Installing Nextcloud on Ubuntu with Redis, APCu, SSL & Apache

In 2016, the self-hosted community witnessed the public launch of Nextcloud, a vastly-improved fork of ownCloud. Having almost finished migrating data on my home server to Nextcloud and experimenting with some of the more optional features such as caching, pretty links, theming and more, I felt it would be a good time to document some of this in one simple-to-follow guide.

1. What is Nextcloud?

As mentioned above Nextcloud is a fork of ownCloud that has becoming the better and faster-developed alternative to the self-hosted cloud storage software of old. If you’re an ownCloud user and have ever been frustrated by the dual licenses, the paid vs free model and – as part of it – lack of some of the better features, Nextcloud have gone completely FOSS (Free and Open-Source Software) following the Red Hat model of charging for enterprise support rather than enterprise features.

Some of the previously enterprise-only features released as part of the standard FOSS Nextcloud installation include FileDrop, an alternative to Dropbox’s “File Requests”, LibreOffice online (Collabora), an alternative to Google Docs or Office Online, two-factor authentication, improved federation and more.

2. In this guide

After completing this guide we’ll have the following:

  • A newly installed Nextcloud server
  • PHP caching provided by ACPu and Redis for a notable speed increase when navigating even the largest thumbnail-heavy folders
  • Pretty links that remove /index.php from the URL
  • SSL-enabled with default self-signed certificates and all non-HTTPS traffic redirected

2.1. Installation URL

This guide assumes Nextcloud will be accessed via url.com/nextcloud. If Nextcloud should be accessed on the root of the domainurl.com, keep in mind the following:

  • Any vhost entries in Apache configs referring to the directory path /var/www/html should be changed to /var/www/html/nextcloud
  • The Nextcloud config.php base URL should be changed from '/nextcloud' to '/'
  • Lets Encrypt will work, however the .well-known directory will need to be moved out and back in to the nextcloud directory before and after an upgrade respectively to avoid an integrity check error.

3. Environment

For this guide Nextcloud will be installed on a remote Ubuntu VM, however it can equally be installed on a local Ubuntu server, a Raspberry Pi or a Linux Container such as Docker or LXD.

3.1. Hardware

Nextcloud don’t provide a lot of detail for minimum recommended spec, only advising 512MB of RAM. As the server is a full VM and not simply a container, we’ll provide a bit of a buffer to avoid any possible contention.

  • 1GHz CPU
  • 1GB RAM
  • 20GB HDD

20GB of disk will be enough for this guide, but naturally the amount chosen should reflect the amount of data to be stored. Furthermore, if redundancy isn’t offered as standard it’s always a good idea to mirror/RAID the storage area to avoid downtime as best as possible. Typically this is only a consideration required with dedicated servers, but there’s no harm in checking.

3.1.1. Plan backups

No matter what level of redundancy is set up, it’s not a replacement for a good backup strategy. Never assume data is safe in a remote datacentre as usually providers offer no liability or responsibility for lost data should a server fail.

3.1.2. Nextcloud is not a backup solution

Nextcloud is a not a replacement for typical backup solutions or processes but rather a tool for collaboration and sharing. Do not rely on it as the sole solution for protecting your data.

3.2. Software

  • Ubuntu server (LTS preferred) with root (sudo) access
  • Apache2
  • PHP 7
  • mySQL / MariaDB
  • The latest version of Nextcloud (this guide has been tested as far back as v.9 however)

Besides the above-mentioned packages and their respective dependencies, we should aim to keep the amount of additional software installed to a minimum; the Ubuntu-minimal image is a good place to start here as it requires adding packages after installation rather than sifting through and removing those that aren’t required. From a security perspective this is advised in order to lower to attack surface should an exploit allow a 3rd party to gain shell access to the server – the fewer additional services an attacker can latch onto, the lower the chance of gaining root and doing any real damage. In this case, the VPS provider offers a relatively minimal install, meaning there’s no requirement to upload an Ubuntu-minimal ISO to install from.

Due to the advanced requirements in this guide, root/sudo access to the Ubuntu instance is mandatory.

4. Setting up the environment

For those with a functioning Ubuntu server and required components, please skip to step 4.1.

First we need to spin up a VM or container, examples of which are as follows:

Once the server is setup and we’re logged in, we can continue.

4.1. Update the server & install LAMP, APCu, Redis

As this is a brand new installation based on images that likely don’t update very often, it’s a good idea to upgrade the server before we begin:

sudo apt update && sudo apt upgrade

img.6

When the update has completed, it’ll provide a list of packages to be upgraded. Providing we’re happy with what we see, tap Enter.

img.7

With the server updated, if one doesn’t already exist, a non-root user should be created with sudo privileges and the root account should disabled, once complete we’ll now install the required components for Nextcloud:

sudo apt install lamp-server^

4.1.1. Meta packages

The use of ^ (caret) in the package name is important. It suggests that the installed package is a ‘meta-package’, meaning a number of programs that are usually installed together.

This command will install Apache, MySQL and PHP along with several PHP/Apache modules to ensure seamless collaboration between the packages. Once happy with the package selection to be installed, tap Enter.

img.9

MySQL will request a root user password. Ensure this is strong and keep the password safe; losing it can cause all manner of issues.

img.10

Once installed, we’ll now install APCu and Redis:

sudo apt install php-apcu redis-server php-redis

Confirm the packages to be installed match expectations and hit Enter.

img.12

Finally, we’ll install the minimal Nextcloud PHP modules required not to error during installation (more can be enabled later):

sudo apt install php-zip php-dompdf php-xml php-mbstring php-gd php-curl unzip

img.16

And enable a few apache modules to support our configuration:

sudo a2enmod rewrite headers env dir mime

Now we’ll restart Apache:

sudo service apache2 restart

img.19

Before moving on check via a browser that Apache is up and running

img.13

4.2. Enable SSL

With the server currently running over HTTP port 80, we can now additionally configure SSL to ensure the Nextcloud installation is secure.

4.2.1. Let’s Encrypt

Let’s Encrypt offers completely free SSL certificates for securing websites. The client is entirely command line based offering simple setup and automated renewal via cron.

First, choose a location (such as /home/user/), download the Let’s Encrypt client and set it as executable:

sudo wget https://dl.eff.org/certbot-auto && sudo chmod a+x certbot-auto

Next, run the client:

sudo ./certbot-auto --apache --agree-tos --rsa-key-size 4096 --email user@domain.org --redirect -d nc.domain.org

Where:
--apache uses the Apache plugin to fully setup and integrate with the existing Apache configuration
--agree-tos simply pre-agrees to the TOS, preventing it popping up during installation
--rsa-key-size defines the length (and therefore security) of the RSA key. Default is 2048.
--email is the email address to register against the certificate (used for reminders by Let’s Encrypt)
--redirect will create both the SSL virtualhost configuration file and add a redirect for HTTP traffic to HTTPs (80 to 443)
-d is the domain to secure

On first run the Let’s Encrypt certbot will install all required dependencies (following approval), however with the added flags above, will not require any further input to set everything up.

lesetup

Navigating now to the domain allocated to the server will show an SSL-enabled website! If the browser complains the site is not fully protected at this point, it’s due to the default Apache landing page requesting content over HTTP and not an issue with the certificate.

That’s all there is to it. Let’s Encrypt handles everything from certificate generation to Apache configuration, meaning nothing needs to be done beyond what’s documented above. The manual process (below) is far more involved.

