Nextcloud installation via command line

The term “in the cloud” is heard much these days. A growing number of services support or even rely on data storage and compute power over the net to provide various conveniences to end-users and enterprises. That comfort, however, cuts both ways – for many services it is hard to get your data out and migrate away, let alone the question about where your information is physically stored and secured.

Open source software like Nextcloud comes to the rescue, as it puts you back in control over your data, giving you full control of where you host and whom you give access to it. In this howto, I’ll show you how to install and configure Nextcloud on your server in a fully scriptable way.

I already began documenting my private server setup in this blog, yet much more is still to come. My basic setup is built on Ubuntu 16.04 LTS with nginx as web server, PHP 7.0 via FPM and MySQL as database.

Nextcloud also provides a web-based installer, but for configuration management and scripted setups, the installation via command line comes in quite handy.

Prerequisites

For configuring the nginx virtual host for Nextcloud, refer to the online documentation.

I’ll also strongly advocate for HTTPS encryption. Let’s Encrypt provides free SSL certificates with an easy-to-use command line client about which I’ve already blogged before.

For the rest of this howto, I’ll assume you have a working setup of nginx with a SSL certificate installed and a proper virtual host configured. I’ll also assume that a compatible database is up and running, so the Nextcloud installer can create users and tables during the installation process.

Creating system user

If you run PHP via FPM, I recommend setting up a dedicated user for Nextcloud, to distinguish it from other services. You can do so via

adduser --gecos "php-nextcloud" --system --home /srv/www/nextcloud --disabled-password --group php-nextcloud

and then assign some quota with

quotatool -u php-nextcloud -b -l 50632MB -q 50120MB /srv

If you run Postfix, I also recommend forwarding mails for this system user to root, whose mails then should end up in your admin inbox. You can do so via

echo "php-nextcloud: root" >> /etc/aliases
postalias /etc/aliases

Configuring PHP-FPM

With a dedicated system user for Nextcloud, you can setup a separate PHP FPM-Pool with

cat > /etc/php/7.0/fpm/pool.d/nextcloud.conf << EOF
[nextcloud]
user = php-nextcloud
group = php-nextcloud
listen = /var/run/php-fpm-\$pool.sock
listen.backlog = 4096
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
pm = dynamic
pm.max_children = 20
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 40
env[HOSTNAME] = yourservername
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
request_terminate_timeout = 120
php_admin_value[expose_php] = Off
php_admin_value[allow_url_fopen] = Off
php_admin_value[upload_max_filesize] = 32M
php_admin_value[post_max_size] = 32M
php_admin_value[session.gc_maxlifetime] = 86000
php_admin_value[max_execution_time] = 120
php_value[display_errors] = On
php_admin_value[cgi.fix_pathinfo] = 0
php_admin_value[opcache.enable_cli] = 1
php_admin_value[opcache.interned_strings_buffer] = 8
php_admin_value[opcache.max_accelerated_files] = 10000
php_admin_value[opcache.memory_consumption] = 128
php_admin_value[opcache.save_comments] = 1
php_admin_value[opcache.revalidate_freq] = 1
EOF

Note that you might want to change the maximum file size in the PHP configuration and in your web server, otherwise your uploads are capped to 32 MB per file. You should also change “yourservername” to the respective hostname.

To activate the pool, restart the FPM server with

service php7.0-fpm restart

In your nginx virtual host, the following directive enables the newly created pool for your Nextcloud virtual host, replacing the upstream php-handler from Nextcloud’s documentation:

fastcgi_pass unix:/var/run/php-fpm-nextcloud.sock;

Downloading Nextcloud

Now it’s time to download Nextcloud and extract it to the virtual host’s directory. At the time of this writing, the current version is 13.0.4. To download it to your temporary folder, use

wget https://download.nextcloud.com/server/releases/nextcloud-13.0.4.tar.bz2 -O /tmp/nextcloud.tar.bz2

Extract the downloaded archive via

tar xvfj /tmp/nextcloud.tar.bz2 --strip-components=1 -C /srv/www/nextcloud

Then remove the archive with

rm /tmp/nextcloud.tar.bz2

and fix the permissions via

chown -R php-nextcloud: /srv/www/nextcloud
chmod 751 /srv/www/nextcloud

Installing

This is the point where you’d normally open up the web interface and let the assistant guide you through the setup. This howto, however, focuses on installing Nextcloud via command line, so we’ll invoke each step from the shell.

