Setting up Nextcloud Server on Arch Linux with Nginx, MariaDB and PHP7

In this tutorial, I will show you how to set up your own Nextcloud server on Arch Linux with Nginx, MariaDB and PHP7.

This tutorial assumes that you have already installed a LEMP stack (Linux, Nginx, MariaDB/MySQL, PHP) on Arch Linux. If you haven’t already done so, please check out the below easy-to-follow guide.

After you install LEMP stack, come back here and follow the instructions below. If you have an Arch Linux server, then ssh into it. You can also use your local Arch Linux computer.

Step 1: Install Nextcloud 13 Server on Arch Linux

Download the NextCloud zip archive onto your server. The latest version is NextCloud 13. You may need to change the version number. Go to and click the download button to check out the latest version. You can download the zip archive with wget in the terminal.

sudo pacman -S wget


Install unzip and extract it to the document root of Nginx web server. (/usr/share/nginx/).

sudo pacman -S unzip

sudo unzip -d /usr/share/nginx/

Then let Nginx user (http) be the owner of the nextcloud directory.

sudo chown http:http /usr/share/nginx/nextcloud/ -R

Step 2: Create a Database and User in MariaDB

Log into MariaDB database server with the following command:

mysql -u root -p

Then create a database for Nextcloud. This tutorial name the database nextcloud. You can use whatever name you like.

create database nextcloud;

Create the database user. Again, you can use your preferred name for this user. Replace your-password with your preferred password.

create user nextclouduser@localhost identified by 'your-password';

Grant this user all privileges on the nextcloud database.

grant all privileges on nextcloud.* to nextclouduser@localhost identified by 'your-password';

Flush the privileges table and exit.

flush privileges;


Step 3: Enable Binary Logging in MariaDB

Edit the main MariaDB config file.

sudo nano /etc/mysql/my.cnf

Add the following two lines in [mysqld] section. You may find that these two lines are already there (line 54 and 57) because the MariaDB package of Arch Linux enables binary logging by default. If you cannot find them, then manually add them to the [mysqld] section of my.cnf file.

log-bin        = mysql-bin
binlog_format  = mixed

The format of binary log must be set to mixed. Save and close the file. Then restart MariaDB service.

sudo systemctl restart mysqld

Step 4: Create an Nginx Config File for Nextcloud

First, create a conf.d directory for individual Nginx config files.

sudo mkdir /etc/nginx/conf.d

Then create a config file for Nextcloud.

sudo nano /etc/nginx/conf.d/nextcloud.conf

Put the following text into the file.

server {
    listen 80;

    # Add headers to serve security related headers
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    # Path to the root of your installation
    root /usr/share/nginx/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    location = /.well-known/caldav {
       return 301 $scheme://$host/remote.php/dav;

    location ~ /.well-known/acme-challenge {
      allow all;

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
       rewrite ^ /index.php$uri;

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
       deny all;
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
       deny all;

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
       include fastcgi_params;
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       #Avoid sending the security headers twice
       fastcgi_param modHeadersAvailable true;
       fastcgi_param front_controller_active true;
       fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
       fastcgi_intercept_errors on;
       fastcgi_request_buffering off;

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
       try_files $uri/ =404;
       index index.php;

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)        
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;

   location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;

Replace the red-colored text with your actual data. If you are setting up Nextcloud on your home computer, then enter your private IP address for the server name, like:


Next, edit /etc/nginx/nginx.conf file

sudo nano /etc/nginx/nginx.conf

Add the following line in the http section so that individual Nginx config files will be loaded.

include /etc/nginx/conf.d/*.conf;

Like this:

http {
   include /etc/nginx/conf.d/*.conf;

   include mime.types;
   default_type application/octet-stream;


Save and close the file. Then test Nginx configurations.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Step 5: Install and Enable PHP Modules

Nextcloud requires mysql and gd modules to be enabled in order to work properly. mysql module is already installed in the previous LEMP tutorial. Now install gd module with the following command:

sudo pacman -S php-gd

Then edit php.ini file.

sudo nano /etc/php/php.ini

Find the following 3 lines. Remove the semicolons to enable these 3 modules.

;extension=gd         (line 899)

;extension=mysqli     (line 887)

;extension=pdo_mysql  (line 891)

Save and close the file. Then reload php-fpm process for the changes to take effect.

sudo systemctl reload php-fpm

the Nextcloud Web Installer

Now in your browser address bar, type

to access the Nextcloud web installer. If you are installing on a local Arch Linux computer, type your private IP address such as You will see the following.


You need to create an administrative account and connect NextCloud service with MariaDB database. Enter the database username, password and database name you created earlier. Once it’s done, your Nextcloud server is ready to rock.


If you are using a remote Arch Linux server, I recommend installing a SSL/TLS certificate before you finish the installation in the web browser to prevent malicious sniffing.

Get A Free SSL Certificate from Let’s Encrypt

This step is necessary on a remote server because you want to make sure your Nextcloud username and password are not sniffed by malicious people. Skip this step if you are setting up Nextcloud on your home computer.

First we need to install the certbot client and Nginx plugin which is available in Arch Linux community repository.

sudo pacman -S certbot certbot-nginx

Then use the Nginx plugin to obtain and install a certificate for Nginx Web server like below.

sudo certbot --nginx --agree-tos --redirect --staple-ocsp --email your-email-address -d

I assume you are using a domain name like to access the ownCloud web interface. You also need to point your domain name to your server IP in DNS before running the above command.

Once the certificate is obtained and installed, reload Nginx.

sudo systemctl reload nginx

Auto-Renew TLS Certificate

It’s advisable to auto-renew Let’s Encrypt TLS certificate. We can achieve that with cron job. First install cronie on Arch Linux.

sudo pacman -S cronie

Then edit the crontab file of root user.

sudo crontab -e

Put the following line into the file which will try to renew your cert once per day.

@daily certbot renew --quiet

Save and close the file.

Congrats! You have successfully set up NextCloud personal cloud storage on Arch Linux with Nginx, MariaDB and PHP7.

As always, if you found this post useful, then please subscribe to our free newsletter or follow us on Google+Twitter or like our Facebook page. Thanks for visiting!

Rate this tutorial
[Total: 13 Average: 4]