This Guide is about install and configure Nextcloud and Let's encrypt in a virtual Ubuntu. I've put it together from several Guides I found.
Based on Ubuntu Server 16.04 and Nextcloud 12.
For the VM I used 2 Cores, 4GB RAM, 50GB VDisk and a bridged Network.
1. Ubuntu-Server-Installation
Standard with OpenSSH-Server
when ready
sudo apt-get update
sudo apt-get upgrade
Reboot
2. Nextcloud-Installation and -configuration via ssh
sudo snap install nextcloud
sudo apt-get install apache2 mariadb-serverlibapache2-mod-php7.0
sudo apt-get install php7.0-gd php7.0-jsonphp7.0-mysql php7.0-curl php7.0-mbstring
sudo apt-get install php7.0-intl php7.0-mcryptphp-imagick php7.0-xml php7.0-zip
wget https://download.nextcloud.com…/nextcloud-12.0.0.tar.bz2
sudo tar -xjf nextcloud-12.0.0.tar.bz2
sudo cp -r nextcloud /var/www
Add this to sudo nano/etc/apache2/sites-available/nextcloud.conf
Alias/nextcloud "/var/www/nextcloud/"
<Directory/var/www/nextcloud/>
Options+FollowSymlinks
AllowOverrideAll
SatisfyAny
<IfModulemod_dav.c>
Davoff
</IfModule>
SetEnvHOME /var/www/nextcloud
SetEnvHTTP_HOME /var/www/nextcloud
</Directory>
Create Symlink
sudo ln -s/etc/apache2/sites-available/nextcloud.conf/etc/apache2/sites-enabled/nextcloud.conf
Additional Apache-Configuration
sudo a2enmod rewrite
sudo a2enmod headers
sudo a2enmod env
sudo a2enmod dir
sudo a2enmod mime
sudo service apache2 restart
Activate SSL-Modul
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo service apache2 restart
sudo chown -R www-data:www-data/var/www/nextcloud/
3. Create MariaDB-Datenbase
Change User@ and Password as needed
sudo mysql-u root
MariaDB>CREATE DATABASE nextcloud;
MariaDB>GRANT ALL ON nextcloud.* to 'user'@'localhost'IDENTIFIED BY 'set_database_password';
MariaDB>FLUSH PRIVILEGES;
MariaDB>exit
Reboot VM
4. Complete Nextcloud-Installation
By Browser http://localhost/nextcloud
Create new User with Password
Enter DB-User with Password and DB-Name
Complete Installation
5. Implement Let’s Encrypt-Certificate
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache
Create your Certificate
sudo certbot --apache
Test the Automation
sudo certbot renew --dry-run
Create new Cronjob
sudo crontab -e
This would run at 07.15h. Change it to your needs.
15 7 * * * /usr/bin/certbot renew –quiet
6. Nextcloud-Tuning
Move Data-Directory
sudo service apache2 stop
sudo mkdir /usr/nextcloud
sudo mv /var/www/nextcloud/data /usr/nextcloud
sudo chown www-data:www-data /usr/nextcloud
Change Datapath to /usr/nextcloud in
sudo nano /var/www/nextcloud/config/config.php
sudo service apache2 start
7. Enable HTTP Strict Transport Security
Copy this at the end of /etc/apache2/apache2.conf
<IfModule mod_headers.c>
Header always set Strict-Transport-Security"max-age=15768000; includeSubDomains; preload"
</IfModule>
sudo service apache2 restart
8. Memory Caching
sudo apt-get install redis-server php-redis
sudo service apache2 restart
9. PHP Opcache
Change these Parameters in sudo nano/etc/php/7.0/apache2/php.ini
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.save_comments=1
opcache.revalidate_freq=1
sudo service apache2 restart
Done