The Nextcloud Ultimate Guide

Nextcloud is a open-source, self-hosted file sync and share platform. Thanks to nextcloud you can access and sync your files across your devices. I regurarly use this tool with my private files and now I can't live without it.

I have recentrly moved from owncloud to nextcloud. THere where many improvements on the features side but the performance was not optimal. Because the download/upload speed coudn't pass the 300kb/s I decided to restart fresh with nextcloud 11. Such a change!!! I have reached speeds of 20MB/s. I coudn't be happier with nextcloud and I hope you will be to one complited this guide

Being able to configure effectively nextcloud is trivial to get the best performance. While the documentation available at nextcloud.com may be enough to configure nextcloud there are some missing features that can enhance the security and performance of your nextcloud server. *Even if only nextcloud is mentioned in this guide the instructions perfectly works for nexcloud too.

The guide includes: php-apcu, redis-server and php7.0-redis installation from source, fail2ban rules to protect the nextcloud login from bruteforce and how to backup the nextcloud data through a samba server.

Responsive image

Apcu

Apcu is a performant local cache for php. It is the suggested option for non distributed environments.

We can install Apcu from ubuntu 16.04 official repo.

Let's start:

sudo apt install php7.0-apcu

Redis Server

Data canche can significantly improve your nextcloud server performance as frequently-requested objects or recent one can be store in a memory. Redis is particulary apt for distributed caching (it can be used for local caching too) and transactional file locking where file locks are stored helping prevent file corruption.

You are not required to compile redis as ubuntu 16.04 already includes a suitable version for php 7.0 but it could increase both performance and security.

Let's start:

Change directory to tmp

Download the sorce code from the official redis website, extract the code and enter in the directory

wget http://download.redis.io/releases/redis-3.2.6.tar.gz

tar -zxvf redis-3.2.6.tar.gz

cd redis-3-2-6

Now compile redis and test it before install

sudo make

sudo make test

If the test was positive you can proceed with the installation. You can leave the default configuration options.

sudo make install

cd utils && sudo ./install_server.sh

Php7.0-redis

Php7.0-redis is a dependency that enables the use of redis in conjunction with php. It can be installed from source from the official github page.

First install the required dependencies

sudo apt install php7.0-dev

Download the sorce code from github

wget https://github.com/phpredis/phpredis/ archive/3.0.0.tar.gz

tar -zxvf 3.0.0.tar.gz

cd phpredis-3.0.0

Now compile phpredis

sudo phpize && sudo ./configure && sudo make && sudo make install

Now create the configuration file and write the parameters for phpredis

sudo touch /etc/php7.0/mods-available/redis.ini && sudo echo 'extension=redis.so' > /etc/php7.0/mods-available/redis.ini

Finally enable the extension and restart apache

sudo phpenmod redis && sudo service apache2 restart

At this point redis-server and phpredis are finally installed in the system. However, we still need to set the config of nextcloud to instruct the program to use redis:

Fail2ban Nextcloud Login

To protect the nextcloud login from bruteforce attacks we need to block any attacker that tries a combination of password multiple times. In order to do that we will create a new rule and filter in fail2ban. If you don't know how to install fail2ban follow these instructions.

I had the 9.x version intalled for a long time without issues. I am now testing the 10.x branch. I will let you now soon :)

Let's start:

cd /etc/fail2ban

nano fail2ban.local

Include a new section in the configuration as follow:

After that create a new filter

cd filter.d

nano nextcloud.conf

Write as follow:

Nextcloud Backup

There are many methods to backup nextcloud. It could be on a separate hard drive with rsync or by mounting a samba share. Between the apps available in nextcloud there is one that promises backups. However, the application is not reliable. In this tutorial I will show you how to backup the nextcloud data and configuration file by mounting at every system boot a local samba share and finally use rsync to syncronize the data. This method could be usefull in case you have a nas or a windows/linux pc with some available space for the backup. Alternatively this method can be easily adapted to the case where an external hdd is attached to the server.

This guide doesn't include the backup of the Mysql database. I believe that home users shoudn't care to backup the database. Restarting an installation from fresh by uploading the data is always the best choice.

Let's start:

First you need to install samba. There is a certain confusion online between people saying you should install the samba-client package or cifs. The confusion between the two technologies both supporting samba shares but called differently can be easily explained: The samba-utils is the most recent package supporting the latest features of samba server, while samba-client is an old package that was used when samba server was at version 2 or lower.In this tutorial I will be covering only the client configuration, assuming you already have a samba server set-up. If you need further informations on the cifs/samba-client matter you can look for a much complete explanation at the linux samba guide.

sudo apt install samaba-utils

Create a folder in the root where you will mount the samba share. For example /backup.

After save the samba credentials in a file. Any location in the root will be okay. In this case I put the file under etc

sudo nano /etc/CredentialsSamba

Write the following and save:

With the next step we will instruct the system to mount the samba share automatically at boot in a dedicated location

cd /etc/samba/ && sudo nano fstab

Write the following line: (exec 0 0 is a very important security feature that prevents the system to execute code from the samba share)

//[SambaServerIP]/[SambaServerShareFolder] /backup cifs credentials=/etc/CredentialsSamba, xec 0 0

Now that the folder is mounted we need to write cron commands in order to automate backups.

sudo crontab -u root -e

This article was last updatated the 18/09/17