Prerequisites & Requirements
Before starting, ensure you have:
VPS Requirements
- • RamNode VPS (2GB+ RAM recommended)
- • 20GB+ SSD Storage
- • Ubuntu 22.04 LTS
- • Root or sudo access
Additional Requirements
- • Domain name (e.g., cloud.yourdomain.com)
- • DNS A record pointing to VPS IP
- • SSH client
- • Basic Linux command knowledge
2
Initial Server Setup
Connect to your RamNode VPS and perform initial setup:
Connect via SSH
ssh root@YOUR_VPS_IPUpdate System Packages
apt update && apt upgrade -y
apt install -y curl wget unzip software-properties-common apt-transport-httpsCreate a non-root user:
Create User
adduser nextcloud
usermod -aG sudo nextcloudConfigure SSH key authentication (Recommended):
Generate and Copy SSH Key
# On your local machine
ssh-keygen -t rsa -b 4096
# Copy public key to server
ssh-copy-id nextcloud@YOUR_VPS_IP💡 Tip: Replace "YOUR_VPS_IP" with your actual RamNode VPS IP address throughout this guide.
3
Security Hardening
Configure firewall and secure SSH access:
Configure UFW Firewall
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
ufw --force enableSecure SSH configuration:
Edit SSH Config
nano /etc/ssh/sshd_configSSH Configuration Changes
# Recommended SSH security settings:
Port 2222
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication noRestart SSH and Update Firewall
systemctl restart sshd
ufw delete allow ssh
ufw allow 2222/tcpInstall Fail2Ban for additional protection:
Install Fail2Ban
apt install -y fail2ban
systemctl enable fail2ban
systemctl start fail2ban⚠️ Warning: Make sure you can connect via SSH on the new port before closing your current session!
4
LEMP Stack Installation
Install NGINX, MariaDB, and PHP 8.1:
Install NGINX
apt install -y nginx
systemctl enable nginx
systemctl start nginxInstall MariaDB
apt install -y mariadb-server mariadb-client
systemctl enable mariadb
systemctl start mariadb
# Secure MariaDB installation
mysql_secure_installation🔐 Security: When running mysql_secure_installation, answer 'Y' to all questions and set a strong root password.
Install PHP 8.1 and Extensions
apt install -y php8.1-fpm php8.1-mysql php8.1-xml php8.1-curl php8.1-gd \
php8.1-intl php8.1-mbstring php8.1-zip php8.1-bcmath php8.1-gmp \
php8.1-imagick php8.1-redis php8.1-apcu php8.1-opcache php8.1-cliConfigure PHP settings:
Edit PHP Configuration
nano /etc/php/8.1/fpm/php.iniImportant PHP Settings
memory_limit = 512M
upload_max_filesize = 2G
post_max_size = 2G
max_execution_time = 300
date.timezone = America/New_York # Adjust to your timezoneRestart PHP-FPM
systemctl restart php8.1-fpm5
SSL Certificate Setup
Install Certbot and obtain SSL certificate:
Install Certbot
apt install -y certbot python3-certbot-nginxCreate basic NGINX configuration:
Create NGINX Config
nano /etc/nginx/sites-available/nextcloudBasic NGINX Configuration
server {
listen 80;
server_name cloud.yourdomain.com;
location / {
return 301 https://$server_name$request_uri;
}
}Enable Site and Test
ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/
rm /etc/nginx/sites-enabled/default
nginx -t
systemctl reload nginxObtain SSL Certificate
certbot --nginx -d cloud.yourdomain.com✅ Certbot will automatically configure NGINX for HTTPS and set up auto-renewal.
6
Database Configuration
Create NextCloud database and user:
Access MySQL
mysql -u root -pCreate Database and User
CREATE DATABASE nextcloud;
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'secure_password_here';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
FLUSH PRIVILEGES;
EXIT;🔐 Security Note: Replace 'secure_password_here' with a strong, unique password. Save this password securely as you'll need it during installation.
