Nextcloud on Arch Linux | LEMP | NGINX | MariaDB | PHP7
Branch: master
Clone or download
VfcD edthdrh
Latest commit 9c23c87 Jun 8, 2017
Type Name Latest commit message Commit time
Failed to load latest commit information. edthdrh Jun 8, 2017

Nextcloud on Arch Linux | LEMP | NGINX | MariaDB | PHP7

  1. Setup SD Card with Arch Linux for Raspberry Pi 3

    Replace sdX (f.exp. sdc) in the following instructions with the device name for the SD card as it appears on your computer. check with:


    Start fdisk to partition the SD card:

     fdisk /dev/sdc

    At the fdisk prompt, delete old partitions and create a new one:

     Type o. This will clear out any partitions on the drive.
     Type p to list partitions. There should be no partitions left.
     Type n, then p for primary, 1 for the first partition on the drive,
     	press ENTER to accept the default first sector,
     	then type +100M for the last sector.
     Type t, then c to set the first partition to type W95 FAT32 (LBA).
     Type n, then p for primary, 2 for the second partition on the drive,
     	and then press ENTER twice to accept the default first and last sector.
     Write the partition table and exit by typing w.

    Create and mount the FAT filesystem:

     mkfs.vfat /dev/sdc1
     mkdir boot
     mount /dev/sdc1  boot

    Create and mount the ext4 filesystem:

     mkfs.ext4 /dev/sdc2
     mkdir root
     mount /dev/sdc2 root

    Download and extract the root filesystem (as root, not via sudo):

     bsdtar -xpf ArchLinuxARM-rpi-3-latest.tar.gz -C root

    Move boot files to the first partition:

     mv root/boot/* boot
     Unmount the two partitions:
     umount boot root

    Insert the SD card into the Raspberry Pi, connect ethernet, and apply 5V power.

    Connect with SSH ssh alarm@alarm alarm The default root password is root.

  2. Initial system setup

    Set locales

    Unkcomment in /etc/locale.gen

     nano /etc/locale.gen
     en_US.UTF-8 UTF-8

    generate locales:


    set timezone

     timedatectl set-timezone Europe/Berlin

    Upgrade packages

     pacman -Syu

    Install required packages (expand this list to fit your own preferences)

     pacman -S vim wget unzip

    2.1 1TB USB drive

    Format and Mount 1TB USB drive (assume it is partitioned with 1 partition).

    Replace sdX in the following instructions with the device name for the drive.

    Create mount point

     mkdir /mnt/wddrive

    Format to ext4

     mkfs.ext4 /dev/sdX1

    Show drive UUID and copy it


    Make entry in /etc/fstab edit "HereUUID"

     nano /etc/fstab
     UUID=HereUUID /mnt/wddrive ext4 defaults,noatime 0  0

    Reboot and proof that the drive is mounted

  3. Install Nginx, MariaDB, PHP7 (LEMP) on Arch Linux

    3.1 Nginx


     pacman -S nginx-mainline

    Start and enable service

     systemctl start nginx
     systemctl enable nginx
     systemctl status nginx

    Check if nginx is running, browse to http://serverIP/

    3.2 MariaDB


     pacman -S mariadb

    Initialize the MariaDB data directory prior to starting the service.

     mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql

    Start and enable service

     systemctl start mysqld
     systemctl enable mysqld
     systemctl status mysqld

    Run the post-installation security script.


    3.3 PHP7


     pacman -S php-fpm

    After it’s installed, we need to tell Nginx to run PHP using php-fpm.

     nano /etc/nginx/nginx.conf

    Find the location ~ .php$ section and modify it to the following:

     location ~ \.php$ {
         root           /usr/share/nginx/html;
         fastcgi_pass   unix:/run/php-fpm/php-fpm.sock;
         fastcgi_index  index.php;
         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
         include        fastcgi_params;

    Then start and enable php-fpm

     systemctl start php-fpm
     systemctl enable php-fpm
     systemctl status php-fpm

    Test PHP processing

     echo "<?php phpinfo(); ?>" >> /usr/share/nginx/html/test.php
     systemctl reload nginx

    Browse to http://serverIP/test.php

    Enable extensions

     vim /etc/php/php.ini

    Uncomment the following 2 lines


    Reload php-fpm service

     systemctl reload php-fpm

    if everything is okay. remove test.php

     rm /usr/share/nginx/html/test.php
  4. Install and Setup Nextcloud Server on Arch Linux

