Installing LEMP & NextCloud on a Raspberry Pi running Ubuntu 16.04
This is a thrown tutorial mostly from here and here, I have been piecing together from tutorials about how to do this so I thought I'd share the steps I took to install NextCloud.
Section 1: First get your Rasberry Pi setup with ssh and take it through the inital setup steps until you have ssh setup and connected. There are plenty of websites that have that tutorial so go ahead and find one.
Section 2: Start by signing up for a dynamic DNS service like NoIP. If you use NoIP go through their documentation for setting up their app on linux. Also make sure you forward ports 80 and 443 on your router.
Section 3: Setup & Install dependencies
Download & Install NextCloud
wget https://download.nextcloud.com/server/releases/latest.zip
sudo apt install unzip
unzip nextcloud-latest.zip
Lets move the NextCloud directory to the doc root of Nginx:
sudo mv nextcloud /usr/share/nginx/
Give it permissions like so:
sudo chown www-data:www-data /usr/share/nginx/nextcloud/ -R
-
We are going to start installing some of the dependencies. Start by updating
sudo apt-get update
sudo apt-get upgrade -
Install and start Nginx, and have it start on boot
sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl enable nginxHere are more commands if you need to deal with Nginx:
Check if Nginx is runningsystemctl status nginxStop then start Nginx
sudo systemctl restart nginxStart nginx at boot
sudo systemctl enable nginx -
Configure MariaDB
Install, start and have MariaDB start on boot:sudo apt install mariadb-server mariadb-client sudo systemctl start mysql sudo systemctl enable mysqlWhen you are done with the install you still need to run the SQL startup scrypt:
sudo /usr/bin/mysql_secure_installationLogin to the MariaDB with the following:
mysql -u root -pCreate a database for NextCloud:
create database nextcloud;Create a user and a password for that user:
create user nextclouduser@localhost identified by 'your-password';Grand that user privileges:
grant all privileges on nextcloud.* to nextclouduser@localhost identified by 'your-password';
Flush privileges and exit:
flush privileges;
exit;
-
Install php7 and extensions
sudo apt install php7.0-fpm php7.0-mbstring php7.0-xml php7.0-mysql php7.0-common php7.0-gd php7.0-json php7.0-cli php7.0-curlEdit your php config
sudo nano /etc/php/7.0/fpm/pool.d/www.confFind the line that starts with listen and make it look like this:
;listen = 127.0.0.1:9000 listen = /var/run/php5-fpm.sockReload php
sudo service php7.0-fpm reload -
Create an Nginx config file in /etc/nginx/conf.d/
sudo nano /etc/nginx/conf.d/nextcloud.conf
Paste this as your config. Replace your domain with your noip domain
server {
listen 80;
server_name nextcloud.your-domain.com;
# Add headers to serve security related headers
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /usr/share/nginx/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location ~ /.well-known/acme-challenge {
allow all;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
Save and close the file. Test Nginx and reload. If this passes you should be able to
sudo nginx -t
sudo systemctl reload nginx
-
Download & install Let's Encrypt:
cd git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./letsencrypt-auto --help
Switch to the directory and replace webroot and domain name:
cd ~
cd letsencrypt/
./letsencrypt-auto certonly --nginx -w root /usr/share/nginx/nextcloud/ -d your-domain.name
If that was sucessful, then we need to edit the Nginx config again:
sudo nano /etc/nginx/conf.d/nextcloud.conf
Change the top of the file to be this, overrite the old listen 80;:
listen 443 ssl;
Add these lines below they are to verify Let's Encrypt so you can use ssl. Replace the domain with yours:
ssl_certificate /etc/letsencrypt/live/your-domain.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
Then add this to the top of the file, not inside your other server declaration:
server {
listen 80;
server_name mre.sytes.net;
return 301 https://$server_name$request_uri; # enforce https
}
Test Nginx and reload. If this passes you should be able to navigate to your-domain.com/nextcloud in a browser:
sudo nginx -t
sudo systemctl reload nginx
Make Nextclouds data directory and give it permission
sudo mkdir /usr/share/nginx/nextcloud-data
sudo chown www-data:www-data /usr/share/nginx/nextcloud-data -R
Now if it shows the web login then it was a sucess! If you have an external hhd you want to add here's how. Use this to find your external hard drives UUID which is associated with a /sda1 drive:
ls -l /dev/disk/by-uuid/
Mount the drive:
sudo mount -t ntfs-3g -o uid=1000,gid=1000,umask=007 /dev/sda1 /media/nextcloud
Backup and open fstab:
sudo cp /etc/fstab /etc/fstab.backup
sudo nano /etc/fstab
Add this line:
UUID=[Your UUID] /media/nextcloud ntfs-3g uid=1000,gid=1000,umask=007 0 0
Now that should be it, your nextcloud installation should work and after you install the external files app you should be able to add your drive through the web interface.