You can find plenty of guides that describes this installation method, although they might not look like if from the beginning. I used it to get my stuff going, and it works wonderfully. Just get the prerequisite software running as you are doing right now (the term you want to search for is LEMP stack, or LAMP stack for Apache instead of nginx, I find this guide (Digitalocean) very beginner friendly, with less “magic code”).
I personally found Apache easier to understand compared to nginx as a beginner. Apaches conf files are in more straightforward English if you ask me.
Thanks for the link. The guide is really easy to follow and will be very helpful. You mentioned other guides, though and the one thing the guide you linked doesn’t answer is unfortunately the one thing I really want to know before starting. How do I secure my webserver from access by the wider internet? I want it to be impossible (for now) for someone outside of my LAN to get onto my webspace. At the moment I’m not sure how I do that. Obviously if i close ports on the firewall at the server machine (which will just be my PC for now), then other devices in the house won’t be able to access the files, but I don’t know how to keep them open for internal traffic, but closed for external requests.
I had thought I understood it because I thought one had to deliberately forward ports from the router in order to allow external traffic to use them, but the guide you linked to doesn’t mention that and makes it appear as though simply installing Apache (and just opening the necessary ports at the local firewall) is enough to make the webspace available from outside the LAN. This is not what I want (yet) so I need some idea of how to modify this default behaviour. Does that make sense?
Your understanding is correct. The guide does not cover the expose it to the internet part/assume the person following it does already know how to do this. Your setup is a bit unsual, so you really won’t find many guides for “how do i block my webserver from being accessed from the Internet” As long as inbound traffic on port 443 and 80 is blocked/not forwarded (default on any sensible consumer router), the server will not be possible to reach from the internet.
Just be aware that letsencrypt will not work if the server is unable to be reached on any of those ports.
The term “port forwarding” refers to a port-specific inbound NAT translation where as “opening a port” refers to a firewall access rule. Consumer grade routers often combine the two into a single setting, but it’s important to understand that they are two separate things that are both needed. The effort to simplify it has the unfortunate side effect of making the true terminology confusing.
On your LAN, you only need the port to be not blocked (port open in firewall, or no firewall on the server itself). To access from outside your LAN, you need NAT, as well as the port open in the router’s firewall.
Thanks for getting back to me. That covers my most of my concerns. I suppose I’m constantly getting thrown by…
I’m baffled as to why. With Nextcloud on my LAN, I get a completely secure way to serve files, calendars, to do list, synchronise bookmarks and back up data between all my devices seamlessly. I can’t think of anything else that can do that, and yet I keep being told that my plan is unusual. That’s why, despite everyone’s great advice, I’m still nervous, I can’t for the life of me think why not everyone is doing this, how could one possibly achieve the same thing any other way? Just synchronising calendars between a PC and an Android device is a nightmare without using Google. Contacts are even worse. And presumably most people using Nextcloud are doing so at least partly because of privacy concerns, so would rather not use Google etc.
Anyway -
I’ve installed LAMP (went with Apache in the end), my webserver is working properly, I’ve installed Nextcloud. I ended up mostly following this, but with help from the Nextcloud manual and the webpage you linked too. Now, I go to my localhost and I get a Nextcloud page with
" Internal Server Error
The server was unable to complete your request."
Googling here just brings up this which doesn’t seem to have been solved.
Any clues as to what I’ve done wrong would be appreciated.
Because there is a great utility in having it accessible outside of your LAN as well, and that most people who like to dip their toes into hosting a Nextcloud instance either already have a spare computer, Raspberry PI or similar low cost option available, or drop the $100 bucks a Pi+HDD will cost. There is also not any difference between doing it on LAN and Internet wide for the server setup. The difference is networking, (fiddling with ports) that is either dedicated to other guides, or assumed the person following the guide knows. The last bit is very annoying indeed when one is learning, but it is very common.
Internal server error could be quite a lot of things. There should be clues in the Apache logs (generally in /var/log/httpd-error.log, or similar) See if you can find something there, and post either here or on pastebin.
Thanks - I don’t have an httpd-error.log, but I found a nextcloud.foo.info-error_log. There’s a lot of information there, but it starts with
[Wed Sep 11 11:55:03.591833 2019] [php7:warn] [pid 5577] [client ::1:50476] PHP Warning: fileperms(): stat failed for /usr/share/webapps/nextcloud/data/nextcloud.log in /usr/share/webapps/nextcloud/lib/private/Log/File.php on line 140
If you have any idea what that’s referring to, maybe fixing that might fix the other problems too?
The error seems to indicate a problem with file permissions. So perhaps you can check that the Nextcloud files are all owned by www-data. This is required by Nextcloud, which runs with the user www-data.
I noticed a lot of confusion about running Nextcloud on your desktop earlier in this thread so I wanted to mention that I’ve been running Nextcloud for years on my desktop now. My desktop remains on 24/7 and it’s powerful enough to run Nextcloud next to everything else I do. Though Nextcloud doesn’t really need that much power to run, relative to a modern desktop. The difference with running Nextcloud from your desktop instead of a server is that you won’t be able to connect to it if you turn your desktop off. But that should be obvious.
The only real issue I’ve noticed is that you’ll likely need to have 2 copies of your data on your desktop. The files that you see in Nextcloud are in a specific config folder, separated by Nextcloud user. This needs to be owned by the www-data user in your OS. This is likely not the user that you normally use your desktop with (it really shouldn’t be). While you can access these files directly, with root or setting the right permissions, Nextcloud isn’t really built for that. Any changes you make locally aren’t really visible in Nextcloud. You can force Nextcloud to scan the files again with occ but that’s just a workaround.
The way you’re supposed to access Nextcloud files is through the Nextcloud client. You can install that and it will then sync it to a folder on your desktop. This is a different folder which is now a second copy of the same files that Nextcloud already stored on your desktop. There’s no real way around this but it might become less of an issue if we get the Virtual Drive functionality in the Linux client.
I’m late to the party but I saw someone mention that this is Linux software. I don’t think that’s accurate, it’s actually just a web application written in PHP. That means you can use pretty much any web stack (LAMP, MAMP, WAMP, etc) to run it. That includes WAMP or xampp on Windows. Or what I would do in Windows is run an Ubuntu lamp stack inside a virtual machine for more isolation and flexibility. As mentioned, this application is questionable as you will have two copies of the data on the desktop, but you could do something crazy like use an external USB hard drive as the data directory for nextcloud, but honestly that sounds like a really bad idea and I’m sorry for mentioning it
