Install NextCloud on Ubuntu Server 16.04: Difference between revisions

From ICO wiki
Jump to navigationJump to search
Ebarrier (talk | contribs)
No edit summary
Ebarrier (talk | contribs)
No edit summary
 
(113 intermediate revisions by the same user not shown)
Line 1: Line 1:
Author: Etienne Barrier
Author: Etienne Barrier
Last modified: 07.02.2017
Install guestadditions for ubuntu server: http://askubuntu.com/questions/22743/how-do-i-install-guest-additions-in-a-virtualbox-vm?noredirect=1&lq=1
Purge MariaDB: http://askubuntu.com/questions/703123/mariadb-10-1-server-wont-start-after-update


==Preliminary notes==
==Preliminary notes==
This tutorial shows how to install NextCloud on Ubuntu 16.04 LTS Server, using MariaDB (as for database) and Apache 2 (as for webserver).
This tutorial shows how to install Nextcloud on Ubuntu 16.04 LTS Server, using MariaDB (as for database) and Apache 2 (as for web server).


This tutorial does NOT show:
This tutorial does NOT show:
* how to install/configure databases other than MariaDB (although MySQL can be considered the sane)
* how to install/configure databases other than MariaDB (although MySQL can be considered the same)
* how to install/configure webservers other than Apache2 (for example Nginx)
* how to install/configure web servers other than Apache2 (for example Nginx)
* how to use NextCloud
* how to use Nextcloud
 


It is assumed that you are already familiar with the basics of Linux command line terminal commands. But this tutorial is made so that you can copy paste the commands to your terminal.
It is assumed that you are already familiar with the basics of Linux command line terminal commands. But this tutorial is made so that you can copy paste the commands to your terminal.
Commands that must be entered in terminal with Bash shell start with a dollar sign "$". Terminal's outputs do not start with dollar sign.
Example:
<syntaxhighlight lang="bash">
$ echo I Love You  # This is a command
I Love You        # This is an output
</syntaxhighlight>
All commands in this tutorial are made as root. You must be root or be able to use "sudo" command to install and configure Nextcloud.
Commands that must be entered for MariaDB start with greater-than sign ">".


Tools' versions used in this tutorial:
Tools' versions used in this tutorial:
Line 20: Line 29:
* Ubuntu 16.04.1 LTS (Xenial)
* Ubuntu 16.04.1 LTS (Xenial)
* MariaDB (version: 10.1.21)
* MariaDB (version: 10.1.21)
* Apache 2 (version: 2.4.xxxx)
* Apache 2 (version: 2.4.18)
* Php (version 7.0)
* Php (version 7.0)


Depending on the versions you use, the commands and/or the path shown in this tutorial might be different.
Depending on the versions you use, the commands and/or the path shown in this tutorial might be different.


All commands in this tutorial are made as root. You must be root or be able to use "sudo" command to install and configure Nextcloud.
The version of Nextcloud used (version 11) is referred as “Nextcloud” across the tutorial.


The version of Nextcloud used (version 11) is referred as “Nextcloud” across the tutorial.


This tutorial is based on the following tutorials:
This tutorial is based on the following tutorials:
*[https://docs.nextcloud.com/server/11/admin_manual/installation/source_installation.html Official NextCloud documentation]
*[https://docs.nextcloud.com/server/11/admin_manual/installation/source_installation.html Official NextCloud documentation]
*[https://downloads.mariadb.org/mariadb/repositories/ MariaDB official downdload and installation page]
*[https://downloads.mariadb.org/mariadb/repositories/ MariaDB official downdload and installation page]


For any comments, please write to ebarrier {at] itcollege [dot) ee.
For any comments, please write to ebarrier {at] itcollege [dot) ee.
Line 42: Line 51:
The installation of Nextcloud will be done from command line and web interface.
The installation of Nextcloud will be done from command line and web interface.


Nextcloud will be accessible from the main page of the webserver and https protocol will be enabled and forced.
Nextcloud will be accessible from the main page of the webserver and https protocol will be enabled.
 
==MariaDB==


==MariaDB database==
MariaDB is a database server that was forked from MySQL. It is free and open source.
MariaDB is a database server that was forked from MySQL. It is free and open source.


Line 50: Line 60:
We [https://downloads.mariadb.org/mariadb/repositories install MariaDB] directly from its package repository.
We [https://downloads.mariadb.org/mariadb/repositories install MariaDB] directly from its package repository.


'''''Note''': [https://docs.nextcloud.com/server/11/admin_manual/installation/index.html Nextcloud's official documentation] installs MariaDB with the command <code>apt install mariadb-server</code>. Experience showed that this package does not work properly and leads to troubles later. Therefore the present instructions for installing MariaDB differ from Nextcloud's.''
'''''Note''': Nextcloud's official documentation <ref>[https://docs.nextcloud.com/server/11/admin_manual/installation/source_installation.html#example-installation-on-ubuntu-16-04-lts-server] Nextcloud's official documentation - Linux installation</ref> installs MariaDB with the command <code>apt install mariadb-server</code>. Experience showed that this package does not work properly and leads to troubles later. Therefore the present instructions for installing MariaDB differ from Nextcloud's.''
 


Import the key to the package repository and add it to the package source list (added in /etc/apt/source.list).
Import the key to the package repository and add it to the package source list (added in /etc/apt/source.list).
<pre>
<syntaxhighlight lang="bash">
$ sudo apt-get install software-properties-common
$ apt install software-properties-common
$ sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
$ apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
$ sudo add-apt-repository 'deb [arch=amd64] http://ftp.eenet.ee/pub/mariadb/repo/10.1/ubuntu xenial main'
$ add-apt-repository 'deb [arch=amd64] http://ftp.eenet.ee/pub/mariadb/repo/10.1/ubuntu xenial main'
</pre>
</syntaxhighlight>
 


Then update the packages list and install mariadb.
Then update the packages list and install mariadb.
<pre>
<syntaxhighlight lang="bash">
$ sudo apt update
$ apt update
$ sudo apt install mariadb-server
$ apt install mariadb-server
</pre>
</syntaxhighlight>
 
'''''When the wizard asks whether to set up a root password, it is important to set it and to remember it!'''''
 
