How to install NextCloud 18 on Ubuntu 16.04/18.04/19.04/19.10

NextCloud Ubuntu Logo

NextCloud is a Dropbox-like solution for self-hosted file sharing and syncing. Installing NextCloud 18 on Ubuntu is trivial. Whether you want to backup, have file-syncing or just have a Google Calendar alternative, this guide is for you.

What is NextCloud? Is it like a “cloud”?

cloud computing

If you stumbled here by chance and don’t know what NextCloud is, here is an article explaining its principal features and advantages/disadvantages. In this other article you can find NextCloud 18 new features. To tell you the truth, NextCloud is a SaaS cloud, if you want to know more about cloud types you can read this article.

In this article we will cover the installation of the server (not the client).

What’s the newest version?

The newest version of this tutorial is the following:

Looking for an earlier version of this tutorial?

Step 1: Install software

Important
I take NO responsibility of what you do with your machine; use this tutorial as a guide and remember you can possibly cause data loss if you touch things carelessly.

The first step in order to install NextCloud 18 is to install a web server and PHP. Although you can adapt this guide for many Ubuntu versions I suggest you to stick with Ubuntu 18.04 or higher since PHP7 is included. PHP7 brings many improvements over the past versions and will boost NextCloud too, as a matter of fact PHP7 is required since NextCloud 11. You will need root access during this procedure. The following procedure will install apache as webserver. Input the commands one by one to avoid errors!

Ubuntu >= 18.04Ubuntu >= 16.04

Open a terminal and input the following commands:

# apt-get install apache2 php7.2 bzip2
# apt-get install libapache2-mod-php php-gd php-json php-mysql php-curl php-mbstring
# apt-get install php-intl php-imagick php-xml php-zip

Open a terminal and input the following commands:

# apt-get install apache2 php7.0 bzip2
# apt-get install libapache2-mod-php php-gd php-json php-mysql php-curl php-mbstring
# apt-get install php-intl php-mcrypt php-imagick php-xml php-zip

Step 2: Database selection

Now that you have set up the environment, all that is left is to choose a database that will support the installation. You have three choices:

  • SQLite: is a single-file database. It is suggested only for small installations since it will slow NextCloud down sensibly.
  • MariaDB/MySQL: are popular open source databases especially amongst web developers. It is the suggested choice.
  • PostgreSQL: a popular enterprise-class database. More complicated than MySQL/MariaDB.

Now, this choice won’t really alter the functionality of NextCloud (except if you use SQLite), so pick whatever you know best. If you’re unsure pick MariaDB/MySQL.

SQLiteMySQL/MariaDBPostgreSQL

Install the software:

# apt-get install sqlite3 php-sqlite3

Install the software:

# apt-get install mariadb-server php-mysql

Or if you prefer MySQL:

# apt-get install mysql-server php-mysql

During the installation you will be prompted to choose a root password, pick a strong one. If you’re not prompted to choose a password, the default one will be blank. (This is potentially insecure, change it!)

Next you need to enable 4-byte support (for emoji):

# echo -e "[mysqld]\ninnodb_large_prefix=true\ninnodb_file_format=barracuda\ninnodb_file_per_table=1" >> /etc/mysql/conf.d/00-innodb.cnf

Now you need to enter the database (you will be asked the password you just set):

$ mysql -u root -p

In order to enable 4-byte support you must also set the default file format for InnoDB to Barracuda:

SET GLOBAL innodb_file_format=Barracuda;

Now that you are in create a database:

CREATE DATABASE nextcloud;

Now you need to create the user that will be used to connect to the database:

CREATE USER 'nc_user'@'localhost' IDENTIFIED BY 'YOUR_PASSWORD_HERE';

The last step is to grant the privileges to the new user:

GRANT ALL PRIVILEGES ON nextcloud.* TO 'nc_user'@'localhost';
FLUSH PRIVILEGES;

When you’re done type Ctrl-D to exit.

Install the software:

# apt-get install postgresql php-pgsql

Now you need to enter the database:

$ sudo -u postgres psql

Now that you are in create a database:

CREATE DATABASE nextcloud;

Now you need to create the user that will be used to connect to the database:

CREATE USER nc_user WITH PASSWORD 'YOUR_PASSWORD_HERE';

The last step is to grant the privileges to the new user:

GRANT ALL PRIVILEGES ON DATABASE nextcloud to nc_user;

When you’re done type \q and press enter to exit.

