Build your Nextcloud server using one shell script

Ubuntu 18.04.x or Debian 9.x / 10.x (AMD64/ARM64)


Pre-requirements

From my perspective the requirements for this guide may be rated as low: you only have to

  • provide a 64Bit Server (Ubuntu 18.04.x or Debian 9.x/10.x),
  • forward two ports (80 and 443) from internet (your router e.g. FritzBox or Speedport) to your internal Nextcloud server,
  • and finally remove already installed packages of NGINX, PHP, MariaDB/PostgreSQL and Redis as root first
    (or start with a new server os (recommended!)).

  1. Build your self hosted Nextcloud server based on
    a) MariaDB (recommended!) or
    b) PostgreSQL
  2. (optionally only) Request your ssl certificate from Let’s Encrypt using acme.sh
  3. Additional scripts (for Ubuntu and Debian) to maintain your Nextcloud server
    – now a backup.sh example can be found at  install-nextcloud/maintenance/backup.sh

The scripts called install-nextcloud-*-debian.sh or install-nextcloud-*-ubuntu.sh will install your self hosted Nextcloud in less than 10 minutes! Fully prepared for Ubuntu 18.04.x or Debian 9.x Stretch/Debian 10.x Buster environments consisting of:

  • Fail2Ban (Nextcloud and SSH jails)
  • MariaDB 10.4 / PostgreSQL 11
  • Nextcloud 16
  • NGINX 1.17
  • TLS v. 1.3
  • PHP 7.3
  • Redis-Server
  • self signed or Let’s Encrypt SSL using the second script
  • UFW (22, 80, 443)

  

Ready to go (?) … let’s start (MariaDB or PostgreSQL):


(1a) Build your self hosted Nextcloud server with MariaDB

Ubuntu:

sudo -s

Debian:

su -

apt purge mariadb* mysql* postgresql* nginx* php* redis* -y && apt autoremove -y
rm -R /var/www/nextcloud
apt update && apt upgrade -y && apt install git -y
cd /usr/local/src
git clone https://github.com/criegerde/install-nextcloud.git
cd install-nextcloud
chmod +x *.sh
./install-nextcloud-mariadb-ubuntu.sh

or

./install-nextcloud-mariadb-debian.sh

You will be asked for the intial Nextcloud user, its password and the datapath in order that Nextcloud can be installed silently. If the last screenshot appears your Nextcloud was installed successfully.

(1b) Build your self hosted Nextcloud server with PostgreSQL

Ubuntu 18.04.x (AMD64 only):

sudo -s

Debian 9.x Stretch or Debian 10.x Buster:

su -

apt purge mariadb* mysql* postgresql* nginx* php* redis* -y && apt autoremove -y
rm -R /var/www/nextcloud
apt update && apt upgrade -y && apt install git -y
cd /usr/local/src
git clone https://github.com/criegerde/install-nextcloud.git
cd install-nextcloud
chmod +x *.sh
./install-nextcloud-psql-ubuntu.sh

or

./install-nextcloud-psql-debian.sh

You will be asked for the intial Nextcloud user, its password and the datapath in order that Nextcloud can be installed silently. If the last screenshot appears your Nextcloud was installed successfully.


Finally, open your browser and call the shown URL from your shell. Login as your Nextcloud administrator and verify

Nextcloud 16 is already up, optimized and running!

It might become necessary to amend your config.php to reach your Nextcloud by its IP address:

On UBUNTU

sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value=192.168.2.3
sudo -u www-data php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=https://192.168.2.3

On DEBIAN:

su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value=192.168.2.3'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=https://192.168.2.3'

(2) Optionally: Request your ssl certificate from Let’s Encrypt using acme.sh:

Create a technical user to install and renew your ssl certificates

adduser acmeuser
usermod -a -G www-data acmeuser

Issue visudo

visudo

and add the the following row at the end of the file

acmeuser ALL=NOPASSWD: /bin/systemctl reload nginx.service

to e.g. restart nginx without a password.

To request ssl certificates from letsencrypt just install acme and request your ssl-certificate(s):

su - acmeuser
curl https://get.acme.sh | sh
exit

Create three folders to request and store your ssl certificates to (substitute your.dedyn.io):

sudo -s
mkdir -p /var/www/letsencrypt/.well-known/acme-challenge /etc/letsencrypt/rsa-certs /etc/letsencrypt/ecc-certs
chmod -R 775 /var/www/letsencrypt /etc/letsencrypt && chown -R www-data:www-data /var/www/ /etc/letsencrypt
su - acmeuser
acme.sh --issue -d your.dedyn.io --keylength 4096 -w /var/www/letsencrypt --key-file /etc/letsencrypt/rsa-certs/privkey.pem --ca-file /etc/letsencrypt/rsa-certs/chain.pem --cert-file /etc/letsencrypt/rsa-certs/cert.pem --fullchain-file /etc/letsencrypt/rsa-certs/fullchain.pem
acme.sh --issue -d your.dedyn.io --keylength ec-384 -w /var/www/letsencrypt --key-file /etc/letsencrypt/ecc-certs/privkey.pem --ca-file /etc/letsencrypt/ecc-certs/chain.pem --cert-file /etc/letsencrypt/ecc-certs/cert.pem --fullchain-file /etc/letsencrypt/ecc-certs/fullchain.pem
exit

Remove the links to your self signed certificates and restart nginx:

sed -i '/ssl-cert-snakeoil/d' /etc/nginx/ssl.conf
sed -i s/\#\ssl/\ssl/g /etc/nginx/ssl.conf

Set your trusted domain:

sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value=your.dedyn.io

Set your domain as overwrite.cli.url:

sudo -u www-data php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=https://your.dedyn.io

Restart NGINX

service nginx restart

From now your webserver interacts withs your ssl certificates from let’s encrypt.


(3) Additional scripts (for Ubuntu and Debian)

Beyond that you will find additional scripts at /usr/local/src/install-nextcloud/

  • fail2ban.sh

    status of the current banned ip’s

  • optimize-ubuntu.sh

    rebuild redis and nextcloud indices

  • restart.sh

    restart all Nextcloud related services

  • ssl-renewal.sh

    let’s encrypt certificate renewal automatism for cron

  • upgrade-ubuntu.sh

    update your Nextcloud server and apps on Ubuntu

  • upgrade-debian.sh

    update your Nextcloud server and apps on Ubuntu

to optimize and maintain your system easily.


Don’t forget to backup your Nextcloud

Find more instructions here: Nextcloud backup and restore



Carsten Rieger

Carsten Rieger

Carsten Rieger is a senior system engineer in full-time and also working as an IT freelancer. He is working with linux environments for more than 15 years, an Open Source enthusiast and highly motivated on linux installation and troubleshooting. Mostly working with Debian/Ubuntu Linux, Nginx and Apache web server, MariaDB/MySQL/PostgreSQL, PHP, Cloud infrastructure (e.g. Nextcloud) and other open source projects (e.g. Roundcube) and in voluntary work for the Dr. Michael & Angela Jacobi Stiftung for more than 7 years.