How to Install Nextcloud on Debian 13

Nextcloud is open-source software for creating public and private file storage. It allows you to create your self-hosted services like Dropbox, Google Drive, or Mega.nz. Originally, it's created by the original owncloud developer Frank Karlitschek. In 2016, he forks the Owncloud project and creates a new project with the new name "Nextcloud"

By this time, the Nextcloud project growing rapidly and becoming more than file hosting software, it's more like a file sync and content collaboration platform. Backed with a lot of plugins, Nextcloud becomes such a powerful collaboration software. You can install plugins for project management, video conferencing, collaborative editing, note-taking, email client, etc.

In this guide, you will learn how to install Nextcloud on the latest Debian 11 Bullseye. You will be installing Nextcloud under the LAMP Stack (Linux, Apache2/httpd, MySQL/MariaDB, and PHP).

---

Prerequisites

• A Debian 11 server. Ensure all packages are updated to the latest version
• A root user or a user with root privileges. This user will be used for installing new packages and editing system configurations; If you don’t have a user with sudo, in the next section we will see how to add a new user and give him sudo powers

---

How To Add User in Debian

In Debian, there are two command-line tools that you can use to create a new user account: useradd and adduser.

useradd is a low-level utility for adding users while the adduser a friendly interactive frontend to useradd written in Perl.

To create a new user account named username using the adduser command you would run:

sudo adduser username

Example output:

Adding user `username' ...
Adding new group `username' (1001) ...
Adding new user `username' (1001) with group `username' ...
Creating home directory `/home/username' ...
Copying files from `/etc/skel' ...

You will be asked a series of questions. The password is required, and all other fields are optional.

Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
Changing the user information for username
Enter the new value, or press ENTER for the default
	Full Name []: 
	Room Number []: 
	Work Phone []: 
	Home Phone []: 
	Other []: 
Is the information correct? [Y/n] 

On the last prompt you’ll need to confirm that the information is correct by entering “Y”.

The command will create the new user’s home directory, and copy files from /etc/skel directory to the user’s home directory. Within the home directory, the user can write, edit, and delete files and directories.

By default on Debian, members of the group sudo are granted with sudo access.

If you want the newly created user to have administrative rights, add the user to the sudo group:

sudo usermod -aG sudo username

---

How To Delete a User in Debian

If the user account is no longer needed, you can delete it either with userdel or deluser. On Debian, you should usually use the deluser command as it is more friendly than the low-level userdel.

To delete the user, without removing the user files, run:

sudo deluser username

If you want to delete the user and its home directory and mail spool, use the --remove-home flag:

sudo deluser --remove-home username

---

SSH server

---

Get Root and Update Repositories

First, execute the following command to get the root privileges.

1. If you have sudo installed, execute the sudo command below:

sudo su

Now type the password login for your user.

2. If you don't have the sudo package, execute the su command as below:

su

Now type your root password and press Enter.

3. After that, update all your Debian repositories using the apt command below:

apt update

---

Installing Apache Web Server

After updating Debian repositories, you will be installing an apache web server and enabling some Apache modules for Nextcloud.

1. Execute the apt command below to install the apache web server:

apt install apache2

Type y and press Enter to continue the installation.

2. If the installation is complete, check the apache service using the following command:

systemctl is-enabled apache2
systemctl status apache2

You will see the output enabled, which means the apache service will automatically start at system startup. And the current state of the apache service, it's active (running).

3. Next, enable Apache modules ssl, rewrite, and headers by executing the a2enmod command below:

a2enmod ssl rewrite headers

4. After that, execute the following command to restart the apache service:

systemctl restart apache2

New apache modules will be applied, verify those modules using the apachectl command below:

apachectl -M | egrep "ssl|rewrite|headers"

---

Installing and Configuring PHP

For this guide, you will be deploying Nextcloud with the latest stable version of PHP 8.1.

By default, the Debian repository provides packages for PHP 8.1. But, Nextcloud requires some additional PHP packages that can be installed from a 3rd-party repository. And you will be adding a new repository to your Debian system.

