• Table of contents
• Prepare the Environment
• Install Nginx
• Install PHP
• Install PostgreSQL
• Install Nextcloud
• Redis
• Resources

This is a guide on setting up NextCloud 16 with Nginx on Debian 10.

Prepare the Environment¶

• Before installation of the components, make sure everything is up to date using the following command:
  

  apt update && apt upgrade
  

• Create the nextcloud user:
  

  groupadd nextcloud
  useradd -M -g nextcloud -s /usr/sbin/nologin -c "NextCloud" nextcloud
  

---

Install Nginx¶

• Install Nginx
  

  apt install nginx
  

• Start and enable nginx at boot:
  

  systemctl enable nginx
  systemctl start nginx
  

---

Install PHP¶

• Install PHP and additional dependencies for nextcloud:
  

  apt install php-fpm php-curl php-cli php-pgsql php-gd php-common php-xml php-json php-intl php-pear php-imagick php-dev php-common php-mbstring php-zip php-soap php-bz2 sudo unzip
  

• Edit the php fpm config:
  

  vi /etc/php/7.3/fpm/php.ini
  

  • And modify the following values:
    

    date.timezone = America/Los_Angeles
    cgi.fix_pathinfo=0
    

• Edit the php cli config:
  

  vi /etc/php/7.3/cli/php.ini
  

  • And modify the following values:
    

    date.timezone = America/Los_Angeles
    cgi.fix_pathinfo=0
    

• Create the nextcloud php-fpm pool config file:
  

  vi /etc/php/7.3/fpm/pool.d/nextcloud.example.com.conf
  

  • And add the following:
    

    [nextcloud.example.com]
    user = nextcloud
    group = www-data
    listen = /var/run/nextcloud.sock
    listen.owner = nextcloud
    listen.group = www-data
    pm = dynamic
    pm.max_children = 5
    pm.start_servers = 2
    pm.min_spare_servers = 1
    pm.max_spare_servers = 3
    
    env[HOSTNAME] = $HOSTNAME
    env[PATH] = /usr/local/bin:/usr/bin:/bin
    env[TMP] = /tmp
    env[TMPDIR] = /tmp
    env[TEMP] = /tmp
    
    php_admin_value[session.save_path] = "/var/www/nextcloud/tmp" 
    

• Start and enable php-fpm:
  

  systemctl start php7.3-fpm
  systemctl enable php7.3-fpm
  

---

Install PostgreSQL¶

• Start by installing the postgresql packages:
  

  apt-get install postgresql{,-contrib,-client}-11
  

• Edit the pg_hba.conf file:
  

  vi /etc/postgresql/11/main/pg_hba.conf
  

  • And add the following to the end of the file to enable password authentication:
    

    host    all        all        samehost        md5
    

• Enable, initialize and start PostgreSQL
  

  systemctl enable postgresql
  systemctl start postgresql
  

• Log in to postgresql user account
  

  su - postgres
  

• Connect to postgresql database
  

  psql -d template1
  

  • Create a user and database for NextCloud:
    

    CREATE USER nextclouduser WITH PASSWORD 'SuperSecretPassword' CREATEDB;
    
    CREATE DATABASE nextclouddb OWNER nextclouduser;
    

• Quit postgresql and exit the user:
  

  \q
  exit
  

---

Install Nextcloud¶

• Download nextcloud:
  

  cd /var/www
  wget https://download.nextcloud.com/server/releases/nextcloud-16.0.11.zip
  unzip nextcloud-16.0.11.zip
  

• Create an nextcloud.example.com server block config file:
  

  vi /etc/nginx/sites-available/nextcloud.example.com.conf
  

  • Add the following:
    

    upstream nextcloud-handler {
      server unix:/var/run/nextcloud.sock;
    }
    
    server {
      listen 80;
      server_name nextcloud.example.com;
    
      # Path to the root of your installation
      root /var/www/nextcloud/;
    
      # set max upload size
      client_max_body_size 10G;
      fastcgi_buffers 64 4K;
    
      # Disable gzip to avoid the removal of the ETag header
      gzip off;
    
      rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
      rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
      rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
    
      index index.php;
      error_page 403 /core/templates/403.php;
      error_page 404 /core/templates/404.php;
    
      location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
      }
    
      location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
        deny all;
      }
    
      location / {
        # The following 2 rules are only needed with webfinger
        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
    
        rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
        rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
    
        rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
    
        try_files $uri $uri/ =404;
      }
    
      location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_pass nextcloud-handler;
        fastcgi_intercept_errors on;
      }
    
      # Adding the cache control header for js and css files
      # Make sure it is BELOW the location ~ \.php(?:$|/) { block
      location ~* \.(?:css|js)$ {
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        # Optional: Don't log access to assets
        access_log off;
      }
    
      # Optional: Don't log access to other assets
      location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
        access_log off;
      }
    }
    

• Create the temporary session folder and restrict its permissions:
  

  mkdir -p /var/www/nextcloud/tmp
  chmod o-rwx /var/www/nextcloud/tmp
  

• Change the ownership of the nextcloud directory:
  

  chown -R nextcloud:www-data /var/www/nextcloud
  

• Enable the site:
  

  ln -s /etc/nginx/sites-available/nextcloud.conf /etc/nginx/sites-enabled/
  

• Restart nginx :
  

  systemctl restart nginx
  

---

Redis¶

• Install Redis and PHP extension:
  

  apt-get install redis-server php-redis
  

• Edit the redis config:
  

  vi /etc/redis/redis.conf
  

  • And modify the following parameters in the config:
    

    port 0
    unixsocket /var/run/redis/redis.sock
    unixsocketperm 770
    

• Add nextcloud user to redis group
  

  usermod -aG redis nextcloud
  

• Start and enable Redis at boot:
  

  systemctl enable redis-server
  systemctl start redis-server
  

• Edit the NextCloud config:
  

  vi /var/www/nextcloud/config/config.php
  

  • And add the following before the ending );:
    

      'memcache.locking' => '\OC\Memcache\Redis',
      'memcache.local' => '\OC\Memcache\Redis',
      'redis' => array(
         'host' => '/var/run/redis/redis.sock',
         'port' => 0,
      ),
    

---

Resources¶

• https://docs.nextcloud.com/server/16/admin_manual/installation/index.html
• https://docs.nextcloud.com/server/16/admin_manual/configuration_database/linux_database_configuration.html
• https://docs.nextcloud.com/server/16/admin_manual/configuration_server/caching_configuration.html
• https://www.howtoforge.com/tutorial/ubuntu-nginx-nextcloud/