Installation
Here, Ubuntu 22.04 is running on an Oracle Cloud Instance.
Install nginx - web server
sudo apt install nginx
Enable, start and check status of nginx
sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl status nginx
Install MariaDB server
sudo apt install mariadb-server mariadb-client
Enable, start, restart and check status of mariaDB
sudo systemctl enable mariadb
sudo systemctl start mariadb
sudo systemctl restart mariadb
sudo systemctl status mariadb
To use PostgreSQL (faster) instead of MariaDB follow the step for DB creation as per below link
php8.3 is not available by default to Ubuntu, so we need to add Ondrej sury PPA into our system.
sudo add-apt-repository ppa:ondrej/php
sudo apt update
Install php8.3 and needed extension for Nextcloud
sudo apt install imagemagick php-imagick php8.3-imagick php8.3-common php8.3-mysql php8.3-fpm php8.3-gd php8.3-curl php8.3-zip php8.3-xml php8.3-mbstring php8.3-bz2 php8.3-intl php8.3-bcmath php8.3-gmp
In case using PostgreSQL DB we need addtional php extention, install the same as below
sudo apt install php8.3-pgsql
Enable and Start PHP FPM with the system
sudo systemctl enable php8.3-fpm
sudo systemctl start php8.3-fpm
sudo systemctl status php8.3-fpm
Securing and Setting up MariaDB database for Nextcloud installation
sudo mysql_secure_installation
Here, add a root user password to your MariaDB if needed, else proceed with Yes in all prompts (read carefully)
Enter SQL prompt, then create database and user for Nextcloud (replace password with your own password)
sudo mysql
create database nextcloud_db;
create user nextcloud@localhost identified by 'password';
grant all privileges on nextcloud_db.* to nextcloud@localhost identified by 'password';
flush privileges;
exit;
Download latest Nextcloud zip to /var/www/
wget https://download.nextcloud.com/server/releases/latest.zip
unzip to /var/www/
sudo unzip latest.zip
Provide authorization to web server user www-data over the nextcloud folder
chown -R www-data:www-data /var/www/nextcloud/
Now add nginx configuration files at /etc/nginx/sites-available/ by creating a new file with your domain or subdomain name, e.g. "nextcloud"
Most updated version of NGINX Config files is available Here
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/var/run/php/php8.3-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name cloud.example.com;
# Prevent nginx HTTP Server Detection
server_tokens off;
# enforce https
return 301 https://$server_name:443$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.example.com;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.example.com/privkey.pem;
# Prevent nginx HTTP Server Detection
server_tokens off;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/nextcloud;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 /remote.php/dav/;
}
location = /.well-known/caldav {
return 301 /remote.php/dav/;
}
location = /.well-known/webfinger {
return 301 $scheme://$host:$server_port/index.php/.well-known/webfinger;
}
location = /.well-known/nodeinfo {
return 301 $scheme://$host:$server_port/index.php/.well-known/nodeinfo;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
http2_body_preread_size 1048576;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
}
Then link the file to /etc/nginx/sites-enables
sudo ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/nextcloud
Test if nginx configuration is correct
sudo nginx -t
Your Nextcloud site should not be available at your domain "cloud.example.com" The installation will now continue on the web.
In the web interface, create a new user with password and then fill in the details of the database created earlier. Your Nextcloud installation is now complete.