Install Nextcloud 21, Collabora, and HPB on Debian 10

This tutorial will demonstrate how to install Nextcloud 21, the Collabora Online document editing suite, and the Nextcloud Files high-performance notification backend on a Debian 10 server. Watch the video version here.

Prerequisites: You will need a server running Debian 10 (visit linode.nots.co, digitalocean.nots.co, or vultr.nots.co if you don't have one.) You will also need a domain name (visit hover.nots.co if you don't have one.)

Example parameters: In this example, the domain name for our Nextcloud server will be "nextcloud.example.com", while the domain name for our Collabora server will be "collabora.example.com". All passwords will be set to "P@ssw0rd".


Part 1: Nextcloud 21

Step 1: If necessary, set the server's hostname:

hostnamectl set-hostname nextcloud nano /etc/hosts

Add a line with the new hostname:

127.0.1.1 nextcloud

Step 2: Make sure your server is entirely up-to-date:

sudo apt update
sudo apt full-upgrade

Step 3: Install the prerequisite Apache, PHP, and MariaDB packages for Nextcloud:

apt install apache2 mariadb-server php-common libapache2-mod-php php-gd php-mysql php-curl php-mbstring php-intl php-gmp php-bcmath imagemagick php-imagick ffmpeg php-xml php-zip php-bz2 php-redis redis-server python-certbot-apache

Step 4: Configure the Redis memory caching server:

nano /etc/redis/redis.conf

  • Uncomment unixsocket /var/run/redis/redis-server.sock.
  • Uncomment unixsocketperm 700 and change 700 to 770.
  • Change port 6379 to port 0.
  • Run usermod -aG redis www-data to add Apache to the Redis group.

Step 5: Configure the Apache virtual host:

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/nextcloud.conf nano /etc/apache2/sites-available/nextcloud.conf

Uncomment & set the ServerName, ServerAdmin, and DocumentRoot directives.

Step 6: Enable the virtual host and the required modules, then restart Apache:

a2ensite nextcloud a2enmod rewrite headers systemctl restart redis apache2

Step 7: Download and extract Nextcloud, then set the proper permissions and remove the downloaded archive:

wget https://download.nextcloud.com/server/releases/nextcloud-21.0.0.tar.bz2 tar -xvf ./nextcloud-21.0.0.tar.bz2 -C /var/www/ chown -R www-data: /var/www/nextcloud mkdir /ncdata chown www-data: /ncdata rm ./nextcloud-21.0.0.tar.bz2

Step 8: Enable SSL/TLS using Let's Encrypt:

certbot --apache

Step 9: Set up the database:

mysql_secure_installation mariadb CREATE DATABASE nextcloud; CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'P@ssw0rd'; GRANT ALL PRIVILEGES ON nextcloud . * TO 'nextcloud'@'localhost'; quit

Step 10: Access the Nextcloud setup page and follow the GUI wizard. Un-check the "Install Recommended Apps" option.

Step 11: Set the recommended PHP options:

nano /etc/php/7.3/apache2/php.ini

  • Set memory_limit to 512M.
  • Change output_buffering to Off.

Step 12: Set the recommended HTTP headers in Apache:

nano /etc/apache2/sites-enabled/nextcloud-le-ssl.conf

Add the following configuration:

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" AllowOverride All

Then restart Apache with systemctl restart apache2.

Step 13: Add the recommended Nextcloud configuration:

nano /var/www/nextcloud/config/config.php

Add the following entries:

'htaccess.RewriteBase' => '/', 'default_phone_region' => 'US', 'memcache.local' => '\OC\Memcache\Redis', 'memcache.distributed' => '\OC\Memcache\Redis', 'redis' => [ 'host' => '/var/run/redis/redis-server.sock', 'port' => 0, ],

Finally, regenerate the .htaccess file with sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess.


Part 2: Collabora

Step 1: Point a second subdomain to the same IP address as the first subdomain.

