Install Nextcloud on Arch Linux with Nginx, MariaDB and PHP7 in 2019
In this tutorial, I will show you how to set up your own Nextcloud server on Arch Linux with Nginx, MariaDB and PHP7. Nextcloud is an open-source self-hosted alternative to Dropbox. With Nextcloud, you can sync files between your computer, tablet and smartphone.
Prerequisites
This tutorial assumes that you have already installed a LEMP stack (Linux, Nginx, MariaDB/MySQL, PHP) on Arch Linux. If you haven’t already done so, please check out the below easy-to-follow guide.
After you install LEMP stack, come back here and follow the instructions below. If you have an Arch Linux server, then ssh into it. You can also use your local Arch Linux computer.
Step 1: Install Nextcloud Server on Arch Linux
Download the NextCloud zip archive onto your server. The latest version is NextCloud 16.0.1. You may need to change the version number. Go to https://nextcloud.com/install and click the download button to check out the latest version. You can download the zip archive with wget in the terminal.
sudo pacman -S wget
wget https://download.nextcloud.com/server/releases/nextcloud-16.0.1.zip
Install unzip and extract it to the document root of Nginx web server. (/usr/share/nginx/).
sudo pacman -S unzip sudo unzip nextcloud-16.0.1.zip -d /usr/share/nginx/
Then let Nginx user (http) be the owner of the nextcloud directory.
sudo chown http:http /usr/share/nginx/nextcloud/ -R
Step 2: Create a Database and User in MariaDB
Log into MariaDB database server with the following command:
sudo mysql -u root
Then create a database for Nextcloud. This tutorial name the database nextcloud. You can use whatever name you like.
create database nextcloud;
Create the database user. Again, you can use your preferred name for this user. Replace your-password with your preferred password.
create user nextclouduser@localhost identified by 'your-password';
Grant this user all privileges on the nextcloud database.
grant all privileges on nextcloud.* to nextclouduser@localhost identified by 'your-password';
Flush the privileges table and exit.
flush privileges; exit;
Step 3: Enable Binary Logging in MariaDB
Edit the main MariaDB server configuration file.
sudo nano /etc/my.cnf.d/server.cnf
Add the following two lines below the [mysqld] line.
log-bin = mysql-bin binlog_format = mixed
The format of binary log must be set to mixed. Save and close the file. Then restart MariaDB service.
sudo systemctl restart mariadb
Step 4: Create an Nginx Config File for Nextcloud
First, create a conf.d directory for individual Nginx config files.
sudo mkdir /etc/nginx/conf.d
Then create a config file for Nextcloud.
sudo nano /etc/nginx/conf.d/nextcloud.conf
Put the following text into the file.
server {
listen 80;
server_name nextcloud.your-domain.com;
# Add headers to serve security related headers
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /usr/share/nginx/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location ~ /.well-known/acme-challenge {
allow all;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
Replace the red-colored text with your actual data. If you are setting up Nextcloud on your home computer, then enter your private IP address for the server name, like:
server_name 192.168.1.105
Next, edit /etc/nginx/nginx.conf file
sudo nano /etc/nginx/nginx.conf
Add the following line in the http section so that individual Nginx config files will be loaded.
include /etc/nginx/conf.d/*.conf;
Like this:
http {
include /etc/nginx/conf.d/*.conf;
include mime.types;
default_type application/octet-stream;
.....
Save and close the file. Then test Nginx configurations.
sudo nginx -t
If the test is successful, reload Nginx for the changes to take effect.
sudo systemctl reload nginx
Step 5: Install and Enable PHP Modules
Nextcloud requires mysql, gd, zip , intl and curl modules to be enabled in order to work properly. mysql module is already installed in the previous LEMP tutorial. Now install gd and intl module with the following command:
sudo pacman -S php-gd php-intl
Then edit php.ini file.
sudo nano /etc/php/php.ini
Find the following 6 lines (There are on about line 900). Remove the semicolons to enable these 6 modules.
