Project

General

Profile

Support #960

Updated by Daniel Curtis almost 4 years ago

{{>toc}} 

 This is a guide on setting up NextCloud 13 with Nginx on Debian 9. 

 h1. Prepare the Environment 

 * Before installation of the components, make sure everything is up to date using the following command: 
 <pre> 
 apt update && apt upgrade 
 </pre> 

 * Create the nextcloud user: 
 <pre> 
 groupadd nextcloud 
 useradd -M -g nextcloud -s /usr/sbin/nologin -c "NextCloud" nextcloud 
 </pre> 

 --- 

 h1. Install Nginx 

 * Install Nginx 
 <pre> 
 apt install nginx 
 </pre> 

 * Start and enable nginx at boot: 
 <pre> 
 systemctl ststemctl enable nginx 
 systemctl start nginx 
 </pre> 

 --- 

 h1. Install PHP 

 * Install PHP and additional dependencies for nextcloud: 
 <pre> 
 apt install php-fpm php-curl php-cli php-pgsql php-gd php-common php-xml php-json php-intl php-pear php-imagick php-dev php-common php-mbstring php-zip php-soap php-bz2 sudo unzip 
 </pre> 

 * Edit the php fpm config: 
 <pre> 
 vi /etc/php/7.0/fpm/php.ini 
 </pre> 
 #* And modify the following values: 
 <pre> 
 date.timezone = America/Los_Angeles 
 cgi.fix_pathinfo=0 
 </pre> 

 * Edit the php cli config: 
 <pre> 
 vi /etc/php/7.0/cli/php.ini 
 </pre> 
 #* And modify the following values: 
 <pre> 
 date.timezone = America/Los_Angeles 
 cgi.fix_pathinfo=0 
 </pre> 

 * Create the nextcloud php-fpm pool config file: 
 <pre> 
 vi /etc/php/7.0/fpm/pool.d/nextcloud.example.com.conf 
 </pre> 
 #* And add the following: 
 <pre> 
 [nextcloud.example.com] 
 user = nextcloud 
 group = www-data 
 listen = /var/run/nextcloud.sock 
 listen.owner = nextcloud 
 listen.group = www-data 
 pm = dynamic 
 pm.max_children = 5 
 pm.start_servers = 2 
 pm.min_spare_servers = 1 
 pm.max_spare_servers = 3 

 env[HOSTNAME] = $HOSTNAME 
 env[PATH] = /usr/local/bin:/usr/bin:/bin 
 env[TMP] = /tmp 
 env[TMPDIR] = /tmp 
 env[TEMP] = /tmp 

 php_admin_value[session.save_path] = "/var/www/nextcloud/tmp" 
 </pre> 

 * Start and enable php-fpm: 
 <pre> 
 systemctl start php7.0-fpm 
 systemctl enable php7.0-fpm 
 </pre> 

 --- 

 h1. Install PostgreSQL 

 * Start by installing the postgresql packages: 
 <pre> 
 apt-get install postgresql{,-contrib,-client}-9.6 
 </pre> 

 * Edit the pg_hba.conf file: 
 <pre> 
 vi /etc/postgresql/9.6/main/pg_hba.conf 
 </pre> 
 #* And add the following to the end of the file to enable password authentication: 
 <pre> 
 host 	 all 		 all 		 samehost 		 md5 
 </pre>  

 * Enable, initialize and start PostgreSQL 
 <pre> 
 systemctl enable postgresql 
 systemctl start postgresql 
 </pre> 

 * Log in to postgresql user account 
 <pre> 
 su - postgres 
 </pre> 

 * Connect to postgresql database 
 <pre> 
 psql -d template1 
 </pre> 
 #* Create a user and database for NextCloud: 
 <pre> 
 CREATE USER nextclouduser WITH PASSWORD 'SuperSecretPassword' CREATEDB; 

 CREATE DATABASE nextclouddb OWNER nextclouduser; 
 </pre> 

 * Quit postgresql and exit the user: 
 <pre> 
 \q 
 exit 
 </pre> 

 --- 

 h1. Install Nextcloud 

 * Download nextcloud: 
 <pre> 
 cd /var/www 
 wget https://download.nextcloud.com/server/releases/nextcloud-13.0.12.zip 
 unzip nextcloud-13.0.12.zip 
 </pre> 