1. Execute the command below to add a PHP repository for the Debian system:

echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main"\ | sudo tee /etc/apt/sources.list.d/sury-php.list

Download the GPG key to the /etc/apt/trusted.gpg.d directory:

curl -o /etc/apt/trusted.gpg.d/sury-php8.gpg https://packages.sury.org/php/apt.gpg

Now run the apt update command again to update all repositories:

apt update

2. Install PHP packages and additional PHP modules for Nextcloud using the apt command below:

apt install -y php php-curl php-cli php-mysql php-gd php-common php-xml php-json php-intl php-pear php-imagick php-dev php-common php-mbstring php-zip php-soap php-bz2 php-bcmath php-gmp php-apcu

After that, execute the apt command again for installing some additional packages:

apt install -y libmagickcore-dev

The libmagickcore-dev packages are needed by the php-imagick for SVG image processing on Nextcloud.

3. If all packages installation is complete, change the working directory to /etc/php/8.1/apache2 and edit the configuration php.ini using nano:

cd /etc/php/8.1/apache2/
nano php.ini

For the basic nextcloud deployment, change the default options using the following configuration (here: https://www.php.net/manual/en/timezones.php you can check the correct timezone for your installation):

file_uploads = On
allow_url_fopen = On
memory_limit = 512M
upload_max_filesize = 1G
post_max_size = 2G
max_execution_time = 300
display_errors = Off
date.timezone = (see the above note)
output_buffering = Off

Uncomment the zend_extension=opcache option to load the opcache extension:

zend_extension=opcache

Move to the [opcache] section and add the following configuration:

[opcache]
...
....
.....
opcache.enable = 1
opcache.interned_strings_buffer = 8
opcache.max_accelerated_files = 10000
opcache.memory_consumption = 128
opcache.save_comments = 1
opcache.revalidate_freq = 1

Save the configuration by pressing Ctrl+x and type y, then press Enter to exit.

4. Now restart the apache service to apply new changes using the command below:

systemctl restart apache2

---

Installing and Configuring MariaDB

For this stage, you will be installing the mariadb database server, securing mariadb deployment, and creating a new database and user for Nextcloud.

1. To install the mariadb database server, run the command below:

apt install mariadb-server mariadb-client

Type y to confirm and install mariadb packages.

2. Once the installation is complete, check the mariadb service using the following command:

systemctl is-enabled mariadb
systemctl status mariadb

The mariadb service is active and running, and it's enabled to start automatically at system startup.

3. Next, you need to secure your mariadb deployment by setting up the root password for mariadb and remove some default configuration. To do that, you can use the command-line tool mysql_secure_installation, which is included on the default mariadb installation.

Execute the mysql_secure_installation command below:

mysql_secure_installation

Interactive prompts (example):

Enter current password for root (enter for none):
OK, successfully used password, moving on...
Switch to unix_socket authentication [Y/n] Y
Enabled successfully!
Reloading privilege tables..
... Success!

Change the root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!

Remove anonymous users? [Y/n] Y
... Success!

Disallow root login remotely? [Y/n] Y
... Success!

Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reload privilege tables now? [Y/n] Y
... Success!

Final message (example):

Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

---

Creating Database and User for Nextcloud

1. Log in to the mariadb shell using the mysql command below:

mysql -u root -p

2. Now execute the following mysql query to create a new database nextcloud (or whatever else you choose to name it):

CREATE DATABASE nextcloud;

3. Execute the following query to create a new database user nextclouduser (or whatever else you choose to name it). Change the strongpassword with your strong password.

CREATE USER nextclouduser@localhost IDENTIFIED BY 'StrongPassword';

4. Allow the user nextclouduser to access and write the nextcloud database using the following query:

GRANT ALL PRIVILEGES ON nextcloud.* TO nextclouduser@localhost;

5. Now reload all tables privileges to apply the new database configuration:

FLUSH PRIVILEGES;

Then you can type quit and press Enter to exit from the mariadb shell.

---

Download Nextcloud Source Code

1. Change the working directory to /var/www and download the latest version of Nextcloud source code using the wget command as below:

cd /var/www/
curl -o nextcloud.zip https://download.nextcloud.com/server/releases/nextcloud-25.0.1.zip

2. Now install the unzip package using the following command:

apt install unzip

3. Next, extract the Nextcloud source code nextcloud.zip and you will get a new directory nextcloud, then change the owner of the nextcloud directory to www-data user:

unzip nextcloud-22.1.0.zip
chown -R www-data:www-data nextcloud

Now you're ready to generate SSL Letsencrypt and configuring apache virtual host for Nextcloud.