;extension=mysqli ;extension=pdo_mysql ;extension=gd ;extension=intl ;extension=zip ;extension=curl
You can also run the following 6 commands to enable these extensions on Arch Linux, so you don’t have to open the file and find the 6 lines. The sed text editor will search and replace text without opening the file.
sudo sed -i 's/;extension=mysqli/extension=mysqli/g' /etc/php/php.ini sudo sed -i 's/;extension=pdo_mysql/extension=pdo_mysql/g' /etc/php/php.ini sudo sed -i 's/;extension=gd/extension=gd/g' /etc/php/php.ini sudo sed -i 's/;extension=zip/extension=zip/g' /etc/php/php.ini sudo sed -i 's/;extension=curl/extension=curl/g' /etc/php/php.ini sudo sed -i 's/;extension=intl/extension=intl/g' /etc/php/php.ini
Save and close the file. Then reload php-fpm process for the changes to take effect.
sudo systemctl reload php-fpm
the Nextcloud Web Installer
Now in your browser address bar, type
nextcloud.your-domain.com
to access the Nextcloud web installer. If you are installing on a local Arch Linux computer, type your private IP address such as 192.168.1.105. You will see the following.
You need to create an administrative account and connect NextCloud service with MariaDB database. Enter the database username, password and database name you created earlier. Once it’s done, your Nextcloud server is ready to rock.
If you are using a remote Arch Linux server, I recommend installing a SSL/TLS certificate before you finish the installation in the web browser to prevent malicious sniffing.
Get A Free SSL Certificate from Let’s Encrypt
This step is necessary on a remote server because you want to make sure your Nextcloud username and password are not sniffed by malicious people. Skip this step if you are setting up Nextcloud on your home computer.
First we need to install the certbot client and Nginx plugin which is available in Arch Linux community repository.
sudo pacman -S certbot certbot-nginx
Then use the Nginx plugin to obtain and install a certificate for Nginx Web server like below.
sudo certbot --nginx --agree-tos --redirect --staple-ocsp --email your-email-address -d nextcloud.your-domain.com
I assume you are using a domain name like nextcloud.your-domain.com to access the ownCloud web interface. You also need to point your domain name to your server IP in DNS before running the above command.
Once the certificate is obtained and installed, reload Nginx.
sudo systemctl reload nginx
Auto-Renew TLS Certificate
It’s advisable to auto-renew Let’s Encrypt TLS certificate. We can achieve that with cron job. First install cronie on Arch Linux.
sudo pacman -S cronie
Start the cron daemon.
sudo systemctl start cronie
Enable auto start at system boot time.
sudo systemctl enable cronie
Then edit the crontab file of root user.
sudo crontab -e
Put the following line into the file which will try to renew your cert once per day.
@daily certbot renew --quiet
Save and close the file.
Configure OPcache to Improve Performance
OPcache can improve performance of PHP applications by caching precompiled bytecode. By default, OPcache isn’t enabled on Arch Linux. To enable it, open the php.ini file.
sudo nano /etc/php/php.ini
Find the following line.
;zend_extension=opcache
Remove the semicolon so that the OPcache extension (aka module) can be enabled. Save and close the file. Then reload PHP-FPM.
sudo systemctl reload php-fpm
Now you can check enabled modules with the following command.
php -m
Be default, all opcache settings in php.ini file is commented out. For best performance, it’s recommended to use the following settings.
opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1
After making these changes. Save and close the file. And reload PHP-FPM
sudo systemctl reload php-fpm
Increase Upload File Size Limit
The default maximum upload file size limit set by Nginx is 1MB. To allow uploading large files to your NextCloud server, edit the Nginx configuration file for NextCloud.
sudo nano /etc/nginx/conf.d/nextcloud.conf
We have already set the maximum file size in this file, as indicated by
client_max_body_size 512M;
You can change it if you prefer, like 1G.
client_max_body_size 1024M;
Save and close the file. Then reload Nginx for the changes to take effect.
sudo systemctl reload nginx
PHP also sets a limit of upload file size. The default maximum file size for uploading is 2MB. To increase the upload size limit, edit the PHP configuration file.
sudo nano /etc/php/php.ini
Find the following line:
upload_max_filesize = 2M
Change the value like below:
upload_max_filesize = 1024M
Save and close the file. Then restart PHP-FPM.
sudo systemctl restart php-fpm
Increase PHP Memory Limit
The default PHP memory limit is 128MB. NextCloud recommends 512MB for better performance. To change PHP memory limit, edit the php.ini file.
sudo nano /etc/php/php.ini
Find the following line. (line 404)
memory_limit = 128M
Change the value.
memory_limit = 512M
Save and close the file. Alternatively, you can run the following command to change the value without manually opening the file.
sudo sed -i 's/memory_limit = 128M/memory_limit = 512M/g' /etc/php/php.ini
Then reload PHP-FPM service for the changes to take effect.
sudo systemctl reload php-fpm
Configure Redis Cache for NextCloud
If you go to your NextCloud settings -> overview page, you might see the following warning:
No memory cache has been configured. To enhance your performance please configure a memcache if available.
