- Published on
How to install a Nextcloud instance
- Authors
- Name
- mendo1024
- @mendo1024
Installing a secure and encrypted Nextcloud instance on a VM in the fastest possible way.
This how-to is part of a bigger guide Building the secured self-hosted Nextcloud, which is about creating an encrypted and SIEM monitored Nextcloud instance.
According to Nextcloud System Requirements, the most recommended operating system is Ubuntu 22.04 TLS, which comes with an option to install Nextcloud during the installation via the snap feature. Since we might not have full control over physical access to our hardware, we turn full encryption on, even at the cost of manually entering password during each Nextcloud VM boot.
Installation
- Set type of installation to 'Ubuntu Server (minimized)'.
- Select the 'Encrypt LVM pool with LUKS' option in the 'Guided storage configuration' and set a strong passphrase:
- Set the size of ubuntu-lv to maximum possible value:
- Enable OpenSSH server installation:
- Select Nextcloud to be installed and configured with all its components using the snap:
Once the installation is completed, set up Nextcloud admin account:
sudo nextcloud.manual-install admin some_superstrong_password
Waiting for PHP... done
Waiting for Nextcloud to be configured... done
Nextcloud was successfully installed
Set your domain as a 'trusted domain' to prevent HTTP host header attacks:
sudo nextcloud.occ config:system:set trusted_domains 1 --value=example.com
System config value trusted_domains => 1 set to string example.com
Install Ubuntu firewall ufw, filter out all ports except ssh, http and https and dont' forget to enable it afterwards:
sudo apt -y install ufw
sudo ufw allow 22,80,443/tcp
sudo ufw enable
SSL by Let`s Encrypt
On the Nextcloud, turn on SSL service using a certificate generated with Let's Encrypt:
sudo nextcloud.enable-https lets-encrypt
...
Attempting to obtain certificates... done
Restarting apache... done
Now we should have Nextcloud instance running on both our domain and reachable from the internet.