One step from the manual process which is recommended is to add the following snippet to the Let’s Encrypt-created vhost.conf file in the same way as is documented in 4.2.2 below:

     <Directory /var/www/html/>
       Options +FollowSymlinks
       AllowOverride All

      <IfModule mod_dav.c>
        Dav off
      </IfModule>

       SetEnv HOME /var/www/html
       SetEnv HTTP_HOME /var/www/html
     </Directory>

     <IfModule mod_headers.c>
          Header always set Strict-Transport-Security "max-age=15768000; preload"
     </IfModule>

The text above may be pasted under the ServerName line in the file located at:

/etc/apache2/sites-available/000-default-le-ssl.conf

As the certificate currently expires after 90 days by default, to automatically renew the certificate let’s create a cronjob:

sudo crontab -e

This will open the crontab file for the root user (as sudo was used) meaning sudo (and as such, password authentication) won’t need to be used when running the renew command. Add the following line to the crontab file:

0 0 * * 0 /home/jason/certbot-auto renew

Edit the area in bold, then Ctrl + X to quit followed by Y to save the file.

Skip 4.2.2 and continue to Installing Nextcloud.

4.2.2. Manual

We’ll begin by enabling the SSL module for Apache:

sudo a2enmod ssl

Apache sets up self-signed certificates as part of the installation, so for this guide we’ll use those. They can be replaced at any time with functioning 3rd party certificates by editing the vhost file we’ll create next. It’s highly recommended they’re switched sooner rather than later.

sudo vim /etc/apache2/sites-available/nextcloud.conf

Insert the following (all items in bold can be changed to suit the environment):

<IfModule mod_ssl.c>
   <VirtualHost _default_:443>

     ServerAdmin you@domain.org
     ServerName nc.domain.org
     DocumentRoot /var/www/html

     <Directory /var/www/html/>
       Options +FollowSymlinks
       AllowOverride All

      <IfModule mod_dav.c>
        Dav off
      </IfModule>

       SetEnv HOME /var/www/html
       SetEnv HTTP_HOME /var/www/html
     </Directory>

     <IfModule mod_headers.c>
          Header always set Strict-Transport-Security "max-age=15768000; preload"
     </IfModule>

     SSLEngine on
     SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
     SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

   </VirtualHost>
</IfModule>

Save and quit, then enable the new configuration:

sudo a2ensite nextcloud.conf

Now restart Apache:

sudo service apache2 restart

SSL should now be enabled, allowing us to navigate to https://nc.bayton.org when we install Nextcloud later. Of course the page will show an error as the certificates are not trusted. Let’s Encrypt offer free SSL certificates and Mozilla offer a tool to help correctly set up SSL on the server. Check them out for more information.

Optionally, we can also force a redirect from non-SSL to SSL with the following:

sudo vim /etc/apache2/sites-available/nc-redir.conf

Insert the following (all items in bold can be changed to suit the environment):

<VirtualHost *:80>
   ServerName nc.domain.org
   ServerAdmin you@domain.org

   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

Save and quit, then enable the new configuration:

sudo a2ensite nc-redir.conf

Then disable the default configuration:

sudo a2dissite 000-default.conf

Then restart Apache:

sudo service apache2 restart

With that, all traffic will be forced to HTTPS.

img.29

5. Install Nextcloud

With the server environment ready (excluding some final NC-related configurations) we’ll move on to installing Nextcloud itself.

5.1. Download Nextcloud

Change to the webroot directory at /var/www/html with cd /var/www/html

Download Nextcloud via command line with sudo wget https://download.nextcloud.com/server/releases/latest.zip
NB: future and previous versions can be obtained from Nextcloud.

Unpack the compressed zip with sudo unzip latest.zip

img.14

As shown above with ls there’s now a nextcloud folder situated under /var/www/html/ but currently root owns it. We can change that:

sudo chown -R www-data:www-data /var/www/html/nextcloud

Now the Apache account, www-data, will have write-access to the Nextcloud installation directory.

5.2. Create the Nextcloud database

5.2.1. This is optional

By default, Nextcloud can create a database and database user when supplying the root user and password in the Nextcloud web-based installer. The following steps are intended for either someone who wants to create their own database or does not want to supply Nextcloud with the root account credentials.

Before switching to Chrome to run the web-based installer, we’ll first create a database.

We can open a session with mysql by running the command mysql -u root -p and providing the root password we entered earlier.

img.17

Now we’ll create a dedicated database and user for Nextcloud with the following commands:

CREATE DATABASE nextcloud;
CREATE USER 'ncuser'@'localhost' IDENTIFIED BY 'ncpassword';
GRANT ALL PRIVILEGES ON nextcloud . * TO 'ncuser'@'localhost';

Then exit the mysql session with quit

img.18

5.3. Install Nextcloud

Open up a browser and navigate to ip-or-hostname/nextcloud. Hopefully by this point a DNS entry has propagated; we’ll navigate to nc.domain.org/nextcloud to continue installation.

img.20

Success! The Nextcloud installation screen is there and showing no errors. Installation from here is simple:

  1. Provide a username and secure password for the admin account.
  2. Select a location for the data directory.
  3. Provide the database user we configured earlier: ncuser
  4. Provide the database user password: ncpassword
  5. Provide the database name: nextcloud
  6. Confirm the database is on localhost (it is).

When selecting a location for the data directory, keeping it in the webroot is really only OK providing .htaccess rules work. If they do not, as is the case at this point due to the way Apache is setup by default, or fail at any point in the future, the data directory will be publicly visible. We don’t want that.

Ideally it’s best practice to situate the data directory outside of /var/www/ in a location inaccessible for guests browsing the website. Where it’s ultimately placed is at the discretion of the administrator, though ensure the user www-data can write to it in its final location with:

sudo chown -R www-data:www-data /path/to/data

Scroll down and click Finish Setup.

img.21

6. Configuration

As it stands currently, Nextcloud isn’t very happy.

img.22
Ignore the HTTP error, this will disappear when we access the site over HTTPS.

6.1. Enable .htaccess

The .htaccess file doesn’t work because we’ve put Nextcloud in the main /var/www/html webroot controlled by the apache.conf file. By default it is set to disallow .htaccess overrides and we’ll need to change that:

sudo vim /etc/apache2/apache2.conf

Then change

<Directory /var/www/>        
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

To

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

Save and quit, then restart Apache with:

sudo service apache2 restart

6.2. Enable caching

The difference in speed between a Nextcloud server without cache and one with is huge. Particularly as the file and folder counts increase and more multimedia files make their way onto the server, caching becomes increasingly important for maintaining speed and performance. ACPu will handle a lot of the caching initially, leaving Redis to manage file locking. As the server grows and ACPu demands more resources, we could configure Redis to take a more active role in distributed caching. Having installed both APCu and Redis earlier, we’ll now configure them.

First, open the Redis configuration file at /etc/redis/redis.conf

sudo vim /etc/redis/redis.conf

Now, find and change:

port 6379 to port 0

Then uncomment:

unixsocket /var/run/redis/redis.sock
unixsocketperm 700 changing permissions to 770 at the same time: unixsocketperm 770

Save and quit, then add the Apache user www-data to the redis group:

sudo usermod -a -G redis www-data

Finally, restart Apache with:

sudo service apache2 restart

And start Redis server with:

sudo service redis-server start

With Redis configured, we can add the caching configuration to the Nextcloud config file:

sudo vim /var/www/html/nextcloud/config/config.php

img.23

Add the following:

'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => 'true',
'redis' => 
array (
'host' => '/var/run/redis/redis.sock',
'port' => 0,
'timeout' => 0.0,
),

A reboot may be required before the configuration change takes effect, but before we do we’ll make sure Redis is enabled to start on boot with:

sudo systemctl enable redis-server

Caching is now configured.

With both of these now resolved, the admin interface is looking a lot healthier:

img.30

Much like theming, pretty links aren’t mandatory, but they add to the overall aesthetics of the server.

