Following this guide you will be able to install and configure Nextcloud 20 based on Ubuntu 22.04 LTS, Apache 2.4.52 (mpm_event, http2), PHP 8.1 (php8.1-fpm), MariaDB, fail2ban, and achieve an A+ rating from both: Nextcloud and Qualys SSL Labs. We will request and implement the ssl certificate from Let’s Encrypt in this guide.
Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices.
With the integrated OnlyOffice, Nextcloud application functionally is similar to Dropbox, Office 365 or Google Drive, but can be used on home-local computers or for off-premises file storage hosting.
Before we start let’s update and upgrade the database to the latest package updates and upgrades.
sudo apt-get update
sudo apt-get upgradeFollow the procedure mentioned in the below article to install LAMP stack on Ubuntu Server.
Download and extract the latest Nextcloud Release
cd /tmp
wget https://download.nextcloud.com/server/releases/latest.zip
unzip latest.zipChange owner to be www-data
sudo chown -R www-data:www-data nextcloudMove this directory to /var/www/html/ directory
sudo mv nextcloud /var/www/html/Configure Apache Web Server, Create a new configuration file under /etc/apache2/sites-available
sudo vi /etc/apache2/sites-available/nextcloud.confAnd then paste these lines
Alias /nextcloud "/var/www/html/nextcloud/"
<Directory /var/www/html/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>Create Symbolic link
sudo ln -s /etc/apache2/sites-available/nextcloud.conf /etc/apache2/sites-enabled/nextcloud.confAdditional apache configuration, Execute these commands to enable some modules
sudo a2enmod headers
sudo systemctl restart apache2
sudo a2enmod env
sudo a2enmod dir
sudo a2enmod mimeCreate a MySQL database and user for Nextcloud on Ubuntu
sudo mysql -u root -pYou’ll be prompted to enter the Linux User password, then execute the underneath commands in blue, replace ‘12345’ with the password desired
MariaDB [(none)]> create database nextcloud;
MariaDB [(none)]> create user nextcloud@localhost identified by '12345';
MariaDB [(none)]> grant all privileges on nextcloud.* to nextcloud@localhost identified by '12345';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;Mounting an external hard drive for Nextcloud on Ubuntu
These instructions are for mounting an NTFS formatted hard drive and allowing nextCloud to store files onto it. Now would be a good time to plug in the external Hard Drive to the Linux machine. Having an NTFS drive we will need to install a NFTS package by entering the following
sudo apt-get install ntfs-3g -yMake a directory we can mount to
sudo mkdir /mnt/nextclouddriveCreate and add the www-data user to the www-data group:
sudo groupadd www-data
sudo usermod -a -G www-data www-dataMake the user www-data owner of the mounted drive and make its permissions read, write and execute
sudo chown -R www-data:www-data /mnt/nextclouddrive
sudo chmod -R 775 /mnt/nextclouddriveNow we need to get the gid, uid and the uuid as we will need to use them so the machine will remember it even if we plug it into a different USB port. Enter the following command for the gid
sudo id -g www-dataNow to get the uid enter the following command
sudo id -u www-dataAlso we meed to get the UUID of the attached external hard drive so the linux machine can remember this drive even if you plug it into a different USB port
sudo ls -l /dev/disk/by-uuidNow add your drive into the fstab file so it’ll boot with the proper permissions
sudo vi /etc/fstab
And add the following line
UUID=ENTERCORRECTUUID /mnt/nextclouddrive auto nofail,uid=33,gid=33,umask=0027,dmask=0027,noatime 0 0Nextcloud First Access Setup
1. Open your browser and enter the IP address provided, <ipaddress>/nextcloud you’ll be directed to your nextCloud storage server.
2. You should be presented with a simple setup screen, Here enter a username and password to create an admin account.
3. Click on Storage & database dropdown and enter your external hard drive directory: /mnt/nextclouddrive
4. Immediately underneath enter your MySQL details as follows
Username: nextcloud
Password: 12345
Database: nextcloud
Server: localhost5. Click on ‘Finish Setup’ button. That’s it. We’re good to go. Nextcloud 24 installed on Ubuntu Linux is now ready for use.