---

Generating SSL Letsencrypt

In this stage, you will be installing the certbot tool and generate the SSL certificates for the Nextcloud installation. You will be generating SSL Letsencrypts with the webroot plugin.

1. Execute the following command to install the certbot tool for generating SSL Letsencrypt:

apt install certbot

Type y and press Enter to continue the installation.

2. Once the installation is complete, create a new directory for letsencrypt authorization using the following commands:

mkdir -p /var/lib/letsencrypt/.well-known
chgrp www-data /var/lib/letsencrypt
chmod g+s /var/lib/letsencrypt

3. Next, change the working directory to the /etc/apache2/conf-available/ and create a new configuration well-known.conf using nano:

cd /etc/apache2/conf-available/
nano well-known.conf

Copy and paste the following configuration:

Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/"
<Directory "/var/lib/letsencrypt/">
 AllowOverride None
 Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
 Require method GET POST OPTIONS
</Directory>

Press Ctrl+x and type y and press Enter to save the configuration and exit.

Now activate the new configuration by creating a symlink of the well-known.conf file to the directory conf-enabled using the ln command below:

ln -s /etc/apache2/conf-available/well-known.conf /etc/apache2/conf-enabled/

4. Now execute the following commands to verify the apache configuration and restart the apache service:

apachectl configtest
systemctl restart apache2

If you've no error, you're ready to generate SSL Letsencrypt with the webroot plugin.

5. Before generating SSL Letsencrypt, ensure your domain name is resolved to the server IP address. After that, you can generate SSL Letsencrypt with the webroot plugin by running the certbot command below. Also, change the email address and domain name to your own.

sudo certbot certonly --agree-tos --email user@email.com --webroot -w /var/lib/letsencrypt/ -d files.domain-name.io

When the process is complete, your SSL certificates are available at the /etc/letsencrypt/live/files.domain-name.io/ directory.

---

Setup Apache Virtual Host for Nextcloud

In this step, you will be adding a new apache/httpd virtual host configuration for Nextcloud.

1. Change the working directory to /etc/apache2/sites-available/ and create new configuration nextcloud.conf using nano:

cd /etc/apache2/sites-available/
nano nextcloud.conf

Change the detail domain name and SSL path directory to your own and paste the configuration to the nextcloud.conf file (change the string files.domain-name.io to the domain you are installing the nextcloud instance).

<VirtualHost *:80>
 ServerName files.domain-name.io
 ServerAlias www.files.domain-name.io
 # auto redirect HTTP to HTTPS
 Redirect permanent / https://files.domain-name.io/
</VirtualHost>

<VirtualHost *:443>
 ServerName files.domain-name.io
 ServerAlias www.files.domain-name.io
 DocumentRoot /var/www/nextcloud/
 Protocols h2 http/1.1

 # auto redirect www to non-www
 <If "%{HTTP_HOST} == 'www.files.domain-name.io'">
 Redirect permanent / https://files.domain-name.io/
 </If>

 # log files
 ErrorLog /var/log/apache2/files.domain-name.io-error.log
 CustomLog /var/log/apache2/files.domain-name.io-access.log combined

 SSLEngine On
 SSLCertificateFile /etc/letsencrypt/live/files.domain-name.io/fullchain.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/files.domain-name.io/privkey.pem

 # HSTS
 <IfModule mod_headers.c>
 Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
 </IfModule>

 <Directory /var/www/nextcloud/>
 Options +FollowSymlinks
 AllowOverride All
 <IfModule mod_dav.c>
 Dav off
 </IfModule>
 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud
 </Directory>
</VirtualHost>

Press Ctrl+x and type Y, then press Enter to save the configuration and exit.

2. Now activate the nextcloud.conf virtual host configuration by executing the following command:

a2ensite nextcloud.conf

3. Now verify the new apache configuration and make sure you have no error, then restart the apache service:

apachectl configtest
systemctl restart apache2

---

Mounting an external and setting automounting with fstab

If you want to use an external disk to store the data (i.e. the internal disk is a 128GB SSD, and you think it will not have enough space in the future), you need some litlle thing to do before starting the real installation; that’s because you have to pass the “data folder” path while installing.

We assume that you have a formatted (external) disk connected to your “Nextcloud box”; how to format a disk is out of the scope of this book.

