This is going to be an extensive guide to install Nextcloud and WordPress with the latest software on a Raspberry Pi. I used /var/www/ as root directory for the server and WordPress. Nextcloud will be installed in a sub folder.
INFORMATION:
I did my best to exclude errors and to make it secure. But i also can make errors, so don’t make me responsible if something doesn’t work right. If you have hints, how i can improve something, let me know 🙂
Content:
- Reachable from the Internet: Domain with Dynamic DNS (DDNS)
- Set up the Raspberry: Install Raspian Lite
- Unblocking Ports: HTTP, HTTPs and SSH
- Updating the installation
- Install packages nginx, php, mariaDB, fail2ban and more
- Create databases
- Let‘s Encrypt: Install Certbot, get a certificate and set up renewal
- Adjust some configuration files
- Installing Nextcloud and WordPress
- Start the sites for the first time
- Apps for Nextcloud
- Links
1. Reachable from the Internet: Domain with Dynamic DNS (DDNS)
We need a domain with DDNS support, to get our webserver reachable from the internet. DDNS is being used to let the domain point to the current IP adress of the router. Not every DDNS provider can be used with Let’s Encrypt. I bought a domain at strato.de and activated DDNS. You need a client which sends current IP adress to the provider. My router has a build in function for that, where i just have to select the provider and type in the login data. If your router doesn’t have such a function, you can install a client on the Raspberry which will do that.
2. Set up the Raspberry: Install Raspian Lite
We need a SD card so fast as possible to install the operating system. I chose Raspian Lite from the official Internet site.
- Download Raspian Lite from here.
- Write the image to the sd card: Right click on the image → gnerate bootable usb stick → choose the SD card → confirm (if this doesn’t work, use another program)
- Insert the SD card in the Raspberry, connect it with a display and a keyboard and connect the power supply.
A lot of text is being shown on the display and after some time you have to login. Standard login is User=pi Password=raspberry. Now we enable SSH and set some other settings so we can access the Raspberry from another computer for the further guide. Now type in sudo raspi-config and set the following settings:
- Change User Password (choose a new password for the login)
- Expand Filesystem
- Boot Options → Console Autologin
- Advanced Options → Memory Split → 16
- Advanced Options → SSH →enabled
Now we can exit the menu and shutdown the Raspberry with sudo shutdown -h now and connect it with the network while placing it for example under the router in a drawer. The following work will be done over SSH from a computer.
3. Unblocking Ports: HTTP, HTTPs and SSH
The next step is to unblock ports in the router. We need to unblock Port 80 for HTTP and Port 443 for HTTPs. If you want to access the Raspberry over SSH from the Internet, you also need to unblock Port 22. The target for the unblocked Ports is the Raspberry Pi.
4. Updating the installation
On the computer we open a terminal (on Windows PC’s we need to use PuTTY) and enter ssh pi@localIPadressOfTheRaspberry and enter the password which we set earlier. Now the shell of the Raspberry will be shown. Alternatively ssh pi@domainadress should work, because we unblocked the port for it. We will install fail2ban soon, to make Brute-force attacks more difficult.
On the Raspberry, we update the system first. You need to acknowledge some parts of it. This could take a while.
sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
Now we add www-data as a new user for the system:
sudo usermod -a -G www-data www-data
The language settings produce a locale error, but it can be ignored.
5. Install packages nginx, php, mariaDB, fail2ban and more
We install the needed packages. But PHP7.0 is not in the standard package sources, so we need to add it. Open the list:
sudo nano /etc/apt/sources.list
And insert at the end in a new line this. Save with CTRL+O and close with CTRL+X
deb http://repozytorium.mati75.eu/raspbian jessie-backports main contrib non-free
Add the key for it so apt-get doesn’t show errors:
sudo gpg --keyserver pgpkeys.mit.edu --recv-key CCD91D6111A06851
sudo gpg --armor --export CCD91D6111A06851 | sudo apt-key add -
Afterwards update the list:
sudo apt-get update
And now we finally install the packages. This could take a while. You will be asked for a password for MariaDB. Remember it, because we need it later.
sudo apt-get install nginx curl libapr1 libtool memcached varnish fail2ban php7.0-fpm php7.0-mysql php7.0-common php7.0-gd php7.0-json php7.0-cli php7.0-curl php7.0-xml php7.0-zip php7.0-mbstring php5-apcu mariadb-server mariadb-client
If there are problems about php7.0-gd, you need to install a newer version for libgd3 and libwebp5 through the Jessie backports:
sudo apt-get -t jessie-backports install libgd3 libwebp5Then you should be able to install php7.0-gd in the following way:
sudo apt-get install php7.0-gdAfter the installation secure MariaDB
sudo mysql_secure_installation
Answer the questions with n,y,n,y,y.
6. Create databases
Now we create the databases for our web services. We change to the MySQL root shell. Use the password you entered for MariaDB. Replace the “SecurePasswords” with real secure passwords and remember then, because we need them later.
sudo mysql -u root -p
and enter:
CREATE DATABASE nextcloud;
CREATE DATABASE wordpress;
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'SecureNextcloudPassword';
CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'SecureWordpressPassword';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost';
FLUSH PRIVILEGES;
exit
7. Let‘s Encrypt: Install Certbot, get a certificate and set up renewal
To secure the connection to the website we install Certbot from Let‘s Encrypt. The manual can also be found here. I install Certbot in a folder under /etc/. So generate the folder and switch to it:
sudo mkdir /etc/certbot && cd /etc/certbot
Now download the script and make it executeable
sudo wget https://dl.eff.org/certbot-auto
sudo chmod a+x certbot-auto
We need to configure the NGINX config first:
sudo nano /etc/nginx/sites-available/default
There we change the root path to a new path. I will use /var/www. So cange it to root /var/www/; server_name has also to be changed to this server_name yourDomain.com; Then save it and apply the changes with:
sudo service nginx reload
Finally we request a new certificate through webroot, so the server doesn’t need to be shut down. Change yourDomain.com to your domain, obviously. It has to appear one time with www. in front of it and one time without to prevent certificate issues. You will also be asked to enter an e-mail address.