To Enable and Configure SSL for NextCloud on Ubuntu for Secure Access using LetsEncrypt Secure Cerificates, follow the below mentioned article.
Add newly certified domain to the list of trusted sites
Open nextcloud config file
sudo vi /var/www/html/nextcloud/config/config.phpand add the following lines
'trusted_domains' =>
array (
0 => 'xxy.xyx.yxx.xxx', # Local IP
1 => 'xxx.xxy.xyx.xxy', # Public IP
2 => 'mydomain.com', # Public IP mapped domain name
),
'overwrite.cli.url' => 'https://mydomain.com/nextcloud'Try accessing your cloud with cetified domain name https://domain.com/nextcloud.
That’s it, you are done! You have secured your Nextcloud instance with SSL Certificates
Tune your PHP settings for Nextcloud Performance on Ubuntu
sudo cp /etc/php/8.1/fpm/pool.d/www.conf /etc/php/8.1/fpm/pool.d/www.conf.old
sudo cp /etc/php/8.1/cli/php.ini /etc/php/8.1/cli/php.ini.old
sudo cp /etc/php/8.1/fpm/php.ini /etc/php/8.1/fpm/php.ini.old
sudo cp /etc/php/8.1/apache2/php.ini /etc/php/8.1/apache2/php.ini.old
sudo cp /etc/php/8.1/fpm/php-fpm.conf /etc/php/8.1/fpm/php-fpm.conf.old
sudo sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/8.1/fpm/pool.d/www.conf
sudo sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/8.1/fpm/pool.d/www.conf
sudo sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/8.1/fpm/pool.d/www.conf
sudo sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/8.1/fpm/pool.d/www.conf
sudo sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/8.1/fpm/pool.d/www.conf
sudo sed -i "s/pm.max_children = .*/pm.max_children = 240/" /etc/php/8.1/fpm/pool.d/www.conf
sudo sed -i "s/pm.start_servers = .*/pm.start_servers = 20/" /etc/php/8.1/fpm/pool.d/www.conf
sudo sed -i "s/pm.min_spare_servers = .*/pm.min_spare_servers = 10/" /etc/php/8.1/fpm/pool.d/www.conf
sudo sed -i "s/pm.max_spare_servers = .*/pm.max_spare_servers = 20/" /etc/php/8.1/fpm/pool.d/www.conf
sudo sed -i "s/;pm.max_requests = 500/pm.max_requests = 500/" /etc/php/8.1/fpm/pool.d/www.conf
sudo sed -i "s/output_buffering =.*/output_buffering = Off/" /etc/php/8.1/cli/php.ini
sudo sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/8.1/cli/php.ini
sudo sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/8.1/cli/php.ini
sudo sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/8.1/cli/php.ini
sudo sed -i "s/;upload_tmp_dir =.*/upload_tmp_dir = \/upload_tmp/" /etc/php/8.1/cli/php.ini
sudo sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/8.1/cli/php.ini
sudo sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/8.1/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/8.1/cli/php.ini
sudo sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/8.1/cli/php.ini
sudo sed -i '$aapc.enable_cli = 1' /etc/php/8.1/cli/php.ini
sudo sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/output_buffering =.*/output_buffering = Off/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/;upload_tmp_dir =.*/upload_tmp_dir = \/upload_tmp/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/8.1/fpm/php.ini
sudo sed -i "s/;emergency_restart_threshold =.*/emergency_restart_threshold = 10/" /etc/php/8.1/fpm/php-fpm.conf
sudo sed -i "s/;emergency_restart_interval =.*/emergency_restart_interval = 1m/" /etc/php/8.1/fpm/php-fpm.conf
sudo sed -i "s/;process_control_timeout =.*/process_control_timeout = 10s/" /etc/php/8.1/fpm/php-fpm.conf
sudo sed -i "s/output_buffering =.*/output_buffering = Off/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/;upload_tmp_dir =.*/upload_tmp_dir = \/upload_tmp/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/8.1/apache2/php.ini
