Nextcloud Installation

Preparation

Change root password

passwd

Update keys if needed

rm /etc/ssh/ssh_host_* && dpkg-reconfigure openssh-server

Update system

apt update && apt upgrade && apt dist-upgrade && apt autoremove

Install nano-editor

apt install nano

Setup for Nextcloud

These variables need to be adapted for your nextcloud instance

  • URL of Cloud: <www.mycloud.com>
  • Existing MySQL Root Password: <oldmysqlrootpassword>
  • New MySQL Root Password: <mysqlrootpassword>
  • Password of database user nextcloud: <ncdbpassword>
  • Admin user of Nextcloud: <ncwebadmin>
  • Password of admin user of Nextcloud: <ncwebadminpassword>

Install new packages

apt install apache2 mysql-server libapache2-mod-php php-gd php-json php-mysql php-curl php-intl php-mcrypt php-imagick php-dom php-zip php-mbstring php-apcu python-letsencrypt-apache unzip

If needed change mysql root password

mysqladmin -u root -p <oldmysqlrootpassword> password <mysqlrootpassword>

Create nextcloud user and database

mysql -u root -p
<mysqlrootpassword>
create database nextcloud;
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY '<ncdbpassword>';
grant all on nextcloud.* to 'nextcloud'@'localhost';
quit;

Get and install nextcloud (if needed check for newer version)

mkdir /var/www/ncdata
chown www-data:www-data /var/www/ncdata -R
wget https://download.nextcloud.com/server/releases/nextcloud-11.0.0.zip
unzip nextcloud-11.0.0.zip
mv nextcloud /var/www/html/cloud
chown www-data:www-data /var/www/html/cloud/ -R
rm nextcloud-11.0.0.zip

Get certificate from letsencrypt

letsencrypt --apache -d <www.mycloud.com>
letsencrypt renew

Enable apache modules

a2enmod rewrite
a2enmod headers
a2enmod env
a2enmod dir
a2enmod mime
a2enmod setenvif
a2enmod ssl

Edit php.ini file

nano /etc/php/7.0/apache2/php.ini

Change the following values

  memory_limit = 512M
  upload_max_filesize = 16G
  post_max_size = 16G
  max_input_time 3600
  max_execution_time 3600

php.ini

Edit apache config file

nano /etc/apache2/sites-available/000-default-le-ssl.conf

Append 

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</IfModule>

000-default-le-ssl.conf

Restart apache server

service apache2 restart

Edit nextcloud config file

nano /var/www/html/nextcloud/config/config.php

Add 2 lines

  'memcache.local' => '\OC\Memcache\APCu',
  'enable_previews' => 'false',

config.php

Edit crontab

crontab -u www-data -e

Append new entry

*/15  *  *  *  * php -f /var/www/html/cloud/cron.php

crontab

Edit crontab

crontab -e

Append new entry

30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log

crontab

Perform security test via browser

https://www.ssllabs.com/ssltest/analyze.html?d=<www.mycloud.com>&hideResults=on&latest

Email Setup

These variables need to be adapted for your nextcloud instance

  • Mail account: <cloudadmin@gmx.net>
  • Password of mail account: <mailpassword>
  • Receipient of mail: <to@mail.com>

Setup of mstmp

Install msmtp

apt-get install msmtp

Modify configuration file

nano ~/.msmtprc

Enter

# config options: http://msmtp.sourceforge.net/doc/msmtp.html#A-user-configuration-file
defaults
logfile /tmp/msmtp.log

# settings for cloudadmin
account cloudadmin
auth on
host mail.gmx.net
port 587
user <cloudadmin@gmx.net>
from <cloudadmin@gmx.net>
password <mailpassword>
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt

# set default account to
account default: cloudadmin

.msmtprc

Change access rights to configuration file to protect password for other users

chmod 600 ~/.msmtprc

Setup of mailx

Install mailx

apt-get install heirloom-mailx

Modify configuration file

nano ~/.mailrc

Enter

# set smtp for mailx

# (default)
set from="NextCloud"
set sendmail="/usr/bin/msmtp"
set message-sendmail-extra-arguments="-a cloudadmin"

account cloud {
  set from="NextCloud"
  set sendmail="/usr/bin/msmtp"
  set message-sendmail-extra-arguments="-a cloudadmin"
}

account monitoring {
  set from="NextCloud Monitoring"
  set sendmail="/usr/bin/msmtp"
  set message-sendmail-extra-arguments="-a cloudadmin"
}

.mailrc

Send test mail

echo "This is a test mail from your NextCloud" | mailx -A cloud -s "NextCloud Test Mail" <to@mail.com>
echo "This is a test mail from your NextCloud-Monitoring" | mailx -A monitoring -s "NextCloud-Monitoring Test Mail" <to@mail.com>

Setup of Weekly Disk Usage Status Mail

Edit crontab

crontab -e

Append new entry

0 0 * * 0 df | mailx -A monitoring -s "NextCloud Info - Disk Usage Status" <to@mail.com>  &> /dev/null

crontab