There is a new version of this tutorial available for Debian 11 (Bullseye).

How to Install NextCloud on Debian 10

NextCloud is a free and open-source file hosting and file sharing server forked from ownCloud project. It is very similar to other file sharing services like Google Drive, Dropbox and iCloud. NextCloud allows you to store files, documents, pictures, Movies, and Videos from the central location. With NextCloud, you can share files, contacts, and any other media with your friends and clients. NextCloud integrates with mail, calendar, contacts and other features that will help your teams to get their work done faster and easier. You can install NextCloud client on a desktop machine to synchronize files with your Nextcloud server. Desktop clients are available for most operating systems including, Windows, macOS, FreeBSD, and Linux.

In this tutorial, we will explain how to install NextCloud and secure it with Let's Encrypt SSL on Debian 10.

Prerequisites

  • A server running Debian 10.
  • A valid domain name pointed with your server IP. in this tutorial, we will use nextcloud.example.com domain.
  • A root password is configured on your server.

Install Apache, MariaDB and PHP

NextCloud runs on the webserver, written in PHP and uses MariaDB to store their data. So you will need to install Apache, MariaDB, PHP and other required packages on your system. You can install all of them by running the following command:

apt-get install apache2 libapache2-mod-php mariadb-server php-xml php-cli php-cgi php-mysql php-mbstring php-gd php-curl php-zip wget unzip -y

Once all the packages are installed, open the php.ini file and tweak some recommended settings:

nano /etc/php/7.3/apache2/php.ini

Change the following settings:

memory_limit = 512M
upload_max_filesize = 500M
post_max_size = 500M
max_execution_time = 300
date.timezone = Asia/Kolkata

Save and close the file when you are finished. Then, start the Apache and MariaDB service and enable them to start after system reboot with the following command:

systemctl start apache2
systemctl start mariadb
systemctl enable apache2
systemctl enable mariadb

Once you are done, you can proceed to the next step.

Configure Database for NextCloud

Next, you will need to create a database and database user for NextCloud. To do so, log in to MariaDB shell with the following command:

mysql -u root -p

Provide your root password when asked then create a database and user with the following command:

MariaDB [(none)]> CREATE DATABASE nextclouddb;
MariaDB [(none)]> CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'password';

Next, grant all the privileges to the nextclouddb with the following command:

MariaDB [(none)]> GRANT ALL ON nextclouddb.* TO 'nextclouduser'@'localhost';

Next, flush the privileges and exit from the MariaDB shell with the following command:

MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;

Once you are done, you can proceed to the next step.

Download NextCloud

First, visit the NextCloud download page and download the latest version of the NextCloud on your system. At the time of writing this article, the latest version of NextCloud is 17.0.1. You can download it with the following command:

wget https://download.nextcloud.com/server/releases/nextcloud-17.0.1.zip

Once the download is completed, unzip the downloaded file with the following command:

unzip nextcloud-17.0.1.zip

Next, move the extracted directory to the Apache web root directory:

mv nextcloud /var/www/html/

Next, give proper permissions to the nextcloud directory with the following command:

chown -R www-data:www-data /var/www/html/nextcloud/
chmod -R 755 /var/www/html/nextcloud/

Once you are finished, you can proceed to the next step.

Configure Apache for NextCloud

Next, you will need to create an Apache virtual host configuration file to serve NextCloud. You can create it with the following command:

nano /etc/apache2/sites-available/nextcloud.conf

Add the following lines:

<VirtualHost *:80>
     ServerAdmin [email protected]
     DocumentRoot /var/www/html/nextcloud/
     ServerName nextcloud.example.com

     Alias /nextcloud "/var/www/html/nextcloud/"

     <Directory /var/www/html/nextcloud/>
        Options +FollowSymlinks
        AllowOverride All
        Require all granted
          <IfModule mod_dav.c>
            Dav off
          </IfModule>
        SetEnv HOME /var/www/html/nextcloud
        SetEnv HTTP_HOME /var/www/html/nextcloud
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

Save and close the file when you are finished. Then, enable the Apache virtual host file and other required modules using the following commands:

a2ensite nextcloud.conf
a2enmod rewrite
a2enmod headers
a2enmod env
a2enmod dir
a2enmod mime