To mount, and automount via fstab a disk you have to follow this steps:

1. List all the disk mounted in your disk:

root@***:/# fdisk -l
Disk /dev/sda: 238.47 GiB, 256060514304 bytes, 500118192 sectors
Disk model: KINGSTON SKC6002
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: 0A40E05A-39BE-4E1C-8615-E89A7120B3EB

Device         Start       End   Sectors  Size Type
/dev/sda1       2048   1050623   1048576  512M EFI System
/dev/sda2    1050624 498116607 497065984  237G Linux filesystem
/dev/sda3  498116608 500117503   2000896  977M Linux swap

Disk /dev/sdb: 1.82 TiB, 2000398934016 bytes, 3907029168 sectors
Disk model: RAID
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: E56B6393-517A-4AFD-95D6-4CC40ED1F81F

Device     Start        End    Sectors  Size Type
/dev/sdb1   2048 3907028991 3907026944  1.8T Linux filesystem

The disk we want to use is mounted on /dev/sdb.

Type the command file -s /dev/sdb and press Enter to find the file system of the drive, replacing /dev/sdb with the correct device name.

• The FAT32 file system will be listed after OEM-ID as mkdosfs
• The NTFS file system will be listed as NTFS
• If EXT4 is listed in the results of the command, the drive uses the Linux EXT4 file system (this is our case).

Create a mount point for your device by typing mkdir /mnt/ext and pressing Enter.

A mount point is simply a directory where the files from your drive will be linked so that you can locate them.

The directory name, ext in the example, can be any name that you would like, just avoid using spaces and remember that the name is case-sensitive.

Mount the device with the mount -t vfat /dev/sdb /mnt/ext command, followed by the Enter key.

The notation /dev/sdb means all the physical disk, while /dev/sdb1 means only the specific logic volume on the physical disk; in this case we are using the whole disk.

Replace sdb and ext with the appropriate device and directory. Replace vfat (used for FAT32 file systems) with ntfs-3g for NTFS file systems or ext4 for EXT4 file systems.

To unmount the drive when you are finished, type umount /dev/sdb and press Enter.

Now that we know what disk we’ll use, we need an UUID, we’ll read it trough the blkid command:

root@***:# blkid /dev/sdb
/dev/sdb: PTUUID="e56b6393-517a-4afd-95d6-4cc40ed1f81f" PTTYPE="gpt"

root@***:# blkid /dev/sdb1
/dev/sdb1: LABEL="***" UUID="9a4d9706-4fa5-4f9e-9d45-9b6f03099ea2" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="2c62e3ca-9c0c-4455-a939-960b5c089846"

We’re gonna mount the logical volume (sdb1) so we need this UUID to set in /etc/fstab, use less to see without modify the actual fstab:

root@***:/# less /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# systemd generates mount units based on this file, see systemd.mount(5).
# Please run 'systemctl daemon-reload' after making changes here.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
# / was on /dev/sda2 during installation
UUID=7e3f4840-09d6-446c-b5f8-ae221c166ad0 /               ext4    errors=remount-ro 0       1
# /boot/efi was on /dev/sda1 during installation
UUID=6969-2748  /boot/efi       vfat    umask=0077      0       1
# swap was on /dev/sda3 during installation
UUID=c14bcfe3-0f5d-461c-8a5a-e19a63f45908 none            swap    sw              0       0

UUID="9a4d9706-4fa5-4f9e-9d45-9b6f03099ea2" /media/ext auto rw,user,auto 0 0
UUID=9a4d9706-4fa5-4f9e-9d45-9b6f03099ea2 /media/ext auto defaults 0 0

As you can see the system write some information during installation, but some other we have to modify: this are the UUID="9a4d9706-4fa5-4f9e-9d45-9b6f03099ea2" /media/ext auto rw,user,auto 0 0 line, the other line was added directly from systemd.

Now that we have the correct fstab we can issue the command systemctl daemon-reload and proceed to install the nextcloud instance.

---

Nextcloud Installation

If all related server configuration is complete, you can access your Nextcloud installation with the web browser.

1. Open your web browser and type the URL address of your Nextcloud installation:

https://files.domain-name.io

Create your first and admin user for Nextcloud and the data directory is writable by the user `www-data’.

