1. Update the System
sudo apt update && sudo apt upgrade -y
2. Install Apache, MariaDB, PHP and Extensions
sudo apt install -y apache2 mariadb-server libapache2-mod-php \
php php-mysql php-gd php-curl php-xml php-zip php-mbstring php-bz2 \
php-intl php-gmp php-imagick unzip wget -y
3. Create Database and User
sudo mysql -u root
Inside MariaDB:
CREATE DATABASE nextcloud;
CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'yourPassword';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost';
FLUSH PRIVILEGES;
EXIT;
4. Download and Install Nextcloud
cd /tmp
wget https://download.nextcloud.com/server/releases/latest.zip
unzip latest.zip
sudo mv nextcloud /var/www/
sudo chown -R www-data:www-data /var/www/nextcloud
5. Configure Apache
5.1 HTTP → HTTPS Redirect (Port 80)
This avoids the issue where Apache’s default page shows up or ZeroTier IP access fails.
Create a global redirect config:
sudo tee /etc/apache2/sites-available/nextcloud-http.conf >/dev/null <<'EOF'
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
EOF
sudo a2enmod rewrite
sudo a2ensite nextcloud-http.conf
5.2 HTTPS VirtualHost
sudo nano /etc/apache2/sites-available/nextcloud-ssl.conf
Example content (replace with your real IP/domain):
<VirtualHost *:443>
ServerName 192.168.xx.xx
ServerAlias 192.168.yy.yy
DocumentRoot /var/www/nextcloud
<Directory /var/www/nextcloud>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/nextcloud/nextcloud-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/nextcloud/nextcloud-selfsigned.key
ErrorLog ${APACHE_LOG_DIR}/nextcloud_ssl_error.log
CustomLog ${APACHE_LOG_DIR}/nextcloud_ssl_access.log combined
</VirtualHost>
6. Generate a Self-Signed SSL Certificate
sudo mkdir -p /etc/ssl/nextcloud
cd /etc/ssl/nextcloud
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout nextcloud-selfsigned.key \
-out nextcloud-selfsigned.crt
Tip: For Common Name (CN) enter the IP or domain you plan to use.
If you need to support multiple IPs (LAN + ZeroTier), generate a SAN certificate.
7. Enable Modules and Sites
sudo a2enmod ssl headers env dir mime
sudo a2ensite nextcloud-ssl.conf
sudo systemctl reload apache2
8. Configure Firewall (if UFW is enabled)
sudo ufw allow 80
sudo ufw allow 443
9. Finish Nextcloud Setup
9.1 Access the Installer
Open in browser:
https://192.168.xx.xx
https://192.168.yy.yy (ZeroTier IP)
Both should now work.
9.2 Fill in Setup Details
- Admin username & password
- Data folder (recommended:
/var/nextcloud-data, not a VMware hgfs share) - Database user:
nextclouduser - Database password: the strong password you set earlier
- Database name:
nextcloud
9.3 Fix Data Directory Permissions
If on a native Linux disk:
sudo mkdir -p /var/nextcloud-data
sudo chown -R www-data:www-data /var/nextcloud-data
sudo chmod -R 770 /var/nextcloud-data
If on VMware hgfs/Windows share, chmod won’t work → add to config.php:
'check_data_directory_permissions' => false,
9.4 Configure Trusted Domains
Edit:
sudo nano /var/www/nextcloud/config/config.php
Add your LAN and ZeroTier IPs:
'trusted_domains' =>
array (
0 => 'localhost',
1 => '192.168.xx.xx',
2 => '192.168.yy.yy',
),
This prevents the “Access through untrusted domain” error.
10. Client Notes
In the Nextcloud mobile app:
- Yes → delete file on server and all synced devices.
- Remove locally → only delete the local copy, file remains on the server.
📌 Key Takeaways
- Default Apache page issue → solved by disabling
000-default.confor global 80→443 redirect. - ZeroTier IP access issue → solved by adding
ServerAliasand global redirect. - Data directory permission issue → solved by correct
770on native disk or disabling check in config. - Untrusted domain error → solved by adding all used IPs/domains into
trusted_domains. - HTTPS → self-signed is fine for testing; for production, use Let’s Encrypt.
KAGAYA's Blog 