قالب وردپرس درنا توس
Home / How To / How to install Nextcloud with Nginx and Let's Encrypt SSL on Ubuntu 20.04 LTS

How to install Nextcloud with Nginx and Let's Encrypt SSL on Ubuntu 20.04 LTS



Nextcloud is a free (open source) Dropbox-like software, a fork for the ownCloud project. Nextcloud is written in PHP and JavaScript, it supports many database systems such as MySQL / MariaDB, PostgreSQL, Oracle Database and SQLite.

To keep your files synchronized between Desktop and your own server, Nextcloud provides applications for Windows, Linux and Mac desktops and a mobile app for Android and iOS. Nextcloud is not just a Dropbox clone, it provides additional features such as Calendar, Contacts, Scheduling Tasks and streaming media with Ampache etc.

In this tutorial we will show you how to install and configure the latest version of Nextcloud (when I writing this is the latest version 18) on a Ubuntu 20.04 server. We will run Nextcloud with an Nginx web server and PHP7.4-FPM and use the MariaDB server as a database system.

Prerequisites

  • Ubuntu 20.04
  • Root privileges

What we will do

  1. Install Nginx Web Server
  2. Install and configure PHP7.4-FPM
  3. Install and configure MySQL Server
  4. Generate SSL Letsencrypt
  5. Download Nextcloud 18
  6. Configure Nginx Virtual Host for Nextcloud
  7. UFW Firewall Configuration 1965900 Nextcloud Post-Installation

Step 1 – Install Nginx Web Server

The first step we will take in this next guide is to install Nginx web server. We will use Nginx web server instead of Apache web server.

Log in to the server and update the repository, then install the Nginx web server with the apt command shown below.

  sudo apt update 
sudo apt install nginx-y

When the installation is complete, start the Nginx service and enable the service to start each time at system startup with systemctl.

  systemctl start nginx 
systemctl enable nginx

The nginx service is running, check it with the following command.

  systemctl status nginx 

And you will get the result as below.

 Installing Nginx Web Server [19659018] As a result, Nginx Web Server has been installed on Ubuntu 20.04.

Step 2 – Install and Configure PHP7.4-FPM

By default, Ubuntu 20.04 comes with standard version PHP 7.4.

Install PHP and PHP-FPM packages needed by Nextcloud using the apt command below. [19659019] sudo apt install php-fpm php-curl php-cli php-mysql php-gd php-common php-xml php-json php-intl php-pair php-imagick php-dev php-common php-mbstring php zip php-soap php-bz2 -y

When the installation is complete, we configure the php.ini files for php-fpm and php-cli.

Go to directory & # 39; /etc/php/7.4&#39 ;.

  cd /etc/php/7.4/strong19659020uutEdit php.ini files for php-fpm and php-cli with vim.     

  vim fpm / php .ini 
vim cli / php.ini

Clear the line "date.timezone" and change the value with your own time zone.

  date.timezone = Asia / Jakarta 

Uncomment the & # 39; cgi.fix_pathinfo & # 39; line and change the value to & # 39; 0 & # 39 ;.

  cgi.fix_pathinfo = 0 

Save and exit.

Then edit the php-fpm pool configuration "www.conf".

  vim fpm / pool.d / www.conf 

Define these rows below.

  env [HOSTNAME] = $ HOSTNAME
env [PATH] = / usr / local / bin: / usr / bin: / bin
env [TMP] = / tmp
env [TMPDIR] = / tmp
env [TEMP] = / tmp 

Save and exit.

Restart the PHP7.4-FPM service and have it restart every time the system is started.

  systemctl restart php7.4-fpm 
systemctl enable php7.4-fpm

 Install PHP-FPM 7.4

Now check the PHP-FPM service with the following command.

  ss -xa | grep php 
systemctl status php7.4-fpm

And you will get php-fpm running under the sock file & # 39; /run/php/php7.4-fpm.sock' .ebrit19659053 EdinAdvertisements

 Check PHP-FPM Service

Step 3 - Install and configure MariaDB Server

In this step we will install the latest MariaDB version and create a new database for the next installation. The latest version of MariaDB packages is available by default at the repository.

Install the latest version of MariaDB server with the apt command below.

  sudo apt install mariadb-server-y 

When the installation is complete, start MariaDB service and enable it to start each time at system startup.

  systemctl start mariadb 
systemctl enable mariadb

Now check the MySQL service with the following command.

  systemctl status mariadb 

 Install MariaDB Server

The MariaDB server is running on Ubuntu 20.04.

Then we configure the root password for MariaDB with the command "mysql_secure_installation".

Run the following command.

  mysql_secure_installation 

19659020] And you will be prompted to configure the MariaDB server. Also enter the new root password for MariaDB server. Advertising Services

  Enter the current root password (enter none):  Press Enter 
Set root password? [Y/n] Y
Remove anonymous users? [Y/n] Y
Remove root login remotely? [Y/n] Y
Remove the test database and access it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

And the MariaDB root password has been set.

