This is a concise tutorial, it is not meant to be a hand holding step by step guide. Please comment or contact me if you find errors.
Prerequisites:
Setup a domain/sub domain with an A record to the ip of the server or a CNAME to a “dynamic DNS” hostname. I recommend https://freedns.afraid.org.
The server needs to have ports 80 and 443 reachable to the public. The DNS must be propagated for letsencrypt to be successful.
Start the install
apt-get install apache2 mariadb-server libapache2-mod-fcgid php-fpm php php-gd php-json php-mysql php-curl php-mbstring php-intl php-imagick php-xml php-zip php-bz2 python3-certbot-apache php-apcu redis-server php-redis php-bcmath php-gmp ffmpeg curl coreutils libmagickcore-7.q16-10-extraDownload Nextcloud
wget https://download.nextcloud.com/server/releases/latest-31.tar.bz2Make sure the md5 matches
md5sum latest-31.tar.bz2curl https://download.nextcloud.com/server/releases/latest-31.tar.bz2.md5Extract the tar file and change permissions
tar xfv latest-31.tar.bz2mv nextcloud/ /var/www/example.com/
chown www-data:www-data -R /var/www/example.com/[Setup Apache]
Create a apache virtual site
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example.com.confedit /etc/apache2/sites-available/example.com.conf
uncomment and change
ServerName example.comchange the document root
DocumentRoot /var/www/example.comchange log location if you would like
ErrorLog ${APACHE_LOG_DIR}/example.com_error.log
CustomLog ${APACHE_LOG_DIR}/example.com_access.log combinedenable example.com in apache
a2ensite example.coma2enmod proxy_fcgi setenvif rewrite headers env dir mime userdir dav ssla2enconf php8.4-fpmservice apache2 restartSetup Letsencrypt
certbot --apache -d example.comtell it to redirect http to https
Edit /etc/apache2/sites-enabled/example.com-le-ssl.conf
<Directory /var/www/example.com/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>To avoid certain race conditions between the /etc/apache2/sites-available/example.com.conf and /etc/apache2/sites-available/000-default.conf
I prefer to remove example.com.conf and move the http->https redirect into the 000-default.conf
cat /etc/apache2/sites-available/example.com.conf
….snip…
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with “a2disconf”.
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost># vim: syntax=apache ts=4 sw=4 sts=4 sr noet
copy the rewrite rule at the bottom:
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] edit and paste into the default conf
vi /etc/apache2/sites-enabled/000-default.confThis is what 000-default.conf should look like
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>[Configure PHP]
edit /etc/php/8.4/fpm/php.inimemory_limit = 768M
upload_max_filesize = 1024M
post_max_size = 1024M
max_execution_time = 300[Create a database, user and password for nextcloud]
mariadb -uroot
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'PASSWORD';CREATE DATABASE IF NOT EXISTS nextcloud;GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON nextcloud.* TO 'nextcloud'@'localhost';FLUSH privileges;[Install Nextcloud]
run the installer at https://example.com/
[Setup Redis]
edit /etc/redis/redis.conf
Under the # Unix socket. section add the following
port 0
unixsocket /run/redis/redis-server.sock
unixsocketperm 770add www-data to redis group
usermod -a -G redis www-data
/etc/group will now have an entry like this “redis:x:119:www-data”
systemctl enable redis-serverAdd the following to /var/www/example.com/config/config.php
This is using APCu for memcache and Redis for distributed caching and file locking. Here we use a socket to connect to redis-server.
'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
'host' => '/run/redis/redis-server.sock',
'port' => 0,
],add the following to /etc/php/8.4/fpm/php.ini
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=200
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=10000
opcache.save_comments=1
opcache.revalidate_freq = 1systemctl restart redis-server
systemctl restart apache2add apc cli enabling line in here -> /etc/php/8.4/cli/php.ini
apc.enable_cli=1systemctl restart php8.4-fpm.service
[Setup cron for Nextcloud]
crontab -u www-data -e*/5 * * * * php -f /var/www/example.com/cron.phpdone;