The term “in the cloud” is heard much these days. A growing number of services support or even rely on data storage and compute power over the net to provide various conveniences to end-users and enterprises. That comfort, however, cuts both ways – for many services it is hard to get your data out and migrate away, let alone the question about where your information is physically stored and secured.
Open source software like Nextcloud comes to the rescue, as it puts you back in control over your data, giving you full control of where you host and whom you give access to it. In this howto, I’ll show you how to install and configure Nextcloud on your server in a fully scriptable way.
I already began documenting my private server setup in this blog, yet much more is still to come. My basic setup is built on Ubuntu 16.04 LTS with nginx as web server, PHP 7.0 via FPM and MySQL as database.
Nextcloud also provides a web-based installer, but for configuration management and scripted setups, the installation via command line comes in quite handy.
For configuring the nginx virtual host for Nextcloud, refer to the online documentation.
I’ll also strongly advocate for HTTPS encryption. Let’s Encrypt provides free SSL certificates with an easy-to-use command line client about which I’ve already blogged before.
For the rest of this howto, I’ll assume you have a working setup of nginx with a SSL certificate installed and a proper virtual host configured. I’ll also assume that a compatible database is up and running, so the Nextcloud installer can create users and tables during the installation process.
Creating system user
If you run PHP via FPM, I recommend setting up a dedicated user for Nextcloud, to distinguish it from other services. You can do so via
adduser --gecos "php-nextcloud" --system --home /srv/www/nextcloud --disabled-password --group php-nextcloud
and then assign some quota with
quotatool -u php-nextcloud -b -l 50632MB -q 50120MB /srv
If you run Postfix, I also recommend forwarding mails for this system user to root, whose mails then should end up in your admin inbox. You can do so via
echo "php-nextcloud: root" >> /etc/aliases postalias /etc/aliases
With a dedicated system user for Nextcloud, you can setup a separate PHP FPM-Pool with
cat > /etc/php/7.0/fpm/pool.d/nextcloud.conf << EOF [nextcloud] user = php-nextcloud group = php-nextcloud listen = /var/run/php-fpm-\$pool.sock listen.backlog = 4096 listen.owner = www-data listen.group = www-data listen.mode = 0660 pm = dynamic pm.max_children = 20 pm.start_servers = 1 pm.min_spare_servers = 1 pm.max_spare_servers = 3 pm.max_requests = 40 env[HOSTNAME] = yourservername env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp request_terminate_timeout = 120 php_admin_value[expose_php] = Off php_admin_value[allow_url_fopen] = Off php_admin_value[upload_max_filesize] = 32M php_admin_value[post_max_size] = 32M php_admin_value[session.gc_maxlifetime] = 86000 php_admin_value[max_execution_time] = 120 php_value[display_errors] = On php_admin_value[cgi.fix_pathinfo] = 0 php_admin_value[opcache.enable_cli] = 1 php_admin_value[opcache.interned_strings_buffer] = 8 php_admin_value[opcache.max_accelerated_files] = 10000 php_admin_value[opcache.memory_consumption] = 128 php_admin_value[opcache.save_comments] = 1 php_admin_value[opcache.revalidate_freq] = 1 EOF
Note that you might want to change the maximum file size in the PHP configuration and in your web server, otherwise your uploads are capped to 32 MB per file. You should also change “yourservername” to the respective hostname.
To activate the pool, restart the FPM server with
service php7.0-fpm restart
In your nginx virtual host, the following directive enables the newly created pool for your Nextcloud virtual host, replacing the upstream php-handler from Nextcloud’s documentation:
Now it’s time to download Nextcloud and extract it to the virtual host’s directory. At the time of this writing, the current version is 13.0.4. To download it to your temporary folder, use
wget https://download.nextcloud.com/server/releases/nextcloud-13.0.4.tar.bz2 -O /tmp/nextcloud.tar.bz2
Extract the downloaded archive via
tar xvfj /tmp/nextcloud.tar.bz2 --strip-components=1 -C /srv/www/nextcloud
Then remove the archive with
and fix the permissions via
chown -R php-nextcloud: /srv/www/nextcloud chmod 751 /srv/www/nextcloud
This is the point where you’d normally open up the web interface and let the assistant guide you through the setup. This howto, however, focuses on installing Nextcloud via command line, so we’ll invoke each step from the shell.
