Install NextCloud on Ubuntu Server 16.04: Difference between revisions

From ICO wiki
Jump to navigationJump to search
No edit summary
Line 17: Line 17:
It is assumed that you are already familiar with the basics of Linux command line terminal commands. But this tutorial is made so that you can copy paste the commands to your terminal.
It is assumed that you are already familiar with the basics of Linux command line terminal commands. But this tutorial is made so that you can copy paste the commands to your terminal.


Commands that must be entered in terminal with Bash shell start with a dollar sign "$". Terminal's outputs do not start with dollar sign.
Commands that must be entered in terminal with Bash shell start with a hash sign "#". Terminal's outputs do not start with any sign.


Example:
Example:
<source lang="bash">
<source lang="bash">
$ echo I Love You
# echo I Love You
I Love You
I Love You
</source>
</source>
Line 69: Line 69:
Import the key to the package repository and add it to the package source list (added in /etc/apt/source.list).
Import the key to the package repository and add it to the package source list (added in /etc/apt/source.list).
<source lang="bash">
<source lang="bash">
$ apt install software-properties-common
# apt install software-properties-common
$ apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
# apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
$ add-apt-repository 'deb [arch=amd64] http://ftp.eenet.ee/pub/mariadb/repo/10.1/ubuntu xenial main'
# add-apt-repository 'deb [arch=amd64] http://ftp.eenet.ee/pub/mariadb/repo/10.1/ubuntu xenial main'
</source>
</source>


Line 77: Line 77:
Then update the packages list and install mariadb.
Then update the packages list and install mariadb.
<source lang="bash">
<source lang="bash">
$ apt update
# apt update
$ apt install mariadb-server
# apt install mariadb-server
</source>
</source>


Line 86: Line 86:
Once installation finishes, check that MariaDB is running:
Once installation finishes, check that MariaDB is running:


<source lang="bash">$ systemctl status mariadb</source>
<source lang="bash"># systemctl status mariadb</source>


IMAGE
IMAGE
Line 95: Line 95:
It is highly recommended to run it.
It is highly recommended to run it.
   
   
<source lang="bash">$ mysql_secure_installation</source>
<source lang="bash"># mysql_secure_installation</source>


The first question of the wizard is to enter the root password that was chosen in the previous step. Enter it.
The first question of the wizard is to enter the root password that was chosen in the previous step. Enter it.
Line 110: Line 110:
First enter MariaDB as root:
First enter MariaDB as root:


<source lang="bash">$ mysql -u root -p</source>
<source lang="bash"># mysql -u root -p</source>


When prompted, enter the root password (we told you to remember it!).
When prompted, enter the root password (we told you to remember it!).
Line 137: Line 137:
Install the other tools Nextcloud will need (Apache2 web server, PHP 7 and its modules):
Install the other tools Nextcloud will need (Apache2 web server, PHP 7 and its modules):
<source lang="bash">
<source lang="bash">
$ apt install apache2 libapache2-mod-php7.0 php7.0-gd php7.0-json php7.0-mysql php7.0-curl php7.0-mbstring php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip
# apt install apache2 libapache2-mod-php7.0 php7.0-gd php7.0-json php7.0-mysql php7.0-curl php7.0-mbstring php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip
</source>
</source>


Line 143: Line 143:
Make sure the following Apache modules are enabled:
Make sure the following Apache modules are enabled:
<pre>
<pre>
$ a2enmod rewrite
# a2enmod rewrite
$ a2enmod headers
# a2enmod headers
$ a2enmod env
# a2enmod env
$ a2enmod dir
# a2enmod dir
$ a2enmod mime
# a2enmod mime
</pre>
</pre>


Line 153: Line 153:
Already enable the SSL module and its default site configuration:
Already enable the SSL module and its default site configuration:
<pre>
<pre>
$ a2enmod ssl
# a2enmod ssl
$ a2ensite default-ssl
# a2ensite default-ssl
</pre>
</pre>


Line 162: Line 162:
Download Nextcloud's archive use wget:
Download Nextcloud's archive use wget:


<source lang="bash">$ wget https://download.nextcloud.com/server/releases/nextcloud-''version''.''file-extension''</source>
<source lang="bash"># wget https://download.nextcloud.com/server/releases/nextcloud-''version''.''file-extension''</source>


Check from [https://nextcloud.com/install/#instructions-server Nextcloud's installation page] the exact link's target to use.
Check from [https://nextcloud.com/install/#instructions-server Nextcloud's installation page] the exact link's target to use.
Line 168: Line 168:
Example:
Example:


<source lang="bash">$ wget https://download.nextcloud.com/server/releases/nextcloud-11.0.1.zip</source>
<source lang="bash"># wget https://download.nextcloud.com/server/releases/nextcloud-11.0.1.zip</source>


