Installing Nextcloud on a FreeBSD VPS

Animated image of professor Emmett Brown from Back to the Future, he looks shocked. Greetings Time Traveler!

It looks like you found a post that is several years old. Keep in mind that technology changes fast and some of the information in this post might no longer be relevant.

If you're stuck, leave a comment and I'll try to help if I can.

Image via GIPHY

This guide shows you how to install Nextcloud on FreeBSD.

Table of Contents


Introduction

Nextcloud is an exciting new fork of OwnCloud. I have been meaning to try it out lately and I finally got around to doing it. I picked Vultr{.add-link} for this instance since they have really affordable “Spinny Disk” instances starting at just $5/mo for 125GB. The performance is noticeably slower than SSD, but if you are looking for a low cost place to store all of your files then this deal cannot be beat. Vultr also comes with full support for FreeBSD out of the box, which is a great choice for a system like this. The official Nextcloud documentation is wonderful, however it seems like it geared toward large multi-user installs. The purpose of this guide is to make it easy to install Nextcloud for a single (or just a few) user system. If you follow this guide you will have the latest stable version of Nextcloud with PHP7, Apache 2.4, MySQL 5.7 and Redis secured with LetsEncrypt on the latest stable version of FreeBSD.

Pre Requisites

In order to complete this guide successfully with a TLS enabled Nextcloud site you must have a domain name with DNS that successfully resolves to the IP address of your VPS Server.

Configuration Steps

  1. Launch a new Storage Instance in the DC of your choice. In my specific case I am running a 512MB RAM/125GB HD instance in the Los Angeles Data Center.
  2. SSH into the new VPS.
  3. Update and Upgrade BSD
     pkg update && pkg upgrade
    
     # [Optional] Install some helper packages
     pkg install vim-lite htop tmux
    
  4. Add some swap By default, the storage instance does not come with a swap partition, since I chose the smallest instance with 512MB of RAM, it is probably a good idea to add some swap because if the system ever runs out of memory the whole entire thing will come crashing down. You can read more about how to add swap in FreeBSD, but the gist of it is:
     # Create a 1GB sawp file
     dd if=/dev/zero of=/swap bs=1m count=1024
    
     # Set proper permissions on swap file
     chmod 600 /swap
    
     # Add swap to /etc/fstab
     md99    none    swap    sw,file=/swap,late  0   0
    
     # Turn swap on
     swapon -aL
    

    If everything was successful, running htop you should now see some swap space.

  5. Install and Configure BAMP Stack (BSD, Apache, MySQL, PHP) and Redis
    • Install all packages and dependencies
        pkg install apache24 mysql57-server redis php70 mod_php70 php70-pdo_mysql \
        php70-redis php70-gd php70-curl php70-json php70-zip php70-dom \
        php70-xmlwriter php70-xmlreader php70-xml php70-mbstring php70-ctype \
        php70-zlib php70-simplexml php70-hash php70-fileinfo php70-posix \
        php70-iconv php70-filter php70-openssl
      
    • Add Services to /etc/rc.conf
        # /etc/rc.conf
      
        ...
        apache24_enable="yes"
        mysql_enable="yes"
        redis_enable="yes"
      
    • Configure Apache Ensure that the rewrite and ssl modules are enabled (uncommented) in /usr/local/etc/apache24/httpd.conf.
        # /usr/local/etc/apache24/httpd.conf
      
        ...
      
        LoadModule ssl_module libexec/apache24/mod_ssl.so
        LoadModule rewrite_module libexec/apache24/mod_rewrite.so
      
        ...
      
    • Add a PHP handler to /usr/local/etc/apache24/modules.d
        # /usr/local/etc/apache24/modules.d/001_mod_php.conf
      
        <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
        </FilesMatch>
        <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
        </FilesMatch>
      
    • Configure MySQL Once MySQL has been added to /etc/rc.conf you can start it up by executing the following command in your shell:
        /usr/local/etc/rc.d/mysql-server start
      

      The first time MySQL runs it will create a root password which can be found in $HOME/.mysql_secret, use this password to log into MySQL, change the root password, and then create a new admin user for Nextcloud.

        # Grab the Root Password
        cat ~/.mysql-secret
      
        # Log into MySQL
        mysql -u root -p $PASSWORD # Password from previous step
      
        # Change the Root Password
        ALTER USER 'root'@'localhost' IDENTIFIED BY '$NEW_PASSWORD';
      
        # Create New Schema for Nextcloud
        CREATE DATABASE nextcloud;
      
        # Create New Admin User for Nextcloud
        CREATE USER 'nextcloud_admin'@'localhost' IDENTIFIED BY '$OTHER_NEW_PASSWORD';
      
        # Grant Permissions to the new Admin user to the Nextcloud Schema
        GRANT ALL ON nextcloud.* TO 'nextcloud_admin'@'localhost';
      
