NextCloud is a Dropbox-like solution for self-hosted file sharing and syncing. Installing NextCloud 18 on Ubuntu is trivial. Whether you want to backup, have file-syncing or just have a Google Calendar alternative, this guide is for you.
What is NextCloud? Is it like a “cloud”?
If you stumbled here by chance and don’t know what NextCloud is, here is an article explaining its principal features and advantages/disadvantages. In this other article you can find NextCloud 18 new features. To tell you the truth, NextCloud is a SaaS cloud, if you want to know more about cloud types you can read this article.
In this article we will cover the installation of the server (not the client).
What’s the newest version?
The newest version of this tutorial is the following:
I take NO responsibility of what you do with your machine; use this tutorial as a guide and remember you can possibly cause data loss if you touch things carelessly.
The first step in order to install NextCloud 18 is to install a web server and PHP. Although you can adapt this guide for many Ubuntu versions I suggest you to stick with Ubuntu 18.04 or higher since PHP7 is included. PHP7 brings many improvements over the past versions and will boost NextCloud too, as a matter of fact PHP7 is required since NextCloud 11. You will need root access during this procedure. The following procedure will install apache as webserver. Input the commands one by one to avoid errors!
Now that you have set up the environment, all that is left is to choose a database that will support the installation. You have three choices:
SQLite: is a single-file database. It is suggested only for small installations since it will slow NextCloud down sensibly.
MariaDB/MySQL: are popular open source databases especially amongst web developers. It is the suggested choice.
PostgreSQL: a popular enterprise-class database. More complicated than MySQL/MariaDB.
Now, this choice won’t really alter the functionality of NextCloud (except if you use SQLite), so pick whatever you know best. If you’re unsure pick MariaDB/MySQL.
SQLiteMySQL/MariaDBPostgreSQL
Install the software:
# apt-get install sqlite3 php-sqlite3
Install the software:
# apt-get install mariadb-server php-mysql
Or if you prefer MySQL:
# apt-get install mysql-server php-mysql
During the installation you will be prompted to choose a root password, pick a strong one. If you’re not prompted to choose a password, the default one will be blank. (This is potentially insecure, change it!)
Next you need to enable 4-byte support (for emoji):
Now you need to enter the database (you will be asked the password you just set):
$ mysql -u root -p
In order to enable 4-byte support you must also set the default file format for InnoDB to Barracuda:
SET GLOBAL innodb_file_format=Barracuda;
Now that you are in create a database:
CREATE DATABASE nextcloud;
Now you need to create the user that will be used to connect to the database:
CREATE USER 'nc_user'@'localhost' IDENTIFIED BY 'YOUR_PASSWORD_HERE';
The last step is to grant the privileges to the new user:
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nc_user'@'localhost';
FLUSH PRIVILEGES;
When you’re done type Ctrl-D to exit.
Install the software:
# apt-get install postgresql php-pgsql
Now you need to enter the database:
$ sudo -u postgres psql
Now that you are in create a database:
CREATE DATABASE nextcloud;
Now you need to create the user that will be used to connect to the database:
CREATE USER nc_user WITH PASSWORD 'YOUR_PASSWORD_HERE';
The last step is to grant the privileges to the new user:
GRANT ALL PRIVILEGES ON DATABASE nextcloud to nc_user;
When you’re done type \q and press enter to exit.
Step 3: Install NextCloud
The last step is to actually get the software, configure it and run it.
Ubuntu
With these step we download the software and extract it:
# cd /var/www
# wget https://download.nextcloud.com/server/releases/latest-18.tar.bz2 -O nextcloud-18-latest.tar.bz2
# tar -xvjf nextcloud-18-latest.tar.bz2
# chown -R www-data:www-data nextcloud
# rm nextcloud-18-latest.tar.bz2
Now we need to create a new file in /etc/apache2/sites-available/nextcloud.conf . Feel free to use whatever editor you feel comfortable with and add the following lines:
Alias /nextcloud "/var/www/nextcloud/"
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
Once done it’s time to enable the new site, enable apache mods that are needed by NextCloud and raise PHP’s memory limit:
This step is essential when your firewall is enabled. If your firewall is enabled you won’t be able to access your NextCloud 18 instance; on the other hand if it isn’t enabled you shouldn’t have any problems and you can simply skip this step.
Tip!
Keep in mind having a firewall enabled is a good security practice and you should already have one enabled.
In order for the firewall to work, it must be enabled. This guide will not include this part. When you enable a firewall many things can go wrong, e.g. you’re using SSH, you enable the firewall and your connection is cut and can’t connect otherwise, hence you should carefully review the documentation from your distribution.
To open the ports needed by NextCloud 18 follow these steps:
UFWIPtables
UFW is the default firewall in Ubuntu, if you’re using one, you’re probably using UFW.
