Overview

This post will explain how I setup my completely cloud based nextcloud installation as another step forward in securing my data privacy.

Here is what I used:

Ubuntu 18.04 server in an AWS Lightsail VM
Wasabi Cloud Storage as the primary object storage
DDNS via No-Ip for a free domain
HTTPS encryption via Let’s Encrypt
Nextcloud’s Snap package (includes all depencies and helper scripts)

Setup AWS Lightsail instance

Log into AWS Lightsail
Select Ubuntu 18.04 as the instance OS.
Select an appropriately sized instance. I used the smallest with 1 vCPU, 512mb ram, and 20gb storage.
(optional) setup a ssh key for secure remote ssh access. Run in a terminal:
```
 ssh-keygen -t rsa -C "your_email@example.com"
```
upload the .pub key file to lightsail via the Upload key button.
Once the VM is up, Select the VM and select the Networking tab.
Find the firewall section and add port 443 for https requests.
Click the ‘Create static IP’ button and setup a static ip for this VM. AWS lets you have 5 free static ip’s.
Note the static IP, we’ll need it later.

Setup Wasabi

Wasabi is super easy to setup, I didn’t even need a guide. It’s 100% bit compliant with S3 so configuration is similar to that of a normal S3 bucket:

Go to your storage on the wasabi console
Choose ‘Create Bucket’
give the bucket a unique name (I used: myemail-nextcloud)
Choose a region closest to where you live. This should match the region of your Lightsail VM.
I chose no versioning (read up on it to see if you need it)
I opted for bucket logging, and I setup a second bucket just for logs (I think this is necessary for nextcloud; it doesn’t like having something else putting things in its bucket)
Click the side menu button and go to Access Keys
Click ‘Create new Access Key’ and save the access and secret key for later use.
That’s it!

Setup DDNS via No-Ip

Create an account on No-Ip
Under Quick Add, click ‘+ More Records’
Choose a domain and subdomain
Enter the static IP address from the lightsail VM under the IPv4 address box.
Click ‘Create Hostname’
Done!

Connect to the Lightsail Virtual Machine

You can either access the VM’s console via the Lightsail web dashboard or via ssh with the private key mentioned above.

I like to use SSH so I opted for that:

ssh ubuntu@<static ip address>

Install Nextcloud

We’ll be using the Snap package for Nextcloud which includes all its dependencies and helper scripts to make installation a….. snap!

install Snap via terminal:

 sudo apt udpate
 sudo apt install snap

install Nextcloud
```
 sudo snap install nextcloud
```
Before going any further, we need to configure Nextcloud to use Wasabi as the primary storage. This requires some text file configuration.

Here is the documentation on configuring primary storage

Edit the Nextcloud config file at /var/snap/nextcloud/current/nextcloud/config/config.php
```
 sudo nano /var/snap/nextcloud/current/nextcloud/config/config.php
```
inside the $CONFIG array, add a comma to the end of the previous array element and add this code block. Edit the fields with ‘’ to include your own info from wasabi:
```
 'objectstore' => 
 array (
     'class' => '\\OC\\Files\\ObjectStore\\S3',
     'arguments' => 
     array (
     'bucket' => '',
     'autocreate' => false,
     'key' => '',
     'secret' => '',
     'hostname' => 's3.wasabisys.com',
     'use_ssl' => true,
     'region' => '',
     'use_path_style' => false,
     )
 ),
```
It’s apparently important to make this change before we setup the admin user. It appears that changing the primary storage once the admin account is setup can break the user profiles in Nextcloud.

Setup the Nextcoud admin account

 sudo nextcloud.manual-install admin <admin password of your choosing>

Update the whitelist of domains allowed to access the Nextcloud server:
```
 sudo nano /var/snap/nextcloud/current/nextcloud/config/config.php
```
In config.php, find the section for trusted_domains and add the IP address of your instance and the domain (whatever you setup in No-Ip)
```
 'trusted_domains' => array (0 => 'localhost', 1 => '111.122.133.144', 2 => 'mycloud.example.com',),
```
Restart the Nextcloud snap with:
```
 sudo snap restart nextcloud
```
Open a web browser and visit your ddns domain. You should see the login page for Nextcloud.

Setup HTTPS

Setting up HTTPS inolves two steps: configure Nextcloud to listen on port 443 (https port) and creating a CA-signed certificat for your domain. This is all handled for us in one of Nextclouds handy helper scripts!

Log into your lightsail VM via ssh (or web console), type the following command and follow the instructions:
```
 sudo nextcloud.enable-https lets-encrypt
```
for the domain, I put in the full subdomain.domain from No-IP
To confirm that HTTPS works on our server, go to “https://<your no-ip domain> and look for the green padlock to the left of your URL.

Keeping your VM updated

Thanks to the technology chosen, we don’t need to worry about keeping the server updated, it will do it all by itself

Ubuntu server now comes with a package called unattended-upgrades which will keep the server updated automatically. It’s enabled by default on Ubuntu.
Snapd checks a couple times a day for updates to the installed snap packages and updates them as necessary.

Updates

6-23-19
- I’ve been experiencing some issues with Nextcloud crashing when my wife’s iPhone tries to upload two thousand images. I updated the wait_timout parameter via the dbdriveroptions config parameter in the config.php
```
  'dbdriveroptions' => array(
  PDO::MYSQL_ATTR_INIT_COMMAND => 'SET wait_timeout = 28800'
  ), 
```
- I also created a 2gb swap file since this VM only has 512mb and I think it might be running out of ram at times. I followed instructions here on how to create and persist a swapfile.
- We’ll see if these help any.

Sage Peterson

My name is Sage. I make things and share them with others. You should too.

Private Cloud using Nextcloud