Install instructions for Nextcloud on Debian Buster with nginx

I would like to install Nextcloud on a Linode VM with Debian Buster that already has nginx instead of apache installed for use by Mattermost. Can anyone provide a link to the best installation instructions for this scenario.

Thanks,
Dennis

https://riegers.in/nextcloud-installation-guide-debian-9-10/

1 Like

Thanks much, a have a few questions:

In the nginx conf file /etc/nginx/nginx.conf:
I just have one ip address for my server. You have the entries:
1. set-real_ip_from 192.168.2.0/24; Do I just set my ipaddress here or is this for subnet determination? The last 3 digits of my Ip address is 220.
2. resolver 192.168.2.1; Do I just set my ip address here do I leave it as is?
I am not sure what to put for these fields as I have only one ip address for the server

In the /etc/mysql/my.cnf:
I have mysql installed and is working for Mattermost. Do I really need to install mariadb over mysql or can I use this sample my.cnf for mysql with the following considerations? You have some entries such as,
1. log_bin = /var/log/mysql/mariadb-bin
2. log_bin_index = /var/log/mysql/mariadb-bin.index
3. slow_query_log_file = /var/log/mysql/mariadb-slow.log
Does mysql have the same functionality and can I change the name to “mysql” in the file name or delete the entries.

In the file you created the file /etc/nginx/conf.d/nextcloud.conf. It seems that other install instructions for nginx put the config file in /etc/nginx/sites-available. Does it matter? My mattermost conf file is in that location.

if you have a working setup you leaf everything as it is here.

this is used if you run your server in NAT environment. it defines the subnet.

this is the ip address of a DNS server.

no. you can’t. the packages would remove each other.

if you have a working mysql/mariadb it’s fine.

nevertheless you have to meet some requirements. check the docs.

https://docs.nextcloud.com/server/17/admin_manual/configuration_database/linux_database_configuration.html#configuring-a-mysql-or-mariadb-database

this is important:

transaction_isolation = READ-COMMITTED
binlog_format = ROW

but don’t change mysql to mariadb in any path.

you have to check the include statements in /etc/nginx/nginx.conf.
check if the file in /etc/nginx/sites-available areincluded or the links in /etc/nginx/sites-enabled.

try to create this file https://docs.nextcloud.com/server/17/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx in the same way as your mattermost.conf.

Hello,
I have been having problems with getting Nextcloud to work side by side with Mattermost using Nginx.

I have a WordPress website on a hosting service using domain name of [domain name] of the form*.org. I installed Mattermost with nginx on a Linode linode (VM, I think) on a server with ipaddress of [server ip address]. It is working fine. I then tried to install Nextcloud. On the WordPress host site DNS Zone Editor I created records of mattermost.[domain name] that points to [server ip address] and nextcloud.[domain name] that points to [server ip address], both records are of type A.

However, I am missing something. Browser calls to nextcloud.[domain name] always get redirected to mattermost.[domain name] and mattermost appears.

Can someone give me an idea of what I am missing or have wrong. Any help is appreciated, below are the contents of the 2 nginx config files for mattermost and nextcloud.

Thank you,
Dennis

/etc/nginx/nginx.conf has the includes needed for the below

/etc/nginx/sites-available/mattermost:

upstream backend {
server [server ip address]:8065;
keepalive 32;
}

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

server {
listen 80 default_server;
server_name mattermost.[domain name];
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name mattermost.[domain name];

ssl on;
ssl_certificate /etc/letsencrypt/live/mattermost.[domain name]/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mattermost.[domain name]/privkey.pem;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2;
ssl_ciphers ‘ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256’;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;

HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)

add_header Strict-Transport-Security max-age=15768000;

OCSP Stapling —

fetch OCSP records from URL in ssl_certificate and cache them

ssl_stapling on;
ssl_stapling_verify on;

location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://backend;
}

location / {
client_max_body_size 50M;
proxy_set_header Connection “”;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
proxy_pass http://backend;
}
}

/etc/nginx/sites-available/nextcloud

upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php/php7.3-fpm.sock;
}

server {
	listen 80;
	server_name nextcloud.[domain name];
	root /var/www/nextcloud;
	index index.htm index.html;

	location / {
    	try_files $uri $uri/ =404;    upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php/php7.3-fpm.sock;
}

server {
	listen 80;
	server_name nextcloud.[domain name];
	root /var/www/nextcloud;
	index index.htm index.html;

	location / {
    	try_files $uri $uri/ =404;
	}    
}

server {
listen 443 ssl;
server_name nextcloud.[domain name];

ssl_certificate /etc/letsencrypt/live/mattermost.[domain name]/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mattermost.l[domain name]/privkey.pem;

# Path to the root of your installation
root /var/www/nextcloud/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.8
#pagespeed off;

index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location / {

rewrite ^/remote/(.*) /remote.php last;

rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

try_files $uri $uri/ =404;
}

location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}

# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
}
	}    
}

server {
listen 443 ssl;
server_name nextcloud.lakewoodsolar.org;

ssl_certificate /etc/letsencrypt/live/mattermost.lakewoodsolar.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mattermost.lakewoodsolar.org/privkey.pem;

# Path to the root of your installation
root /var/www/nextcloud/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.8
#pagespeed off;

index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location / {

rewrite ^/remote/(.*) /remote.php last;

rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

try_files $uri $uri/ =404;
}

location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}

# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
}

Sorry, I garbled something, The addresses used in the browser were mattermost.[domainname] and nextcloud.[domainname].

I was able to edit the previous post.

I got past that and onto the nextcloud signup page.

Any ideas on the problems with connecting to mysql or the .htaccess file?