First, go to the Nextcloud home directory via

cd /srv/www/nextcloud

Then do the initial setup via

sudo -u php-nextcloud php occ maintenance:install --database="mysql" --database-name="nextcloud" --database-host="localhost" --database-user="root" --database-pass="12345678" --database-table-prefix="" --admin-user="yourname" --admin-pass="87654321"

This:

• Invokes the occ command to start the installer (occ maintenance:install).
• Sets the database type to MySQL (–database=”mysql”) on the local machine (–database-host=”localhost”).
• Provides credentials of a user who can create a new database (–database-user=”root” and –database-pass=”12345678″). That is a rather risky thing to type on the command line in cleartext. If you can’t work with a temporary password that will be immediately revoked after installation, you can leave out the parameter and the setup script will ask you to type the password in. That way it will not be stored in your shell’s history file.
• Disables the table prefix. If you have a shared hosting with one database, you should set a unique table prefix. In case of a dedicated database only for Nextcloud, this can be omitted, as the tables are still distinguishable.
• Creates an admin user (–admin-user=”yourname”) and an admin password (–admin-pass=”87654321″) for accessing Nextcloud. Similar to the database credentials, you can omit this variable and the installer will ask you to type in the password manually to not store it in your shell’s history file.
  

Congratulations, Nextcloud is now installed on your system and you can proceed to adjusting the configuration to your needs!

Configuring system settings

To configure Nextcloud from the command line, the occ application already used for initial installation comes to play. It allows adding, editing and deleting configuration variables directly from the console, without the need to use the web interface.

As a first step, you should configure the so called trusted domain. Although I’m not sure, it seems that when installing via the web interface, the FQDN is added automatically, whereas for the command-line installation, only localhost is known and added and therefore the web interface throws an error message when you want to open your shiny new Nextcloud instance.

Slot 0 is already in use by localhost, so we’ll add your Nextcloud’s domain with

sudo -u php-nextcloud php occ config:system:set trusted_domains 1 --value="nextcloud.my.domain"

to slot 1 of the configuration. If your Nextcloud instance is available under multiple hostnames, add them as slots 2, 3 etc. respectively – and don’t forget to get proper SSL certificates for all of these.

You should also update another setting that pointed to localhost when installed via command line:

sudo -u php-nextcloud php occ config:system:set overwrite.cli.url --value="https://nextcloud.my.domain"

Another thing to configure is enabling the PHP cache. On a system with PHP-APC, the setting looks as follows and makes the warning message on the system information page disappear:

sudo -u php-nextcloud php occ config:system:set memcache.local --value="\OC\Memcache\APCu" --type=string

You can also change the default application that is shown in the web interface. After installation of the calendar app (see below), you can set it as default app with

sudo -u php-nextcloud php occ config:system:set defaultapp --value="calendar" --type=string

The default retention policy of deleted files can be adjusted as well. To delete all files after one week, but earlier if you run out of space, run

sudo -u php-nextcloud php occ config:system:set trashbin_retention_obligation --value="auto, 7" --type=string

When you have lots of users and/or activity in your Nextcloud instance, the log file can grow. Nextcloud includes an integrated log rotation mechanism that is disabled by default, so log files are not limited. To automatically rotate them after 10 MB, type

sudo -u php-nextcloud php occ config:system:set log_rotate_size --value="10485760" --type=integer

You can verify this configuration setting via

sudo -u php-nextcloud php occ log:file

To set the proper time zone for the log entries, configure them with

sudo -u php-nextcloud php occ config:system:set logtimezone --value="Europe/Berlin" --type=string

Per default, if users choose to store their login data in a cookie, this expires within fifteen days. If you want a shorter period, you can e.g. set it to one day via

sudo -u php-nextcloud php occ config:system:set remember_login_cookie_lifetime --value="86400" --type=integer

Nextcloud can send out e-mails for certain events, e.g. notification on changes or password reset requests. Depending on your mail server configuration, you might need to set a specific sender address. To set it to php-nextcloud@nextcloud.my.domain and only send plaintext messages instead of HTML, type

sudo -u php-nextcloud php occ config:system:set mail_from_address --value="php-nextcloud" --type=string
sudo -u php-nextcloud php occ config:system:set mail_domain --value="nextcloud.my.domain" --type=string
sudo -u php-nextcloud php occ config:system:set mail_send_plaintext_only --value="true" --type=boolean

Last but not least, if you have shell access to the server, I recommend setting up a regular cronjob by entering

echo "*/15 * * * * php-nextcloud php -f /srv/www/nextcloud/cron.php" > /etc/cron.d/9999nextcloud

and reconfiguring Nextcloud via

sudo -u php-nextcloud php occ config:app:set core backgroundjobs_mode --value="cron"

