Setting up snap Nextcloud on Ubuntu

Setting up snap Nextcloud on Ubuntu

a safe cloud space for personal usage

Nextcloud, a fork of ownCloud, is a open-source file sharing server that allows you to store your personal content, like documents and pictures, in a centralized location, much like Dropbox. It also returns the control and security of your sensitive data back to you, thus eliminating the use of a third-party cloud hosting service. Here, I’m going to walk through the installing and configurations on Ubuntu 18.04 using the snappy packaging system.

Install Nextcloud

Installing the Nextcloud snap on Ubuntu 18.04, no special tooling required, just one single command.

sudo snap install nextcloud

The Nextcloud package will be downloaded and installed on your server. You can confirm that the installation process was successful by listing the changes associated with the snap:

sudo snap changes nextcloud

Create an admin account

There are a few different ways you can configure the Nextcloud snap. Here, rather than creating an administrative user through the web interface, we will create one on the command line in order to avoid a small window where the administrator registration page would be accessible to anyone visiting your server’s IP address or domain name.

To configure Nextcloud with a new administrator account, use the nextcloud.manual-install command. You must pass in a username and a password as arguments:

sudo nextcloud.manual-install username password

####
#Nextcloud was successfully installed

Adjusting the trusted domains

After installing the Nextcloud, we need to adjust the trusted domains so that Nextcloud will respond to requests using the server’s domain name or IP address.

You can view the current settings by querying the value of the trusted_domains array:

sudo nextcloud.occ config:system:get trusted_domains

By default, only localhost is presented as the first value in the array, and the service only responds to requests made to the localhost hostname.

We can add an entry for our server’s domain name or IP address by typing:

sudo nextcloud.occ config:system:set trusted_domains 1 --value=domain.example.com
sudo nextcloud.occ config:system:set trusted_domains 2 --value=x.x.x.x (your public ip)

Securing the Nextcloud web interface with SSL

If your server didn’t have any service running on 80 and 443 ports, you can easily get a Let’s Encrypt SSL certificate with:

sudo nextcloud.enable-https lets-encrypt

However, these two ports are ready been used on my server. So I have to manually get SSL up.

First, refer to my previous post to get a Let’s Encrypt SSL certificate with Nginx: Obtain TLS certificate with Let’s Encrypt, or get a Let’s Encrypt SSL certificate through DNS challenges:

sudo apt install software-properties-common
sudo add-apt-repository ppa:certbot/certbot

sudo apt update
sudo apt install certbot

sudo certbot certonly --manual --preferred-challenges=dns

Then, back to Nextcloud’s help instructions:

sudo nextcloud.enable-https custom -h
Usage:
    nextcloud.enable-https custom [-h -s] <cert> <key> <chain>

    Use certificates generated by other means. Note that
    the files provided to this command must be readable
    by the snap, which means they must contained in one
    of four directory trees:
      - /var/snap/nextcloud/current
      - /var/snap/nextcloud/common
      - /root/snap/nextcloud/16739
      - /root/snap/nextcloud/common

    Also note that this command will create copies of the
    files provided; if this command completes
    successfully, they can be safely removed.

    -h: Display this help message.
    -s: Enable HTTP Strict Transport Security (HSTS)
        (default is off-- leave off if self-signed).

You need to copy these .pem files got from Let’s Encrypt to one of these specified directory that snap Nextcloud can access. /var/snap/nextcloud/current, for example.

Then enable https using following command:

cd /var/snap/nextcloud/current/

nextcloud.enable-https custom ./cert.pem ./privkey.pem ./chain.pem

After Nextcloud finishing process these files, you can safely delete them under the /var/snap/nextcloud/current directory.

HTTP/HTTPS port configuration

If you’re not using 80 and 443 for Nextcloud, you need to configure them before starting the web interface:

sudo snap set nextcloud ports.http=81
sudo snap set nextcloud ports.https=444

If the port you specified is conflicted with other programs runninng on the same server, Nextcloud won’t start up. So, make sure the ports are not consumed by others.

Also, ensure these ports are allowed in your firewall.

Logging in to the Nextcloud web interface

Now that Nextcloud is configured, visit your server’s domain name or IP address in your web browser:

https://domain.example.com:port

Since you have already configure an administrator account from the command line, you will be taken to the Nextcloud login page. Enter the credentials you created for the administrative user.

Your installation is now complete and secured. Feel free to explore the interface to get more familiarity with the features and functionality of your new Nextcloud.

More configurations can be found at Snappy Nextcloud README.

External storage

Note that snap Nextcloud cannot access your files in your home folder. Also note that the interface providing the ability to access removable media is not automatically connected upon install, so if you’d like to use external storage (or otherwise use a device in /media for data), you need to give the snap permission to access removable media by connecting that interface:

sudo snap connect nextcloud:removable-media

which means that the snap Nextcloud would be able to access removable media (e.g. anything mounted under /media).

A workaround to allow snap Nextcloud to assess your home folder is mouting to /media. But I found only folders created by root user can provide full permissions.

sudo su

mkdir /home/<username>/public
mkdir /media/public

# exit root user account
exit

sudo mount -o bind /home/<username>/public /media/public

Now, in Nextcloud web interface, you can add /media/public in External Storages app. Anything stored in the /home/<username>/public is mapping to /media/public.

林宏

Frank Lin

Hey, there! This is Frank Lin (@flinhong), one of the 1.4 billion 🇨🇳. This 'inDev. Journal' site holds the exploration of my quirky thoughts and random adventures through life. Hope you enjoy reading and perusing my posts.

YOU MAY ALSO LIKE

Setup an IKEv2 server with StrongSwan

Tutorials

2020.01.09

Setup an IKEv2 server with StrongSwan

IKEv2, or Internet Key Exchange v2, is a protocol that allows for direct IPSec tunneling between the server and client. In IKEv2 implementations, IPSec provides encryption for the network traffic. IKEv2 is natively supported on some platforms (OS X 10.11+, iOS 9.1+, and Windows 10) with no additional applications necessary, and it handles client hiccups quite smoothly.