Setting up Nextcloud on a VPS: Security & Performance for Small Organizations

Learn how to manually install Nextcloud on your VPS, optimally secure it, and configure it for performance for small teams. Includes hardening tips and backup strategy.

nextcloudvpssecurityperformanceguide

Why Nextcloud on Your Own VPS?

For small organizations, Nextcloud is the ideal solution for sharing, synchronizing, and collaboratively editing files – without dependence on external cloud providers. Your own VPS gives you full control over security and performance. In this guide, we show you step by step how to set up, secure, and optimize Nextcloud on a VPS.

Prerequisites

You need a VPS with at least 2 GB RAM and a Linux distribution (e.g., Ubuntu 22.04 LTS). You should also have SSH access and basic Linux knowledge.

Step 1: Basic Installation of Nextcloud

First, install a LAMP stack (Linux, Apache, MySQL, PHP). Run the following commands:

  • sudo apt update && sudo apt upgrade -y
  • sudo apt install apache2 mariadb-server php php-mysql libapache2-mod-php php-gd php-json php-curl php-mbstring php-intl php-imagick php-xml php-zip php-bcmath php-gmp -y

Then download and extract Nextcloud:

  • cd /var/www/
  • sudo wget https://download.nextcloud.com/server/releases/latest.tar.bz2
  • sudo tar -xjf latest.tar.bz2

Set up the database:

  • sudo mysql -u root -p
  • CREATE DATABASE nextcloud;
  • CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'YourStrongPassword';
  • GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
  • FLUSH PRIVILEGES;

Configure Apache with a custom VirtualHost file and enable HTTPS with Let's Encrypt.

Step 2: Security Hardening

2.1 Firewall and Fail2Ban

Set up UFW and allow only SSH, HTTP, and HTTPS. Install Fail2Ban to block brute-force attacks:

  • sudo ufw allow 22/tcp
  • sudo ufw allow 80/tcp
  • sudo ufw allow 443/tcp
  • sudo ufw enable
  • sudo apt install fail2ban -y

Create a copy of the jail configuration for Nextcloud.

2.2 Hardening the Nextcloud Configuration

Edit the config.php and add the following settings:

  • 'overwrite.cli.url' => 'https://your-domain.de',
  • 'trusted_domains' => array (0 => 'your-domain.de'),
  • 'default_phone_region' => 'DE',
  • 'log_type' => 'file',
  • 'logfile' => '/var/log/nextcloud.log',

Enable two-factor authentication via the Nextcloud apps.

2.3 Regular Updates

Keep Nextcloud and the system up to date. Use a script for automatic updates or perform them manually.

Step 3: Performance Optimization

3.1 Caching with Redis

Redis significantly improves performance. Install and configure it:

  • sudo apt install redis-server php-redis -y
  • Add to config.php: 'memcache.local' => '\OC\Memcache\Redis', and 'redis' => array ('host' => 'localhost', 'port' => 6379),

3.2 PHP Optimization

Increase the PHP memory limit and execution time in the php.ini:

  • memory_limit = 512M
  • max_execution_time = 3600

Enable PHP OPcache for better performance.

3.3 Database Optimization

Use MariaDB and optimize the configuration for Nextcloud. Add to /etc/mysql/mariadb.conf.d/50-server.cnf:

  • innodb_buffer_pool_size = 1G (with 2 GB RAM)
  • innodb_log_file_size = 256M

Step 4: Backup Strategy

Regularly back up the database and the Nextcloud directory. Create a script that makes a daily backup and transfers it to external storage. Example for a cron job:

  • 0 2 * * * /usr/bin/mysqldump -u nextcloud -p'YourPassword' nextcloud > /backup/nextcloud-db.sql
  • 0 3 * * * rsync -a /var/www/nextcloud/ /backup/nextcloud-files/

Conclusion

With this guide, you have set up a secure and performant Nextcloud instance on your VPS. For operation, we recommend using our VPS, which are specifically optimized for such applications. If you have questions, our support team will be happy to help.