sudo sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.enabled=1' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.file_update_protection=2' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.optimization=0' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.shm_size=256M' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.include_once_override=0' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.shm_segments=1' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.ttl=7200' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.user_ttl=7200' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.gc_ttl=3600' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.num_files_hint=1024' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.enable_cli=0' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.max_file_size=5M' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.cache_by_default=1' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.use_request_time=1' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.slam_defense=0' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.mmap_file_mask=/usr/local/tmp/apc/apc.XXXXXX' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.stat_ctime=0' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.canonicalize=1' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.write_lock=1' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.report_autofilter=0' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.rfc1867=0' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.rfc1867_prefix =upload_' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.rfc1867_name=APC_UPLOAD_PROGRESS' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.rfc1867_freq=0' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.rfc1867_ttl=3600' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.lazy_classes=0' /etc/php/8.1/apache2/php.ini
sudo sed -i '$aapc.lazy_functions=0' /etc/php/8.1/apache2/php.ini
sudo sed -i "s/09,39.*/# &/" /etc/cron.d/phpSetup a PHP Garbage clean session cronjob
sudo crontab -eand add the following line
09,39 * * * * /usr/lib/php/sessionclean 2>&1Tune your Nextcloud .htaccess settings for Performance
After a few seconds Nexcloud will be installed and you will be redirected to Nextclouds file app. Please log out directly and make further ammendments. Open the file
sudo -u www-data vi /var/www/html/nextcloud/.htaccessReplace the red ones to your requirements:
...
<IfModule mod_php7.c>
php_value upload_max_filesize 10240M
php_value post_max_size 10240M
php_value memory_limit 512M
php_value mbstring.func_overload 0
php_value default_charset 'UTF-8'
php_value output_buffering 'Off'
<IfModule mod_env.c>
...Configure and enable a Nextcloud cron-job
sudo crontab -u www-data -ePaste the following row
*/15 * * * * php -f /var/www/html/nextcloud/cron.php > /dev/null 2>&1
5 1 * * * php -f /var/www/html/nextcloud/occ files:scan-app-data > /dev/null 2>&1Switch from Ajax to Cron using Nextcloud CLI
sudo -u www-data php /var/www/html/nextcloud/occ background:cronModify the mpm_event.conf
Open the file
sudo vi /etc/apache2/mods-available/mpm_event.confand change the “MaxConnectionsPerChild” value to 1000
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 1000Enable HTTP2
We will enable http2 by issuing the following command
sudo a2enmod http2
sudo service php8.1-fpm restart
sudo service apache2 restartnow create a http2.conf with few settings
sudo vi /etc/apache2/conf-available/http2.confthen paste the following rows
<IfModule http2_module>
Protocols h2 h2c http/1.1
H2Direct on
H2StreamMaxMemSize 5120000000
</IfModule>lastly enable this configuration by issuing
sudo a2enconf http2
sudo service apache2 restartFinally we will secure Apache to a minimum level by disabling Apache status module (as long as you won’t need it in particular) and altering the security.conf
sudo a2dismod status
sudo vi /etc/apache2/conf-available/security.confChange the values to the red ones
ServerTokens Prod
ServerSignature Off
TraceEnable Offand restart PHP, Apache2 and Redis one last time.
sudo service php8.1-fpm restart
sudo service redis-server restart
sudo service apache2 restartNextcloud is fully optimized for performance and already up and running!
