Debian documentation. The installation commands should be distribution agnostic for Debian/Ubuntu flavors. Other Distro’s that do not use the apt packager will have to adjust their command syntax accordingly.

Notes:

Throughout this document I have used “NC-Admin” as the username for the database administrator and the Nextcloud Administrator account, each using the same [password]. I have done so in this tutorial to make it easy to remember (for me). Best Practice and Security demands that these two accounts use different usernames and passwords. The two role usernames and passwords can be anything of your choosing.

The role, DB Admin, “owns” the MariaDB (MySQL) database and authorizes it use by the Nextcloud instance. The role, Nextcloud Admin, is required to create the Nextcloud instance. It provides administrative access and full privileges for running the Nextcloud site.

Commands to be run from the CLI are bold. The “#” is used to indicate a comment after a command or edit instruction. (e.g. command #comment ) Do not include the comment when executing the command.

Additional Recommended Resources

Text Editor: My personal choice is nano. The instructions for saving a file, ^O = Ctrl + O, [ENTER] = Enter key, and ^X = Ctrl + X.

General Rule: When editing configuration files do not use use a word-processor. (e.g. LibreOffice, etc.)

netstat - Prints network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. The command netstat -plant shows services that are listening on specific ports. netstat is a utility included with net-tools ( sudo apt install net-tools )

Nextcloud Installation

openssh-server – secure remote access to the nextcloud server
Molly-guard - guard against accidental shutdowns/reboots
apache2 apache2-doc – Apache web server and documentation

Disable mpm_event - The event Multi-Processing Module (MPM) is designed to allow more requests to be served simultaneously by passing off some processing work to the listeners threads, freeing up the worker threads to serve new requests.

Enable Apache mpm_prefork - This Multi-Processing Module (MPM) implements a non-threaded, pre-forking web server. Each server process may answer incoming requests, and a parent process manages the size of the server pool. It is appropriate for sites that need to avoid threading for compatibility with non-thread-safe libraries. It is also the best MPM for isolating each request, so that a problem with a single request will not affect any other.

Using a browser open http://localhost/ - This should display “Apache2 Debian Default Page” confirming that Apache2 Web Server is operational.

For this tutorial Mariadb (MySQL) will be used. SQLite and PostgreSQL could also be used but require different setup parameters.

Lastest packages to be installed:

libapache2-mod-php - provides the PHP module for the Apache 2 webserver.
libapache2-mod-php8.2 - package provides the PHP module for the Apache 2 webserver (as found in the apache2-mpm-prefork package). Please note that this package ONLY works with Apache's prefork MPM, as it is not compiled thread-safe.
libzip4 - a C library for reading, creating, and modifying zip archives.
php8.2-apcu - The APCu is a fast solution for userland caching (and dumping) of PHP variables locally
php8.2-bcmath - package provides the Bcmath module(s) for PHP.
php-8.2-bz2 - package provides the bzip2 module(s) for PHP.
php8.2-cli - package provides the /usr/bin/php8.2 command interpreter, useful for testing PHP scripts from a shell or performing general shell scripting tasks.
php8.2-common - package provides the documentation, examples and common module(s) for PHP.
php8.2-curl - package provides the CURL module(s) for PHP. ("Client URL" is a command line tool that enables data transfer over various network protocols)
php8.2-gd - package provides the GD (Graphics)module(s) for PHP.
php8.2-gmp - package provides the GMP (Multiprecision arithmetic library) module(s) for PHP.
php8.2-imagick - Imagick is a native php extension to create and modify images using the ImageMagick API.
php8.2-intl - package provides the Internationalisation module(s) for PHP.
php8.2-mbstring - package provides the MBSTRING (regular expressions library) module(s) for PH.
php8.2-mysql - package provides the MySQL module(s) for PHP.
php8.2-opcache - package provides the Zend OpCache module(s) for PHP.
php8.2-readline - package provides the readline (BSD editline and history libraries) module(s) for PHP.
php8.2-xml - package provides the DOM, SimpleXML, XML, and XSL module(s) for PHP.
php8.2-zip - package provides the Zip (library for reading, creating, and modifying zip archives (runtime)) module(s) for PHP.

phpenmod – Used to enable modules in PHP

libmagickcore-6.q16-6-extra - adds support for SVG, WMF, OpenEXR, DjVu and Graphviz to MagickCore.

MySQL Configuration – Note: NC-Admin is the name of the administrator of the MySQL nextcloud database. is the secure password for the Administrator’s account.

Confirmation of USER, DATABASE, and PRIVILEGES creation:

<

Download latest version of Nextcloud and MD5 signature

wget https://download.nextcloud.com/server/releases/latest.zip

wget https://download.nextcloud.com/server/releases/latest.zip.md5

latest.zip: OK

Apache2 uses the www-data user account and the www-group membership when serving web pages. This is to prevent unauthorized users from making changes to the nextcloud instance.

