Nextcloud @ Debian 10

Nextcloud @ Debian 10

On a clean Debian 10 install type the following

apt-get install apache2 mariadb-server libapache2-mod-php7.2
apt-get install php7.2-gd php7.2-json php7.2-mysql php7.2-curl php7.2-mbstring
apt-get install php7.2-intl php-imagick php7.2-xml php7.2-zip

download the latest versnion from https://nextcloud.com/install/#instructions-server for example:

wget https://download.nextcloud.com/server/releases/nextcloud-17.0.1.tar.bz2

after just decompress the file

tar -xjf nextcloud-17.0.1.tar.bz2

Then copy the installation files to the root of the webserver

cp -r nextcloud /var/www

Please note when you are running the Apache HTTP server you may safely install Nextcloud in your Apache document root!

Give read/write access to web server on the new folder

chown -R www-data:www-data /var/www/nextcloud/

create a configuration file for nextcloud in Apache

pico /etc/apache2/sites-available/nextcloud.conf

with the following content

Alias /nextcloud "/var/www/nextcloud/"

<Directory /var/www/nextcloud/>
  Require all granted
  Options FollowSymlinks MultiViews
  AllowOverride All

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud

</Directory>

enable it by issuing

a2ensite nextcloud.conf

enable some needed modules

a2enmod rewrite
a2enmod headers
a2enmod env 
a2enmod dir 
a2enmod mime 

and do not forget to restart Apache

systemctl reload apache2

Now before we go ahead lets prepare MariaDB

systemctl start mariadb
mysql_secure_installation

and after that

mysql
MariaDB> use mysql;
MariaDB> update user set plugin='' where User='root';
MariaDB> flush privileges;
MariaDB> quit

Now you can login to mysql only with the -p option and the password you setup in the previous step. I strongly suggest to setup a user for nextcloud database. Do not use root to create the database.

mysql -u root -p 
CREATE USER 'next'@'localhost' IDENTIFIED BY 'YourPassword';
CREATE DATABASE nextcloud;
GRANT ALL ON press.* TO next@localhost; FLUSH PRIVILEGES; exit;

After that you are pretty much ready to go. Head to the http://IP/nextcloud and follow the steps.

An optional but important step (which I strongly advice to follow is to enable https by default. This will encrypt the communication. To do that we will use Let’sEncrypt.

a2enmod rewrite ssl
nano /etc/apache2/sites-available/default-ssl.conf
 SSLProtocol all -SSLv2 -SSLv3
 Add SSL Cipher in one long line
 SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
 SSLHonorCipherOrder     on
 SSLOptions +StrictRequire
 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
 Header always set X-Frame-Options DENY
 Header always set X-Content-Type-Options nosniff

This will enable ssl on Apache and then you have to add the ciphers to support along with some more security enhancements

Install the certbot. It will do most of the job for you.

apt-get -y install certbot
apt-get -y install python-certbot-apache
certbot --authenticator webroot --installer apache

 crontab -e
 0 2 * * * certbot renew >> /var/log/letsencrypt.log

That’s it! You are done.