Configuring apps and policies

Many of the system defaults and policies are configured within the respective app. To enforce a password for publicly shared files, let shared links expire after two weeks without enforcing this setting, disable public file uploads and disable both incoming and outgoing federation as well as public address books, type

sudo -u php-nextcloud php occ config:app:set core shareapi_enforce_links_password --value="yes"
sudo -u php-nextcloud php occ config:app:set sharebymail enforcePasswordProtection --value="yes"
sudo -u php-nextcloud php occ config:app:set core shareapi_default_expire_date --value="yes"
sudo -u php-nextcloud php occ config:app:set core shareapi_expire_after_n_days --value="14"
sudo -u php-nextcloud php occ config:app:set core shareapi_allow_public_upload --value="no"
sudo -u php-nextcloud php occ config:app:set files_sharing incoming_server2server_share_enabled --value="no"
sudo -u php-nextcloud php occ config:app:set files_sharing outgoing_server2server_share_enabled --value="no"
sudo -u php-nextcloud php occ config:app:set files_sharing lookupServerUploadEnabled --value="no"

In a similar fashion, you can configure password policies. To enforce passwords with at least 8 characters, upper- and lowercase letters, numbers and special characters, type

sudo -u php-nextcloud php occ config:app:set password_policy enforceNumericCharacters --value="1"
sudo -u php-nextcloud php occ config:app:set password_policy enforceSpecialCharacters --value="1"
sudo -u php-nextcloud php occ config:app:set password_policy enforceUpperLowerCase --value="1"
sudo -u php-nextcloud php occ config:app:set password_policy minLength --value="8"

At least if you run a public service, you should have a proper imprint and privacy policy page setup. Nextcloud allows embedding a link to these, but you have to properly escape the URLs. It looks like this:

sudo -u php-nextcloud php occ config:app:set theming imprintUrl --value="https:\/\/nextcloud.my.domain\/imprint\/"
sudo -u php-nextcloud php occ config:app:set theming privacyUrl --value="https:\/\/nextcloud.my.domain\/privacy\/"

You can also set user defaults via the occ command. To enable display of the user’s e-mail address and the last login date in the backend, enter

sudo -u php-nextcloud php occ config:app:set core umgmt_show_email --value="true"
sudo -u php-nextcloud php occ config:app:set core umgmt_show_last_login --value="true"

To set a default quota of 1 GB and enable e-mailing new users with a link to create their password, type

sudo -u php-nextcloud php occ config:app:set files default_quota --value="1 GB"
sudo -u php-nextcloud php occ config:app:set core umgmt_send_email --value="true

To get an overview over further system configuration options, look at the respective Nextcloud documentation page.

Installing and enabling apps

Now that the base system is configured, you might want to look into installing further apps. You can not only install, but also configure these with the occ command as well. In order to find out what configuration variable a specific application’s setting touches, run

sudo -u php-nextcloud php occ config:list

to get an output of all current settings. By enabling or disabling a setting you see which of these change and can identify the respective setting.

To enable an app that is already installed, use

sudo -u php-nextcloud php occ app:enable files_pdfviewer

For any other apps, you have to install them first. To find out what’s available, you can browse the apps section in the web interface, where you can also find out the proper name. To deploy a specific app from the command line, you first have to install and then enable it. To equip your Nextcloud installation with a calendar you’d use

sudo -u php-nextcloud php occ app:install calendar
sudo -u php-nextcloud php occ app:enable calendar

and to enable the contacts application you’d type

sudo -u php-nextcloud php occ app:install contacts
sudo -u php-nextcloud php occ app:enable contacts

For enabling the external sites plugin, it would be

sudo -u php-nextcloud php occ app:install external
sudo -u php-nextcloud php occ app:enable external

and for the group folders plugin you enter

sudo -u php-nextcloud php occ app:install groupfolders
sudo -u php-nextcloud php occ app:enable groupfolders

The new Nextcloud Talk can be enabled via

sudo -u php-nextcloud php occ app:install spreed
sudo -u php-nextcloud php occ app:enable spreed

and some other productivity tools are available with

sudo -u php-nextcloud php occ app:install notes
sudo -u php-nextcloud php occ app:enable notes
sudo -u php-nextcloud php occ app:install tasks
sudo -u php-nextcloud php occ app:enable tasks
sudo -u php-nextcloud php occ app:install bookmarks
sudo -u php-nextcloud php occ app:enable bookmarks

That’s it! ;-)

The occ command provides many more options that help you maintain your Nextcloud installation. Please refer to the official documentation for further details.

As always, I’m happy to hear your feedback, proposals, suggestions and of course also corrections in the comments below.