How To Set Up Your Own Nextcloud Server

One of my goals for 2020 was to stop using Google's products. There are a lot of reasons why, but that's not the point of this post. I found out about Nextcloud last month and it turns out it's a great replacement for a lot of Google. I don't actually use all of its features, but I've migrated my calendar, reminders, contacts, bookmarks, video calls, photos, and news feeds and I'm really happy with it so far.

There are a lot of companies that will host Nextcloud for you where you just sign up for an account like anything else, but in case you're interested in hosting Nextcloud for yourself this post is basically a brain dump of how I did that. It took me a while to cobble together all the pieces I needed to get everything working from end to end, so I'm hoping this might save someone else from having to do the same. If you know your way around servers and Nextcloud already you can just skim the headings like a checklist to make sure you don't forget an important step. But if you want a succinct overview of the actual steps I did and commands I ran, each section contains those details. By the end you'll see how I installed Nextcloud on my own server, secured it, set up backups, and set up external storage for my photos.

Some parts are pieced together from other partial guides or longer blog posts, so where relevant the references lead to those sources. This post is more of a quick start with just the essential steps. Anything in <pointy-brackets> is meant to be replaced. So the actual command I ran was e.g. adduser kira, not adduser <name>.

What this list assumes you already have

1. Set up a server running Ubuntu and set up ssh access for yourself

1.1. ssh into your server as the root user and make yourself a new sudo user that can also ssh into the machine 1

Close this ssh session and log in as your new user to make sure it works:

Leave this ssh session open. The rest of the commands below are meant to be run on your server, unless otherwise stated.

2. Point your new server to your custom domain

There should be a way to do this in the admin section for your server. On Linode's there's a "Domains" section in the left admin menu. From there I clicked "Add a Domain" in the top right, then filled in the domain name, my email address, and selected "Insert default records from one of my Linodes" from the "Insert Defaults Records" dropdown, then I selected my new Nextcloud server from the list of Linodes. The steps might be slightly different depending what cloud server provider you're using. By the end you need DNS records pointing your domain name to your Nextcloud server. If you did this through Linode (or whatever you're using), you'll also need to update the nameservers with your domain registar.

3. Set up a basic firewall

4. Install Nextcloud

5. Set up your domain, enable https, and install an auto-updating certificate from Let's Encrypt

6. Enable 2FA on your Nextcloud account *

I managed to forget my password in the time between installing Nextcloud and trying to log in for the first time. If that happens to you, you can reset it by running sudo nextcloud.occ user:resetpassword <username>.


* Doing this means you will be required to generate "app passwords" in order to log in to your Nextcloud account in third party apps or other devices (to use Nextcloud to sync your calendar or reminders to your phone, for example.) There's a tiny box with a button that says "Create new app password" at the bottom of the "Security" admin section (under "Personal", not "Administration") where you can do that.

7. Set up backups

7.1. Turn on "local" backups

7.2. Set up "offsite" backups

#!/bin/bash
set -e

DATE=$(date '+%Y-%m-%d')

# Output to a logfile
exec &> /home/ncbackup/backups/logs/${DATE}.txt

# Export all your config and data from Nextcloud
echo "Starting Nextcloud export..."
nextcloud.export
echo "Export complete"

# Compress backed up folder
echo "Compressing backup..."
tar -zcf /home/ncbackup/backups/${DATE}.tar.gz -C /var/snap/nextcloud/common/backups/ .
echo "Nextcloud backup successfully compressed to /home/ncbackup/backups"

# Remove uncompressed backup data
rm -rf /var/snap/nextcloud/common/backups/*

# Remove backups and logs older than 5 days
echo "Removing backups older than 5 days..."
find /home/ncbackup/backups -type f -mtime +5 -delete
find /home/ncbackup/backups/logs -type f -mtime +5 -delete

# Keep 14 days of backups in Backblaze
echo "Uploading to Backblaze..."
b2 sync --keepDays 14 --replaceNewer /home/ncbackup/backups b2://<your-bucket-name>
echo "Nextcloud backup completed successfully"
# Allow ncbackup to run script as sudo
ncbackup ALL=(ALL) NOPASSWD: /usr/sbin/ncbackup.sh

* If you want to undo this for some reason you can run sudo usermod -s /bin/bash ncbackup

** Note this means you will have 6 copies of all your data on your server all the time -- 5 backups and the live versions. The backups are compressed, but it can still add up to a lot of space. Keep an eye on how much storage your server is using. Running it out of space will probably be one of the first issues you run into. I explain how to get notified when that's close to happening at the end.

*** You don't have to use vim here. Your server probably has nano installed or you can install the editor of your choice. To change the default editor on your server, run sudo update-alternatives --config editor, and choose the one you want.

8. Schedule and monitor your backups

This will run your backups once per day at 2am (in your server's timezone, probably UTC), but you can set whatever time and frequency you want, just remember to update your healthcheck to match.

9. Test your backups

Backups are only useful if you can use them to restore your data. Make sure yours work before you need them.

To test your entire server backups you can just try restoring the whole server using Linode's (or whoever's) UI. Testing the archived backups we uploaded to Backblaze is a little more involved but you'll be glad you know how to do it when you need it.

ssh into your new server for the rest of these commands

This should be all you need to restore your Nextcloud installation. It might take a while for the DNS records to propagate, so if you want to test that your restored cloud is working in the meantime you can check it directly at its IP address if you add that to the list of trusted domains:

Note this will only be available over http, so you might get a dramatic warning about security when you visit the ip address directly. To remove the ip address from the list of trusted domains once you're satisfied, run:

10. Offset your CO2

It's not going to be clear exactly what the environmental impact of your server is, but it won't be nothing. You can get a rough idea how much CO2 your server emits with tools like this one. Then you can buy carbon offsets from a reputable carbon offset vendor, like Less. I spent $10/year to offset half a tonne of CO2.

I know carbon offsetting is a long and complicated topic, and the environmental impact of computing infrastructure goes way beyond CO2 emissions, but the point is just to be aware that doing all this stuff on your computer has potentially negative consequences in the real world and to at least try to minimize them where you can and mitigate them where you can't.

Bonus

Set up a Backblaze bucket as external storage, e.g. for photos

* Make sure the name you give the external storage folder isn't already taken. I called mine "Photos", which already existed in my Nextcloud files, and it conflicted in strange and surprising ways. If you want to call your external storage folder "Photos" make sure to go delete the "Photos" folder that's already there first.

Get notified when you're approaching your storage limit

If you choose the cheapest Linode server like I did it doesn't come with much storage, and depending on how much data you have and how many backups you're leaving on the server you might run it out of storage pretty quickly. There's an app called "Quota warning" in the monitoring category you can install to get notified if you're approaching your server's storage limits. You can configure when and how it notifies you in "Additional settings" after it's installed.


That's it! I hope this helps someone avoid hours of searching through documentation, blog posts, and outdated forums. Good luck!

Discuss this post on Hacker News, Dev.to or Reddit