Most of the hard work was already done during the setup of the environment with the enabling of mod_env and mod_rewrite, however to complete the removal of index.php in every URL, re-open the Nexcloud config file:

sudo vim /var/www/html/nextcloud/config/config.php

Add 'htaccess.RewriteBase' => '/nextcloud', (where nextcloud is the URL location – domain.com/nextcloud – of the installation) below one of the existing configuration options, for example:

Finally, from /var/www/html/nextcloud, run:

sudo -u www-data php occ maintenance:update:htaccess

From:

img.25

To (don’t simply refresh the page, remove index.php from the URL and load the page again, otherwise it looks like it doesn’t work):

img.26

6.4. Max upload

Until we try to upload files this is easy to miss. By default PHP ships with a file-upload limitation reminiscent of file sizes in the early 2000’s – 2MB. As we’re installing a personal cloud that may hold on to files gigabytes in size, we can change the PHP configuration to allow far more flexibility.

Open the php.ini file (7.0 may need to be replaced with a newer version of PHP, like 7.2):

sudo vim /etc/php/7.0/apache2/php.ini

Locate and amend:

upload_max_filesize = 2048M
post_max_size = 2058M

The max size can be tweaked to suit, however be sure to always give post_max_size a bit more than upload_max_filesize to prevent errors when uploading files that match the maximum allowed upload size.

Restart Apache:

sudo service apache2 restart

Log into the admin area of Nextcloud, navigate to additional settings and ensure the max upload setting there reflects the change made to the php.ini file (in this example, 2GB):

filehandling

6.5. Nextcloud 12+ PHP Opcache

From Nextcloud 12, additional configuration is required in order to correctly setup PHP Opcache. The following error displays until this is completed:

Re-open the php.ini file:

sudo vim /etc/php/7.0/apache2/php.ini

At the bottom of the file, add the following, as displayed above:

; Nextcloud Opcache settings
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

Save the file and restart Apache:

sudo service apache2 restart

On refreshing the browser, the warning should no longer be there.

6.6. Server-side encryption (optional)

As we’re running our Nextcloud installation on a remote host, far outside the confines of our internal network, it’s a good opportunity to enable server-side encryption. This guarantees that should anyone gain access to the data hosted on the server, file contents won’t be readable.

6.6.1. Encryption can lead to data loss

Encryption is a complex topic and getting this wrong will lead to data loss. Generally, using Nextcloud server-side encryption is not needed or recommended and instead you should strongly consider client-side encryption, or other methods of enforcing OS filesystem encryption instead. Continue at your own risk.

First we’ll enable the default encryption app:

  1. Click the Files link and switch to Apps
  2. Click Not enabled from the side-menu
  3. Click Enable on the Default encryption module

img.32

Next we’ll log into the Nexcloud administration area and navigate to Server-side encryption. Click Enable server-side encryption:

img.31

After reading through the warnings, click Enable encryption. We now need to log out and back in:

img.33

After logging back in and returning to this area, it will be possible to create a global recovery key:

img.34

However, if a global recovery key is considered too all-powerful, individual users may also recover encrypted files with their password by setting the following option to Enabled in Personal located when clicking the username in the top-right of the screen:

img.35

All data will now be encrypted at rest, as well as protected in transit when using SSL.

7. Conclusion

So following this guide we now have a new server running Nextcloud on Ubuntu supporting both caching and pretty links.

While this is yet another long-winded guide, as usual there’s nothing here I would consider to be overly complex which, for a platform that empowers self-hosting data, is a big plus over other solutions.

Want to know more about Nextcloud? Visit nextcloud.com or their thriving support community at help.nextcloud.com. I’m @JasonBayton there if you’d like to start a discussion about this guide or Nextcloud in general!

I hope this guide has been helpful, as always I’m @jasonbayton on Twitter, @bayton.org on Facebook and will also respond to comments below if you have any questions. I’d also like to know if you successfully installed Nextcloud following this guide, leave a comment below!


Tweet this! + this! Share this on LinkedIn! Share this on Facebook! Post this to Reddit!

Jason Bayton

I’m an accredited mobile technology & EMM (MDM) specialist with an interest in Linux, Virtualisation, Hosting, Disaster Recovery, Internet of Things, Web Development and Open Source. I play the Sousaphone, too!

Comments

  1. I have used your guide for nextcloud numerous times and it is nothing short of perfect thank you. Working on a long script to do it for me next time if i get it working ill post it to my GitHub

  2. Lee says:

    @jason First off, thank you for the awesome guide!

    I am running Nextcloud locally and plan on only accessing it through a VPN but while away so I skipped the part of your guide for setting up SSL (I tried it one time but received an error, probably due to not having a domain configured). The only issue is I can’t get rid of “Accessing site insecurely via HTTP. You are strongly adviced to set up your server to require HTTPS instead” message.

    I also noticed that after setting up the Max Upload per your instructions and visiting the section additional settings , it still shows the default 511 MB.

    Any suggestions?

  3. Hi @junior466,

    That alert is there for a reason… if you’re not wanting to set up SSL (which internally accessed via VPN is understandable) then just ignore it; it doesn’t impact your setup in any meaningful way other than to remind you it’s not a secure connection.

    For the upload, you need to change 511 to 2GB as per the image. If on refresh it changes back, it may not be updating your .htaccess file located in the nextcloud folder (which you can edit manually).

  4. Ollie E says:

    Thank you for this excellent guide! I tried a few other step-by-step procedures for installing Nextcloud on Ubuntu and they all failed. Yours worked great, even with 18.04.

  5. Adam says:

    I am using your guide again to boot up a new ubuntu server and was able to get everything working except for apache. It may be because I am trying to have the root domain load as the nextcloud server (e.g. https://example.com).

    I believe that letsencrypt won’t authorize root domain cert unless i use the --webroot tag instead of the --apache flag. i have a public dns cname record that I can access the server from without ssl cert, but if i try and access from root domain I get an error that says “This page isn’t working – ERR_TOO_MANY_REDIRECTS”.

    it looks as though the nextcloud instance is working fine and i can see that all of the checks have passed in the admin panel, but still stuck on the apache redirect and ssl cert stuff.

    I am wondering if you have any experience with this?

  6. Hmm, I can’t say I’ve seen or experienced this, but there have been a lot of recent changes with LE which may be causing issues. I’ll try to replicate.

    You’ll I guess need to fall back to the manual SSL method instead

  7. Adam says:

    Thank you for getting back to me. I am wondering if there is a way to completely start over with the installation? Nextcloud seems to be working totally fine, but I am wondering if you have any suggestions on how to uninstall apache and all of LE and start over from scratch just doing it manually?

    I am having a little difficulty with the --webroot stuff, but basically just bought a throw away .io domain that I want it to only be used for a temporary nextcloud account for a software cohort that start next week.

    thanks so much for any suggestion or guidance you can provide.

  8. There’s really no need to start from scratch. I’ll get some commands and such together based on the manual SSL steps when I’m free later :slight_smile:

  9. Adam says:

    Awesome. Thank you so much! I am using CloudFlare as my DNS/Nameserver and turned off all of their built in SSL stuff because I would rather have it done on the server. I can access the Nextcloud instance with the direct server DNS name, but does now work if I try to point it to my root domain. I get errors that there were “Too Many Redirects”. Would it be helpful to post my logs or my current Apache settings somehow?

  10. Fantastic write-up! I have been trying to install Nextcloud for a
    couple of years now by using various guides found online but none of
    them came close to how well documented this guide is. Well done sir!
    Altough it is pretty well documented and the resulting setup is as close
    to “production-ready” as it could be, there are a few things that could
    be improved in to make it a true step-by-step for dummies guide. If I
    may comment on these shortcomings, then perhaps you could revisit the
    guide to make changes or explain what needs to be configured here.
    Disclaimer: I am by no means Linux savvy.

    @ 2.1. Installation URL.
    This
    part is very unclear. It assumes you understand what is being set from
    the get go and so i dismissed this part hoping the next steps will
    inform me of what choices in need to make ad-hoc

    @ 4.2.1. Let’s Encrypt.
    This
    part was very straight forward but could use a little bit of detail to
    help those whose nextcloud server is behind a firewall. When Let’s Crypt
    communicates back with the nextcloud server, it will attempt to do so
    via http (port 80). If the nextcloud server is behind a NAT’ed firewall
    then an http rule should be created. Also, once https has been enabled
    in Apache and a certificate has been generated, a new firewall rule to
    enable https (port 443) traffic should be created.

