Skip to main content

How To Install and Configure Nextcloud on Ubuntu 20.04

 

Introduction

Nextcloud, a fork of ownCloud, is a file sharing server that permits you to store your personal content, like documents and pictures, in a centralized location, much like Dropbox. The difference with Nextcloud is that all of its features are open-source. It also returns the control and security of your sensitive data back to you, thus eliminating the use of a third-party cloud hosting service.

In this tutorial, we will install and configure a Nextcloud instance on an Ubuntu 20.04 server.

Prerequisites

In order to complete the steps in this guide, you will need the following:

  • A non-root** sudo-enabled user and firewall configured on your server**: You can create a user with sudo privileges and set up a basic firewall by following the Initial Server Setup with Ubuntu 20.04.
  • (Optional) A domain name pointed to your server: We will be securing connections to the Nextcloud installation with TLS/SSL. Nextcloud can set up and manage a free, trusted SSL certificate from Let’s Encrypt if your server has a domain name. If not, Nextcloud can set up a self-signed SSL certificate that can encrypt connections, but won’t be trusted by default in web browsers. If you are using DigitalOcean, you can read our DNS documentation to learn how to add domains to your account and manage DNS records, if you intend to use Let’s Encrypt.

Once you have completed the above steps, continue on to learn how to set up Nextcloud on your server.

Step 1 – Installing Nextcloud

We will be installing Nextcloud using the Snap packaging system. This packaging system, available on Ubuntu 20.04 by default, allows organizations to ship software, along with all associated dependencies and configuration, in a self-contained unit with automatic updates. This means that instead of installing and configuring a web and database server and then configuring the Nextcloud app to run on it, we can install the snap package which handles the underlying systems automatically.

To download the Nextcloud snap package and install it on the system, type:

  • sudo snap install nextcloud
 

The Nextcloud package will be downloaded and installed on your server. You can confirm that the installation process was successful by listing the changes associated with the snap:

  • snap changes nextcloud
 
Output
ID Status Spawn Ready Summary 4 Done today at 16:12 UTC today at 16:12 UTC Install "nextcloud" snap

The status and summary indicate that the installation was completed without any problems.

Getting Additional Information About the Nextcloud Snap

If you’d like some more information about the Nextcloud snap, there are a few commands that can be helpful.

The snap info command can show you the description, the Nextcloud management commands available, as well as the installed version and the snap channel being tracked:

  • snap info nextcloud
 

Snaps can define connections they support, which consist of a slot and plug that, when hooked together, gives the snap access to certain capabilities or levels of access. For instance, snaps that need to act as a network client must have the network connection. To see what snap connections this snap defines, type:

  • snap connections nextcloud
 
Output
Interface Plug Slot Notes network nextcloud:network :network - network-bind nextcloud:network-bind :network-bind - removable-media nextcloud:removable-media - -

To learn about all of the specific services and apps that this snap provides, you can take a look at the snap definition file by typing:

  • cat /snap/nextcloud/current/meta/snap.yaml
 

This will allow you to see the individual components included within the snap, if you need help with debugging.

Step 2 – Configuring an Administrative Account

There are a few different ways you can configure the Nextcloud snap. In this guide, rather than creating an administrative user through the web interface, we will create one on the command line in order to avoid a small window where the administrator registration page would be accessible to anyone visiting your server’s IP address or domain name.

To configure Nextcloud with a new administrator account, use the nextcloud.manual-install command. You must pass in a username and a password as arguments:

  • sudo nextcloud.manual-install sammy password
 

The following message indicates that Nextcloud has been configured correctly:

Output
Nextcloud was successfully installed

Now that Nextcloud is installed, we need to adjust the trusted domains so that Nextcloud will respond to requests using the server’s domain name or IP address.

Step 3 – Adjusting the Trusted Domains

When installing from the command line, Nextcloud restricts the host names that the instance will respond to. By default, the service only responds to requests made to the “localhost” hostname. We will be accessing Nextcloud through the server’s domain name or IP address, so we’ll need to adjust this setting to accept these type of requests.

You can view the current settings by querying the value of the trusted_domains array:

  • sudo nextcloud.occ config:system:get trusted_domains
 
Output
localhost

Currently, only localhost is present as the first value in the array. We can add an entry for our server’s domain name or IP address by typing:

  • sudo nextcloud.occ config:system:set trusted_domains 1 --value=example.com
 
Output
System config value trusted_domains => 1 set to string example.com

If we query the trusted domains again, we will see that we now have two entries:

  • sudo nextcloud.occ config:system:get trusted_domains
 
Output
localhost example.com

If you need to add another way of accessing the Nextcloud instance, you can add additional domains or addresses by rerunning the config:system:set command with an incremented index number (the “1” in the first command) and adjusting the --value.

Step 4 – Securing the Nextcloud Web Interface with SSL

Before we begin using Nextcloud, we need to secure the web interface.

If you have a domain name associated with your Nextcloud server, the Nextcloud snap can help you obtain and configure a trusted SSL certificate from Let’s Encrypt. If your Nextcloud server does not have a domain name, Nextcloud can configure a self-signed certificate which will encrypt your web traffic but won’t be automatically trusted by your web browser.

With that in mind, follow the section below that matches your scenario.

Option 1: Setting Up SSL with Let’s Encrypt

If you have a domain name associated with your Nextcloud server, the best option for securing your web interface is to obtain a Let’s Encrypt SSL certificate.

