NextCloud is a free, open source and an alternative to another open source file hosting solution OwnCloud. The main difference of NextCloud from OwnCloud is that NextCloud is completely open source. NextCloud is a self-hosted file sharing application server that allows you to store your contacts, pictures and personal documents from a centralized location. NextCloud eliminates your need of using third-party cloud hosting software like Dropbox for storing your documents.


NextCloud comes with lots of features, some of them are listed below:

  • Allow us to manage user and group using OpenID or LDAP.
  • Allow us to access, sync and share your existing data on Dropbox, FTP, and NAS.
  • List connected browsers/devices in the personal settings page. Allows the user to disconnect browsers/devices.
  • Supports two Factor authentication plugins system.
  • Allow us to share files with other users, create and send password protected public links.
  • Notify you by phone and desktop when someone on server shares files directly with you.
  • Supports monitoring capabilities, full-text search, Kerberos authentication and audio/video conferencing.
  • Synchronize files with the Nextcloud server from Desktop clients and Mobile clients.


In this tutorial, we will explain how to install and configure NextCloud on Debian 9 and secure it with a free Let's encrypt SSL certificate.



  • A server running Debian 9 on your system.
  • A static IP address setup on your system.
  • Root password setup on your system.
  • The domain name or subdomain which you want to use for Nextcloud should point to the IP address already in order to use it for Nextcloud and to get a free Let's encrypt SSL certificate.


Getting Started


First, log in to your server as root user. Let's start by updating your system with the latest stable version. You can do this by running the following command:

apt-get update -y
apt-get upgrade -y


After updating the system, restart your system to apply these changes:



Next, log in with root user and proceed to the next step.


1 Installing LAMP Server


NextCloud runs using Apache, MySQL, and PHP. So you will need to install all these components to your system.


First, install Apache and MariaDB server with the following command:

apt-get install apache2 mariadb-server apt-transport-https -y


Once the installation is complete, start Apache and MariaDB service and enable them to start on boot time by running the following command:

systemctl start apache2
systemctl enable apache2
systemctl start mariadb
systemctl enable mariadb


Next, you will also need to install PHP and other required modules to your system. I will install a recent PHP 7.2 version from Ondrej Repository.


Add the Ondrej Debian repository:

wget -q -O- | apt-key add -
echo "deb stretch main" | tee /etc/apt/sources.list.d/ondrej.list
apt-get update


You can install all of them by running the following command:

apt-get install libapache2-mod-php php7.2 php7.2-xml php7.2-curl php7.2-gd php7.2 php7.2-cgi php7.2-cli php7.2-zip php7.2-mysql php7.2-mbstring wget unzip -y


After installing all the packages, open php.ini file and make some changes inside it.

sudo nano /etc/php/7.2/apache2/php.ini


Make the following changes:

memory_limit = 512M
upload_max_filesize = 200M
max_execution_time = 360
post_max_size = 200M
date.timezone = Europe/Berlin


2 Configure MariaDB


By default MariaDB installation is not secure, so you will need to secure it. You can do this by running the following command:



Answer all the questions as follows:

# mysql_secure_installation


In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!


Once MariaDB is secured, log in to MariaDB console with the following command:

mysql -u root -p


Enter your root password when prompt, then create a database for Nextcloud:

CREATE DATABASE nextclouddb;


Next, create a username and password for Nextcloud with the following command:

CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'mypassword';


Replace 'mypassword' with your own secure password. Next, grant privileges to the Nextcloud database with the following command:

GRANT ALL PRIVILEGES ON nextclouddb.* TO 'nextcloud'@'localhost';


Next, run the FLUSH PRIVILEGES command so that the privileges table will be reloaded by MariaDB:



Finally, exit from the MariaDB shell with the following command:



Once your database is set up properly, you can proceed to the next step.


