Disclaimer: As always, my blogs are not supposed to be a well-written piece of technical literature but instead a better-than-crap version of a messy notepad. I hope it’s clear enough to help someone other than myself but I always check them to make sure at least I can understand it, ha.
It seems that there is a nice blog written and that Nextcloud (NC) is also a ‘snap’ to install on a server.
At some point in the process of learning this I assumed you had to install either NGINX or APACHE2 but, apparently it comes packaged with Apache and no one told me. So good news. Now you know. The other cool thing I learned is that it comes with its own LetsEncrypt easy-installer thing…
I noticed the blog starts by assuming you know how to create a sudo user and do your firewall stuff but let’s not assume that because probably there are others out there like me. Thankfully I’ve already written this for myself elsewhere so I’ll be able to paste those instructions right in this instructional as the first few “Big Steps”.
I will follow this nice blog
Any time you see ‘220.127.116.11’ this is your IP address for your server. Replace it with your actual one, of course.
You should also have a nice password manager set up to save yourself much time and pain as you learn. I recommend keepasxc
Let’s get started
Big Step 1 – Set up the Digital Ocean Droplet
- Make sure you already have a domain purchased and reserved for your needs. This is optional but I will assume you’re doing this for tutorial.
- Initiate your server / droplet
I won’t give detailed instructions here because there is lots of documentation out there. I selected one with 2GB of ram (at time of writing it’s $10.00 uSD /month for this) only because the teacher recommended it. I didn’t research hardware specs and what I should do. Your needs may be different. I know using Nextcloud Talk uses a bit of RAM but not sure how much for a large conference.. worth investigating perhaps? I might also recommend calling your subdomain ‘nc’ instead of ‘files’ like I did in my example since you might do much more than ‘files’ with NC. “office.domain” or ‘nc.domain’ or ‘cloud.domain’ might make more sense?
- In your domain registrar, point your domain to your server’s name host. In my case it will be digital ocean’s which I will pull from the ‘networking’ section after adding the domain to Digital Ocean. In my case I already had a test domain setup, so what I did was set up a subdomain called “files.domain.com”. The reason you want to do this right away is because
- Set up your SSH keys
Before you install the droplet, make sure your SSH keys are set up properly because you are going to use them a lot in the terminal. Here is some ssh tutorial. Note that it’s a little hard for me to find SSH stuff in the DO backend so for the records it’s at settings / security and then a tab (I think…). If you already have a DO space and SSH keys setup, you are already ready and can use those keys again.
- SSH into your new server
Note 1: Normally at this point when I install a server I do the usual
sudo apt update and
sudo apt upgrade but the main install script for Postal does this for you it seems.
But… you don’t have a sudo user yet so here you go:
Big Step 2 – Make a sudo (non-root super user) user
Set up a non-root user account on the server
This is a nice detailed tutorial on this if you’d like here.
Otherwise, this summaries it:
- Log into the server as root:
- Make sysadmin user (you can name it what you’d like and don’t have to use ‘sysadmin’):
adduser sysadminand follow the prompts (should be password prompt and then a few questions)
- Add new user to the sudo list:
sudo usermod -aG sudo sysadmin
- Switch to new sysadmin user:
- (Optional) Test the new-found powers by running this and then cancelling:
sudo dpkg-reconfigure tzdata
- If this last part worked (and conveniently also set up your time stuff!) then you should be good to move forward with your new non-root user.
If you find you are not getting prompted for the questions after running the
adduser command, it might be because you accidentally ran
useradd command like me… weird how it works both ways…
From here, follow this blog again and make sure you follow his exact firewall rules. The SSH is already done but the rest seem to be an updated way of doing it, and when I was trying the older way I had nothing but headaches.
I would add these notes to go with the end of his blog where he is talking about checking the non-root user. This is how I had to think about it:
- To be sure non-root user is working before logging out as root, open new terminal window (so both are open)
- Try to log in with your new non-root user with
- If successful, log out of your root user and continue and you can close the original root terminal window
Big Step 3 – Checking the Ports
Just before beginning the install of Nextcloud via snap, just take a minute to check your ports. I wasted the good part of a day over this.
Before moving on, take a moment to check your ports with a website like this and make sure at least 443 and 80 are open for all the domains you have set up for this box and also the IP address.
Big Step 4 – Follow the Nextcloud Install blog!
Thankfully the same author as the blog above also wrote a blog on how to install the Nextcloud snap. I tried other blogs but they were all dying and I think it’s because something has changed between ubuntu 18.04 and 20.04… not sure, but this nextcloud setup blog was the only one that worked for me.
Some of my notes to go with his great blog:
- I liked the idea of using a command line to covertly create the user / pass for master admin account, rather than exposing that to the internet and hope no one lands there before you do. It shows that all you have to do is run this:
sudo nextcloud.manual-install <username> <password>
sudo nextcloud.manual-install sammy password
However, when I ran it it hung and never finished:
sysadmin@files:/root$ sudo nextcloud.manual-install sammy password
Well, it turns out there must have been something ‘weird’ with the auto-generated password I had. It was loaded with special characters so perhaps one of those characters was not acceptable to the NC database? Not sure, but after I removed special characters from the password (not advised!) it worked fine with the syntax above.
Otherwise, you can go to the non-https web page and configure the admin account yourself via the gui.
Note this: Another way to deal with trusted_domains list
I would also add these notes to go with the ‘trusted_domains’ conversation in the blog. This was a bit new to me and caused me a few headaches over the last few weeks so I wanted to leave a record of ‘another way’ to deal with them.
I was greeted with this issue which i needed to solve.
The blog above has the very simple-looking command to add trusted domains to a list that will allow access to the nextcloud instance. The command is as follows:
sudo nextcloud.occ config:system:set trusted_domains 1 --value=example.com
What was not taught here is what’s going on though. the 1 is the array number that gets logged in a php file somewhere in Whoknowswhereville, USA, so for each one that you add (ie www, ip address, main domain, etc,) be sure to incremement it by one.
The defaul 0 will be ‘localhost’ so start with 1 and work up from there. Note also that you must have all the spaces verbatim. If you don’t have a space after the trusted_domains and after the 1, for example, you’ll have to
sudo nano edit your mistake out, ha. So choose your poison. I find the
sudo nano method below just as easy now that I know how to do it but I think the this one line command is great too if you are slow and steady.
Without further adoo, if you goof up a trusted_domain entry, you can manually edit the whole thing in the php array.
It took me a while, but I finally found it here:
The file is called ‘config.php’ and to edit it you can just do this and scroll down to the ‘trusted_domains’ array and type them in following the local host example:
sudo nano /var/snap/nextcloud/current/nextcloud/config/config.php
After adding the trusted_domains, I was able to access my NC instance.
Big Step 5 – Secure up the traffic with LetsEncrypt!
Make sure your firewall stuff is done – hint.
Here’s a key lesson: this bad boy doesn’t work with ‘regular lets encrypt’ installation method so if you are in the habit of installing them, slow down and stop. This is the command for installing it with the NC snap:
sudo nextcloud.enable-https lets-encrypt
This was thanks to the blog
But before you actually run that command above, let’s revert back to our friend’s blog above and open up the necessary ports:
sudo ufw allow 80,443/tcp
now go ahead and run the let’s encrypt command above and follow along in the blog to make sure you’re doing it right.
Did you get a failed letsencrypt attempt like I did one time? With a message like this?
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
If so, you probably have a closed port. See my warnings above.
Big Step 6 – Enjoy
Probably there are some great blogs out there for actually using NC but at least now you can go to your domain and get started.
Have a nice day!