Step 3: Install NextCloud

The last step is to actually get the software, configure it and run it.

Ubuntu

With these step we download the software and extract it:

# cd /var/www
# wget https://download.nextcloud.com/server/releases/latest-18.tar.bz2 -O nextcloud-18-latest.tar.bz2
# tar -xvjf nextcloud-18-latest.tar.bz2
# chown -R www-data:www-data nextcloud
# rm nextcloud-18-latest.tar.bz2

Now we need to create a new file in /etc/apache2/sites-available/nextcloud.conf . Feel free to use whatever editor you feel comfortable with and add the following lines:

Alias /nextcloud "/var/www/nextcloud/"

<Directory /var/www/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud

</Directory>

Once done it’s time to enable the new site, enable apache mods that are needed by NextCloud and raise PHP’s memory limit:

# a2ensite nextcloud
# a2enmod rewrite headers env dir mime
# sed -i '/^memory_limit =/s/=.*/= 512M/' /etc/php/7.2/apache2/php.ini
# systemctl restart apache2

Step 4: Configuring firewall

This step is essential when your firewall is enabled. If your firewall is enabled you won’t be able to access your NextCloud 18 instance; on the other hand if it isn’t enabled you shouldn’t have any problems and you can simply skip this step.

Tip!
Keep in mind having a firewall enabled is a good security practice and you should already have one enabled.

In order for the firewall to work, it must be enabled. This guide will not include this part. When you enable a firewall many things can go wrong, e.g. you’re using SSH, you enable the firewall and your connection is cut and can’t connect otherwise, hence you should carefully review the documentation from your distribution.

To open the ports needed by NextCloud 18 follow these steps:

UFWIPtables

UFW is the default firewall in Ubuntu, if you’re using one, you’re probably using UFW.

# ufw allow http
# ufw allow https

IPtables is an older firewall (still widely used), if you’re not using UFW you can use IPtables directly.

# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

Step 5: Install

Once you’re done with selecting the database, it’s time to install everything. Head to http://YOUR_IP_ADDRESS/nextcloud/ and you will be facing the following screen:

NextCloud 18 installation screen
NextCloud 18 installation

Select an administrator username and password, then you can select the data folder, but if you don’t know what you’re doing it’s best if you leave it with the default value. Then click on “Storage & Database” to select the database you chose during step 2. Fill everything and if you’ve followed all the steps correctly you should be seeing the following screen, after a short while you will be redirected to the second screen:

NextCloud18 during the installation of apps
NextCloud18 installing apps
NextCloud 18 Files app
NextCloud 18 Files app

Step 6: Enable Caching (suggested)

NextCloud is good but it can be very slow if you don’t configure a caching solution. There are two caching solutions covered in this guide:

  • PHP OPcache: a PHP inbuilt cache solution that speeds up scripts execution.
  • Redis server: a fast in-memory key-value store that speeds up everything in NextCloud.

Enabling OPcache

Ubuntu

Open a terminal and input the following commands:

# apt-get install php-opcache

Now you need to edit a file located at /etc/php/7.2/apache2/conf.d/10-opcache.ini . Replace 7.2 with the version of PHP you have installed. With your favorite editor, edit the file adding the missing lines:

; configuration for php opcache module
; priority=10
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

These values are suggested by NextCloud, but you’re free to tweak them to suit your needs. Once you’re done you can restart apache:

# systemctl restart apache2

Installing and configuring Redis

Ubuntu

Open a terminal and input the following commands:

# apt-get install redis-server php-redis

Now you must configure NextCloud to use Redis. To do so you need to edit the NextCloud configuration file located at /var/www/nextcloud/config/config.php . The file will look like this, add the highlighted lines:

<?php
$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' =>
    array (
          0 => 'YOUR_IP',
    ),
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '15.0.0.10',
  'overwrite.cli.url' => 'http://YOUR_IP/nextcloud',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nc_user',
  'dbpassword' => 'YOUR_PASSWORD_HERE',
  'installed' => true,
  'memcache.locking' => '\OC\Memcache\Redis',
  'memcache.distributed' => '\OC\Memcache\Redis',
  'memcache.local' => '\OC\Memcache\Redis',
  'redis' => [
  'host' => 'localhost',
    'port' => 6379,
    'timeout' => 3,
  ],
);

These settings will enable NextCloud to use Redis for caching and file locks. Of course these settings are just an example, you can tweak them to suit your needs.

