Installing Nextcloud on Ubuntu 16.04 LTS with Redis, APCu, SSL & Apache


(Jason Bayton) #1

(Logan Mancuso) #2

I have used your guide for nextcloud numerous times and it is nothing short of perfect thank you. Working on a long script to do it for me next time if i get it working ill post it to my GitHub


(Jason Bayton) #3

Thanks very much @logmancuso!

You’re more than welcome to follow up with the script when you write it; if it’s useful Nextcloud also offer official VM images, a RaspberryPi image, snap and more :slight_smile:


(Lee) #4

@jason First off, thank you for the awesome guide!

I am running Nextcloud locally and plan on only accessing it through a VPN but while away so I skipped the part of your guide for setting up SSL (I tried it one time but received an error, probably due to not having a domain configured). The only issue is I can’t get rid of “Accessing site insecurely via HTTP. You are strongly adviced to set up your server to require HTTPS instead” message.

I also noticed that after setting up the Max Upload per your instructions and visiting the section additional settings , it still shows the default 511 MB.

Any suggestions?


(Jason Bayton) #5

Hi @junior466,

That alert is there for a reason… if you’re not wanting to set up SSL (which internally accessed via VPN is understandable) then just ignore it; it doesn’t impact your setup in any meaningful way other than to remind you it’s not a secure connection.

For the upload, you need to change 511 to 2GB as per the image. If on refresh it changes back, it may not be updating your .htaccess file located in the nextcloud folder (which you can edit manually).


(Ollie E) #6

Thank you for this excellent guide! I tried a few other step-by-step procedures for installing Nextcloud on Ubuntu and they all failed. Yours worked great, even with 18.04.


(Adam ) #7

I am using your guide again to boot up a new ubuntu server and was able to get everything working except for apache. It may be because I am trying to have the root domain load as the nextcloud server (e.g. https://example.com).

I believe that letsencrypt won’t authorize root domain cert unless i use the --webroot tag instead of the --apache flag. i have a public dns cname record that I can access the server from without ssl cert, but if i try and access from root domain I get an error that says “This page isn’t working – ERR_TOO_MANY_REDIRECTS”.

it looks as though the nextcloud instance is working fine and i can see that all of the checks have passed in the admin panel, but still stuck on the apache redirect and ssl cert stuff.

I am wondering if you have any experience with this?


(Jason Bayton) #8

Hmm, I can’t say I’ve seen or experienced this, but there have been a lot of recent changes with LE which may be causing issues. I’ll try to replicate.

You’ll I guess need to fall back to the manual SSL method instead


(Adam ) #9

Thank you for getting back to me. I am wondering if there is a way to completely start over with the installation? Nextcloud seems to be working totally fine, but I am wondering if you have any suggestions on how to uninstall apache and all of LE and start over from scratch just doing it manually?

I am having a little difficulty with the --webroot stuff, but basically just bought a throw away .io domain that I want it to only be used for a temporary nextcloud account for a software cohort that start next week.

thanks so much for any suggestion or guidance you can provide.


(Jason Bayton) #10

There’s really no need to start from scratch. I’ll get some commands and such together based on the manual SSL steps when I’m free later :slight_smile:


(Adam ) #11

Awesome. Thank you so much! I am using CloudFlare as my DNS/Nameserver and turned off all of their built in SSL stuff because I would rather have it done on the server. I can access the Nextcloud instance with the direct server DNS name, but does now work if I try to point it to my root domain. I get errors that there were “Too Many Redirects”. Would it be helpful to post my logs or my current Apache settings somehow?


(Dr Aware) #12

Fantastic write-up! I have been trying to install Nextcloud for a
couple of years now by using various guides found online but none of
them came close to how well documented this guide is. Well done sir!
Altough it is pretty well documented and the resulting setup is as close
to “production-ready” as it could be, there are a few things that could
be improved in to make it a true step-by-step for dummies guide. If I
may comment on these shortcomings, then perhaps you could revisit the
guide to make changes or explain what needs to be configured here.
Disclaimer: I am by no means Linux savvy.

@ 2.1. Installation URL.
This
part is very unclear. It assumes you understand what is being set from
the get go and so i dismissed this part hoping the next steps will
inform me of what choices in need to make ad-hoc

@ 4.2.1. Let’s Encrypt.
This
part was very straight forward but could use a little bit of detail to
help those whose nextcloud server is behind a firewall. When Let’s Crypt
communicates back with the nextcloud server, it will attempt to do so
via http (port 80). If the nextcloud server is behind a NAT’ed firewall
then an http rule should be created. Also, once https has been enabled
in Apache and a certificate has been generated, a new firewall rule to
enable https (port 443) traffic should be created.

