JustToThePoint English Website Version
JustToThePoint en español

Installing Nextcloud on Proxmox LXC, A Comprehensive Guide

War is a racket. It always has been. It is possibly the oldest, easily the most profitable, surely the most vicious. It is the only one international in scope. It is the only one in which the profits are reckoned in dollars and the losses in lives, Smedley Butler

Nextcloud

This guide covers the installation and configuration of Nextcloud in a Proxmox LXC container running Ubuntu 24.10, using an Apache web server, PHP 8.3, and MariaDB 11.4.

Nextcloud. Definition and features.

Nextcloud is an open-source software suite that enables users to create their own private cloud storage solutions, offering file hosting, synchronization, and sharing services. It serves as a free alternative to popular platforms like Dropbox and Google Drive, emphasizing privacy and data ownership.

Cutting the cord on traditional subscriptions can save you or your company significant money.

Key Features of Nextcloud

Creating the Container, passwordless SSH

We assume you have a Proxmox VE host and have created an Ubuntu 24.10 LXC container (64-bit) for Nextcloud.

Right-click on the Ubuntu Desktop container, select Clone from the context menu, and set the following parameters:

  1. Target node: Choose the node where you want to host the clone, e.g., myserver.
  2. Name: Enter a name for the cloned container (e.g., mynextcloud).
  3. Target Storage: Select the storage pool where the cloned container will reside (e.g., mypool).
╭――――――――――――――――――――――――――――――――――――╮
│                                    │
│ 1. System Update and Basic Setup   │
│                                    │
╰――――――――――――――――――――――――――――――――――――╯
# Updating the system and cleaning up orphan packages
sudo apt update && sudo apt dist-upgrade && sudo apt autoremove
# Updating ensures you have the latest package information, and upgrading applies security patches and updates to the base system. This keeps your container secure and avoids known bugs.

# Ensure the system has a proper hostname and correct timezone and locale.
sudo hostnamectl set-hostname mynextcloud
sudo timedatectl set-timezone Europe/Madrid

# Let's create a new user named nmaximo7.
sudo adduser nmaximo7
# Adds the user to the sudo group, which grants him the ability to execute commands with administrative (root) privileges using sudo.
sudo usermod -aG sudo nmaximo7

# What is my ip?
ip a
[...]
2: ens18:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether bc:24:11:5d:1b:34 brd ff:ff:ff:ff:ff:ff
    altname enp6s18
    altname enxbc24115d1b34
    inet 192.168.1.40/24 brd 192.168.1.255 scope global dynamic noprefixroute ens18
       valid_lft 40766sec preferred_lft 40766sec

# Let's give it a name.
# PiHole, Local DNS Records: mynextcloud, 192.168.1.40

# In the client side.
# ssh-copy-id nmaximo7@mynextcloud is used to install your public SSH key on a remote server, allowing you to log in without needing to enter a password each time.
ssh-copy-id nmaximo7@mynextcloud
✦ ❯ ssh nmaximo7@mynextcloud
Welcome to Ubuntu 24.10 (GNU/Linux 6.8.12-5-pve x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro
nmaximo7@NextCloud:~$

Apache Webserver Setup

Apache Web Server is one of the most popular and widely used open-source web server applications. It serves as a robust platform for hosting websites and web applications, including popular content management systems like WordPress, Joomla, and Drupal. Some key features are:

╭――――――――――――――――――――――――――――――――――――╮
│                                    │
│ 2. Apache Webserver Setup          │
│                                    │
╰――――――――――――――――――――――――――――――――――――╯
# Installing Apache2
sudo apt install apache2 -y
# This will install Apache2 and enable it to start on boot.

# Verify Apache is running and enabled:
systemctl status apache2
nmaximo7@nmaximo7-UbuntuVM:~$ systemctl status apache2
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: active (running) since Sat 2025-06-07 04:04:12 CEST; 29s ago
 Invocation: 7c9aa19b479c485f85b8cbcf8361fbd6
       Docs: https://httpd.apache.org/docs/2.4/
   Main PID: 4838 (apache2)
      Tasks: 55 (limit: 8730)
     Memory: 5.5M (peak: 6.3M)
        CPU: 21ms
     CGroup: /system.slice/apache2.service
             ├─4838 /usr/sbin/apache2 -k start
             ├─4840 /usr/sbin/apache2 -k start
             └─4841 /usr/sbin/apache2 -k start

Jun 07 04:04:12 mynextcloud systemd[1]: Starting apache2.service - The Apache HTTP Server...
Jun 07 04:04:12 mynextcloud apachectl[4837]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 19>
Jun 07 04:04:12 mynextcloud systemd[1]: Started apache2.service - The Apache HTTP Server.

You should see active (running) status. If it’s not started, run sudo systemctl start apache2 and enable it with sudo systemctl enable apache2 to ensure it launches on boot.

After installation, Apache serves a default test page on port 80. You can test this by accessing the container’s IP or domain in your favorite browser or using curl [http://] + container’s_IP

Apache 2

Enabling Apache Modules

  1. HSTS (HTTP Strict Transport Security): Forces browsers to interact with the server only over HTTPS, reducing the risk of man-in-the-middle attacks.
  2. CSP (Content Security Policy): Helps prevent cross-site scripting (XSS) and data injection attacks by defining a set of trusted sources for different types of content (e.g., scripts, images, styles), e.g., Content-Security-Policy: default-src 'self'; script-src 'self' https://trusted.cdn.com; style-src 'self' 'unsafe-inline'; (Only content from the same origin (‘self’) is allowed, scripts can be loaded from the same origin and a trusted CDN…)

.htaccess is an Apache configuration file to manage settings on a per-directory basis. It allows users to override default server settings and apply custom configurations without modifying the main server configuration files.

default directory indexes are files that Apache serves when a user requests a directory without specifying a particular file. The most common default files are index.html, index.php, and index.htm, e.g., you can configure the default directory indexes in your .htaccess file or the main server configuration: DirectoryIndex index.php index.html

MIME (Multipurpose Internet Mail Extensions) types define the nature and format of a file. They tell the browser how to handle different types of files (e.g., whether to display it, download it, etc.), e.g., text/html for HTML files, image/jpeg for JPEG images, application/pdf for PDF documents, and application/json for JSON data.

# Enable Apache Modules (a2enmod is the command to enable Apache modules)
# Enable mod_rewrite
sudo a2enmod rewrite

# Enable mod_headers
sudo a2enmod headers

# Enable mod_ssl
sudo a2enmod ssl

sudo a2enmod dir env mime

# After enabling modules, reload Apache:
sudo systemctl reload apache2

Installing PHP 8.4 and Required PHP Modules

Ubuntu 24.10 comes with PHP 8.4 as the default PHP version, which is modern and faster than previous versions. Nextcloud supports PHP 8.4 and even recommends it for better performance and security.

PHP is a widely-used open-source scripting language primarily designed for web development. PHP scripts are executed on the server, generating HTML that is sent to the client, allowing for dynamic content. 

╭―――――――――――――――――――――――――――――――――――――╮
│                                     │
│ 3. PHP 8.4 and Required PHP Modules │
│                                     │
╰―――――――――――――――――――――――――――――――――――――╯
sudo apt install php libapache2-mod-php \
    php-gd php-mysql php-curl php-mbstring php-intl php-gmp \
    php-bcmath php-xml php-imagick php-zip php-apcu -y

php (PHP 8.4) is the metapackage php on Ubuntu 24.10 and the Apache PHP module (libapache2-mod-php) which allows Apache to interpret PHP scripts via mod_php.

Nextcloud needs some PHP extensions: php-gd (image processing), php-mysql (for MySQL/MariaDB database connectivity), php-curl (for fetching URLs), php-mbstring (for multibyte string handling that is needed for character encoding), php-intl (for internationalization), php-gmp and php-bcmath (arbitrary precision math), php-xml (it provides support for XML parsing and manipulation), php-imagick (for better image handling), php-zip (for handling ZIP files), and php-apcu (APCu is primarily used to cache data in memory, which can significantly improve performance by reducing the need to repeatedly access the database or perform expensive computations).

# The php-apcu extension we installed enables local data caching in PHP. To ensure it's usable in CLI as well.
sudo nvim /etc/php/8.3/mods-available/apcu.ini

apc.enable_cli=1

# Checking Apache2 status
root@NextCloud:~# systemctl status apache2
* apache2.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: active (running) since Wed 2025-01-29 11:39:39 UTC; 38s ago
 [...]
# Enable specific PHP extensions on a server running a Debian-based system (like Ubuntu).
sudo phpenmod bcmath gmp imagick intl

# After you run this command, you need to restart your web server for the changes to take effect
sudo systemctl restart apache2

After installation, Apache’s PHP module should be enabled automatically.

Verify PHP is working by creating a PHP info page (e.g., nvim /var/www/html/phpinfo.php and type ), then access it.

Remember to remove phpinfo.php after testing for security.

The code snippet is a simple PHP script that outputs information about the current state of PHP on the server, including: PHP Version, Configuration Settings (current settings from the php.ini file), loaded extension, server information, details about the server environment (Apache version, server IP), and environment variables.

PHP 8.3

PHP Configuration Tuning

Next, we will adjust some PHP settings for Nextcloud. Open the PHP configuration file for Apache: sudo nvim /etc/php/8.4/apache2/php.ini, /etc/php/8.4/apache2/php.ini is the path to the PHP configuration file for the version 8.4 running with Apache.

