Install & Configure NextCloud on Ubuntu Server

Nextcloud, a fork of ownCloud, is a free and open-source suite of client-server software that serves as a great privacy-respecting replacement for Google Workspace or Office 365. It has all the features of a traditional cloud service providers including Collabora Online, OnlyOffice, calendar, contacts, RSS …

Nextcloud, a fork of ownCloud, is a free and open-source suite of client-server software that serves as a great privacy-respecting replacement for Google Workspace or Office 365.

It has all the features of a traditional cloud service providers including Collabora Online, OnlyOffice, calendar, contacts, RSS feed reader, etc. with the added benefit of being completely open source that puts you in control of your personal data.

Nextcloud is a full-on self-hosted productivity platform, designed with compliance in mind, providing extensive data policy enforcement, encryption, user management and auditing capabilities, it keeps you in control of your data, eliminating the need for a third-party cloud hosting service.

Nextcloud is used by the German Federal Administration, French Ministry of Interior, Seimens, and many other educational institutions, healthcare providers, as well as government agencies around the world.

You can try Nextcloud for free, or sign up for a free, limited Nextcloud account via one of the hosting providers. Nextcloud also provides an Enterprise edition in partnership with IONOS, as well as home server devices, in partnership with maufacurers like HanssonIT, Syncloud, etc.

This tutorial will be covering installation and configuration of a Nextcloud instance on your own Ubuntu Server.

I’ve used Microsoft Azure as an example, the steps will be the same for any other cloud provider be it DigitalOcean, Linode, AWS, etc.

Creating a Virtual Machine

This is the first step, and it will vary from cloud provider to provider, all you need to do it to create a virtual machine instance.

A basic VM with 1vCPU and 1 GiB RAM running Ubuntu 20.04 would suffice for most use cases, additional storage can be easily added using Object Storage.

Pick a server location that’s closest to you for low latency, or you could choose a different geographical location for compliance or privacy reasons, or you could just host it on your own local machine.

Updating the DNS Entry

Note down the IP address of the virtual machine, and go to your domain registrar and add an A record with the IP address of the VM.

We will be securing connections to our Nextcloud installation via TLS/SSL. Nextcloud can set up and manage a free, trusted SSL certificate from Let’s Encrypt if our server has a domain name.

You could skip this step, if you don’t have a domain name yet, Nextcloud can set up a self-signed SSL certificate that can encrypt connections, but it won’t be trusted by default in web browsers, and you’ll get a warning message.

Configuring the Virtual Machine

Now, you can go ahead and start configuring the virtual machine.

Step 1: SSH into the Virtual Machine

Open the terminal on your device, and run this command:

ssh root@1.2.3.4

Use the username you selected when creating the virtual machine instead of root (if applicable), and replace the 1.2.3.4 with the IP address of your VM.

You’ll be prompted with “The authenticity of host…”, just type yes, and then enter your password.

Step 2: Prerequisites

Before you go ahead and install something or start configuring your VM, here are a few things, I recommend you to perform:

# Update packages
sudo apt update && apt upgrade

# Configure automatic updates
sudo dpkg-reconfigure --priority=low unattended-upgrades

# Test automatic updates
sudo unattended-upgrades --dry-run --debug

With all of that out of the way, let’s get into the good stuff.

Step 3: Creating a “sudo” user

If your cloud provider didn’t ask you to choose a username for your VM while creating it, you are given root access to your server.

It is recommended to not use the “root” user, which has unlimited privileges and can execute any command, even ones that could accidentally disrupt your server.

That’s why it’s recommended to use a limited user on a server, and temporarily elevating your limited user’s privileges using sudo for day-to-day administration tasks.

Most of the cloud providers, like Azure, don’t provide root access, instead gives you the option to create sudo user, anyway, here’s how you can create a sudo user and lock down the root user:

# Create a New user
adduser username

# Add user to the "sudo" group
usermod -aG sudo username

# Check user's group
groups username

# Switching users
su - username
su - root

Now that you have created and a limited user and added it to the sudo group, let’s lock down the root user, to prevent ssh access via root:

# Disable root login (password & key) via SSH
sudo nano /etc/ssh/sshd_config
PermitRootLogin no

# Allow user login (password & key) via SSH
sudo nano /etc/ssh/sshd_config
AllowUsers username

# Disable password-based login via SSH for all users [optional]
sudo nano /etc/ssh/sshd_config
PasswordAuthentication no

Open up the sshd_config and scroll down to the PermitRootLogin option, and replace yes with no, additionally, add AllowUsers username, and then save it by Ctrl+O and exit by Ctrl+X as shown below:

Disable Root Login via SSH

Step 4: Configuring SSH Keys

Using SSH keys instead of passwords provides you with better security, as SSH keys are long and complex, far more than any password could be.

It is generally recommended to use SSH keys over passwords, but, it is totally optional, though, I recommend you use SSH keys instead of passwords, here’s how to do just that:

First, you need to create SSH key pair, to do that open a new terminal window and follow these commands:

# Create SSH keys
ssh-keygen

You’ll be asked to enter the file name for your SSH key, additionally, you can also choose a password for your SSH key.

You can check your SSH keys by using this command:

# Check SSH keys
ls -l ~/.ssh

There’ll be two keys, public and private, the one with “.pub” extension is your public key, never share the other one as that’s the private key.

