Installing and testing Nextcloud

Let's Encrypt

Next on the agenda is creating access to the server via the Internet, and procuring an SSL certificate from Let's Encrypt to secure the connection. The first step here is to forward ports 80 (HTTP) and 443 (HTTPS) from your router to the server. You also will need a static DynDNS address so that the local network is always accessible in the future. Typically, an Internet service provider assigns a new Internet address for each dial-up. The free DynDNS service [6] assumes absolutely necessary tasks, like logging in each month to the web interface, making the process of maintaining remote access to a user's computer and devices far less stressful.

Please note that every router is different, in general, you would log in to your router and look for a Port forwarding or Port Mapping menu. You will be asked for the internal IP address of your server, the protocol (TCP or UDP – you need TCP) and public ports that need to be forwarded there (80 and 443), and the internal ports the server will be receiving information on (also 80 and 443). If your server is on 192.168.1.112 , for example, you would create two entries in the table, one with 192.168.1.112 , TCP , 80 (public port on the router) and 80 (internal port on the server), and another with 192.168.1.112 , TCP , 443 (public port on the router) and 443 (internal port on the server).

The majority of modern routers also come with a Dynamic DNS option that allows you to access your cloud from the Internet without having to remember your public IP address. Also, if you have a dynamic IP (as most of us do), the DynDNS service will keep track of that and resolve access to the server transparently. The downside is that most of these services are not free.

Use the form in your router to fill in details provided by your DynDNS provider (Figure 1). To test the setup, call the test site for the newly installed webserver using the DynDNS address. This will be an address that, if you are using the sample DynDNS service, looks like like this: http://<example>.ddns.net (Figure 2).

Figure 1: No-IP offers up to three free dynamic DNS names for your server.

Figure 2: The dynamic DNS data into your router.

Now you need to add a Let's Encrypt certificate to the web server. First, install the python-letsencrypt-apache package and generate the certificate (Listing 6). The URL corresponds to the previously created DynDNS address. The dialog box for choosing the mode (Figure 3) causes the web server to route all queries automatically over the encrypted HTTPS protocol (Secure ), or you must explicitly call the HTTPS address (Easy ). For purposes of individual security, the better choice is the Secure method. Using the

$ sudo apt install python-letsencrypt-apache
$ sudo letsencrypt --apache
$ sudo letsencrypt renew --dry-run --agree-tos

Figure 3: To achieve optimal security, configure Let's Encrypt so that it routes all connections via HTTPS (the Secure option).

renew --dry-run --agree-tos

command, you can then check to see whether the certificate, which is only valid for 30 days, can be properly updated. Typically the system does not generate any error messages.

Ideally, Let's Encrypt should automatically renew the certificate. Therefore, you should install a system timer to make sure this happens. To do this, first go to the /etc/systemd/system directory and create the files letsencrypt.service and letsencrypt.timer using the first two commands in Listing 7. You can see the contents for the files in Listings 8 and 9. Save and close your editor. The service assumes the actual task of renewing the certificate and causes the web server to reload its settings once renewal has taken place so that it is also accepted. The timer unit then automatically executes the Let's Encrypt service once each day.

$ sudo nano /etc/systemd/system/letsencrypt.service
$ sudo nano /etc/systemd/system/letsencrypt.timer
$ sudo systemctl enable letsencrypt.timer
$ systemctl list-timers --all | grep letsencrypt
Mi 2016-06-22 00:00:00 CEST 12h left n/a n/a letsencrypt.timer letsencrypt.service

[Unit]
Description=Let's Encrypt renewal service
[Service]
Type=oneshot
ExecStart=/usr/bin/letsencrypt renew
ExecStartPost=/bin/systemctl reload apache2

[Unit]
Description=Daily renewal timer of Let's Encrypt's certificates
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target

Nextcloud

Nextcloud comes in either a TAR BZ2 or ZIP archiving format. Listing 10 shows how you can download, uncompress, and install the files. Once downloaded, extract the file to the root directory of the web server at /var/www and then transfer the rights to the data under /var/www/nextcloud to the www-data system user. Alternatively, the project homepage [7] offers the archive with PHP source code for the program.

$ wget https://download.nextcloud.com/server/releases/nextcloud-9.0.50.tar.bz2
$ sudo tar xf nextcloud*.bz2 -C /var/www
$ sudo chown -R www-data.www-data /var/www/nextcloud

You can then install a virtual host so that the Apache web server can access the data. To do this, create the configuration file nextcloud.conf as shown in Listing 11 and put it in the /etc/apache2/sites-available directory. Then execute the commands

Alias /nextcloud "/var/www/nextcloud/"
<Directory /var/www/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All
  <IfModule mod_dav.c>
    Dav off
  </IfModule>
  SetEnv HOME /var/www/nextcloud
  SetEnv HTTP_HOME /var/www/nextcloud
</Directory>

$ sudo a2ensite nextcloud
$ sudo service apache2 reload

These commands activate the virtual host and reload the configuration for the web server. It should now be possible to access the Nextcloud installation with the browser at http://<example>.ddns.net/nextcloud (Figure 4).

Figure 4: Once installation is complete, use the Nextcloud configuration wizard to install access to the database server.

The setup wizard asks you to enter the access data for the first administrative user. Farther down, you also enter the data assigned to the MariaDB server localhost as part of the LAMP stack installation for the database host. In the example configuration, this would be nextcloud for "Database user" and "Database name." Finally, enter the password chosen for the Nextcloud user of the database. Clicking on Finish setup transfers the settings to the configuration, then the browser will automatically take you to the Nextcloud home (Figure 5). To get started with the setup, open the Admin settings from the drop-down menu under your username. Here, you can also see potential problems in the web server configuration (Figure 6). (Also see the "Optimizing" box.)

,memcache.local' => ,\OC\Memcache\APC'

[...]
 ,installed' => true,
 ,memcache.local' => ,\OC\Memcache\APCu',
);

Figure 5: The web interface for Nextcloud still resembles that of its predecessor, ownCloud. The system can be used immediately once installation is complete.

Figure 6: Access to the settings used for installing the system is restricted to the system administrator. These settings contain helpful information about problems that can occur during installation.