How to Setup Nginx Web Server on Ubuntu Server (18.04, 20.04, 21.04)

How to Install Nextcloud with Nginx and Allow’south Encrypt SSL on Ubuntu 20.04 LTS

Nextcloud is a free (Open Source) Dropbox-like software, a fork of the ownCloud project. Nextcloud is written in PHP and JavaScript, it supports many database systems such every bit MySQL/MariaDB, PostgreSQL, Oracle Database, and SQLite.

In gild to keep your files synchronized between Desktop and your own server, Nextcloud provides applications for Windows, Linux, and Mac desktops and a mobile app for Android and iOS. Nextcloud is non just a Dropbox clone, it provides additional features like Calendar, Contacts, Schedule tasks, and streaming media with Ampache etc.

In this tutorial, we will evidence you how to install and configure the latest Nextcloud release (at the time of writing this, the latest release is eighteen) on an Ubuntu xx.04 server. We will run Nextcloud with an Nginx spider web server and PHP7.4-FPM and use MariaDB server as the database organisation.


  • Ubuntu 20.04
  • Root privileges

What we will do

  1. Install Nginx Webserver
  2. Install and Configure PHP7.4-FPM
  3. Install and Configure MySQL Server
  4. Generate SSL Letsencrypt
  5. Download Nextcloud 18
  6. Configure Nginx Virtual Host for Nextcloud
  7. UFW Firewall Configuration
  8. Nextcloud Post-Installation

Step ane – Install Nginx Webserver

The get-go step nosotros volition do in this nextcloud guide is to install the Nginx web server. We will be using the Nginx web server instead of Apache webserver.

Log in to the server and update the repository, then install the Nginx spider web server using the apt command as shown beneath.

sudo apt update
sudo apt install nginx -y

Later the installation is complete, start the Nginx service and enable the service to launch every time at organisation kick using systemctl.

systemctl offset nginx
systemctl enable nginx

The Nginx service is up and running, bank check it using the following control.

systemctl condition nginx

And you volition get the result equally below.

Install Nginx Web server

Equally a effect, the Nginx web server has been installed on Ubuntu 20.04.

Step two – Install and Configure PHP7.4-FPM

By default, the Ubuntu 20.04 comes with default version PHP vii.4.

Install PHP and PHP-FPM packages needed by Nextcloud using the apt command beneath.

sudo apt install php-fpm php-curl php-cli php-mysql php-gd php-mutual php-xml php-json php-intl php-pear php-imagick php-dev php-common php-mbstring php-zip php-soap php-bz2 -y

After the installation is complete, we will configure the php.ini files for php-fpm and php-cli.

Go to the ‘/etc/php/7.4’ directory.

cd /etc/php/seven.four/

Edit the php.ini files for php-fpm and php-cli using vim.

vim fpm/php.ini
vim cli/php.ini

Uncomment the ‘date.timezone’ line and change the value with your own timezone.

date.timezone = Asia/Djakarta

Uncomment the ‘cgi.fix_pathinfo’ line and change the value to ‘0’.


Salve and get out.

Adjacent, edit the php-fpm pool configuration ‘www.conf’.

vim fpm/pool.d/www.conf

Uncomment those lines below.

env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp

Salve and go out.

Restart the PHP7.4-FPM service and enable information technology to launch every fourth dimension on system kick.

systemctl restart php7.four-fpm
systemctl enable php7.four-fpm

Install PHP-FPM 7.4

Now cheque the PHP-FPM service using the following command.

ss -xa | grep php
systemctl status php7.4-fpm

And you volition go the php-fpm is up and running under the sock file ‘/run/php/php7.4-fpm.sock’.


Check PHP-FPM Service

Step 3 – Install and Configure MariaDB Server

In this step, we volition install the latest MariaDB version and create a new database for the nextcloud installation. The latest version MariaDB packages are bachelor on the repository by default.