Lastly, restart the webserver:

# systemctl restart apache2

Step 7: Expose NextCloud to Internet (optional)

Important
Hosting applications available to the Internet is potentially dangerous. In order to keep your applications safe you need to be proficient in system security and to follow security best practices.

Most people will want to access their files from whatever location they are. To do so, your newly created NextCloud instance needs to be connected to the Internet.

Given that you need to take care of port-forwarding (if you’re a home user) and domain configuration (which varies according to your provider), here you can find the instructions to create a virtual host with Apache.

Ubuntu

Using your favorite text editor, edit the file we created previously at /etc/apache2/sites-available/nextcloud.conf . And make it look like this:

<VirtualHost *:80>
  ServerName YOURDOMAIN.TLD
  ServerAdmin [email protected]
  DocumentRoot /var/www/nextcloud

  <directory /var/www/nextcloud>
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews
    SetEnv HOME /var/www/nextcloud
    SetEnv HTTP_HOME /var/www/nextcloud
  </directory>
</VirtualHost>

It is important to set ServerName according to a domain you own and have configured correctly. Now you need to add YOURDOMAIN.TLD to the trusted domains in the NextCloud config file. You can do so with the following command:

$ sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 2 --value=YOURDOMAIN.TLD

Once you complete this step you won’t be able to access NextCloud through http://YOUR_IP_ADDRESS/nextcloud anymore. Instead you will be able to access it through http://YOURDOMAIN.TLD (notice /nextcloud is gone).

Lastly, restart the webserver:

# systemctl restart apache2

Step 8: Get a free SSL certificate with Let’s Encrypt! (SUGGESTED!)

Now that you have your NextCloud instance up and running you’re good to go, but beware: you’re not safe. Internet is a dangerous place for your data and you will most likely need an SSL certificate to ensure your communications are encrypted. Provided you own a domain name you can get one for free using Let’s Encrypt! No catches, free forever.

Warning!
Let’s Encrypt has rate limits in place to prevent inappropriate usage of the CA. There’s a limit on the numbers of attempts you can do before getting a temporary ban. During this setup, if things go wrong, I suggest you to use the –staging option to avoid the temporary ban. The –staging option will use a testing server and will not issue valid certificates. When you have completed the procedure against the test server successfully, you can remove the –staging option to obtain the real certificate.
Ubuntu

Open a terminal and input the following commands:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 

Now you will run the command to install a certificate, follow the procedure and you will get everything configured out of the box:

$ sudo certbot --apache

Lastly, restart the webserver:

# systemctl restart apache2

If you need further help you can follow my other tutorial on Let’s Encrypt on Ubuntu (the apache part).

Image courtesy of mark | marksei
mark

You may also like...

18 Responses

  1. disqus_Fs8H3a8NhI says:

    firstly, thank you for the guide. It’s been very helpful.

    There is a security recommendation from Nextcloud advising “The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds.” The link below suggest how this can be achieved. Unfortuately I’m unsure how to make the setting change in apache. From your guide I assume I’d edit the file located in “/etc/apache2/sites-available/nextcloud.conf”. Are you, or one of your readers, able to make a suggestion on how to implentment this change? I’ll read up on doing this myself, but thought I’d ask here too.

    https://docs.nextcloud.com/server/18/admin_manual/installation/harden_server.html#enable-http-strict-transport-security

    • Nano Bascón says:

      Have you found a solution?

      • disqus_Fs8H3a8NhI says:

        No, I’m not sure of formatting.

        I also got a little side tracked trying to disable the use of tlsv1 and 1.1.

    • mark says:

      Hello, sorry for my delay! The thing you’re referring to is a hardening practice, if you’re not exposing your service to the Internet and/or not trusted networks you should be fine. You also guessed right, you can add the part between inside the directory directive or, if you’ve followed step 7, directly within the virtualhost directory!

  2. Nano Bascón says:

    A query:
    How can I access the public address locally? That is, instead of putting 10.1.10.10, put cloud.example.com in local and be able to access the same. Right now I can only access it through the lan.