    4.1 Install Nextcloud server




     unzip -d /usr/share/nginx/

    Give the NGINX user http write permissions

     chown http:http /usr/share/nginx/nextcloud/ -R
     chown http:http /mnt/wddrive -R

    4.2 NC MariaDB setup

    Log into MariaDB database server

     mysql -u root -p

    Then create a database for Nextcloud.

     create database nextcloud;

    Create the database user. Replace USER and PASSWORD with your preferred values.

     create user USER@localhost identified by 'PASSWORD';

    Grant this user all privileges on the nextcloud database

     grant all privileges on nextcloud.* to USER@localhost identified by 'PASSWORD';

    Flush the privileges table and exit.

     flush privileges;

    Enable Binary Logging in MariaDB

    In /etc/mysql/my.cnf in the [mysql] section, check if the following 2 lines are there

     log-bin        = mysql-bin
     binlog_format  = mixed

    Restart service

     systemctl restart mysqld

    4.3 Nextcloud Nginx setup

    Create a conf.d directory for individual Nginx config files.

     mkdir /etc/nginx/conf.d

    Create a config file for Nextcloud.

     vim /etc/nginx/conf.d/nextcloud.conf

    Put the following text into the file: Replace the correct value for the server_name attribute.

     upstream php-handler {
     server unix:/run/php-fpm/php-fpm.sock;
     server {
     listen 80;
     # Add headers to serve security related headers
     add_header X-Content-Type-Options nosniff;
     add_header X-Frame-Options "SAMEORIGIN";
     add_header X-XSS-Protection "1; mode=block";
     add_header X-Robots-Tag none;
     add_header X-Download-Options noopen;
     add_header X-Permitted-Cross-Domain-Policies none;
     # Path to the root of your installation
     root /usr/share/nginx/nextcloud/;
     location = /robots.txt {
       allow all;
       log_not_found off;
       access_log off;
     # The following 2 rules are only needed for the user_webfinger app.
     # Uncomment it if you're planning to use this app.
     #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
     #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
     # last;
     location = /.well-known/carddav {
       return 301 $scheme://$host/remote.php/dav;
     location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
     location ~ /.well-known/acme-challenge {
       allow all;
     # set max upload size
     client_max_body_size 512M;
     fastcgi_buffers 64 4K;
     # Disable gzip to avoid the removal of the ETag header
     gzip off;
     # Uncomment if your server is build with the ngx_pagespeed module
     # This module is currently not supported.
     #pagespeed off;
     error_page 403 /core/templates/403.php;
     error_page 404 /core/templates/404.php;
     location / {
        rewrite ^ /index.php$uri;
     location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
     location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
     location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
     location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
     # Adding the cache control header for js and css files
     # Make sure it is BELOW the PHP block
     location ~* \.(?:css|js)$ {
       try_files $uri /index.php$uri$is_args$args;
       add_header Cache-Control "public, max-age=7200";
       # Add headers to serve security related headers (It is intended to
       # have those duplicated to the ones above)        
       add_header X-Content-Type-Options nosniff;
       add_header X-Frame-Options "SAMEORIGIN";
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
       add_header X-Permitted-Cross-Domain-Policies none;
       # Optional: Don't log access to assets
       access_log off;
        location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
       try_files $uri /index.php$uri$is_args$args;
       # Optional: Don't log access to other assets
       access_log off;

    edit /etc/nginx/nginx.conf file.

     nano /etc/nginx/nginx.conf

    Add the following line in the http section so that individual Nginx config files will be loaded.

     include /etc/nginx/conf.d/*.conf;

    Reload service

     systemctl reload nginx
  5. NC install PHP modules


     pacman -S php-gd

    Uncomment the following line in /etc/php/php.ini to enable the module

     nano etc/php/php.ini

    Reload service

     systemctl reload php-fpm

    Now visit serverIP and create a Nextcloud admin, select data path (We recommend to set this path to extern filesystem i.ex. extern hdd), log in with database credentials we've created. here an example:

     admin account
     Data folder
     Configure the database

    I got a timeout here. 504 bad gateway. reload page. reload the page, log in and wait...