We will enable memory caching for nextCloud by using Redis. Run the following command to install Redis server from Arch Linux repository.
sudo pacman -S redis
You can check the version with:
redis-server -v
Sample output:
Redis server v=5.0.6 sha=00000000:0 malloc=jemalloc-5.2.1 bits=64 build=862f233732e771fd
Start Redis.
sudo systemctl start redis
Use the following command to enable auto-start at boot time.
sudo systemctl enable redis
In order to configure Redis as a cache for nextCloud, we need to install the PHP extension for interfacing with Redis.
sudo pacman -S php-redis
Now we need to enable the PHP igbinary and redis extension. Go to the /etc/php/conf.d/ directory, open the igbinary.ini file and remove the semicolon to enable igbinary extension.
extension=igbinary.so
Also open the redis.ini file and remove the semicolon to enable redis extension.
extension=redis
Then restart PHP-FPM.
sudo systemctl restart php-fpm
Check if the extension is enabled.
php --ri redis
Output:
redis Redis Support => enabled Redis Version => 5.0.2 Available serializers => php, json, igbinary Available compression => lzf Directive => Local Value => Master Value redis.arrays.algorithm => no value => no value redis.arrays.auth => no value => no value redis.arrays.autorehash => 0 => 0 redis.arrays.connecttimeout => 0 => 0 redis.arrays.distributor => no value => no value redis.arrays.functions => no value => no value redis.arrays.hosts => no value => no value redis.arrays.index => 0 => 0 redis.arrays.lazyconnect => 0 => 0 redis.arrays.names => no value => no value redis.arrays.pconnect => 0 => 0 redis.arrays.previous => no value => no value redis.arrays.readtimeout => 0 => 0 redis.arrays.retryinterval => 0 => 0 redis.arrays.consistent => 0 => 0 redis.clusters.cache_slots => 0 => 0 redis.clusters.auth => no value => no value redis.clusters.persistent => 0 => 0 redis.clusters.read_timeout => 0 => 0 redis.clusters.seeds => no value => no value redis.clusters.timeout => 0 => 0 redis.pconnect.pooling_enabled => 1 => 1 redis.pconnect.connection_limit => 0 => 0 redis.session.locking_enabled => 0 => 0 redis.session.lock_expire => 0 => 0 redis.session.lock_retries => 10 => 10 redis.session.lock_wait_time => 2000 => 2000
We can see that Redis extension is enabled. Next, edit NextCloud configuration file.
sudo nano /usr/share/nginx/nextcloud/config/config.php
Add the following lines above the ); line.
'memcache.distributed' => '\OC\Memcache\Redis', 'memcache.local' => '\OC\Memcache\Redis', 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => 'localhost', 'port' => 6379, ),
Save and close the file. Then restart Nginx and PHP-FPM.
sudo systemctl restart nginx php-fpm
Now go to nextCloud admin page again, the warning about memory caching should be gone.
Wrapping Up
Congrats! You have successfully set up NextCloud personal cloud storage on Arch Linux with Nginx, MariaDB and PHP7. As always, if you found this post useful, then please subscribe to our free newsletter or follow us on Google+, Twitter or like our Facebook page. Thanks for visiting!
Ok.
I’ve got a few questions:
1.I’ve got my domain setup so:
cloud.domain.com points to the same IP as domain.com
What if I want to have a normal website at domain.com and a drive at cloud.domain,com? (Even domain.com/cloud would be nice)
2. Do you know how can I get transmission which is accessible through domain.com:port to be accessible as either transmission.domain.com or domain.com/transmission?
It’s my first time with a web server 😀
P.S.
Also, this installation destroyed my plex web player.
Trying to access it through localip:32400 or publicip:14885 throws me at the nextcloud page
An IP can host multiple domains ( or websites), however you need to be careful about what web server you use and the configurations.
The configurations in this tutorial is suitable when you want a normal website at domain.com and a drive at cloud.domain.com. You just need to follow the instructions in this tutorial to setup cloud.domain.com. If you want a normal website, then you need to create another nginx config file under /etc/nginx/conf.d/ for your website.