    • mark says:

      Hello Nano, do you want to use a domain name locally, have I got it right? In order to do that you should have some form of name service in your local area (DNS, NMB, Wins or hosts files). In that case you should simply follow the 7th step of my guide, and insert such name in the ServerName directive.

      • Nano Bascón says:

        I have already solved it, it was foolishness that my mikrotik did not respond to the dns and apart I modified the hosts file of the Debian vm where I have mounted the nextcloud.
        Thank you very much for your time, I say reading

  3. Nitesh Gaba says:

    Thanks for the guide, it was helpful. Could you please help me Caddy Reverse proxy setup?

  4. Daniel says:

    Hi Mark, Thanks for this write up, I was able to get everything setup and working. I wanted to inquire about step 7. I want to be able to keep my connection to my NextCloud instance as http://www.mydomain.com/nextcloud as I already have something at http://www.mydomain.com. How would you recommend doing this? Thanks in advance.

    • mark says:

      Hello Daniel, thank you for using this guide : ) You have multiple ways to do the following, however I suggest to keep the webserver already running instead of spawning multiple. Since you’re now using only one server there are two ways to use NC within a subdirectory:
      – you can place the software inside a directory “nextcloud” within the document root of the server (or of the virtualhost, depending on your setup)

      – you can keep the virtualhost and set the documentroot to the parent folder of nextcloud

      The second solution is stretching the use-case of virtual hosts and will require additional tweaking.

  5. suscpit says:

    Hello Mark,
    Thank you for this awesome tutorial, after a lot of other guides and unsuccessful installs I found your site and now everything is running smooth. Cheers to that!

  6. pachuco says:

    Thanks Mark, this is a great tutorial. I ran into two issues that are easy to solve if people also run into:

    If you are setting this from a clean server and run into issues when obtaining the certificate chances are that you need to disable the default virtual host ‘sudo a2dissite 000-default.conf’. Then certboot will work.
    At the end of this tutorial onlyoffce becomes crippled (“ONLYOFFICE cannot be reached. Please contact admin”) due to the virtual server changes on step 7. The solution is to edit the “Document Editing Service address” in the settings of the onlyoffice app on NC: https://yourdomein.tld/index.php/apps/documentserver_community/

    • mark says:

      Hello pachuco, thank you for the time you put into describing the issues and how to fix them. Strangely I don’t seem to run in these two issues whenever I write a new version of this tutorial or review existing ones. I will investigate on the two trying to reproduce them in my environment. Thank you for using my guide!

  7. Alex says:

    Thanks man, great article, it helped me a lot.

  8. Ildefonso Bascón says:

    Hello one question.
    I have several nextcloud on the same dedicated server. So that they all work normally I redirect ports 443 and 80. But what I want to do is that they can enter directly without putting the port. Do you know where I have to modify it?
    It is of great help to me.
    I hope your answer.

    • mark says:

      Hello Ildefonso, the only way (I’m aware of) to avoid specifying the port is to use either port 80 or 443 (standard web ports for HTTP/S). Since you have multiple instances you’re probably doing something randomport1/2->80,443 of instance1; randomport3/4->80,443 of instance2. A common solution to this “problem” is to use name-based virtual hosts. You can see an example of virtual host in Step 7. The most important part is the ServerName directive. In the example only port 80 is covered (port 443 is taken care of by Certbot), you will need to do the same for port 443. In order to achieve such setup you will need one or more domain names or use subdomains and DNS accordingly.

  9. Daniel Rivera says:

    Hi mark,

    Do you have a guide on how to upgrade from nextcloud 17 to 18? i followed your guide a while back to install nextcloud 17 but when trying to upgrade in nextcloud to version 18 i get a page that states “Step 4 is currently in process. Please reload this page later.” so i figure i can just update manually but cannot find instructions anywhere as detailed as yours which is perfect for the linux noob that i am. can you help me please.

    • mark says:

      Hello Daniel, I’m humbled by your compliments. Unfortunately upgrading from 17 to 18 has proved quite troublesome for many users, mostly because the update is massive and there’s the document server, there is no bulletproof way to upgrade NC 17 to 18 without hiccups, your best bet is looking at the logs.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: