Installing and testing Nextcloud
Let's Encrypt
Now you can enable access to the server via the Internet. You will need an SSL certificate from Let's Encrypt in order to secure the connection. The first step here is to forward ports 80(http) and 443(https) from your router to the server. You will also need a static DynDNS address so that the local network is always accessible from the Internet in the future. You see, typically, an Internet service provider assigns a new Internet address for each dial up. The free DynDNS service [6] assumes absolutely necessary tasks like logging in each month to the web interface, making the process of maintaining remote access to your computer and devices from outside you local network far less stressful.
In order to connect to your NextCloud server remotely, you'll need to open ports 80 and 443 on your Firewall and forward them to the server (i.e. your Pi). The specific steps for this will vary from router to router, so check with your manufacturer if you're uncertain. The website Portforward.com contains instructions to do this for many common models of router.
Optimizing
Owncloud recommends installing a PHP cache in order to avoid continuously re-executing resource hungry instructions [11]. This also holds true for Nextcloud. In order to install the cache, first install the package php-apcu. Next enter the instruction 'memcache.local' => '\OC\Memcache\APC',
as a new line before the closing );
(Listing 11) in the configuration file config.php. You'll find this file in /var/www/nextcloud/. The program will automatically load the changes when you next access the Nextcloud site.
Most modern routers will have a Dynamic DNS option. You can use this to enter the settings specified by your Dynamic DNS provider (Figure 2). Perform a preliminary test run of your setup by attempting to access the newly installed web server via the DynDNS address.
If this all works, add a Let's Encrypt certificate to the web server. You'll need to install the python-letsencrypt-apache and certbot packages to do this, which means you'll have to temporarily enable the Debian backports. You may see error messages during installation, saying the key for the package manager has not been found. Ignore this for now. Once installation is complete, delete the entry for the backports from the package administration (Listing 3).
Listing 3
debian-jessie-backports.list
$ sudo -s $ echo "deb http://httpredir.debian.org/debian jessie-backports main contrib non-free" > /etc/apt/sources.list.d/debian-jessie-backports.list $ apt-get update -y $ sudo apt install -t jessie-backports certbot python-certbot-apache -y $ rm /etc/apt/sources.list.d/debian-jessie-backports.list $ apt-get update
After installation is finished, generate the certificate (Listing 4). The URL corresponds to the DynDNS address you created earlier. The query for the mode causes the web server to automatically route all queries over the encrypted HTTPS protocol, Secure, or you must explicitly call the HTTPS address, Easy. For your own safety, the better choice is the secure method (Figure 3). Using the renew --dry-run --agree-tos option you can then check to see whether the certificate has been updated.
Listing 4
letsencrypt
$ sudo letsencrypt --apache -d home.example.com $ sudo letsencrypt renew --dry-run --agree-tos
Ideally, Let's Encrypt should renew the certificate automatically. You can install a system timer to make sure this happens. To do this, first go to the /etc/systemd/system directory and create the files letsencrypt.service and letsencrypt.timer using the first two commands from Listing 5. The contents for the files are shown in Listing 6 and Listing 7. You then close the nano editor with [Ctrl]+[O] [Enter] and [Ctrl]+[X]. The service assumes the actual task of renewing the certificate and makes the web server reload its settings once renewal has taken place. The timer then automatically executes the Let's Encrypt service once each day.
Listing 5
systemctl
$ sudo nano /etc/systemd/system/letsencrypt.service $ sudo nano /etc/systemd/system/letsencrypt.timer $ sudo systemctl enable letsencrypt.timer $ systemctl list-timers --all | grep letsencrypt Mi 2016-06-22 00:00:00 CEST 12h left n/an/a letsencrypt.timer letsencrypt.service
Listing 6
letsencrypt.service
[Unit] Description=Let's Encrypt renewal service [Service] Type=oneshot ExecStart=/usr/bin/letsencrypt renew ExecStartPost=/bin/systemctl reload apache2
Listing 7
letsencrypt.timer
[Unit] Description=Daily renewal timer of Let's Encrypt's certificates [Timer] OnCalendar=daily Persistent=true [Install] WantedBy=timers.target
Nextcloud
Nextcloud comes as either a TAR BZ2 [7] or in ZIP archive format. Once you've downloaded it, extract the file to the root directory of the web server /var/www and then transfer file permissions for /var/www/nextcloud to the system user www-data (Listing 8).
Listing 8
nextcloud-<version>.tar.bz
$ wget https://download.nextcloud.com/server/releases/nextcloud-<version>.tar.bz2 $ sudo tar xf nextcloud*.bz2 -C /var/www $ sudo chown -R www-data.www-data /var/www/nextcloud
You need to create a virtual host so that the Apache web server can access the data. To do this, create a configuration file nextcloud.conf (Listing 9) in the folder /etc/apache2/sites-available and paste the content from Listing 10 inside it. Once again, these changes need to be saved via [Ctrl]+[O],[Enter]. Exit the nano editor via [Ctrl]+[X]. Now it's time to activate the virtual host and reload the configuration for the web server. You should now be able to access the Nextcloud installation pointing your browser at http://<example>.dyn.com/nextcloud (Figure 4).
Listing 9
Create nextcloud.conf
$ sudo nano /etc/apache2/sites-available/nextcloud.conf $ sudo a2ensite nextcloud $ sudo service apache2 reload
Listing 10
nextcloud.conf
Alias /nextcloud "/var/www/nextcloud/" <Directory /var/www/nextcloud/> Options +FollowSymlinks AllowOverride All <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /var/www/nextcloud SetEnv HTTP_HOME /var/www/nextcloud </Directory>
Use the Assistant to enter the login details for the first admin user. Below the password box, enter the location of your MariaDB server localhost as part of the LAMP stack installation. In the example configuration this would be nextcloud
for database user and database name. The database host would be localhost
. Finally enter the password you chose for the Nextcloud database.
Click on Finish installation to transfer settings to the configuration file. Your browser will automatically load the Nextcloud home screen (Figure 5). To get started with setup, open the Administrator settings from the drop down menu under your user name. This also shows you any potential problems with the current web server configuration (Figure 6).
« Previous 1 2 3 Next »
Buy this article as PDF
Pages: 6
(incl. VAT)