install_nextcloud_nginx_let_encrypt_ssl_ubuntu_20_04_lts
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
install_nextcloud_nginx_let_encrypt_ssl_ubuntu_20_04_lts [2020/06/19 22:43] – [Step 5 - Download Nextcloud] wikiadmin | install_nextcloud_nginx_let_encrypt_ssl_ubuntu_20_04_lts [2020/06/19 23:21] (current) – [Step 8 - Nextcloud Post-Installation] wikiadmin | ||
---|---|---|---|
Line 250: | Line 250: | ||
There, paste the following nextcloud virtual host configuration. | There, paste the following nextcloud virtual host configuration. | ||
+ | |||
+ | < | ||
+ | |||
+ | upstream php-handler { | ||
+ | #server 127.0.0.1: | ||
+ | server unix:/ | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | listen 80; | ||
+ | listen [::]:80; | ||
+ | server_name cloud.hakase-labs.io; | ||
+ | # enforce https | ||
+ | return 301 https:// | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | listen 443 ssl http2; | ||
+ | listen [::]:443 ssl http2; | ||
+ | server_name cloud.hakase-labs.io; | ||
+ | |||
+ | # Use Mozilla' | ||
+ | # https:// | ||
+ | # NOTE: some settings below might be redundant | ||
+ | ssl_certificate / | ||
+ | ssl_certificate_key / | ||
+ | |||
+ | # Add headers to serve security related headers | ||
+ | # Before enabling Strict-Transport-Security headers please read into this | ||
+ | # topic first. | ||
+ | #add_header Strict-Transport-Security " | ||
+ | # | ||
+ | # WARNING: Only add the preload option once you read about | ||
+ | # the consequences in https:// | ||
+ | # will add the domain to a hardcoded list that is shipped | ||
+ | # in all major browsers and getting removed from this list | ||
+ | # could take several months. | ||
+ | add_header Referrer-Policy " | ||
+ | add_header X-Content-Type-Options " | ||
+ | add_header X-Download-Options " | ||
+ | add_header X-Frame-Options " | ||
+ | add_header X-Permitted-Cross-Domain-Policies " | ||
+ | add_header X-Robots-Tag " | ||
+ | add_header X-XSS-Protection "1; mode=block" | ||
+ | |||
+ | # Remove X-Powered-By, | ||
+ | fastcgi_hide_header X-Powered-By; | ||
+ | |||
+ | # Path to the root of your installation | ||
+ | root / | ||
+ | |||
+ | location = /robots.txt { | ||
+ | allow all; | ||
+ | log_not_found off; | ||
+ | access_log off; | ||
+ | } | ||
+ | |||
+ | # The following 2 rules are only needed for the user_webfinger app. | ||
+ | # Uncomment it if you're planning to use this app. | ||
+ | #rewrite ^/ | ||
+ | #rewrite ^/ | ||
+ | |||
+ | # The following rule is only needed for the Social app. | ||
+ | # Uncomment it if you're planning to use this app. | ||
+ | #rewrite ^/ | ||
+ | |||
+ | location = / | ||
+ | return 301 $scheme:// | ||
+ | } | ||
+ | location = / | ||
+ | return 301 $scheme:// | ||
+ | } | ||
+ | |||
+ | # set max upload size | ||
+ | client_max_body_size 512M; | ||
+ | fastcgi_buffers 64 4K; | ||
+ | |||
+ | # Enable gzip but do not remove ETag headers | ||
+ | gzip on; | ||
+ | gzip_vary on; | ||
+ | gzip_comp_level 4; | ||
+ | gzip_min_length 256; | ||
+ | gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; | ||
+ | gzip_types application/ | ||
+ | |||
+ | # Uncomment if your server is build with the ngx_pagespeed module | ||
+ | # This module is currently not supported. | ||
+ | #pagespeed off; | ||
+ | |||
+ | location / { | ||
+ | rewrite ^ /index.php; | ||
+ | } | ||
+ | |||
+ | location ~ ^\/ | ||
+ | deny all; | ||
+ | } | ||
+ | location ~ ^\/ | ||
+ | deny all; | ||
+ | } | ||
+ | |||
+ | location ~ ^\/ | ||
+ | fastcgi_split_path_info ^(.+? | ||
+ | set $path_info $fastcgi_path_info; | ||
+ | try_files $fastcgi_script_name =404; | ||
+ | include fastcgi_params; | ||
+ | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
+ | fastcgi_param PATH_INFO $path_info; | ||
+ | fastcgi_param HTTPS on; | ||
+ | # Avoid sending the security headers twice | ||
+ | fastcgi_param modHeadersAvailable true; | ||
+ | # Enable pretty urls | ||
+ | fastcgi_param front_controller_active true; | ||