3 Install NextCloud


I will use the Nextcloud web installer for easy installation. First, we will have to create a directory for the Nextcloud installation:

mkdir /var/www/nextcloud
chown www-data:www-data /var/www/nextcloud
chmod 750 /var/www/nextcloud


And a data directory where Nextcloud will store your uploaded files.

mkdir -p /var/nextcloud/data
chown www-data:www-data /var/nextcloud/data
chmod 750 /var/nextcloud/data


Next, you will need to create an apache virtual host file for NextCloud. You can do this by creating nextcloud.conf file as follows:

nano /etc/apache2/sites-available/nextcloud.conf


Add the following lines:

DocumentRoot "/var/www/nextcloud"
<Directory "/var/www/nextcloud/">
Options MultiViews FollowSymlinks

AllowOverride All
Order allow,deny
Allow from all

TransferLog /var/log/apache2/nextcloud_access.log
ErrorLog /var/log/apache2/nextcloud_error.log


Replace the domain name with your desired domain name. Save and close the file, then enable NextCloud virtual host file and disable default virtual host file with the following command:

a2dissite 000-default
a2ensite nextcloud


To enable SSL with Let's encrypt, we will install the Let's encrypt certbot client.

apt-get install certbot python3-certbot-apache -y


And enable the Apache SSL module with the command:

a2enmod ssl


Finally, restart apache service to apply these changes:

systemctl restart apache2


Now we can request a free SSL certificate from let's encrypt and let the certbot program configure the apache vhost for SSL. Please note that your Internet domain name must be accessible from the internet and point to your server already with a DNS A-Record to use Let's encrypt. Run the certbot command to request the new SSL certificate:

certbot -d --apache --agree-tos -m


Replace with the domain name or subdomain name of your Nextcloud server (vhost).


Choose here if you want to share your email address with the EFF. Personally I don't like to share my email, so I've choosen 'N' here.


If the Nextcloud server shall be accessible by HTTPS only (which is recommended for security reasons), then choose '2' here. When you want to be able to access Nextcloud with HTTP and HTTPS, choose '1'.


The free Let's encrypt SSL certificate has been issued successfully.


Download the Nextcloud web installer into the website root directory and set appropriate permissions to the downloaded file.

cd  /var/www/nextcloud
chown www-data:www-data setup-nextcloud.php


4 Access NextCloud Web Interface


Once everything is configured properly, you will need to allow port 80 through UFW firewall.


To do so, first install ufw with the following command:

apt-get install ufw -y


Next, allow port 80 and 443 through UFW and also port 22 SSH with the following command:

ufw allow 80
ufw allow 443
ufw allow 22


Open further ports in the firewall if you need them. Then enable the Firewall:

ufw enable


Choose 'y' when the command asks if the Firewall shall be enabled.


Finally, open your web browser and navigate to URL:


Replace with your own domain name. 


Replace the word 'nextcloud' with a dot (.) into the input field as we want to install nextcloud into the current directory and press the 'Next' Button.


The first installation step completed successfully. Click on 'Next' to proceed.


Enter the desired username and password for the Nextcloud administrator user and set the data path to '/var/nextcloud/data'.


Provide all the required information such as database name, database username, and password, then click on the Finish Setup button. You should see the NextCloud Dashboard.


5 Configure NextCloud Client


Here, we will install NextCloud client on Ubuntu Desktop and connect it to the NextCloud server.


To install NextCloud client, you will need to add the NextCloud repository to your system. You can do this by running the following command:

 add-apt-repository ppa:nextcloud-devs/client


apt-get update -y
apt-get install nextcloud-client -y


Once, NextCloud client is installed, launch it from your Ubuntu Dash.


Here, provide your server address and click on the Next button.


Provide your NextCloude server credential and click on the Next button.


Now, click on the Connect button.


Here, click on Local Folder.



Congratulations! your NextCloud server and Client are installed and configured. You can now easily sync your data from your local NextCloud client to NextCloud server.


Was this answer helpful? 0 Users Found This Useful (0 Votes)