===Check Nextcloud's archive integrity===
===Check Nextcloud's archive integrity===
Line 175: Line 175:
Download the checksum file:
Download the checksum file:


<source lang="bash">$ wget https://download.nextcloud.com/server/releases/nextcloud-''version''.''file-extension''.sha256</source>
<source lang="bash"># wget https://download.nextcloud.com/server/releases/nextcloud-''version''.''file-extension''.sha256</source>




Check that the downloaded archive matches the checksum file:
Check that the downloaded archive matches the checksum file:


<source lang="bash">$ sha256sum -c nextcloud-''version''.''file-extension''.sha256 < nextcloud-''version''.''file-extension''</source>
<source lang="bash"># sha256sum -c nextcloud-''version''.''file-extension''.sha256 < nextcloud-''version''.''file-extension''</source>


If it matches, the terminal will display <code>OK</code>.
If it matches, the terminal will display <code>OK</code>.
Line 187: Line 187:
Extract the archive depending on its extension:  
Extract the archive depending on its extension:  


<source lang="bash">$ tar -xjf nextcloud-x.y.z.tar.bz2</source>
<source lang="bash"># tar -xjf nextcloud-x.y.z.tar.bz2</source>


or
or


<source lang="bash">$ unzip nextcloud-x.y.z.zip</source>
<source lang="bash"># unzip nextcloud-x.y.z.zip</source>


This will extract one single directory called "nextcloud".
This will extract one single directory called "nextcloud".
Line 199: Line 199:


As for Apache, we can move it to ''/var/www'' (document root of Apache).
As for Apache, we can move it to ''/var/www'' (document root of Apache).
<source lang="bash">$ mv nextcloud /var/www</source>
<source lang="bash"># mv nextcloud /var/www</source>


Create the file ''/etc/apache2/sites-available/nextcloud.conf'' with the following content:
Create the file ''/etc/apache2/sites-available/nextcloud.conf'' with the following content:
Line 224: Line 224:
Then enable this configuration file:  
Then enable this configuration file:  


<source lang="apache">$ a2ensite nextcloud</source>
<source lang="apache"># a2ensite nextcloud</source>




Line 230: Line 230:
Make Apache the owner of Nextcloud's directory:
Make Apache the owner of Nextcloud's directory:


<source lang="bash">$ chown -R www-data:www-data /var/www/nextcloud/</source>
<source lang="bash"># chown -R www-data:www-data /var/www/nextcloud/</source>


IMAGE
IMAGE
Line 237: Line 237:
Restart Apache to apply all these changes:  
Restart Apache to apply all these changes:  


<source lang="bash">$ service apache2 restart</source>
<source lang="bash"># service apache2 restart</source>




Line 251: Line 251:
Create a temporary file that will hold the script to execute:
Create a temporary file that will hold the script to execute:


<source lang="bash">$ nano /tmp/nextcloud.sh</source>
<source lang="bash"># nano /tmp/nextcloud.sh</source>


Copy and paste the following code into the file.
Copy and paste the following code into the file.
Line 298: Line 298:
Then run it:  
Then run it:  


<source lang="bash">$ bash /tmp/nextcloud.sh</source>
<source lang="bash"># bash /tmp/nextcloud.sh</source>


You should see the following output
You should see the following output
Line 310: Line 310:
Now delete the temporary file as it is not needed anymore:
Now delete the temporary file as it is not needed anymore:


<source lang="bash">$ rm /tmp/nextcloud.sh</source>
<source lang="bash"># rm /tmp/nextcloud.sh</source>


==Set up Nextcloud from graphical installation wizard==
==Set up Nextcloud from graphical installation wizard==
Line 346: Line 346:
Then restart the MariaDB:  
Then restart the MariaDB:  


<source lang="bash">$ systemctl restart mariadb</source>
<source lang="bash"># systemctl restart mariadb</source>


ADD TRUSTED DOMAINS
ADD TRUSTED DOMAINS

Revision as of 13:27, 26 March 2017

Author: Etienne Barrier

Last modified: 07.02.2017

Install guestadditions for ubuntu server: http://askubuntu.com/questions/22743/how-do-i-install-guest-additions-in-a-virtualbox-vm?noredirect=1&lq=1 Purge MariaDB: http://askubuntu.com/questions/703123/mariadb-10-1-server-wont-start-after-update

Preliminary notes

This tutorial shows how to install NextCloud on Ubuntu 16.04 LTS Server, using MariaDB (as for database) and Apache 2 (as for web server).