/etc/certbot/certbot-auto certonly --webroot -w /var/www/ -d yourDomain.com -d www.yourDomain.com
There will be installed a lot of new packages, which can take a long time. Afterwards you see a message with the generated certificates. They are stored under /etc/letsencrypt/live/deineDomain.de/. Now test the automatic renewal. The certificates are valid for just 90 days, so the automatic renewal with a cronjob is important:
/etc/certbot/certbot-auto renew --dry-run
If it went well set the cronjob, which will be run twice a day. This seems to often, but it’s recommended.
crontab -e
You will be asked to select an editor. I chose nano for it. Now add in a new line at the end this text. Change the X to a number between 0 and 59, so it runs on a random minute:
X */12 * * * /etc/certbot/certbot-auto renew --quiet --no-self-upgrade
8. Adjust some configuration files
It is very important to change the NGINX configuration to enable a secure connection. I put the configuration for WordPress and Nextcloud in other files, so it is more clear. The content of the files are shown in seperate text files, so this guide is a bit shorter. I also tried to make the Connection as secure as possible and it gets good ratings on SSL test sites.
I used this site for the Nextcloud part and this site for the WordPress part.
Before we start, we save the NGINX configuration file.
sudo mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default_old
Then we create a new config file and fill it with this content. Change the path to the domain and keys according to you choice.
sudo nano /etc/nginx/sites-available/default
We create a folder for the other configuration files. (You can also choose another name, of course)
sudo mkdir /etc/nginx/global
Create file wordpress.conf and fill it with this content.
sudo nano /etc/nginx/global/wordpress.conf
Now create nextcloud.conf and fill it with this content.
sudo nano /etc/nginx/global/nextcloud.conf
The PHP configuration has to be adjusted at some parts, so open it with:
sudo nano /etc/php/7.0/fpm/php.ini
And search with CTRL+W the following lines:
upload_max_filesize = 2M
post_max_size = 8M
;cgi.fix_pathinfo=1
and replace them with these lines (On the last line, only remove the semicolon)
upload_max_filesize = 2G
post_max_size = 2G
cgi.fix_pathinfo=1
We open the www.conf:
sudo nano /etc/php/7.0/fpm/pool.d/www.conf
and change
listen = /run/php/php7.0-fpm.sock
to:
listen = 127.0.0.1:9000
We also search these lines and remove the semicolon at the beginning.
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
increase the swap size in addition:
sudo nano /etc/dphys-swapfile
and replace
CONF_SWAPSIZE=100
with:
CONF_SWAPSIZE=512
Now restart the Raspberry Pi to apply the changes. After this you need to login to it again.
sudo reboot
9. Installing Nextcloud and WordPress
We download Nextcloud and place it in /var/www/nextcloud/. If there is a newer version than 10.0.0 change the lines according to it.
cd /var/www
sudo wget https://download.nextcloud.com/server/releases/nextcloud-10.0.0.zip
sudo unzip nextcloud-10.0.0.zip
sudo rm nextcloud-10.0.0.zip
Now download WordPress and place it in /var/www/
sudo wget https://de.wordpress.org/latest-de_DE.zip
sudo unzip latest-de_DE.zip
sudo mv wordpress/* ./
sudo rm latest-de_DE.zip
sudo rm -R wordpress/
Then change the Write permissions:
sudo chown -R www-data:www-data /var/www
10. Start the sites for the first time
Now we need to open the websites with a computer to make the first configurations. We use the database names, users and passwords which we created under Point 6.
Nextcloud: Open www.yourDomain.com/nextcloud in the browser.
Create a user account and choose a data directory. I have a USB Stick under /media/pi/usbstick and use it for that. But you can also use the default value. Database user and name are both nextcloud and use the password you chose before. Now click on Finish to get to the file view. I had the problem that I got a Gateway timeout after some waiting. But just reloading the page did help. On the admin panel of Nextcloud change Cron from Ajax to system cron. We also see a PHP Memory Cache error. So type the following in the Raspberry Shell to correct it:
sudo apt-get install php5-apcu
This “php5” is correct for this package. Now edit the nextcloud config file:
sudo nano /var/www/nextcloud/config/config.php
and add in front of the last line:
'memcache.local' => '\OC\Memcache\APCu',
Now reload the page. If this didn’t work, just remove the memcache.local line. We need to also set up a cronjob for Nextcloud:
sudo crontab -u www-data -e
After choosing an editor again, add these lines to the file:
*/15 * * * * php -f /var/www/nextcloud/cron.php
WordPress: Open www.yourDomain.com in the browser.
You just have to change the database username to wordpress and enter your password. Everything else stays like that. Also create a user for your blog and thats it! Now you can login and get directly to the admin area.
11. Apps for Nextcloud
For the automatic synchronization of your data with Nextcloud, you can use a matching client on the PC. Windows und Mac Clients can be found here. For Linux, Nextcloud only offer the source files but you can also use the older Owncloud clients from here.
There are also Nextcloud Apps for IOS and Android (for Android also on the F-Droid Store). if you use the contacts and calendar apps on Nextcloud, you can also sync them with Android using Davdroid.
12. Links
- Raspian Release 2016-05-27 → https://www.raspberrypi.org/downloads/raspbian/
- Nextcloud Website → https://nextcloud.com/install/
- WordPress Website → https://de.wordpress.org/
- Let‘s Encrypt Certbot → https://certbot.eff.org/#debianwheezy-nginx