    @ 4.2.1. Let’s Encrypt. - Continued
    Below
    the screenshot of putty, you mention the following: “One step from the
    manual process which is recommended is to add the following snippet to
    the Let’s Encrypt-created vhost.conf file in the same way as is
    documented in 4.2.2 below” This part is confusing because I don’t know
    whether this should be executed after executing ./certbot-auto or
    whether it should be executed if you’re following the manual process.
    Also, it is confusing which file needs to be modified. You mention the
    Let’s Encrypt-created vhost.conf file in one place and then the
    /etc/apache2/sites-available/000-default-le-ssl.conf file in another.

    I
    opted to modify the
    /etc/apache2/sites-available/000-default-le-ssl.conf file by issuing
    sudo vim /etc/apache2/sites-available/000-default-le-ssl.conf, added the
    described snippet and when it came time to save the file, i got an
    error that it was read-only. No matter what I tried, I wasn’t able to
    modify the file.

    In the end, i skipped this step. Let’s Encrypt
    cert was issued and tested to work successfully. I still would have like
    to to add the snippet mentioned, though.

    As for the sudo crontab
    -e part, once I executed the command all I got was 4 options to chose
    from (no previous jobs have been created for su). There wasn’t any
    documentation for what option to select so i skipped this. Just one more
    remark regarding the cron job, doesn’t the ./certbot-auto command take
    care of creating a certificate auto update job as well? If so, then the
    argument to run crontab should be moved to the manual install section,
    no?

    @ 4.2.2. Manual
    I skipped all of this, FYI.

    @ 5.3. Install Nextcloud
    You
    mention the following: “When selecting a location for the data
    directory, keeping it in the webroot is really only OK providing
    .htaccess rules work. If they do not, as is the case at this point due
    to the way Apache is setup by default, or fail at any point in the
    future, the data directory will be publicly visible. We don’t want
    that.”

    This is another confusing entry in the guide. Only after
    completing the complete installation guide did I notice that I need to
    type in /nextcloud at the end or the URL in order to access Nextcloud.
    This is probably because i left the location for the data directory set
    to default during the Nextcloud installation on the website. So now I
    currently have a Nextcloud installation that can only be accessed
    through https:///nextcloud and the default webserver
    page on https:/// displays the Apache welcome screen.

    Is
    there any way to change this behaviour now that the installation is all
    don or do I need to start from scratch? Also, what and where is this
    .htaccess file that is mentioned? Is it in the default Apache
    directories or in the nextcloud directory found under
    /var/www/html/nextcloud/? Really confusing :frowning:

    @ 6.3. Pretty links
    I
    am very uncertain as to where the line ‘htaccess.RewriteBase’ =>
    ‘/nextcloud’, should be added in the
    /var/www/html/nextcloud/config/config.php file. I tried googling
    examples for this type of line but didn’t get any useful hits. Could you
    perhaps share a screenshot? Another thing that confuses me here is the
    mention of “where nextcloud is the URL location – domain.com/nextcloud – of the installation”. Does this mean that the line should read ‘htaccess.RewriteBase’ => ‘<mydomain.com>/nextcloud’ ?? One more step that I skipped due to uncertainty.

    I
    really can’t explain enough how thankful I am to the research and
    effort that you put into making this guide. Had it not been for this
    guide I would certainly have given up again and waited for Nextcloud to
    be more install friendly. As i mentioned in the start, the resulting
    installation is as close to perfect as it can get and that is thanks to
    you.

    I hope you can share a few minutes of your time, at your earliest convenience, to help iron out the last few bits and bobs.

  11. Arthur says:

    What an amazing guide thanks @Bayton. Been looking for this for weeks. … I have an issue and I hope you can point me into the right direction and in advance sorry if the resolution is obvious I am no expert.

    I have successfully installed nextcloud but I am unable to download or upload any files. I get “Redis server went away” on top of the page when I try and brows to upload.

    I also see loads of these errors in the log file:

    "Error PHP Redis::connect(): connect() failed: No such file or directory at /var/www/html/nextcloud/lib/private/RedisFactory.php#84

    here is my

    /var/www/html/nextcloud/lib/private/RedisFactory.ph file looks like this from line #84:

    $this->instance->connect($host, $port, $timeout);
    if (isset($config[‘password’]) && $config[‘password’] !== ‘’) {
    $this->instance->auth($config[‘password’]);
    }

                        if (isset($config['dbindex'])) {
                                $this->instance->select($config['dbindex']);
                        }
                }
        }
    

    here is my var/www/html/nextcloud/config/config.php

    ?php
    $CONFIG = array (
    ‘instanceid’ => ‘xxxxx’,
    ‘passwordsalt’ => ‘xxxxx/xxx/xx’,
    ‘secret’ => ‘xxxx+xxxxxx’,
    ‘trusted_domains’ =>
    array (
    0 => ‘192.168.254.32’,
    ),
    ‘datadirectory’ => ‘/var/www/html/nextcloud/data’,
    ‘overwrite.cli.url’ => ‘http://192.168.254.32/nextcloud’,
    ‘dbtype’ => ‘mysql’,
    ‘version’ => ‘13.0.2.1’,
    ‘dbname’ => ‘nextcloud’,
    ‘dbhost’ => ‘localhost’,
    ‘dbport’ => ‘’,
    ‘dbtableprefix’ => ‘oc_’,
    ‘mysql.utf8mb4’ => true,
    ‘dbuser’ => ‘xxxx’,
    ‘dbpassword’ => ‘xxxx’,
    ‘installed’ => true,
    ‘memcache.local’ => ‘\OC\Memcache\APCu’,
    ‘memcache.locking’ => ‘\OC\Memcache\Redis’,
    ‘filelocking.enabled’ => ‘true’,
    ‘redis’ =>
    array (
    ‘host’ => ‘/var/run/redis/redis.sock’,
    ‘port’ => 0,
    ‘timeout’ => 0.0,
    ),
    ‘loglevel’ => 0,
    );

  12. OK, so if you have the additional LE apache config, you can disable it with sudo a2dissite ssl-le-apache.conf (or whatever the name would be, you can validate with ls -l /etc/apache2/sites-available)

    Or you can edit it, whichever you prefer…

    On the SSL, the command I use for all of my domains is:

    sudo /etc/certbot-auto certonly --rsa-key-size 4096 --webroot -w /var/www/ -d domain.com

    What this does is set the webroot as /var/www (which creates a validation folder within, so has to be public facing), you’re asking only for the cert and no Apache integration, and when it’s complete it’ll output the certs to /etc/letsencrypt/live/domain-0001 (where domain-0001 is whatever the domain is).

    You can then use the following as an example of the VHOST I use for my Apache config:

    <VirtualHost *:443>
    SSLEngine On
    SSLProxyEngine On
    SSLCertificateFile /etc/letsencrypt/live/domain.com-0001/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.com-0001/privkey.pem
    
    DocumentRoot /var/www/
    ServerName domain.com
    
    <Directory /var/www/>
           Options +FollowSymlinks
           AllowOverride All
    
          <IfModule mod_dav.c>
            Dav off
          </IfModule>
    
           SetEnv HOME /var/www
           SetEnv HTTP_HOME /var/www
         </Directory>
    
    <IfModule mod_headers.c>
          Header always set Strict-Transport-Security "max-age=15768000; preload"
    </IfModule>
    
    <IfModule mod_headers.c>
                    Header set Content-Security-Policy: "font-src https: data:;"
                    # `mod_headers` cannot match based on the content-type, however,
                    # the `Content-Security-Policy` response header should be send
                    # only for HTML documents and not for the other resources.
                    <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
                            Header unset Content-Security-Policy
                    </FilesMatch>
    </IfModule>
    
    </VirtualHost>
    

    After this you can enable the site, if I called this nc.conf it would be sudo a2ensite nc.conf && sudo service apache2 restart (you can use reload instead of restart, whatever you want).