 
Once installation finishes, check that MariaDB is running:
 
<syntaxhighlight lang="bash">$ systemctl status mariadb</syntaxhighlight>


''When the wizard asks whether to set up a root password, it is important to set it and to remember it!''


Once installation finishes, check that MariaDB is running.
[[FILE:Nextcloud_MariaDBRunning.png|border|600px|center]]
<code>systemctl status mariadb</code>


IMAGE


===MariaDB secure installation===
===MariaDB secure installation===


[https://mariadb.com/kb/en/mariadb/mysql_secure_installation MariaDB secure installation] is a script that enhances the security of MariaDB.  
MariaDB secure installation <ref>[https://mariadb.com/kb/en/mariadb/mysql_secure_installation] MariaDB secure installation</ref> is a script that enhances the security of MariaDB.  
It is highly recommended to run it.
It is highly recommended to run it.
   
   
<code>$ mysql_secure_installation</code>
<syntaxhighlight lang="bash">$ mysql_secure_installation</syntaxhighlight>


The first question of the wizard is to enter the root password that was chosen in the previous step. Enter it.
The first question of the wizard is to enter the root password that was chosen in the previous step. Enter it.
The second question asks whether we want to change the root password or not.  
The second question asks whether we want to change the root password or not.  
For all next questions, press ''Enter'' ("Yes" by default).
For all next questions, press ''Enter'' ("Yes" by default).


===Create user and database for Nextcloud===
===Create user and database for Nextcloud===
Create a dedicated user and database that will be used by Nextcloud during its installation.
Create a dedicated user and database that will be used by Nextcloud during its installation.
'''''Note''': Nextcloud's official documentation uses MariaDB's root password during its installation to set up the database (see below). In the present tutorial, a Nextcloud's dedicated user is created to avoid to enter the root password later (for security reasons).''
 
'''''Note''': Nextcloud's official documentation <ref>[https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#database-choice-label] Nextcloud's official documentation - Database set up from graphical wizard</ref> uses MariaDB's root password during its installation to set up the database (see below). In the present tutorial, a Nextcloud's dedicated user is created to avoid to enter the root password later (for security reasons).''


First enter MariaDB as root:
First enter MariaDB as root:


<code>mysql -u root -p</code>
<syntaxhighlight lang="bash">$ mysql -u root -p</syntaxhighlight>


When prompted, enter the root password (we told you to remember it!).
When prompted, enter the root password (we told you to remember it!).


''Note: database statements (commands) do not need to be capitalize.
But the semi-colon in the end is important, they are part of the statement.''


The create the database (define your own database name; "nextcloud" as for example):
'''''Note''': database statements (commands) do not need to be capitalize. But the semi-colon in the end is important, they are part of the statement.''
 
Create the database (define your own database name; "nextcloud" in our example):
 
<syntaxhighlight lang="mysql">> CREATE DATABASE nextcloud;</syntaxhighlight>


<code>CREATE DATABASE nextcloud;</code>


Then create a user with its password (define both your own; "arold" and "salakala" in our example respectively) and grant all rights to it to the newly created database ("nextcloud" in our example).
Then create a user with its password (define both your own; "arold" and "salakala" in our example respectively) and grant all rights to it to the newly created database ("nextcloud" in our example).


<code>GRANT ALL ON nextcloud.* to 'arold'@'localhost' IDENTIFIED BY 'salakala';</code>
<syntaxhighlight lang="mysql">> GRANT ALL ON nextcloud.* to 'arold'@'localhost' IDENTIFIED BY 'salakala';</syntaxhighlight>
 


Save the changes and exit.
Save the changes and exit.


<syntaxhighlight lang="mysql">
> FLUSH PRIVILEGES;
> exit
</syntaxhighlight>
==Apache and PHP==
Install the other tools Nextcloud will need (Apache2 web server, PHP 7 and its modules):
<syntaxhighlight lang="bash">
$ apt install apache2 libapache2-mod-php7.0 php7.0-gd php7.0-json php7.0-mysql php7.0-curl php7.0-mbstring php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip
</syntaxhighlight>
Make sure the following Apache modules are enabled:
<pre>
<pre>
FLUSH PRIVILEGES;
$ a2enmod rewrite
exit
$ a2enmod headers
$ a2enmod env
$ a2enmod dir
$ a2enmod mime
</pre>
</pre>


- We install all the other tools we need (Apache2 web server, PHP 7 and its modules):
 
Already enable the SSL module and its default site configuration:
<pre>
<pre>
apt-get install apache2 libapache2-mod-php7.0 php7.0-gd php7.0-json php7.0-mysql php7.0-curl php7.0-mbstring php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip
$ a2enmod ssl
$ a2ensite default-ssl
</pre>
</pre>


- To download the archive use wget: <code>wget <nowiki>https://download.nextcloud.com/server/releases/nextcloud-</nowiki>''version''.''file-extension''</code>
Check from [https://nextcloud.com/install/#instructions-server] the exact link's target to use.
Example <code>wget <nowiki>https://download.nextcloud.com/server/releases/nextcloud-11.0.1.zip</nowiki></code>


- To download the checksum file the same way: <code>wget <nowiki>https://download.nextcloud.com/server/releases/nextcloud-</nowiki>''version''.''file-extension''.sha256</code>
Restart Apache to apply all these changes:  
 
<syntaxhighlight lang="bash">$ service apache2 restart</syntaxhighlight>


- Check that the archive match the checksum file. <code>sha256sum -c nextcloud-''version''.''file-extension''.sha256 < nextcloud-''version''.''file-extension''</code>
If it matches, the terminal will display "OK".


