Skip navigation

Menu Menu

Install Nextcloud 21, Collabora, and HPB on Debian 10

This tutorial will demonstrate how to install Nextcloud 21, the Collabora Online document editing suite, and the Nextcloud Files high-performance notification backend on a Debian 10 server. Watch the video version here.

Prerequisites: You will need a server running Debian 10 (visit linode.nots.co, digitalocean.nots.co, or vultr.nots.co if you don't have one.) You will also need a domain name (visit hover.nots.co if you don't have one.)

Example parameters: In this example, the domain name for our Nextcloud server will be "nextcloud.example.com", while the domain name for our Collabora server will be "collabora.example.com". All passwords will be set to "P@ssw0rd".

Part 1: Nextcloud 21

Step 1: If necessary, set the server's hostname:

hostnamectl set-hostname nextcloud nano /etc/hosts

Add a line with the new hostname:

127.0.1.1 nextcloud

Step 2: Make sure your server is entirely up-to-date:

sudo apt update
sudo apt full-upgrade

Step 3: Install the prerequisite Apache, PHP, and MariaDB packages for Nextcloud:

apt install apache2 mariadb-server php-common libapache2-mod-php php-gd php-mysql php-curl php-mbstring php-intl php-gmp php-bcmath imagemagick php-imagick ffmpeg php-xml php-zip php-bz2 php-redis redis-server python-certbot-apache

Step 4: Configure the Redis memory caching server:

nano /etc/redis/redis.conf

  • Uncomment unixsocket /var/run/redis/redis-server.sock.
  • Uncomment unixsocketperm 700 and change 700 to 770.
  • Change port 6379 to port 0.
  • Run usermod -aG redis www-data to add Apache to the Redis group.

Step 5: Configure the Apache virtual host:

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/nextcloud.conf
nano /etc/apache2/sites-available/nextcloud.conf

Uncomment & set the ServerName, ServerAdmin, and DocumentRoot directives.

Step 6: Enable the virtual host and the required modules, then restart Apache:

a2ensite nextcloud
a2enmod rewrite headers
systemctl restart redis apache2

Step 7: Download and extract Nextcloud, then set the proper permissions and remove the downloaded archive:

wget https://download.nextcloud.com/server/releases/nextcloud-21.0.0.tar.bz2
tar -xvf ./nextcloud-21.0.0.tar.bz2 -C /var/www/
chown -R www-data: /var/www/nextcloud
mkdir /ncdata
chown www-data: /ncdata
rm ./nextcloud-21.0.0.tar.bz2

Step 8: Enable SSL/TLS using Let's Encrypt:

certbot --apache

Step 9: Set up the database:

mysql_secure_installation
mariadb
CREATE DATABASE nextcloud;
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'P@ssw0rd';
GRANT ALL PRIVILEGES ON nextcloud . * TO 'nextcloud'@'localhost';
quit

Step 10: Access the Nextcloud setup page and follow the GUI wizard. Un-check the "Install Recommended Apps" option.

Step 11: Set the recommended PHP options:

nano /etc/php/7.3/apache2/php.ini

  • Set memory_limit to 512M.
  • Change output_buffering to Off.

Step 12: Set the recommended HTTP headers in Apache:

nano /etc/apache2/sites-enabled/nextcloud-le-ssl.conf

Add the following configuration:

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<Directory /var/www/nextcloud/>
    AllowOverride All
</Directory>

Then restart Apache with systemctl restart apache2.

Step 13: Add the recommended Nextcloud configuration:

nano /var/www/nextcloud/config/config.php

Add the following entries:

'htaccess.RewriteBase' => '/',
'default_phone_region' => 'US',
'memcache.local' => '\OC\Memcache\Redis',
'memcache.distributed' => '\OC\Memcache\Redis',
'redis' => [
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
],

Finally, regenerate the .htaccess file with sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess.

Part 2: Collabora

Step 1: Point a second subdomain to the same IP address as the first subdomain.

Step 2: Install the prerequisite packages for Collabora, then import the Collabora package signing key and install Collabora itself:

apt install gnupg apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D echo 'deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian10 ./' >> /etc/apt/sources.list apt update apt install loolwsd code-brand hunspell

Step 3: Set up an Apache virtual host for Collabora:

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/collabora.conf
nano /etc/apache2/sites-available/collabora.conf

Uncomment & set the ServerName directive. Delete the ServerAdmin and DocumentRoot directives.

Step 4: Enable the virtual host, enable SSL/TLS with Let's Encrypt, and enable the Apache proxy modules:

a2ensite collabora
systemctl reload apache2
certbot --apache
a2enmod proxy proxy_wstunnel proxy_http

Step 5: Edit the SSL virtual host for Collabora:

nano /etc/apache2/sites-enabled/collabora-le-ssl.conf

Add the proxy configuration:

# Collabora config:
Options -Indexes
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# (loleaflet is the client part of Collabora Online)
ProxyPass /loleaflet http://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet http://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery
# Capabilities
ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" ws://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws ws://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool http://127.0.0.1:9980/lool
ProxyPassReverse /lool http://127.0.0.1:9980/lool

Step 6: Restart Apache:

systemctl restart apache2

Step 7: Configure the LibreOffice Online web socket daemon:

nano /etc/loolwsd/loolwsd.xml

  • Set allowed_languages.
  • Disable ssl.
  • Enable the SSL termination option.
  • Disable welcome.
  • Restart the daemon with systemctl restart loolwsd.
  • Note: If you get an "Unauthorized WOPI host" error when trying to use Collabora, come back to this file and add your Nextcloud domain name to the Allow/deny wopi storage section.

Step 8: In Nextcloud, navigate to Settings -> Admin -> Collabora Online, select Use your own server, and enter the Collabora subdomain, then click Save.

Part 3: High-Performance Backend for Files

Step 1: In Nextcloud, navigate to Apps -> Tools, find the Client Push app, and click Download & Enable.

Step 2: Run the setup script:

sudo -u www-data php /var/www/nextcloud/occ notify_push:setup

Step 3: In another terminal, follow the instructions from the setup script to add and start the systemd service, then edit the Apache virtual host:

nano /etc/apache2/sites-enabled/nextcloud-le-ssl.conf

Add the proxy configuration:

ProxyPass /push/ws ws://localhost:7867/ws
ProxyPass /push/ http://localhost:7867/
ProxyPassReverse /push/ http://localhost:7867/

Step 4: Restart Apache:

systemctl restart apache2

Step 5: Add the server's public IP address as a trusted proxy in the Nextcloud configuration:

nano /var/www/nextcloud/config/config.php

Step 6: Optionally, increase the logging level by editing the systemd service:

nano /etc/systemd/system/notify_push.service

Add the following line (where trace can be replaced with debug for less sensitive logging):

Environment=LOG=notify_push=trace

Restart the high-performance backend, then view the logs to confirm it's working:

systemctl restart notify_push
journalctl -u notify_push -f

There are no pages beneath this page

Expand: Discussion Discussion (0 posts)

Revisions