 * Create an *nextcloud.example.com server block* config file: 
 <pre> 
 vi /etc/nginx/sites-available/nextcloud.example.com.conf 
 </pre> 
 #* Add the following: 
 <pre> 
 upstream nextcloud-handler { 
   server unix:/var/run/nextcloud.sock; 
 } 

 server { 
   listen 80; 
   server_name nextcloud.example.com; 

   # Path to the root of your installation 
   root /var/www/nextcloud/; 

   # set max upload size 
   client_max_body_size 10G; 
   fastcgi_buffers 64 4K; 

   # Disable gzip to avoid the removal of the ETag header 
   gzip off; 

   rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; 
   rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; 
   rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; 

   index index.php; 
   error_page 403 /core/templates/403.php; 
   error_page 404 /core/templates/404.php; 

   location = /robots.txt { 
     allow all; 
     log_not_found off; 
     access_log off; 
   } 

   location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ 
     deny all; 
   } 

   location / { 
     # The following 2 rules are only needed with webfinger 
     rewrite ^/.well-known/host-meta /public.php?service=host-meta last; 
     rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; 

     rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; 
     rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; 

     rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; 

     try_files $uri $uri/ =404; 
   } 

   location ~ \.php(?:$|/) { 
     fastcgi_split_path_info ^(.+\.php)(/.+)$; 
     include fastcgi_params; 
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
     fastcgi_param PATH_INFO $fastcgi_path_info; 
     fastcgi_pass nextcloud-handler; 
     fastcgi_intercept_errors on; 
   } 

   # Adding the cache control header for js and css files 
   # Make sure it is BELOW the location ~ \.php(?:$|/) { block 
   location ~* \.(?:css|js)$ { 
     add_header Cache-Control "public, max-age=7200"; 
     # Add headers to serve security related headers 
     add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; 
     add_header X-Content-Type-Options nosniff; 
     add_header X-Frame-Options "SAMEORIGIN"; 
     add_header X-XSS-Protection "1; mode=block"; 
     add_header X-Robots-Tag none; 
     # Optional: Don't log access to assets 
     access_log off; 
   } 

   # Optional: Don't log access to other assets 
   location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { 
     access_log off; 
   } 
 } 
 </pre> 

 * Create the temporary session folder and restrict its permissions: 
 <pre> 
 mkdir -p /var/www/nextcloud/tmp 
 chmod o-rwx /var/www/nextcloud/tmp 
 </pre> 

 * Change the ownership of the nextcloud directory: 
 <pre> 
 chown -R nextcloud:www-data /var/www/nextcloud 
 </pre> 

 * Enable the site: 
 <pre> 
 ln -s /etc/nginx/sites-available/nextcloud.conf /etc/nginx/sites-enabled/ 
 </pre> 

 * Restart nginx : 
 <pre> 
 systemctl restart nginx 
 </pre> 

 --- 

 h1. Redis 

 * Install Redis and PHP extension: 
 <pre> 
 apt-get install redis-server php-redis 
 </pre> 

 * Edit the redis config: 
 <pre> 
 vi /etc/redis/redis.conf 
 </pre> 
 #* And modify the following parameters in the config: 
 <pre> 
 port 0 
 unixsocket /var/run/redis/redis.sock 
 unixsocketperm 770 
 </pre> 

 * Add nextcloud user to redis group 
 <pre> 
 usermod -aG redis nextcloud 
 </pre> 

 * Start and enable Redis at boot: 
 <pre> 
 systemctl enable redis-server 
 systemctl start redis-server 
 </pre> 

 * Edit the NextCloud config: 
 <pre> 
 vi /var/www/nextcloud/config/config.php 
 </pre> 
 #* And add the following *before* the ending @);@: 
 <pre> 
   'memcache.locking' => '\OC\Memcache\Redis', 
   'memcache.local' => '\OC\Memcache\Redis', 
   'redis' => array( 
      'host' => '/var/run/redis/redis.sock', 
      'port' => 0, 
   ), 
 </pre> 

 --- 

 h1. Resources 

 * https://docs.nextcloud.com/server/13/admin_manual/installation/index.html 
 * https://docs.nextcloud.com/server/13/admin_manual/configuration_database/linux_database_configuration.html 
 * https://docs.nextcloud.com/server/13/admin_manual/configuration_server/caching_configuration.html 
 * https://www.howtoforge.com/tutorial/ubuntu-nginx-nextcloud/

Back