Step 2: Install the prerequisite packages for Collabora, then import the Collabora package signing key and install Collabora itself:

apt install gnupg apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D echo 'deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian10 ./' >> /etc/apt/sources.list apt update apt install loolwsd code-brand hunspell

Step 3: Set up an Apache virtual host for Collabora:

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/collabora.conf nano /etc/apache2/sites-available/collabora.conf

Uncomment & set the ServerName directive. Delete the ServerAdmin and DocumentRoot directives.

Step 4: Enable the virtual host, enable SSL/TLS with Let's Encrypt, and enable the Apache proxy modules:

a2ensite collabora systemctl reload apache2 certbot --apache a2enmod proxy proxy_wstunnel proxy_http

Step 5: Edit the SSL virtual host for Collabora:

nano /etc/apache2/sites-enabled/collabora-le-ssl.conf

Add the proxy configuration:

# Collabora config: Options -Indexes # Encoded slashes need to be allowed AllowEncodedSlashes NoDecode # Container uses a unique non-signed certificate SSLProxyEngine On SSLProxyVerify None SSLProxyCheckPeerCN Off SSLProxyCheckPeerName Off # keep the host ProxyPreserveHost On # static html, js, images, etc. served from loolwsd # (loleaflet is the client part of Collabora Online) ProxyPass /loleaflet http://127.0.0.1:9980/loleaflet retry=0 ProxyPassReverse /loleaflet http://127.0.0.1:9980/loleaflet # WOPI discovery URL ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0 ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery # Capabilities ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0 ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities # Main websocket ProxyPassMatch "/lool/(.*)/ws$" ws://127.0.0.1:9980/lool/$1/ws nocanon # Admin Console websocket ProxyPass /lool/adminws ws://127.0.0.1:9980/lool/adminws # Download as, Fullscreen presentation and Image upload operations ProxyPass /lool http://127.0.0.1:9980/lool ProxyPassReverse /lool http://127.0.0.1:9980/lool

Step 6: Restart Apache:

systemctl restart apache2

Step 7: Configure the LibreOffice Online web socket daemon:

nano /etc/loolwsd/loolwsd.xml

  • Set allowed_languages.
  • Disable ssl.
  • Enable the SSL termination option.
  • Disable welcome.
  • Restart the daemon with systemctl restart loolwsd.
  • Note: If you get an "Unauthorized WOPI host" error when trying to use Collabora, come back to this file and add your Nextcloud domain name to the Allow/deny wopi storage section.

Step 8: In Nextcloud, navigate to Settings -> Admin -> Collabora Online, select Use your own server, and enter the Collabora subdomain, then click Save.


Part 3: High-Performance Backend for Files

Step 1: In Nextcloud, navigate to Apps -> Tools, find the Client Push app, and click Download & Enable.

Step 2: Run the setup script:

sudo -u www-data php /var/www/nextcloud/occ notify_push:setup

Step 3: In another terminal, follow the instructions from the setup script to add and start the systemd service, then edit the Apache virtual host:

nano /etc/apache2/sites-enabled/nextcloud-le-ssl.conf

Add the proxy configuration:

ProxyPass /push/ws ws://localhost:7867/ws ProxyPass /push/ http://localhost:7867/ ProxyPassReverse /push/ http://localhost:7867/

Step 4: Restart Apache:

systemctl restart apache2

Step 5: Add the server's public IP address as a trusted proxy in the Nextcloud configuration:

nano /var/www/nextcloud/config/config.php

Step 6: Optionally, increase the logging level by editing the systemd service:

nano /etc/systemd/system/notify_push.service

Add the following line (where trace can be replaced with debug for less sensitive logging):

Environment=LOG=notify_push=trace

Restart the high-performance backend, then view the logs to confirm it's working:

systemctl restart notify_push journalctl -u notify_push -f

There are no pages beneath this page

Expand: Discussion Discussion (0 posts)