This tutorial does NOT show:

  • how to install/configure databases other than MariaDB (although MySQL can be considered the sane)
  • how to install/configure web servers other than Apache2 (for example Nginx)
  • how to use NextCloud


It is assumed that you are already familiar with the basics of Linux command line terminal commands. But this tutorial is made so that you can copy paste the commands to your terminal.

Commands that must be entered in terminal with Bash shell start with a hash sign "#". Terminal's outputs do not start with any sign.

Example:

# echo I Love You
I Love You

All commands in this tutorial are made as root. You must be root or be able to use "sudo" command to install and configure Nextcloud.

Commands that must be entered for MariaDB start with greater-than sign ">".

Depending on the versions you use, the commands and/or the path shown in this tutorial might be different.


Tools' versions used in this tutorial:

  • Nextcloud (version: 11.0.1)
  • Ubuntu 16.04.1 LTS (Xenial)
  • MariaDB (version: 10.1.21)
  • Apache 2 (version: 2.4.xxxx)
  • Php (version 7.0)

The version of Nextcloud used (version 11) is referred as “Nextcloud” across the tutorial.


This tutorial is based on the following tutorials:


For any comments, please write to ebarrier {at] itcollege [dot) ee.

What is the final state this tutorial reaches?

This tutorial's objective is to have Nextcloud installed on a Ubuntu server using the aforementioned tools.

The installation of tools will be done from the command line.

The installation of Nextcloud will be done from command line and web interface.

Nextcloud will be accessible from the main page of the webserver and https protocol will be enabled and forced.

MariaDB

MariaDB is a database server that was forked from MySQL. It is free and open source.

Install MariaDB

We install MariaDB directly from its package repository.

Note: Nextcloud's official documentation installs MariaDB with the command apt install mariadb-server. Experience showed that this package does not work properly and leads to troubles later. Therefore the present instructions for installing MariaDB differ from Nextcloud's.


Import the key to the package repository and add it to the package source list (added in /etc/apt/source.list).

# apt install software-properties-common
# apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
# add-apt-repository 'deb [arch=amd64] http://ftp.eenet.ee/pub/mariadb/repo/10.1/ubuntu xenial main'


Then update the packages list and install mariadb.

# apt update
# apt install mariadb-server

When the wizard asks whether to set up a root password, it is important to set it and to remember it!


Once installation finishes, check that MariaDB is running:

# systemctl status mariadb

IMAGE

MariaDB secure installation

MariaDB secure installation is a script that enhances the security of MariaDB. It is highly recommended to run it.

# mysql_secure_installation

The first question of the wizard is to enter the root password that was chosen in the previous step. Enter it.

The second question asks whether we want to change the root password or not.

For all next questions, press Enter ("Yes" by default).

Create user and database for Nextcloud

Create a dedicated user and database that will be used by Nextcloud during its installation.

Note: Nextcloud's official documentation uses MariaDB's root password during its installation to set up the database (see below). In the present tutorial, a Nextcloud's dedicated user is created to avoid to enter the root password later (for security reasons).

First enter MariaDB as root:

# mysql -u root -p

When prompted, enter the root password (we told you to remember it!).


Note: database statements (commands) do not need to be capitalize. But the semi-colon in the end is important, they are part of the statement.

Create the database (define your own database name; "nextcloud" in our example):

> CREATE DATABASE nextcloud;


Then create a user with its password (define both your own; "arold" and "salakala" in our example respectively) and grant all rights to it to the newly created database ("nextcloud" in our example).

> GRANT ALL ON nextcloud.* to 'arold'@'localhost' IDENTIFIED BY 'salakala';


Save the changes and exit.

> FLUSH PRIVILEGES;
> exit

Install Apache and PHP

Install the other tools Nextcloud will need (Apache2 web server, PHP 7 and its modules):

# apt install apache2 libapache2-mod-php7.0 php7.0-gd php7.0-json php7.0-mysql php7.0-curl php7.0-mbstring php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip


Make sure the following Apache modules are enabled:

# a2enmod rewrite
# a2enmod headers
# a2enmod env
# a2enmod dir
# a2enmod mime


Already enable the SSL module and its default site configuration:

# a2enmod ssl
# a2ensite default-ssl

Nextcloud

Donwload Nextcloud

Download Nextcloud's archive use wget:

# wget https://download.nextcloud.com/server/releases/nextcloud-''version''.''file-extension''

Check from Nextcloud's installation page the exact link's target to use.

Example:

# wget https://download.nextcloud.com/server/releases/nextcloud-11.0.1.zip

Check Nextcloud's archive integrity

Check that the archive's integrity by comparing its checksum.