  6. Nextcloud post installation setup

    6.1 Set PHP environment variables properly

    Uncomment in /etc/php/php-fpm.d/www.conf the following lines

     nano /etc/php/php-fpm.d/www.conf
     ;env[PATH] = /usr/local/bin:/usr/bin:/bin
     ;env[TMP] = /tmp
     ;env[TMPDIR] = /tmp
     ;env[TEMP] = /tmp

    Reload php-fpm service

     systemctl reload php-fpm

    6.2 HTTP header X-Frame-Options "SAMEORIGIN". (Double set header fields issue).

    In file /etc/nginx/conf.d/nextcloud.conf

     # add_header X-Content-Type-Options nosniff;
     # add_header X-Frame-Options "SAMEORIGIN";

    6.3 PHP Caching

    Install the php-apcu package.

     pacman -S php-apcu

    Uncomment in /etc/php/php.ini

     nano /etc/php/php.ini

    Add in /etc/php/php.ini

    Add in /usr/share/nginx/nextcloud/config/config.php

     nano /usr/share/nginx/nextcloud/config/config.php
     'memcache.local' => '\OC\Memcache\APCu',

    Restart services

     systemctl restart php-fpm
     systemctl restart nginx

    6.4 Use CRON


     pacman -S cronie

    Add crontab entry // ATTENTION!!! vi will open as default editor

     crontab -u http -e
     */15  *  *  *  * php -f /usr/share/nginx/nextcloud/cron.php

    Start and enable service

     systemctl start cronie.service
     systemctl enable cronie.service

    Set CRON radio button at Nextcloud Admin page

    6.5 Uploading files up to 16GB

    In /usr/share/nginx/nextcloud/.user.ini

     upload_max_filesize = 16G
     post_max_size = 16G

    In /etc/php/php.ini

     post_max_size = 16G
     upload_max_filesize = 16G
     max_input_time = 3600
     max_execution_time = 3600
     output_buffering = Off
     upload_tmp_dir = /mnt/wddrive/upload_tmp_dir

    In /etc/nginx/conf.d/nextcloud.conf

     client_max_body_size 16G;

    In /etc/nginx/nginx.conf

     client_body_temp_path /mnt/wddrive/upload_tmp_dir;

    In /etc/nginx/nginx.conf add to PHP location block

     fastcgi_read_timeout 600;

    Restart services

     systemctl restart nginx
     systemctl restart php-fpm

    Create upload_tmp_dir on a place with enough free space and set write permission

     mkdir /mnt/wddrive/upload_tmp_dir
     chown http:http /mnt/wddrive/upload_tmp_dir/ -R
  1. Dynamic DNS with spdns

Get a domain from	

Create a update Token (used in /etc/spdnsu.conf in following steps)

Install base-devel

pacman -S base-devel	

Download update client


tar -zxvf spdnsUpdater_src.tar.gz	

Compile the .c file

gcc spdnsUpdater.c -o spdnsu		

"Install on pi"

mv spdnsu.conf /etc/		
mkdir updater		
mv spdnsu updater/		
chmod u+x updater/spdnsu		
chown -R alarm:alarm /home/alarm/updater/
rm spdnsUpdater.c spdnsUpdater_src.tar.gz	

Edit the spdnsu.conf file

nano /etc/spdnsu.conf	

Example entry, replace <Host> with your domain, <User> with your spdyn user, <Token> with your update token

updateHost =		
host = <Host>		
user = <User>		
pwd  = <Token>		
isToken = 1	


cat /tmp/spdnsuIP.cnf	

Add spdns updater to crontab

crontab -u alarm -e			
*/10 * * * * /home/alarm/updater/spdnsu
  1. Mass data copy from external drive

Make sure that NC desktop client is OFF.

Mount external drive and copy your data to the /<nextcloud-repo>/<user>/files/directory

rsync -Aax /mnt/wdbackup/ /mnt/wddrive/<user>/files/	

Note that the files are not visible for Nextcloud at the moment.

Change owner of the directory

chown -R http:http /mnt/wddrive/<user>/files/<dir>	

Run the following command and make files visible to Nextcloud

sudo -u http php /usr/share/nginx/nextcloud/console.php files:scan --all

Note that the Nextcloud desktop client should not resync (or transfer files) because you copied your data from destop sync folder to the Nextcloud user sync folder manually. In our test case different file systems (NTFS on desktop, EXT4 on Nextcloud) was NOT a problem.

reach me via derbarti gmail com