- Extract the archive depending on its extension: <code>tar -xjf nextcloud-x.y.z.tar.bz2</code> or
==Nextcloud==
<code>unzip nextcloud-x.y.z.zip</code>
 
===Donwload Nextcloud===
Download Nextcloud's archive use wget:
 
<syntaxhighlight lang="bash">$ wget https://download.nextcloud.com/server/releases/nextcloud-''version''.''file-extension''</syntaxhighlight>
 
Check from [https://nextcloud.com/install/#instructions-server Nextcloud's installation page] the exact link's target to use.
 
Example:
 
<syntaxhighlight lang="bash">$ wget https://download.nextcloud.com/server/releases/nextcloud-11.0.1.zip</syntaxhighlight>
 
 
===Check Nextcloud's archive integrity===
Check that the archive's integrity by comparing its checksum.
 
Download the checksum file:
 
<syntaxhighlight lang="bash">$ wget https://download.nextcloud.com/server/releases/nextcloud-''version''.''file-extension''.sha256</syntaxhighlight>
 
 
Check that the downloaded archive matches the checksum file:
 
<syntaxhighlight lang="bash">$ sha256sum -c nextcloud-''version''.''file-extension''.sha256 < nextcloud-''version''.''file-extension''</syntaxhighlight>
 
If it matches, the terminal will display <code>OK</code>.
 
 
===Install Nextcloud===
Extract the archive depending on its extension:  
 
<syntaxhighlight lang="bash">$ tar -xjf nextcloud-x.y.z.tar.bz2</syntaxhighlight>
 
or
 
<syntaxhighlight lang="bash">$ unzip nextcloud-x.y.z.zip</syntaxhighlight>
 
This will extract one single directory called "nextcloud".
This will extract one single directory called "nextcloud".


- This extracted directory will be used by the webserver. As for Apache, we can copy it to ''/var/www'' (document root of Apache).
<code>cp -r nextcloud /var/www</code>


- We create the file ''/etc/apache2/sites-available/nextcloud.conf'' with the following content:
This extracted directory will be used by the web server.
<pre>
 
As for Apache, we can move it to ''/var/www'' (document root of Apache).
<syntaxhighlight lang="bash">$ mv nextcloud /var/www</syntaxhighlight>
 
Create the file ''/etc/apache2/sites-available/nextcloud.conf'' with the following content:
 
<syntaxhighlight lang="apache">
Alias /nextcloud "/var/www/nextcloud/"
Alias /nextcloud "/var/www/nextcloud/"


Line 147: Line 225:
   SetEnv HTTP_HOME /var/www/nextcloud
   SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
</Directory>
</pre>
</syntaxhighlight>
 
This configuration makes the Nextcloud web application available at the address '''<nowiki>http://</nowiki>''yourDomainOrIp''/nextcloud'''
 
 
Then enable this configuration file:
 
<syntaxhighlight lang="apache">$ a2ensite nextcloud</syntaxhighlight>
 
 
Reload Apache to apply all these changes:
 
<syntaxhighlight lang="bash">$ service apache2 reload</syntaxhighlight>
 
 
As screenshot below shows, Nextcloud is visible in a browser at the address <nowiki>http://</nowiki>''yourDomainOrIp''/nextcloud, but Apache needs to access its directory.


This configuration makes the Nextcloud web application available at the address http://''yourdomain''/nextcloud
[[FILE:Nextcloud_siteEnabled.png|border|700px|center]]


Then enable this configuration file: <code>a2ensite nextcloud</code>
To fix this, make Apache the owner of Nextcloud's directory:


- Make sure the following Apache modules are enabled:
<syntaxhighlight lang="bash">$ chown -R www-data:www-data /var/www/nextcloud/</syntaxhighlight>
<pre>
a2enmod rewrite
a2enmod headers
a2enmod env
a2enmod dir
a2enmod mime
</pre>


- We can also already enable the SSL module and its default site configuration:
<pre>
a2enmod ssl
a2ensite default-ssl
</pre>


- As you can see on the screenshot below, Nextcloud is visible in a browser but Apache needs to access its directory.
At the address <nowiki>http://</nowiki>''yourDomainOrIp''/nextcloud the following screen should appear:
<code>chown -R www-data:www-data /var/www/nextcloud/</code>
IMAGE


- Finally restart the Apache server to apply all these changes: <code>service apache2 restart</code>
[[FILE:Nextcloud_installWebWizard.png|border|200px|center]]


- At the address <nowiki>http://yourdomainorip/nextcloud</nowiki> you should see the screen below.
For "Create an admin account


- If you get a message similar to :
===Set strong directory permissions===
<pre>
To make the application more secure, Nextcloud provides a script which sets strict directory permissions.
An unhandled exception has been thrown: exception ‘PDOException’ with message
'SQLSTATE[HY000]: General error: 1665 Cannot execute statement: impossible to
write to binary log since BINLOG_FORMAT = STATEMENT and at least one table
uses a storage engine limited to row-based logging. InnoDB is limited to
row-logging when transaction isolation level is READ COMMITTED or READ
UNCOMMITTED.'
</pre>


You must uncomment and change the line BINLOG_FORMAT = ROW in the database config file (/etc/mysql/my.cnf) and set its value to BINLOG_FORMAT = MIXED.
'''This step must be done once Nextcloud has been installed otherwise some permissions will not be as recommended <ref>[https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#strong-perms-label] Nextcloud strong directory permissions</ref>.'''
Then restart the MariaDB: <code>systemctl restart mariadb</code>


- Finally, to make the application more secure, Nextcloud provides a script which sets strict directory permissions.
Create a temporary file that will hold the script to execute:
'''This step must be done once Nextcloud has been installed otherwise some permissions will not be as recommended (https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#strong-perms-label).'''