    Is that helpful?

  13. Hmm, have you checked the permissions… validated the redis conf file?

  14. I don’t understand. It clearly states where Nextcloud is being installed and what needs to change if you want it installed elsewhere. If you skip that then it’ll install to /nextcloud as the guide is written.

    It’s after. If you’re following the guide top to bottom then you would do this after running the above certbot commands. I also suggest adding it to the certbot created file, so there’d be no file if you don’t first run the certbot commands!

    vhost.conf is an example name, then I state it explicitly while editing.

    100% definitely running sudo? Because that should not be happening.

    Indeed, I’m not going to suggest which editor you should use for contab as it’s your choice. Given everything else is vim in the guide though you could have chosen that.

    It does not.

    This is because you didn’t read 2.1.

    Yes, you can read 2.1 and make the relevant changes to the apache vhost.conf files, the Nextcloud config file and restart the Apache server :slight_smile:

    You’re not editing .htaccess directly, so it’s not part of the guide. Normally .htaccess will be located in the root of the install directory, so /var/www/html/nextcloud/ in this case.

    Under any of the existing written lines, it doesn’t matter. I can indeed add a screenshot there to make it clearer though :slight_smile:

    No, I gave you the line to add based on the URL being domain.com/nextcloud. You’d only edit this if you used domain.com/cloud or just domain.com, where the line would read “/cloud” or “/” respectively.

    Hope that helps!

  15. Nicolas says:

    Hi,
    Is it possible to use Ubuntu 18.04 instead of 16.04 ?
    Thank you !

  16. Yes! Should be the same process.

Something to say?

Comment
Previous comments & pings (read only)

122 responses to “Installing Nextcloud on Ubuntu with Redis, APCu, SSL & Apache”

  1. Drump says:

    Hi Jason, Your tutorial is outstanding and I find it works for everyone. Everything works as described except I got an error when I try to use a DNS. I am also following Litecart on ubuntu, What do you recommend?

    • Jason Bayton says:

      By DNS do you mean accessing Nextcloud externally from the internet via a hostname? If so:

      * Ensure your ports are open (http://www.yougetsignal.com/tools/open-ports/)
      * You’ll likely need a Dynamic DNS provider to offer you a URL to connect to
      * If you then want to use your own Domain, CNAME to the DyDNS name

      Otherwise if that’s not the case, could you please be more specific? 🙂

      • Drump says:

        Let me use these steps and update to you, hopefully they will work and I will not have update you. Thanks Jason for your help 🙂

  2. Cezary says:

    adding this ‘htaccess.RewriteBase’ => ‘/nextcloud’, to the config.php doesn’t work for me correctly. the index.php is away now but a lot of icons (searchfield, users, settings) are missed now and the font is different see screenshot. Can’t find the problem???? when i remove the line everything is shown right. https://uploads.disquscdn.com/images/13465683e861d9b88e42f8baa5798426a57ca85316d4700e065507f5f579c165.jpg

  3. Althaea says:

    Thanks Jason very useful article!

  4. Simon says:

    Hi Jason,

    Awesome guide. It was easy and infomative as well.

    The only problem i face is the pretty link. it didnt work for me.

    when i run “sudo -u www-data php occ maintenance:update:htaccess” i got error of not able to access.
    what else must i do?
    Thanks

    • Jason Bayton says:

      Hi Simon, can you output the full error please?

        • Jason Bayton says:

          There’s your issue then – www-data won’t be able to touch .htaccess unless permissions are at least 077x. You can temporarily grant www-data ownership of the file with sudo chown www-data:www-data /path/to/.htaccess and try again

          • Simon says:

            Hi Jason,
            Thanks that works! but now i cant access from my browser. It come back with internal server error. https://uploads.disquscdn.com/images/ec5cf36df02c3442332f74a9601db714931382582d15777c0baa16da2233cfbb.jpg

          • Jason Bayton says:

            What does your apache error log say? /var/log/apache/error.log

          • Simon says:

            Hi Jason,

            This is the error in the log.

            Cannot load Zend OPcache – it was already loaded
            [Fri Aug 04 17:38:07.204964 2017] [mpm_prefork:notice] [pid 1248] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured — resuming normal operations
            [Fri Aug 04 17:38:07.205621 2017] [core:notice] [pid 1248] AH00094: Command line: ‘/usr/sbin/apache2’
            [Fri Aug 04 17:38:39.238901 2017] [core:error] [pid 1292] [client 10.0.0.50:62973] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use ‘LimitInternalRecursion’ to increase the limit if necessary. Use ‘LogLevel debug’ to get a backtrace.

            Thanks in advance

          • Jason Bayton says:

            Interesting, and how does your config.php look? Make sure to remove passwords and such

          • Jason Bayton says:

            Ok cool, your rewrite base is incorrect.

            So if you were to access it on the root domain it should be ‘/’ while if you want to use domain.com/nextcloud it would be ‘/nextcloud’

            This config is only looking for the path respective to the root in Apache.

          • Simon says:

            Hi Jason,

            I try changing it to ‘/’, ‘/public_html’, ‘/domain.com/public_html’, they all have the same error “internal Server Error”
            I think i must have understand something wrongly in your explaination. Sorry for been so newbie 🙂
            Could you point me to the correct rewrite base?
            Thanks

          • Jason Bayton says:

            That’s ok, I could have explained it better.

            If you visit Nextcloud using:

            domain.com or cloud.domain.com or xyz.domain.com

            Then the rewrite base would be ‘/’, because there’s nothing after the domain name.

            If you visit it using domain.com/nextcloud or xyz.domain.com/nextcloud or domain.com/my cloud

            Then the rewrite would be either ‘/nextcloud’, or ‘/mycloud’, depending on the folder Nextcloud is in.

            When you have that, you need to rerun the occ htaccess command to update the configuration, and the server should then stop erroring.

          • Simon says:

            Hi Jason,

            Thanks for the explaination. I understand it now.

            I’ve try /public_html as it is my nextcloud folder but still having the error after i rerun the occ htaccess command.

            when i rerun the command i have this error “Cannot load Zend OPcache – it was already loaded”
            Thanks

          • Jason Bayton says:

            Unless you get to Nextcloud by typing domain.com/public_html then you should be using ‘/’,

            The Zend error doesn’t look like a problem currently.

          • Jason Bayton says:

            Simon not sure if I responded to this, the config is still wrong. /Public_html is likely ‘/’ as you don’t go to domain.com/public_html

  5. Shiroi Tenshi says:

    Hi Jason,
    thanks for the amazing guide
    I just have one problem when I open file or upload gives me this https://uploads.disquscdn.com/images/a8239aa44a3bd1ed82d83b5823c75b4c295858c24be7d3ab95a3190428400b98.png
    and found this in apache2 log
    [authz_core:error] AH01630: client denied by server configuration: /var/www/html/nextcloud/data/ .ocdata
    Thanks

  6. Adam says:

    Have you had any luck getting Nextcloud to connect to an RDS instance? Everytime I try there is an error that states the Nextcloud instance cannot connect – but I can connect to the database just fine. I have used MySQL, MariaDB and Postgres and everytime it has the same issue. I am using the admin log in and password for the environment variables, but just wondering if you have been able to successfully set this up?

    • Jason Bayton says:

      I momentarily thought you were referring to Remote Desktop Services 🙂

      You need to gather some logs for me to gander at please. NC side the NC and webserver logs, RDS the mySQL/mariaDB logs showing connection attempts

  7. Alex Ec says:

    Hey Jason,
    Great post! I could follow everything pretty easily, but I am stuck at 4.2.1 running the client. I don’t know what I need to type in for the domain. I do have a domain (eckertalex.tech), but when I type nc.eckertalex.tech I get the following error

    https://uploads.disquscdn.com/images/0aab9cd41a06036db4cb9fd011b3d14f2da18f99b4eb3e336217c7146bdd244f.png

    What do I need to do in this case?