# ufw allow http
# ufw allow https
IPtables is an older firewall (still widely used), if you’re not using UFW you can use IPtables directly.
Once you’re done with selecting the database, it’s time to install everything. Head to http://YOUR_IP_ADDRESS/nextcloud/ and you will be facing the following screen:
NextCloud 18 installation
Select an administrator username and password, then you can select the data folder, but if you don’t know what you’re doing it’s best if you leave it with the default value. Then click on “Storage & Database” to select the database you chose during step 2. Fill everything and if you’ve followed all the steps correctly you should be seeing the following screen, after a short while you will be redirected to the second screen:
NextCloud18 installing appsNextCloud 18 Files app
Step 6: Enable Caching (suggested)
NextCloud is good but it can be very slow if you don’t configure a caching solution. There are two caching solutions covered in this guide:
PHP OPcache: a PHP inbuilt cache solution that speeds up scripts execution.
Redis server: a fast in-memory key-value store that speeds up everything in NextCloud.
Enabling OPcache
Ubuntu
Open a terminal and input the following commands:
# apt-get install php-opcache
Now you need to edit a file located at /etc/php/7.2/apache2/conf.d/10-opcache.ini . Replace 7.2 with the version of PHP you have installed. With your favorite editor, edit the file adding the missing lines:
These values are suggested by NextCloud, but you’re free to tweak them to suit your needs. Once you’re done you can restart apache:
# systemctl restart apache2
Installing and configuring Redis
Ubuntu
Open a terminal and input the following commands:
# apt-get install redis-server php-redis
Now you must configure NextCloud to use Redis. To do so you need to edit the NextCloud configuration file located at /var/www/nextcloud/config/config.php . The file will look like this, add the highlighted lines:
These settings will enable NextCloud to use Redis for caching and file locks. Of course these settings are just an example, you can tweak them to suit your needs.
Lastly, restart the webserver:
# systemctl restart apache2
Step 7: Expose NextCloud to Internet (optional)
Important
Hosting applications available to the Internet is potentially dangerous. In order to keep your applications safe you need to be proficient in system security and to follow security best practices.
Most people will want to access their files from whatever location they are. To do so, your newly created NextCloud instance needs to be connected to the Internet.
Given that you need to take care of port-forwarding (if you’re a home user) and domain configuration (which varies according to your provider), here you can find the instructions to create a virtual host with Apache.
Ubuntu
Using your favorite text editor, edit the file we created previously at /etc/apache2/sites-available/nextcloud.conf . And make it look like this:
<VirtualHost *:80>
ServerName YOURDOMAIN.TLD
ServerAdmin [email protected]
DocumentRoot /var/www/nextcloud
<directory /var/www/nextcloud>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</directory>
</VirtualHost>
It is important to set ServerName according to a domain you own and have configured correctly. Now you need to add YOURDOMAIN.TLD to the trusted domains in the NextCloud config file. You can do so with the following command:
Once you complete this step you won’t be able to access NextCloud through http://YOUR_IP_ADDRESS/nextcloud anymore. Instead you will be able to access it through http://YOURDOMAIN.TLD (notice /nextcloud is gone).
Lastly, restart the webserver:
# systemctl restart apache2
Step 8: Get a free SSL certificate with Let’s Encrypt! (SUGGESTED!)
Now that you have your NextCloud instance up and running you’re good to go, but beware: you’re not safe. Internet is a dangerous place for your data and you will most likely need an SSL certificate to ensure your communications are encrypted. Provided you own a domain name you can get one for free using Let’s Encrypt! No catches, free forever.
Warning!
Let’s Encrypt has rate limits in place to prevent inappropriate usage of the CA. There’s a limit on the numbers of attempts you can do before getting a temporary ban. During this setup, if things go wrong, I suggest you to use the –staging option to avoid the temporary ban. The –staging option will use a testing server and will not issue valid certificates. When you have completed the procedure against the test server successfully, you can remove the –staging option to obtain the real certificate.
firstly, thank you for the guide. It’s been very helpful.
There is a security recommendation from Nextcloud advising “The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds.” The link below suggest how this can be achieved. Unfortuately I’m unsure how to make the setting change in apache. From your guide I assume I’d edit the file located in “/etc/apache2/sites-available/nextcloud.conf”. Are you, or one of your readers, able to make a suggestion on how to implentment this change? I’ll read up on doing this myself, but thought I’d ask here too.
Hello, sorry for my delay! The thing you’re referring to is a hardening practice, if you’re not exposing your service to the Internet and/or not trusted networks you should be fine. You also guessed right, you can add the part between inside the directory directive or, if you’ve followed step 7, directly within the virtualhost directory!
A query:
How can I access the public address locally? That is, instead of putting 10.1.10.10, put cloud.example.com in local and be able to access the same. Right now I can only access it through the lan.
