Start to here

sudo apt update && apt upgrade -y

apt install ca-certificates apt-transport-https software-properties-common

sudo add-apt-repository ppa:ondrej/php (optional for ubuntu < 22.04)

apt install nginx python3-certbot-nginx mariadb-server mariadb-client php8.1 php8.1-fpm php8.1-pgsql php-common php8.1-cli php8.1-common php8.1-opcache php8.1-readline php8.1-mbstring php8.1-xml php8.1-gd php8.1-curl imagemagick php8.1-imagick php8.1-common php8.1-mysql php8.1-fpm php8.1-gd php8.1-curl php8.1-zip php8.1-xml php8.1-mbstring php8.1-bz2 php8.1-mysql php8.1-intl php8.1-bcmath php8.1-gmp php8.1-ldap php8.1-smbclient php8.1-imap php8.1-redis redis-server

sudo mysql_secure_installation

sudo sed -i 's/memory_limit = 128M/memory_limit = 2094M/g' /etc/php/8.1/fpm/php.ini

sudo sed -i 's/;clear_env = no/clear_env = no/g' /etc/php/8.1/fpm/pool.d/www.conf

sudo sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 16G/g' /etc/php/8.1/fpm/php.ini

sudo sed -i 's/post_max_size = 2M/post_max_size = 16G/g' /etc/php/8.1/fpm/php.ini

systemctl restart php8.1-fpm

crontab -u www-data -e

*/5 * * * * php8.1 -f /var/www/nextcloud/cron.php

Step 1: Download NextCloud on Ubuntu 20.04

Log into your Ubuntu 20.04 server. Then download the NextCloud zip archive onto your server. The latest stable version is 22.1.1 at time of this writing. You may need to change the version number. Go to https://nextcloud.com/changelog/ and click the download for server button to see the latest version.

You can run the following command to download it on your server.

wget https://download.nextcloud.com/server/releases/nextcloud-22.1.1.zip

You can always use the above URL format to download NextCloud. If a new version comes out, simply replace 22.1.1 with the new version number.

Once downloaded, extract the archive with unzip.

sudo apt install unzip

sudo unzip nextcloud-22.1.1.zip -d /var/www/

The -d option specifies the target directory. NextCloud web files will be extracted to /usr/share/nginx/nextcloud/. Then we need to change the owner of this directory to www-data so that the web server (Nginx) can write to this directory.

sudo chown www-data:www-data /var/www/nextcloud/ -R

Step 2: Create a Database and User for Nextcloud in MariaDB Database Server

Log into MariaDB database server with the following command. Since MariaDB is now using unix_socket plugin to authentication user login, there’s no need to enter MariaDB root password. We just need to prefix the mysql command with sudo.

sudo mysql

Then create a database for Nextcloud. This tutorial name the database nextcloud. You can use whatever name you like.

create database nextcloud;

Create the database user. Again, you can use your preferred name for this user. Replace your-password with your preferred password.

create user nextclouduser@localhost identified by 'your-password';

Grant this user all privileges on the nextcloud database.

grant all privileges on nextcloud.* to nextclouduser@localhost identified by 'your-password';

Flush privileges and exit.

flush privileges;

exit;

Step 3: Create a Nginx Config File for Nextcloud

Create a nextcloud file in /etc/nginx/sites-enabled/ directory, with a command-line text editor like Nano.

sudo nano /etc/nginx/sites-enabled/nextcloud

Copy and paste the following text into the file. Replace nextcloud.example.com with your own preferred sub-domain. Don’t forget to create DNS A record for this sub-domain in your DNS zone editor. If you don’t have a real domain name, I recommend going to NameCheap to buy one. The price is low and they give whois privacy protection free for life.

upstream php-handler {
    #server 127.0.0.1:9000;
    server unix:/run/php/php8.1-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name nextcloud.example.com;
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;
    root /var/www/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ^~ /.well-known {
        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }
        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
        return 301 /index.php$request_uri;
    }

    client_max_body_size 16G;
    client_body_buffer_size 12096k;
    client_body_timeout 300s;
    fastcgi_buffers 64 4K;
     proxy_buffering  off;

    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
        fastcgi_read_timeout 300;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~ \.(?:css|js|woff|svg|gif)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=15778463";
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;
        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

Save and close the file. (To save a file in Nano text editor, press Ctrl+O, then press Enter to confirm. To exit, press Ctrl+X.)

