Build your Nextcloud server using one shell script

Ubuntu 18.04.x or Debian 9.x / 10.x (AMD64/ARM64)


Pre-requirements

From my perspective the requirements for this guide may be rated as low: you only have to

  • provide a 64Bit Server (Ubuntu 18.04.x or Debian 9.x/10.x),
  • forward two ports (80 and 443) from internet (your router e.g. FritzBox or Speedport) to your internal Nextcloud server,
  • and finally remove already installed packages of NGINX, PHP, MariaDB/PostgreSQL and Redis as root first
    (or start with a new server os (recommended!)).

  1. Build your self hosted Nextcloud server based on
    a) MariaDB (recommended!) or
    b) PostgreSQL
  2. (optionally only) Request your ssl certificate from Let’s Encrypt using acme.sh
  3. Additional scripts (for Ubuntu and Debian) to maintain your Nextcloud server

The scripts called install-nextcloud-*-debian.sh or install-nextcloud-*-ubuntu.sh will install your self hosted Nextcloud in less than 10 minutes! Fully prepared for Ubuntu 18.04.x or Debian 9.x Stretch/Debian 10.x Buster environments consisting of:

  • Fail2Ban (Nextcloud and SSH jails)
  • MariaDB 10.4 / PostgreSQL 11
  • Nextcloud 16
  • NGINX 1.17
  • TLS v. 1.3
  • PHP 7.3
  • Redis-Server
  • self signed or Let’s Encrypt SSL using the second script
  • UFW (22, 80, 443)

  

Ready to go (?) … let’s start (MariaDB or PostgreSQL):


(1a) Build your self hosted Nextcloud server with MariaDB

Ubuntu:

sudo -s

Debian:

su -

apt purge mariadb* mysql* postgresql* nginx* php* redis* -y && apt autoremove -y
rm -R /var/www/nextcloud
apt update && apt upgrade -y && apt install git -y
cd /usr/local/src
git clone https://github.com/criegerde/install-nextcloud.git
cd install-nextcloud
chmod +x *.sh
./install-nextcloud-mariadb-ubuntu.sh

or

./install-nextcloud-mariadb-debian.sh

You will be asked for the intial Nextcloud user, its password and the datapath in order that Nextcloud can be installed silently. If the last screenshot appears your Nextcloud was installed successfully.

(1b) Build your self hosted Nextcloud server with PostgreSQL

Ubuntu 18.04.x (AMD64 only):

sudo -s

Debian 9.x Stretch or Debian 10.x Buster:

su -

apt purge mariadb* mysql* postgresql* nginx* php* redis* -y && apt autoremove -y
rm -R /var/www/nextcloud
apt update && apt upgrade -y && apt install git -y
cd /usr/local/src
git clone https://github.com/criegerde/install-nextcloud.git
cd install-nextcloud
chmod +x *.sh
./install-nextcloud-psql-ubuntu.sh

or

./install-nextcloud-psql-debian.sh

You will be asked for the intial Nextcloud user, its password and the datapath in order that Nextcloud can be installed silently. If the last screenshot appears your Nextcloud was installed successfully.


Finally, open your browser and call the shown URL from your shell. Login as your Nextcloud administrator and verify

Nextcloud 16 is already up, optimized and running!

It might become necessary to amend your config.php to reach your Nextcloud by its IP address:

On UBUNTU

sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value=192.168.2.3
sudo -u www-data php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=https://192.168.2.3

On DEBIAN:

su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value=192.168.2.3'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=https://192.168.2.3'

(2) Optionally: Request your ssl certificate from Let’s Encrypt using acme.sh:

To request ssl certificates from letsencrypt just install acme and request your ssl-certificate(s):

cd /usr/local/src
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh && chmod +x acme.sh 
./acme.sh --install 

The installer will perform 3 actions:

  1. Create and copy acme.sh to your home dir ($HOME): ~/.acme.sh/. All certs will be placed in this folder too.
  2. Create alias for: acme.sh=~/.acme.sh/acme.sh.
  3. Create daily cron job to check and renew the certs if needed.

After the installation, you must close the current terminal and reopen it to make the alias take effect.

sudo -s
cd ~/.acme.sh
acme.sh --issue -d your.dedyn.io --keylength 4096 -w /var/www/letsencrypt --key-file /etc/letsencrypt/rsa-certs/privkey.pem --ca-file /etc/letsencrypt/rsa-certs/chain.pem --cert-file /etc/letsencrypt/rsa-certs/cert.pem --fullchain-file /etc/letsencrypt/rsa-certs/fullchain.pem
acme.sh --issue -d your.dedyn.io --keylength ec-384 -w /var/www/letsencrypt --key-file /etc/letsencrypt/ecc-certs/privkey.pem --ca-file /etc/letsencrypt/ecc-certs/chain.pem --cert-file /etc/letsencrypt/ecc-certs/cert.pem --fullchain-file /etc/letsencrypt/ecc-certs/fullchain.pem

Remove the links to your self signed certificates and restart nginx:

sed -i '/ssl-cert-snakeoil/d' /etc/nginx/ssl.conf
sed -i s/\#\ssl/\ssl/g /etc/nginx/ssl.conf

Set your trusted domain:

sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value=your.dedyn.io

Set your domain as overwrite.cli.url:

sudo -u www-data php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=https://your.dedyn.io

Restart NGINX

service nginx restart

From now your webserver interacts withs your ssl certificates from let’s encrypt.


(3) Additional scripts (for Ubuntu and Debian)

Beyond that you will find additional scripts at /usr/local/src/install-nextcloud/

  • fail2ban.sh

    status of the current banned ip’s

  • optimize-ubuntu.sh

    rebuild redis and nextcloud indices

  • restart.sh

    restart all Nextcloud related services

  • ssl-renewal.sh

    let’s encrypt certificate renewal automatism for cron

  • upgrade-ubuntu.sh

    update your Nextcloud server and apps on Ubuntu

  • upgrade-debian.sh

    update your Nextcloud server and apps on Ubuntu

to optimize and maintain your system easily.


Don’t forget to backup your Nextcloud

Find more instructions here: Nextcloud backup and restore



Carsten Rieger

Carsten Rieger

Carsten Rieger is a senior system engineer in full-time and also working as an IT freelancer. He is working with linux environments for more than 13 years, an Open Source enthusiast and highly motivated on linux installation and troubleshooting. Mostly working with Debian/Ubuntu Linux, Nginx and Apache web server, MariaDB/MySQL/PostgreSQL, PHP, Cloud infrastructure (e.g. Nextcloud) and other open source projects (e.g. Roundcube) and in voluntary work for the Dr. Michael & Angela Jacobi Stiftung for more than 7 years.