Create a file <code>nano /tmp/nextcloud.sh</code>
<syntaxhighlight lang="bash">$ nano /tmp/nextcloud.sh</syntaxhighlight>


Copy and paste the following code into the file.
Copy and paste the following code into the file.
<pre>
 
<syntaxhighlight lang="bash">
#!/bin/bash
#!/bin/bash
ocpath='/var/www/nextcloud'
ocpath='/var/www/nextcloud'
Line 235: Line 304:
   chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
   chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
fi
fi
</pre>
</syntaxhighlight>
 
Then run it:


Then run it: <code>bash /tmp/nextcloud.sh</code>
<syntaxhighlight lang="bash">$ bash /tmp/nextcloud.sh</syntaxhighlight>


You should see the following output
The terminal should output:
<pre>
<pre>
Creating possible missing Directories
Creating possible missing Directories
Line 247: Line 318:
</pre>
</pre>


Stop at "Additional Apache Configurations" (a2enmod mime).
 
===Set up Nextcloud from graphical installation wizard===
This set up will finish to install Nextcloud from your browser.
 
From your browser, go to <nowiki>http://</nowiki>''yourDomainOrIp''/nextcloud. The following screen should appear:
 
[[FILE:Nextcloud_installWebWizard.png|border|200px|center]]
 
 
* "''Create an admin account''" section asks to create the credentials that will be used to manage Nextcloud's administrator web interface.
 
* "''Data folder''" section shows the path of the directory where the Nextcloud's content (files uploaded by users) will be stored. It is recommended to store the data in a folder sitting outside the web server's path for safety reasons. But in case of Apache, the default folder (''var/www/nextcloud/data'') is considered secure with the strict directory permissions [[#Set_strong_directory_permissions|set up previously]].
 
* "''Configure the database''" section asks for the settings of the database to use. Enter the values you chose when creating the database in [[#Create_user_and_database_for_Nextcloud|a previous section]].
 
Once filled-in, the screen looks like this (enter your own values):
 
[[FILE:Nextcloud_webSetup.png|border|200px|center]]
 
 
Finally Nextcloud is installed and accessible
 
[[FILE:Nextcloud_pageAfterinstall.png|border|400px|center]]
 
 
==Improve Nextcloud==
 
Now that Nextcloud is up and running, we can improve its settings.
 
The following sections are recommended to implement although they may be ignored.
 
 
===Enable strict transport security===
Nextcloud's official documentation strongly recommends to enable strict transport security for HTTP protocol <ref>[https://docs.nextcloud.com/server/11/admin_manual/configuration_server/harden_server.html?highlight=security#enable-http-strict-transport-security] Nextcloud's official documentation - Enable HTTP Strict Transport Security</ref> to avoid man-in-the-middle-attacks.
 
To do so, the Apache HTTPS virtual host should contain the following settings:
 
<syntaxhighlight lang="apache">
<VirtualHost *:443>
  ServerName [yourServerName]
    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
    </IfModule>
</VirtualHost>
</syntaxhighlight>
 
This example configuration will make all subdomains only accessible via HTTPS. If you have subdomains not accessible via HTTPS, remove <code>includeSubdomains;</code>.
 
 
===Enable caching===
 
''"Caching improves performance by storing data, code, and other objects in memory."''<ref>[https://docs.nextcloud.com/server/11/admin_manual/configuration_server/caching_configuration.html] Nextcloud's official documentation - Enable and configure memory caching</ref> Basically the service will run faster with caching.
 
On a clean Nextcloud installation the following admin screen is visible.
 
 
[[FILE:Nextcloud_cacheMissing.png|border|900px|center]]
 
 
Different caching solutions and configurations can be used depending on type of server implementation. We only show how to install and configure caching for a small organization architecture with a single Nextcloud server. For more architecture examples, see [https://docs.nextcloud.com/server/11/admin_manual/configuration_server/caching_configuration.html Nextcloud's official documentation].
 
We use APCu <ref>[http://php.net/manual/en/book.apcu.php] PHP.net official documentation - APCu cache system</ref> as the cache system and Redis as the file locking system.
 
First install APCu:
 
'''''Note''': [https://docs.nextcloud.com/server/11/admin_manual/configuration_server/caching_configuration.html Nextcloud's official documentation] installs APCu with the package name <code>php7.0-apcu</code> which has a different name for Ubuntu 16.04.''
 
<syntaxhighlight lang="bash">
$ apt install php-apcu
</syntaxhighlight>
 
 
Restart the web server:
<syntaxhighlight lang="bash">
$ service apache2 restart
</syntaxhighlight>
 
 
Add the following line in the <code>config.php</code> file of your Nextcloud installation (''/var/www/nextcloud/config/config.php'' in our example):
<syntaxhighlight lang="php">
'memcache.local' => '\OC\Memcache\APCu',
</syntaxhighlight>
 
 
After refreshing Nextcloud page, check that the cache warning message disappeared.
 
===Enable transactional file locking===
 
The more users access Nextcloud, the more it is possible they read, modify, save the same files. When this happens, data error/corruption can occur.
 
[https://docs.nextcloud.com/server/11/admin_manual/configuration_files/files_locking_transactional.html Nextcloud official documentation] recommends to use [https://redis.io Redis] transactional file locking system.
 
''"Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker."'' <ref>[https://redis.io/] Redis's official website</ref>. In Nextcloud, Redis prevents simultaneous file saving, but not simultaneous file reading and modification. It also does not warn users that they are accessing the same file.
 
The commands below mostly rely on the [https://www.techandme.se/install-redis-cache-on-ubuntu-server-with-php-7-and-owncloud/ following tutorial.]
 