+ | fastcgi_pass php-handler; | ||
+ | fastcgi_intercept_errors on; | ||
+ | fastcgi_request_buffering off; | ||
+ | } | ||
+ | |||
+ | location ~ ^\/ | ||
+ | try_files $uri/ =404; | ||
+ | index index.php; | ||
+ | } | ||
+ | |||
+ | # Adding the cache control header for js, css and map files | ||
+ | # Make sure it is BELOW the PHP block | ||
+ | location ~ \.(?: | ||
+ | try_files $uri / | ||
+ | add_header Cache-Control " | ||
+ | # Add headers to serve security related headers (It is intended to | ||
+ | # have those duplicated to the ones above) | ||
+ | # Before enabling Strict-Transport-Security headers please read into | ||
+ | # this topic first. | ||
+ | #add_header Strict-Transport-Security " | ||
+ | # | ||
+ | # WARNING: Only add the preload option once you read about | ||
+ | # the consequences in https:// | ||
+ | # will add the domain to a hardcoded list that is shipped | ||
+ | # in all major browsers and getting removed from this list | ||
+ | # could take several months. | ||
+ | add_header Referrer-Policy " | ||
+ | add_header X-Content-Type-Options " | ||
+ | add_header X-Download-Options " | ||
+ | add_header X-Frame-Options " | ||
+ | add_header X-Permitted-Cross-Domain-Policies " | ||
+ | add_header X-Robots-Tag " | ||
+ | add_header X-XSS-Protection "1; mode=block" | ||
+ | |||
+ | # Optional: Don't log access to assets | ||
+ | access_log off; | ||
+ | } | ||
+ | |||
+ | location ~ \.(?: | ||
+ | try_files $uri / | ||
+ | # Optional: Don't log access to other assets | ||
+ | access_log off; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | </ | ||
+ | |||
+ | Save and exit. | ||
+ | |||
+ | Enable the virtual host (i.e. create a symlink from / | ||
+ | |||
+ | < | ||
+ | ln -s / | ||
+ | |||
+ | nginx -t | ||
+ | </ | ||
+ | |||
+ | Now restart PHP7.4-FPM service and nginx service using the systemctl command below. | ||
+ | |||
+ | < | ||
+ | systemctl restart nginx | ||
+ | |||
+ | systemctl restart php7.4-fpm | ||
+ | </ | ||
+ | |||
+ | The Nginx virtual host configuration for nextcloud has been created. | ||
+ | |||
+ | |||
+ | ===== Step 7 - Configure UFW Firewall ===== | ||
+ | |||
+ | In this tutorial, we will turn on the firewall, and we will be using the UFW firewall for Ubuntu. | ||
+ | |||
+ | Add the SSH, HTTP and HTTPS to the UFW firewall list using the command below. | ||
+ | |||
+ | |||
+ | < | ||
+ | for svc in ssh http https | ||
+ | do | ||
+ | ufw allow $svc | ||
+ | done | ||
+ | </ | ||
+ | |||
+ | After that, enable the UFW firewall and check the allowed service and port. | ||
+ | |||
+ | |||
+ | < | ||
+ | ufw enable | ||
+ | ufw status numbered | ||
+ | </ | ||
+ | |||
+ | And you will get the HTTP port 80 and HTTPS port 443 is on the list. | ||
+ | |||
+ | |||
+ | ===== Step 8 - Nextcloud Post-Installation ===== | ||
+ | |||
+ | Open your web browser and type the nextcloud URL address. | ||
+ | |||
+ | And you will be redirected to the secure HTTPS connection. | ||
+ | |||
+ | On the Top page, we need to create the admin user for nextcloud, type the admin user password. On the 'Data folder' | ||
+ | |||
+ | Scroll the page to the bottom, and you will get the database configuration. Type the database info that we've created in step 3 and then click the ' | ||
+ | |||
+ | If you check the option ' | ||
+ | |||
+ | |||
+ | Nextcloud is installing additional recommended applications for you. | ||
+ | |||
+ | And after the installation is complete, you will see the Nextcloud Dashboard in your browser. | ||
+ | |||
+ | The Nextcloud 18 installation with Nginx web server and MySQL database on Ubuntu 20.04 has been completed successfully. | ||
+ | |||
+ | ===== Reference and Credits ===== | ||
+ | |||
+ | https:// | ||
+ | |||
+ | And Muhammad Arul and his article at | ||
+ | |||
+ | [[https:// | ||
+ | |||
install_nextcloud_nginx_let_encrypt_ssl_ubuntu_20_04_lts.1592606593.txt.gz · Last modified: 2020/06/19 22:43 by wikiadmin