Nextcloud 22 – SNAP – Ubuntu 20.04.3 LTS – Custom SSL

Today I was tasked to deploy a new NextCloud Server. Now that NextCloud is a built-in option upon installation when installing Ubuntu Server 20.04.3 LTS, I figured I would document some helpful code I spent 2h figuring out to get everything dialed in, including allowing for larger file-transfers, and installing a custom SSL (instead of Lets Encrypt). The process is a bit different than back in Nextcloud v18.

##Core Settings and Files
Main Directory				$SNAP_DATA (/var/snap/nextcloud/current)
Data Directory				$SNAP_COMMON (/var/snap/nextcloud/common/)
SNAP Command List			nextcloud.occ
							snap get nextcloud						
							
Pull Logs					snap logs nextcloud
							snap logs nextcloud.php-fpm
							snap logs nextcloud.mysql
							snap connections nextcloud
							tail -n 30 /var/snap/nextcloud/current/apache/logs/error_log
							tail -f /var/snap/nextcloud/current/logs/apache_errors.log
							tail -f /var/snap/nextcloud/current/logs/nextcloud.log
							tail -f /var/snap/nextcloud/current/logs/nextcloud.log
							
Config Files				nano /var/snap/nextcloud/current/nextcloud/config/config.php
							nano /snap/nextcloud/current/conf/httpd.conf
							nano /snap/nextcloud/current/htdocs/config/config.php

#Check Status
systemctl status snap.nextcloud.apache
nextcloud.occ status
nextcloud.occ app:list
##Configure SNAP NextCloud

#SSL Enable Custom
cd /home
openssl req -new -newkey rsa:2048 -nodes -keyout files.company.com.key -out files.company.com.csr
cat files.company.com.csr

#Download your SSL Files using FileZilla, or wget
cd /home
wget https://your.domain.com/ssl.zip
apt-get unzip
unzip ssl.zip 

#If you are given a ca-bundle file by your SSL provider, instead of a .p7b, you'll need to use the .CRT and .CA-Bundle to convert into a p7b. Search for SSL conversion tools online. .p7b = PKCS #7
#Namecheap's converter: https://decoder.link/converter

#Rename your unzipped files
mv files_domain_com.crt mv files.domain.com.crt
mv files_domain_com.key mv files.domain.com.key
mv files_domain_com.p7b mv files.domain.com.p7b

#Enable HTTPS on SNAP NextCloud
nextcloud.enable-https custom files.company.com.crt files.company.com.key files.company.com.p7b

#In my experience, upon activating HTTPS, I became unable to open the website on HTTP or HTTPS, and I received the error: AH00526: Syntax error on line 101 of /snap/nextcloud/28713/conf/ssl.conf.
#I fixed it by copying the SSL files into the SNAP expected-directory, and restarting Apache2
cp files.domain.com.crt /var/snap/nextcloud/current/certs/live/cert.pem
cp files.domain.com.key /var/snap/nextcloud/current/certs/live/privkey.pem
cp files.domain.com.p7b /var/snap/nextcloud/current/certs/live/chain.pem
sudo snap restart nextcloud.apache

#(Optional) If you mess things up, so when HTTPS is enabled, neither HTTP or HTTPS are listening, run the following
sudo snap nextcloud-disable-https
sudo rm -rf /var/snap/nextcloud/current/certs

#Upgrade from default limits
snap set nextcloud php.memory-limit=4G
snap set nextcloud php.upload-max-filesize=10G
snap set nextcloud php.post-max-size=10G
snap set nextcloud php.max-input-time=3600
snap set nextcloud php.max-execution-time=3600

#Upgrade NextCloud and any NextCloud apps.
nextcloud.occ app:update --all

#Test Security
https://scan.nextcloud.com/

Leave a Reply

Your email address will not be published. Required fields are marked *