Then test Nginx configuration.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Step 5: Enable HTTPS

Now you can access the Nextcloud web install wizard in your web browser by entering the domain name for your Nextcloud installation.

nextcloud.example.com

Before entering any sensitive information, we should enable secure HTTPS connection on Nextcloud. We can obtain a free TLS certificate from Let’s Encrypt. Install Let’s Encrypt client (certbot) from Ubuntu 20.04 repository.

sudo apt install certbot python3-certbot-nginx

Python3-certbot-nginx is the Nginx plugin. Next, run the following command to obtain a free TLS certificate using the Nginx plugin.

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d nextcloud.example.com

Where:

• –nginx: Use the Nginx authenticator and installer
• –agree-tos: Agree to Let’s Encrypt terms of service
• –redirect: Enforce HTTPS by adding 301 redirect.
• –hsts: Enable HTTP Strict Transport Security. This defends against SSL/TLS stripping attack.
• –staple-ocsp: Enable OCSP Stapling.
• –email: Email used for registration and recovery contact.
• -d flag is followed by a list of domain names, separated by comma. You can add up to 100 domain names.

You will be asked if you want to receive emails from EFF(Electronic Frontier Foundation). After choosing Y or N, your TLS certificate will be automatically obtained and configured for you, which is indicated by the message below.

I found that Certbot may not be able to add HSTS header in the Nginx config file for Nextcloud. If you would like to enable HSTS (HTTP Strict Transport Security), then edit the file.

sudo nano /etc/nginx/sites-enabled/nextcloud

We can then add the following line in the SSL server block to enable HSTS header. (If it’s already there, then your configuration are fine.)

add_header Strict-Transport-Security "max-age=31536000" always;

Also, you can enable HTTP2 protocol by adding the option http2, which will speed up webpage loading.

listen 443 ssl http2; # managed by Certbot

Like below.

Save and close the file. Then text Nginx configurations.

sudo nginx -t

If the test is successful, reload Nginx for the change to take effect.

sudo systemctl reload nginx

The above configuration will get A+ score on SSL test.

Step 6: Finish the Installation in your Web Browser

Now you can access the Nextcloud web install wizard using HTTPS connection.

https://nextcloud.example.com

To complete the installation, you need to create an admin account, enter the path of Nextcloud data folder, enter database details you created in step 2. You can use the default localhost as host address, or you can enter localhost:3306, as MariaDB listens on port 3306.

The data folder is where users’ files are stored. For security, it’s best to place the data directory outside of Nextcloud webroot directory. So instead of storing users’ files under /usr/share/nginx/nextcloud/data/, we can change it to /usr/share/nginx/nextcloud-data. which can be created with the following command:

sudo mkdir /var/www/nextcloud-data

Then make sure Nginx user (www-data) has write permission to the data directory.

sudo chown www-data:www-data /var/www/nextcloud-data -R

Click the Finish Setup button, you will see the Web interface of Nextcloud. Congrats! You can start using it as your private cloud storage.

set default phone region

sudo -u www-data php /var/www/nextcloud/occ config:system:set default_phone_region –value=”yourvalue”

How to Set up NextCloud Email Notification

If your NextCloud instance will be used by more than one person, it’s important that your NextCloud server can send transactional emails, such as password-resetting email. First, you should set an email address for your own account. Go to Settings -> Personal Info and set an email address for your account.