Enable Thumbnail / Previews for Videos, Pictures and Documents
Open nextcloud config file
sudo vi /var/www/html/nextcloud/config/config.phpand add the following lines
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
'OC\Preview\Movie',
'OC\Preview\PNG',
'OC\Preview\JPEG',
'OC\Preview\GIF',
'OC\Preview\BMP',
'OC\Preview\XBitmap',
'OC\Preview\MP3',
'OC\Preview\MP4',
'OC\Preview\TXT',
'OC\Preview\MarkDown',
'OC\Preview\PDF'
),Save and close the file, now restart the apache2 server
sudo service apache2 restartGet rid of nextcloud warnings on Ubuntu
Login into nextcloud with your username and password, go to Settings -> Overview -> Security & setup warnings, if you see warnings, follow the below mentioned steps to get rid of them
HSTS header related warning
Add the following line in the SSL server block to enable HSTS header related warning
sudo vi /etc/apache2/sites-available/default-ssl.confand add the following line at the top
Header always set Strict-Transport-Security "max-age=31536000"Save the file and restart the apache2 sever
sudo service apache2 restartNo memory cache has been configured for Nextcloud
To enhance your performance please configure a memcache if available.: Add the following line to the following file
sudo apt install redis-server
redis-server -v
sudo systemctl status redis
sudo systemctl start redis-server
sudo systemctl enable redis-server
sudo apt install php-redis
php --ri redis
sudo phpenmod redis
sudo systemctl reload apache2Open the following file
sudo vi /var/www/html/nextcloud/config/config.phpand add the below lines
#'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.local' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
),and restart the apache2 and php7.4 server
sudo systemctl restart apache2 php8.1-fpmForward secrecy key exchange warning for Nextcloud on Ubuntu
While running SSL Test https://www.ssllabs.com/ssltest/ if you see forward scerecy key exchange warning open the file
sudo vi /etc/apache2/sites-available/default-ssl.confand add the following rows
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"restart the apache2 server
sudo service apache2 restartCaldav and Carddav warning
To get rid of caldav error, add the lines below to the end of the file
sudo vi /etc/apache2/sites-available/nextcloud.confand add the below mentioned lines at the end
Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav /nextcloud/remote.php/davrestart the apache2 server
sudo service apache2 restartThe database is missing some indexes
cd /var/www/html/nextcloud/
sudo -u www-data php occ db:add-missing-indicesCoversion to Big Int
Some columns in the database are missing a conversion to big int. Due to the fact that changing column types on big tables could take some time they were not changed automatically
cd /var/www/html/nextcloud/
sudo -u www-data php occ maintenance:mode --on
sudo -u www-data php occ db:convert-filecache-bigint
sudo -u www-data php occ maintenance:mode --offGet rid of nextcloud warnings
Webfinger and Nodeinfo Warning
If you see the following warning after upgrading or installing Nextcloud 21.0.3
Your web server is not properly set up to resolve “/.well-known/webfinger”. Further information can be found in the documentation.
Your web server is not properly set up to resolve “/.well-known/nodeinfo”. Further information can be found in the documentation
Open the file
sudo vi etc/apache2/sites-available/nextcloud.confand add the lines
Redirect 301 /.well-known/webfinger /nextcloud/index.php/.well-known/webfinger
Redirect 301 /.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfoRestart the apache2 server
sudo service apache2 restartDatabase missing Indexes
If you see the following warning after upgrading or installing Nextcloud 21.0.3
The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically. By running “occ db:add-missing-indices” those missing indexes could be added manually while the instance keeps running. Once the indexes are added queries to those tables are usually much faster.
Missing index “fs_size” in table “oc_filecache”
Go to the following directory
cd /var/www/html/nextcloud/and run the following command
sudo -u www-data ./occ db:add-missing-indicesRestart the apache2 server
sudo service apache2 restartInstallation has no default region
If you see the following warning after upgrading or installing Nextcloud
Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add “default_phone_region” with the respective ISO 3166-1 code ↗ of the region to your config file
Open the nextcloud config file
sudo vi /var/www/html/nextcloud/config/config.phpand add the following line before the last line
'default_phone_region' => 'IN',Restart the apache2 server
sudo service apache2 restart
Recent Comments