 
====Install Redis====
 
First install the packages we will need to install Redis (GNU C and C++ compilers, etc.):
<syntaxhighlight lang="bash">
$ apt-get update
$ apt-get install build-essential
</syntaxhighlight>
 
 
Download the latest released version of Redis' archive and unpack it:
<syntaxhighlight lang="bash">
$ wget http://download.redis.io/releases/redis-stable.tar.gz
$ tar xzf redis-stable.tar.gz
</syntaxhighlight>
 
 
Change its folder name from ''redis-stable'' to just ''redis'':
<syntaxhighlight lang="bash">
$ mv redis-stable redis
</syntaxhighlight>
 
 
Compile Redis and test it:
<syntaxhighlight lang="bash">
$ cd Redis
$ make
$ make test  ## This will take time
</syntaxhighlight>
 
 
If all the tests are successful, install Redis:
<syntaxhighlight lang="bash">
$ make install
$ cd utils/
$ ./install_server.sh
</syntaxhighlight>
 
The terminal will ask questions, press <code>Enter</code> for default settings:
<pre>
Please select the redis port for this instance: [6379] Selecting default: 6379
 
Please select the redis config file name [/etc/redis/6379.conf]
Selected default - /etc/redis/6379.conf
 
Please select the redis log file name [/var/log/redis_6379.log]
Selected default - /var/log/redis_6379.log
 
Please select the data directory for this instance [/var/lib/redis/6379]
Selected default - /var/lib/redis/6379
 
Please select the redis executable path [/usr/local/bin/redis-server]
</pre>
 
<pre>
Selected config:
Port : 6379
Config file : /etc/redis/6379.conf
Log file : /var/log/redis_6379.log
Data dir : /var/lib/redis/6379
Executable : /usr/local/bin/redis-server
Cli Executable : /usr/local/bin/redis-cli
 
Is this ok? Then press ENTER to go on or Ctrl-C to abort.
</pre>
 
 
Redis is now install. See its version:
<syntaxhighlight lang="bash">
$ /usr/local/bin/redis-server -v
</syntaxhighlight>
 
 
====Install Redis PHP module====
 
Now we install the Redis PHP 7 module. This module provides an API to PHP to communicate with a Redis server.
 
'''''Note:''' The <code>php-redis</code> package from [http://packages.ubuntu.com/xenial Ubuntu Xenial (16.04) repository] is of version 2.2.x which only works with PHP 5.6.x <ref>[https://docs.nextcloud.com/server/11/admin_manual/configuration_server/caching_configuration.html#additional-redis-installation-help] Nextcloud's official documentation - Additional Redis Installation Help</ref>''.
 
 
PHP 7 needs the Redis PHP module 3.1.x or higher. We use the latest stable version of the module directly from its [https://pecl.php.net/package/redis PECL repository].
 
 
'''''Note:''' [https://www.techandme.se/install-redis-cache-on-ubuntu-server-with-php-7-and-owncloud this tutorial] installs Redis PHP 7 module directly from the module's git repository<ref>[https://github.com/phpredis/phpredis] PHPRedis module official Git repository</ref>. But using this method does not install the latest version of the module that can be found on [https://pecl.php.net/package/redis PECL repository].''
 
 
First install the PHP development tools ("phpize" which will be used later), the Pear PHP extension repository tools:
<syntaxhighlight lang="bash">
$ apt install php7.0-dev php-pear
</syntaxhighlight>
 
 
Install the nodule from PECL repository:
<syntaxhighlight lang="bash">
$ pecl install redis
</syntaxhighlight>
 
 
For the web server to use the module, add it to php.ini:
<syntaxhighlight lang="bash">
$ touch /etc/php/7.0/mods-available/redis.ini
$ echo 'extension=redis.so' > /etc/php/mods-available/redis.ini
</syntaxhighlight>
'''''Note:''' the above can be achieved by adding the line "extension=redis.so" directly into the php.ini file which is situated at /etc/php/7.0/apache2/php.ini.''
 
 
Enable the module and restart the web server:
<syntaxhighlight lang="bash">
$ phpenmod redis
$ service apache2 restart
</syntaxhighlight>
 
 
Check the version of the module:
<syntaxhighlight lang="bash">
$ php --ri redis
</syntaxhighlight>
 
 
Finally add the following lines in the <code>config.php</code> file of your Nextcloud installation (''/var/www/nextcloud/config/config.php'' in our example):
<syntaxhighlight lang="php">
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
      'host' => 'localhost',
      'port' => 6379,
      ),
</syntaxhighlight>
 
 
==Troubleshoot==
 
While on <nowiki>http://</nowiki>''yourDomainOrIp''/nextcloud, there can be errors. Here the most probable ones with their fix.
 
 
===Database access denied===
If the following message appears:
 
<pre>
Error while trying to create admin user:
Failed to connect to the database:
An exception occured in driver:
SQLSTATE[HY000][1045] Access denied for user 'arold'@'localhost' (using password:YES)
</pre>
 
[[FILE:Nextcloud_accessDenied.png|border|300px|center]]
 
The solution is to re-enter the commands to grant all privileges to the user for the database we created [[#Create_user_and_database_for_Nextcloud|earlier]]. ''The values "arold" (user name) and "salakala" (user password) are just for example. Choose your own.''
 
<syntaxhighlight lang="mysql">> GRANT ALL ON nextcloud.* to 'arold'@'localhost' IDENTIFIED BY 'salakala';</syntaxhighlight>
 
 
Do not forget to apply the changes before exiting.
 
<syntaxhighlight lang="mysql">
> FLUSH PRIVILEGES;
> exit
</syntaxhighlight>
 
 
===Binlog_format error===
If the following message appears:
 
<pre>
An unhandled exception has been thrown: exception ‘PDOException’ with message 'SQLSTATE[HY000]:
General error: 1665 Cannot execute statement: impossible to write to binary log
since BINLOG_FORMAT = STATEMENT and at least one tableuses a storage engine limited to row-based logging.
InnoDB is limited to row-logging when transaction isolation level is READ COMMITTED or READ UNCOMMITTED.'
</pre>
 
[[FILE:Nextcloud_binlogFormat.png|border|400px|center]]
 
Uncomment and change the line ''BINLOG_FORMAT = ROW'' in the database configuration file (''/etc/mysql/my.cnf'') and set its value to ''BINLOG_FORMAT = MIXED''.
 