Then go to Settings -> Basic settings. You will find the email server settings. There are two send modes: sendmail and smtp. You can choose the sendmail mode if your NextCloud host has an SMTP server running.

If you would like to use an SMTP server running on another host, then choose smtp mode and enter the SMTP server address and login credentials like below. Choose STARTTLS for encryption.

For how to set up an email server, please check out the following tutorial. Note that I highly recommend running iRedMail mail server on a fresh clean OS. Installing iRedMail on an OS that has other web applications can fail, and likely break existing applications.

• How to easily set up a full-featured mail server on Ubuntu 20.04 with iRedMail

How to Reset Nextcloud User Password From Command Line

If you lost your admin account password, and you didn’t set up email delivery in Nextcloud, then you need to reset the password by running the following command on your server. Replace nextcloud_username with your real username.

sudo -u www-data php /var/www/nextcloud/occ user:resetpassword nextcloud_username

There are also other commands you might find useful. List available commands with:

sudo -u www-data php /var/www/nextcloud/occ

or

sudo -u www-data php /var/www/nextcloud/console.php

How to Move the Data Directory

In case you need to move the NextCloud data directory, there are 4 steps to accomplish this. First, you need to use the cp command to copy the data directory to the new directory. For example, the mount point of my external hard drive is /media/linuxguru/b43e4eea-9796-4ac6-9c48-2bcaa46353731. I create the new data directory on the external hard drive.

sudo mkdir /media/linuxguru/b43e4eea-9796-4ac6-9c48-2bcaa46353731/nextcloud-data/

Then I copy the original data directory to the new data directory. -R flag means the copy operation is recursive.

sudo cp /var/www/nextcloud-data/* /media/linuxguru/b43e4eea-9796-4ac6-9c48-2bcaa46353731/nextcloud-data/ -R

You also need to copy the .ocdata file.

sudo cp /var/www/nextcloud-data/.ocdata /media/linuxguru/b43e4eea-9796-4ac6-9c48-2bcaa46353731/nextcloud-data/

Next, you need to set www-data (Nginx user) as the owner.

sudo chown www-data:www-data /media/linuxguru/b43e4eea-9796-4ac6-9c48-2bcaa46353731/nextcloud-data/ -R

Lastly, you need to edit the config.php file.

sudo nano /var/www/nextcloud/config/config.php

Find the following line and change the value of datadirectory.

'datadirectory' => '/var/www/nextcloud-data',

Save and close the file. Reload NextCloud web page and you are done.

Step 7: Increase PHP Memory Limit

The default PHP memory limit is 128MB. NextCloud recommends 512MB for better performance. To change PHP memory limit, edit the php.ini file.

sudo nano /etc/php/8.1/fpm/php.ini

Find the following line. (line 409)

memory_limit = 128M

Change the value.

memory_limit = 512M

Save and close the file. Alternatively, you can run the following command to change the value without manually opening the file.

sudo sed -i 's/memory_limit = 128M/memory_limit = 512M/g' /etc/php/8.1/fpm/php.ini

Then reload PHP-FPM service for the changes to take effect.

sudo systemctl reload php8.1-fpm

Step 8: Set Up PHP to Properly Query System Environment Variables

Edit the www.conf file.

sudo nano /etc/php/8.1/fpm/pool.d/www.conf

Find the following line (line 396).

;clear_env = no

Remove the semicolon to uncomment this line.

clear_env = no

Save and close the file. Alternatively, you can run the following command to uncomment this line without manually opening the file.

sudo sed -i 's/;clear_env = no/clear_env = no/g' /etc/php/8.1/fpm/pool.d/www.conf

Then reload PHP-FPM service for the changes to take effect.

sudo systemctl reload php8.1-fpm

Step 9: Increase Upload File Size Limit

The default maximum upload file size limit set by Nginx is 1MB. To allow uploading large files to your NextCloud server, edit the Nginx configuration file for NextCloud.

