Configure Nextcloud snap
The only thing we recommend you do up front is enable HTTPS. Nextcloud snap includes a service for automated HTTPS encryption and automated renewal using Lets Encrypt, or self-signed certificates. Run nextcloud.enable-https -h for more information.
Enable Lets Encrypt in Nextcloud snap:
- issue command in host shell
sudo nextcloud.enable-https lets-encryptEnter email address and domain/subdomain to get your SSL certificate.
Tip
Read the resulting response carefully and ensure the requirements are met.
Important
Let's Encrypt will expect that Nextcloud is exposed on ports 80 and 443. If you change ports and don't put Nextcloud behind a reverse proxy such that ports 80 and 443 are sent to Nextcloud for that domain name, Let's Encrypt will be unable to verify ownership of your domain and will not grant certificates.
Self-signed certificate is easier to setup than Let's Encrypt certificates, but will cause warnings in browsers and due to being very basic won't work with some applications.
- Managing encryption
- HTTP/HTTPS port configuration
- Reverse proxy configuration
- Hosts & FQDN configuration
The interface providing the ability to access removable media is not automatically connected upon install, so if you'd like to use external storage (or otherwise use a device in /media or /mnt for data), you need to give the snap permission to access removable media by connecting that interface:
- issue command in host shell
sudo snap connect nextcloud:removable-mediaNote
Removable media can be any device (e.g. external-disk-partition, NFS-network mount, SSHFS-network mount etc.).
The device should be available at system boot and mounted by /etc/fstab.
Tip
Ensure USB-boot is disabled in BIOS or use the --nofail option in /etc/fstab for headless boot (i.e. server install), especially when connecting an external USB-device.
Tip
Create a dedicated directory in /media/MYDIRECTORY/ or /mnt/MYDIRECTORY/ mounting the dedicated directory in /etc/fstab instead of Ubuntu's "automount" /media/$USER/DEVICE/ directory.
Important
Removable media must be mounted to either /media or /mnt as root with root permissions and connected to Snap!
The System application requires a bit more access to the system than the snap uses by default (e.g. the ability to monitor network hardware, etc.). If you'd like to utilize those features, you'll need to connect the interface that allows that kind of access:
- issue command in host shell
sudo snap connect nextcloud:network-observeBy default, PHP will use 128M as the memory limit. If you notice images not getting previews generated, or errors about memory exhaustion in your Nextcloud log, you may need to set this to a higher value.
If you'd like to set the memory limit to a higher value (say, 512M), run:
sudo snap set nextcloud php.memory-limit=512M
To set it to be unlimited (not recommended), use -1:
sudo snap set nextcloud php.memory-limit=-1
Nextcloud from 30.0.x recommends a 5 Minute cron interval:
By default the cronjob interval is 5 minutes.
To adjust it (to 5 minutes) simply run:
$ sudo snap set nextcloud nextcloud.cron-interval=5m
To adjust it (to 10 minutes) run:
$ sudo snap set nextcloud nextcloud.cron-interval=10m
If you want to disable the cronjob completely, run:
$ sudo snap set nextcloud nextcloud.cron-interval=-1
To reenable it again simply set the nextcloud.cron-interval snap variable to a value that isn't -1
By default, the snap does not enable HTTP compression. HTTP compression may improve site response where bandwidth and device resources are limited.
To enable it, run:
sudo snap set nextcloud http.compression=true
To disable it, run:
sudo snap set nextcloud http.compression=false
By default, Nextcloud snap will accept HTTP requests addressed to localhost from the server itself. But when you're setting things up on a remote or virtual server (like an AWS EC2 instance) you’ll need to tell Nextcloud to expect remote browser requests made to your IP address or domain name. Note how you assign a separate ID number (iterating values 0, 1, 2...) for each domain. See multiple trusted domains for config.php configuration options
Set trusted domains (iterating values 0, 1, 2...):
sudo nextcloud.occ config:system:set trusted_domains 0 --value="cloud.yourdomain.com"
sudo nextcloud.occ config:system:set trusted_domains 1 --value="cloud.yourseconddomain.com"
sudo nextcloud.occ config:system:set trusted_domains 2 --value="cloud.yourotherdomain.com"
When you're running Nextcloud snap behind a proxy the snap needs to know about the proxy. Add reverse proxy to trusted proxies. See Nextcloud reverse proxy documentation.
Set trusted proxies (iterating values 0, 1, 2...):
sudo nextcloud.occ config:system:set trusted_proxies 0 --value="your.reverse.proxy.ip"
sudo nextcloud.occ config:system:set trusted_proxies 1 --value="your.other.proxy.ip"
sudo nextcloud.occ config:system:set trusted_proxies 2 --value="another.reverse.proxy.ip"
See configure Collabora Online - Built-in CODE Server and Nextcloud office on Nextcloud snap