        # Refresh all Privileges
        FLUSH PRIVILEGES;
      
    • Configure Redis There are many different memory caching strategies for Nextcloud. I like using Redis for this sort of thing, you can chose whichever strategy you prefer. The following (optional) configuration will make redis run on a local socket instead of over TCP. This is better from a security perspective. Update /usr/local/etc/redis.conf to run on local socket
        # /usr/local/etc/redis.conf
      
        ...
      
        port 0
        ...
      
        unixsocket /tmp/redis.sock
        unixsocketperm 750
      
    • Add www user to the wheel group so that it has permission to access this socket.
        pw groupmod wheel -m www
      
    • Start Redis
        /usr/local/etc/rc.d/redis start
      
    • If everything went well, you should see the redis socket in/tmp
        # ls -al /tmp
        total 48
        drwxrwxrwt   7 root   wheel  512 Sep  1 23:02 .
        drwxr-xr-x  18 root   wheel  512 Sep  1 22:03 ..
      
        ...
      
        srwxr-x---   1 redis  wheel    0 Sep  1 23:02 redis.sock
      
        ...
      
  6. Download Nextcloud We are almost there! The last few steps are to actually download and configure Nextcloud. You can get the latest version of Nextcloud from here.
     # Go to the default apache data directory
     cd /usr/local/www/apache24/data
    
     # Download Nextcloud
     wget https://download.nextcloud.com/server/releases/nextcloud-10.0.0.zip
    
     # Unzip Nextcloud
     unzip nextcloud-10.0.0.zip
    
     # Make sure the www user owns this directory
     chown -R www:www nextcloud
    
  7. Install and run certbot by LetsEncrypt The full instructions are available here but the gist is:
     # Install the Package
     pkg install py27-certbot
    
     # Generate the Cert
     certbot certonly
    

    Go through the certbot UI and fill out your site specific details. If all goes well you should see a message that says:

    Congratulations! Your certificate and chain have been saved at/usr/local/etc/letsencrypt/live/$YOUR_SITE/fullchain.pem

  8. Create a VirtualHost Configuration for Nextcloud Create a new file called $YOUR_SITE.conf in /usr/local/etc/apache24/Includes, the contents of this file should have a VirtualHost specification for your new Nextcloud site. The first VirtualHost will listen on port 80 and redirect all requests to HTTPS. The second VirtualHost will listen on port 443 and serve your actual Nextcloud site.
     <VirtualHost *:80>
       ServerAdmin $YOUR_EMAIL
       ServerName $YOUR_SITE
    
       RewriteEngine on
       RewriteCond %{SERVER_NAME} =$YOUR_SITE
       RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
       </VirtualHost>
    
     Listen 443
    
     <IfModule mod_ssl.c>
       <VirtualHost *:443>
         ServerAdmin $YOUR_EMAIL
         ServerName $YOUR_SITE
    
         DirectoryIndex index.php
         DocumentRoot /usr/local/www/apache24/data/nextcloud
         SSLCertificateFile /usr/local/etc/letsencrypt/live/$YOUR_SITE/fullchain.pem
         SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/$YOUR_SITE/privkey.pem
    
         SSLEngine on
    
         # Intermediate configuration, tweak to your needs
         SSLProtocol             all -SSLv2 -SSLv3
         SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
         SSLHonorCipherOrder     on
         SSLCompression          off
    
         SSLOptions +StrictRequire
    
         <Directory /usr/local/www/apache24/data/nextcloud>
           AllowOverride all
         </Directory>
    
         <IfModule mod_headers.c>
           Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
         </IfModule>
    
       </VirtualHost>
     </IfModule>
    

    Start apache with /usr/local/etc/rc.d/apache24 start

  9. Configure Nextcloud
    • Verify Installation Go to http://$YOUR_SITE.com, verify that you get redirected to HTTPS and that the certificate shows up as valid.
    • Create Admin Account If this page loads properly, you should create an admin user, set the data directory location, and fill in the database credentials from step 5.
    • Tweak Config File We need to tweak the config file in order to enable Redis memory caching. Open up/usr/local/www/apache24/data/nextcloud/config/config.php and add:
        # /usr/local/www/apache24/data/nextcloud/config/config.php
      
        ...
      
        'memcache.locking' => '\\OC\\Memcache\\Redis',
        'memcache.local' => '\\OC\\Memcache\\Redis',
        'redis' =>
        array (
        'host' => '/tmp/redis.sock',
        'port' => 0,
        ),
      
    • Use System Cron Job By default NextCloud uses an AJAX cron, the performance is a bit better if you let the system cron handle this. Add the following to the crontab:
        # crontab -u www-data -e
        PATH=/usr/local/bin
        */15  *  *  *  * php -f /usr/local/www/apache24/data/nextcloud/cron.php
      

      Once this has been added, select Cron from Admin -> Settings

Enjoy Nextcloud That was a lot of steps, but now we have a private, self hosted, secure, and affordable Nextcloud instance. If you ran into any issues during installation please let me know in the comments below!


You can add a comment via Email. Or use the embedded discourse form shown below: