Nextcloud, a fork of ownCloud, is a open-source file sharing server that allows you to store your personal content, like documents and pictures, in a centralized location, much like Dropbox. It also returns the control and security of your sensitive data back to you, thus eliminating the use of a third-party cloud hosting service. Here, I’m going to walk through the installing and configurations on Ubuntu 18.04 using the snappy packaging system.
Installing the Nextcloud snap on Ubuntu 18.04, no special tooling required, just one single command.
sudo snap install nextcloud
The Nextcloud package will be downloaded and installed on your server. You can confirm that the installation process was successful by listing the changes associated with the
sudo snap changes nextcloud
Create an admin account
There are a few different ways you can configure the Nextcloud snap. Here, rather than creating an administrative user through the web interface, we will create one on the command line in order to avoid a small window where the administrator registration page would be accessible to anyone visiting your server’s IP address or domain name.
To configure Nextcloud with a new administrator account, use the
nextcloud.manual-install command. You must pass in a username and a password as arguments:
sudo nextcloud.manual-install <username> <password>
#Nextcloud was successfully installed
You can use
nextcloud.occ to add an user and add it to the admin group:
sudo nextcloud.occ user:add <username>
# it will prompt you to enter password
sudo nextcloud.occ group:adduser admin <username>
If you forget a password, you can reset it:
sudo nextcloud.occ user:resetpassword <username>
For more configurations available in
sudo nextcloud.occ list. Append
-h for help information.
Adjusting the trusted domains
After installing the Nextcloud, we need to adjust the trusted domains so that Nextcloud will respond to requests using the server’s domain name or IP address.
You can view the current settings by querying the value of the
sudo nextcloud.occ config:system:get trusted_domains
By default, only localhost is presented as the first value in the array, and the service only responds to requests made to the localhost hostname.
We can add an entry for our server’s domain name or IP address by typing:
sudo nextcloud.occ config:system:set trusted_domains 1 --value=domain.example.com
sudo nextcloud.occ config:system:set trusted_domains 2 --value=x.x.x.x (your public ip)
Securing the Nextcloud web interface with SSL
If your server didn’t have any service running on
443 ports, you can easily get a Let’s Encrypt SSL certificate with:
sudo nextcloud.enable-https lets-encrypt
However, these two ports are ready been used on my server. So I have to manually get SSL up.
First, refer to my previous post to get a Let’s Encrypt SSL certificate with Nginx: Obtain TLS certificate with Let’s Encrypt, or get a Let’s Encrypt SSL certificate through DNS challenges:
sudo apt install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install certbot
sudo certbot certonly --manual --preferred-challenges=dns
Then, back to Nextcloud’s help instructions:
sudo nextcloud.enable-https custom -h
nextcloud.enable-https custom [-h -s] <cert> <key> <chain>
Use certificates generated by other means. Note that
the files provided to this command must be readable
by the snap, which means they must contained in one
of four directory trees:
Also note that this command will create copies of the
files provided; if this command completes
successfully, they can be safely removed.
-h: Display this help message.
-s: Enable HTTP Strict Transport Security (HSTS)
(default is off-- leave off if self-signed).
You need to copy these
.pem files got from Let’s Encrypt to one of these specified directory that snap Nextcloud can access.
/var/snap/nextcloud/current, for example.
Then enable https using following command:
nextcloud.enable-https custom ./cert.pem ./privkey.pem ./chain.pem
After Nextcloud finishing process these files, you can safely delete them under the
HTTP/HTTPS port configuration
If you’re not using
443 for Nextcloud, you need to configure them before starting the web interface:
sudo snap set nextcloud ports.http=81
sudo snap set nextcloud ports.https=444
If the port you specified is conflicted with other programs running on the same server, Nextcloud won’t start up. So, make sure the ports are not consumed by others.
Also, ensure these ports are allowed in your firewall.
Logging in to the Nextcloud web interface
Now that Nextcloud is configured, visit your server’s domain name or IP address in your web browser:
Since you have already configure an administrator account from the command line, you will be taken to the Nextcloud login page. Enter the credentials you created for the administrative user.
Your installation is now complete and secured. Feel free to explore the interface to get more familiarity with the features and functionality of your new Nextcloud.
More configurations can be found at Snappy Nextcloud README.
Different from official Nextcloud, snap Nextcloud allow user to connect via WebDav using:
The following GitHub issue goes into much more detail:
Note that snap Nextcloud cannot access your files in your home folder. Also note that the interface providing the ability to access removable media is not automatically connected upon install, so if you’d like to use external storage (or otherwise use a device in
/media for data), you need to give the snap permission to access removable media by connecting that interface:
sudo snap connect nextcloud:removable-media
which means that the snap Nextcloud would be able to access removable media (e.g. anything mounted under
A workaround to allow snap Nextcloud to assess your home folder is mounting to
/media. But I found only folders created by
root user can provide full permissions.
# exit root user account
sudo mount -o bind /home/<username>/public /media/public
Now, in Nextcloud web interface, you can add
/media/public in External Storages app. Anything stored in the
/home/<username>/public is mapping to