Install Nextcloud 21, Collabora, and HPB on Debian 10
This tutorial will demonstrate how to install Nextcloud 21, the Collabora Online document editing suite, and the Nextcloud Files high-performance notification backend on a Debian 10 server. Watch the video version here.
Prerequisites: You will need a server running Debian 10 (visit linode.nots.co, digitalocean.nots.co, or vultr.nots.co if you don't have one.) You will also need a domain name (visit hover.nots.co if you don't have one.)
Example parameters: In this example, the domain name for our Nextcloud server will be "nextcloud.example.com", while the domain name for our Collabora server will be "collabora.example.com". All passwords will be set to "P@ssw0rd".
Part 1: Nextcloud 21
Step 1: If necessary, set the server's hostname:
hostnamectl set-hostname nextcloud
nano /etc/hosts
Add a line with the new hostname:
127.0.1.1 nextcloud
Step 2: Make sure your server is entirely up-to-date:
sudo apt update
sudo apt full-upgrade
Step 3: Install the prerequisite Apache, PHP, and MariaDB packages for Nextcloud:
apt install apache2 mariadb-server php-common libapache2-mod-php php-gd php-mysql php-curl php-mbstring php-intl php-gmp php-bcmath imagemagick php-imagick ffmpeg php-xml php-zip php-bz2 php-redis redis-server python-certbot-apache
Step 4: Configure the Redis memory caching server:
nano /etc/redis/redis.conf
- Uncomment unixsocket /var/run/redis/redis-server.sock.
- Uncomment unixsocketperm 700 and change 700 to 770.
- Change port 6379 to port 0.
- Run usermod -aG redis www-data to add Apache to the Redis group.
Step 5: Configure the Apache virtual host:
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/nextcloud.conf
nano /etc/apache2/sites-available/nextcloud.conf
Uncomment & set the ServerName, ServerAdmin, and DocumentRoot directives.
Step 6: Enable the virtual host and the required modules, then restart Apache:
a2ensite nextcloud
a2enmod rewrite headers
systemctl restart redis apache2
Step 7: Download and extract Nextcloud, then set the proper permissions and remove the downloaded archive:
wget https://download.nextcloud.com/server/releases/nextcloud-21.0.0.tar.bz2
tar -xvf ./nextcloud-21.0.0.tar.bz2 -C /var/www/
chown -R www-data: /var/www/nextcloud
mkdir /ncdata
chown www-data: /ncdata
rm ./nextcloud-21.0.0.tar.bz2
Step 8: Enable SSL/TLS using Let's Encrypt:
certbot --apache
Step 9: Set up the database:
mysql_secure_installation
mariadb
CREATE DATABASE nextcloud;
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'P@ssw0rd';
GRANT ALL PRIVILEGES ON nextcloud . * TO 'nextcloud'@'localhost';
quit
Step 10: Access the Nextcloud setup page and follow the GUI wizard. Un-check the "Install Recommended Apps" option.
Step 11: Set the recommended PHP options:
nano /etc/php/7.3/apache2/php.ini
- Set memory_limit to 512M.
- Change output_buffering to Off.
Step 12: Set the recommended HTTP headers in Apache:
nano /etc/apache2/sites-enabled/nextcloud-le-ssl.conf
Add the following configuration:
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<Directory /var/www/nextcloud/>
AllowOverride All
</Directory>
Then restart Apache with systemctl restart apache2.
Step 13: Add the recommended Nextcloud configuration:
nano /var/www/nextcloud/config/config.php
Add the following entries:
'htaccess.RewriteBase' => '/',
'default_phone_region' => 'US',
'memcache.local' => '\OC\Memcache\Redis',
'memcache.distributed' => '\OC\Memcache\Redis',
'redis' => [
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
],
Finally, regenerate the .htaccess file with sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess.
Part 2: Collabora
Step 1: Point a second subdomain to the same IP address as the first subdomain.
Step 2: Install the prerequisite packages for Collabora, then import the Collabora package signing key and install Collabora itself:
apt install gnupg
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D
echo 'deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian10 ./' >> /etc/apt/sources.list
apt update
apt install loolwsd code-brand hunspell
Step 3: Set up an Apache virtual host for Collabora:
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/collabora.conf
nano /etc/apache2/sites-available/collabora.conf
Uncomment & set the ServerName directive. Delete the ServerAdmin and DocumentRoot directives.
Step 4: Enable the virtual host, enable SSL/TLS with Let's Encrypt, and enable the Apache proxy modules:
a2ensite collabora
systemctl reload apache2
certbot --apache
a2enmod proxy proxy_wstunnel proxy_http
Step 5: Edit the SSL virtual host for Collabora:
nano /etc/apache2/sites-enabled/collabora-le-ssl.conf
Add the proxy configuration:
# Collabora config:
Options -Indexes
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# (loleaflet is the client part of Collabora Online)
ProxyPass /loleaflet http://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet http://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery
# Capabilities
ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" ws://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws ws://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool http://127.0.0.1:9980/lool
ProxyPassReverse /lool http://127.0.0.1:9980/lool
Step 6: Restart Apache:
systemctl restart apache2
Step 7: Configure the LibreOffice Online web socket daemon:
nano /etc/loolwsd/loolwsd.xml
- Set allowed_languages.
- Disable ssl.
- Enable the SSL termination option.
- Disable welcome.
- Restart the daemon with systemctl restart loolwsd.
- Note: If you get an "Unauthorized WOPI host" error when trying to use Collabora, come back to this file and add your Nextcloud domain name to the Allow/deny wopi storage section.
Step 8: In Nextcloud, navigate to Settings -> Admin -> Collabora Online, select Use your own server, and enter the Collabora subdomain, then click Save.
Part 3: High-Performance Backend for Files
Step 1: In Nextcloud, navigate to Apps -> Tools, find the Client Push app, and click Download & Enable.
Step 2: Run the setup script:
sudo -u www-data php /var/www/nextcloud/occ notify_push:setup
Step 3: In another terminal, follow the instructions from the setup script to add and start the systemd service, then edit the Apache virtual host:
nano /etc/apache2/sites-enabled/nextcloud-le-ssl.conf
Add the proxy configuration:
ProxyPass /push/ws ws://localhost:7867/ws
ProxyPass /push/ http://localhost:7867/
ProxyPassReverse /push/ http://localhost:7867/
Step 4: Restart Apache:
systemctl restart apache2
Step 5: Add the server's public IP address as a trusted proxy in the Nextcloud configuration:
nano /var/www/nextcloud/config/config.php
Step 6: Optionally, increase the logging level by editing the systemd service:
nano /etc/systemd/system/notify_push.service
Add the following line (where trace can be replaced with debug for less sensitive logging):
Environment=LOG=notify_push=trace
Restart the high-performance backend, then view the logs to confirm it's working:
systemctl restart notify_push
journalctl -u notify_push -f
There are no pages beneath this page
Discussion (0 posts)