Skip to main content

Teil 3: Downloading, installing and configuring Nextcloud

Objective of This Section

In this section, we install Nextcloud completely on the prepared Debian 13 system. We set up the LAMP stack, configure Apache and PHP specifically for Nextcloud, integrate the data directory outside the webroot, and complete the installation including essential optimizations.

At the end of this section:

  • Nextcloud is running under cloud.zn80.net
  • All user data is stored cleanly under /srv/cloud.zn80.net/data
  • The database is secured and properly connected
  • Caching, proxy operation, and optional performance features are prepared

Important Security Notice

For secure operation on the public internet, a reverse proxy with HTTPS is mandatory (e.g., Nginx Proxy Manager, Traefik, or a standalone Nginx setup with Let’s Encrypt).

Without HTTPS (and HSTS), it is strongly discouraged to expose the Nextcloud instance beyond the local network. You may operate it internally first and enable external access later with a proxy and certificate at any time.

Further information:

  • Nextcloud Admin Documentation: HTTPS Setup & Server Hardening
  • Nextcloud Admin Documentation: SSL/TLS Configuration
  • Let’s Encrypt Official Website

Update the System

Before beginning the installation, ensure the system is fully up to date:

sudo apt update && sudo apt full-upgrade -y

Install and Secure MariaDB

Install the database server and client:

sudo apt install mariadb-server mariadb-client-compat

Enter the MariaDB shell and create the Nextcloud database:

sudo mariadb

Inside the MariaDB shell:

CREATE DATABASE nextcloud;
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY '<DATABASE_PASSWORD>';
FLUSH PRIVILEGES;
EXIT;

Secure the MariaDB installation:

sudo mysql_secure_installation
  • unix_socket authentication: n
  • Set root password: Y
  • Remove anonymous users: Y
  • Disallow remote root login: Y
  • Remove test database: Y
  • Reload privilege tables: Y

Install Apache, PHP, and Required Extensions

Install Apache indirectly via PHP packages along with all required extensions:

sudo apt install imagemagick-7.q16 php php-apcu php-bcmath php-cli php-common php-curl php-gd php-gmp php-imagick php-intl php-mbstring php-mysql php-zip php-bz2 php-xml

Enable required PHP modules:

sudo phpenmod apcu bcmath gmp imagick intl unzip

Ensure unzip and wget are installed:

sudo apt install unzip wget

Download and Prepare Nextcloud

Download and extract the latest Nextcloud version:

wget https://download.nextcloud.com/server/releases/latest.zip
unzip latest.zip

Rename the extracted directory to the service FQDN and move it into Apache’s web directory:

mv nextcloud cloud.zn80.net
sudo chown -R www-data:www-data cloud.zn80.net
sudo mv cloud.zn80.net /var/www/

Disable the Apache default site:

sudo a2dissite 000-default.conf

Enable required Apache modules:

sudo a2enmod dir env headers mime rewrite ssl
sudo systemctl restart apache2

Note: Instead of latest.zip, specific previous versions (e.g., nextcloud-29.zip or nextcloud-30.zip) can be downloaded from the official release archive if required for compatibility reasons. However, running outdated versions on the public internet is not recommended.

Create Apache Virtual Host for Nextcloud

Create the configuration file:

sudo nano /etc/apache2/sites-available/cloud.zn80.net.conf

Insert the following content:

<VirtualHost *:80>
    ServerAdmin mail@example.com
    DocumentRoot "/var/www/cloud.zn80.net"
    ServerName cloud.zn80.net

    <Directory "/var/www/cloud.zn80.net/">
        Options FollowSymLinks
        AllowOverride All
        Header always set Referrer-Policy "no-referrer"
        Require all granted
        SetEnv HOME /var/www/cloud.zn80.net
        SetEnv HTTP_HOME /var/www/cloud.zn80.net
    </Directory>

    TransferLog /var/log/apache2/cloud.zn80.net_access.log
    ErrorLog /var/log/apache2/cloud.zn80.net_error.log
</VirtualHost>

Do not enable the site yet.

Optimize PHP for Nextcloud

Edit PHP configuration:

sudo nano /etc/php/8.4/apache2/php.ini

Adjust the following values:

memory_limit = 512M
upload_max_filesize = 200M
post_max_size = 200M
max_execution_time = 360
date.timezone = Europe/Amsterdam

opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1

Enable the site and restart Apache:

sudo a2ensite cloud.zn80.net.conf
sudo systemctl restart apache2

Enable APCu for CLI:

sudo nano /etc/php/8.4/mods-available/apcu.ini

Append:

apc.enable_cli=1

Restart Apache again:

sudo systemctl restart apache2

Prepare the Data Directory

The Nextcloud data directory must not be located inside the webroot.

Ensure the mount point exists:

sudo mkdir -p /srv/cloud.zn80.net

Test mounting:

sudo mount -a
df -h /srv/cloud.zn80.net

Create the actual data directory and apply secure permissions:

sudo mkdir /srv/cloud.zn80.net/data
sudo chown -R www-data:www-data /srv/cloud.zn80.net/data
sudo chmod -R 750 /srv/cloud.zn80.net/data

Web-Based Nextcloud Installation

Open in your browser:

http://cloud.zn80.net

Provide the following:

Admin user:

  • Username: nextcloud_admin
  • Password: secure custom password

Data directory:

/srv/cloud.zn80.net/data

Database:

  • User: nextcloud
  • Database: nextcloud
  • Password: database password
  • Server: localhost:3306

After installation, return to the command line.

Post-Installation Optimizations

Optimize the Nextcloud Database

Temporarily make the occ CLI tool executable:

sudo chmod +x /var/www/cloud.zn80.net/occ

Add missing database indices:

sudo /var/www/cloud.zn80.net/occ db:add-missing-indices

Run repair tasks:

sudo /var/www/cloud.zn80.net/occ maintenance:repair --include-expensive

Remove executable permission again:

sudo chmod -x /var/www/cloud.zn80.net/occ

Secure configuration file:

sudo chown root:www-data /var/www/cloud.zn80.net/config/config.php
sudo chmod 660 /var/www/cloud.zn80.net/config/config.php

Configure Trusted Proxies, Domains, and Caching

Edit configuration file:

sudo nano /var/www/cloud.zn80.net/config/config.php

Add:

'trusted_proxies' => [
    '192.168.10.105',
],

'trusted_domains' => [
    'cloud.zn80.net',
    '192.168.10.120',
],

'overwrite.cli.url' => 'https://cloud.zn80.net',
'overwriteprotocol' => 'https',
'memcache.local' => '\\OC\\Memcache\\APCu',
'default_phone_region' => 'DE',

Run repair command:

sudo -u www-data php occ maintenance:repair

Install Redis (Optional, Recommended)

Install:

sudo apt install redis-server php-redis

Add configuration in config.php:

'filelocking.enabled' => true,
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => [
    'host' => '/run/redis/redis-server.sock',
    'port' => 0,
    'timeout' => 0.0,
],

Restart services:

sudo systemctl restart redis
sudo systemctl restart apache2

The Nextcloud installation is now complete and properly configured.

In Part 4, additional security hardening and recommended configuration adjustments will be implemented.

No comments to display

Back to top