# Find and set the following directives

# Maximum amount of memory a script may consume (Increase memory_limit to at least 512M).
# This is important for applications like Nextcloud that may require more memory for processing its many apps and users.
memory_limit = 512M

# Maximum allowed size for uploaded files (50M, 100M or 200M are OK)
# This allows users to upload large files, which is often necessary for cloud storage applications.
upload_max_filesize = 200M

# Maximum size of POST data that PHP will accept
post_max_size = 200M

# Maximum execution time of each script (seconds), 30 -> 360
# This is useful for long-running processes or uploads
max_execution_time = 360
max_input_time = 360

# Defines the default timezone.
# Adjust this according to your location.
date.timezone = Europe/Madrid

# Opcache improves PHP performance
# They ensure that OPcache has enough memory and can cache a large number of PHP files.
# In particular, memory_consumption=128 (in MB) is the OPcache memory.
opcache.enable=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

# Restart Apache to ensure the new PHP settings take effect
sudo systemctl restart apache2

Installing and Securing MariaDB (MySQL) Database

MariaDB will manage Nextcloud’s database. It runs as a system service (mariadb.service). We install the client as well (mariadb-client) which provides the mysql/mariadb command-line client for managing the database. MariaDB is an open-source relational database management system that is a fork of MySQL. It was created by the original developers of MySQL after concerns arose regarding Oracle’s acquisition of MySQL (Does it OpenOffice ring a bell?)

╭―――――――――――――――――――――――――――――――――――――╮
│                                     │
│ 4. Installing and Securing MariaDB  │
│                                     │
╰―――――――――――――――――――――――――――――――――――――╯
# Install MariaDB Server and client tools
sudo apt install mariadb-server mariadb-client
# This will install MariaDB 11.4.7 (or newer) on Ubuntu 24.10
# Once installed, check MariaDB status
systemctl status mariadb
* mariadb.service - MariaDB 11.4.7 database server
     Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: enabled)
     Active: active (running) since Wed 2025-01-29 08:26:46 UTC; 27s ago
 [...]

If it’s not running, start it with sudo systemctl start mariadb and enable auto-start on boot: sudo systemctl enable mariadb.

# Secure MariaDB Installation.
# MariaDB comes with a default insecure setup. ). We’ll use a script to harden it.
# Set a root password, remove anonymous users, disallow remote root login, remove the test database, reload privilege tables.
sudo mariadb-secure-installation
Enter current password for root (enter for none):  Press Enter (none set yet on fresh install).
Switch to unix_socket authentication [Y/n] n

Change the root password? [Y/n] Y and set a strong password.

Remove anonymous users? [Y/n] Y  (remove anonymous default user)

Disallow root login remotely? [Y/n] Y  (ensures root can only connect from localhost, which is more secure)

Remove test database and access to it? [Y/n] Y

Reload privilege tables now? [Y/n] Y  (applies changes immediately)

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

# We will now create a database for Nextcloud and a dedicated user account with permissions only to that database.
# Start the MariaDB Command-Line Interface (sudo runs the command with superuser privileges) and log in to the MariaDB shell as root
sudo mariadb

# Creates a new database named nextcloud. It will be used to store all the data for your Nextcloud application.
CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
# We specify utf8mb4 charset and utf8mb4_general_ci collation.
# This charset is important to support full Unicode, including emoji and Asian characters.
# The utf8mb4_general_ci collation is a specific way of sorting and comparing strings in a MySQL database that uses the utf8mb4 character set.

# Lists all databases currently available in your MariaDB server.
SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| nextcloud          |
| performance_schema |
| sys                |
+--------------------+
5 rows in set (0.001 sec)

# We add a new SQL user 'nextcloud' that can only connect from localhost
# This user will be used by Nextcloud to connect to the DB.
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'YourSecurePassword';

# Gives the nextcloud user from the local machine ('nextcloud'@'localhost') all privileges/permission on the nextcloud database only.
# This user won’t have rights on other databases (good for containment and security)
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';

# It reloads the grant tables in the MariaDB server, ensuring that any changes made take effect immediately.
FLUSH PRIVILEGES;

# Exit the MariaDB CLI (Ctrl + D)
EXIT
Bitcoin donation

JustToThePoint Copyright © 2011 - 2025 Anawim. ALL RIGHTS RESERVED. Bilingual e-books, articles, and videos to help your child and your entire family succeed, develop a healthy lifestyle, and have a lot of fun. Social Issues, Join us.

This website uses cookies to improve your navigation experience.
By continuing, you are consenting to our use of cookies, in accordance with our Cookies Policy and Website Terms and Conditions of use.