Objective
Deploy Nextcloud, a private cloud solution for file storage, sharing and synchronisation. Open-source alternative to Google Drive, Dropbox or OneDrive.
Nextcloud also provides collaborative features: online document editing, calendar, contacts, video conferencing.
Prerequisites
- Functional LAMP stack (Apache, PHP, MariaDB)
- Debian 11 / Ubuntu server
- Minimum 2 GB RAM (4 GB recommended)
- Minimum 20 GB available disk space
- Root or sudo access
- PHP 7.4 or higher
Full Procedure
Step 1: Download Nextcloud
Navigate to the web directory and download the latest release:
cd /var/www wget https://download.nextcloud.com/server/releases/latest.tar.bz2
Note: This URL always points to the latest stable release. For a specific version (e.g. 28.0.1), replace
latest with the exact version number.
Verify the download:
ls -lh latest.tar.bz2
Step 2: Extract the archive
tar -xjf latest.tar.bz2
tar option explanations:
-x: extract-j: bzip2 decompression-f: specify the file
This creates a /var/www/nextcloud directory.
Step 3: Set permissions
Assign proper ownership to the web server:
chown -R www-data:www-data /var/www/nextcloud chmod -R 755 /var/www/nextcloud
Remove the archive to free up space:
rm /var/www/latest.tar.bz2
Step 4: Create the database
Connect to MariaDB:
mysql -u root -p
Create the dedicated database and user:
CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; CREATE USER 'ncuser'@'localhost' IDENTIFIED BY 'Nc_P@ssw0rd_2024_Secure!'; GRANT ALL PRIVILEGES ON nextcloud.* TO 'ncuser'@'localhost'; FLUSH PRIVILEGES; EXIT;
Details:
- utf8mb4: full UTF-8 encoding (emoji and special characters support)
- ncuser: dedicated MySQL user for Nextcloud
- Password: use a strong password (12+ characters, uppercase, lowercase, digits, symbols)
Step 5: Install required PHP modules
Nextcloud requires many PHP modules:
apt install php-gd php-mysql php-curl php-mbstring php-intl php-gmp php-bcmath php-imagick php-xml php-zip php-bz2 php-apcu -y
PHP module functions:
| Module | Function |
|---|---|
| php-gd | Image processing (thumbnails, previews) |
| php-mysql | Database connection |
| php-curl | URL-based data transfers |
| php-mbstring | Multi-byte string handling |
| php-intl | Internationalization (i18n) |
| php-gmp | Arbitrary precision arithmetic |
| php-bcmath | Arbitrary precision mathematics |
| php-imagick | Advanced image manipulation (ImageMagick) |
| php-xml | XML processing |
| php-zip | ZIP compression/decompression |
| php-bz2 | bzip2 compression |
| php-apcu | PHP memory cache (performance) |
Step 6: Configure PHP
Edit the PHP configuration file for Apache:
nano /etc/php/7.4/apache2/php.ini
Modify the following directives (use Ctrl+W to search):
memory_limit = 512M upload_max_filesize = 512M post_max_size = 512M max_execution_time = 300 date.timezone = Europe/Paris
Note: Adjust
Full list: https://www.php.net/manual/en/timezones.php
date.timezone to your geographical timezone.Full list: https://www.php.net/manual/en/timezones.php
Save and quit (Ctrl+O, Enter, Ctrl+X)
Step 7: Configure Apache
Create a Virtual Host for Nextcloud:
nano /etc/apache2/sites-available/nextcloud.conf
File contents:
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /var/www/nextcloud ServerName nextcloud.example.com <Directory /var/www/nextcloud/> Options +FollowSymlinks AllowOverride All Require all granted <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /var/www/nextcloud SetEnv HTTP_HOME /var/www/nextcloud </Directory> ErrorLog ${APACHE_LOG_DIR}/nextcloud_error.log CustomLog ${APACHE_LOG_DIR}/nextcloud_access.log combined </VirtualHost>
Important: Replace
nextcloud.example.com with your domain name or the server IP address for testing.