sudo nano /etc/nginx/conf.d/nextcloud.conf

We have already set the maximum file size in this file, as indicated by

client_max_body_size 512M;

You can change it if you prefer, like 1G.

client_max_body_size 1024M;

Save and close the file. Then reload Nginx for the changes to take effect.

sudo systemctl reload nginx

PHP also sets a limit of upload file size. The default maximum file size for uploading is 2MB. To increase the upload size limit, edit the PHP configuration file.

sudo nano /etc/php/8.1/fpm/php.ini

Find the following line (line 846).

upload_max_filesize = 2M

Change the value like below:

upload_max_filesize = 1024M

Save and close the file. Alternatively, you can run the following command to change the value without manually opening the file.

sudo sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 1024M/g' /etc/php/8.1/fpm/php.ini

Then restart PHP-FPM.

sudo systemctl restart php8.1-fpm

Step 10: Configure Redis Cache for NextCloud

If you go to your NextCloud settings -> overview page, you might see the following warning:

No memory cache has been configured. To enhance your performance please configure a memcache if available.

We will enable memory caching for nextCloud by using Redis. Run the following command to install Redis server from Ubuntu repository.

sudo apt install redis-server

You can check the version with:

redis-server -v

Sample output:

Redis server v=5.0.7 sha=00000000:0 malloc=jemalloc-5.2.1 bits=64 build=636cde3b5c7a3923

Now we can check if redis server is running.

systemctl status redis

Hint: If the above command didn’t quit immediately, you can press the Q key to gain back control of the terminal.

From the above screenshot, we can see that it’s running and auto-start is enabled. If for any reason it’s not running, execute the following command:

sudo systemctl start redis-server

And if auto-start at boot time is not enabled, you can use the following command to enable it:

sudo systemctl enable redis-server

In order to configure Redis as a cache for nextCloud, we need to install the PHP extension for interfacing with Redis.

sudo apt install php-redis

Check if the extension is enabled.

php --ri redis

We can see that Redis extension is enabled. If it’s not enabled, run the following command:

sudo phpenmod redis

Next, edit nextCloud configuration file.

sudo nano /var/www/nextcloud/config/config.php

Add the following lines above the ending ); line.

'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.local' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
     'host' => 'localhost',
     'port' => 6379,
     ),

Save and close the file. Then restart Nginx and PHP-FPM.

sudo systemctl restart nginx php7.4-fpm

Now go to NextCloud settings -> overview page again and refresh the web page, the warning about memory caching should be gone.

Adding Missing Indexes

If you see the following message in the NextCloud Settings -> Overview page,

The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically.

Then you need to manually add those indexes. Change to the Nextcloud webroot directory.

cd /var/www/nextcloud/

Run the following command to add indexes to the Nextcloud database.

sudo -u www-data php occ db:add-missing-indices

Now if you refresh the NextCloud Settings -> Overview page, the warning about missing indexes should be gone.

Conversion to Big Int

If you see the following message in the NextCloud Settings -> Overview page,

Some columns in the database are missing a conversion to big int. Due to the fact that changing column types on big tables could take some time they were not changed automatically.

Then you need to manually change the column type. Change to the Nextcloud webroot directory.

cd /var/www/nextcloud/

Change your Nextcloud into maintenance mode to prevent users from logging in and making changes.

sudo -u www-data php occ maintenance:mode --on

Then run the following command to change the column type.

sudo -u www-data php occ db:convert-filecache-bigint

Once it’s done, switch off the maintenance mode.

sudo -u www-data php occ maintenance:mode --off

Now if you refresh the NextCloud Settings -> Overview page, the warning about big int should be gone.

How to Install NextCloud Client on Ubuntu 20.04 Desktop

Run the following commands on Ubuntu 20.04 desktop to install the client from the default repository.

sudo apt install nextcloud-client

NextCloud Client on Ubuntu 20.04

Client software for macOS, Windows, Android and iOS can be found on the Nextcloud download page.

