Nextcloud, a fork of ownCloud, is a free and open-source suite of client-server software that serves as a great privacy-respecting replacement for Google Workspace or Office 365.
It has all the features of a traditional cloud service providers including Collabora Online, OnlyOffice, calendar, contacts, RSS feed reader, etc. with the added benefit of being completely open source that puts you in control of your personal data.
Nextcloud is a full-on self-hosted productivity platform, designed with compliance in mind, providing extensive data policy enforcement, encryption, user management and auditing capabilities, it keeps you in control of your data, eliminating the need for a third-party cloud hosting service.
Nextcloud is used by the German Federal Administration, French Ministry of Interior, Seimens, and many other educational institutions, healthcare providers, as well as government agencies around the world.
You can try Nextcloud for free, or sign up for a free, limited Nextcloud account via one of the hosting providers. Nextcloud also provides an Enterprise edition in partnership with IONOS, as well as home server devices, in partnership with maufacurers like HanssonIT, Syncloud, etc.
This tutorial will be covering installation and configuration of a Nextcloud instance on your own Ubuntu Server.
I’ve used Microsoft Azure as an example, the steps will be the same for any other cloud provider be it DigitalOcean, Linode, AWS, etc.
Creating a Virtual Machine
This is the first step, and it will vary from cloud provider to provider, all you need to do it to create a virtual machine instance.
A basic VM with 1vCPU and 1 GiB RAM running Ubuntu 20.04 would suffice for most use cases, additional storage can be easily added using Object Storage.
Pick a server location that’s closest to you for low latency, or you could choose a different geographical location for compliance or privacy reasons, or you could just host it on your own local machine.
Updating the DNS Entry
Note down the IP address of the virtual machine, and go to your domain registrar and add an A record with the IP address of the VM.
We will be securing connections to our Nextcloud installation via TLS/SSL. Nextcloud can set up and manage a free, trusted SSL certificate from Let’s Encrypt if our server has a domain name.
You could skip this step, if you don’t have a domain name yet, Nextcloud can set up a self-signed SSL certificate that can encrypt connections, but it won’t be trusted by default in web browsers, and you’ll get a warning message.
Configuring the Virtual Machine
Now, you can go ahead and start configuring the virtual machine.
Step 1: SSH into the Virtual Machine
Open the terminal on your device, and run this command:
Use the username you selected when creating the virtual machine instead of root (if applicable), and replace the 184.108.40.206 with the IP address of your VM.
You’ll be prompted with “The authenticity of host…”, just type yes, and then enter your password.
Step 2: Prerequisites
Before you go ahead and install something or start configuring your VM, here are a few things, I recommend you to perform:
# Update packages sudo apt update && apt upgrade # Configure automatic updates sudo dpkg-reconfigure --priority=low unattended-upgrades # Test automatic updates sudo unattended-upgrades --dry-run --debug
With all of that out of the way, let’s get into the good stuff.
Step 3: Creating a “sudo” user
If your cloud provider didn’t ask you to choose a username for your VM while creating it, you are given root access to your server.
It is recommended to not use the “root” user, which has unlimited privileges and can execute any command, even ones that could accidentally disrupt your server.
That’s why it’s recommended to use a limited user on a server, and temporarily elevating your limited user’s privileges using sudo for day-to-day administration tasks.
Most of the cloud providers, like Azure, don’t provide root access, instead gives you the option to create sudo user, anyway, here’s how you can create a sudo user and lock down the root user:
# Create a New user adduser username # Add user to the "sudo" group usermod -aG sudo username # Check user's group groups username # Switching users su - username su - root
Now that you have created and a limited user and added it to the sudo group, let’s lock down the root user, to prevent ssh access via root:
# Disable root login (password & key) via SSH sudo nano /etc/ssh/sshd_config PermitRootLogin no # Allow user login (password & key) via SSH sudo nano /etc/ssh/sshd_config AllowUsers username # Disable password-based login via SSH for all users [optional] sudo nano /etc/ssh/sshd_config PasswordAuthentication no
Open up the sshd_config and scroll down to the PermitRootLogin option, and replace yes with no, additionally, add AllowUsers username, and then save it by Ctrl+O and exit by Ctrl+X as shown below:
Step 4: Configuring SSH Keys
Using SSH keys instead of passwords provides you with better security, as SSH keys are long and complex, far more than any password could be.
It is generally recommended to use SSH keys over passwords, but, it is totally optional, though, I recommend you use SSH keys instead of passwords, here’s how to do just that:
First, you need to create SSH key pair, to do that open a new terminal window and follow these commands:
# Create SSH keys ssh-keygen
You’ll be asked to enter the file name for your SSH key, additionally, you can also choose a password for your SSH key.
You can check your SSH keys by using this command:
# Check SSH keys ls -l ~/.ssh
There’ll be two keys, public and private, the one with “.pub” extension is your public key, never share the other one as that’s the private key.
Now, you need to add the public SSH key to your server, here’s how you can do just that:
# Copy Public key to the server ssh-copy-id -i ~/.ssh/yourkeyname.pub email@example.com
Once that’s done, you can log in to your server via SSH by just switching to the SSH key on your device using this command:
# Switch SSH keys on your device ssh-add yourkeyname # Log in to server using SSH keys ssh ssh firstname.lastname@example.org
Now, your server is ready to install Nextcloud, let’s get into it.
