Installing and testing Nextcloud

Let's Encrypt

Now you can enable access to the server via the Internet. You will need an SSL certificate from Let's Encrypt in order to secure the connection. The first step here is to forward ports 80(http) and 443(https) from your router to the server. You will also need a static DynDNS address so that the local network is always accessible from the Internet in the future. You see, typically, an Internet service provider assigns a new Internet address for each dial up. The free DynDNS service [6] assumes absolutely necessary tasks like logging in each month to the web interface, making the process of maintaining remote access to your computer and devices from outside you local network far less stressful.

In order to connect to your NextCloud server remotely, you'll need to open ports 80 and 443 on your Firewall and forward them to the server (i.e. your Pi). The specific steps for this will vary from router to router, so check with your manufacturer if you're uncertain. The website Portforward.com contains instructions to do this for many common models of router.

Optimizing

Owncloud recommends installing a PHP cache in order to avoid continuously re-executing resource hungry instructions [11]. This also holds true for Nextcloud. In order to install the cache, first install the package php-apcu. Next enter the instruction 'memcache.local' => '\OC\Memcache\APC', as a new line before the closing ); (Listing 11) in the configuration file config.php. You'll find this file in /var/www/nextcloud/. The program will automatically load the changes when you next access the Nextcloud site.

Most modern routers will have a Dynamic DNS option. You can use this to enter the settings specified by your Dynamic DNS provider (Figure 2). Perform a preliminary test run of your setup by attempting to access the newly installed web server via the DynDNS address.

Figure 2: Dynamic DNS providers like DynDNS connect a static Internet address with the dynamic Internet IP of your Internet access.

If this all works, add a Let's Encrypt certificate to the web server. You'll need to install the python-letsencrypt-apache and certbot packages to do this, which means you'll have to temporarily enable the Debian backports. You may see error messages during installation, saying the key for the package manager has not been found. Ignore this for now. Once installation is complete, delete the entry for the backports from the package administration (Listing 3).

Listing 3

debian-jessie-backports.list

$ sudo -s
$ echo "deb http://httpredir.debian.org/debian jessie-backports main contrib non-free" > /etc/apt/sources.list.d/debian-jessie-backports.list
$ apt-get update -y
$ sudo apt install -t jessie-backports certbot python-certbot-apache -y
$ rm /etc/apt/sources.list.d/debian-jessie-backports.list
$ apt-get update

After installation is finished, generate the certificate (Listing 4). The URL corresponds to the DynDNS address you created earlier. The query for the mode causes the web server to automatically route all queries over the encrypted HTTPS protocol, Secure, or you must explicitly call the HTTPS address, Easy. For your own safety, the better choice is the secure method (Figure 3). Using the renew --dry-run --agree-tos option you can then check to see whether the certificate has been updated.

Listing 4

letsencrypt

$ sudo letsencrypt --apache -d home.example.com
$ sudo letsencrypt renew --dry-run --agree-tos
Figure 3: In order to achieve optimal security, let Let's Encrypt configure the server so that it routes all connections via HTTPS.

Ideally, Let's Encrypt should renew the certificate automatically. You can install a system timer to make sure this happens. To do this, first go to the /etc/systemd/system directory and create the files letsencrypt.service and letsencrypt.timer using the first two commands from Listing 5. The contents for the files are shown in Listing 6 and Listing 7. You then close the nano editor with [Ctrl]+[O] [Enter] and [Ctrl]+[X]. The service assumes the actual task of renewing the certificate and makes the web server reload its settings once renewal has taken place. The timer then automatically executes the Let's Encrypt service once each day.

Listing 5

systemctl

$ sudo nano /etc/systemd/system/letsencrypt.service
$ sudo nano /etc/systemd/system/letsencrypt.timer
$ sudo systemctl enable letsencrypt.timer
$ systemctl list-timers --all | grep letsencrypt
Mi 2016-06-22 00:00:00 CEST 12h left n/an/a letsencrypt.timer letsencrypt.service

Listing 6

letsencrypt.service

[Unit]
Description=Let's Encrypt renewal service
[Service]
Type=oneshot
ExecStart=/usr/bin/letsencrypt renew
ExecStartPost=/bin/systemctl reload apache2

Listing 7

letsencrypt.timer

[Unit]
Description=Daily renewal timer of Let's Encrypt's certificates
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target

Nextcloud

Nextcloud comes as either a TAR BZ2 [7] or in ZIP archive format. Once you've downloaded it, extract the file to the root directory of the web server /var/www and then transfer file permissions for /var/www/nextcloud to the system user www-data (Listing 8).

Listing 8

nextcloud-<version>.tar.bz

$ wget https://download.nextcloud.com/server/releases/nextcloud-<version>.tar.bz2
$ sudo tar xf nextcloud*.bz2 -C /var/www
$ sudo chown -R www-data.www-data /var/www/nextcloud

You need to create a virtual host so that the Apache web server can access the data. To do this, create a configuration file nextcloud.conf (Listing 9) in the folder /etc/apache2/sites-available and paste the content from Listing 10 inside it. Once again, these changes need to be saved via [Ctrl]+[O],[Enter]. Exit the nano editor via [Ctrl]+[X]. Now it's time to activate the virtual host and reload the configuration for the web server. You should now be able to access the Nextcloud installation pointing your browser at http://<example>.dyn.com/nextcloud (Figure 4).

Listing 9

Create nextcloud.conf

$ sudo nano /etc/apache2/sites-available/nextcloud.conf
$ sudo a2ensite nextcloud
$ sudo service apache2 reload

Listing 10

nextcloud.conf

Alias /nextcloud "/var/www/nextcloud/"
<Directory /var/www/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All
 <IfModule mod_dav.c>
  Dav off
 </IfModule>
 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
Figure 4: Once installation is complete, use the Nextcloud configuration assistant to set up access to the database.

Use the Assistant to enter the login details for the first admin user. Below the password box, enter the location of your MariaDB server localhost as part of the LAMP stack installation. In the example configuration this would be nextcloud for database user and database name. The database host would be localhost. Finally enter the password you chose for the Nextcloud database.

Click on Finish installation to transfer settings to the configuration file. Your browser will automatically load the Nextcloud home screen (Figure 5). To get started with setup, open the Administrator settings from the drop down menu under your user name. This also shows you any potential problems with the current web server configuration (Figure 6).

Figure 5: The web interface for Nextcloud closely resembles its predecessor OwnCloud. The system is ready to go once installation is complete.
Figure 6: NextCloud clients are available for all major desktop Operating Systems, as well as Android and iOS.

Buy this article as PDF

Express-Checkout as PDF

Pages: 6

Price $2.95
(incl. VAT)

Buy Raspberry Pi Geek

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • News

    RealVNC for Free; Asus Tinker Board; Pi Compute Module 3; Dride Smart Dashcam; and NextCloud Box.

  • Control your data in the cloud with arkOS

    ArkOS lets you put your online existence in the cloud without letting your data fall into the hands of commercial data gatherers. The system is easy to administer, and you can expand it using a handy system of extensions.

  • Using a Raspberry Pi to synchronize data

    The Raspberry Pi is not powerful enough to support fully mature network storage. In situations involving smaller amounts of data, however, the little computer shines as a flexible data hub.

  • Pydio on Raspberry Pi

    Pydio transforms the Raspberry Pi into a powerful file sharing and collaboration platform.

  • Accessing Raspberry Pi services via the Internet

    The virtual private network (VPN) from Weaved offers an elegant and secure solution for creating external access to services running on a Raspberry Pi inside a home network. Besides offering great functionality, Weaved is available with a free account.