Setting up Nextcloud Server on Arch Linux with Nginx, MariaDB and PHP7

In this tutorial, I will show you how to set up your own Nextcloud server on Arch Linux with Nginx, MariaDB and PHP7.

This tutorial assumes that you have already installed a LEMP stack (Linux, Nginx, MariaDB/MySQL, PHP) on Arch Linux. If you haven’t already done so, please check out the below easy-to-follow guide.

After you install LEMP stack, come back here and follow the instructions below. If you have an Arch Linux server, then ssh into it. You can also use your local Arch Linux computer.

Step 1: Install Nextcloud 13 Server on Arch Linux

Download the NextCloud zip archive onto your server. The latest version is NextCloud 13. You may need to change the version number. Go to https://nextcloud.com/install and click the download button to check out the latest version. You can download the zip archive with wget in the terminal.

sudo pacman -S wget

wget https://download.nextcloud.com/server/releases/nextcloud-13.0.0.zip

Install unzip and extract it to the document root of Nginx web server. (/usr/share/nginx/).

sudo pacman -S unzip

sudo unzip nextcloud-13.0.0.zip -d /usr/share/nginx/

Then let Nginx user (http) be the owner of the nextcloud directory.

sudo chown http:http /usr/share/nginx/nextcloud/ -R

Step 2: Create a Database and User in MariaDB

Log into MariaDB database server with the following command:

mysql -u root -p

Then create a database for Nextcloud. This tutorial name the database nextcloud. You can use whatever name you like.

create database nextcloud;

Create the database user. Again, you can use your preferred name for this user. Replace your-password with your preferred password.

create user nextclouduser@localhost identified by 'your-password';

Grant this user all privileges on the nextcloud database.

grant all privileges on nextcloud.* to nextclouduser@localhost identified by 'your-password';

Flush the privileges table and exit.

flush privileges;

exit;

Step 3: Enable Binary Logging in MariaDB

Edit the main MariaDB config file.

sudo nano /etc/mysql/my.cnf

Add the following two lines in [mysqld] section. You may find that these two lines are already there (line 54 and 57) because the MariaDB package of Arch Linux enables binary logging by default. If you cannot find them, then manually add them to the [mysqld] section of my.cnf file.

log-bin        = mysql-bin
binlog_format  = mixed

The format of binary log must be set to mixed. Save and close the file. Then restart MariaDB service.

sudo systemctl restart mysqld

Step 4: Create an Nginx Config File for Nextcloud

First, create a conf.d directory for individual Nginx config files.

sudo mkdir /etc/nginx/conf.d

Then create a config file for Nextcloud.

sudo nano /etc/nginx/conf.d/nextcloud.conf

Put the following text into the file.

server {
    listen 80;
    server_name nextcloud.your-domain.com;

    # Add headers to serve security related headers
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    # Path to the root of your installation
    root /usr/share/nginx/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
       return 301 $scheme://$host/remote.php/dav;
    }

    location ~ /.well-known/acme-challenge {
      allow all;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
       rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
       deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
       deny all;
     }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
       include fastcgi_params;
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       #Avoid sending the security headers twice
       fastcgi_param modHeadersAvailable true;
       fastcgi_param front_controller_active true;
       fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
       fastcgi_intercept_errors on;
       fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
       try_files $uri/ =404;
       index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)        
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
   }

   location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
   }
}

Replace the red-colored text with your actual data. If you are setting up Nextcloud on your home computer, then enter your private IP address for the server name, like:

server_name 192.168.1.105

Next, edit /etc/nginx/nginx.conf file

sudo nano /etc/nginx/nginx.conf

Add the following line in the http section so that individual Nginx config files will be loaded.

include /etc/nginx/conf.d/*.conf;

Like this:

http {
   include /etc/nginx/conf.d/*.conf;

   include mime.types;
   default_type application/octet-stream;

.....

Save and close the file. Then test Nginx configurations.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Step 5: Install and Enable PHP Modules

Nextcloud requires mysql and gd modules to be enabled in order to work properly. mysql module is already installed in the previous LEMP tutorial. Now install gd module with the following command:

sudo pacman -S php-gd

Then edit php.ini file.

sudo nano /etc/php/php.ini

Find the following 3 lines. Remove the semicolons to enable these 3 modules.

;extension=gd         (line 899)

;extension=mysqli     (line 887)

;extension=pdo_mysql  (line 891)

Save and close the file. Then reload php-fpm process for the changes to take effect.

sudo systemctl reload php-fpm

the Nextcloud Web Installer

Now in your browser address bar, type

nextcloud.your-domain.com

to access the Nextcloud web installer. If you are installing on a local Arch Linux computer, type your private IP address such as 192.168.1.105. You will see the following.

arch-linux-nextcloud

You need to create an administrative account and connect NextCloud service with MariaDB database. Enter the database username, password and database name you created earlier. Once it’s done, your Nextcloud server is ready to rock.

nextcloud-server-on-arch-linux

If you are using a remote Arch Linux server, I recommend installing a SSL/TLS certificate before you finish the installation in the web browser to prevent malicious sniffing.