Then restart the MariaDB:
 
<syntaxhighlight lang="bash">$ systemctl restart mariadb</syntaxhighlight>
 
 
===Trusted domains===
For security reasons, Nextcloud have a (white)list of URLs that are allowed to access it.
 
If the URL used is not whitelisted, the following message will appear:
<pre>
You are accessing the server from an untrusted domain.
Please contact you administrator. If you are an administrator of this instance, configure the "trusted-domains" setting in config/config.php. An example configuration is provided in config/config.sample.php.
Depending on your configuration, as an administrator you might also be able to use the button below to trust this domain.
</pre>
 
[[FILE:Nextcloud_trustedDomains.png|border|600px|center]]
 
The solution is to click the buttong "Add [domain] as trusted domain" or to add it manually in the file ''/var/www/nextcloud/config/config.php'':
<syntaxhighlight lang="php" highlight="4-5">
'trusted_domains' =>
  array (
    0 => '192.168.0.29',
    1 => 'cloud.example.com',
    2 => '192.168.0.33',
  ),
</syntaxhighlight>
 
 
==See also==
* [https://certbot.eff.org/#ubuntuxenial-apache Install free SSL certificate for domains with Certbot (Letsencrypt.org)]
* In case of big troubles with MariaDB, [http://askubuntu.com/questions/703123/mariadb-10-1-server-wont-start-after-update how to uninstall it completely (purge)]
 
 
==References==
{{reflist|30em}}

Latest revision as of 09:22, 7 April 2017

Author: Etienne Barrier

Preliminary notes

This tutorial shows how to install Nextcloud on Ubuntu 16.04 LTS Server, using MariaDB (as for database) and Apache 2 (as for web server).

This tutorial does NOT show:

  • how to install/configure databases other than MariaDB (although MySQL can be considered the same)
  • how to install/configure web servers other than Apache2 (for example Nginx)
  • how to use Nextcloud


It is assumed that you are already familiar with the basics of Linux command line terminal commands. But this tutorial is made so that you can copy paste the commands to your terminal.

Commands that must be entered in terminal with Bash shell start with a dollar sign "$". Terminal's outputs do not start with dollar sign.

Example:

$ echo I Love You  # This is a command
I Love You         # This is an output

All commands in this tutorial are made as root. You must be root or be able to use "sudo" command to install and configure Nextcloud.

Commands that must be entered for MariaDB start with greater-than sign ">".


Tools' versions used in this tutorial:

  • Nextcloud (version: 11.0.1)
  • Ubuntu 16.04.1 LTS (Xenial)
  • MariaDB (version: 10.1.21)
  • Apache 2 (version: 2.4.18)
  • Php (version 7.0)

Depending on the versions you use, the commands and/or the path shown in this tutorial might be different.

The version of Nextcloud used (version 11) is referred as “Nextcloud” across the tutorial.


This tutorial is based on the following tutorials:


For any comments, please write to ebarrier {at] itcollege [dot) ee.

What is the final state this tutorial reaches?

This tutorial's objective is to have Nextcloud installed on a Ubuntu server using the aforementioned tools.

The installation of tools will be done from the command line.

The installation of Nextcloud will be done from command line and web interface.

Nextcloud will be accessible from the main page of the webserver and https protocol will be enabled.

MariaDB

MariaDB is a database server that was forked from MySQL. It is free and open source.

Install MariaDB

We install MariaDB directly from its package repository.

Note: Nextcloud's official documentation [1] installs MariaDB with the command apt install mariadb-server. Experience showed that this package does not work properly and leads to troubles later. Therefore the present instructions for installing MariaDB differ from Nextcloud's.


Import the key to the package repository and add it to the package source list (added in /etc/apt/source.list).

$ apt install software-properties-common
$ apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
$ add-apt-repository 'deb [arch=amd64] http://ftp.eenet.ee/pub/mariadb/repo/10.1/ubuntu xenial main'


Then update the packages list and install mariadb.

$ apt update
$ apt install mariadb-server

When the wizard asks whether to set up a root password, it is important to set it and to remember it!


Once installation finishes, check that MariaDB is running:

$ systemctl status mariadb



MariaDB secure installation

MariaDB secure installation [2] is a script that enhances the security of MariaDB. It is highly recommended to run it.

$ mysql_secure_installation

The first question of the wizard is to enter the root password that was chosen in the previous step. Enter it.

The second question asks whether we want to change the root password or not.

For all next questions, press Enter ("Yes" by default).


Create user and database for Nextcloud

Create a dedicated user and database that will be used by Nextcloud during its installation.

Note: Nextcloud's official documentation [3] uses MariaDB's root password during its installation to set up the database (see below). In the present tutorial, a Nextcloud's dedicated user is created to avoid to enter the root password later (for security reasons).

First enter MariaDB as root:

$ mysql -u root -p

When prompted, enter the root password (we told you to remember it!).


Note: database statements (commands) do not need to be capitalize. But the semi-colon in the end is important, they are part of the statement.

Create the database (define your own database name; "nextcloud" in our example):

> CREATE DATABASE nextcloud;


Then create a user with its password (define both your own; "arold" and "salakala" in our example respectively) and grant all rights to it to the newly created database ("nextcloud" in our example).

> GRANT ALL ON nextcloud.* to 'arold'@'localhost' IDENTIFIED BY 'salakala';


Save the changes and exit.

> FLUSH PRIVILEGES;
> exit


Apache and PHP

Install the other tools Nextcloud will need (Apache2 web server, PHP 7 and its modules):

$ apt install apache2 libapache2-mod-php7.0 php7.0-gd php7.0-json php7.0-mysql php7.0-curl php7.0-mbstring php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip


Make sure the following Apache modules are enabled:

$ a2enmod rewrite
$ a2enmod headers
$ a2enmod env
$ a2enmod dir
$ a2enmod mime


Already enable the SSL module and its default site configuration:

$ a2enmod ssl
$ a2ensite default-ssl


Restart Apache to apply all these changes:

$ service apache2 restart


Nextcloud

Donwload Nextcloud

Download Nextcloud's archive use wget:

$ wget https://download.nextcloud.com/server/releases/nextcloud-''version''.''file-extension''

Check from Nextcloud's installation page the exact link's target to use.

