Support #960
Updated by Daniel Curtis about 3 years ago
{{>toc}}
This is a guide on setting up NextCloud 13 with Nginx on Debian 9.
h1. Prepare the Environment
* Before installation of the components, make sure everything is up to date using the following command:
<pre>
apt-get update && apt-get upgrade
</pre>
* Create the nextcloud user:
<pre>
groupadd nextcloud
useradd -M -g nextcloud -s /usr/sbin/nologin -c "NextCloud" nextcloud
</pre>
---
h1. Install Nginx
* Install Nginx
<pre>
apt-get install nginx
</pre>
* Start and enable nginx at boot:
<pre>
ststemctl enable nginx
systemctl start nginx
</pre>
---
h1. Install PHP
* Install PHP and additional dependencies for nextcloud:
<pre>
apt-get install php-fpm php-curl php-cli php-pgsql php-mysql php-gd php-common php-xml php-json php-intl php-pear php-imagick php-dev php-common php-mbstring php-zip php-soap php-bz2
</pre>
* Edit the php fpm config:
<pre>
vi /etc/php/7.0/fpm/php.ini
</pre>
#* And modify the following values:
<pre>
date.timezone = America/Los_Angeles
cgi.fix_pathinfo=0
</pre>
* Edit the php cli config:
<pre>
vi /etc/php/7.0/cli/php.ini
</pre>
#* And modify the following values:
<pre>
date.timezone = America/Los_Angeles
cgi.fix_pathinfo=0
</pre>
* Create the nextcloud php-fpm pool config file:
<pre>
vi /etc/php/7.0/fpm/pool.d/nextcloud.example.com.conf /etc/php-fpm.d/nextcloud.example.com.conf
</pre>
#* And add the following:
<pre>
[nextcloud.example.com]
user = nextcloud
group = www-data www
listen = /var/run/nextcloud.sock
listen.owner = nextcloud
listen.group = www-data www
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
php_admin_value[session.save_path] = "/var/www/nextcloud/tmp"
</pre>
* Start and enable php-fpm:
<pre>
systemctl start php7.0-fpm
systemctl enable php7.0-fpm
</pre>
---
h1. Install PostgreSQL
* Start by installing the postgresql packages:
<pre>
apt-get install postgresql{,-contrib,-client}-9.6 postgresql9-{server,client} php-{pdo_pgsql,pgsql}
</pre>
* Enable, initialize and start PostgreSQL
<pre>
systemctl enable postgresql
systemctl initdb postgresql
systemctl start postgresql
</pre>
* Edit the pg_hba.conf file:
<pre>
vi /etc/postgresql/9.6/main/pg_hba.conf /usr/local/pgsql/data/pg_hba.conf
</pre>
#* And add the following to the end of the file to enable password authentication:
<pre>
host all all samehost md5
</pre>
* Enable, initialize h2. Create PostgreSQL Databases and start PostgreSQL
<pre>
systemctl enable postgresql
systemctl start postgresql
</pre> Users
* Log in to postgresql user account
<pre>
su - postgres pgsql
</pre>
* Connect to postgresql database
<pre>
psql -d template1
</pre>
#* Create a user and database for NextCloud:
<pre>
CREATE USER nextclouduser WITH PASSWORD 'SuperSecretPassword' CREATEDB;
CREATE DATABASE nextclouddb OWNER nextclouduser;
</pre>
* Quit postgresql and exit the user:
<pre>
\q
exit
</pre>
---
h1. Install Nextcloud
* Download nextcloud:
<pre>
</pre>
* Create an *nextcloud.example.com server block* config file:
<pre>
vi /etc/nginx/sites-available/nextcloud.example.com.conf
</pre>
#* Add the following:
<pre>
upstream nextcloud-handler {
server unix:/var/run/nextcloud.sock;
}
server {
listen 80;
server_name nextcloud.example.com;
# Path to the root of your installation
root /var/www/nextcloud/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass nextcloud-handler;
fastcgi_intercept_errors on;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
}
</pre>
* Create the temporary session folder and restrict its permissions:
<pre>
mkdir -p /var/www/nextcloud/tmp /usr/local/www/nextcloud/tmp
chmod o-rwx /var/www/nextcloud/tmp /usr/local/www/nextcloud/tmp
</pre>
* Change the ownership of the nextcloud directory:
<pre>
chown -R nextcloud:www-data nextcloud:www /var/www/nextcloud
</pre>
* Enable the site:
<pre>
ln -s /etc/nginx/sites-available/nextcloud.conf /etc/nginx/sites-enabled/
</pre>
* Restart nginx :
<pre>
systemctl restart nginx
</pre>
---
h1. Redis
* Install Redis and PHP extension:
<pre>
apt-get install redis-server php-redis redis php-pecl-redis
</pre>
* Edit the redis config:
<pre>
vi /etc/redis/redis.conf /usr/local/etc/redis.conf
</pre>
#* And modify the following parameters in the config:
<pre>
port 0
unixsocket /var/run/redis/redis.sock
unixsocketperm 770
</pre>
* Add nextcloud user to redis group
<pre>
usermod -aG pw groupmod redis -m nextcloud
</pre>
* Start and enable Redis at boot:
<pre>
systemctl enable redis-server redis
systemctl start redis-server redis
</pre>
* Edit the NextCloud config:
<pre>
vi /var/www/nextcloud/config/config.php /usr/local/www/nextcloud/config/config.php
</pre>
#* And add the following *before* the ending @);@:
<pre>
'memcache.locking' => '\OC\Memcache\Redis',
'memcache.local' => '\OC\Memcache\Redis',
'redis' => array(
'host' => '/var/run/redis/redis.sock',
'port' => 0,
),
</pre>
---
h1. Resources
* https://docs.nextcloud.com/server/13.0/admin_manual/installation/index.html
* https://docs.nextcloud.com/server/13.0/admin_manual/configuration_database/linux_database_configuration.html
* https://docs.nextcloud.com/server/13.0/admin_manual/configuration_server/caching_configuration.html
* https://www.howtoforge.com/tutorial/ubuntu-nginx-nextcloud/