Administration and use
See individual pages
Install of NextCloud supporting notes
All commands assume sudo or that you are logged in as root. These notes are for installation with PostgreSQL on Ubuntu 14.04, other DBMS and Linux/Unix variants may not have similar outcomes. The installations here assume use with an organisation and therefore include add-ons that may not be useful in personal installation.
Small office install, single server
Install the dependencies
16.04 onwards (will need universe repository adding for some options)
apt-get install apache2 postfix postgresql postgresql-contrib libapache2-mod-php apt-get install php-gd php-json php-pgsql php-curl apt-get install php-intl php-mcrypt php-imagick apt-get install php-zip php-xml php-mbstring php-ldap
apt-get install apache2 postgresql postgresql-contrib libapache2-mod-php5 apt-get install php5-gd php5-json php5-pgsql php5-curl apt-get install php5-intl php5-mcrypt php5-imagick php5-ldap
Enable the Apache modules
a2enmod rewrite a2enmod headers a2enmod env a2enmod dir a2enmod mime a2enmod ssl a2ensite default-ssl
Prepare PHP to use PostgreSQL
Edit the PHP PostgreSQL configuration
vi /etc/php/7.0/apache2/conf.d/20-pgsql.ini
vi /etc/php5/apache2/conf.d/20-pgsql.ini
and append
[PostgresSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0
Create the base DB & allow web app access
Set up the database and user,
# su postgres # psql -d template1 CREATE USER yourdbuser CREATEDB; CREATE DATABASE nextcloud OWNER yourdbuser; \q # exit
Edit PostgreSQL settings to allow local connections for yourdbuser to the nextcloud database (on all DB servers):
# vi /etc/postgresql/<version number>/main/pg_hba.conf
Adding a line before the default "local" permission line e.g.
# "local" is for Unix domain socket connections only local all ncdbuser trust local all all peer
Then restart postgresql
service postgresql restart
Larger installation, loads split out
How far this goes will depend on your needs. A small to medium organisation would want as a minimum to separate the apps (web) server from the DB server from the file storage, and if deploying in a virtual environment look to separate those loads at a physical level. It is worth considering duplicating the app and DB components for increased uptime, although if the file usage pattern is mostly download/update/upload the additional complexity may not be worth the effort.
build your DB server(s)
apt-get install postgresql postgresql-contrib postgresql-client rsync
Enable master/slave replication
Switch to the postgres user and create a key pair for it
su postgres ssh-keygen
Accept defaults and don't use a passphrase.
On the designated master server, create a replication user
Then enable the user to have the appropriate PostgreSQL security rights:
vi /etc/postgresql/9.5/main/pg_hba.conf
and add the line
host replication rep slave.ip.add.ress/32 md5
Then configure for replication
vi /etc/postgresql/9.5/main/postgresql.conf
uncomment and add the master server's IP in
listen_addresses = 'localhost,master.ip.add.ress'
uncomment and set
wal_level = hot_standby
archive_mode = on archive_command = 'cd .'
max_wal_senders = 10
Finally as root or with sudo, restart postgresql
service postgresql restart
On the designated slave, make the same configuration changes, substituting the master's IP address in pg_hba.conf and the slave's in postgresql.conf, then in postgresql.conf make the additional change of uncommenting and setting
hot_standby = on
following section may be deprecated after none-rsync initial DB propagation adopted
Then you'll need an exception for the user postgres on these servers i.e. using visudo add
postgres ALL=NOPASSWD: /usr/bin/rsync
and copy the master's public key
cat /var/lib/postgresql/.ssh/
to the slave
mkdir /var/lib/postgresql/.ssh vi /var/lib/postgresql/.ssh/authorized_keys chmod 600 /var/lib/postgresql/.ssh/authorized_keys
Then as root
service postgresql start
Prep for initial replication. On the master (noting version number in path may change on later installs)
su postgres rm -r /var/lib/postgresql/9.5/main/* pg_basebackup -U rep -D /var/lib/postgresql/9.5/main/ -X stream --write-recovery-conf -h master.ip.add.ress
Check the DBMS is up by connecting to it
su postgres psql
If you get an error running psql return to root and run
service postgresql restart
Then try connecting again.
Assuming no errors, leave the slave connected to the DBMS, switch to the master server (in another console) and as root do
su postgres psql CREATE TABLE rep_test (test varchar(40)); INSERT INTO rep_test VALUES ('fubar or not fubar');
Switch back to the slave server and check this has replicated
SELECT * FROM rep_test;
You should get a response like
test -------------------- fubar or not fubar (1 row)
If not, check you have carried out all the steps in these instructions and check logs for clues.
Create the base DB & allow web app access
Set up the database and user,
su postgres psql -d template1 CREATE USER yourdbuser CREATEDB; CREATE DATABASE nextcloud OWNER yourdbuser; \q exit
Edit PostgreSQL settings to allow local connections for yourdbuser to the nextcloud database:
vi /etc/postgresql/<version number>/main/pg_hba.conf
Adding a host line for each web/app server
host all yourdbuser webapp.ip.add.ress/32 md5
Then restart postgresql
service postgresql restart
Build web/app server
16.04 onwards (will need universe repository adding for some options)
apt-get install postfix apache2 libapache2-mod-php apt-get install php-gd php-json php-pgsql php-curl apt-get install php-intl php-mcrypt php-imagick apt-get install php-zip php-xml php-mbstring php-ldap
apt-get install apache2 libapache2-mod-php5 apt-get install php5-gd php5-json php5-pgsql php5-curl apt-get install php5-intl php5-mcrypt php5-imagick php5-ldap
Enable the Apache modules
a2enmod rewrite a2enmod headers a2enmod env a2enmod dir a2enmod mime a2enmod ssl a2ensite default-ssl
Prepare PHP to use PostgreSQL
Edit the PHP PostgreSQL configuration on all app/web servers
vi /etc/php(version)/apache2/conf.d/20-pgsql.ini
and append
[PostgresSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0
Configure the web core
Get the latest Nextcloud package by visiting, copying the download link and then
(being sure to use the link you just copied)
Also retrieve the relevant checksum (again changing the line to match the version you've downloaded)
Verify the download:
md5sum -c <
Assuming the download is verified successfully, unzip the archive
and then copy the resulting directory to the Apache root dir
mv nextcloud /var/www/
Create & enable the vhost. Unless you are using a SSL-enabled reverse proxy to front your Nextcloud server, you should also ensure the service is https only, and for neatness redirect any http to https.
