Install Nextcloud 18 using one script only

Install Nextcloud 18 using one script only!
Debian 10 and Ubuntu 18.04.x ARM64/AMD64

Start and install Nextcloud using one script only, even as a „Newbie“
The pre-requirements are very low:
Debian 10.3+ or Ubuntu 20.04+ / 18.04+x on AMD64
a user with sudoer privileges

Change to your privileged user (sudo)

Ubuntu 18.04+ LTS: Server-Installation - OpenSSH server is required (as shown before)
sudo -s
Ubuntu 20.04.x LTS: Server-Installation- OpenSSH server is required (as shown before)
sudo -s
Debian 10.3+ LTS: Net ISO Installation - Default systemtools and SSH server are required (as shown before)
su -

Download the installation script to /usr/local/src:

cd /usr/local/src && apt install wget -y
Debian:
wget https://it-services.c-rieger.de/s/QCzDbdip4qM388P/download -O install.zip
Ubuntu:
wget https://it-services.c-rieger.de/s/kX56nntHoWWoPps/download -O install.zip

Unzip (extract) the dowanload:

apt install unzip -y && unzip install.zip

Mark the script ‘executable’:

chmod +x install.sh

Start the installation by issuing the script:

./install.sh

(1) You will be asked for:
– your Nextcloud administratorname (Your Nextcloud Administrator),
– its password (Your Nextcloud Administrator password) and
– the path to your Nextcloud data directory (Your Nextcloud datapath)
before the installation will be finished. In case Nextcloud would ask for altering tables, please answere ‘y’ and press enter to apply recommended changes.

(2) At the end a summary will appear.

Optional: Request your ssl certificates from Let’s Encrypt

First ensure your server is reachable via both ports 80 and 443 from extern:

Create a user to request your certificates and add him to the www-data group:

adduser acmeuser
usermod -a -G www-data acmeuser

Change into this users shell and install the certificate software:

su - acmeuser
curl https://get.acme.sh | sh
exit

Create the necessary directories and apply the proper permissions to store the certificates to:

mkdir -p /var/www/letsencrypt/.well-known/acme-challenge /etc/letsencrypt/rsa-certs /etc/letsencrypt/ecc-certs
chmod -R 775 /var/www/letsencrypt /etc/letsencrypt && chown -R www-data:www-data /var/www/ /etc/letsencrypt

Change into the acmeuser shell again:

su - acmeuser

and request the certificates twice. Please substitute your.dedyn.io with your domain:

acme.sh --issue -d your.dedyn.io --keylength 4096 -w /var/www/letsencrypt --key-file /etc/letsencrypt/rsa-certs/privkey.pem --ca-file /etc/letsencrypt/rsa-certs/chain.pem --cert-file /etc/letsencrypt/rsa-certs/cert.pem --fullchain-file /etc/letsencrypt/rsa-certs/fullchain.pem
acme.sh --issue -d your.dedyn.io --keylength ec-384 -w /var/www/letsencrypt --key-file /etc/letsencrypt/ecc-certs/privkey.pem --ca-file /etc/letsencrypt/ecc-certs/chain.pem --cert-file /etc/letsencrypt/ecc-certs/cert.pem --fullchain-file /etc/letsencrypt/ecc-certs/fullchain.pem

Leave the shell if the certificates were successfully created:

exit

Create the permissions script:

nano /root/permissions.sh

Paste all the following rows into the permissions.sh

#!/bin/bash
find /var/www/ -type f -print0 | xargs -0 chmod 0640
find /var/www/ -type d -print0 | xargs -0 chmod 0750
chmod -R 775 /var/www/letsencrypt 
chmod -R 755 /etc/letsencrypt 
chown -R www-data:www-data /var/www/
chown -R www-data:www-data /var/nc_data/
chmod 0644 /var/www/nextcloud/.htaccess
chmod 0644 /var/www/nextcloud/.user.ini
chmod 600 /etc/letsencrypt/rsa-certs/fullchain.pem
chmod 600 /etc/letsencrypt/rsa-certs/privkey.pem
chmod 600 /etc/letsencrypt/rsa-certs/chain.pem
chmod 600 /etc/letsencrypt/rsa-certs/cert.pem
chmod 600 /etc/letsencrypt/ecc-certs/fullchain.pem
chmod 600 /etc/letsencrypt/ecc-certs/privkey.pem
chmod 600 /etc/letsencrypt/ecc-certs/chain.pem
chmod 600 /etc/letsencrypt/ecc-certs/cert.pem
chmod 600 /etc/ssl/certs/dhparam.pem
exit 0

Attention:
Please adjust the data directory if it differs from /var/nc_data !

Mark the script executable:

chmod +x /root/permissions.sh
/root/permissions.sh

Remove the self signed certificate entries from the ssl.conf and enable the new ssl certificates:

sed -i '/ssl-cert-snakeoil/d' /etc/nginx/ssl.conf
sed -i s/\#\ssl/\ssl/g /etc/nginx/ssl.conf
service nginx restart

Enjoy your personal data in your secured and hardened Nextcloud-Server!

Don’t forget to backup your Nextcloud

Find more instructions here: Nextcloud backup and restore


Carsten Rieger

Carsten Rieger

Carsten Rieger is a senior system engineer in full-time and also working as an IT freelancer. He is working with linux environments for more than 15 years, an Open Source enthusiast and highly motivated on linux installation and troubleshooting. Mostly working with Debian/Ubuntu Linux, Nginx and Apache web server, MariaDB/MySQL/PostgreSQL, PHP, Cloud infrastructure (e.g. Nextcloud) and other open source projects (e.g. Roundcube) and in voluntary work for the Dr. Michael & Angela Jacobi Stiftung for more than 7 years.