Paul Ligocki

Setup NextCloud VM – hanssonit

Setup NextCloud VM – hanssonit.
Version 0.01 (202010)

Obtain OVA

The official Nextcloud VM (Virtual Machine) is available over at hanssonit
There is an OVA available to VirtualBox or VMWare as well as VHDX for HyperV.

Default Credentials

  • USER: ncadmin
  • PASS: nextcloud

Can be found in the Description section of the OVA

Virtual Box Appliance Install

The steps below will detail how to set up a highly insecure dev test instance of NextCloud. Make sure it remains behind a NAT and is never made accessible from the internet.

Oracle VM VirtualBox Manager>File>Import Applicance>
Source: Local File System
FIle:Nextcloud_VM_www.hanssonit.se.ova

[Import]

OS:
Ubuntu Server 20.04 LTS

Machine>Settings>Network>Adapter 1>Attached to: NAT
Machine>Settings>Network>Adapter 1>Advanced>Port Forwarding>+>
Host Port: 9999
Guest Port: 80

OK

Ubuntu 20.04 LTS nextcloud tty1

ssh ncadmin@nextcloud

Login with default credentials

UserName: 

ncadmin
Password:
nextcloud
┤ Nextcloud VM Startup Configuration Menu ├
│ Running a server, it's important that certain things are correct. │
│ In the following menu you will be asked to setup the most basic stuff of your server. │
│ The script is smart, and have already pre-selected the values that you'd want to change based on the current settings. │
nextcloud 
No
To make downloads as fast as possible when updating Ubuntu you should have downlaod mirrors that are as close as possible.

Please note that there are no garantee that the download mirros this script will find are staying up for hte lifetime of this server.

OK

Do you want to try to find a better mirror? ([y]es or [N]o):
No

OK

OK

OK

Current timezone is Etc/UTC
Do you want to change the timezone? ( [y]es or [N[o):
No

OK

OK

Do you want to install TLS? ( [y]es or [N]o):
No
OK, but if you want to run it later, just type: sudo bash /var/scripts/activate-tls.sh
Press any key to continue...
OK
OK
For better security, change the system user password for [ncadmin]
Press any key to change password for system user...
$up3r$3cr3tP@$$w0rd?
The current admin user in Nextcloud GUI is [ncadmin]
We will now replace this user with your own.
Press any key to replace the current admin user for Nextcloud...
any key
Please enter the username for your new user:
NextCloudUser
Enter passowrd:
$up3r$3cr3tP@$$w0rd?
Confirm password:
$up3r$3cr3tP@$$w0rd?

OK

Scripts Directory

/var/scripts

  • activate-tls.sh
  • apps.sh
  • configuration.sh
  • history.sh
  • menu.sh
  • nextcloud.sh setup_secure_permissions_nextcloud.sh
  • updatenotification.sh
  • update.sh

Access Nextcloud (TCP 443)

http://127.0.0.1:9999/nextcloud (HTTP)
It's recomended to get your own certificate and replace the self-signed certificate to your own. The easiest way to get a real TLS certificate is to run the Lets' Encrypt script included on this server.
Just run 'sudo bash /var/scripts/activate-tls.sh' from your terminal and follow the instructions.

Access Webmin (TCP 443)

http://127.0.0.1:10000 (HTTP)
Note: To access Webmin externally you have to open port 10000 in your router, it's not recomended though due to security concerns.

Access Adminer (TCP 9443)

http://127.0.0.1:9999/adminer.php (HTTP)
Note: Your LAN IP is set as approved in /etc/apache2/conf-available/adminer.conf, all other access is forbidden.

If you need to add in any additional trusted domain. The config file is located over at
/var/www/nextcloud/config/config.php

Install Own TLS certificate

  • Put your own certificate under /etc/ssl/certs/
  • Put your own key under /etc/ssl/private/
  • SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
  • SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

Edit these two config files to point to you cert and key

  • sudo nano /etc/apache2/sites-available/default-ssl.conf
  • sudo nano /etc/apache2/sites-available/nextcloud_tls_domain_self_signed.conf

Reboot

  • https://nextcloud.com/
  • https://docs.nextcloud.com/server/20/admin_manual/configuration_server/config_sample_php_parameters.html

paulligocki

, ,