How to Install Nextcloud 10 with Nginx on Debian 8

Nextcloud is an open source file sync and share software. It is a fork of ownCloud and finds its usage both at individual and Enterprise level. It was recently started by Frank Karlitschek who founded  the ownCloud project earlier. Nextcloud not only has all the features of ownCloud but also plans to provide new and innovative ones.

In this article, we will learn how to install the latest version of Nextcloud on Debian 8 using Nginx ( pronounced as EngineX ), MariaDB and PHP7.

1) Install Nextcloud

Nextcloud files are available for download from the Nextcloud servers. We can download the zip file and unzip it to complete the installation.

# wget
# unzip

Let us move the nextcloud directory to /var/www and and change the ownership to www-data

# mkdir /var/www/

# mv nextcloud /var/www/

# rm -f

# chown -R www-data: /var/www/nextcloud

2) Install Nginx

Nginx is and open sourced and one of the most common web servers available. It works efficiently, scales well with minimum hardware and provides good response even under load. Installing it is just a simple task of executing the apt-get install command.

# apt-get update

# apt-get install nginx -y

We can check the version of nginx that got installed and also the status to see if the service started.

# nginx -v

#service nginx status

Alternatively, we can also point browser to the server's IP and view the nginx welcome page:

Nginx-Web Verification

3) Install MariaDB

Install the MariaDB server and client software

# apt-get install mariadb-server-10.0 mariadb-client-10.0 -y

At the time of configuring the DB, you will be asked to set a password for the "administrative" root user.  Provide a password and exit.

Verify the installed version

# mysql --version
mysql Ver 15.1 Distrib 10.0.27-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

We can further secure the installation by running MySQL secure installation. This is recommended for production servers.

# mysql_secure_installation


In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n
... skipping.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

4) Create a database and user for Nextcloud

Login to the MariaDB using the password that was set earlier while configuring the DB.

# mysql -u root -p
Enter password:

Now, create a user and set a password for the same user.

MariaDB [(none)]> create database nextcloud;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> create user nxtcloudadmin@localhost identified by 'admin123';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nextcloud.* to nxtcloudadmin@localhost identified by 'admin123'
-> ;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit;

5) Enable binary logging for MariaDB

Binary log contains both data changes and structural changes done to the DB. This log will be useful in replication and data restoration. In order to enable this, edit the file /etc/mysql/my.cnf and add the following lines

log-bin = /var/log/mysql/mariadb-bin
log-bin-index = /var/log/mysql/mariadb-bin.index
binlog_format = mixed

After this, reload the mysql server

# service mysql reload

6) Install PHP7

First, check if PHP is already installed on your system. To do this, execute the below command

# dpkg --list |grep php

If not, then find out the Debian version you have and get the corresponding packages.

# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 8.6 (jessie)
Release: 8.6
Codename: jessie

In the above example, the release name is 'jessie'. Hence, let us add the jessie package details to the sources list, add the key and then install the required PHP packages.

# echo 'deb jessie all' >> /etc/apt/sources.list
# echo 'deb-src jessie all' >> /etc/apt/sources.list

# cd /tmp
# wget
# apt-key add dotdeb.gpg

apt-get update

root@debian-linoxide:~# apt install php7.0-common php7.0-fpm php7.0-cli php7.0-json php7.0-mysql php7.0-curl php7.0-intl php7.0-mcrypt php-pear php7.0-gd php7.0-zip php7.0-xml php7.0-mbstring

7) Get a free SSL certificate for Nextcloud domain

In order to enable HTTPS on any website, we need to get a certificate from a Certificate Authority (CA). 'Let's Encrypt' is a CA which provides free SSL certificates for domains.

For this, we need to install 'git' package first and then clone the GitHub repository to download letsencrypt

# apt-get install git bc -y

# git clone

Now, we can get the SSL certificate by changing to 'letsencrypt' directory and issuing a single command:

# /letsencrypt-auto certonly --standalone --email <your-email-address> --agree-tos -d <your-node-name>
letsencrypt output

8) Setting up virtual host for your domain

To create a virtual host, create a file with your domain name with '.conf' extension (for example, in this case) in the path /etc/nginx/sites-enabled and add the contents given below.

Note: You need to replace the node name (in red colour) with your own domain name and change the ssl certificate path (in blue) to wherever your ssl certificate resides.

upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;

server {
listen 80;

server {
listen 443 ssl;

ssl_certificate /etc/letsencrypt/live/;
  ssl_certificate_key /etc/letsencrypt/live/;

# Path to the root of your installation
root /var/www/nextcloud/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;

location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;

location / {

rewrite ^/remote/(.*) /remote.php last;

rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

try_files $uri $uri/ =404;

location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass php-handler;
fastcgi_intercept_errors on;

# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;

# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;

9) Accessing the Nextcloud web interface

In order to create and manage your Nextcloud administrative account, point your browser to your domain name. In this example, it is ''. This open up a window as shown below, asking for creating an admin account. At the bottom of the same page, you will notice another box asking for database user, password and database name. Here enter the details of the account that you created while installing MariaDB and press the 'Finish Setup' button.


Congratulations! You have now set up your own Nextcloud server and can start sharing files using it.

Nextcloud page


Nextcloud is a safe place for anyone including enterprises to store, share and protect their files or data. It can also be used for sharing calendars, contacts, communication etc without worrying about their safety. It focuses on the needs of users and customers and is trying to add more features to it. Overall, a nice tool to use.

4 Comments... add one

  1. nginx -c /etc/nginx/sites-enabled/
    nginx: [emerg] "upstream" directive is not allowed here in /etc/nginx/sites-enabled/

    If I remove upstream I get a new error:

    nginx -c /etc/nginx/sites-enabled/
    nginx: [emerg] "server" directive is not allowed here in /etc/nginx/sites-enabled/

  2. Hi, I have same issue as Jon:
    nginx: [emerg] "upstream" directive is not allowed here in /etc/nginx/sites-enabled/

    What to do?

  3. Hi,
    really good guide, my nc is working great.
    But i got a little question. In admin gui i get the message:

    **********Es wurde kein PHP Memory Cache konfiguriert. Konfigurieren Sie zur Erhöhung der Leistungsfähigkeit, soweit verfügbar, einen Memory Cache. Weitere Informationen finden Sie in unserer Dokumentation.**********

    means in english something like:

    ********** php memory cache is not configured. have a look at the manual ******

    I tried my best but failed.
    My configuration:
    'normal' debian 8 installation
    nginx 1.10.3

    Any help would be nice.

    Kind regards


Leave a Comment