A Road Warrior's Companion – Nextcloud II

Previously in this series we’ve looked at configuring a VPS to act as VPN server to keep your internet connection secure when working on untrusted internet connections. Last time, we started configuring Nextcloud on the VPS to perform the task of file, contact and calendar synchronization between your devices.

Configuring Nextcloud

When we finished up last time Nextcloud was ready to configure. To do this you need to be able to access it through the web interface, for which you’ll need to allow access to ports 80 and 443 through your firewall to the web server. There are a few options: you can allow access from everywhere, which will allow you to access Nextcloud from any device. Alternatively, you could only allow access from your server’s IP, meaning you could only access it when you are connected to your VPN. If you only plan to use Nextcloud with your devices that are configured for the VPN then the latter option can increase the security of your files. If you intend to access the files when working from internet cafes, friends’ computers, etc, then you’ll need to do the former. Note that you can change this rule at any time if plans change. To allow access from anywhere use:
sudo iptables -A INPUT -i eth0 -m state –state NEW -p tcp –dport 80 -j ACCEPT
sudo iptables -A INPUT -i eth0 -m state –state NEW -p tcp –dport 443 -j ACCEPT
To only allow access when using your VPN, use the following commands and replace “192.168.1.1” with the IP address of your VPS:
sudo iptables -A INPUT -i eth0 -m state –state NEW -s 192.168.1.1 -p tcp –dport 80 -j ACCEPT
sudo iptables -A INPUT -i eth0 -m state –state NEW -s 192.168.1.1 -p tcp –dport 443 -j ACCEPT
If you are planning to connect from anywhere then it’s recommended that you install an SSL certificate to the server. This will allow communications between your device and the server to be encrypted, helping to protect your information when it is transferred. If you are only using the VPN then this already provides encryption for you, so an SSL certificate is optional. The simplest way to obtain an SSL certificate is to use Let’s Encrypt. This uses a simple tool that creates and installs the SSL certificate for you for free. The downside of this is that your web server needs to be open to the world (or at least the Let’s Encrypt servers) for it to work, and you must have a valid Domain name pointed to your server.
If you choose to go with the Let’s Encrypt option then, you can install the application for getting the certificate with:
sudo apt-get update
sudo apt-get install certbot
Once the install completes, apply for the certificate with:
sudo certbot certonly –webroot -w /var/www/html -d vps.example.com
Note here that you’ll need to change the vps.example.com domain with the domain name pointed at your server. The certbot program will ask some questions that you will need to answer to create your certificate, after which it will inform you of where you certificate has been placed. You’ll need to alter the /etc/apache2/sites-available/default-ssl.conf file, and find the line starting with “#SSLCACertificateFile” and remove the # at the start of the line and replace the rest of the line with the path to your certificate file as given by certbot. For example:
SSLCACertificateFile /etc/letsencrypt/live/vps.example.com/fullchain.pem
Once done, save and exit the file, then enable the SSL with the following command:
sudo a2ensite default-ssl
With that complete, you should now be able to access the web interface to configure Nextcloud. Navigate to your server’s domain name or IP address in a web browser using https. If you chose to only allow access when using the VPN then you’ll need to connect to that first.
You should see the Nextcloud configuration page. It will first ask for a username and password for an administrative user, then for a location to store its files. The default data directory should be fine here. You will then be asked for the username and password for your database which you configured earlier.  Once you have provided this information and clicked on “Finish”, the Nextcloud configuration will complete, and you’ll be taken to a screen which will offer various client tools you can use for your devices to sync to Nextcloud.
There’s a lot that Nextcloud can do for you, as well as addons that can make it even more powerful. I recommend reading the Admin and User manuals found here to get more familiar with Nextcloud and its capabilities.