welcome: please sign in

MemberManual / WebApplications / Nextcloud

Guide for installation of Nextcloud. See /Talk for discussion on improvements.

1. Create database

Postgresql should work, but Nextcloud recommends MySQL. See MemberManual/Databases#Create_a_Database. We'll assume you name the database ${USER}_cloud.

2. Software installation

2.1. Unpack

Get the Nextcloud tarball from Nextcloud.

Pick a directory where you'll host Nextcloud, for example $HOME/www/next.your.domain. We'll call it $NEXTDIR.

Also pick a directory for data, for example $HOME/var/nextcloud. We'll call it $NEXTDATA.

Unpack the source.

unzip nextcloud-15.0.0.zip

Move the resulting nextcloud directory to where you decided to have the document root.

mv nextcloud $NEXTDIR

Create an empty data directory in the document root. This is necessary for the duration of the installation, we'll delete it later.

mkdir data

2.2. Permissions

Adjust directory permissions:

fsr sa . system:anyuser none
fsr sa . $USER.daemon rlk
fsr sa config $USER.daemon rlidwk
fsr sa data $USER.daemon rlidwk
fsr sa apps $USER.daemon rlidwk

2.3. Patch

Delete some lines in the file core/Migrations/Version14000Date20180129121024.php. This doesn't play well with the HCoop default of not granting DROP on tables. The easiest fix seems to be to manually drop these later.

@@ -49,11 +49,6 @@
                /** @var ISchemaWrapper $schema */
                $schema = $schemaClosure();

-               $schema->dropTable('admin_sections');
-               $schema->dropTable('admin_settings');
-               $schema->dropTable('personal_sections');
-               $schema->dropTable('personal_settings');
                return $schema;

2.4. Create real data directory

Create the data directory and give it correct permissions:

fsr sa . system:anyuser none
fsr sa . $USER.daemon rlidwk

3. Nextcloud installation wizard

Open up the web site, which should now show you the installation wizard. Fill it out like so:

Data folder: $NEXTDATA
Database: MySQL/MariaDB
Username: whatever you like
Password: likewise
DB hostname: mysql

4. Post-installation configuration

4.1. Update some column types

Run this command to convert a couple of column types that are not handled by the installer:

php7.2 occ db:convert-filecache-bigint

4.2. Set DB charset

In the MySQL CLI, run:

ALTER DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

Run these Nextcloud CLI commands:

php7.2 occ config:system:set mysql.utf8mb4 --type boolean --value="true"
php7.2 occ maintenance:repair
php7.2 occ maintenance:mode --off

4.3. Cache

Add this line to $NEXDIR/config/config.php, to enable the APCu cache:

'memcache.local' => '\OC\Memcache\APCu',

4.4. Cron

Add a cron job like this replacing the variables with your username/path:

*/15 * * * * k5start -qtUf /etc/keytabs/user.daemon/$USER -- /usr/bin/php7.2 -f $NEXTDIR/cron.php

5. Domtool

Example Domtool config:

web "cloud" where
    PhpVersion = php72;
    DocumentRoot = home "$NEXTDIR";
    SSL = use_cert "/etc/apache2/ssl/user/your.cert.pem";
    location "/" with
        unset_options [indexes, multiViews];
        directoryIndex ["index.php", "index.html"];

    expiresByType "text/css" access 1 weeks;
    expiresByType "application/javascript" access 1 weeks;
    expiresByType "image/svg" access 1 weeks;
    expiresByType "image/gif" access 1 weeks;
    expiresByType "application/font-woff2" access 1 weeks;

    setEnvIfNoCase "^Authorization$" "(.+)" ["XAUTHORIZATION=$1"];

    rewriteCond "%{HTTP_USER_AGENT}" "DavClnt" [];
    rewriteRule "^$" "/remote.php/webdav/" [redirectWith temp, last];

    rewriteRule ".*" "-" [env "HTTP_AUTHORIZATION" "%{HTTP:Authorization}"];
    rewriteRule "^\.well-known/host-meta" "/public.php?service=host-meta" [qsappend, last];
    rewriteRule "^\.well-known/host-meta\.json" "/public.php?service=host-meta-json" [qsappend, last];
    rewriteRule "^\.well-known/webfinger" "/public.php?service=webfinger" [qsappend, last];
    rewriteRule "^\.well-known/carddav" "/remote.php/dav/" [redirectWith permanent, last];
    rewriteRule "^\.well-known/caldav" "/remote.php/dav/" [redirectWith permanent, last];
    rewriteRule "^remote/(.*)" "remote.php" [qsappend, last];
    rewriteRule "^(?:build|tests|config|lib|3rdparty|templates)/.*" "-" [redirectWith notfound, last];
    rewriteCond "%{REQUEST_URI}" "!^/\.well-known/(acme-challenge|pki-validation)/.*" [];
    rewriteRule "^(?:\.|autotest|occ|issue|indie|db_|console).*" "-" [redirectWith notfound, last];

And to enforce SSL:

web "cloud" with
    rewriteRule "^(.*)$" "https://next.your.domain$1" [redirectWith permanent];

6. Login

You should now be able to log in and look around Nextcloud. You may want to have a look at Settings → Overview for any warnings. You will see a bunch of warnings like this:

Some app directories are owned by a different user than the web server one. This may be the case if apps have been installed manually. Check the permissions of the following app directories:


These can be ignored.

7. Configuration in Nextcloud UI

7.1. cron

Go to Settings → Basic Settings and select the option Cron under Background jobs (since we set that up earlier).

You can check this page to ensure your cronjob is working.

7.2. Mail notifications

In Settings → Basic Settings, set:

Send mode: Sendmail
Sendmail mode: pipe (-t)
From address: whatever@your.domain

8. Cleanup

8.1. Delete default data directory

Since we use a new data directory we can delete the one in the document root:

rm -r data

9. Upgrade

The one-click upgrade feature does not work well with our ACL setup, so it's probably easiest to use the manual method. Follow the steps here, with these changes:

MemberManual/WebApplications/Nextcloud (last edited 2019-01-27 11:26:28 by BjörnLindström)