Nextcloud
Host
AppImage
Nextcloud apps can be binary blobs which depend on fuse and may also require X11 features such as fonts. The X11 client depends on Qt
apt install fuse qt6-base-dev libasound2
Server
MySQL
apt install mariadb-server rehash mariadb-secure-installation
mysql CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_520_ci; CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'nextcloud'; GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost'; FLUSH PRIVILEGES;
Apache/PHP
apt install apache2 libapache2-mod-php php-mysql php-common php-gd php-xml php-mbstring php-zip php-curl php-pear php-json php-imagick php-dev php-soap php-bz2 php-bcmath php-gmp php-apcu libmagickcore-dev php-redis php-memcached php-intl
mkdir -p /var/www/htdocs
Download the latest release. This ZIP file is approx 254 MB in size but the download seems to be throttled and this will take a while.
cd /var/www/htdocs wget "https://download.nextcloud.com/server/releases/latest.zip" unzip latest.zip mv nextcloud nextcloud.example.com chown -R www-data:www-data nextcloud.example.com
This configuration is for basic HTTP, for HTTPS acme.sh should be installed and apache2 configured for SSL/TLS.
#https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
<VirtualHost x.x.x.x:80>
ServerName nextcloud.example.com
DocumentRoot "/var/www/htdocs/nextcloud.example.com"
<Directory "/var/www/htdocs/nextcloud.example.com">
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
CustomLog /var/log/apache2/nextcloud.example.com/access.log combined
ErrorLog /var/log/apache2/nextcloud.example.com/error.log
</VirtualHost>
diff php.ini.dist php.ini 435c435 < memory_limit = 128M --- > memory_limit = 1G 703c703 < post_max_size = 8M --- > post_max_size = 2G 855c855 < upload_max_filesize = 2M --- > upload_max_filesize = 2G
diff conf.d/10-opcache.ini.dist conf.d/10-opcache.ini 4c4,14 < opcache.jit=off --- > ;opcache.jit=off > ; > opcache.enable=1 > opcache.enable_cli=1 > opcache.revalidate_freq = 60 > opcache.memory_consumption = 256M > opcache.interned_strings_buffer = 128M > opcache.max_accelerated_files=10000 > opcache.save_comments = 1 > opcache.jit = 1255 > opcache.jit_buffer_size = 8M
Maintenance
cd /var/www/htdocs/nextcloud.example.com
sudo -u www-data php occ -V Nextcloud 31.0.8
sudo -u www-data php occ maintenance:repair --include-expensive sudo -u www-data php occ db:add-missing-indices sudo -u www-data php occ config:system:set maintenance_window_start --type=integer --value=1 sudo -u www-data php occ config:system:set default_phone_region --value="GB"
sudo -u www-data php occ -V Nextcloud 32.0.1
sudo -u www-data php occ maintenance:repair --include-expensive sudo -u www-data php occ db:add-missing-indices sudo -u www-data php occ app:disable app_api sudo -u www-data php occ app:enable notify_push
CRON
crontab -u www-data -e
*/5 * * * * php -f /var/www/htdocs/nextcloud.example.com/cron.php
REDIS
apt install redis-server
Enable REDIS UNIX socket listener on localhost and restart.
diff -u redis.conf.dist redis.conf --- redis.conf.dist 2025-08-28 13:54:17.278421605 +0100 +++ redis.conf 2025-08-28 13:54:30.438443060 +0100 @@ -136,7 +136,7 @@ # Accept connections on the specified port, default is 6379 (IANA #815344). # If port 0 is specified Redis will not listen on a TCP socket. -port 6379 +port 0 # TCP listen() backlog. # @@ -153,8 +153,8 @@ # incoming connections. There is no default, so Redis will not listen # on a unix socket when not specified. # -# unixsocket /run/redis/redis-server.sock -# unixsocketperm 700 +unixsocket /run/redis/redis-server.sock +unixsocketperm 777 # Close the connection after a client is idle for N seconds (0 to disable) timeout 0
Enable REDIS file locking in nextcloud config.php
'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => '/run/redis/redis-server.sock', 'port' => 0, 'timeout' => 0.0, ),
Memory cache
Enable localhost cache in nextcloud config.php
'memcache.local' => '\OC\Memcache\APCu',
GOOGLE authenticator
Locate TOTP within apps and enable it.
Enable 2FA system wide.
Office
Do not install the built-in CODE server but follow this guide to setting up a standalone server which is superior.
After install ensure the WOPI allow list is set:
sudo -u www-data php occ config:app:set richdocuments wopi_allowlist --value IPADDRESS_OF_COLLABORA_SERVER
This limits which hosts can request docs to edit from Nextcloud.
Router
When running Nextcloud at home, router configuration can be a consideration.
ddclient
For servers at home on domestic internet connections ddclient can be used to update a dynamic DNS provider whenever the public internet address changes on the router.
For IPv6 hosts, an additional update is required for Nextcloud office integration setting the WOPI allowlist to the address of the local machine.
Ports
Access to Nextcloud from the internet will require ports 80 and and 443 for HTTP and HTTPS.
If Collabora is configured, then whatever port is used for the proxy will also need to be accessible.
Client
Download the app image.
wget https://github.com/nextcloud-releases/desktop/releases/download/v3.16.2/Nextcloud-3.16.2-x86_64.AppImage chmod +x Nextcloud-3.16.2-x86_64.AppImage
Run client
setenv DISPLAY somewhere:0.0 ./Nextcloud-3.16.2-x86_64.AppImage
