Nextcloud

2 days ago
benshollis
4 minutes

Nextcloud is an opensource cloud storage, video call, instant messaging tool that functions as a self hosted version of Google Drive or Onedrive. It allows for multiple users to be created and even direct online links to share files online without needing to make an account on the cloud hosts server. It can be accessed through a website or through the official mobile apps for iOS and Android. I have dedicated a 512gb drive to the data and have the vm and the software on a 20gb virtual drive from the larger 2TB storage drive. I don’t plan to backup huge amounts of data here but it is a great way to have access to certain files across multiple devices and to share documents to others. The challenge here was to keep the files secure and for traffic to remain encrypted. I did not want to open unnecessary ports on my home router. I went with a solution that uses cloudflare tunnels to create this service. Nextcloud stores data in a MySQL database and for that I am using MariaDB.

See here for notes on mounting new drives to iDrac and Proxmox

Setup

I created the new VM in proxmox and gave it 2gb of ram and 2 cpu cores.

Update the system

sudo apt update && sudo apt upgrade -y

Install LAMP stack 

$sudo apt install apache2 mariadb-server libapache2-mod-php php php-mysql php-gd php-curl php-xml php-mbstring php-zip php-bcmath php-imagick php-intl unzip -y

Configure MariaDB

$ sudo mysql_secure_installation

Log into MariaDB

$ sudo mysql -u root -p

Inside MariaDB shell

CREATE DATABASE nextcloud;
CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'securepassword';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Download and setup Nextcloud

$ cd /var/www/
$ sudo wget https://download.nextcloud.com/server/releases/latest.zip
$ sudo unzip latest.zip
$ sudo chown -R www-data:www-data nextcloud/
$ sudo chmod -R 755 nextcloud/

Configure Apache

$ sudo nano /etc/apache2/sites-available/nextcloud.conf
<VirtualHost *:80>
    ServerAdmin admin@yourdomain.com
    DocumentRoot /var/www/nextcloud
    ServerName your.domain.or.local.ip

    <Directory /var/www/nextcloud/>
        Options +FollowSymlinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/nextcloud_error.log
    CustomLog ${APACHE_LOG_DIR}/nextcloud_access.log combined
</VirtualHost>

Enable the site

$ sudo a2ensite nextcloud.conf
$ sudo a2enmod rewrite
$ sudo systemctl restart apache2

Enable and allow traffic through the firewall

$ sudo ufw allow 80
$ sudo ufw enable

Go to the web browser and finalize setup

http://<server-ip>

Enter the:
User:
Pass:
Database: nextcloud
host: localhost

Click finish setup

Setting up Nextcloud as a domain

Now nextcloud is a working service that functions only on my local network. This doesn’t really help me do anything and I want the service to connect online. To do this I have connected the nextcloud vm to a cloudflare reverse proxy tunnel and use the cloudflare name servers on my domain to create a subdomain that will route traffic to the vm with SSL certificates. Encrypted, zero trust, low attack surface.

First I went to my domain provider and got a copy of the CNAME and A for this website records. Those were then copied over to cloudflare. After ensuring that my website was still online with the DNS records being moved from the domain provider to cloudflare.

Add a Subdomain for Nextcloud

Add this record to the DNS and it will be pointed to nextcloud later

CNAME nextcloud @ Proxied

Now that cloudflare is setup for my website I can use it to create new records to make subdomains that use cloudflared proxy. Inside the Nextcloud VM it is time to install cloudflared tunnel

$ sudo apt update
$ sudo apt install cloudflared
$ cloudflared tunnel login

Open the link that cloudflare gives to login and link it to your account. Then create a new tunnel

$ cloudflared tunnel create nextcloud-tunnel

The config is stored at

~/.cloudflared

Create a public hostname, and create the config

$ cloudflared tunnel route dns nextcloud-tunnel nextcloud.hollis.fun
$ sudo nano /etc/cloudflared/config.yml

APPEND TO CONFIG.YML

tunnel: nextcloud-tunnel
credentials-file: /root/.cloudflared/<tunnel-id>.json

ingress:
  - hostname: nextcloud.hollis.fun
    service: http://localhost:80
  - service: http_status:404

Replace the <tunnel-id>.json with the file located at /root/.cloudflared

Start the tunnel as a service

$ sudo cloudflared service install
$ sudo systemctl enable cloudflared
$ systemctl start cloudflared

It is now hosted!

Disable HTTP and force self signed HTTPS for SSL 

$ sudo nextcloud.enable-https self-signed

Leave a Reply 0

Your email address will not be published. Required fields are marked *