Build your Nextcloud server using one shell script (AMD64/ARM64)

Ubuntu 18.04.x or Debian 9.x Stretch


Last Updates:

May 16th, 2019:
– ssl.conf: ssl_ecdh_curve X448:secp521r1:secp384r1:prime256v1;



Pre-requirements

From my perspective the requirements for this guide may be rated as low: you only have to

  • provide a 64Bit Server (e.g. Intel NUC),
  • forward two ports (80 and 443) from internet (your router e.g. FritzBox or Speedport) to your internal Nextcloud server,
  • install the operating system Ubuntu Bionic Beaver 18.04 LTS (64Bit) or Debian Stretch 9.x (64Bit).
  • and finally remove already installed packages of NGINX, PHP, MariaDB/PostgreSQL and Redis as root first or start with a new server os (recommended!).

    apt purge mariadb* mysql* postgresql* nginx* php* redis* -y && apt autoremove -y
    mv /var/www/nextcloud /var/www/nextcloud.bak
    mv /var/nc_data /var/nc_data.bak

  1. Build your self hosted Nextcloud server
    a) MariaDB
    b) PostgreSQL
  2. (optionally only) Request your ssl certificate from Let’s Encrypt
  3. Additional scripts (for Ubuntu and Debian) to maintain your Nextcloud server

The scripts called install-nextcloud-debian.sh, install-nextcloud-ubuntu.sh and install-nextcloud-ubuntu-arm64.sh will install your self hosted Nextcloud in less than 10 minutes! Fully prepared for Ubuntu 18.04.x or Debian 9.x Stretch environments consisting of:

  • Fail2Ban (Nextcloud and SSH jails)
  • MariaDB 10.3 / PostgreSQL 11
  • Nextcloud 16
  • NGINX 1.15
  • TLS v. 1.3
  • PHP 7.3
  • Redis-Server
  • self signed or Let’s Encrypt SSL using the second script
  • UFW (22, 80, 443)

Ready to go (?) … let’s start (MariaDB or PostgreSQL):


(1a) Build your self hosted Nextcloud server with MariaDB

Ubuntu:

sudo -s

Debian:

su -
apt purge mysql* nginx* php* redis* -y && apt autoremove -y
mv /var/www/nextcloud /var/www/nextcloud.bak && mv /var/nc_data /var/nc_data.bak
apt update && apt upgrade -y && apt install git -y cd /usr/local/src git clone https://github.com/criegerde/install-nextcloud.git cd install-nextcloud chmod +x *.sh
./install-nextcloud-mariadb-ubuntu.sh

or

./install-nextcloud-mariadb-ubuntu-arm64.sh

or

./install-nextcloud-mariadb-debian.sh

Start the install script and wait for the first examplarily screenshot. Create a MariaDB root password and proceed further.

To create the Nextcloud Database/User and to harden your database server enter the MariaDB root password as exemplarily shown two times as shown in the above screenshots.

You will be asked for the intial Nextcloud user and its password in order that Nextcloud can be installed silently. If the last screenshot appears your Nextcloud was installed successfully.

(1b) Build your self hosted Nextcloud server with PostgreSQL

Ubuntu:

sudo -s

Debian:

su -
apt purge mysql* nginx* php* redis* -y && apt autoremove -y
mv /var/www/nextcloud /var/www/nextcloud.bak && mv /var/nc_data /var/nc_data.bak
apt update && apt upgrade -y && apt install git -y cd /usr/local/src git clone https://github.com/criegerde/install-nextcloud.git cd install-nextcloud chmod +x *.sh
./install-nextcloud-psql-ubuntu.sh

or

./install-nextcloud-psql-debian.sh

You will be asked for the initial Nextcloud administrator and its password only – the installation will proceed further…


Finally, open your browser and call the shown URL from your shell. Login as your Nextcloud administrator and verify

Nextcloud 16 is already up, optimized and running!

It might become necessary to amend your config.php to reach your Nextcloud by its IP address:

On UBUNTU

sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value=192.168.2.3
sudo -u www-data php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=https://192.168.2.3

On DEBIAN:

su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value=192.168.2.3'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=https://192.168.2.3'

(2) Optionally: Request your ssl certificate from Let’s Encrypt

Optionally you may request your ssl certificate from Let’s Encrypt by issuing the second script called “ssl-certificate.sh”.

Before you request your certificate ensure that your web-ports (80+443) are forwarded to your server properly and your dyndns is already configured to point to your server!

(a) If you are on Ubuntu 18.04.x (64Bit):

sudo -s
chmod +x /usr/local/src/install-nextcloud/ssl/ssl-certificate-ubuntu.sh
/usr/local/src/install-nextcloud/ssl/ssl-certificate-ubuntu.sh

(b) If you are on Debian Stretch 9.x (64Bit):

su -
chmod +x /usr/local/src/install-nextcloud/ssl/ssl-certificate-debian.sh
/usr/local/src/install-nextcloud/ssl/ssl-certificate-debian.sh

You only have to enter your DYNDNSNAME (YOUR.DEDYN.IO).

Then LetsEncrypt will ask you for

  • your email adress
Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):
  • to agree to their Terms of Service
A

and finally

  • if you are willing to share your email address with the Electronic Frontier Foundation
Y or N

Wait while your certificates are obtained.

If you receive this message:

++++++++++++++++++++++++++++++++++++++++++++++++++++

Call: https://your.dedyn.io and enjoy your Nextcloud

++++++++++++++++++++++++++++++++++++++++++++++++++++

your server is up and running using a verified certificate from Let’s Encrypt.


(3) Additional scripts (for Ubuntu and Debian)

Beyond that you will find additional scripts at /usr/local/src/install-nextcloud/

  • /maintenance/fail2ban.sh

    status of the current banned ip’s

  • /maintenance/ubuntu/optimize-ubuntu.sh

    rebuild redis and nextcloud indices on Ubuntu

  • /maintenance/debian/optimize-debian.sh

    rebuild redis and nextcloud indices on Debian

  • /maintenance/restart.sh

    restart all Nextcloud related services

  • /maintenance/ssl-renewal.sh

    let’s encrypt certificate renewal automatism for cron

  • /maintenance/ubuntu/upgrade-ubuntu.sh

    update your Nextcloud server and apps on Ubuntu

  • /maintenance/debian/upgrade-debian.sh

    update your Nextcloud server and apps on Ubuntu

  • /ssl/ssl-certificate-debian.sh

    request your ssl certificates from Let’s Encrypt on Debian

  • /ssl/ssl-certificate-ubuntu.sh

    request your ssl certificates from Let’s Encrypt on Ubuntu

to optimize and maintain your system easily.


Don’t forget to backup your Nextcloud

Find more instructions here: Nextcloud backup and restore



Carsten Rieger

Carsten Rieger

Carsten Rieger is a senior system engineer in full-time and also working as an IT freelancer. He is working with linux environments for more than 13 years, an Open Source enthusiast and highly motivated on linux installation and troubleshooting. Mostly working with Debian/Ubuntu Linux, Nginx and Apache web server, MariaDB/MySQL/PostgreSQL, PHP, Cloud infrastructure (e.g. Nextcloud) and other open source projects (e.g. Roundcube) and in voluntary work for the Dr. Michael & Angela Jacobi Stiftung for more than 7 years.