Hello Nano, do you want to use a domain name locally, have I got it right? In order to do that you should have some form of name service in your local area (DNS, NMB, Wins or hosts files). In that case you should simply follow the 7th step of my guide, and insert such name in the ServerName directive.
I have already solved it, it was foolishness that my mikrotik did not respond to the dns and apart I modified the hosts file of the Debian vm where I have mounted the nextcloud.
Thank you very much for your time, I say reading
Hi Mark, Thanks for this write up, I was able to get everything setup and working. I wanted to inquire about step 7. I want to be able to keep my connection to my NextCloud instance as http://www.mydomain.com/nextcloud as I already have something at http://www.mydomain.com. How would you recommend doing this? Thanks in advance.
Hello Daniel, thank you for using this guide : ) You have multiple ways to do the following, however I suggest to keep the webserver already running instead of spawning multiple. Since you’re now using only one server there are two ways to use NC within a subdirectory:
– you can place the software inside a directory “nextcloud” within the document root of the server (or of the virtualhost, depending on your setup)
– you can keep the virtualhost and set the documentroot to the parent folder of nextcloud
The second solution is stretching the use-case of virtual hosts and will require additional tweaking.
Hello Mark,
Thank you for this awesome tutorial, after a lot of other guides and unsuccessful installs I found your site and now everything is running smooth. Cheers to that!
Thanks Mark, this is a great tutorial. I ran into two issues that are easy to solve if people also run into:
If you are setting this from a clean server and run into issues when obtaining the certificate chances are that you need to disable the default virtual host ‘sudo a2dissite 000-default.conf’. Then certboot will work.
At the end of this tutorial onlyoffce becomes crippled (“ONLYOFFICE cannot be reached. Please contact admin”) due to the virtual server changes on step 7. The solution is to edit the “Document Editing Service address” in the settings of the onlyoffice app on NC: https://yourdomein.tld/index.php/apps/documentserver_community/
Hello pachuco, thank you for the time you put into describing the issues and how to fix them. Strangely I don’t seem to run in these two issues whenever I write a new version of this tutorial or review existing ones. I will investigate on the two trying to reproduce them in my environment. Thank you for using my guide!
Hello one question.
I have several nextcloud on the same dedicated server. So that they all work normally I redirect ports 443 and 80. But what I want to do is that they can enter directly without putting the port. Do you know where I have to modify it?
It is of great help to me.
I hope your answer.
Hello Ildefonso, the only way (I’m aware of) to avoid specifying the port is to use either port 80 or 443 (standard web ports for HTTP/S). Since you have multiple instances you’re probably doing something randomport1/2->80,443 of instance1; randomport3/4->80,443 of instance2. A common solution to this “problem” is to use name-based virtual hosts. You can see an example of virtual host in Step 7. The most important part is the ServerName directive. In the example only port 80 is covered (port 443 is taken care of by Certbot), you will need to do the same for port 443. In order to achieve such setup you will need one or more domain names or use subdomains and DNS accordingly.
Do you have a guide on how to upgrade from nextcloud 17 to 18? i followed your guide a while back to install nextcloud 17 but when trying to upgrade in nextcloud to version 18 i get a page that states “Step 4 is currently in process. Please reload this page later.” so i figure i can just update manually but cannot find instructions anywhere as detailed as yours which is perfect for the linux noob that i am. can you help me please.
Hello Daniel, I’m humbled by your compliments. Unfortunately upgrading from 17 to 18 has proved quite troublesome for many users, mostly because the update is massive and there’s the document server, there is no bulletproof way to upgrade NC 17 to 18 without hiccups, your best bet is looking at the logs.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Cookie
Duration
Description
__smVID
1 month
Sumo sets this cookie for sign-up prompt purposes when visitors visit a website.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
CONSENT
2 years
YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_60468161_1
past
Set by Google to distinguish users.
_ga_DR9SCJ09BV
2 years
This cookie is installed by Google Analytics.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
__gads
1 year 24 days
The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
edgebucket
session
Reddit sets this cookie to save the information about a log-on Reddit user, for the purpose of advertisement recommendations and updating the content.
IDE
1 year 24 days
Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie
14 minutes
The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE
5 months 27 days
A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC
session
YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId
never
This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests
never
This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Cookie
Duration
Description
csv
2 years
No description available.
GoogleAdServingTest
session
No description
wp_api
past
No description
wp_api_sec
past
No description
_pk_id.1.95fa
1 year 27 days
No description
_pk_ses.1.95fa
29 minutes
No description
__smSessionId
9 hours
No description available.
__smToken
1 year
This cookie is set by the Sumo. This cookie is used for verifying whether the user is logged in or not.
%d bloggers like this:
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
firstly, thank you for the guide. It’s been very helpful.