Get A Free SSL Certificate from Let’s Encrypt

This step is necessary on a remote server because you want to make sure your Nextcloud username and password are not sniffed by malicious people. Skip this step if you are setting up Nextcloud on your home computer.

First we need to install the certbot client and Nginx plugin which is available in Arch Linux community repository.

sudo pacman -S certbot certbot-nginx

Then use the Nginx plugin to obtain and install a certificate for Nginx Web server like below.

sudo certbot --nginx --agree-tos --redirect --staple-ocsp --email your-email-address -d nextcloud.your-domain.com

I assume you are using a domain name like nextcloud.your-domain.com to access the ownCloud web interface. You also need to point your domain name to your server IP in DNS before running the above command.

Once the certificate is obtained and installed, reload Nginx.

sudo systemctl reload nginx

Auto-Renew TLS Certificate

It’s advisable to auto-renew Let’s Encrypt TLS certificate. We can achieve that with cron job. First install cronie on Arch Linux.

sudo pacman -S cronie

Start the cron daemon.

sudo systemctl start cronie

Enable auto start at system boot time.

sudo systemctl enable cronie

Then edit the crontab file of root user.

sudo crontab -e

Put the following line into the file which will try to renew your cert once per day.

@daily certbot renew --quiet

Save and close the file.

Configure OPcache to Improve Performance

OPcache can improve performance of PHP applications by caching precompiled bytecode. By default, OPcache isn’t enabled on Arch Linux. To enable it, open the php.ini file.

sudo nano /etc/php/php.ini

Find the following line.

;zend_extension=opcache

Remove the semicolon so that the OPcache extension (aka module) can be enabled. Save and close the file. Then reload PHP-FPM.

sudo systemctl reload php-fpm

Now you can check enabled modules with the following command.

php -m

Be default, all opcache settings in php.ini file is commented out. For best performance, it’s recommended to use the following settings.

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

After making these changes. Save and close the file. And reload PHP-FPM

sudo systemctl reload php-fpm

Congrats! You have successfully set up NextCloud personal cloud storage on Arch Linux with Nginx, MariaDB and PHP7. As always, if you found this post useful, then please subscribe to our free newsletter or follow us on Google+Twitter or like our Facebook page. Thanks for visiting!

Rate this tutorial
[Total: 23 Average: 4]

13 Responses to “Setting up Nextcloud Server on Arch Linux with Nginx, MariaDB and PHP7

  • DriftJunkie
    2 years ago

    Thank you very much for this. <3
    I will definitely try it.

  • DriftJunkie
    2 years ago

    Ok.
    I’ve got a few questions:
    1.I’ve got my domain setup so:
    cloud.domain.com points to the same IP as domain.com
    What if I want to have a normal website at domain.com and a drive at cloud.domain,com? (Even domain.com/cloud would be nice)

    2. Do you know how can I get transmission which is accessible through domain.com:port to be accessible as either transmission.domain.com or domain.com/transmission?

    It’s my first time with a web server 😀

    P.S.
    Also, this installation destroyed my plex web player.
    Trying to access it through localip:32400 or publicip:14885 throws me at the nextcloud page

    • Xiao Guo-An (Admin)
      2 years ago

      An IP can host multiple domains ( or websites), however you need to be careful about what web server you use and the configurations.

      The configurations in this tutorial is suitable when you want a normal website at domain.com and a drive at cloud.domain.com. You just need to follow the instructions in this tutorial to setup cloud.domain.com. If you want a normal website, then you need to create another nginx config file under /etc/nginx/conf.d/ for your website.

      I wrote a tutorial about Deluge torrent on Ubuntu 16.04 server before.
      How to Install Latest Deluge BitTorrent Client on Ubuntu 16.04/14.04

      and qbittorrent
      Install qBittorrent on Ubuntu 16.04 Desktop and Server

      Although it’s for Ubuntu, you can apply the configurations on Arch Linux because both Arch and Ubuntu use systemd now. I will write a transmission tutorial in the near future.

      • DriftJunkie
        2 years ago

        Hey.
        You are really helpful, your tuts are pretty good and I hope I’m not bothering you too much, but I’ve ran into more issues.

        I wanted to use phpMyAdmin, to fix a few things with my database, but
        -Instaling it
        -Adding a symlink to /usr/share/nginx/html/phpMyAdmin
        -Even adding “mydomain.com mypublicIP mylocalIP” to server_name in nginx.conf

        Doesn’t let me access it with “mylocalIP/phpMyAdmin” or “mypublicIP/phpMyAdmin” leaving me with error 404

        Though adding proxy_pass for transmission works flawlessly.

        I haven’t done much more outside of your tutorials, so you could maybe help me fix that.