vi /etc/apache2/sites-available/nextcloud.conf <VirtualHost *:443> ## nextcloud vhost settings ServerName your.fq.dn DocumentRoot /var/www/nextcloud ErrorLog ${APACHE_LOG_DIR}/nc-error.log CustomLog ${APACHE_LOG_DIR}/nc-access.log combined SSLEngine on SSLCertificateFile /etc/letsencrypt/<to be enabled via [[Certbot]] SSLCertificateKeyFile /etc/letsencrypt/<to be enabled via [[Certbot]] <Directory /var/www/nextcloud/> Options +FollowSymlinks AllowOverride All <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /var/www/nextcloud SetEnv HTTP_HOME /var/www/nextcloud </Directory> </VirtualHost>
cd /etc/apache2/sites-enabled ln -s ../etc/apache2/sites-available/nextcloud.conf
Change the default site non-SSL to be simply a redirect
vi /etc/apache2/sites-available/000-default.conf <VirtualHost> Redirect permanent / https://your.fq.dn/ </VirtualHost>
and restart Apache
service apache2 restart
Completing NextCloud installation
To complete the installation you need to temporarily set the nextcloud web directory permissions to be writable by the Apache user
chown -R www-data:www-data /var/www/nextcloud/
Now go the web interface to complete. Note that if using "local" as your DB connection then the host entry (last box) on the wizard database part should be the path to the DB:
and you should leave the password blank. Otherwise configure for your (master) DB server.
Assuming this completes successfully, you just need to create and run the following script to set the nextcloud directory permissions to a secure level:
vi fixperms #!/bin/bash ncpath='/var/www/nextcloud' htuser='www-data' htgroup='www-data' rootuser='root' printf "Creating possible missing Directories\n" mkdir -p $ncpath/data mkdir -p $ncpath/assets mkdir -p $ncpath/updater printf "chmod Files and Directories\n" find ${ncpath} -type f -print0 | xargs -0 chmod 0640 find ${ncpath} -type d -print0 | xargs -0 chmod 0750 printf "chown Directories\n" chown -R ${rootuser}:${htgroup} ${ncpath} chown -R ${htuser}:${htgroup} ${ncpath}/apps/ chown -R ${htuser}:${htgroup} ${ncpath}/assets/ chown -R ${htuser}:${htgroup} ${ncpath}/config/ chown -R ${htuser}:${htgroup} ${ncpath}/data/ chown -R ${htuser}:${htgroup} ${ncpath}/themes/ chown -R ${htuser}:${htgroup} ${ncpath}/updater/ chmod +x ${ncpath}/occ printf "chmod/chown .htaccess\n" if [ -f ${ncpath}/.htaccess ] then chmod 0644 ${ncpath}/.htaccess chown ${rootuser}:${htgroup} ${ncpath}/.htaccess fi if [ -f ${ncpath}/data/.htaccess ] then chmod 0644 ${ncpath}/data/.htaccess chown ${rootuser}:${htgroup} ${ncpath}/data/.htaccess fi
chmod +x fixperms ./fixperms
Enable SSL
Use Certbot to enable a trusted SSL certificate. If the NextCloud you're building is not available on a publicly registered domain name, you could just generate your own self-signed certificate.
Upgrade process (updater app)
With a simple install, the updater app will run through and complete the upgrade, notifying via the UI if there is any intervention needed e.g. if it finds files/folders in the NC tree it's not expecting. With a larger install, the updater app will take care of most steps, but for the final stage of upgrading the DB, you will need to complete with the occ command, by:
su - www-data -s /bin/bash -c 'php /path/to/nextcloud/occ upgrade'
(where www-data is your web server user)
Upgrade process (manual)
In NC11 the internal updater should be able to takeover the updating process but in the meantime a manual upgrade can be done following the below process.
Download the new version.
Put nextcloud into maintenance mode
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ maintenance:mode --on'
and stop your webserver
service apache2 stop
If using external storage for any of your data, unmount it now.
Download the latest version (but not more than one major version than is currently installed on the server) as per instructions above. If you do not have a recent backup of your installation, make one now. Separately make a copy of your current config to be safe.
cp config/config.php config/config.php.ours
Then rename your nextcloud directory
mv /var/www/nextcloud/ /var/www/nextcloud.old
unzip the new download and move the resulting nextcloud directory to your web root.
Move your config.php and data directory to the upgraded installation directory (and/remount any external storage in use)
mv nextcloud.old/config/config.php nextcloud/config/ mv nextcloud.old/data/ nextcloud/ service apache2 start
Fix permissions using the script described in the installation stages above and then run the upgrader. If manually upgrading to NC11 on 14.04 you'll need to Upgrade to PHP5.6
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ upgrade'
And assuming no errors from the upgrade process, turn maintenance mode off
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ maintenance:mode --off'