Install Nextcloud 21, Collabora, and HPB on Debian 10

This tutorial will demonstrate how to install Nextcloud 21, the Collabora Online document editing suite, and the Nextcloud Files high-performance notification backend on a Debian 10 server. Watch the video version here.

Prerequisites: You will need a server running Debian 10 (visit linode.nots.co, digitalocean.nots.co, or vultr.nots.co if you don't have one.) You will also need a domain name (visit hover.nots.co if you don't have one.)

Example parameters: In this example, the domain name for our Nextcloud server will be "nextcloud.example.com", while the domain name for our Collabora server will be "collabora.example.com". All passwords will be set to "P@ssw0rd".


Part 1: Nextcloud 21

Step 1: If necessary, set the server's hostname:

hostnamectl set-hostname nextcloud nano /etc/hosts

Add a line with the new hostname:

127.0.1.1 nextcloud

Step 2: Make sure your server is entirely up-to-date:

sudo apt update
sudo apt full-upgrade

Step 3: Install the prerequisite Apache, PHP, and MariaDB packages for Nextcloud:

apt install apache2 mariadb-server php-common libapache2-mod-php php-gd php-mysql php-curl php-mbstring php-intl php-gmp php-bcmath imagemagick php-imagick ffmpeg php-xml php-zip php-bz2 php-redis redis-server python-certbot-apache

Step 4: Configure the Redis memory caching server:

nano /etc/redis/redis.conf

  • Uncomment unixsocket /var/run/redis/redis-server.sock.
  • Uncomment unixsocketperm 700 and change 700 to 770.
  • Change port 6379 to port 0.
  • Run usermod -aG redis www-data to add Apache to the Redis group.

Step 5: Configure the Apache virtual host:

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/nextcloud.conf
nano /etc/apache2/sites-available/nextcloud.conf

Uncomment & set the ServerName, ServerAdmin, and DocumentRoot directives.

Step 6: Enable the virtual host and the required modules, then restart Apache:

a2ensite nextcloud
a2enmod rewrite headers
systemctl restart redis apache2

Step 7: Download and extract Nextcloud, then set the proper permissions and remove the downloaded archive:

wget https://download.nextcloud.com/server/releases/nextcloud-21.0.0.tar.bz2
tar -xvf ./nextcloud-21.0.0.tar.bz2 -C /var/www/
chown -R www-data: /var/www/nextcloud
mkdir /ncdata
chown www-data: /ncdata
rm ./nextcloud-21.0.0.tar.bz2

Step 8: Enable SSL/TLS using Let's Encrypt:

certbot --apache

Step 9: Set up the database:

mysql_secure_installation
mariadb
CREATE DATABASE nextcloud;
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'P@ssw0rd';
GRANT ALL PRIVILEGES ON nextcloud . * TO 'nextcloud'@'localhost';
quit

Step 10: Access the Nextcloud setup page and follow the GUI wizard. Un-check the "Install Recommended Apps" option.

Step 11: Set the recommended PHP options:

nano /etc/php/7.3/apache2/php.ini

  • Set memory_limit to 512M.
  • Change output_buffering to Off.

Step 12: Set the recommended HTTP headers in Apache:

nano /etc/apache2/sites-enabled/nextcloud-le-ssl.conf

Add the following configuration:

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<Directory /var/www/nextcloud/>
    AllowOverride All
</Directory>

Then restart Apache with systemctl restart apache2.

Step 13: Add the recommended Nextcloud configuration:

nano /var/www/nextcloud/config/config.php

Add the following entries:

'htaccess.RewriteBase' => '/',
'default_phone_region' => 'US',
'memcache.local' => '\OC\Memcache\Redis',
'memcache.distributed' => '\OC\Memcache\Redis',
'redis' => [
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
],

Finally, regenerate the .htaccess file with sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess.


Part 2: Collabora

Step 1: Point a second subdomain to the same IP address as the first subdomain.

Step 2: Install the prerequisite packages for Collabora, then import the Collabora package signing key and install Collabora itself:

apt install gnupg apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D echo 'deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian10 ./' >> /etc/apt/sources.list apt update apt install loolwsd code-brand hunspell

Step 3: Set up an Apache virtual host for Collabora:

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/collabora.conf
nano /etc/apache2/sites-available/collabora.conf

Uncomment & set the ServerName directive. Delete the ServerAdmin and DocumentRoot directives.

Step 4: Enable the virtual host, enable SSL/TLS with Let's Encrypt, and enable the Apache proxy modules:

a2ensite collabora
systemctl reload apache2
certbot --apache
a2enmod proxy proxy_wstunnel proxy_http

Step 5: Edit the SSL virtual host for Collabora:

nano /etc/apache2/sites-enabled/collabora-le-ssl.conf

Add the proxy configuration:

# Collabora config:
Options -Indexes
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# (loleaflet is the client part of Collabora Online)
ProxyPass /loleaflet http://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet http://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery
# Capabilities
ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" ws://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws ws://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool http://127.0.0.1:9980/lool
ProxyPassReverse /lool http://127.0.0.1:9980/lool

Step 6: Restart Apache:

systemctl restart apache2

Step 7: Configure the LibreOffice Online web socket daemon:

nano /etc/loolwsd/loolwsd.xml

  • Set allowed_languages.
  • Disable ssl.
  • Enable the SSL termination option.
  • Disable welcome.
  • Restart the daemon with systemctl restart loolwsd.
  • Note: If you get an "Unauthorized WOPI host" error when trying to use Collabora, come back to this file and add your Nextcloud domain name to the Allow/deny wopi storage section.

Step 8: In Nextcloud, navigate to Settings -> Admin -> Collabora Online, select Use your own server, and enter the Collabora subdomain, then click Save.


Part 3: High-Performance Backend for Files

Step 1: In Nextcloud, navigate to Apps -> Tools, find the Client Push app, and click Download & Enable.

Step 2: Run the setup script:

sudo -u www-data php /var/www/nextcloud/occ notify_push:setup

Step 3: In another terminal, follow the instructions from the setup script to add and start the systemd service, then edit the Apache virtual host:

nano /etc/apache2/sites-enabled/nextcloud-le-ssl.conf

Add the proxy configuration:

ProxyPass /push/ws ws://localhost:7867/ws
ProxyPass /push/ http://localhost:7867/
ProxyPassReverse /push/ http://localhost:7867/

Step 4: Restart Apache:

systemctl restart apache2

Step 5: Add the server's public IP address as a trusted proxy in the Nextcloud configuration:

nano /var/www/nextcloud/config/config.php

Step 6: Optionally, increase the logging level by editing the systemd service:

nano /etc/systemd/system/notify_push.service

Add the following line (where trace can be replaced with debug for less sensitive logging):

Environment=LOG=notify_push=trace

Restart the high-performance backend, then view the logs to confirm it's working:

systemctl restart notify_push
journalctl -u notify_push -f

There are no pages beneath this page

Expand: Discussion Discussion (0 posts)