Popular:   Difference Between Vitamin B6 and Vitamin B12

Install MariaDB server’s latest version using the apt command beneath.

sudo apt install mariadb-server -y

After the installation is consummate, showtime the MariaDB service and enable it to launch everytime at system boot.

systemctl outset mariadb
systemctl enable mariadb

Now cheque the MySQL service using the following command.

systemctl condition mariadb

Install MariaDB Server

The MariaDB server is up and running on Ubuntu 20.04.

Next, we will configure the MariaDB root password using the ‘mysql_secure_installation’ command.

Run the following command.


And you will exist asked for some configuraiton of MariaDB Server. As well, blazon the new root countersign for MariaDB Server.

Enter current countersign for root (enter for none):
              Press Enter
Ready root password? [Y/n] Y
Remove anonymous users? [Y/due north] Y
Disallow root login remotely? [Y/n] Y
Remove test database and admission to it? [Y/n] Y
Reload privilege tables now? [Y/northward] Y

And the MariaDB root password has been prepare.

Next, nosotros volition create a new database for nextcloud installation. We volition create a new database named ‘nextcloud_db’ with the user ‘nextclouduser’ and countersign ‘[email protected]’.

Login to the MySQL shell as a root user with mysql command.

mysql -u root -p
Blazon THE MYSQL ROOT Password

Now create the database and user with the password past running post-obit MySQL queries.

create database nextcloud_db;
create user [electronic mail protected] identified by '[electronic mail protected]';
grant all privileges on nextcloud_db.* to [e-mail protected] identified by '[e-mail protected]';
affluent privileges;

And the new database and user for the nextcloud installation has been created.

Create new database for Nextcloud

The MariaDB installation and configuration for nextcloud has been completed.

Step iv – Generate SSL Letsencrypt

In this tutorial, we will secure nextcloud using costless SSL from Letsencrypt, and nosotros volition generate certificates files using the letsencrypt tool.

If yous do non have a domain name or install nextcloud on the local computer, you can generate the Cocky-Signed certificate using OpenSSL.

Install the ‘letsencrypt’ tool using the apt command below.

sudo apt install certbot -y

After the installation is complete, stop the nginx service.

systemctl cease nginx

Next, we will generate the SSL certificates for our domain proper noun ‘’ using the cerbot command line. Run the command below.

certbot certonly --standalone -d

Y’all volition be asked for the email address, and it’s used for the renew notification. For the Letsencrypt TOS agreement, type ‘A’ to agree and for the share electronic mail address, you lot tin type ‘N’ for No.

Generate Let's encrypt SSL certificate

When it’south consummate, you volition get the effect as shown below.

SSL cert created

The SSL certificates Letsencrypt for the netxcloud domain name has been generated, all located at the ‘/etc/letsencrypt/live/your-domain’ directory.

Step v – Download Nextcloud

Before downloading the nextcloud source code, make sure the unzip parcel is installed on the system. If you don’t take the package, install it using the apt command beneath.

sudo apt install wget unzip zip -y

At present go to the ‘/var/www’ directory and download the latest version of Nextcloud using the following control.

cd /var/world wide web/
wget -q

Extract the Nextcloud source code and yous will get a new directory ‘netxcloud’, change the ownership of the nextcloud directory to user ‘www-data’.

unzip -qq
sudo chown -R world wide web-data:world wide web-information /var/www/nextcloud

As a result, the Nextcloud has been downloaded nether the ‘/var/www/nextcloud’ directory, and it will exist the web root directory.

Popular:   Difference Between Housing Prices and Consumer Price Index

Download Nextcloud

Step 6 – Configure Nginx Virtual Host for Nextcloud

In this pace, nosotros will configure the nginx virtual host for nextcloud. We volition configure nextcloud to run nether the HTTPS connection and volition strength the HTTP connexion automatically to the secure HTTPS connexion.