2. Scroll the page to the bottom, type details database name, user, and the password. For the option Install recommended apps, uncheck it to make installation faster. Then click the Finish setup button to install Nextcloud.

3. If the installation is successful, you will see the Nextcloud dashboard as below.

4. Now click the user icon at the top right and click the menu Settings. At the Administration section, click Overview.

• At the Security and setup warnings section, you will some recommendation that you need to do, depends on your installation environment.
• At the Versions section, you will see the current branch of your Nextcloud installation.

5. Next, click the menu System at the bottom of the Administration section.

You will see details of your environment, system load, disk space status, memory status, network status, etc.

6. As said before, the nextcloud has become more than just file sync. With the support of additional apps/plugins, it's become a collaboration suit.

At the profile icon top right, click the menu Apps, and you will see nextcloud apps store as below.

Choose the apps you want to install, then click the button Download and enable to install new apps.

7. Below is the default view of the Nextcloud user dashboard. You can extend the functionality of your dashboard by installing additional plugins.

---

Nextcloud Performace Tuning

After installed Nextcloud, you can do some steps further to increase the Nextcloud performance by enabling the local memory cache and setting up a cronjob for Nextcloud itself.

1. At the top PHP installation section, you already set up the PHP for caching. To enable caching on Nextcloud, edit the Nextcloud configuration config.php.

Change the working directory to /var/www/nextcloud/config and edit the configuration config.php using nano editor:

cd /var/www/nextcloud/config/
nano config.php

Add following configuration inside the array ( .. ); bracket as below:

<?php
$CONFIG = array (
....
 # Additional configuration
 'memcache.local' => '\OC\Memcache\Redis',
);

Now press the Ctrl+x button and type y, then press Enter to save the configuration and exit.

Here you have a real config file from my installation (sensitive data are obscured); see below to configure and secure Redis, or hoew to mount/automount an external volume:

<?php
$CONFIG = array (
  'instanceid' => '*******************',
  'passwordsalt' => '*******************',
  'secret' => '*******************',
  'memcache.local' => '\OC\Memcache\Redis',
  'redis' =>
    array (
    'password' => '*******************',
     ),
  'trusted_domains' =>
  array (
    0 => '192.168.1.*',
    1 => 'localhost',
    2 => '127.0.0.1',
    3 => '***.com',
    4 => '****.es',
  ),

  'datadirectory' => '/media/ext/data',
  'dbtype' => 'mysql',
  'version' => '25.0.1.1',
  'overwrite.cli.url' => 'https://192.168.1.*',
  'dbname' => '*******************',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => '***_',
  'mysql.utf8mb4' => true,
  'dbuser' => '*******************',
  'dbpassword' => '*******************',
  'installed' => true,
  'forceSSLforSubdomains' => false,
  'default_phone_region' => 'ES',
  'mail_from_address' => 'info',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => '***.org',
  'mail_smtpauth' => 1,
  'mail_smtphost' => '***.net',
  'mail_smtpport' => '25',
  'mail_smtpname' => '***@***.es',
  'mail_smtppassword' => '*******************',
  'maintenance' => false,
);

2. A Nextcloud system needs to run some background tasks on regular basis and without any user/admin interaction. To do that, you can use the cronjob for task scheduler Nextcloud tasks.

On the Debian Linux system, the default apache installation is running under the user is www-data. Create a new cronjob for user www-data using the command below:

crontab -u www-data -e

If you've multiple editors on your system, choose the editor as your comfortable use. For this guide, we will be using a nano editor.

Add the following configuration (you have to call --define apc.enable_cli=1 Because is disabled by default):

*/5  *  *  *  * php -f /var/www/nextcloud/cron.php --define apc.enable_cli=1

Save the configuration and exit.

Cronjob configuration you must know:

This cronjob configuration allows user www-data to execute the PHP script /var/www/nextcloud/cron.php every 5 minutes.

To verify the cronjob configuration, you can execute the following command:

crontab -u www-data -l

If your configuration is a success, you will get the configuration on top as your output. Otherwise, you will get a blank result.

---

Conclusion

Congratulation! You have successfully installed Nextcloud on Debian 11 Bullseye. The Nextcloud server is running under the LAMP Stack with SSL enabled. There are still some small tweaks to do to improve performance and install and configure Redis for caching (if you haven't already done so).