        • Xiao Guo-An (Admin)
          2 years ago

          You need to specify the location of index.php for phpMyAdmin. After creating the symlink, add the following directives in nginx.conf server section

          location /phpMyAdmin/ {
                  root /usr/share/nginx/html/;
                  index index.php;
           }

          Save the file. Then reload nginx for the changes to take effect.

          sudo systemctl reload nginx
        • DriftJunkie
          2 years ago

          Ok. I’m really a noob 😀
          I was trying to access domain.com/phpMyAdmin
          while the name of the symlink was called:
          phpmyadmin

          Changing it to phpMyAdmin fixed my issues 😀

  • DriftJunkie
    2 years ago

    Also, there is no “letsencrypt” package, but “cerbot” is.

  • DriftJunkie
    2 years ago

    I’ve got another issue Xiao 😀
    In /usr/share/nginx/nextcloud/data/nextcloud.log I can read this:

    
    {"reqId":"nBJDJCsbkJIvwDu+4Xtu","remoteAddr":"111.111.111.111","app":"PHP","message":"mkdir(): Permission denied at /usr/share/nginx/nextcloud/lib/private/Setup.php#289","level":3,"time":"2016-10-26T19:59:28+00:00","method":"POST","url":"/index.php","user":"--"}
    {"reqId":"CzVdyqoJgar7AIRONP4i","remoteAddr":"111.111.111.111","app":"PHP","message":"mkdir(): Permission denied at /usr/share/nginx/nextcloud/lib/private/Setup.php#289","level":3,"time":"2016-10-26T20:00:50+00:00","method":"POST","url":"/index.php","user":"--"}
    {"reqId":"OqXCLvVt4WO/w4YvaP3P","remoteAddr":"111.111.111.111","app":"PHP","message":"mkdir(): Permission denied at /usr/share/nginx/nextcloud/lib/private/Setup.php#289","level":3,"time":"2016-10-26T20:01:04+00:00","method":"POST","url":"/index.php","user":"--"}
    {"reqId":"8IdT0N0jAT9xDPHZQxTY","remoteAddr":"111.111.111.111","app":"PHP","message":"mkdir(): Permission denied at /usr/share/nginx/nextcloud/lib/private/Setup.php#289","level":3,"time":"2016-10-26T20:01:09+00:00","method":"POST","url":"/index.php","user":"--"}
    {"reqId":"yO3INWeTvz4nQ7h7vh+j","remoteAddr":"111.111.111.111","app":"PHP","message":"mkdir(): Permission denied at /usr/share/nginx/nextcloud/lib/private/Setup.php#289","level":3,"time":"2016-10-26T20:01:32+00:00","method":"POST","url":"/index.php","user":"--"}
    {"reqId":"g0SQp0scLmYRoG2XusOa","remoteAddr":"111.111.111.111","app":"mysql.setup","message":"Specific user creation failed: An exception occurred while executing 'SELECT user FROM mysql.user WHERE user=?' with params ["oc_user"]:nnSQLSTATE[42000]: Syntax error or access violation: 1142 SELECT command denied to user 'user'@'localhost' for table 'user'","level":3,"time":"2016-10-26T20:05:14+00:00","method":"POST","url":"/index.php","user":"--"}
    {"reqId":"g0SQp0scLmYRoG2XusOa","remoteAddr":"111.111.111.111","app":"mysql.setup","message":"Database creation failed: An exception occurred while executing 'GRANT ALL PRIVILEGES ON `nextcloud` . * TO 'user'':nnSQLSTATE[42000]: Syntax error or access violation: 1044 Access denied for user 'user'@'localhost' to database 'nextcloud'","level":3,"time":"2016-10-26T20:05:14+00:00","method":"POST","url":"/index.php","user":"--"}
    

    How can I fix that?

    Pasting again

    
    grant all privileges on nextcloud.* to [email protected] identified by 'your-password';
    

    into mysql command line editor (inside nextcloud database of course) doesn’t address the issue.

    • Xiao Guo-An (Admin)
      2 years ago

      My nextcloud.log also has these lines. If you can use Nextcloud without issues, I believe these errors can be ignored.

      • DriftJunkie
        2 years ago

        The thing is that I can’t Create users in the web interface configuration.
        I’m almost sure I’ve wrote that somewhere already.

        When I press create in the users settings, nothing happens and my browser returns:
        “Failed to load resource: the server responded with a status of 403 (Forbidden)
        Uncaught TypeError: Cannot read property ‘message’ of undefined(…)”

        Except from the above post I haven’t found any other info on what could be the cause of it.

        • Xiao Guo-An (Admin)
          2 years ago

          I can create users on my Nextcloud server without issues. You may want to check out the nginx error log /var/log/nginx/error.log which may give you a hint of what’s wrong.

        • DriftJunkie
          2 years ago

          There is no error.log file 🙁 only access.log

          Thank you so much for all your help. I wouldn’t have done it without you.
          My issue was in one of managment/security apps, but I’m not really sure which, because I turned a bunch of them, turned some back on and user creation works just fine.

          I think I’m set now and there will be no more need to bother you 🙂
          I wish you all the best 🙂

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • If my answer helped you, please consider supporting this site. Thanks :)