    Thank you for your help and hopefully this question doesn’t sound too stupid.
    Alex

    • Jason Bayton says:

      Hi Alex,

      For the domain you type in whatever you plan to use for Nextcloud. That could be eckertalex.tech if you plan on using the root for Nextcloud (or eckertalex.tech/nextcloud for example) or nc.eckertalex.tech if you’re using a dedicated subdomain.

      I can’t tell you which to use as it’s not my domain and I don’t know how you’re using it, but that’s how you decide.

      I don’t see an error attached, but I assume it’s failed the challenge. You need to ensure DNS points whatever domain or subdomain to the server and Apache routes it to a location on the server.

    • Jason Bayton says:

      Hi Alex,

      The error is DNS related, that is to say nc.eckertalex.tech hasn’t been created via your DNS provider.

      The domain you use depends on how you set this up. You could use eckertalez.com or eckertalex.com/nextcloud, in which case you’d need to run LetsEncrypt against that root domain. If you want to use cloud.eck.. or nc.eck.. then you’d need to run those, once you set them to point to your server via DNS.

      • Alex Ec says:

        Okay, I added the ipv4 and ipv6 addresses into the DNS zonefile of my website host (gandi). I addded them as A and AAAA, respectively, for the subdomain nc (nc.eckertalex.tech).
        However, when I run LetsEncrypt against that root domain it tells me that I should make sure the A/AAAA records contain the right IP addresses.
        What is the problem here? Do I need to wait 3 hours for the DNS to update?

  8. Alex Ec says:

    Hey Jason,
    Great post! I could follow everything pretty easily, but I am stuck at 4.2.1 running the client. I don’t know what I need to type in for the domain. I do have a domain (eckertalex.tech), but when I type nc.eckertalex.tech I get the following error

    What do I need to do in this case?

    Thank you for your help and hopefully this question doesn’t sound too stupid.
    Alex

  9. Jake Mecham says:

    Absolutely fantastic guide, Jason. As a beginner, I’ve been struggling with nextcloud for the past week. With you guide I got the farthest.

    However, I’m experiencing a problem with Redis.
    https://uploads.disquscdn.com/images/d790e11a2909692139fdb28c97610f09e2834e32f6636bf4975d2154fca4f3c0.png
    https://uploads.disquscdn.com/images/8af7133848ce04786c9ff0f7158e7c87eda82407a1dba547e43d0fb4474174b1.png

    The redis server is running, the config.php file in nextcloud is set up as you describe, I’ve added redis to the www-data group, etc. etc.

    Have any clues?

  10. Michal Tomasek says:

    Hi Jason, firstly I want to say thank you for you tutorial, is amassing and after try many manuals yours is work all great without any issue. one more time thanks for that.
    and now I got 2 question if you can help me is just little tuning for me.
    1) can you tell me how to setup cron for nextcloud ( if is better then ajax)
    2) how to setup or change a access link. ( i mean now I go by https:// xxx.ddns.net/nextcloud or http:// my intrenal ip/nextcloud and I want access without /nextcloud in the end. ) i have now xxx.ddns.net – apache2 web default page.

    for better information know I have owncloud but, I want switch to nextcloud that why I want first setup all for my perfect and then transfer all data from owncloud.

    thank you and one more time great work.

    • Jason Bayton says:

      Hi Michal,

      1. Cron is definitely better than Ajax. The directions for setting this up are here: https://docs.nextcloud.com/server/11/admin_manual/configuration_server/background_jobs_configuration.html#cron
      2. Installation URL – I mentioned in point 2.1 (https://bayton.org/docs/nextcloud/installing-nextcloud-on-ubuntu-16-04-lts-with-redis-apcu-ssl-apache/#2-1-installation-url) you can follow the guide, but you’ll need to change a couple of items as you do. Those that need to be changed are mentioned in 2.1.

      If either of those need further explanation just let me know.

      • Michal Tomasek says:

        Thanks for fast reply

        1) for Cron that I try last 3 days to work but unsuccessful. I dont know why doesnt work maybe I didnt understand properly how to set up.
        2) part i was read now true is my knowledge about linux and nextcloud is like newbie i know just few thinks, so if you explain for me like for ” idiot” manual I will happy 🙂
        I mean when to unzip and install nextcloud to be access without /nextclooud

        and same hepl with Cron.
        Im sorry for stupid questions

        • Jason Bayton says:

          For Cron, what makes you think it’s not working? If you set it to Cron in the admin interface and pasted the linked code into your cronfile, it should be fine. Help me understand where it’s failing for you.

          For the URL,

          Any vhost entries referring to the directory path /var/www/html should be changed to /var/www/html/nextcloud

          The vhost is the apache config file, nextcloud.conf in the guide, /etc/apache2/sites-available/nextcloud.conf

          The config.php file is /var/www/html/nextcloud/config/config.php

          The config.php base URL should be changed from ‘/nextcloud’ to ‘/’

          Again, if you’re specific around where you’re stuck I can help.

          • Michal Tomasek says:

            Hi Jason,
            I wil ltry to explain the setup Cron: I use nano because I dont know how to use vim
            I open sudo nano /var/www/html/nextcloud/cron.php
            delete all what is in and paste
            # crontab -u www-data -e ( www-data i replace with my admin name example michal)
            */15 * * * * php -f /var/www/html/nextcloud/cron.php
            then save ” also I try to keep it all and just in the end paste it crontab

            then I create 2 files
            /etc/systemd/system/nextcloudcron.service
            paste it:
            [Unit]
            Description=Nextcloud cron.php job
            [Service]
            User=www-data (www-date – change it to michal)
            ExecStart=/usr/bin/php -f /var/www/html/nextcloud/cron.php
            [Install]
            WantedBy=basic.target

            then second file
            /etc/systemd/system/nextcloudcron.timer
            paste it all info without any change

            then I use
            systemctl start nextcloudcron.timer
            systemctl enable nextcloudcron.timer

            in nextcloud i change to cron
            but background job still update 2 days ago that I thing cron didnt work.

            Url:
            that if I understand properly:
            I know I need change access way so
            I need create /etc/apache2/sites-available/nextcloud.conf and copy all from /var/www/html/nextcloud/config/config.php to /etc/apache2/sites-available/nextcloud.conf
            then change it ‘overwrite.cli.url’ => ‘https://xxxa.ddns.net/’, to ‘overwrite.cli.url’ => ‘/’,

            I hope i understand all properly and thank you one more time for your help.

          • Jason Bayton says:

            Hey,

            Yup OK you’re doing this all wrong.
            That link to the Nextcloud docs I shared basically has two commands:
            1) Open crontab
            2) Paste and save

            What you’re doing there is targeting the wrong file, creating a systemd service that’ll never run and possibly now going to cause integrity errors on your NC install as you’ve changed a core file.

            So for Cron,

            1. type “sudo crontab -u www-data -e” and hit enter (without the quotes)
            2. go to the bottom of the file, add in the line: “*/15 * * * * php -f /var/www/nextcloud/cron.php” without the quotes
            3. save and exit. It’ll then work.

            Do not touch /var/www/html/nextcloud/cron.php and don’t change the names in the commands above.

          • Michal Tomasek says:

            hi Jason,
            thank for your advise. now all working properly. great job and help.
            Thank you.

          • Jason Bayton says:

            Perfect, thank you for following up too!

          • Michal Tomasek says:

            Hi Jason,
            I want ask if you or any one has same problem. When I put my files on it around 70gb nextcloud start like break it down,
            And all reading I nextcloud take long time.
            I mot tooking desktop app then need synch all pictures again that break down us well. But after that still doing 5 min work then doesn’t for few min.
            Just if you hear it obout that problem or is just me.
            Thanks

          • Jason Bayton says:

            Hey,

            What server spec are you running NC on? Do you have caching working without error?
            I’ve seen this, but on like RasPi rather than a reasonably spec’d VPS or something.