Step 5: Installing Nextcloud
We’ll be using the Nextcloud Snap package to install Nextcloud on our server. Snap packaging system comes preinstalled with Ubuntu, that allows organizations to ship software, along with all associated dependencies and configuration, in a self-contained unit with automatic updates.
These Snap packages makes it much easier to install Nextcloud, without doing much configuration of web and database server, we’ll just install the Snap package which will handle all the underlying system for us.
Run the following command to download and install the Nextcloud snap package:
sudo snap install nextcloud
This will download and install Nextcloud on your Ubuntu server, and you’ll be greeted with something like this:
nextcloud 22.1.1snap1 from Nextcloud✓ installed
You can also check if the installation process was successful or not by listing the changes associated with the snap:
snap changes nextcloud
# Output ID Status Spawn Ready Summary 3 Done today at 06:40 UTC today at 06:41 UTC Install "nextcloud" snap
We can view additional information about the Nextcloud Snap using the following commands:
# Basic description, management commands, and installed version snap info nextcloud # Network connections made by the snap snap connections nextcloud # All of the specific services and apps that this snap provides cat /snap/nextcloud/current/meta/snap.yaml
This concludes the installation of Nextcloud, let’s get into configuring an admin account.
Step 6: Configuring the Administrator Account
We can configure the admin account for our Nextcloud instance via the web interface by going to the IP address of our virtual machine or by visiting the URL:
Alternatively, we can create an admin account using the following command:
sudo nextcloud.manual-install username password
# Output Nextcloud was successfully installed
Now, we have a fully functional Nextcloud instance with an Administrative account setup, up next, we’ll need to configure “Trusted Domains”
Step 7: Configuring Trusted Domains
By default, Nextcloud restricts the Nextcloud instance is restricted to respond to only the “localhost” hostname, and since we’ll need to access Nextcloud via our domain name and IP address, so we need to whitelist them in the
config.php file, under the
You can view the current settings using the following command:
sudo nextcloud.occ config:system:get trusted_domains
# Output localhost
To add the domain name of your choice, use the following command:
sudo nextcloud.occ config:system:set trusted_domains 1 --value=example.com
# Output System config value trusted_domains => 1 set to string example.com
You can add additional domains or even the IP address of the VM using the same
config:system:set command, just increment the index number:
sudo nextcloud.occ config:system:set trusted_domains 2 --value=220.127.116.11
Now, we just need to secure our connection to Nextcloud via an SSL certificate.
Step 8: Securing the Nextcloud Web Interface with SSL
We’ll be using a free SSL certificate from Let’s Encrypt, the Nextcloud snap has a built-in functionality to do just that.
To configure a free SSL certificate from Let’s Encrypt, use the following command:
sudo nextcloud.enable-https lets-encrypt
You’ll be prompted with something like this:
In order for Let's Encrypt to verify that you actually own the domain(s) for which you're requesting a certificate, there are a number of requirements of which you need to be aware: 1. In order to register with the Let's Encrypt ACME server, you must agree to the currently-in-effect Subscriber Agreement located here: https://letsencrypt.org/repository/ By continuing to use this tool you agree to these terms. Please cancel now if otherwise. 2. You must have the domain name(s) for which you want certificates pointing at the external IP address of this machine. 3. Both ports 80 and 443 on the external IP address of this machine must point to this machine (e.g. port forwarding might need to be setup on your router). Have you met these requirements? (y/n)
y to continue.
You’ll be prompted next to enter an email address for urgent notices and key recovery:
Please enter an email address (for urgent notices or key recovery):
Type in your email address and press
Enter to continue.
Next, you’ll need to enter the domain name associated with the Nextcoloud server:
Please enter your domain name(s) (space-separated): example.com
# Output Attempting to obtain certificates... done Restarting apache... done
And, that’s it now you can go ahead and access your very own personal Nextcloud by going to the domain name (
https://example.com) in your browser.
Setting Up SSL with Self-Signed Certificate (Optional)
Alternatively, if you went the no domain name route, you can set up SSL with a Self-Signed Certificate,
A self-signed certificatre will secure the web interface by providign access via an encrypted connection, but won’t be able to verify the identity of the server, so the web browsers will be display a warning message.
Alright, here’s how we can set up a self-signed SSL certificate:
sudo nextcloud.enable-https self-signed
# Output Generating key and self-signed certificate... done Restarting apache... done
With all of that out of the way, you now have a fully functional Nextcloud instance that you can access over an encrypted connection.
Accessing Nextcloud Across Devices
You can now access your Nextcloud instance across all of your devices on your web browsers via the web interface using the domain name or the IP address.
Nextcloud also has free and open source apps for Windows, macOS, Linux as well as Android and iOS.
All in all, Nextcloud is an amazing piece of software that allows anyone to have their own personal cloud, and regain control over their personal data.
You should check out the Nextcloud App Store to learn about all the cool apps and extensions you can add to your Nextcloud instance.