Example:

$ wget https://download.nextcloud.com/server/releases/nextcloud-11.0.1.zip


Check Nextcloud's archive integrity

Check that the archive's integrity by comparing its checksum.

Download the checksum file:

$ wget https://download.nextcloud.com/server/releases/nextcloud-''version''.''file-extension''.sha256


Check that the downloaded archive matches the checksum file:

$ sha256sum -c nextcloud-''version''.''file-extension''.sha256 < nextcloud-''version''.''file-extension''

If it matches, the terminal will display OK.


Install Nextcloud

Extract the archive depending on its extension:

$ tar -xjf nextcloud-x.y.z.tar.bz2

or

$ unzip nextcloud-x.y.z.zip

This will extract one single directory called "nextcloud".


This extracted directory will be used by the web server.

As for Apache, we can move it to /var/www (document root of Apache).

$ mv nextcloud /var/www

Create the file /etc/apache2/sites-available/nextcloud.conf with the following content:

Alias /nextcloud "/var/www/nextcloud/"

<Directory /var/www/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All

  <IfModule mod_dav.c>
    Dav off
  </IfModule>

  SetEnv HOME /var/www/nextcloud
  SetEnv HTTP_HOME /var/www/nextcloud
</Directory>

This configuration makes the Nextcloud web application available at the address http://yourDomainOrIp/nextcloud


Then enable this configuration file:

$ a2ensite nextcloud


Reload Apache to apply all these changes:

$ service apache2 reload


As screenshot below shows, Nextcloud is visible in a browser at the address http://yourDomainOrIp/nextcloud, but Apache needs to access its directory.

To fix this, make Apache the owner of Nextcloud's directory:

$ chown -R www-data:www-data /var/www/nextcloud/


At the address http://yourDomainOrIp/nextcloud the following screen should appear:


Set strong directory permissions

To make the application more secure, Nextcloud provides a script which sets strict directory permissions.

This step must be done once Nextcloud has been installed otherwise some permissions will not be as recommended [4].

Create a temporary file that will hold the script to execute:

$ nano /tmp/nextcloud.sh

Copy and paste the following code into the file.

#!/bin/bash
ocpath='/var/www/nextcloud'
htuser='www-data'
htgroup='www-data'
rootuser='root'

printf "Creating possible missing Directories\n"
mkdir -p $ocpath/data
mkdir -p $ocpath/assets
mkdir -p $ocpath/updater

printf "chmod Files and Directories\n"
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
chmod 755 ${ocpath}

printf "chown Directories\n"
chown -R ${rootuser}:${htgroup} ${ocpath}/
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
chown -R ${htuser}:${htgroup} ${ocpath}/assets/
chown -R ${htuser}:${htgroup} ${ocpath}/config/
chown -R ${htuser}:${htgroup} ${ocpath}/data/
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
chown -R ${htuser}:${htgroup} ${ocpath}/updater/

chmod +x ${ocpath}/occ

printf "chmod/chown .htaccess\n"
if [ -f ${ocpath}/.htaccess ]
 then
  chmod 0644 ${ocpath}/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
fi
if [ -f ${ocpath}/data/.htaccess ]
 then
  chmod 0644 ${ocpath}/data/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
fi

Then run it:

$ bash /tmp/nextcloud.sh

The terminal should output:

Creating possible missing Directories
chmod Files and Directories
chown Directories
chmod/chown .htaccess


Set up Nextcloud from graphical installation wizard

This set up will finish to install Nextcloud from your browser.

From your browser, go to http://yourDomainOrIp/nextcloud. The following screen should appear:


  • "Create an admin account" section asks to create the credentials that will be used to manage Nextcloud's administrator web interface.
  • "Data folder" section shows the path of the directory where the Nextcloud's content (files uploaded by users) will be stored. It is recommended to store the data in a folder sitting outside the web server's path for safety reasons. But in case of Apache, the default folder (var/www/nextcloud/data) is considered secure with the strict directory permissions set up previously.
  • "Configure the database" section asks for the settings of the database to use. Enter the values you chose when creating the database in a previous section.

Once filled-in, the screen looks like this (enter your own values):


Finally Nextcloud is installed and accessible


Improve Nextcloud

Now that Nextcloud is up and running, we can improve its settings.

The following sections are recommended to implement although they may be ignored.


Enable strict transport security

Nextcloud's official documentation strongly recommends to enable strict transport security for HTTP protocol [5] to avoid man-in-the-middle-attacks.

To do so, the Apache HTTPS virtual host should contain the following settings:

<VirtualHost *:443>
  ServerName [yourServerName]
    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
    </IfModule>
</VirtualHost>

This example configuration will make all subdomains only accessible via HTTPS. If you have subdomains not accessible via HTTPS, remove includeSubdomains;.


Enable caching

"Caching improves performance by storing data, code, and other objects in memory."[6] Basically the service will run faster with caching.

On a clean Nextcloud installation the following admin screen is visible.



Different caching solutions and configurations can be used depending on type of server implementation. We only show how to install and configure caching for a small organization architecture with a single Nextcloud server. For more architecture examples, see Nextcloud's official documentation.

We use APCu [7] as the cache system and Redis as the file locking system.

First install APCu:

Note: Nextcloud's official documentation installs APCu with the package name php7.0-apcu which has a different name for Ubuntu 16.04.

$ apt install php-apcu


Restart the web server:

$ service apache2 restart


Add the following line in the config.php file of your Nextcloud installation (/var/www/nextcloud/config/config.php in our example):

'memcache.local' => '\OC\Memcache\APCu',


After refreshing Nextcloud page, check that the cache warning message disappeared.

Enable transactional file locking

The more users access Nextcloud, the more it is possible they read, modify, save the same files. When this happens, data error/corruption can occur.

