How to Install NextCloud on Ubuntu 18.04 with Nginx (LEMP Stack)

This tutorial will be showing you how to install NextCloud on Ubuntu 18.04 LTS with Nginx. As you may probably know, NextCloud is a free open-source self-hosted cloud storage solution that is forked from ownCloud. At the time of this writing, the latest stable version is NextCloud 13.0.2, which is compatible with PHP7.2.

Prerequisites

To follow this tutorial, you first need to install LEMP stack on Ubuntu 18.04. If you haven’t already done so, please check out the following tutorial.

Optionally, if you want to create database from phpMyAdmin, you can follow the tutorial below to install phpMyAdmin on Ubuntu 18.04 with LEMP.

Now let’s install NextCloud.

Step 1: Download NextCloud 13 on Ubuntu 18.04

Login into your Ubuntu 18.04 server. Then download the NextCloud zip archive onto your server. The latest stable version is 13.0.2 at time of this writing. You may need to change the version number. Go to https://nextcloud.com/install and click the download button to see the latest version.

ubuntu 18.04 nextcloud

You can run the following command to download it on your server.

wget https://download.nextcloud.com/server/releases/nextcloud-13.0.2.zip

Once downloaded, extract the archive with unzip.

sudo apt install unzip

sudo unzip nextcloud-13.0.2.zip -d /usr/share/nginx/

The -d option specifies the target directory. NextCloud web files will be extracted to /usr/share/nginx/nextcloud/.  Then we need to change the owner of this directory to www-data so that the web server (Nginx) can write to this directory.

sudo chown www-data:www-data /usr/share/nginx/nextcloud/ -R

Step 2: Create a Database and User in MariaDB

Log into MariaDB database server with the following command. Since MariaDB is now using unix_socket plugin to authentication user login, there’s no need to enter MariaDB root password. We just need to prefix the mysql command with sudo.

sudo mysql

Alternatively, you can also use this command to login.

sudo mariadb

Then create a database for Nextcloud. This tutorial name the database nextcloud. You can use whatever name you like.

create database nextcloud;

Create the database user. Again, you can use your preferred name for this user. Replace your-password with your preferred password.

create user nextclouduser@localhost identified by 'your-password';

Grant this user all privileges on the nextcloud database.

grant all privileges on nextcloud.* to nextclouduser@localhost identified by 'your-password';

Flush privileges and exit.

flush privileges;

exit;

Step 3: Create a Nginx Config File for Nextcloud

Create a nextcloud.conf file in /etc/nginx/conf.d/ directory.

sudo nano /etc/nginx/conf.d/nextcloud.conf

Put the following text into the file. Replace the red-colored text with your actual data. Don’t forget to set A record for the domain name.

server {
    listen 80;
    server_name nextcloud.your-domain.com;

    # Add headers to serve security related headers
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    # Path to the root of your installation
    root /usr/share/nginx/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
       return 301 $scheme://$host/remote.php/dav;
    }

    location ~ /.well-known/acme-challenge {
      allow all;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
       rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
       deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
       deny all;
     }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
       include fastcgi_params;
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       #Avoid sending the security headers twice
       fastcgi_param modHeadersAvailable true;
       fastcgi_param front_controller_active true;
       fastcgi_pass unix:/run/php/php7.2-fpm.sock;
       fastcgi_intercept_errors on;
       fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
       try_files $uri/ =404;
       index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
   }

   location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
   }
}

Save and close the file. Test Nginx configuration, then reload Nginx for the changes to take effect.

sudo nginx -t

sudo systemctl reload nginx

Step 4: Install and Enable PHP Modules

Run the following commands to install PHP modules required or recommended by NextCloud.

sudo apt install php-imagick php7.2-common php7.2-gd php7.2-json php7.2-curl  php7.2-zip php7.2-xml php7.2-mbstring php7.2-bz2 php7.2-intl

Step 5: Enable HTTPS

Now you can access the Nextcloud web install wizard in your browser by entering the domain name for your Nextcloud installation.

nextcloud.your-domain.com

ubuntu 18.04 nextcloud nginx

If the web page can’t load, you probably need to open port 80 in firewall.

sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT

And port 443 as well.

sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT

Before entering any sensitive information, we should enable secure HTTPS connection on Nextcloud. We can obtain a free TLS certificate from Let’s Encrypt. Install Let’s Encrypt client (certbot) from Ubuntu 18.04 repository.

sudo apt install certbot python3-certbot-nginx

Python-certbot-nginx is the Nginx plugin. Next, run the following command to obtain a free TLS certificate using the Nginx plugin.