Start by opening the ports in the firewall that Let’s Encrypt uses to validate domain ownership. This will make your Nextcloud login page publicly accessible, but since we already have an administrator account configured, no one will be able to hijack the installation:

  • sudo ufw allow 80,443/tcp
 

Next, request a Let’s Encrypt certificate by typing:

  • sudo nextcloud.enable-https lets-encrypt
 

You will first be asked whether your server meets the conditions necessary to request a certificate from the Let’s Encrypt service:

Output
In order for Let's Encrypt to verify that you actually own the domain(s) for which you're requesting a certificate, there are a number of requirements of which you need to be aware: 1. In order to register with the Let's Encrypt ACME server, you must agree to the currently-in-effect Subscriber Agreement located here: https://letsencrypt.org/repository/ By continuing to use this tool you agree to these terms. Please cancel now if otherwise. 2. You must have the domain name(s) for which you want certificates pointing at the external IP address of this machine. 3. Both ports 80 and 443 on the external IP address of this machine must point to this machine (e.g. port forwarding might need to be setup on your router). Have you met these requirements? (y/n)

Type y to continue.

Next, you will be asked to provide an email address to use for recovery operations:

Output
Please enter an email address (for urgent notices or key recovery):

Enter your email and press Enter to continue.

Finally, enter the domain name associated with your Nextcloud server:

Output
Please enter your domain name(s) (space-separated): example.com

Your Let’s Encrypt certificate will be requested and, provided everything went well, the internal Apache instance will be restarted to immediately implement SSL:

Output
Attempting to obtain certificates... done Restarting apache... done

You can now skip ahead to the next step to sign into Nextcloud for the first time.

Option 2: Setting Up SSL with a Self-Signed Certificate

If your Nextcloud server does not have a domain name, you can still secure the web interface by generating a self-signed SSL certificate. This certificate will allow access to the web interface over an encrypted connection, but will be unable to verify the identity of your server, so your browser will likely display a warning.

To generate a self-signed certificate and configure Nextcloud to use it, type:

  • sudo nextcloud.enable-https self-signed
 
Output
Generating key and self-signed certificate... done Restarting apache... done

The above output indicates that Nextcloud generated and enabled a self-signed certificate.

Now that the interface is secure, open the web ports in the firewall to allow access to the web interface:

  • sudo ufw allow 80,443/tcp
 

You are now ready to log into Nextcloud for the first time.

Step 5 – Logging in to the Nextcloud Web Interface

Now that Nextcloud is configured, visit your server’s domain name or IP address in your web browser:

https://example.com

Note: If you set up a self-signed SSL certificate, your browser may display a warning that the connection is insecure because the server’s certificate is not signed by a recognized certificate authority. This is expected for self-signed certificates, so feel free to click through the warning to proceed to the site.

Since you have already configure an administrator account from the command line, you will be taken to the Nextcloud login page. Enter the credentials you created for the administrative user:

Nextcloud login page

Click the Log in button to log in to the Nextcloud web interface.

The first time you enter, a window will be displayed with some introductory text and links to various Nextcloud clients that can be used to access your Nextcloud instance:

Nextcloud client modal

Click through to download any clients you are interested in, or exit out of the window by clicking the X in the upper-right corner. You will be taken to the main Nextcloud interface, where you can begin to upload and manage files:

Nextcloud main page

Your installation is now complete and secured. Feel free to explore the interface to get more familiarity with the features and functionality of your new system.

Conclusion

Nextcloud can replicate the capabilities of popular third-party cloud storage services. Content can be shared between users or externally with public URLs. The advantage of Nextcloud is that the information is stored securely in a place that you control.

For additional functionality, take a look at Nextcloud’s app store, where you can install plugins to extend the service’s capabilities.

Comments

Popular posts from this blog

CKA Simulator Kubernetes 1.22

  https://killer.sh Pre Setup Once you've gained access to your terminal it might be wise to spend ~1 minute to setup your environment. You could set these: alias k = kubectl                         # will already be pre-configured export do = "--dry-run=client -o yaml"     # k get pod x $do export now = "--force --grace-period 0"   # k delete pod x $now Vim To make vim use 2 spaces for a tab edit ~/.vimrc to contain: set tabstop=2 set expandtab set shiftwidth=2 More setup suggestions are in the tips section .     Question 1 | Contexts Task weight: 1%   You have access to multiple clusters from your main terminal through kubectl contexts. Write all those context names into /opt/course/1/contexts . Next write a command to display the current context into /opt/course/1/context_default_kubectl.sh , the command should use kubectl . Finally write a second command doing the same thing into /opt/course/1/context_default_no_kubectl.sh , but without the use of k

OWASP Top 10 Threats and Mitigations Exam - Single Select

Last updated 4 Aug 11 Course Title: OWASP Top 10 Threats and Mitigation Exam Questions - Single Select 1) Which of the following consequences is most likely to occur due to an injection attack? Spoofing Cross-site request forgery Denial of service   Correct Insecure direct object references 2) Your application is created using a language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application? Injection   Correct Insecure direct object references Failure to restrict URL access Insufficient transport layer protection 3) Which of the following scenarios is most likely to cause an injection attack? Unvalidated input is embedded in an instruction stream.   Correct Unvalidated input can be distinguished from valid instructions. A Web application does not validate a client’s access to a resource. A Web action performs an operation on behalf of the user without checking a shared sec