Installing Nextcloud on a FreeBSD VPS

Introduction

Pre Requisites

Configuration Steps

1. Launch a new Storage Instance in the DC of your choice. In my specific case I am running a 512MB RAM/125GB HD instance in the Los Angeles Data Center.
2. SSH into the new VPS.
3. Update and Upgrade BSD

   pkg update && pkg upgrade
   
     [Optional] Install some helper packages
     
       
     
   
   pkg install vim-lite htop tmux
   

4. Add some swap By default, the storage instance does not come with a swap partition, since I chose the smallest instance with 512MB of RAM, it is probably a good idea to add some swap because if the system ever runs out of memory the whole entire thing will come crashing down. You can read more about how to add swap in FreeBSD, but the gist of it is:

   # Create a 1GB sawp file
   dd if=/dev/zero of=/swap bs=1m count=1024
   
     Set proper permissions on swap file
     
       
     
   
   chmod 600 /swap
   
     Add swap to /etc/fstab
     
       
     
   
   md99    none    swap    sw,file=/swap,late  0   0
   
     Turn swap on
     
       
     
   
   swapon -aL
   

   If everything was successful, running htop you should now see some swap space.
5. Install and Configure BAMP Stack (BSD, Apache, MySQL, PHP) and Redis
   • Install all packages and dependencies

     pkg install apache24 mysql57-server redis php70 mod_php70 php70-pdo_mysql \
     php70-redis php70-gd php70-curl php70-json php70-zip php70-dom \
     php70-xmlwriter php70-xmlreader php70-xml php70-mbstring php70-ctype \
     php70-zlib php70-simplexml php70-hash php70-fileinfo php70-posix \
     php70-iconv php70-filter php70-openssl
     

   • Add Services to /etc/rc.conf

     # /etc/rc.conf
     …
     apache24_enable=“yes”
     mysql_enable=“yes”
     redis_enable=“yes”
     

   • Configure Apache Ensure that the rewrite and ssl modules are enabled (uncommented) in /usr/local/etc/apache24/httpd.conf.

     # /usr/local/etc/apache24/httpd.conf
     …
     LoadModule ssl_module libexec/apache24/mod_ssl.so
     LoadModule rewrite_module libexec/apache24/mod_rewrite.so
     …
     

     Add a PHP handler to /usr/local/etc/apache24/modules.d

     # /usr/local/etc/apache24/modules.d/001_mod_php.conf
     <FilesMatch ".php$">
     SetHandler application/x-httpd-php
     </FilesMatch>
     <FilesMatch ".phps$">
     SetHandler application/x-httpd-php-source
     </FilesMatch>
     

   • Configure MySQL Once MySQL has been added to /etc/rc.conf you can start it up by executing the following command in your shell:

     /usr/local/etc/rc.d/mysql-server start
     

     The first time MySQL runs it will create a root password which can be found in $HOME/.mysql_secret, use this password to log into MySQL, change the root password, and then create a new admin user for Nextcloud.

     # Grab the Root Password
     cat ~/.mysql-secret
     
       Log into MySQL
       
         
       
     
     mysql -u root -p $PASSWORD # Password from previous step
     
       Change the Root Password
       
         
       
     
     ALTER USER ‘root’@’localhost’ IDENTIFIED BY ‘$NEW_PASSWORD’;
     
       Create New Schema for Nextcloud
       
         
       
     
     CREATE DATABASE nextcloud;
     
       Create New Admin User for Nextcloud
       
         
       
     
     CREATE USER ’nextcloud_admin’@’localhost’ IDENTIFIED BY ‘$OTHER_NEW_PASSWORD’;
     
       Grant Permissions to the new Admin user to the Nextcloud Schema
       
         
       
     
     GRANT ALL ON nextcloud.* TO ’nextcloud_admin’@’localhost’;
     
       Refresh all Privileges
       
         
       
     
     FLUSH PRIVILEGES;
     

   • Configure Redis There are many different memory caching strategies for Nextcloud. I like using Redis for this sort of thing, you can chose whichever strategy you prefer. The following (optional) configuration will make redis run on a local socket instead of over TCP. This is better from a security perspective. Update /usr/local/etc/redis.conf to run on local socket

     # /usr/local/etc/redis.conf
     …
     port 0
     …
     unixsocket /tmp/redis.sock
     unixsocketperm 750
     

     Add www user to the wheel group so that it has permission to access this socket.

     pw groupmod wheel -m www
     

     Start Redis

     /usr/local/etc/rc.d/redis start
     

     If everything went well, you should see the redis socket in/tmp

     # ls -al /tmp
     total 48
     drwxrwxrwt   7 root   wheel  512 Sep  1 23:02 .
     drwxr-xr-x  18 root   wheel  512 Sep  1 22:03 ..
     …
     srwxr-x—   1 redis  wheel    0 Sep  1 23:02 redis.sock
     …
     

6. Download Nextcloud We are almost there! The last few steps are to actually download and configure Nextcloud. You can get the latest version of Nextcloud from here.