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email your-email-address -d nextcloud.your-domain.com

Explanation:

  • –nginx: Use the Nginx authenticator and installer
  • –agree-tos: Agree to Let’s Encrypt terms of service
  • –redirect: Add 301 redirect.
  • –hsts: Add the Strict-Transport-Security header to every HTTP response.
  • –staple-ocsp: Enables OCSP Stapling.
  • -d flag is followed by a list of domain names, separated by comma. You can add up to 100 domain names.
  • –email: Email used for registration and recovery contact.

You will be asked if you want to receive emails from EFF(Electronic Frontier Foundation). After choosing Y or N, your TLS certificate will be automatically obtained and configured for you, which is indicated by the message below.

ubuntu 18.04 nextcloud 13

The Nginx plugin is not smart enough to handle such complex configuration file. It failed to redirect HTTP to HTTPS and the HSTS header wasn’t added. We can open the configuration file and enabled these two feature manually.

sudo nano /etc/nginx/conf.d/nextcloud.conf

To redirect HTTP to HTTPS, your Nginx configuration file needs to include a 301 redirect like below.

server {
    listen 80;
    server_name nextcloud.linuxbabe.com;
    return 301 https://nextcloud.linuxbabe.com$request_uri;
}

server {
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/nextcloud.linuxbabe.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nextcloud.linuxbabe.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    ......  
    ......
    remaining configurations
    ......
}

We can then add the following line in the ssl server block to enable HSTS header.

add_header Strict-Transport-Security "max-age=31536000" always;

Also, you can enable HTTP2 protocol by adding the option http2.

listen 443 ssl http2; # managed by Certbot

Here’s part of the configurations on my server.

nextcloud 13 ubuntu 18.04 LEMP stack

Save and close the file. Then text Nginx configurations.

sudo nginx -t

If the test is successful, reload Nginx for the change to take effect.

sudo systemctl reload nginx

The above configuation will get A+ score on SSL test.

install nextcloud 13 ubuntu 18.04

Finish the Installation in your Web Browser

Now you can access the Nextcloud web install wizard using HTTPS connection. To complete the installation, you need to create an admin account, enter the path of Nextcloud data folder, enter database details created earlier. You can use the default localhost as host address, or you can enter localhost:3306, as MariaDB listens on port 3306.

The data folder is where users’ files are stored. For security, it’s best to place the data directory outside of Nextcloud web root. So instead of storing users’ files under /usr/share/nginx/nextcloud/data/, we can change it to /usr/share/nginx/nextcloud-data. which can be created with the following command:

sudo mkdir /usr/share/nginx/nextcloud-data

Then make sure Nginx user (www-data) has write permission to the data directory.

sudo chown www-data:www-data /usr/share/nginx/nextcloud-data -R

nextcloud ubuntu 18.04 install guide

Once it’s done, you will see the Web interface of Nextcloud. Congrats! You can start using it as your private cloud storage.

setup nextcloud ubuntu nginx

How to Install NextCloud Client on Ubuntu 18.04 Desktop

The NextCloud team provides an official PPA. Run the following commands on Ubuntu 18.04 desktop to isntall the client.

sudo add-apt-repository ppa:nextcloud-devs/client

sudo apt install nextcloud-client

Note that you don’t need to run sudo apt update anymore in Ubuntu 18.04 when addding PPA. It will run automatically 🙂

ubuntu 18.04 nextcloud ppa

NextCloud Client on Ubuntu 18.04

ubuntu 18.04 nextcloud client

How to Move the Data Directory

In case you need to move the NextCloud data directory, there are 4 steps to accomplish this. First, you need to use the cp command to copy the data directory to the new directory. For example, the mount point of my external hard drive is /media/linuxbabe/b43e4eea-9796-4ac6-9c48-2bcaa46353731. I create the new data directory on the external hard drive.