7
NextCloud Installation
Download and install NextCloud:
Download NextCloud
cd /tmp
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
wget https://download.nextcloud.com/server/releases/latest.tar.bz2.sha256
# Verify download integrity
sha256sum -c latest.tar.bz2.sha256 < latest.tar.bz2Extract and Install
# Extract NextCloud
tar -xjf latest.tar.bz2
# Move to web directory
sudo cp -R nextcloud /var/www/
sudo chown -R www-data:www-data /var/www/nextcloud
sudo chmod -R 755 /var/www/nextcloudCreate Data Directory
sudo mkdir /var/www/nextcloud-data
sudo chown -R www-data:www-data /var/www/nextcloud-data
sudo chmod -R 750 /var/www/nextcloud-data8
NGINX Configuration
Configure NGINX for NextCloud:
Generate DH Parameters
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048Edit NGINX Configuration
nano /etc/nginx/sites-available/nextcloudComplete NGINX Configuration
upstream php-handler {
server unix:/var/run/php/php8.1-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name cloud.yourdomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/cloud.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.yourdomain.com/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
client_max_body_size 2G;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_types application/atom+xml application/javascript text/css text/plain;
root /var/www/nextcloud;
index index.php index.html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location / {
rewrite ^ /index.php;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ \.php(?:$|/) {
rewrite ^/(?!index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy) /index.php;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri;
access_log off;
}
}Test and Reload NGINX
nginx -t
systemctl reload nginx9
NextCloud Final Setup
Complete the installation via web interface or command line:
Web-based Installation
Navigate to https://cloud.yourdomain.com in your browser and fill in:
- • Admin Username: Choose a secure username
- • Admin Password: Use a strong password
- • Data Folder: /var/www/nextcloud-data
- • Database: MySQL/MariaDB
- • Database User: nextcloud
- • Database Password: Your database password
- • Database Name: nextcloud
- • Database Host: localhost
Command Line Installation (Alternative):
CLI Installation
sudo -u www-data php /var/www/nextcloud/occ maintenance:install \
--database="mysql" \
--database-name="nextcloud" \
--database-user="nextcloud" \
--database-pass="your_password" \
--admin-user="admin" \
--admin-pass="admin_password" \
--data-dir="/var/www/nextcloud-data"Configure trusted domains:
Set Trusted Domain
sudo -u www-data php /var/www/nextcloud/occ config:system:set \
trusted_domains 0 --value=cloud.yourdomain.com10
Performance Optimization
Optimize NextCloud for better performance:
Install and Configure Redis
apt install -y redis-server
systemctl enable redis-server
systemctl start redis-serverConfigure NextCloud to Use Redis
sudo -u www-data php /var/www/nextcloud/occ config:system:set memcache.local --value='\OC\Memcache\APCu'
sudo -u www-data php /var/www/nextcloud/occ config:system:set memcache.distributed --value='\OC\Memcache\Redis'
sudo -u www-data php /var/www/nextcloud/occ config:system:set memcache.locking --value='\OC\Memcache\Redis'
sudo -u www-data php /var/www/nextcloud/occ config:system:set redis host --value=localhost
sudo -u www-data php /var/www/nextcloud/occ config:system:set redis port --value=6379Configure background jobs:
Setup Cron Job
crontab -u www-data -e
# Add this line:
*/5 * * * * php /var/www/nextcloud/occ system:cronEnable Cron Mode
sudo -u www-data php /var/www/nextcloud/occ background:cronEnable PHP OPcache:
Configure OPcache
nano /etc/php/8.1/fpm/conf.d/10-opcache.iniOPcache Settings
opcache.enable=1
opcache.memory_consumption=256
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1Restart PHP-FPM
systemctl restart php8.1-fpm11
Maintenance & Backups
Set up automated backups:
Create Backup Directory
mkdir -p /var/backupsCreate Backup Script
nano /usr/local/bin/nextcloud-backup.shBackup Script Content
#!/bin/bash
BACKUP_DIR="/var/backups"
DATE=$(date +%Y%m%d_%H%M%S)
# Database backup
mysqldump -u nextcloud -p'your_password' nextcloud > \
"$BACKUP_DIR/nextcloud-db-$DATE.sql"
# Files backup
tar -czf "$BACKUP_DIR/nextcloud-files-$DATE.tar.gz" \
/var/www/nextcloud /var/www/nextcloud-data
# Clean up old backups (keep 30 days)
find "$BACKUP_DIR" -name "nextcloud-*" -type f -mtime +30 -delete
echo "Backup completed: $DATE"Make Script Executable and Schedule
chmod +x /usr/local/bin/nextcloud-backup.sh
# Schedule daily backups
crontab -e
# Add: 0 2 * * * /usr/local/bin/nextcloud-backup.sh >> /var/log/nextcloud-backup.log 2>&1💾 Backup Tip: Consider storing backups off-site using RamNode's Object Storage or another backup solution.
12
Troubleshooting
Common issues and their solutions:
Issue: Data directory not writable
Fix Permissions
sudo chown -R www-data:www-data /var/www/nextcloud-data
sudo chmod -R 750 /var/www/nextcloud-dataIssue: PHP module not enabled
Install Missing Module
sudo apt install php8.1-imagick
sudo systemctl restart php8.1-fpmIssue: SSL certificate renewal fails
Test Renewal
sudo certbot renew --dry-run
sudo systemctl reload nginxUseful log file locations:
View Logs
# NextCloud logs
tail -f /var/www/nextcloud/data/nextcloud.log
# NGINX logs
tail -f /var/log/nginx/error.log
tail -f /var/log/nginx/access.log
# PHP-FPM logs
tail -f /var/log/php8.1-fpm.log
# System logs
journalctl -u nginx -f
journalctl -u php8.1-fpm -fMaintenance commands:
NextCloud Maintenance
# Check status
sudo -u www-data php /var/www/nextcloud/occ status
# Run system check
sudo -u www-data php /var/www/nextcloud/occ check
# Add missing database indices
sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices
# Scan files
sudo -u www-data php /var/www/nextcloud/occ files:scan --all🎉 Congratulations!
Your NextCloud instance is now successfully deployed on your RamNode VPS. You have a fully functional, secure, and optimized personal cloud storage solution.
Next Steps
- • Configure additional apps and features in the NextCloud admin panel
- • Set up client applications on your desktop and mobile devices
- • Configure email settings for notifications and password resets
- • Consider setting up external storage integration
- • Enable two-factor authentication for enhanced security
- • Regularly monitor and maintain your installation
- • Review and implement additional security measures
Security Reminder
Regularly update your system, NextCloud, and monitor security advisories. Keep your installation secure by maintaining current versions, reviewing access logs, and implementing additional security measures like two-factor authentication and regular security scans.