At present go to the ‘/etc/nginx/sites-available’ directory and create a new virtual host file ‘nextcloud’.

cd /etc/nginx/sites-bachelor/
vim nextcloud

There, paste the following nextcloud virtual host configuration.

upstream php-handler {
    server unix:/var/run/php/php7.4-fpm.sock;

server {
    listen fourscore;
    heed [::]:80;
    # enforce https
    return 301 https://$server_name:443$request_uri;

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    # Use Mozilla's guidelines for SSL/TLS settings
    # NOTE: some settings below might exist redundant
    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;

    # Add together headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic get-go.
    #add_header Strict-Ship-Security "max-age=15768000; includeSubDomains; preload;" always;
    # WARNING: Only add the preload choice in one case you read about
    # the consequences in This option
    # volition add together the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header Referrer-Policy "no-referrer" always;
    add_header 10-Content-Blazon-Options "nosniff" always;
    add_header Ten-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header 10-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" ever;

    # Remove 10-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /var/www/nextcloud;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;

    # The following 2 rules are simply needed for the user_webfinger app.
    # Uncomment it if y'all're planning to utilize this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta terminal;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

    # The following rule is only needed for the Social app.
    # Uncomment it if y'all're planning to use this app.
    #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;

    location = /.well-known/carddav {
      render 301 $scheme://$host:$server_port/remote.php/dav;
    location = /.well-known/caldav {
      return 301 $scheme://$host:$server_port/remote.php/dav;

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip simply do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store individual no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json awarding/rss+xml awarding/vnd.geo+json awarding/ application/x-font-ttf application/x-spider web-app-manifest+json awarding/xhtml+xml awarding/xml font/opentype image/bmp image/svg+xml image/ten-icon text/enshroud-manifest text/css text/patently text/vcard text/vnd.rim.location.xloc text/vtt text/10-component text/x-cross-domain-policy;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    location / {
        rewrite ^ /index.php;

    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/five[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;
        # Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        # Enable pretty urls
        fastcgi_param front_controller_active truthful;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;

    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;

    # Adding the cache control header for js, css and map files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-historic period=15778463";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones to a higher place)
        # Earlier enabling Strict-Transport-Security headers delight read into
        # this topic get-go.
        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" ever;
        # Warning: Only add the preload option once y'all read about
        # the consequences in This option
        # will add the domain to a hardcoded listing that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header 10-Permitted-Cross-Domain-Policies "none" e'er;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=cake" ever;

        # Optional: Don't log access to assets
        access_log off;

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
        try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
        access_log off;

Save and exit.

Popular:   How to Setup RADIUS Server in Azure for Wireless Authentication

Enable the virtual host and test the configuration, and brand certain at that place is no fault.

ln -due south /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/
nginx -t

Now restart PHP7.4-FPM service and nginx service using the systemctl control below.

systemctl restart nginx
systemctl restart php7.four-fpm

The Nginx virtual host configuration for nextcloud has been created.

Setup Nginx virtualhost for Nextcloud

Step 7 – Configure UFW Firewall

In this tutorial, nosotros volition turn on the firewall, and we will be using the UFW firewall for Ubuntu.

Add the SSH, HTTP and HTTPS to the UFW firewall list using the command beneath.

for svc in ssh http https
ufw allow $svc

Afterward that, enable the UFW firewall and check the immune service and port.

ufw enable
ufw status numbered

And you will go the HTTP port 80 and HTTPS port 443 is on the list.

Add SSH HTTP and HTTPS to UFW Firewall

Step viii – Nextcloud Post-Installation

Open your web browser and blazon the nextcloud URL address.

And you volition exist redirected to the secure HTTPS connection.

On the Peak page, we need to create the admin user for nextcloud, type the admin user password. On the ‘Data binder’ configuration, type the total path of the ‘data’ directory ‘/var/world wide web/nextcloud/data’.

Scroll the page to the bottom, and you will get the database configuration. Type the database info that we’ve created in step 3 and so click the ‘End Setup’ button.

Install Nextcloud on Ubuntu 20.04

If you check the pick ‘Install recommended apps’, you will go the post-obit folio.

Install Recommended Application Nextcloud

Nextcloud is installing additional recommended applications for you lot.

And after the installation is complete, you lot will get the Nextcloud Dashboard as below.

Nextcloud Dashboard

The Nextcloud eighteen installation with Nginx web server and MySQL database on Ubuntu xx.04 has been completed successfully.



Suggested articles

How to Setup Nginx Web Server on Ubuntu Server (18.04, 20.04, 21.04)