/ nginx, raspberry pi

Installing LEMP & NextCloud on a Raspberry Pi running Ubuntu 16.04

This is a thrown tutorial mostly from here and here, I have been piecing together from tutorials about how to do this so I thought I'd share the steps I took to install NextCloud.

Section 1: First get your Rasberry Pi setup with ssh and take it through the inital setup steps until you have ssh setup and connected. There are plenty of websites that have that tutorial so go ahead and find one.

Section 2: Start by signing up for a dynamic DNS service like NoIP. If you use NoIP go through their documentation for setting up their app on linux. Also make sure you forward ports 80 and 443 on your router.

Section 3: Setup & Install dependencies

Download & Install NextCloud

wget https://download.nextcloud.com/server/releases/latest.zip
sudo apt install unzip
unzip nextcloud-latest.zip

Lets move the NextCloud directory to the doc root of Nginx:

sudo mv nextcloud /usr/share/nginx/

Give it permissions like so:

sudo chown www-data:www-data /usr/share/nginx/nextcloud/ -R
  1. We are going to start installing some of the dependencies. Start by updating

    sudo apt-get update
    sudo apt-get upgrade

  2. Install and start Nginx, and have it start on boot

    sudo systemctl enable nginx
    sudo systemctl start nginx
    sudo systemctl enable nginx

    Here are more commands if you need to deal with Nginx:
    Check if Nginx is running

     systemctl status nginx
    

    Stop then start Nginx

     sudo systemctl restart nginx
    

    Start nginx at boot

     sudo systemctl enable nginx
    
  3. Configure MariaDB
    Install, start and have MariaDB start on boot:

    sudo apt install mariadb-server mariadb-client
    sudo systemctl start mysql
    sudo systemctl enable mysql
    

    When you are done with the install you still need to run the SQL startup scrypt:

    sudo /usr/bin/mysql_secure_installation
    

    Login to the MariaDB with the following:

    mysql -u root -p
    

    Create a database for NextCloud:

    create database nextcloud;
    

    Create a user and a password for that user:

    create user nextclouduser@localhost identified by 'your-password';
    

    Grand that user privileges:

    grant all privileges on nextcloud.* to nextclouduser@localhost identified by 'your-password';
    

Flush privileges and exit:

  flush privileges;
  exit;
  1. Install php7 and extensions

    sudo apt install php7.0-fpm php7.0-mbstring php7.0-xml php7.0-mysql php7.0-common php7.0-gd php7.0-json php7.0-cli php7.0-curl
    

    Edit your php config

     sudo nano /etc/php/7.0/fpm/pool.d/www.conf
    

    Find the line that starts with listen and make it look like this:

    ;listen = 127.0.0.1:9000
    listen = /var/run/php5-fpm.sock
    

    Reload php

     sudo service php7.0-fpm reload
    
  2. Create an Nginx config file in /etc/nginx/conf.d/

       sudo nano /etc/nginx/conf.d/nextcloud.conf
    

Paste this as your config. Replace your domain with your noip domain

server {
    listen 80;
    server_name nextcloud.your-domain.com;

    # Add headers to serve security related headers
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    # Path to the root of your installation
    root /usr/share/nginx/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
       return 301 $scheme://$host/remote.php/dav;
    }

    location ~ /.well-known/acme-challenge {
      allow all;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
       rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
       deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
       deny all;
     }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
       include fastcgi_params;
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       #Avoid sending the security headers twice
       fastcgi_param modHeadersAvailable true;
       fastcgi_param front_controller_active true;
       fastcgi_pass unix:/run/php/php7.0-fpm.sock;
       fastcgi_intercept_errors on;
       fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
       try_files $uri/ =404;
       index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
   }

   location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
   }
}

Save and close the file. Test Nginx and reload. If this passes you should be able to

sudo nginx -t
sudo systemctl reload nginx
  1. Download & install Let's Encrypt:

    cd 
    git clone https://github.com/letsencrypt/letsencrypt
    cd letsencrypt
    ./letsencrypt-auto --help
    

Switch to the directory and replace webroot and domain name:

cd ~
cd letsencrypt/
./letsencrypt-auto certonly --nginx -w root /usr/share/nginx/nextcloud/ -d your-domain.name

If that was sucessful, then we need to edit the Nginx config again:

sudo nano /etc/nginx/conf.d/nextcloud.conf

Change the top of the file to be this, overrite the old listen 80;:

listen 443 ssl;

Add these lines below they are to verify Let's Encrypt so you can use ssl. Replace the domain with yours:

ssl_certificate /etc/letsencrypt/live/your-domain.com/cert.pem;
    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;

Then add this to the top of the file, not inside your other server declaration:

server {
  listen 80;
  server_name mre.sytes.net;
  return 301 https://$server_name$request_uri;  # enforce https
}

Test Nginx and reload. If this passes you should be able to navigate to your-domain.com/nextcloud in a browser:

sudo nginx -t
sudo systemctl reload nginx

Make Nextclouds data directory and give it permission

sudo mkdir /usr/share/nginx/nextcloud-data
sudo chown www-data:www-data /usr/share/nginx/nextcloud-data -R

Now if it shows the web login then it was a sucess! If you have an external hhd you want to add here's how. Use this to find your external hard drives UUID which is associated with a /sda1 drive:

ls -l /dev/disk/by-uuid/

Mount the drive:

sudo mount -t ntfs-3g -o uid=1000,gid=1000,umask=007 /dev/sda1 /media/nextcloud

Backup and open fstab:

sudo cp /etc/fstab /etc/fstab.backup
sudo nano /etc/fstab

Add this line:

UUID=[Your UUID] /media/nextcloud ntfs-3g uid=1000,gid=1000,umask=007 0 0

Now that should be it, your nextcloud installation should work and after you install the external files app you should be able to add your drive through the web interface.