There is a security recommendation from Nextcloud advising “The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds.” The link below suggest how this can be achieved. Unfortuately I’m unsure how to make the setting change in apache. From your guide I assume I’d edit the file located in “/etc/apache2/sites-available/nextcloud.conf”. Are you, or one of your readers, able to make a suggestion on how to implentment this change? I’ll read up on doing this myself, but thought I’d ask here too.
https://docs.nextcloud.com/server/18/admin_manual/installation/harden_server.html#enable-http-strict-transport-security
Have you found a solution?
No, I’m not sure of formatting.
I also got a little side tracked trying to disable the use of tlsv1 and 1.1.
Hello, sorry for my delay! The thing you’re referring to is a hardening practice, if you’re not exposing your service to the Internet and/or not trusted networks you should be fine. You also guessed right, you can add the part between
A query:
How can I access the public address locally? That is, instead of putting 10.1.10.10, put cloud.example.com in local and be able to access the same. Right now I can only access it through the lan.
Hello Nano, do you want to use a domain name locally, have I got it right? In order to do that you should have some form of name service in your local area (DNS, NMB, Wins or hosts files). In that case you should simply follow the 7th step of my guide, and insert such name in the ServerName directive.
I have already solved it, it was foolishness that my mikrotik did not respond to the dns and apart I modified the hosts file of the Debian vm where I have mounted the nextcloud.
Thank you very much for your time, I say reading
Thanks for the guide, it was helpful. Could you please help me Caddy Reverse proxy setup?
Hi Mark, Thanks for this write up, I was able to get everything setup and working. I wanted to inquire about step 7. I want to be able to keep my connection to my NextCloud instance as http://www.mydomain.com/nextcloud as I already have something at http://www.mydomain.com. How would you recommend doing this? Thanks in advance.
Hello Daniel, thank you for using this guide : ) You have multiple ways to do the following, however I suggest to keep the webserver already running instead of spawning multiple. Since you’re now using only one server there are two ways to use NC within a subdirectory:
– you can place the software inside a directory “nextcloud” within the document root of the server (or of the virtualhost, depending on your setup)
– you can keep the virtualhost and set the documentroot to the parent folder of nextcloud
The second solution is stretching the use-case of virtual hosts and will require additional tweaking.
Hello Mark,
Thank you for this awesome tutorial, after a lot of other guides and unsuccessful installs I found your site and now everything is running smooth. Cheers to that!
Thanks Mark, this is a great tutorial. I ran into two issues that are easy to solve if people also run into:
If you are setting this from a clean server and run into issues when obtaining the certificate chances are that you need to disable the default virtual host ‘sudo a2dissite 000-default.conf’. Then certboot will work.
At the end of this tutorial onlyoffce becomes crippled (“ONLYOFFICE cannot be reached. Please contact admin”) due to the virtual server changes on step 7. The solution is to edit the “Document Editing Service address” in the settings of the onlyoffice app on NC: https://yourdomein.tld/index.php/apps/documentserver_community/
Hello pachuco, thank you for the time you put into describing the issues and how to fix them. Strangely I don’t seem to run in these two issues whenever I write a new version of this tutorial or review existing ones. I will investigate on the two trying to reproduce them in my environment. Thank you for using my guide!
Thanks man, great article, it helped me a lot.
Hello one question.
I have several nextcloud on the same dedicated server. So that they all work normally I redirect ports 443 and 80. But what I want to do is that they can enter directly without putting the port. Do you know where I have to modify it?
It is of great help to me.
I hope your answer.
Hello Ildefonso, the only way (I’m aware of) to avoid specifying the port is to use either port 80 or 443 (standard web ports for HTTP/S). Since you have multiple instances you’re probably doing something randomport1/2->80,443 of instance1; randomport3/4->80,443 of instance2. A common solution to this “problem” is to use name-based virtual hosts. You can see an example of virtual host in Step 7. The most important part is the ServerName directive. In the example only port 80 is covered (port 443 is taken care of by Certbot), you will need to do the same for port 443. In order to achieve such setup you will need one or more domain names or use subdomains and DNS accordingly.
Hi mark,
Do you have a guide on how to upgrade from nextcloud 17 to 18? i followed your guide a while back to install nextcloud 17 but when trying to upgrade in nextcloud to version 18 i get a page that states “Step 4 is currently in process. Please reload this page later.” so i figure i can just update manually but cannot find instructions anywhere as detailed as yours which is perfect for the linux noob that i am. can you help me please.
Hello Daniel, I’m humbled by your compliments. Unfortunately upgrading from 17 to 18 has proved quite troublesome for many users, mostly because the update is massive and there’s the document server, there is no bulletproof way to upgrade NC 17 to 18 without hiccups, your best bet is looking at the logs.