⇨ Update January 2018: Updated for nextcloud 13 ⇦
In this tutorial I describe how to install nextCloud (the modern successor of Owncloud) on a fresh Debian Stretch (Debian 9) or Debian Jessie (Debian 8). I use nginx as web server, MySQL and php7. Why nginx and php7? These software packages are designed for high performance and are actively maintained by the developers. In addition, we secure our web server with a free SSL certificate from Lets Encrypt and configure nginx so that it only uses current security settings and also activate HTTP/2. This gives us a modern, secure and fast setup that is perfectly suited for nextCloud.
These instructions can also be used for a Raspberry Pi.
Requirements
As a basis, I assume a freshly installed Debian 8 Jessie, to which the domain you want to use already points.
Basic work
When I start a new server, the first thing I do is to create a nice prompt, which makes working more fun. I have already described this here. If you don't want to do this, you can simply skip this step.
Next I will make sure that the system is up to date.
apt-get update && apt-get upgrade && apt-get dist-upgrade
Depending on which text editor you want to work with, it must now be installed, in my case this is vim:
apt-get install vim-nox
Now we set up the package sources. Under Debian, it is best to use dotdeb.org, as all the required packages are available there in an up-to-date version. The integration of these is described here, but can also be summarised very briefly like this:
The following two lines must be added to the /etc/apt/sources.list file:
deb http://packages.dotdeb.org jessie all
deb-src http://packages.dotdeb.org jessie all
After that, the key of the new package source must be imported into our system. We can load the key with
wget https://www.dotdeb.org/dotdeb.gpg
And play in with
apt-key add dotdeb.gpg
Lets Encrypt
Now we take care of the free SSL certificate. This is easiest to apply for with **certbot**, but we have to activate the backports in our package sources. To do this, we need to add the following line to the /etc/apt/sources.list file:
deb http://ftp.debian.org/debian jessie-backports main
Now we need to re-read the package sources
apt-get update
And then certbot can be installed
apt-get install certbot -t jessie-backports
For the next step, it is absolutely necessary that a domain already points to the server. Because now we apply for the SSL certificate from Let's Encrypt:
certbot certonly
This command guides you through the certificate application process. A mail address and the corresponding domain must be entered. If everything has worked, certbot exits with a success message.
PHP7
PHP7 can be installed quite quickly. To do this, we simply execute the following command:
apt-get install php7.0-fpm php7.0-gd php7.0-mysql php7.0-curl php7.0-xml php7.0-zip php7.0-intl php7.0-mcrypt php7.0-mbstring php7.0-bz2
This will install php7 with all the necessary extensions.
NGINX
The installation of nginx is initiated with the following command:
apt-get install nginx
Next, we need to configure nginx. It is important to us that our web server only uses the latest security algorithms, so we need to create a Diffie-Hellman key beforehand:
mkdir -p /etc/ssl/private
chmod 710 /etc/ssl/private
cd /etc/ssl/private
openssl dhparam -out dhparams.pem 2048
chmod 600 dhparams.pem
Now for the actual configuration of nginx. To do this, we open the following file and replace the content completely: /etc/nginx/sites-enabled/default
The new file content: Link (where "your.cloud" must be replaced by your domain)
Once the file has been adapted accordingly, nginx can be restarted:
/etc/init.d/nginx restart
Under your domain, nextcloud should now already be accessible. However, we still need to install MySQL first, as we need a database for nextcloud.
MYSQL
MySQL is installed with the following command. During the installation you will be asked for the root password which you should remember!
apt-get install mysql-server mysql-client
Next we secure the MySQL installation
mysql_secure_installation
Now we need our own database user and database for our Nextcloud installation.
To do this, we log in as root with the password assigned during installation:
mysql -u root -p
To create our own database called "nextclouddb" we use the following command
create database nextclouddb;
Then we create a user that we call "nextclouduser". Important! We have to replace "password" with a new password.
create user 'nextclouduser'@'localhost' identified by 'password';
Finally, the user just created needs permissions to the database just created. Here, too, we need to replace the password.
grant all on nextclouddb.* to 'nextclouduser' identified by 'password';
Now we have set up the database and can close the MySQL client.
exit
Now the actual Nextcloud installation
We are almost finished. All that remains is to install nextcloud. To do this, we download the current version of Nextcloud into our web server directory.
wget https://download.nextcloud.com/server/releases/nextcloud-13.0.0.zip
unzip nextcloud-13.0.0-zip
Copy the files into the web directory and we can start the installation in the web browser.
I had already asked in the "old" (?) blog: has the rest of the article been lost or is it still in progress?
I am actually very interested in this implementation (nginx/php7).
Have fun and success furthermore!
Thomas
You are right, some things got lost here. I will add to it in the coming days - sorry.
For the Raspberry Pi, the source for PHP7 must be entered in the sources list.
deb http://mirrordirector.raspbian.org/raspbian/ stretch main contrib non-free rpi
-Kevin
Thanks for the update!
But is it really complete now? What happens after the MySQL setup, "only" nextcloud (I could probably manage that on my own)?
Thanks for the detailed tutorial; I'm just working my way through it. Is there a detailed explanation of the Nginx configuration you linked to? I'm still a complete newbie in this area, some parts are self-explanatory, others I don't understand at all.
That is a good suggestion. I will add comments to the file to explain the individual lines.
Hi, I just completely rebuilt Deb-8.7 and started with the tutorial here without doing anything else. I noticed 1-2 things...
First nginx has to be installed and then the webroot has to be adjusted correctly.
After that 'certbot certonly' can be executed, because without nginx it doesn't get a connection.
And only then can /etc/nginx/sites-enabled/default be replaced with the file specified in the link...
So... Now, after the tutorial, I still have the problem that as soon as I go to my domain with a browser, "File not found." is displayed (no matter which path) and the Error.log says the following:
FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: xx.xx.xx.xx, server: , request: "GET /nextcloud/ HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "my.domain"
(IP and host replaced)
Hello,
When applying for SSL, I assumed the standalone mode of Certbot, i.e. no web server is needed, Certbot temporarily creates it itself. Therefore it is not necessary to configure or use nginx for this.
The nginx configuration I have provided assumes that nextcloud will be installed directly under /var/www/.
Oh... Thanks for the answer...
I thought the Certbot web server was always running and not just temporarily for creating...
Well then that makes sense in this order of course.
MFG
i also have the problem with "file not found" and can't figure out what the problem is. does anyone have any ideas?
Please check in the file /etc/nginx/sites-enabled/default which path is behind "root". The index.php (and all other files) of nextcloud must be located under this path.