Moves the nextcloud files into the root of the Apache2 directory

Disable Apache2’s default configuration file

Create Nextcloud’s Apache2 configuration file
<VirtualHost *:80>

DocumentRoot "/var/www/html/nextcloud"
ServerName emerald
<Directory "/var/www/html/nextcloud/">
Options MultiViews FollowSymlinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

TransferLog /var/log/apache2/nextcloud_access.log
ErrorLog /var/log/apache2/nextcloud_error.log

</VirtualHost>

^O Write out, [ENTER], and then ^X Exit

Enable Nextcloud’s Apache2 configuration file

Provides a rule-based rewriting engine to rewrite requested URLs on the fly

Customization of HTTP request and response headers

Modifies the environment which is passed to CGI scripts and SSI pages

Provides for "trailing slash" redirects and serving directory index files

Associates the requested filename's extensions with the file's behavior (handlers and filters) and content (mime-type, language, character set and encoding)

Edit the following changes:


max_execution_time = 360
memory_limit = 1024M
post_max_size = 200M
upload_max_filesize = 200M
date.timezone = America/Chicago # Your local timezone, Remove “;”
opcache.enable = 1 # Remove “;”
opcache.memory_consumption = 128 # Remove “;”
opcache.interned_strings_buffer = 24 # Remove “;”
opcache.max_accelerated_files = 10000 # Remove “;”
opcache.revalidate_freq = 1 # Remove “;”
opcache.save_comments = 1 # Remove “;”

^O Write out, [ENTER], and then ^X Exit

Username – This is the Nextcloud instance “root” account. This account has full Administrative privileges. (Note: at least one additional account should be created and assigned “Admin” privileges.) password – for Nextcloud “root” account. Storage & database - Shown is the default. The data storage location can be anywhere. Database user – NC-Admin Database password Database name – nextcloud Database host – localhost:3306 (Port 3306 is the default for MariaDB (MySQL)).

This is the end of the Bare-Metal install of a Linux based Nextcloud instance. You will notice on the Administrative Settings page a number of follow-up tasks that will require your attention. I will detail my solutions in my next article: “Nextcloud - Next Steps”.

Remember Rule # 14 – Satisfy you nerd curiosity, load up all the toys that catch your fancy, then be prepared to do a bare-metal install again.

Addendum 1: Nextcloud Install

1. sudo apt update && sudo apt upgrade

2. sudo apt install openssh-server molly-guard apache2 apache2-doc

3. sudo a2dismod mpm_event

4. sudo a2enmod mpm_prefork

5. sudo systemctl restart apache2

6. sudo systemctl status apache2

7. sudo apt install mariadb-server

8. sudo apt install libapache2-mod-php libapache2-mod-php8.2 Libzip4 php-apcu php-bcmath php-bz2 php-cli php-common php-curl php-gd php-gmp php-imagick php-intl php-mbstring php-mysql php-opcache php-readline php-xml php-zip

9. sudo phpenmod bcmath gmp imagick intl

10. sudo apt install libmagickcore-6.q16-6-extra

11. sudo mysql

12. MariaDB [(none)]> CREATE USER 'NC-Admin'@'localhost' IDENTIFIED BY '[password>]';

13. MariaDB [(none)]> CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

14. MariaDB [(none)]> SHOW DATABASES;

15. MariaDB [(none)]> GRANT ALL PRIVILEGES ON nextcloud.* TO 'NC-Admin'@'localhost';

16. MariaDB [(none)]> FLUSH PRIVILEGES;

17. MariaDB [(none)]> SHOW GRANTS FOR 'NC-Admin'@'localhost';

19. MariaDB [(none)]> QUIT;


Download latest version of Nextcloud and MD5 signature

wget https://download.nextcloud.com/server/releases/latest.zip

wget https://download.nextcloud.com/server/releases/latest.zip.md5

20. md5sum -c latest.zip.md5 < latest.zip

21. unzip latest.zip

22. sudo chown -R www-data:www-data nextcloud

23. sudo mv nextcloud /var/www/html

24. sudo a2dissite 000-default.conf # ( Do not reload Apache yet. )

25. sudo nano /etc/apache2/sites-available/nextcloud.conf

Create Nextcloud’s Apache2 configuration file
<VirtualHost *:80>

DocumentRoot "/var/www/html/nextcloud"
ServerName emerald

<Directory "/var/www/html/nextcloud/">
Options MultiViews FollowSymlinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

TransferLog /var/log/apache2/nextcloud_access.log
ErrorLog /var/log/apache2/nextcloud_error.log

</VirtualHost>

^O Write out, [ENTER], and then ^X Exit
26. sudo a2ensite nextcloud.conf # ( Do not reload Apache yet. )

27. sudo a2enmod rewrite

28. sudo a2enmod headers

29. sudo a2enmod env

30. sudo a2enmod dir

31. sudo a2enmod mime

32. sudo nano /etc/php/8.X/apache2/php.ini # ( X = current version e.g. 2 )

Edit the following changes:


max_execution_time = 360
memory_limit = 1024M
post_max_size = 200M
upload_max_filesize = 200M
date.timezone = America/Chicago # [ Your local timezone, Remove “;” ]
opcache.enable = 1 # Remove “;”
opcache.memory_consumption = 128 # Remove “;”
opcache.interned_strings_buffer = 24 # Remove “;”
opcache.max_accelerated_files = 10000 # Remove “;”
opcache.revalidate_freq = 1 # Remove “;”
opcache.save_comments = 1 # Remove “;”

^O Write out, [ENTER], and then ^X Exit
33. sudo systemctl restart apache2

34. sudo systemctl status apache2

35. http://localhost