---

How to Fix Common NextCloud Performance Issues

The Nextcloud default PHP configuration values are not tailored for applications that require connections to be open for minutes (or hours) to facilitate large file uploads.

Getting NextCloud up and running may seem like a simple process, with all sorts of Bash installation scripts available on the Internet for installing NextCloud on a virtual or dedicated server. But an out of the box installation of NextCloud is not usually ready for production use.

Very basic functionality in NextCloud, such as uploading and downloading large files, can be broken without the administrator even being aware, if it is not tested prior to rolling out NextCloud to your organization’s users.

If your network architecture has a proxy or load balancer in front of the NextCloud app server(s), the web server and PHP timeouts should be checked on the NextCloud servers, in addition to connection timeouts on the load balancer.

Below we have listed some of the most common errors that are reported to NextCloud administrators by their users, and how you can troubleshoot to resolve them. We recommend trying these steps for intermediate to advanced users of Linux, keeping in mind to restart HAProxy, Nginx, or PHP-FPM after making each change.

---

Can’t upload large files > 512 MB to NextCloud (from browser)

Are you using NextCloud behind any reverse proxies? Reverse proxies may include CloudFlare, cloud managed load balancers, or any load balancer. CloudFlare’s free tier imposes a 100 MB max upload size. Try disabling CloudFlare by grey clouding the DNS entry for your NextCloud instance.

If you must use CloudFlare or a similar reverse proxy, you will only be able to upload large file using the NextCloud desktop client, as the desktop client is configured to split files into chunks for uploading which are then reassembled on the server-side.

Max upload sizes and connection timeouts are hard coded with cloud managed load balancers, so we recommend using a custom load balancer such as HAProxy instead. If using HAProxy, in the defaults or frontend section(s) of the haproxy.cfg file, the values should be set as follows:

timeout connect 30s
timeout client 2h
timeout server 2h

Add or modify these values in the php.ini and/or php-fpm.d/www.conf file (for PHP-FPM installations). The upload_max_size should always be <= post_max_size. You can set the values higher than 4GB if users will upload files larger than that through the web interface.

max_execution_time >= 300
max_input_time >= 300
memory_limit >= 512M
post_max_size >= 4GB
upload_max_filesize >= 4GB

Add or modify these directives in the ssl server block in your Nginx configuration for NextCloud. Setting the client_max_body_size to 0 means that uploads will not be limited by Nginx.

client_max_body_size 0;
fastcgi_buffers 64 4K;

---

Downloads of files from NextCloud fail at 1GB

Add or modify these directives in the ssl server block in your Nginx configuration for NextCloud. The fastcgi_max_temp_file_size defaults to 1GB that is why downloads of large files fail at exactly 1GB.

proxy_buffering off;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
fastcgi_max_temp_file_size 0;

---

Can’t login to NextCloud (can’t submit or redirects back to login form)

• Make sure /var/lib/php/session is owned by the web server user. The ownership of this directory can sometimes be set to root:apache after upgrading PHP through the package repositories.
• CloudFlare’s Rocket Loader can conflict with the Content Security Policy (CSP) that is recommended for NextCloud in the official documentation. Disable Rocket Loader and other security or performance optimizations using a Page Rule.
• If you have multiple NextCloud app servers behind a load balancer, set up shared session storage in php.ini with a database or Redis session handler.

---

Web interface is very slow or encountering 503 Service Unavailable errors

Enable memory caching for NextCloud with APCu, Memcached, or Redis. For a single-node NextCloud deployment, APCu is the simplest memory cache to configure. For a multi-node deployment, Redis should be used for distributed caching, in addition to Transactional File Locking (if not using NFSv3 or v4 with file locking enabled, or object storage) with two separate Redis databases using the 'dbindex' option.

Disable thumbnail generation by adding the following line to config/config.php in your NextCloud app folder:

'enable_previews' => false,

(Look at the above config.php file to calrify)

---

How To Install and Secure Redis on Debian 11

Introduction

Redis is an in-memory key-value store known for its flexibility, performance, and wide language support. This tutorial demonstrates how to install, configure, and secure Redis on a Debian server.

---

Step 1 — Installing and Configuring Redis

In order to get the latest version of Redis, we will use apt to install it from the official Debian repositories.

Type this command to switch to root user:

sudo su

Type your password when asked ans hit Enter.

