The idea here is to use snap to install nextcloud.
If you have ubuntu server , great because snap is already pre installed but if you are not, then you need to install it. So for this tutorial we're going to go with Debian 10+ servers:
su -
apt update -y
apt install snapd sudo curl ufw mlocate -y
/sbin/usermod -aG sudo [NAME OF THE NON-PRIVILEGED USER]
/sbin/ufw allow 22
/sbin/ufw allow 80
/sbin/ufw allow 443
/sbin/ufw enable
snap install core
exit
Using snap, installing nextcloud is fairly simple:
su -
snap install nextcloud
ip a | grep inet
curl ifconfig.me
you can verify that the nextcloud server works by going at the ip adress of the server http://server_ip/ where you'll create the administrator account.
Once that's done you should have access to your nextcloud instance, but instead of accessing it through the ip address, we'll set it up in such a way that we can access it through a domain name (for example DuckDNS) and with a HTTPS certificate.
Log into DuckDNS and register a domain name pointing to your public ip like so:
Now that we have the domain name pointing to the public ip address of the nextcloud server, we can setup the https certificate using let'sencrypt, just ssh into your server once more and run the following commands:
su -
nextcloud.enable-https lets-encrypt
nextcloud.occ config:system:set trusted_domains 1 --value=yourdomain.duckdns.org
And once that's done, you can access your nextcloud instance from a free domain, which uses a free HTTPS certificate ! at https://yourdomain.duckdns.org/
If you installed this nextcloud server locally and behind a reverse nginx proxy, then you would need to allow the domain to be accessed:
root@cloud:/var/snap/nextcloud/common/nextcloud/data# PATH=$PATH:/snap/bin/
root@cloud:/var/snap/nextcloud/common/nextcloud/data# which nextcloud.occ
/snap/bin//nextcloud.occ
root@cloud:/var/snap/nextcloud/common/nextcloud/data# nextcloud.occ config:system:set overwritehost --value="cloud.nowhere.moe"
System config value overwritehost set to string cloud.nowhere.moe
root@cloud:~# nextcloud.occ config:system:set overwriteprotocol --value="https"
System config value overwriteprotocol set to string https
In order to upgrade your nextcloud, you can run the following, and also add it to cron to run automatically every day at midnight:
root@cloud:~# sudo snap refresh nextcloud
snap "nextcloud" has no updates available
root@cloud:~# crontab -e
[...]
0 0 * * * /usr/bin/snap refresh nextcloud
:wq
--2022-12-17 20:34:07-- https://github.com/cronitorio/cronitor-cli/releases/download/28.8/linux_amd64.tar.gz
Resolving github.com (github.com)... 140.82.121.3
Connecting to github.com (github.com)|140.82.121.3|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/274548350/682877d8-1d52-4029-9777-425f3da0f77c?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221217%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221217T193407Z&X-Amz-Expires=300&X-Amz-Signature=1bf21514b0120917047558bc2d6de9d2f900d34dba04cfd3d30838b59ae4701e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=274548350&response-content-disposition=attachment%3B%20filename%3Dlinux_amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
--2022-12-17 20:34:07-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/274548350/682877d8-1d52-4029-9777-425f3da0f77c?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221217%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221217T193407Z&X-Amz-Expires=300&X-Amz-Signature=1bf21514b0120917047558bc2d6de9d2f900d34dba04cfd3d30838b59ae4701e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=274548350&response-content-disposition=attachment%3B%20filename%3Dlinux_amd64.tar.gz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.110.133, 185.199.108.133, 185.199.109.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6326130 (6.0M) [application/octet-stream]
Saving to: ‘linux_amd64.tar.gz’
linux_amd64.tar.gz 100%[===========================================================================================================================================>] 6.03M 6.47MB/s in 0.9s
2022-12-17 20:34:09 (6.47 MB/s) - ‘linux_amd64.tar.gz’ saved [6326130/6326130]
root@cloud:~# sudo tar xvf linux_amd64.tar.gz -C /usr/bin/
cronitor
root@cloud:~# sudo cronitor configure --api-key 1234567890
Configuration File:
/etc/cronitor/cronitor.json
Version:
28.8
API Key:
1234567890
Ping API Key:
Not Set
Environment:
Not Set
Hostname:
cloud
Timezone Location:
{Europe/Paris}
Debug Log:
Off
root@cloud:~# cronitor select
✔ /usr/bin/snap refresh nextcloud
----► Running command: /usr/bin/snap refresh nextcloud
snap "nextcloud" has no updates available
----► ✔ Command successful Elapsed time 0.451s
By default the nextcloud instance does not allow uploading large files, so to fix that you can do the following (as stated here
root@cloud:~# snap set nextcloud php.post-max-size=20G
#and if you put your nextcloud behind a nginx reverse proxy, you will need the "client_max_body_size 20G;" line in the nginx config.
[ 10.8.0.2/24 ] [ home ] [~]
→ cat /etc/nginx/sites-available/cloud.nowhere.moe
upstream cloudbackend {
server 10.0.0.103:80;
}
server {
listen 80;
listen [::]:80;
server_name cloud.nowhere.moe;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.nowhere.moe;
ssl_certificate /root/.acme.sh/cloud.nowhere.moe/fullchain.cer;
ssl_trusted_certificate /root/.acme.sh/cloud.nowhere.moe/cloud.nowhere.moe.cer;
ssl_certificate_key /root/.acme.sh/cloud.nowhere.moe/cloud.nowhere.moe.key;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
ssl_stapling on;
ssl_stapling_verify on;
resolver 80.67.188.188 80.67.169.40 valid=300s;
resolver_timeout 10s;
add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options nosniff; #MIME-type sniffing
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_pass http://cloudbackend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
client_max_body_size 20G;
}
}
And that's it! This is a very simple installation of nextcloud, you can use it as a server to host your keepass passwords database for example. To do so, just use the URL feature of keepass, and use the webdav link that points to the kdbx file you uploaded on the nextcloud server. You can also just install the keeweb extension on nextcloud for it.
To use it in keepass, simply upload your .kdbx file into your nextcloud once logged in, then use the keepass OpenURL feature as follows:
example URL: https://cloud.nowhere.moe/remote.php/webdav/Passwords.kdbx
To mount the nextcloud share on a windows machine, like you would sync a sharepoint drive, do the following:
Or you can just install the official nextcloud client here
10.10.16.5/23 ] [ nowhere ] [~]
→ sudo pacman -S nextcloud-client
[sudo] password for nothing:
resolving dependencies...
looking for conflicting packages...
Packages (4) karchive-5.103.0-1 qt5-websockets-5.15.8+kde+r3-1 qtkeychain-qt5-0.13.2-1 nextcloud-client-2:3.7.3-1
Total Download Size: 4.48 MiB
Total Installed Size: 16.02 MiB
:: Proceed with installation? [Y/n] y
Once logged in you can check the progress in the system tray:
Then let it automatically sync.
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8