Nextcloud official documentation recommends to use Redis transactional file locking system.

"Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker." [8]. In Nextcloud, Redis prevents simultaneous file saving, but not simultaneous file reading and modification. It also does not warn users that they are accessing the same file.

The commands below mostly rely on the following tutorial.


Install Redis

First install the packages we will need to install Redis (GNU C and C++ compilers, etc.):

$ apt-get update
$ apt-get install build-essential


Download the latest released version of Redis' archive and unpack it:

$ wget http://download.redis.io/releases/redis-stable.tar.gz
$ tar xzf redis-stable.tar.gz


Change its folder name from redis-stable to just redis:

$ mv redis-stable redis


Compile Redis and test it:

$ cd Redis
$ make
$ make test   ## This will take time


If all the tests are successful, install Redis:

$ make install
$ cd utils/
$ ./install_server.sh

The terminal will ask questions, press Enter for default settings:

Please select the redis port for this instance: [6379] Selecting default: 6379

Please select the redis config file name [/etc/redis/6379.conf] 
Selected default - /etc/redis/6379.conf

Please select the redis log file name [/var/log/redis_6379.log] 
Selected default - /var/log/redis_6379.log

Please select the data directory for this instance [/var/lib/redis/6379] 
Selected default - /var/lib/redis/6379

Please select the redis executable path [/usr/local/bin/redis-server]
Selected config:
Port : 6379
Config file : /etc/redis/6379.conf
Log file : /var/log/redis_6379.log
Data dir : /var/lib/redis/6379
Executable : /usr/local/bin/redis-server
Cli Executable : /usr/local/bin/redis-cli

Is this ok? Then press ENTER to go on or Ctrl-C to abort.


Redis is now install. See its version:

$ /usr/local/bin/redis-server -v


Install Redis PHP module

Now we install the Redis PHP 7 module. This module provides an API to PHP to communicate with a Redis server.

Note: The php-redis package from Ubuntu Xenial (16.04) repository is of version 2.2.x which only works with PHP 5.6.x [9].


PHP 7 needs the Redis PHP module 3.1.x or higher. We use the latest stable version of the module directly from its PECL repository.


Note: this tutorial installs Redis PHP 7 module directly from the module's git repository[10]. But using this method does not install the latest version of the module that can be found on PECL repository.


First install the PHP development tools ("phpize" which will be used later), the Pear PHP extension repository tools:

$ apt install php7.0-dev php-pear


Install the nodule from PECL repository:

$ pecl install redis


For the web server to use the module, add it to php.ini:

$ touch /etc/php/7.0/mods-available/redis.ini
$ echo 'extension=redis.so' > /etc/php/mods-available/redis.ini

Note: the above can be achieved by adding the line "extension=redis.so" directly into the php.ini file which is situated at /etc/php/7.0/apache2/php.ini.


Enable the module and restart the web server:

$ phpenmod redis
$ service apache2 restart


Check the version of the module:

$ php --ri redis


Finally add the following lines in the config.php file of your Nextcloud installation (/var/www/nextcloud/config/config.php in our example):

'memcache.locking' => '\OC\Memcache\Redis',
 'redis' => array(
      'host' => 'localhost',
      'port' => 6379,
       ),


Troubleshoot

While on http://yourDomainOrIp/nextcloud, there can be errors. Here the most probable ones with their fix.


Database access denied

If the following message appears:

Error while trying to create admin user:
Failed to connect to the database:
An exception occured in driver:
SQLSTATE[HY000][1045] Access denied for user 'arold'@'localhost' (using password:YES)

The solution is to re-enter the commands to grant all privileges to the user for the database we created earlier. The values "arold" (user name) and "salakala" (user password) are just for example. Choose your own.

> GRANT ALL ON nextcloud.* to 'arold'@'localhost' IDENTIFIED BY 'salakala';


Do not forget to apply the changes before exiting.

> FLUSH PRIVILEGES;
> exit


Binlog_format error

If the following message appears:

An unhandled exception has been thrown: exception ‘PDOException’ with message 'SQLSTATE[HY000]: 
General error: 1665 Cannot execute statement: impossible to write to binary log 
since BINLOG_FORMAT = STATEMENT and at least one tableuses a storage engine limited to row-based logging. 
InnoDB is limited to row-logging when transaction isolation level is READ COMMITTED or READ UNCOMMITTED.'

Uncomment and change the line BINLOG_FORMAT = ROW in the database configuration file (/etc/mysql/my.cnf) and set its value to BINLOG_FORMAT = MIXED.

Then restart the MariaDB:

$ systemctl restart mariadb


Trusted domains

For security reasons, Nextcloud have a (white)list of URLs that are allowed to access it.

If the URL used is not whitelisted, the following message will appear:

You are accessing the server from an untrusted domain.
Please contact you administrator. If you are an administrator of this instance, configure the "trusted-domains" setting in config/config.php. An example configuration is provided in config/config.sample.php.
Depending on your configuration, as an administrator you might also be able to use the button below to trust this domain.

The solution is to click the buttong "Add [domain] as trusted domain" or to add it manually in the file /var/www/nextcloud/config/config.php:

'trusted_domains' =>
  array (
    0 => '192.168.0.29',
    1 => 'cloud.example.com',
    2 => '192.168.0.33',
  ),


See also


References

  1. [1] Nextcloud's official documentation - Linux installation
  2. [2] MariaDB secure installation
  3. [3] Nextcloud's official documentation - Database set up from graphical wizard
  4. [4] Nextcloud strong directory permissions
  5. [5] Nextcloud's official documentation - Enable HTTP Strict Transport Security
  6. [6] Nextcloud's official documentation - Enable and configure memory caching
  7. [7] PHP.net official documentation - APCu cache system
  8. [8] Redis's official website
  9. [9] Nextcloud's official documentation - Additional Redis Installation Help
  10. [10] PHPRedis module official Git repository