First, go to the Nextcloud home directory via
Then do the initial setup via
sudo -u php-nextcloud php occ maintenance:install --database="mysql" --database-name="nextcloud" --database-host="localhost" --database-user="root" --database-pass="12345678" --database-table-prefix="" --admin-user="yourname" --admin-pass="87654321"
- Invokes the occ command to start the installer (occ maintenance:install).
- Sets the database type to MySQL (–database=”mysql”) on the local machine (–database-host=”localhost”).
- Provides credentials of a user who can create a new database (–database-user=”root” and –database-pass=”12345678″). That is a rather risky thing to type on the command line in cleartext. If you can’t work with a temporary password that will be immediately revoked after installation, you can leave out the parameter and the setup script will ask you to type the password in. That way it will not be stored in your shell’s history file.
- Disables the table prefix. If you have a shared hosting with one database, you should set a unique table prefix. In case of a dedicated database only for Nextcloud, this can be omitted, as the tables are still distinguishable.
- Creates an admin user (–admin-user=”yourname”) and an admin password (–admin-pass=”87654321″) for accessing Nextcloud. Similar to the database credentials, you can omit this variable and the installer will ask you to type in the password manually to not store it in your shell’s history file.
Congratulations, Nextcloud is now installed on your system and you can proceed to adjusting the configuration to your needs!
Configuring system settings
To configure Nextcloud from the command line, the occ application already used for initial installation comes to play. It allows adding, editing and deleting configuration variables directly from the console, without the need to use the web interface.
As a first step, you should configure the so called trusted domain. Although I’m not sure, it seems that when installing via the web interface, the FQDN is added automatically, whereas for the command-line installation, only localhost is known and added and therefore the web interface throws an error message when you want to open your shiny new Nextcloud instance.
Slot 0 is already in use by localhost, so we’ll add your Nextcloud’s domain with
sudo -u php-nextcloud php occ config:system:set trusted_domains 1 --value="nextcloud.my.domain"
to slot 1 of the configuration. If your Nextcloud instance is available under multiple hostnames, add them as slots 2, 3 etc. respectively – and don’t forget to get proper SSL certificates for all of these.
You should also update another setting that pointed to localhost when installed via command line:
sudo -u php-nextcloud php occ config:system:set overwrite.cli.url --value="https://nextcloud.my.domain"
Another thing to configure is enabling the PHP cache. On a system with PHP-APC, the setting looks as follows and makes the warning message on the system information page disappear:
sudo -u php-nextcloud php occ config:system:set memcache.local --value="\OC\Memcache\APCu" --type=string
You can also change the default application that is shown in the web interface. After installation of the calendar app (see below), you can set it as default app with
sudo -u php-nextcloud php occ config:system:set defaultapp --value="calendar" --type=string
The default retention policy of deleted files can be adjusted as well. To delete all files after one week, but earlier if you run out of space, run
sudo -u php-nextcloud php occ config:system:set trashbin_retention_obligation --value="auto, 7" --type=string
When you have lots of users and/or activity in your Nextcloud instance, the log file can grow. Nextcloud includes an integrated log rotation mechanism that is disabled by default, so log files are not limited. To automatically rotate them after 10 MB, type
sudo -u php-nextcloud php occ config:system:set log_rotate_size --value="10485760" --type=integer
You can verify this configuration setting via
sudo -u php-nextcloud php occ log:file
To set the proper time zone for the log entries, configure them with
sudo -u php-nextcloud php occ config:system:set logtimezone --value="Europe/Berlin" --type=string
Per default, if users choose to store their login data in a cookie, this expires within fifteen days. If you want a shorter period, you can e.g. set it to one day via
sudo -u php-nextcloud php occ config:system:set remember_login_cookie_lifetime --value="86400" --type=integer
Nextcloud can send out e-mails for certain events, e.g. notification on changes or password reset requests. Depending on your mail server configuration, you might need to set a specific sender address. To set it to email@example.com and only send plaintext messages instead of HTML, type
sudo -u php-nextcloud php occ config:system:set mail_from_address --value="php-nextcloud" --type=string sudo -u php-nextcloud php occ config:system:set mail_domain --value="nextcloud.my.domain" --type=string sudo -u php-nextcloud php occ config:system:set mail_send_plaintext_only --value="true" --type=boolean