@ 4.2.1. Let’s Encrypt. - Continued
Below
the screenshot of putty, you mention the following: “One step from the
manual process which is recommended is to add the following snippet to
the Let’s Encrypt-created vhost.conf file in the same way as is
documented in 4.2.2 below” This part is confusing because I don’t know
whether this should be executed after executing ./certbot-auto or
whether it should be executed if you’re following the manual process.
Also, it is confusing which file needs to be modified. You mention the
Let’s Encrypt-created vhost.conf file in one place and then the
/etc/apache2/sites-available/000-default-le-ssl.conf file in another.

I
opted to modify the
/etc/apache2/sites-available/000-default-le-ssl.conf file by issuing
sudo vim /etc/apache2/sites-available/000-default-le-ssl.conf, added the
described snippet and when it came time to save the file, i got an
error that it was read-only. No matter what I tried, I wasn’t able to
modify the file.

In the end, i skipped this step. Let’s Encrypt
cert was issued and tested to work successfully. I still would have like
to to add the snippet mentioned, though.

As for the sudo crontab
-e part, once I executed the command all I got was 4 options to chose
from (no previous jobs have been created for su). There wasn’t any
documentation for what option to select so i skipped this. Just one more
remark regarding the cron job, doesn’t the ./certbot-auto command take
care of creating a certificate auto update job as well? If so, then the
argument to run crontab should be moved to the manual install section,
no?

@ 4.2.2. Manual
I skipped all of this, FYI.

@ 5.3. Install Nextcloud
You
mention the following: “When selecting a location for the data
directory, keeping it in the webroot is really only OK providing
.htaccess rules work. If they do not, as is the case at this point due
to the way Apache is setup by default, or fail at any point in the
future, the data directory will be publicly visible. We don’t want
that.”

This is another confusing entry in the guide. Only after
completing the complete installation guide did I notice that I need to
type in /nextcloud at the end or the URL in order to access Nextcloud.
This is probably because i left the location for the data directory set
to default during the Nextcloud installation on the website. So now I
currently have a Nextcloud installation that can only be accessed
through https:///nextcloud and the default webserver
page on https:/// displays the Apache welcome screen.

Is
there any way to change this behaviour now that the installation is all
don or do I need to start from scratch? Also, what and where is this
.htaccess file that is mentioned? Is it in the default Apache
directories or in the nextcloud directory found under
/var/www/html/nextcloud/? Really confusing :frowning:

@ 6.3. Pretty links
I
am very uncertain as to where the line ‘htaccess.RewriteBase’ =>
‘/nextcloud’, should be added in the
/var/www/html/nextcloud/config/config.php file. I tried googling
examples for this type of line but didn’t get any useful hits. Could you
perhaps share a screenshot? Another thing that confuses me here is the
mention of “where nextcloud is the URL location – domain.com/nextcloud – of the installation”. Does this mean that the line should read ‘htaccess.RewriteBase’ => ‘<mydomain.com>/nextcloud’ ?? One more step that I skipped due to uncertainty.

I
really can’t explain enough how thankful I am to the research and
effort that you put into making this guide. Had it not been for this
guide I would certainly have given up again and waited for Nextcloud to
be more install friendly. As i mentioned in the start, the resulting
installation is as close to perfect as it can get and that is thanks to
you.

I hope you can share a few minutes of your time, at your earliest convenience, to help iron out the last few bits and bobs.


(Arthur) #13

What an amazing guide thanks @Bayton. Been looking for this for weeks. … I have an issue and I hope you can point me into the right direction and in advance sorry if the resolution is obvious I am no expert.

I have successfully installed nextcloud but I am unable to download or upload any files. I get “Redis server went away” on top of the page when I try and brows to upload.

I also see loads of these errors in the log file:

"Error PHP Redis::connect(): connect() failed: No such file or directory at /var/www/html/nextcloud/lib/private/RedisFactory.php#84

here is my

/var/www/html/nextcloud/lib/private/RedisFactory.ph file looks like this from line #84:

$this->instance->connect($host, $port, $timeout);
if (isset($config[‘password’]) && $config[‘password’] !== ‘’) {
$this->instance->auth($config[‘password’]);
}

                    if (isset($config['dbindex'])) {
                            $this->instance->select($config['dbindex']);
                    }
            }
    }

here is my var/www/html/nextcloud/config/config.php

?php
$CONFIG = array (
‘instanceid’ => ‘xxxxx’,
‘passwordsalt’ => ‘xxxxx/xxx/xx’,
‘secret’ => ‘xxxx+xxxxxx’,
‘trusted_domains’ =>
array (
0 => ‘192.168.254.32’,
),
‘datadirectory’ => ‘/var/www/html/nextcloud/data’,
‘overwrite.cli.url’ => ‘http://192.168.254.32/nextcloud’,
‘dbtype’ => ‘mysql’,
‘version’ => ‘13.0.2.1’,
‘dbname’ => ‘nextcloud’,
‘dbhost’ => ‘localhost’,
‘dbport’ => ‘’,
‘dbtableprefix’ => ‘oc_’,
‘mysql.utf8mb4’ => true,
‘dbuser’ => ‘xxxx’,
‘dbpassword’ => ‘xxxx’,
‘installed’ => true,
‘memcache.local’ => ‘\OC\Memcache\APCu’,
‘memcache.locking’ => ‘\OC\Memcache\Redis’,
‘filelocking.enabled’ => ‘true’,
‘redis’ =>
array (
‘host’ => ‘/var/run/redis/redis.sock’,
‘port’ => 0,
‘timeout’ => 0.0,
),
‘loglevel’ => 0,
);


(Jason Bayton) #14

OK, so if you have the additional LE apache config, you can disable it with sudo a2dissite ssl-le-apache.conf (or whatever the name would be, you can validate with ls -l /etc/apache2/sites-available)

Or you can edit it, whichever you prefer…

On the SSL, the command I use for all of my domains is:

sudo /etc/certbot-auto certonly --rsa-key-size 4096 --webroot -w /var/www/ -d domain.com

What this does is set the webroot as /var/www (which creates a validation folder within, so has to be public facing), you’re asking only for the cert and no Apache integration, and when it’s complete it’ll output the certs to /etc/letsencrypt/live/domain-0001 (where domain-0001 is whatever the domain is).

You can then use the following as an example of the VHOST I use for my Apache config:

<VirtualHost *:443>
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/domain.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com-0001/privkey.pem

DocumentRoot /var/www/
ServerName domain.com

<Directory /var/www/>
       Options +FollowSymlinks
       AllowOverride All

      <IfModule mod_dav.c>
        Dav off
      </IfModule>

       SetEnv HOME /var/www
       SetEnv HTTP_HOME /var/www
     </Directory>

<IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15768000; preload"
</IfModule>

<IfModule mod_headers.c>
                Header set Content-Security-Policy: "font-src https: data:;"
                # `mod_headers` cannot match based on the content-type, however,
                # the `Content-Security-Policy` response header should be send
                # only for HTML documents and not for the other resources.
                <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
                        Header unset Content-Security-Policy
                </FilesMatch>
</IfModule>

</VirtualHost>

After this you can enable the site, if I called this nc.conf it would be sudo a2ensite nc.conf && sudo service apache2 restart (you can use reload instead of restart, whatever you want).

Is that helpful?


(Jason Bayton) #15

Hmm, have you checked the permissions… validated the redis conf file?


(Jason Bayton) #16

I don’t understand. It clearly states where Nextcloud is being installed and what needs to change if you want it installed elsewhere. If you skip that then it’ll install to /nextcloud as the guide is written.

It’s after. If you’re following the guide top to bottom then you would do this after running the above certbot commands. I also suggest adding it to the certbot created file, so there’d be no file if you don’t first run the certbot commands!

vhost.conf is an example name, then I state it explicitly while editing.

100% definitely running sudo? Because that should not be happening.

Indeed, I’m not going to suggest which editor you should use for contab as it’s your choice. Given everything else is vim in the guide though you could have chosen that.

It does not.

This is because you didn’t read 2.1.

Yes, you can read 2.1 and make the relevant changes to the apache vhost.conf files, the Nextcloud config file and restart the Apache server :slight_smile:

You’re not editing .htaccess directly, so it’s not part of the guide. Normally .htaccess will be located in the root of the install directory, so /var/www/html/nextcloud/ in this case.

Under any of the existing written lines, it doesn’t matter. I can indeed add a screenshot there to make it clearer though :slight_smile:

No, I gave you the line to add based on the URL being domain.com/nextcloud. You’d only edit this if you used domain.com/cloud or just domain.com, where the line would read “/cloud” or “/” respectively.

Hope that helps!


(Nicolas) #17

Hi,
Is it possible to use Ubuntu 18.04 instead of 16.04 ?
Thank you !


(Jason Bayton) #18

Yes! Should be the same process.


(Stephen Kwabena) #19

Thanks for you article about nextcloud and let’s encrypt. But after installing let’s encrypt, I get this error “can’t access ‘/’ on this server”. What is the problem?
Thanks in advance


(Jason Bayton) #20

Can you get me the Apache logs please?

/var/log/apache2/error.log