Finally, restart the Apache service to apply the new configuration:

systemctl restart apache2

Secure NextCloud with Let's Encrypt Free SSL

NextCloud is now installed and configured. Next, it is recommended to secure it with Let's Encrypt free SSL. To do so, first install the Certbot client with the following command:

apt-get install python-certbot-apache -y

Once installed, you can run the following command to install Let's Encrypt Certificate for your domain nextcloud.example.com.

certbot --apache -d nextcloud.example.com

During the installation, you will be asked to provide your email address and accept the term of service as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nextcloud.example.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/nextcloud-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/nextcloud-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/nextcloud-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Next, type 2 and hit Enter to download and install a free SSL certificate for your domain. Once the installation has been completed successfully. You should get the following output:

Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/nextcloud.conf to ssl vhost in /etc/apache2/sites-available/
nextcloud-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://nextcloud.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=nextcloud.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2019-10-22. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Once you are finished, you can proceed to the next step.

Access NextCloud Web Interface

Your NextCloud is now configured and secured with Let's Encrypt SSL. Next, open your web browser and type the URL https://nextcloud.example.com. You will be redirected to the following page:

NextCloud Login

Configure the database

Now, provide your admin username and password, Data folder, Correct database credentials and click on the Finish setup button. You will be redirected to the NextCloud dashboard in the following page:

NextCloud Dashboard

That's it for now.

Conclusion

Congratulations! you have successfully installed and secured NextCloud with Let's Encrypt Free SSL on Debian 10. You can now easily share files, documents, and media with other users using NextCloud web interface.

Share this page:

Suggested articles

23 Comment(s)

Add comment

Comments

By: Saddam ZEMMALI

We can use this Ansible playbook to install nextcloud, php, nginx or apache, mariadb or postgres, redis-server, onlyoffice or collabora office on Linux machines (Amazing role)https://github.com/ReinerNippes/nextcloud

 

By: Leles

Excelent

By: Rhys

Awesome! This was a huge help. The Nextcloud provided VM Script did not work correctly for me and this did! Really great work.

By: Milly

Hi

How can I add Nextcloud safely without breaking a server with ISPConfig with Apache? (installed with the tutorial The Perfect Server - Debian 10 Apache ....)

 

Thanks

By: Thom Pol

ISPConfig -> Sites -> Website

Add new website "nextcloud.example.tld", assign it to the client you want to install Nextcloud for "From now on I'll call him John Smith with customer ID 8), assign IP adresses, eventually set quota, set Auto-subdomain to None, enable SSL if you have LE, enable PHP. Then hit save.

Go to Database users

Add new user, assign it to John Smith, name it "nextcloud" and generate a password. Write the password down. Save.

Go to Databases

Add new database and configure: site = nextcloud.example.tld, database name = nextcloud, eventually set database quota, and select database user "c8nextcloud" (your customer ID will probably be different, so check that). Hit save.

Go to FTP accounts -> Add new FTP-user, assign it to nextcloud.example.tld, name it nextcloud and generate a password (write this password down).

Download Nextcloud to your laptop/PC, unpack the zip file, and upload the contents of the unzipped folder to your /web folder (using the FTP user we just created)

In your browser, go to nextcloud.example.tld and follow the setup steps. It will ask for you database name, user, and password. The database name is Nextcloud, user is c8nextcloud, and you've written down the password earlier, so just copy that.

That's it!

By: Miljan Arandelovica

If you have a problem that the command "a2ensite nextcloud.conf" throws out the message "bash: a2ensite: commande introuvable" you should do the following:

run the command "nano ~/.bashrc" and add the following "export PATH ="/usr/sbin:$PATH"

then execute the "source ~/.bashrc" command

By: Alejandro Espejo

Me aparece el siguiente mensaje y no puedo acceder al programa nextcloud

IMPORTANT NOTES: - The following errors were reported by the server:   Domain: nextcloud.example.com   Type:   None   Detail: DNS problem: NXDOMAIN looking up A for   nextcloud.example.com - check that a DNS record exists for this   domain

¿Puedes ayudarme a corregir y terminar la configuración?

 

By: Josue M.

Alejandro, necesitas un dominio. Si no tienes puedes comprar uno o conseguir uno gratuito. Luego de comprarlo u obtenerlo tienes que crear un record A que apunte a nextcloud.tudominio.com (donde tudominio.com es el dominio que obtuviste) y que debe aputnar a la IP pública del servidor donde estas instalando Nextcloud.