Download the checksum file:

# wget https://download.nextcloud.com/server/releases/nextcloud-''version''.''file-extension''.sha256


Check that the downloaded archive matches the checksum file:

# sha256sum -c nextcloud-''version''.''file-extension''.sha256 < nextcloud-''version''.''file-extension''

If it matches, the terminal will display OK.

Install Nextcloud

Extract the archive depending on its extension:

# tar -xjf nextcloud-x.y.z.tar.bz2

or

# unzip nextcloud-x.y.z.zip

This will extract one single directory called "nextcloud".


This extracted directory will be used by the web server.

As for Apache, we can move it to /var/www (document root of Apache).

# mv nextcloud /var/www

Create the file /etc/apache2/sites-available/nextcloud.conf with the following content:

Alias /nextcloud "/var/www/nextcloud/"

<Directory /var/www/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All

  <IfModule mod_dav.c>
    Dav off
  </IfModule>

  SetEnv HOME /var/www/nextcloud
  SetEnv HTTP_HOME /var/www/nextcloud
</Directory>

This configuration makes the Nextcloud web application available at the address http://yourDomainOrIp/nextcloud


Then enable this configuration file:

# a2ensite nextcloud


As screenshot below shows, Nextcloud is visible in a browser, but Apache needs to access its directory. Make Apache the owner of Nextcloud's directory:

# chown -R www-data:www-data /var/www/nextcloud/

IMAGE


Restart Apache to apply all these changes:

# service apache2 restart


At the address http://yourDomainOrIp/nextcloud the following screen should appear:

IMAGE

Set strong directory permissions

To make the application more secure, Nextcloud provides a script which sets strict directory permissions.

This step must be done once Nextcloud has been installed otherwise some permissions will not be as recommended [1].

Create a temporary file that will hold the script to execute:

# nano /tmp/nextcloud.sh

Copy and paste the following code into the file.

#!/bin/bash
ocpath='/var/www/nextcloud'
htuser='www-data'
htgroup='www-data'
rootuser='root'

printf "Creating possible missing Directories\n"
mkdir -p $ocpath/data
mkdir -p $ocpath/assets
mkdir -p $ocpath/updater

printf "chmod Files and Directories\n"
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
chmod 755 ${ocpath}

printf "chown Directories\n"
chown -R ${rootuser}:${htgroup} ${ocpath}/
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
chown -R ${htuser}:${htgroup} ${ocpath}/assets/
chown -R ${htuser}:${htgroup} ${ocpath}/config/
chown -R ${htuser}:${htgroup} ${ocpath}/data/
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
chown -R ${htuser}:${htgroup} ${ocpath}/updater/

chmod +x ${ocpath}/occ

printf "chmod/chown .htaccess\n"
if [ -f ${ocpath}/.htaccess ]
 then
  chmod 0644 ${ocpath}/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
fi
if [ -f ${ocpath}/data/.htaccess ]
 then
  chmod 0644 ${ocpath}/data/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
fi

Then run it:

# bash /tmp/nextcloud.sh

You should see the following output

Creating possible missing Directories
chmod Files and Directories
chown Directories
chmod/chown .htaccess

Now delete the temporary file as it is not needed anymore:

# rm /tmp/nextcloud.sh

Set up Nextcloud from graphical installation wizard

This set up will finish to install Nextcloud from your browser.

From your browser, go to http://yourDomainOrIp/nextcloud. The following screen should appear:

IMAGE

  • "Create an admin account" section asks to create the credentials that will be used to manage Nextcloud's administrator web interface.
  • "Data folder" section shows the path of the directory where the Nextcloud's content (files uploaded by users) will be stored. It is recommended to store the data in a folder sitting outside the web server's path for safety reasons. But in case of Apache, the default folder (var/www/nextcloud/data) is considered secure with the strict directory permissions set up previously.
  • "Configure the database" section asks for the settings of the database to use. Enter the values you chose when creating the database in a previous section.

Once filled-in, the screen looks like this (enter your own values):

IMAGE

ADD CERTBOT

Troubleshoot

If while going to http://yourDomainOrIp/nextcloud the following message appears:

An unhandled exception has been thrown: exception ‘PDOException’ with message
'SQLSTATE[HY000]: General error: 1665 Cannot execute statement: impossible to
write to binary log since BINLOG_FORMAT = STATEMENT and at least one table
uses a storage engine limited to row-based logging. InnoDB is limited to
row-logging when transaction isolation level is READ COMMITTED or READ
UNCOMMITTED.'

Uncomment and change the line BINLOG_FORMAT = ROW in the database configuration file (/etc/mysql/my.cnf) and set its value to BINLOG_FORMAT = MIXED.

Then restart the MariaDB:

# systemctl restart mariadb

ADD TRUSTED DOMAINS

  1. [1] Nextcloud strong directory permissions