Then we create a new database for the installation of nextcloud. We create a new database named & # 39; nextcloud_db & # 39; with the user & # 39; nextclouduser & # 39; and password & # 39; [email protected] & # 39 ;.

Log in to the MySQL shell as root user with the mysql command.

  mysql -u root -p 
TYPE MYSQL ROOT PASSWORD

Now create the database and the user with the password by following MySQL queries.

  create database nextcloud_db; 
create user [email protected] identified by & # 39; [email protected] & # 39 ;;
grant all privileges on nextcloud_db. * to [email protected] identified with & # 39; [email protected] & # 39 ;;
flush privileges;

And the new database and user for the nextcloud installation has been created.

 Create new database for Nextcloud

The MariaDB installation and configuration for nextcloud has been completed.

Step 4 - Generate SSL Letsencrypt

In this tutorial we will secure nextcloud with free SSL from Letsencrypt, and we will generate certificate files using the encryption tool.

If you do not have a domain name or install nextcloud on the local computer, you can generate self-signed certificate with OpenSSL.

Install the "letsencrypt" utility with the apt command below.

  sudo apt install certbot -y 

When installation is complete, stop the nginx service.

  systemctl stop nginx 

Then we generate SSL certificates for our domain name "nextcloud. Hakase-labs.io & # 39; with the cerbot command line. Run the command below.

  certbot certonly --standalone -d cloud .hakase-labs.io 

You will be prompted for the email address and it will be used to renew the message. For the Letsencrypt TOS Agreement, type & # 39; A & # 39; to join and for the email address for sharing, you can write & # 39; N & # 39; for #

  Generate Let's Encrypt SSL Certificates

When done, you will get results shown below.

  SSL Certificates created

SSL certificates The Letsencrypt for the domain name netxcloud has been generated, everything is in the directory & # 39; / etc / letsencrypt / live / your-domain & # 39; [19659104] Step 5 - Download Nextcloud [19659016] Before downloading the next source code, make sure that the unzip package is installed in the system. If you do not have the package, install ra with the apt command below.

  sudo apt install wget unzip zip -y 

Now go to directory & # 39; / var / www & # 39; and download the latest version of Nextcloud with the following command.

  cd / var / www / 
wget -q https://download.nextcloud.com/server/releases/latest.zipebrit19659020??Extract the Nextcloud source code and you will get a new directory & # 39; netxcloud & # 39 ;, change the ownership of the next-cloud directory to the user & # 39; www data & # 39 ;.

  unzip -qq latest.zip 
sudo chown -R www-data: www-data / var / www / nextcloud [19659020] As a result, Nextcloud has been downloaded under the & # 39; / var / www / nextcloud & # 39 ;, and it will be the root directory.

 Download Nextcloud Ads Ads [19659115] Step 6 - Configure Nginx Virtual Host for Nextcloud

In this step, we configure the virtual nginx host for nextcloud. We configure the nextcloud to run under the HTTPS connection and automatically force the HTTP connection to the secure HTTPS connection.

Now go to the & # 39; / etc / nginx / sites-available & # 39 directory and create a new virtual host file & # 39; nextcloud & # 39 ;.

  cd / etc / nginx / sites-available / 
vim nextcloud

Paste the following virtual host configuration for nextcloud.

  upstream php handler {
#server 127.0.0.1: 9000;
serverunix: /var/run/php/php7.4-fpm.sock;
}

server {
listen 80;
listen [::]: 80;
Server name cloud.hakase-labs.io;
# maintain https
return 301 https: // $ server_name: 443 $ request_uri;
}

server {
listen 443 ssl http2;
listen [::]: 443 ssl http2;
server name cloud.hakase-labs.io;

# Use Mozilla guidelines for SSL / TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/strong19459023] # NOTE: Some settings below may be redundant
ssl_certificate /etc/letsencrypt/live/cloud.hakase- labs.io/fullchain.pem; vud19459023] ssl_certificate_key /etc/letsencrypt/live/cloud.hakase-labs.io/privkey.pem;vud19659121] headings to serve security-related headings
# Before activating Strictly Transport Security headers, first read this
# topic.
#add_header Strict-Transport-Security "max-age = 15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add to the preload option after reading about the
# consequences in https://hstspreload.org/. This option
# will add the domain to a hard-coded list sent
# in all major browsers and removing from the list
# may take several months.
add_header Referrer policy "no-referrer" always;
always add_header X-Content-Type-Options "nosniff";
always add_header X-Download-Options "noopen";
always add_header X-Frame-Options "SAMEORIGIN";
add_header X-Allowed-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; position = block" always;

# Delete X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

# Path to the root of your installation
root / var / www / nextcloud;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

# The following two rules are only needed for the user_webfinger app.
# Complete it if you plan to use this app.
#rewrite ^ /. well known / host-meta /public.php?service=host-meta last;
#rewrite ^ /. well-known / host-meta.json /public.php?service=host- meta-json load;