sudo mkdir /media/linuxbabe/b43e4eea-9796-4ac6-9c48-2bcaa46353731/nextcloud-data/

Then I copy the original data directory to the new data directory. -R flag means the copy operation is recursive.

sudo cp /usr/share/nginx/nextcloud-data/* /media/linuxbabe/b43e4eea-9796-4ac6-9c48-2bcaa46353731/nextcloud-data/ -R

You also need to copy the .ocdata file.

sudo cp /usr/share/nginx/nextcloud-data/.ocdata /media/linuxbabe/b43e4eea-9796-4ac6-9c48-2bcaa46353731/nextcloud-data/

Next, you need to set www-data (Nginx user) as the owner.

sudo chown www-data:www-data /media/linuxbabe/b43e4eea-9796-4ac6-9c48-2bcaa46353731/nextcloud-data/ -R

Lastly, you need to edit the config.php file.

sudo nano /usr/share/nginx/nextcloud/config/config.php

Find the following line and change the value of datadirectory.

'datadirectory' => '/usr/share/nginx/nextcloud-data',

Save and close the file. Reload NextCloud web page and you are done.

I hope this tutorial helped you install NextCloud 13 on Ubuntu 18.04 server with Nginx. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care.

Rate this tutorial
[Total: 10 Average: 4.3]

8 Responses to “How to Install NextCloud on Ubuntu 18.04 with Nginx (LEMP Stack)

  • John Doe
    2 weeks ago

    Great. Thanks !

  • Hello,
    Thank you very much for this well done tutorial. I especially appreciated the way you provided an explanation of what was going to be done at each step before giving the actual code to do it.

    All went smoothly until I got to the security section at step 5. I could not obtain a certificate because I don’t have a publicly registered domain. My server is connected to a private LAN and not exposed to the Internet. My router does dns internally so the server has a host name that is usable. I can get the nextcloud wizard using http:///

    Will the desktop software work if I never use SSL? I really don’t need the security since my LAN is behind a router that does no port forwarding. Thank you in advance for any advice you might offer.

    Regards, Steve W.

    • It should work. But if you are going to sync files when you are away from home, register a domain name and enable HTTPS. I recommend NameCheap because you get whois privacy protection free for life.

  • Hey Linux Babe

    I followed your guide and for only being on Linux for 3 weeks, it worked GREAT!.

    I have two quandaries at this point:

    A: I have installed this setup exactly per your guide on a small 256 NVME ssd @ /usr/share/nginx/nextcloud-data
    as you said. Can i now move this elsewhere? for example an external 2tb ssd? or Internal ssd?
    Can you tell me how i can accomplish to move the data/ or move the location of where i store my actual files such as photos,videos so that i dont fill up my small NVME ssd?

    B: On the nextcloud start page- where username, password, data folder, database user etc etc goes,
    i filled everything out correctly i believe, except for the localhost section. I used the example they gave for this. So i typed “localhost:5432” Is this bad or good. Should i change this?

    Thank you!! im a big fan!

    • Hi Jacob,

      I just added instruction for moving the data directory at the end of this tutorial.

      If you are using MariaDB/MySQL as the database server, you should enter localhost or localhost:3306. 3306 is the port used by MariaDB/MySQL. Port 5432 is used by PostgreSQL database server.

      If you made a mistake, you can always change the port in /usr/share/nginx/nextcloud/config/config.php file. The database configuration is saved like below.

        'dbtype' => 'mysql',
        'version' => '13.0.4.0',
        'dbname' => 'nextcloud',
        'dbhost' => 'localhost',
        'dbport' => '',
        'dbtableprefix' => 'oc_',
      
  • Thanks Xiao!

    Can you tell me if now i have the correct syntax in my config.php?

    [url=https://postimg.cc/image/zfnjy1hr5/][img]https://s8.postimg.cc/zfnjy1hr5/Screenshot_from_2018-06-24_14-58-30.png[/img][/url]

  • Oops.

    here is link
    https://postimg.cc/image/zfnjy1hr5/

Leave a Reply

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.