          • Michal Tomasek says:

            I have that on virtual machine new Linux 16.04 install.

            In that VM use a old one owncloud in that and is work properly

  11. Scott Brown says:

    Jason – great write up and tutorial! Very easy to follow and great explanations. I did this as an exercise on a Google Cloud instance to set up a dev system for testing (so I don’t bork up my own). Took about 30-45 mins all told.
    Two questions, if I may, both to do with Pretty Links:
    1. In this step: ‘htaccess.RewriteBase’ => ‘/nextcloud’, (where nextcloud is the location of the installation) – does this mean where you have ‘/nextcloud’ to put the path to the installation (‘/var/www/nextcloud’, for example)?
    2. I assume this would be different if the data folder has been located outside the /var/www tree. How would that look?

    Thank you, and again, great tutorial!

    Regards,

    Scott

    • Jason Bayton says:

      Hey Scott!

      Thanks very much!

      1. Relates to your domain, so rather than install directory (which I’d say is very unlikely to be just /nextcloud on your filesystem) it’s the end of the URL, be that nothing (domain.com/), domain.com/nextcloud, domain.com/collab or anything else.

      2. Moot because of above 🙂

      I need to edit and clarify. I can see how that’s confusing.

  12. Ioannis Dimitrios Zontos says:

    Jason – great write up and tutorial! Very easy to follow and great explanations.
    but i have problem with exetrnal storage
    i can connect external storage (file server is windows file server (windows 2016)
    .I try to connect smb/cifs but i have error
    ,when i try smbclient smbclient -U domain/user //filesrv/sharename

    Enter domain/user’s password:
    Unknown socket option IPTOS_LOW
    Unknown socket option DELAY
    Domain=[domain] OS=[Windows Server 2016 Standard 14393] Server=[Windows Server 2016 Standard 6.3]
    tree connect failed: NT_STATUS_BAD_NETWORK_NAME
    any idea?

    • Jason Bayton says:

      Sorry for the delay Ioannis.

      Unfortunately I can’t help with all problems, so I’d suggest you reach out on help.nextcloud.com for assistance.

  13. BrechtL says:

    Hello,
    I followed your tutorial for the pretty links, but it just isn’t working. You said something about mod_env/mod_rewrite, but we never configured that in this tutorial. Thanks for your help.

    Greetings

    • Jason Bayton says:

      mod_env/mod_rewrite are enabled with: “sudo a2enmod rewrite headers env dir mime”

      I can’t offer much help with “just isn’t working” though, what do your apache logs tell you? What do you see in the browser? Have you restarted apache following the settings changes? Run the occ command?

      Should be able to diagnose with more information

      • BrechtL says:

        error.log off apache2
        [Thu Nov 02 10:45:25.663433 2017] [mpm_prefork:notice] [pid 1797] AH00169: caught SIGTERM, shutting down
        [Thu Nov 02 10:45:26.673956 2017] [ssl:warn] [pid 2430] AH01909: nextcloudbrecht.duckdns.org:443:0 server certificate does NOT include an ID which matches the server name
        [Thu Nov 02 10:45:26.709876 2017] [ssl:warn] [pid 2431] AH01909: nextcloudbrecht.duckdns.org:443:0 server certificate does NOT include an ID which matches the server name
        [Thu Nov 02 10:45:26.713421 2017] [mpm_prefork:notice] [pid 2431] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured — resuming normal operations
        [Thu Nov 02 10:45:26.713444 2017] [core:notice] [pid 2431] AH00094: Command line: ‘/usr/sbin/apache2’

        acess.log doesn’t seem to give relevant information.

        I see this in the browser:
        “File not found”

        I have restarted the apache2 server and I executed the occ command(which succeeded).

        • Jason Bayton says:

          There’s a .htaccess file in your installation directory, could you copy and paste it into a pastebin (or similar) for me please?

          • BrechtL says:

            Sure;
            https://pastebin.com/55xz3eP1
            Thanks in advance!

          • Jason Bayton says:

            OK weird, so you’re missing the whole rewrite section from the bottom of your htaccess..

            It looks like you don’t install into a subdir (domain.com/something) and use the root, so check this out:

            https://bayton.org/paste/?863ad20d7f23583b#7PpdZy7mSDZ9hqPHg070QFVoMxXp2wcf9drb2lUp4oM=

            Match the two lines at the bottom of the file, and add everything below them manually. Restart Apache and see how you get on.

          • BrechtL says:

            Just to clarify: this is how my .htaccess should look, right?

            https://pastebin.com/6ua400ik

            I did this to my .htaccess and I reloaded Apache. Now my Nextcloud wasn’t available at all. I did the
            sudo -u www-data php occ maintenance:update:htaccess
            command and now my Nextcloud is available, but the pretty links are still not working. (File not found error again at https://nextcloudbrecht.duckdns.org/nextcloud/settings/admin ).

            PS: I checked my .htaccess file and after issuing the command sudo -u www-data php occ maintenance:update:htaccess everything below
            ErrorDocument 404 /nextcloud/core/templates/404.php

            got removed..

          • Jason Bayton says:

            Yeah this is odd.

            Can you output your config.php? Make sure passwords are removed.

          • BrechtL says:

            I fixed it! The fault was in my config.php.

            ‘htaccess.RewriteBase’ => ‘/nextcloud’, was into the array() instead of out of that. So I put ‘htaccess.RewriteBase’ => ‘/nextcloud’, outside of the array, issued the maintance:update command, restarted apache2 and now it works!

            Thanks for your help!

          • Jason Bayton says:

            Perfect, pleased it’s sorted 🙂

          • Scott Brown says:

            Jason, thanks for this tutorial! Really awesome and straightforward. Took me less than an hour or so to get my NC instance running.

            Question on the “Pretty Links” piece – I located my data folder outside the webroot (/var/www/html), so I didn’t edit any of the .htaccess stuff. A) is that correct and B) how does that affect the Pretty Links config with the htaccess? Thanks again!

  14. BrechtL says:

    https://github.com/nextcloud/server/issues/6028

    The “pretty links” thingy is bugged. You will experience missing icons. It’s a Nextcloud bug, not your fault.

    • Alexander says:

      I just installed NC 12.0.3 and the problem doesn’t occur in my instance, even though I’ve configured the pretty links.

    • Jason Bayton says:

      Though indeed there is something going on with prettylinks in some circumstances, thankfully it doesn’t affect many and in your case was only the base dir in your config.php file (I addressed what needs to be different here: https://bayton.org/docs/nextcloud/installing-nextcloud-on-ubuntu-16-04-lts-with-redis-apcu-ssl-apache/#2-1-installation-url ). Easy fix! But if you find any other issues I’m happy to help.

      • BrechtL says:

        I’m having the icons bug.. My installation is in /var/www/html/nextcloud and it can be accessed by using domain/nextcloud, though I don’t understand the following:
        If you want to change from /nextcloud to just /, you should do this according to you:

        Any vhost entries referring to the directory path /var/www/html should be changed to /var/www/html/nextcloud

        That should be reversed, no? It should be going from /var/www/html/nextcloud to /var/www/html if you change from /nextcloud to /.

        • Jason Bayton says:

          Oh I see, I’m sorry to see the bug has hit you – the issue you linked to was reopened last month so I’d definitely add your 2pence to the conversation to keep it active.

          On your question, no. Here’s why:

          Your install is in /var/www/html/nextcloud. By default the vhost uses /var/www/html as the root, meaning you need to add domain.com/nextcloud to get to the nextcloud folder. Config.php would then be /nextcloud as you need to point your browser to /nextcloud to access the site.