By: DHRK

The chmod command gives far too much permissions. Instead use the script provided by Nextcloud to harden the permissions on the website directory.It can be found here: https://docs.nextcloud.com/server/9.0/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions

By: Mark

Perfect!

By: PrinceRodney

Nice tutorial. Consice but complete. A couple of quick questions:

1. Is there any issue adding SSL after the fact? 

2. What are the implications for other services running from root. Specifically pihole. 

My guess is neither of these will present an issue but would like to clarify iif possible. 

Thanks!

By: enrico

Hi,when i tried to install Let's Encrypt Certificate for my domain, it always says the domain dns doesn't exist. What should i do?

By: Orrin Ahola

Wow thanks, this work PERFECTLY.  I still need to get a domain name but for testing purposes without encryption this walkthrough was excellent.  Tried to do encryption with just the IP address but this was not allowed by the certbot command.  :)

By: Aart Jansen

Great guide. I had a little issue where getting to the lets encrypt part wouldn't get a certificate the error said the request was invalid. This was because http://nextcloud.example.com would go to the apache default page and my nextcloud was at http://nextcloud.example.com/nextcloud. Took me a little while to realise how to fix this, by running

a2dissite 000-default.conf

and then

systemctl restart apache2After that certbot worked fine.

By: Robbie

Hey I want to set this up for my own home server, as such I dont have a domain name or anything. How would I go about doing this? Also you should mention that most of the commands require sudo infront otherwise they wont work. And one more thing, having this on each command made it confusing. At first I wasnt sure if I should be including that as well.

 

MariaDB [(none)]>

By: Jan

Sudo is not required in front of the commands, the guide expects that you are logged in as root, see prerequisites.

By: Konstantinos

There are some things I don't understand. Using port 80 is suggested in the apache configuration. But... isn't port 80 serving the http requests only? I thought that it would be port 443 that we should use here. I tried using port 443. I have opened for example port XXXX in my router and tunnel it to port 443 on my server's IP address. I acces now my nextcloud server over the internet on "https://my.domain.here:XXXX".

By: Gary Dale

The installation instructions have some holes in them. For example, the instruction to edit php.ini says to set date.timezone = Asia/Kolkata which at least requires explanation. Do you mean that literally or is that intended to be replaced by the local timezone of the server I'm trying to set up? If the former, why? And if the latter, is there a list of valid possible entries you could point to?Later on, I am instructed to enter

MariaDB [(none)]> CREATE DATABASE nextclouddb; MariaDB [(none)]> CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'password';

but that returns a syntax error:

ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'MariaDB [(none)]> CREATE DATABASE nextclouddb' at line 1Of course, the issue is that you've got the MariaDB prompt in with the command. Perhaps I'm nitpicking but this could be confusing to people who just like to cut & paste commands. The larger issue is that it isn't clear if I just created a user with a password of "password" or a user who requires a password.

More pointedly, is "nextclouduser" - or "nextclouddb" for that matter, "magic" words that must be used for it to work, or could they be changed to something less obvious to someone trying to break into the system?

Thanks for setting up the wiki. I'm following it through step by step and perhaps some of these issues will be clearer by the time I've finished. However I'm worried that I may end up having to redo some of the work to make it fit my use better.

By: jacob

thank you for the guide.

i followed it wuthe the 20.0.4 version on a raspbian 10 buster but when i put my address i get this:

[PHP Code Removed from Post]

where did i went wrong? what can i do?

thank you.

By: KS

Thanks a million for such a great tutorial!

By: Penplan

Excellent Tutorial! It's basically only "copy&paste" to get the system up and running! Thanks a lot!

By: Alex

The problem with so many manual, like this is: THERE IS NO DATE when it was written.

I am trying to install it since days an follow this manual. BUT things have probably changed and this manual is not working.

How old it it already? 5 years?

Important, always add a DATE - DATE - DATE... 

By: till

Dates do not really matter for tutorials, as one can write a tutorial with today's date for an older software as well. What really matters is for which exact OS version it has been written and which software version was used in that guide. As the title says, this tutorial has been written for Debian 10, so do not use it e.g. on Debian 9 or Debian 11 (there are other guides for these versions here at howtoforge, see links in the top section of the guide). And as you can see in the text it states that it was written for "NextCloud is 17.0.1".