How to Enable OnlyOffice/Collabora Online

By default, Nextcloud ships with support for OnlyOffice, which an online office suite that allows you to edit your doc, ppt, xls files directly from NextCloud. We only need to install an app to use this feature. Go to Nextcloud Apps -> Office & Text. Find and enable the community document server app.

Now when you click the add button (+) in Nextcloud, you will be able to create Word, spreadsheet and presentation documents right from your Nextcloud server.

However, I found this app isn’t very reliable. And the community edition allows only 20 users at most. You need to purchase an enterprise edition if you have more than 20 users. There’s another open-source LibreOffice-based online office suite called Collabora Online that has the same functionality, but without the limitation on the number of users. You can read the following article to integrate it with Nextcloud.

• Integrate Collabora Online with Nextcloud on Ubuntu with Docker

Adding Local DNS Entry

It’s recommended to edit the /etc/hosts file on your Nextcloud server and add the following entry, so that Nextcloud itself won’t have to query the public DNS, which can improve the overall stability. If your Nextcloud server can’t resolve the nextcloud.example.com hostname, then you may encounter a 504 gateway time out error.

127.0.0.1   localhost nextcloud.example.com

An IP address in the /etc/hosts file can have multiple hostnames, so if you have other applications installed on the same box, you can also add other hostnames or sub-domains on the same line like this:

127.0.0.1   localhost focal ubuntu nextcloud.example.com collabora.example.com

Using Cron to Run Background Jobs

By default, Nextcloud uses AJAX to execute one task with each page load. You can use the more efficient system cron service to run background jobs. Go to Nextcloud Settings -> Basic Settings and select Cron.

Next, edit the www-data user’s crontab file.

sudo -u www-data crontab -e

Add the following line in this file, so the cron job will run every 5 minutes.

*/5 * * * * php7.4 -f /usr/share/nginx/nextcloud/cron.php

Save and close the file.

(Optional) Prevent Malicious Login Attempts

If your computer has a static public IP address, you can create an IP whitelist in the Nginx config file.

sudo nano /etc/nginx/conf.d/nextcloud.conf

Add the following lines in the SSL server block to restrict access to the /login URL, so only your IP address can access this URL. Replace 78.56.34.12 with your own IP address.

location ~* ^/login{
       try_files $uri /index.php;
       include fastcgi_params;
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       #Avoid sending the security headers twice
       fastcgi_param modHeadersAvailable true;
       fastcgi_param front_controller_active true;
       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
       fastcgi_intercept_errors on;
       fastcgi_request_buffering off;

       allow 78.56.34.12;
       deny all;
}

Save and close the file. Then test Nginx configuration.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

If you don’t have a static IP address on your home network, you can set up a VPN server in a data center.

Troubleshooting Tips

If you encounter errors, you can check one of the following log files to find out what’s wrong.

• Nginx error log: /var/log/nginx/error.log
• Nginx error log for the Nextcloud virtual host: /var/log/nginx/nextcloud.error
• Nextcloud application log: /usr/share/nginx/nextcloud/data/nextcloud.log

For example, I once had an “Internal Server Error” on my Nextcloud instance and the /var/log/nginx/nextcloud.error file told me that

FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught OC\HintException: [0]: Memcache \OC\Memcache\Redis not available for local cache (Is the matching PHP module installed and enabled?)

It turned out that because I used the ppa:ondrej/php PPA on my Ubuntu server,  I also need to install php7.4-redis in addition to the php-redis package.

Upgrading Nextcloud

It’s important to keep your Nextcloud server up to date with the latest security and bug fixes. Read the tutorial below to learn how to upgrade Nextcloud.

• 2 Ways to Upgrade Nextcloud [Command-Line & GUI]

Wrapping Up

I hope this tutorial helped you install NextCloud on Ubuntu 20.04 server with Nginx. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