Last but not least, if you have shell access to the server, I recommend setting up a regular cronjob by entering
echo "*/15 * * * * php-nextcloud php -f /srv/www/nextcloud/cron.php" > /etc/cron.d/9999nextcloud
and reconfiguring Nextcloud via
sudo -u php-nextcloud php occ config:app:set core backgroundjobs_mode --value="cron"
Configuring apps and policies
Many of the system defaults and policies are configured within the respective app. To enforce a password for publicly shared files, let shared links expire after two weeks without enforcing this setting, disable public file uploads and disable both incoming and outgoing federation as well as public address books, type
sudo -u php-nextcloud php occ config:app:set core shareapi_enforce_links_password --value="yes" sudo -u php-nextcloud php occ config:app:set sharebymail enforcePasswordProtection --value="yes" sudo -u php-nextcloud php occ config:app:set core shareapi_default_expire_date --value="yes" sudo -u php-nextcloud php occ config:app:set core shareapi_expire_after_n_days --value="14" sudo -u php-nextcloud php occ config:app:set core shareapi_allow_public_upload --value="no" sudo -u php-nextcloud php occ config:app:set files_sharing incoming_server2server_share_enabled --value="no" sudo -u php-nextcloud php occ config:app:set files_sharing outgoing_server2server_share_enabled --value="no" sudo -u php-nextcloud php occ config:app:set files_sharing lookupServerUploadEnabled --value="no"
In a similar fashion, you can configure password policies. To enforce passwords with at least 8 characters, upper- and lowercase letters, numbers and special characters, type
sudo -u php-nextcloud php occ config:app:set password_policy enforceNumericCharacters --value="1" sudo -u php-nextcloud php occ config:app:set password_policy enforceSpecialCharacters --value="1" sudo -u php-nextcloud php occ config:app:set password_policy enforceUpperLowerCase --value="1" sudo -u php-nextcloud php occ config:app:set password_policy minLength --value="8"
sudo -u php-nextcloud php occ config:app:set theming imprintUrl --value="https:\/\/nextcloud.my.domain\/imprint\/" sudo -u php-nextcloud php occ config:app:set theming privacyUrl --value="https:\/\/nextcloud.my.domain\/privacy\/"
You can also set user defaults via the occ command. To enable display of the user’s e-mail address and the last login date in the backend, enter
sudo -u php-nextcloud php occ config:app:set core umgmt_show_email --value="true" sudo -u php-nextcloud php occ config:app:set core umgmt_show_last_login --value="true"
To set a default quota of 1 GB and enable e-mailing new users with a link to create their password, type
sudo -u php-nextcloud php occ config:app:set files default_quota --value="1 GB" sudo -u php-nextcloud php occ config:app:set core umgmt_send_email --value="true
To get an overview over further system configuration options, look at the respective Nextcloud documentation page.
Installing and enabling apps
Now that the base system is configured, you might want to look into installing further apps. You can not only install, but also configure these with the occ command as well. In order to find out what configuration variable a specific application’s setting touches, run
sudo -u php-nextcloud php occ config:list
to get an output of all current settings. By enabling or disabling a setting you see which of these change and can identify the respective setting.
To enable an app that is already installed, use
sudo -u php-nextcloud php occ app:enable files_pdfviewer
For any other apps, you have to install them first. To find out what’s available, you can browse the apps section in the web interface, where you can also find out the proper name. To deploy a specific app from the command line, you first have to install and then enable it. To equip your Nextcloud installation with a calendar you’d use
sudo -u php-nextcloud php occ app:install calendar sudo -u php-nextcloud php occ app:enable calendar
and to enable the contacts application you’d type
sudo -u php-nextcloud php occ app:install contacts sudo -u php-nextcloud php occ app:enable contacts
For enabling the external sites plugin, it would be
sudo -u php-nextcloud php occ app:install external sudo -u php-nextcloud php occ app:enable external
and for the group folders plugin you enter
sudo -u php-nextcloud php occ app:install groupfolders sudo -u php-nextcloud php occ app:enable groupfolders
The new Nextcloud Talk can be enabled via
sudo -u php-nextcloud php occ app:install spreed sudo -u php-nextcloud php occ app:enable spreed
and some other productivity tools are available with
sudo -u php-nextcloud php occ app:install notes sudo -u php-nextcloud php occ app:enable notes sudo -u php-nextcloud php occ app:install tasks sudo -u php-nextcloud php occ app:enable tasks sudo -u php-nextcloud php occ app:install bookmarks sudo -u php-nextcloud php occ app:enable bookmarks
That’s it! ;-)
The occ command provides many more options that help you maintain your Nextcloud installation. Please refer to the official documentation for further details.
As always, I’m happy to hear your feedback, proposals, suggestions and of course also corrections in the comments below.