Featured image of post Install Nextcloud with Apache2 on Debian 10

Install Nextcloud with Apache2 on Debian 10

You need the following: Have your own domain, have access to a Debian host with root privileges, get a cup of coffee/tea

Pre-requisites

  • Have your own domain and be able to configure DNS accordingly
  • Have access to a Debian host with root privileges

Installing dependencies

Make sure to not miss this step:

apt update
apt install apache2 libapache2-mod-php php php-gd php-curl php-zip php-dom php-xml php-simplexml php-mbstring php-apcu php-mysql php-intl php-bcmath php-gmp php-imagick unzip mariadb-server certbot

Configure database

mysql -u root -p

CREATE DATABASE your_database;
GRANT ALL ON your_database.* TO 'your_user'@'localhost' IDENTIFIED BY 'your_password';
FLUSH PRIVILEGES;

Download and set up Nextcloud

Run the following commands:

cd /tmp
wget https://download.nextcloud.com/server/releases/latest.zip
unzip latest.zip
mv nextcloud/* /var/www/html/
mv nextcloud/.* /var/www/html/
rmdir nextcloud
chown -R www-data. /var/www/html/

Edit /var/www/html/config/config.php file and:

  1. Declare your public access domain:
'trusted_domains' =>
  array (
    0 => 'your.domain.tld',
  ),
  1. Disable new user registration:
'simpleSignUpLink.shown' => false,
  1. Configure APCu as cache memory system:
'memcache.local' => '\\OC\\Memcache\\APCu',

Set up Apache2

  1. Make it run at startup:
systemctl enable --now apache2
  1. Enable HTTPS traffic:
a2enmod ssl
  1. Issue a new Let’s Encrypt SSL certificate:
certbot certonly -d your.domain.tld
  1. Set up Apache virtual host:
a2ensite your.domain.tld

Here’s a /etc/apache2/sites-available/your.domain.tld.conf file sample:

<VirtualHost *:80>
  ServerName your.domain.tld
  Redirect permanent "/" "https://your.domain.tld/"
</VirtualHost>

<VirtualHost *:443>
  ServerName your.domain.tld

  # Example SSL certificate path for Let's Encrypt
  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/your.domain.tld/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/your.domain.tld/privkey.pem

  DocumentRoot /var/www/html

  CustomLog /var/log/apache2/your.domain.tld-access.log combined
  ErrorLog /var/log/apache2/your.domain.tld-error.log
</VirtualHost>

Apply changes by running:

apachectl configtest
systemctl reload apache2

At this point you should be able to open https://your.domain.tld at any web browser and follow the web installation wizard.

Fix security warnings on a fresh installation

  1. Add HSTS header

Edit /etc/apache2/sites-available/your_vhost.conf and within HTTPS VirtualHost block add:

Header always set Strict-Transport-Security: "max-age=63072000; includeSubDomains; preload"
  1. Increase default PHP memory_limit value

Edit /etc/php/7.3/apache2/php.ini and set:

memory_limit = 512M # At least
  1. Disable PHP output_buffering

Edit /etc/php/7.3/apache2/php.ini and set:

output_buffering = off
  1. Fix missing database indices

Run these commands:

chmod +x /var/www/html/occ
sudo -u www-data /usr/bin/php /var/www/html/occ db:add-missing-indices
  1. Fix webdav URLs

Edit /etc/apache2/sites-available/your_vhost.conf and within the HTTPS VirtualHost add:

RewriteEngine On
RewriteRule ^/\.well-known/carddav https://your.domain.tld/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://your.domain.tld/remote.php/dav/ [R=301,L]

Apply all these last changes by running:

systemctl restart apache2
© 2019 - 2024 Vectops
Built with Hugo