How to Install Nextcloud on Ubuntu (with Cloudflare or Any Reverse Proxy Handling HTTPS)
- Josue Valentin
- Oct 10
- 3 min read
Nextcloud is a powerful self-hosted file platform that runs best on Ubuntu. This guide covers a complete installation using Apache, MariaDB, and PHP — with HTTPS managed externally (for example, through Cloudflare, and Nginx proxy, or a load balancer).
1. System Preparation
sudo apt update && sudo apt upgrade -y
sudo apt install apache2 mariadb-server libapache2-mod-php \
php php-cli php-mysql php-gd php-xml php-curl php-zip php-mbstring php-intl php-bcmath php-imagick unzip curl -y
sudo a2enmod rewrite headers env dir mime
sudo systemctl restart apache2
2. Create the Nextcloud Database and User
Connect to MariaDB:
sudo mariadb
Inside the MariaDB shell:
CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
CREATE USER 'nextcloud_user'@'localhost' IDENTIFIED BY 'StrongPassword123!';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;
3. Download and Extract Nextcloud
cd /var/www
sudo wget https://download.nextcloud.com/server/releases/latest.zip
sudo unzip latest.zip
sudo chown -R www-data:www-data /var/www/nextcloud
sudo chmod -R 750 /var/www/nextcloud
Make sure you do not end up with /var/www/nextcloud/nextcloud.If that happens, move the contents up one level.
4. Configure Apache
Create the virtual host file:
sudo nano /etc/apache2/sites-available/nextcloud.conf
Paste:
ServerSignature Off
ServerTokens Prod
<VirtualHost *:80>
ServerName cloud.example.com
DocumentRoot /var/www/nextcloud
<Directory /var/www/nextcloud>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
</Directory>
ErrorLog ${APACHE_LOG_DIR}/nextcloud_error.log
CustomLog ${APACHE_LOG_DIR}/nextcloud_access.log combined
</VirtualHost>
Enable the site and disable the default:
sudo a2ensite nextcloud.conf
sudo a2dissite 000-default.conf
sudo apache2ctl configtest && sudo systemctl reload apache2
5. Configure External HTTPS (Cloudflare, Reverse Proxy, or Load Balancer)
If another service terminates SSL:
Keep Apache on plain HTTP (port 80).
In your proxy or Cloudflare panel, point cloud.example.com to your server IP.
Enable “Always Use HTTPS” and “Automatic HTTPS Rewrites” in Cloudflare (or equivalent settings in your reverse proxy).
Your origin server remains HTTP; the proxy handles encryption.
6. Run the Web Installer
Open in a browser:
Fill in:
Field | Value |
Admin username | choose your admin name |
Admin password | choose a strong password |
Data folder | /var/www/nextcloud/data |
Database user | nextcloud_user |
Database password | StrongPassword123! |
Database name | nextcloud |
Database host |
Click Finish Setup.
7. Fix Permissions
sudo chown -R www-data:www-data /var/www/nextcloud
sudo find /var/www/nextcloud -type d -exec chmod 750 {} \;
sudo find /var/www/nextcloud -type f -exec chmod 640 {} \;
8. Enable Cron Jobs
sudo crontab -u www-data -e
Add:
*/5 * * * * php -f /var/www/nextcloud/cron.php
This keeps background tasks running automatically.
9. Hardening and Clean-Up
Hide PHP version
Edit /etc/php/*/apache2/php.ini:
expose_php = Off
Add Security Headers
cat <<'EOF' | sudo tee /etc/apache2/conf-available/security-headers.conf
<IfModule mod_headers.c>
Header always unset X-Powered-By
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "no-referrer-when-downgrade"
</IfModule>
EOF
sudo a2enmod headers
sudo a2enconf security-headers
sudo systemctl reload apache2
10. Common Mistakes to Avoid
Problem | Cause | Fix |
Apache shows “It works!” page | Default site still enabled | Disable 000-default.conf |
Error enabling nextcloud-ssl.conf | File doesn’t exist | Cloudflare handles SSL; no local SSL file needed |
“Access denied for user” | Wrong DB credentials or user not granted | Recreate user via sudo mariadb |
Duplicate <VirtualHost> | Copied twice | Keep only one block per file |
Installer blocked by popup login | Basic Auth leftover | Remove <LocationMatch> section |
11. Verification
sudo apache2ctl configtest
sudo systemctl reload apache2
Then visit your domain — the Nextcloud dashboard should load correctly through HTTPS (handled by Cloudflare).
Summary
You now have a full Nextcloud setup on Ubuntu using Apache, PHP, and MariaDB.Key takeaways:
Always test Apache with apache2ctl configtest before reloading.
Manage HTTPS through Cloudflare or your reverse proxy; don’t mix local SSL configs unless needed.
Rotate passwords and keep database access restricted to localhost.
Use cron and secure headers for performance and protection.
This clean approach avoids all the typical installation pitfalls while staying compatible with Cloudflare, Nginx proxies, and standard enterprise hardening.
Comments