Linux nextcloud personal network disk deployment

Linux nextcloud personal network disk deployment

  • First level directory
    • Secondary directory
      • Third-level directory
  • 1.Install nextcloud
  • 2.Configure nextcloud
  • 3. Network and security settings
    • 3.1 Modify the service port of personal server nextcloud
    • 3.2 Firewall
    • 3.3 Configure trust domain
      • Method 1: Add a single IP to the trusted domain through the command
      • Method 2: Edit the configuration file and cancel the trust domain restriction (allow access from any IP)
    • 3.4 ipv6 access
    • 3.5 Domain name access

First-level directory

Secondary directory

Third-level directory

It only takes three steps to deploy nextcloud on cloud servers and home servers?

1. Install nextcloud

1.1 Preparation work

Update apt software directory

sudo apt update

Install/update snap store

sudo apt install snapd

1.2 Install nextcloud from snap store

sudo snap install nextcloud

2. Configure nextcloud

2.1 Set nextcloud administrator username and password

sudo nextcloud.manual-install your username your password

Nextcloud can now be accessed on the nextcloud server host using the browser input 127.0.0.1.

Or access it through the LAN on other computers (the method of querying the LAN IP will not be described here)

3. Network and security settings

3.1 Modify the service port of personal server nextcloud

It is not necessary to change the default port, but port 80 is vulnerable to network attacks. If you are afraid of network attacks, you can change the port.

Use ports with numbers greater than 60000 to avoid covering special function ports, such as 60001

Example of changing the port to 60001

sudo snap set nextcloud ports.http=60001

Note: Change to any port other than 80. When the browser accesses nextcloud, it needs to use the form of ip:port number to successfully access. for example

127.0.0.1:60001

As shown in the figure, the port is successfully accessed

You cannot access it successfully without adding port information (if you add it, you cannot access it because of the firewall)

3.2 Firewall

  • Install firewall
sudo apt install ufw
  • View firewall status
sudo ufw status

As shown in the picture: My firewall is currently turned off

  • Start firewall
sudo ufw enable

Check the status again: My firewall has been opened and port 22 (ssh service) has been released.

Now due to firewall protection, nextcloud cannot be accessed through the network.

  • Release the nextcloud service port in the firewall (replace it with the port number you set, the default is 80)
sudo ufw allow 60001

screenshot

After the addition is successful, you can check the firewall status, or try whether the LAN can access nextcloud.

3.3 Configure trust domain

The trust domain is the security mechanism of nextcloud. Only when the IP of your host (which may also be a mobile phone or other device) is in the trust domain can you successfully log in to nextcloud. nextcloud only allows access to devices in trusted domains.

Method 1: Add a single IP to the trusted domain through commands

sudo nextcloud.occ config:system:set trusted_domains 1 --value=your IP address or domain name

Method 2: Edit the configuration file and cancel the trust domain restriction (allow access from any IP)

  • Modify the nextcloud configuration file config.php. The installation via snap is in this directory.
$ cd /var/snap/nextcloud/current/nextcloud/config

$ ls
autoconfig.php config.old config.php config.sample.php

$ sudo vim config.php
  • Modify trusted_domains content
    ![[Use of nextcloud-9.png]]

before fixing

 'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'localhost',
  ),

After modification

 'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => preg_match('/cli/i',php_sapi_name())?'localhost':$_SERVER['SERVER_NAME'],
  ),

3.4 ipv6 access

  • Test ipv6 support

Open test website IPv6 test

If the test result is like this, your device supports ipv6 network, you can use ipv6 to remotely access nextcloud
![[nextcloud deployment and use, only three steps-4.png]]\

  • View the ipv6 address of the nextcloud host
ip a

The WAN ipv6 address must be in the scope global dynamic mngtmpaddr noprefixroute line
![[Use of nextcloud-10.png]]

  • To access IPv6, you need to add square brackets at both ends of the address.
    Assume that your nextcloud host ipv6 address is 2409:8a62:82f:2612:f805:a724:ad31:d3d7,
    Your nextcloud service port number is 60001,
    Log in to nextcloud via the Internet on any device and enter the address in the browser:
[2409:8a62:82f:2612:f805:a724:ad31:d3d7]:60001

IPv6 access successful
![[Use of nextcloud.png]]

3.5 Domain name access

You can also register a domain name and log in through the domain name, such as www.myclould.com

Just tell me the steps:

  • Register a domain name (real-name registration, but also filing): Domain name registration services are available on Tencent, Alibaba, and Huawei websites. Buying a domain name is simple, but filing is a little troublesome.
  • DDNS dynamic domain name resolution (when the IPv6 address changes, the new address is automatically resolved to the DNS server)

Domain name + DDNS is really easy to use and really needed! Never need to memorize ipv6 addresses! Never need to worry about ipv6 address changes!
![[Use of nextcloud-13.png]]

  • Pay attention to network security and don’t make your password too simple!

For reference in this article, thank the author:

[NextCloud] Guide to setting up a private cloud disk – Get rid of the domestic network disk nightmare_bilibili_bilibili

Ubuntu installation NextCloud related commands_LuckyNiuJY’s blog-CSDN blog

The most comprehensive collection of network port numbers in history, collect it! – Know almost

Ubuntu 22.04 LTS – Open ports, delete already open ports_ufw delete ports_Live well, don’t stay up late blog-CSDN blog