Support #960
Updated by Daniel Curtis almost 4 years ago
{{>toc}} This is a guide on setting up NextCloud 13 with Nginx on Debian 9. h1. Prepare the Environment * Before installation of the components, make sure everything is up to date using the following command: <pre> apt update && apt upgrade </pre> * Create the nextcloud user: <pre> groupadd nextcloud useradd -M -g nextcloud -s /usr/sbin/nologin -c "NextCloud" nextcloud </pre> --- h1. Install Nginx * Install Nginx <pre> apt install nginx </pre> * Start and enable nginx at boot: <pre> systemctl ststemctl enable nginx systemctl start nginx </pre> --- h1. Install PHP * Install PHP and additional dependencies for nextcloud: <pre> apt install php-fpm php-curl php-cli php-pgsql php-gd php-common php-xml php-json php-intl php-pear php-imagick php-dev php-common php-mbstring php-zip php-soap php-bz2 sudo unzip </pre> * Edit the php fpm config: <pre> vi /etc/php/7.0/fpm/php.ini </pre> #* And modify the following values: <pre> date.timezone = America/Los_Angeles cgi.fix_pathinfo=0 </pre> * Edit the php cli config: <pre> vi /etc/php/7.0/cli/php.ini </pre> #* And modify the following values: <pre> date.timezone = America/Los_Angeles cgi.fix_pathinfo=0 </pre> * Create the nextcloud php-fpm pool config file: <pre> vi /etc/php/7.0/fpm/pool.d/nextcloud.example.com.conf </pre> #* And add the following: <pre> [nextcloud.example.com] user = nextcloud group = www-data listen = /var/run/nextcloud.sock listen.owner = nextcloud listen.group = www-data pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3 env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp php_admin_value[session.save_path] = "/var/www/nextcloud/tmp" </pre> * Start and enable php-fpm: <pre> systemctl start php7.0-fpm systemctl enable php7.0-fpm </pre> --- h1. Install PostgreSQL * Start by installing the postgresql packages: <pre> apt-get install postgresql{,-contrib,-client}-9.6 </pre> * Edit the pg_hba.conf file: <pre> vi /etc/postgresql/9.6/main/pg_hba.conf </pre> #* And add the following to the end of the file to enable password authentication: <pre> host all all samehost md5 </pre> * Enable, initialize and start PostgreSQL <pre> systemctl enable postgresql systemctl start postgresql </pre> * Log in to postgresql user account <pre> su - postgres </pre> * Connect to postgresql database <pre> psql -d template1 </pre> #* Create a user and database for NextCloud: <pre> CREATE USER nextclouduser WITH PASSWORD 'SuperSecretPassword' CREATEDB; CREATE DATABASE nextclouddb OWNER nextclouduser; </pre> * Quit postgresql and exit the user: <pre> \q exit </pre> --- h1. Install Nextcloud * Download nextcloud: <pre> cd /var/www wget https://download.nextcloud.com/server/releases/nextcloud-13.0.12.zip unzip nextcloud-13.0.12.zip </pre> * Create an *nextcloud.example.com server block* config file: <pre> vi /etc/nginx/sites-available/nextcloud.example.com.conf </pre> #* Add the following: <pre> upstream nextcloud-handler { server unix:/var/run/nextcloud.sock; } server { listen 80; server_name nextcloud.example.com; # Path to the root of your installation root /var/www/nextcloud/; # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; index index.php; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ deny all; } location / { # The following 2 rules are only needed with webfinger rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; try_files $uri $uri/ =404; } location ~ \.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_pass nextcloud-handler; fastcgi_intercept_errors on; } # Adding the cache control header for js and css files # Make sure it is BELOW the location ~ \.php(?:$|/) { block location ~* \.(?:css|js)$ { add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; # Optional: Don't log access to assets access_log off; } # Optional: Don't log access to other assets location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { access_log off; } } </pre> * Create the temporary session folder and restrict its permissions: <pre> mkdir -p /var/www/nextcloud/tmp chmod o-rwx /var/www/nextcloud/tmp </pre> * Change the ownership of the nextcloud directory: <pre> chown -R nextcloud:www-data /var/www/nextcloud </pre> * Enable the site: <pre> ln -s /etc/nginx/sites-available/nextcloud.conf /etc/nginx/sites-enabled/ </pre> * Restart nginx : <pre> systemctl restart nginx </pre> --- h1. Redis * Install Redis and PHP extension: <pre> apt-get install redis-server php-redis </pre> * Edit the redis config: <pre> vi /etc/redis/redis.conf </pre> #* And modify the following parameters in the config: <pre> port 0 unixsocket /var/run/redis/redis.sock unixsocketperm 770 </pre> * Add nextcloud user to redis group <pre> usermod -aG redis nextcloud </pre> * Start and enable Redis at boot: <pre> systemctl enable redis-server systemctl start redis-server </pre> * Edit the NextCloud config: <pre> vi /var/www/nextcloud/config/config.php </pre> #* And add the following *before* the ending @);@: <pre> 'memcache.locking' => '\OC\Memcache\Redis', 'memcache.local' => '\OC\Memcache\Redis', 'redis' => array( 'host' => '/var/run/redis/redis.sock', 'port' => 0, ), </pre> --- h1. Resources * https://docs.nextcloud.com/server/13/admin_manual/installation/index.html * https://docs.nextcloud.com/server/13/admin_manual/configuration_database/linux_database_configuration.html * https://docs.nextcloud.com/server/13/admin_manual/configuration_server/caching_configuration.html * https://www.howtoforge.com/tutorial/ubuntu-nginx-nextcloud/