Update your local apt package cache and install Redis by typing:

apt update
apt install redis

This will download and install Redis and its dependencies. Following this, there is one important configuration change to make in the Redis configuration file, which was generated automatically during the installation.

Open this file with your preferred text editor:

nano /etc/redis/redis.conf

Inside the file, find the supervised directive. This directive allows you to declare an init system to manage Redis as a service, providing you with more control over its operation. The supervised directive is set to no by default. Since you are running Debian, which uses the systemd init system, change this to systemd:

# supervised no - no supervision interaction
# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
# supervised auto - detect upstart or systemd method based on
# UPSTART_JOB or NOTIFY_SOCKET environment variables
supervised systemd

That’s the only change you need to make to the Redis configuration file at this point, so save and close it when you are finished. Then, reload the Redis service file to reflect the changes you made to the configuration file:

systemctl restart redis

---

Step 2 — Testing Redis

Start by checking that the Redis service is running:

sudo systemctl status redis

If it is running without any errors, this command will produce output similar to the following:

● redis-server.service - Advanced key-value store
 Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; vendor preset: enabled)
 Active: active (running) since Wed 2018-09-05 20:19:44 UTC; 41s ago
 ...
 └─10841 /usr/bin/redis-server 127.0.0.1:6379

To test that Redis is functioning correctly, connect to the server using the command-line client:

redis-cli

In the prompt that follows, test connectivity with the ping command:

PONG

Next, check that you’re able to set keys by running:

set test "It's working!"

Output:

OK

Retrieve the value by typing:

get test

Output:

"It's working!"

Exit the Redis prompt to get back to the shell:

exit

As a final test, restart the Redis instance:

sudo systemctl restart redis

Then connect with the command-line client once again and confirm that your test value is still available:

redis-cli
get test

Output:

"It's working!"

Exit:

exit

---

Step 3 — Binding to localhost

By default, Redis is only accessible from localhost. To ensure this, open the Redis configuration file:

nano /etc/redis/redis.conf

Locate this line and make sure it is uncommented:

bind 127.0.0.1

Restart the service:

systemctl restart redis

To check that this change has gone into effect, run:

netstat -lnp | grep redis

Output:

tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 10959/redis-server

---

Step 4 — Configuring a Redis Password

Open the configuration file:

nano /etc/redis/redis.conf

Scroll to the SECURITY section and look for:

# requirepass foobared

Uncomment it and change foobared to a secure password.

Generate a random password:

openssl rand 60 | openssl base64 -A

Example output:

RBOJ9cCNoGCKhlEBwQLHri1g+atWgn4Xn4HwNUbtzoVxAYxkiYBi7aufl4MILv1nxBqR4L6NNzI0X6cE

Set it:

requirepass RBOJ9cCNoGCKhlEBwQLHri1g+atWgn4Xn4HwNUbtzoVxAYxkiYBi7aufl4MILv1nxBqR4L6NNzI0X6cE

Restart Redis:

systemctl restart redis.service

Test it:

redis-cli
set key1 10
(error) NOAUTH Authentication required.
auth your_redis_password
OK
set key1 10
OK
get key1
"10"
quit

---

Step 5 — Renaming Dangerous Commands

Open the configuration file once more:

nano /etc/redis/redis.conf

To disable a command, rename it to an empty string:

rename-command FLUSHDB ""
rename-command FLUSHALL ""
rename-command DEBUG ""

To rename a command:

rename-command SHUTDOWN SHUTDOWN_MENOT
rename-command CONFIG ASC12_CONFIG

Restart Redis:

systemctl restart redis

Test:

redis-cli
auth your_redis_password
OK
config get requirepass
(error) ERR unknown command 'config'
asc12_config get requirepass
1) "requirepass"
2) "your_redis_password"
exit

Note: If you’re already using the Redis command line and then restart Redis, you’ll need to re-authenticate. Otherwise, you’ll get this error if you type a command:

NOAUTH Authentication required.

Regarding the practice of renaming commands, there’s a cautionary statement at the end of the SECURITY section in /etc/redis/redis.conf which reads:

Please note that changing the name of commands that are logged into the AOF file or transmitted to slaves may cause problems.

Thus, the best way to handle renaming in cases like that is to make sure that renamed commands are applied to all instances in master-slave installations.