Enable required Apache modules:
a2enmod rewrite a2enmod headers a2enmod env a2enmod dir a2enmod mime
Enable the Nextcloud site:
a2ensite nextcloud.conf
Disable the default site (optional but recommended):
a2dissite 000-default.conf
Restart Apache:
systemctl restart apache2
Step 8: Initial configuration via the web interface
Access Nextcloud via browser:
http://SERVER_IP_ADDRESS
Installation wizard:
The Nextcloud installation interface appears automatically on first access.
The Nextcloud installation interface appears automatically on first access.
Fill in the form:
- Administrator username: admin
- Administrator password: [strong password]
- Data directory: /var/www/nextcloud/data (default)
- Configure the database:
- Type: MySQL/MariaDB
- User: ncuser
- Password: Nc_P@ssw0rd_2024_Secure!
- Database name: nextcloud
- Host: localhost
- Click "Finish setup"
Installation duration: Setup can take 2 to 5 minutes depending on server performance.
Verification
Nextcloud access test
After installation, the Nextcloud interface should display the dashboard.
PHP module verification
php -m | grep -E '(gd|curl|zip|xml|intl|gmp|bcmath)'
All modules should appear in the list.
Verification from the Nextcloud interface
Go to Settings (user icon, top right) → Overview
This page shows any configuration warnings.
File upload test
- Click the "+" icon at the top
- Select "Upload file"
- Choose a test file
- Verify it appears in the list
File sharing test
- Click on a file
- Click the share icon (three connected dots)
- Generate a public share link
- Test the link in a private browsing window
Apache log verification
tail -f /var/log/apache2/nextcloud_error.log
Should not display any critical errors.
Nextcloud log verification
tail -f /var/www/nextcloud/data/nextcloud.log
Advanced Configuration (optional)
Enable memory cache (APCu)
Edit the Nextcloud configuration file:
nano /var/www/nextcloud/config/config.php
Add before the closing ); line:
'memcache.local' => '\OC\Memcache\APCu',
Configure cron (scheduled tasks)
Nextcloud recommends using cron rather than AJAX:
crontab -u www-data -e
Add the following line:
*/5 * * * * php -f /var/www/nextcloud/cron.php
Enable cron in the Nextcloud interface:
Settings → Administration → Basic settings → Select Cron
Database optimisation
sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices sudo -u www-data php /var/www/nextcloud/occ db:convert-filecache-bigint
Security and Limitations
HTTPS configuration (SSL/TLS)
IMPORTANT: In production, Nextcloud MUST be accessible via HTTPS.
Use Let's Encrypt (Certbot) for a free SSL certificate.
Use Let's Encrypt (Certbot) for a free SSL certificate.
apt install certbot python3-certbot-apache -y certbot --apache -d nextcloud.example.com
Securing config.php
chmod 640 /var/www/nextcloud/config/config.php chown www-data:www-data /var/www/nextcloud/config/config.php
Disable directory listing
Edit /etc/apache2/apache2.conf and ensure:
Options -Indexes
Limitations of this installation (BTS level)
Minimal configuration (not production-grade):
- No HTTPS configured (mandatory in production)
- No automatic backup system
- No high availability (load balancing, clustering)
- No server-side file encryption
- No monitoring system (Prometheus, Grafana)
- Two-factor authentication (2FA) not enabled by default
- No reverse proxy (Nginx, Traefik)
Security recommendations
- Enable two-factor authentication (2FA): install the "Two-Factor TOTP Provider" application
- Configure regular backups (/var/www/nextcloud/data and database)
- Restrict login attempts (built-in brute force protection)
- Update Nextcloud regularly
- Monitor logs regularly
Key Points for the BTS Oral
- Nextcloud: open-source private cloud solution (alternative to Google Drive)
- Architecture: LAMP (Linux, Apache, MariaDB, PHP)
- Features: storage, sharing, synchronisation, collaborative editing
- Security: encryption, strong authentication (2FA), granular access control
- Integration: can connect to LDAP/Active Directory (see procedure 05)
- Scalability: supports thousands of users with the right architecture
- Applications: rich ecosystem (Talk, Calendar, Contacts, OnlyOffice, Collabora)