   # Go to the default apache data directory
   cd /usr/local/www/apache24/data
   
     Download Nextcloud
     
       
     
   
   wget https://download.nextcloud.com/server/releases/nextcloud-10.0.0.zip
   
     Unzip Nextcloud
     
       
     
   
   unzip nextcloud-10.0.0.zip
   
     Make sure the www user owns this directory
     
       
     
   
   chown -R www:www nextcloud
   

7. Install and run certbot by LetsEncrypt The full instructions are available here but the gist is:

   # Install the Package
   pkg install py27-certbot
   
     Generate the Cert
     
       
     
   
   certbot certonly
   

   Go through the certbot UI and fill out your site specific details. If all goes well you should see a message that says:

   Congratulations! Your certificate and chain have been saved at/usr/local/etc/letsencrypt/live/$YOUR_SITE/fullchain.pem

8. Create a VirtualHost Configuration for Nextcloud Create a new file called $YOUR_SITE.conf in /usr/local/etc/apache24/Includes, the contents of this file should have a VirtualHost specification for your new Nextcloud site. The first VirtualHost will listen on port 80 and redirect all requests to HTTPS. The second VirtualHost will listen on port 443 and serve your actual Nextcloud site.

   <VirtualHost *:80>
     ServerAdmin $YOUR_EMAIL
     ServerName $YOUR_SITE
   RewriteEngine on
   RewriteCond %{SERVER_NAME} =$YOUR_SITE
   RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
   </VirtualHost>
   Listen 443
   <IfModule mod_ssl.c>
   <VirtualHost *:443>
   ServerAdmin $YOUR_EMAIL
   ServerName $YOUR_SITE
   DirectoryIndex index.php
   DocumentRoot /usr/local/www/apache24/data/nextcloud
   SSLCertificateFile /usr/local/etc/letsencrypt/live/$YOUR_SITE/fullchain.pem
   SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/$YOUR_SITE/privkey.pem
   
   SSLEngine on
   
   # Intermediate configuration, tweak to your needs
   SSLProtocol             all -SSLv2 -SSLv3
   SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
   SSLHonorCipherOrder     on
   SSLCompression          off
   
   SSLOptions +StrictRequire
   
   <span class="nt">&lt;Directory</span> <span class="err">/usr/local/www/apache24/data/nextcloud</span><span class="nt">&gt;</span>
     AllowOverride all
   <span class="nt">&lt;/Directory&gt;</span>
   
   <span class="nt">&lt;IfModule</span> <span class="err">mod_headers.c</span><span class="nt">&gt;</span>
     Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
   <span class="nt">&lt;/IfModule&gt;</span>
   
   </VirtualHost>
   </IfModule>
   

   Start apache with /usr/local/etc/rc.d/apache24 start
9. Configure Nextcloud
   • Verify Installation Go to https://\$YOUR_SITE.com, verify that you get redirected to HTTPS and that the certificate shows up as valid.
   • Create Admin Account If this page loads properly, you should create an admin user, set the data directory location, and fill in the database credentials from step 5.
   • Tweak Config File We need to tweak the config file in order to enable Redis memory caching. Open up/usr/local/www/apache24/data/nextcloud/config/config.php and add:

     # /usr/local/www/apache24/data/nextcloud/config/config.php
     …
     ‘memcache.locking’ => ‘\OC\Memcache\Redis’,
     ‘memcache.local’ => ‘\OC\Memcache\Redis’,
     ‘redis’ =>
     array (
     ‘host’ => ‘/tmp/redis.sock’,
     ‘port’ => 0,
     ),
     

   • Use System Cron Job By default NextCloud uses an AJAX cron, the performance is a bit better if you let the system cron handle this. Add the following to the crontab:

     # crontab -u www-data -e
     PATH=/usr/local/bin
     */15  *  *  *  * php -f /usr/local/www/apache24/data/nextcloud/cron.php
     

     Once this has been added, select Cron from Admin -> Settings
   • Enjoy Nextcloud That was a lot of steps, but now we have a private, self hosted, secure, and affordable Nextcloud instance. If you ran into any issues during installation please let me know in the comments below!

Next Steps

• Download the Nextcloud client for your Desktop or Mobile Device.
• Explore the Apps, my favorites are:
  • Mail
  • News
  • Tasks
• Join the Nextcloud Community
• Hack on Nextcloud