# The following rule is only needed for the social app.
# Complete it if you plan to use this app.
#rewrite ^ /. well-known / webfinger /public.php?service=webfinger load;

location = /.well-known/carddav {
return 301 $ schema: // $ host: $ server_port / remote .php / dav;
}
location = /.well-known/caldav {
return 301 $ schema: // $ host: $ server_port / remote.php / dav;
} [19659121] # Set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_type application / atom + xml application / javascript application / json application / ld + json application / manifest + json application / rss + xml application / vnd.geo + json application / vnd.ms- fontobject-application / x-font-ttf application n / x-web-app manifest + json-application / xhtml + xml-application / xml font / open-type image / bmp image / svg + xml image / x-icon text / cache -manifest text / css text / plain text / vcard text /vnd.rim.location.xloc text / vtt text / x-component text / x-cross-domain-policy;

# Uncomment if your server is built with the ngx_pagespeed module
# This module is not currently supported.
#pagespeed off;

location / {
rewrite ^ /index.php; 3.819459023]}

location ~ ^ / (?: Build | test | config | lib | 3rd party | templates | data) / {
deny all;
}
location ~ ^ / (?: . | Autotest | occ | query | indie | db_ | console) {
deny all;
} [19659121] location ~ ^ / (?: Index | remote | public | cron | core / ajax / update | status | ocs / v [12] | updates /.+ | oc [ms] provider /. +) . php (?: $ | /) {
fastcgi_split_path_info ^ (. +? . php) ( /.* |) $;
set $ path_info $ fastcgi_path_info;
try_files $ fastcgi_script_name = 404;
includes fastcgi_params;
fastcgi_param SCRIPT_FILENAME $ document_root $ fastcgi_script_name;
fastcgi_param PATH_INFO $ path_info;
fastcgi_ Avoid sending HTTPS; ing the security headers two

location ~ ^ / (?: updater | oc [ms] provider) (?: $ | /) {
try_files $ uri / = 404;
index index.php;
}

# Adding the cache control head for js, css, and map files
# Make sure it is BELOW the PHP block
location ~ . (?: Css | js | woff2? | Svg | gif | map) $ {
try_files $ uri /index.php$request_uri; Greece add_header Cache-Control "public, max-age = 15778463";
# Add headings to serve security-related headings (It is intended that
# Have they been duplicated to the ones above)
# Before enabling String-Transport-Security headers, read in
# this topic first.
#add_header Strict-Transport-Security "max-age = 15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add to the preload option after reading about the
# consequences in https://hstspreload.org/. This option
# will add the domain to a hard-coded list sent
# in all major browsers and removing from the list
# may take several months.
add_header Referrer policy "no-referrer" always;
always add_header X-Content-Type-Options "nosniff";
always add_header X-Download-Options "noopen";
always add_header X-Frame-Options "SAMEORIGIN";
add_header X-Allowed-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; position = block" always;

# Optional: Do not log in to access
access_log off;
}

location ~ . (?: png | html | ttf | ico | jpg | jpeg | bcmap) $ {
try_files $ uri /index.php$request_uri; Greece # Optional: Do not log in to other assets
access_log off;
}
}

[19659020] Save and exit.

Activate the virtual host and test the configuration and make sure there are n o errors.

  ln-s / etc / nginx / sites-available / nextcloud / etc / nginx / sites-enabled / 
nginx -t

Now restart PHP7.4-FPM service and nginx service using of systemctl command below.

  systemctl restart nginx 
systemctl restart php7.4-fpm

Nginx virtual host configuration for nextcloud has been created.

 Setup Nginx virtual host for Nextcloud

Step 7 - Configure the UFW firewall

In this tutorial we will activate the firewall and we will use the UFW firewall for Ubuntu.

Add SSH, HTTP and HTTPS to the UFW firewall list with the command below.

  for svc in ssh http https 
do
ufw allow $ svc
done

Then activate the UFW firewall and check the allowed service and port.

  ufw enable 
ufw status numbered

And you get HTTP port 80 and HTTPS port 443 are on the list.

 Add SSH HTTP and HTTPS to the UFW firewall

Step 8 - Nextcloud post-installation

Open your web browser and enter the next audio address.

http://cloud.hakase-labs.io/

And you will be redirected to the secure HTTPS connection.

On the upper side, we must create the admin user for the next sound, enter the administrator's user password. In the "Database Folder" configuration, enter the complete path for the "data" directory /var/www/nextcloud/data'.ebrit19659018??Croll the page to the bottom and you will get the database configuration. Enter the database information we created in step 3 and then click on the "Finish installation" button.

 Install Nextcloud on Ubuntu 20.04

If you select the "Install recommended apps" option, you will see the following page.

 Installing Recommended Application Nextcloud

Nextcloud installs additional recommended applications for you.

And when the installation is complete, you get the Nextcloud Dashboard as below.

 Nextcloud Dashboard

The Nextcloud 18 installation with Nginx web server and MySQL database on Ubuntu 20.04 has been completed.

Reference


Source link