I wrote a tutorial about Deluge torrent on Ubuntu 16.04 server before.
How to Install Latest Deluge BitTorrent Client on Ubuntu 16.04/14.04
and qbittorrent
Install qBittorrent on Ubuntu 16.04 Desktop and Server
Although it’s for Ubuntu, you can apply the configurations on Arch Linux because both Arch and Ubuntu use systemd now. I will write a transmission tutorial in the near future.
Hey.
You are really helpful, your tuts are pretty good and I hope I’m not bothering you too much, but I’ve ran into more issues.
I wanted to use phpMyAdmin, to fix a few things with my database, but
-Instaling it
-Adding a symlink to /usr/share/nginx/html/phpMyAdmin
-Even adding “mydomain.com mypublicIP mylocalIP” to server_name in nginx.conf
Doesn’t let me access it with “mylocalIP/phpMyAdmin” or “mypublicIP/phpMyAdmin” leaving me with error 404
Though adding proxy_pass for transmission works flawlessly.
I haven’t done much more outside of your tutorials, so you could maybe help me fix that.
You need to specify the location of index.php for phpMyAdmin. After creating the symlink, add the following directives in nginx.conf server section
location /phpMyAdmin/ { root /usr/share/nginx/html/; index index.php; }Save the file. Then reload nginx for the changes to take effect.
Ok. I’m really a noob 😀
I was trying to access domain.com/phpMyAdmin
while the name of the symlink was called:
phpmyadmin
Changing it to phpMyAdmin fixed my issues 😀
Also, there is no “letsencrypt” package, but “cerbot” is.
The command is updated to certbot.
I’ve got another issue Xiao 😀
In /usr/share/nginx/nextcloud/data/nextcloud.log I can read this:
How can I fix that?
Pasting again
into mysql command line editor (inside nextcloud database of course) doesn’t address the issue.
My nextcloud.log also has these lines. If you can use Nextcloud without issues, I believe these errors can be ignored.
The thing is that I can’t Create users in the web interface configuration.
I’m almost sure I’ve wrote that somewhere already.
When I press create in the users settings, nothing happens and my browser returns:
“Failed to load resource: the server responded with a status of 403 (Forbidden)
Uncaught TypeError: Cannot read property ‘message’ of undefined(…)”
Except from the above post I haven’t found any other info on what could be the cause of it.
I can create users on my Nextcloud server without issues. You may want to check out the nginx error log /var/log/nginx/error.log which may give you a hint of what’s wrong.
There is no error.log file 🙁 only access.log
Thank you so much for all your help. I wouldn’t have done it without you.
My issue was in one of managment/security apps, but I’m not really sure which, because I turned a bunch of them, turned some back on and user creation works just fine.
I think I’m set now and there will be no more need to bother you 🙂
I wish you all the best 🙂
I follwed the tutorial to the letter and everything was testing good until the very end. when I put my private ip in for the last step I get this message in chrome:
This version of Nextcloud is not compatible with > PHP 7.2.
You are currently running 7.3.6.
I am a complete newb to this and have no idea where to start.
I also followed your tut to set up the database and that went well. If you have any advice I would sure appreciate it.
You probably downloaded Nextcloud 13, which is incompatible with PHP7.3. The latest stable version is Nextcloud 16, which is what you should use.
Sorry I didn’t update the download command, but I said you should check out the latest version.
To reinstall Nextcloud,
1 ) delete the nextcloud folder,
2) Log into MariaDB and delete the nextcloud database.
3) Download NextCloud 16
And follow this tutorial again.
thank you, Ive removed nextcloud from database and ugraded nextcloud but cant seem to create new datatbase. here is the error:
$ mysql -u root -p
mysql: unknown variable ‘log-bin=mysql-bin’
did I do something wrong?
In /etc/mysql/my.cnf, you need to add the following two lines
below the [mysqld] line. Then restart MariaDB
I actually had to remove those lines from etc/msql/my.cnf and then readd them to be able to delete the old database and create the new one. ??? so now I get the next cloud image but with this message:
I really appreciate all your help, thank you
I think you didn’t add these two lines correctly in /etc/msql/my.cnf. They should be added below the [mysqld] line.
Open /etc/php/php.ini file, find the following 3 lines
Remove the semicolons to enable the zip and curl extension. Then restart php-fpm.
You can also run the following 3 commands to enable mysqli, zip and curl extensions on Arch Linux, so you don’t have to open the file and find the 3 lines.