Now, you need to add the public SSH key to your server, here’s how you can do just that:

# Copy Public key to the server
ssh-copy-id -i ~/.ssh/yourkeyname.pub username@1.2.3.4

Once that’s done, you can log in to your server via SSH by just switching to the SSH key on your device using this command:

# Switch SSH keys on your device
ssh-add yourkeyname

# Log in to server using SSH keys
ssh ssh username@1.2.3.4

Now, your server is ready to install Nextcloud, let’s get into it.

Step 5: Installing Nextcloud

We’ll be using the Nextcloud Snap package to install Nextcloud on our server. Snap packaging system comes preinstalled with Ubuntu, that allows organizations to ship software, along with all associated dependencies and configuration, in a self-contained unit with automatic updates.

These Snap packages makes it much easier to install Nextcloud, without doing much configuration of web and database server, we’ll just install the Snap package which will handle all the underlying system for us.

Run the following command to download and install the Nextcloud snap package:

sudo snap install nextcloud

This will download and install Nextcloud on your Ubuntu server, and you’ll be greeted with something like this:

nextcloud 22.1.1snap1 from Nextcloud✓ installed

You can also check if the installation process was successful or not by listing the changes associated with the snap:

snap changes nextcloud
# Output
ID   Status  Spawn               Ready               Summary
3    Done    today at 06:40 UTC  today at 06:41 UTC  Install "nextcloud" snap

We can view additional information about the Nextcloud Snap using the following commands:

# Basic description, management commands, and installed version
snap info nextcloud

# Network connections made by the snap
snap connections nextcloud

# All of the specific services and apps that this snap provides
cat /snap/nextcloud/current/meta/snap.yaml

This concludes the installation of Nextcloud, let’s get into configuring an admin account.

Step 6: Configuring the Administrator Account

We can configure the admin account for our Nextcloud instance via the web interface by going to the IP address of our virtual machine or by visiting the URL:

Configure Nextcloud Administrator Account

Alternatively, we can create an admin account using the following command:

sudo nextcloud.manual-install username password
# Output
Nextcloud was successfully installed

Now, we have a fully functional Nextcloud instance with an Administrative account setup, up next, we’ll need to configure “Trusted Domains”

Step 7: Configuring Trusted Domains

By default, Nextcloud restricts the Nextcloud instance is restricted to respond to only the “localhost” hostname, and since we’ll need to access Nextcloud via our domain name and IP address, so we need to whitelist them in the config.php file, under the trusted_domains setting.

You can view the current settings using the following command:

sudo nextcloud.occ config:system:get trusted_domains
# Output
localhost

To add the domain name of your choice, use the following command:

sudo nextcloud.occ config:system:set trusted_domains 1 --value=example.com
# Output
System config value trusted_domains => 1 set to string example.com

You can add additional domains or even the IP address of the VM using the same config:system:set command, just increment the index number:

 sudo nextcloud.occ config:system:set trusted_domains 2 --value=1.2.3.4

Now, we just need to secure our connection to Nextcloud via an SSL certificate.

Step 8: Securing the Nextcloud Web Interface with SSL

We’ll be using a free SSL certificate from Let’s Encrypt, the Nextcloud snap has a built-in functionality to do just that.

To configure a free SSL certificate from Let’s Encrypt, use the following command:

sudo nextcloud.enable-https lets-encrypt

You’ll be prompted with something like this:

In order for Let's Encrypt to verify that you actually own the
domain(s) for which you're requesting a certificate, there are a
number of requirements of which you need to be aware:

1. In order to register with the Let's Encrypt ACME server, you must
   agree to the currently-in-effect Subscriber Agreement located
   here:

       https://letsencrypt.org/repository/

   By continuing to use this tool you agree to these terms. Please
   cancel now if otherwise.

2. You must have the domain name(s) for which you want certificates
   pointing at the external IP address of this machine.

3. Both ports 80 and 443 on the external IP address of this machine
   must point to this machine (e.g. port forwarding might need to be
   setup on your router).

Have you met these requirements? (y/n)

Type in y to continue.

You’ll be prompted next to enter an email address for urgent notices and key recovery:

Please enter an email address (for urgent notices or key recovery):

Type in your email address and press Enter to continue.

Next, you’ll need to enter the domain name associated with the Nextcoloud server:

Please enter your domain name(s) (space-separated): example.com
# Output
Attempting to obtain certificates... done
Restarting apache... done

And, that’s it now you can go ahead and access your very own personal Nextcloud by going to the domain name (https://example.com) in your browser.

Setting Up SSL with Self-Signed Certificate (Optional)

Alternatively, if you went the no domain name route, you can set up SSL with a Self-Signed Certificate,

A self-signed certificatre will secure the web interface by providign access via an encrypted connection, but won’t be able to verify the identity of the server, so the web browsers will be display a warning message.

Alright, here’s how we can set up a self-signed SSL certificate:

sudo nextcloud.enable-https self-signed
# Output
Generating key and self-signed certificate... done
Restarting apache... done

With all of that out of the way, you now have a fully functional Nextcloud instance that you can access over an encrypted connection.

Accessing Nextcloud Across Devices

You can now access your Nextcloud instance across all of your devices on your web browsers via the web interface using the domain name or the IP address.

Nextcloud also has free and open source apps for Windows, macOS, Linux as well as Android and iOS.

Nextcloud Conclusion

All in all, Nextcloud is an amazing piece of software that allows anyone to have their own personal cloud, and regain control over their personal data.

You should check out the Nextcloud App Store to learn about all the cool apps and extensions you can add to your Nextcloud instance.

Leave a Comment