          If you change the root directory in the vhost to /var/www/html/nextcloud for your domain (or subdomain) that means instead of domain.com using /var/www/html it will use /var/www/html/nextcloud, thus making the domain root (domain.com) the nextcloud install. Config.php is then ‘/’ as you don’t need another foldername after the domain URL

  15. Alexander says:

    Hello Jason,
    I’d like to say a massive thank you for your impeccable guide! I’ve read and used plenty of guides, always found a way to go around a problem which occurred but it usually took a while longer!
    I find your guide so understandable,useful and straight forward, I had to congratulate you!
    Congrats and thank you!

    • Jason Bayton says:

      Thank you very much 🙂 Always open to feedback, if you see anything now or in the future that needs a tweak I haven’t caught, let me know!

      • Alexander says:

        I’ll keep an eye and definitely will post for tweaks and/or other improvements.

        Here’s a small one already – regarding Let’s Encrypt:
        Disabling DES CBC3 SHA protocol for the SSL Labs Test (gains 5 extra points since it’s considered a Weak protocol).

        1) Open /etc/letsencrypt/options-ssl-apache.conf
        2) Delete :DES-CBC3-SHA from the SSLCipherSuite line.
        3) Restart apache sudo service apache2 restart

        Source: https://www.andrewshay.me/blog/apache-disable-tls_rsa_with_3des_ede_cbc_sha-after-letsencrypt/

        My personal instance is setup with Nginx and I’ve got some extra security tweaks which I should probably post, although I don’t believe they are ideal for a production environment since they’re quite “strict”.

  16. Julien Hardy says:

    Hello,

    Thanks a lot for the guide. The only problem is that I found it just after completing my Nextcloud installation ! Now I have printed in PDF for future reference. (to do so first enter reader view mode in firefox)

    Thanks again,
    Julien

  17. fxs074 fxs074 says:

    Hi,
    Thanks for this tutorial.
    Everything is ok until I reach 6.2 (redis). website is ok. But as soon as I want to upload a file I got an 500 error. I got this message:

    22758:M 03 Nov 21:57:12.484 # You requested maxclients of 10000 requiring at least 10032 max file descriptors.
    22758:M 03 Nov 21:57:12.484 # Redis can’t set maximum open files to 10032 because of OS error: Operation not permitted.
    22758:M 03 Nov 21:57:12.484 # Current maximum open files is 4096. maxclients has been reduced to 4064 to compensate for low ulimit. If you need higher maxclients increase ‘ulimit -n’.
    _._
    _.-“__ ”-._
    _.-“ `. `_. ”-._ Redis 3.0.6 (00000000/0) 64 bit
    .-“ .-“`. “`/ _.,_ ”-._
    ( ‘ , .-` | `, ) Running in standalone mode
    |`-._`-…-` __…-.“-._|’` _.-‘| Port: 6379
    | `-._ `._ / _.-‘ | PID: 22758

    Any thoughts?
    P.S. Port is 0 and i restart redis server/apache 2. Try several times with fresh reinstalling OS. Dedicated server 16GB

    thks for your help

  18. Nicolas says:

    Hi,
    Thank you for this great tuto 😉
    I would like to change url.com/nextcloud to url.com. I’ve seen your recommandation at the top.
    The fonly files to modify are :
    – vhost “/etc/apache2/sites-available/000-default-le-ssl.conf” ?
    – config.php from nextcloud folder ?
    Thank you !

    • Jason Bayton says:

      If you’ve followed to the letter then check both that default conf and the nextcloud.conf you have created, along with the NC config file

      • Nicolas says:

        Thank you but I have not created a nextcloud.conf because at the end of 4.2.1 you have writed to skip 4.2.2 so I skip it. Is it correct ? Thank you.

        • Jason Bayton says:

          You should be fine then 🙂 have you tested it?

          • Nicolas says:

            Yes and it doesn’t work.
            I have edited /etc/apache2/sites-available/000-default-le-ssl.conf to change :

            Options +FollowSymlinks
            AllowOverride All

            Dav off

            SetEnv HOME /var/www/html
            SetEnv HTTP_HOME /var/www/html

            to

            Options +FollowSymlinks
            AllowOverride All

            Dav off

            SetEnv HOME /var/www/html/nextcloud
            SetEnv HTTP_HOME /var/www/html/nextcloud

            And I have edited /var/www/html/nextcloud/config/config.php to change ‘htaccess.RewriteBase’ => ‘/nextcloud’, to ‘htaccess.RewriteBase’ => ‘/’,
            Are there other changes to made ?
            Thank you.

          • Jason Bayton says:

            I believe that’s it without checking my environment. What do your logs say when you’ve restarted Apache?

          • Nicolas says:

            I’m going to reinstall my VM and I’ll try that.
            Is it better to use 4.2.1 or 4.2.2 ? I would like to add some subdomains (site1.domain.com;site2.domain.com…) after Nextcloud install.
            And if I use 4.2.2, are command lines the same than 4.2.1 to generate certificates ?
            Thank you.

          • Jason Bayton says:

            You’re not at the point of needing a reinstall just yet, logs will tell you what’s wrong and it should be easy enough to put right.

          • Nicolas says:

            I’m going to reinstall for another point than Nextcloud so no problem, it takes only 10min 🙂
            So if 4.2.2 is a better way than 4.2.1, I can go with it.

          • Jason Bayton says:

            Either will be fine, I prefer 4.2.2 because I have a bunch of bespoke services I create configs for. 4.2.1 is better for simple and quick deployments.

            Subdomains you add later make no difference in this case

          • Nicolas says:

            Thank you for your time 🙂
            So I have used 4.2.2 and it works but I still use self-signed certificates and I would like to use Let’s Encrypt.
            Is the command line the same than 4.2.1 ?
            sudo ./certbot-auto –apache –agree-tos –rsa-key-size 4096 –email user@domain.org –redirect -d nc.domain.org
            Are –apache and –redirect necessary ?
            Thank you.

          • Jason Bayton says:

            sudo ./certbot-auto –certonly –agree-tos –rsa-key-size 4096 –email user@domain.org -w /var/www/html/nextcloud/ -d yourdomain.com (again off the top of my head!)

          • Nicolas says:

            I’ve seen on certbot-auto documentation this command line :
            sudo ./path/to/certbot-auto –apache certonly
            But I don’t know why –apache is keeped and if it’s useful…
            -w is webroot-path option ?

  19. Fabian says:

    Hello!

    Thank you for the tutorial!
    I installed nextcloud but on the login page i cant login. i get no errors on login, just the login form again.
    Do you have any ideas?
    Thanks!

    • Jason Bayton says:

      Hey,

      This sometimes happens for some reason. Issue has been logged.

      I believe if you completely remove the instanceID line from the config and restart Apache it should come back up (copy/paste the line to a text file before you delete). However if that doesn’t work raise an issue on help.nextcloud.com

      • Fabian says:

        I tried to remove instaceID lin but i still cant login. i’ll try the help forum.
        Thank you.

  20. paolo says:

    Hello` Jason, (i spoke german i hope you understand).
    Thanks for your Documentation. i can Install all very well. Only in the Document Point 6.4 does not work with the configuration for the 2048M. i think this Problem where from point 6.3, after activating the Pretty Links. I make in the 2 files /var/www/nextcloud/.htaccess and .user.ini following adjustments.
    in the .htaccess file

    php_value upload_max_filesize 2048M instead of 511M
    php_value post_max_size 2058M instead 511M
    php_value memory_limit 2048M instead 512M
    ….
    ….
    and

    php_value upload_max_filesize 2048M instead of 511M
    php_value post_max_size 2058M instead 511M
    php_value memory_limit 2048M instead 512M

    ….
    and in the file .user.ini
    upload_max_filesize=2048M instead of 511M
    post_max_size=2058M instead of 511M
    memory_limit=2048M instead of 512M

    this is the only way I could configure both “the maximum upload file” and increase the “PHP memory” at the same time to 2Gig

    Can you confirm this behavior or have I done something wrong. friendly greetings Paolo

  21. Ryan Insell says:

    Hi Jason, great guide!! I am having a tough time with Let’s encrypt. I keep getting a message when running the command that says “client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.”