I think my problem might be the my.cnf file. I dont actually see an [mysqld] line. And not much in there.
Here is the contents of that file:
#
# This group is read both both by the client and the server
# use it for options that affect everything
#
[client-server]
#
# include all files from the config directory
#
!includedir /etc/mysql/my.cnf.d
log-bin = mysql-bin
binlog_format = mixed
OK I managed to get the nextcloud screen by reinstalling php. dont know why but now Im stuck creating admin user. I created the user, gave it a password and then entered the databasename and password and I get this:
Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [1045] Access denied for user ‘outlaw’@’localhost’ (using password: YES)
The
mariadbpackage on Arch Linux just got updated yesterday. Now MariaDB uses /etc/my.cnf and files in /etc/my.cnf.d/ direcctory.You need to open the
/etc/my.cnf.d/server.cnffile and add the two lines below [mysqld] line.I got it!! I thought it was wanting me to make a new user for the database. and was trying to login with a user that wasnt created yet,, Thank you so much for your help… this is great!!
Hi Xiao and many thanks for your excellent how-to install nextcloud on arch.
When I “sudo nginx -t”, the following results
Is that ok? If not, what should be corrected?
Thanks in advance.
Open the Nginx main configuration file.
Change the value of types_hash_max_size to a greater number such as 4096.
Save and close the file. Test Nginx configuration again, the warning should be gone.
The line
types_hash_max_size
does not exist.
I added under http{
then sudo systemctl reload nginx
and yes the warning is gone.
But now another funny thing shows in nginx -t. The following:
[emerg] 450#450: cannot load certificate "/etc/letsencrypt/live/my-domain-not-listed-here.duckdns.org/fullchain.pem": BIO_new_file() failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/letsencrypt/live/my-domain-not-listed-here.duckdns.org/fullchain.pem','r') error:2006D002:BIO routines:BIO_new_file:system lib)cerbot renew
gives standard output that cert has not expired. And client connects with https flawlessly.
I am stuck.
Help please and thanks you for your assistance.
You should use
sudo nginx -t. /etc/letsencrypt/live/ directory can only be accessed by root.Correct. Somehow sudo, missed my attention.
Thank you.
When I tried to access the Nextcloud web installer, it said lack “php iconv”.
Then I removed the semicolons of “;extension=iconv” in /etc/php/php.ini and problem solved.
Hi Xiao and thanks again for your awesome work.
Maybe you can help with following 2 questions
In the file nextcloud.conf what would you suggest as value for add_header Strict-Transport-Security “max_age” ?
and
systemctl status nginx gives the following error
[error] 423#423: *3 access forbidden by rule, client: xxx.xxx.x.xxx, server: example.com, request: “GET /data/.ocdata?t=1571209111846 HTTP/1.1”, host: “qqq.qqq.q.qqq”, referrer: “https://qqq.qqq.q.qqq/settings/admin/overview”
Thanks in advance.
Hi, I followed your instructions to install nextcloud on my localhost but when I tried to load nexcloud by http://mylocalip nothing happens, the connection always times out. I also tried localip/nextcloud where did I go wrong??
HTTP request sent, awaiting response… 500 Internal Server Error
where to find the logfile so i can konw what’s wrong with the server
I followed the steps until open the nextcloud webpage. I’m receiving an error:
Internal Server Error
The server was unable to complete your request.
If this happens again, please send the technical details below to the server administrator.
More details can be found in the server log.
I was digging and I found information related with the apache configuration `Require all granted` but I cannot find where this apache configuration should be placed.
Any help will be more than welcome.
Tank you
I solved my problem following this thread: https://bbs.archlinux.org/viewtopic.php?id=251050
The main problem is a missconfiguration of php 7.4.0-2. Adding this two lines into
/etc/systemd/system/multi-user.target.wants/php-fpm.service:ProtectSystem=false
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_CHOWN
Thanks for the guide! How would you update the nextcloud server package using this method?
Hi!
Very good and easy guide to follow!
I have a problem with permissions trying to add storage in web-gui it will not write to config. I then changed permissions for nginx to write to config but then I can not log in again. I have tried the php-fpm.service override too.
womp
buen aporte, pero:
The server was unable to complete your request. If this happens again, please send the following technical details to the system administrator. You can check more details in the server’s blog. Technical details
at the time of writing my domain in the search engine