Last year, due to a client’s data privacy policies, we had to pull all their files from international cloud services. This situation once again highlighted how critical it is to have full control over our own data. So, I decided to abandon third-party solutions like Google Drive for my personal use and some side projects, and instead set up my own cloud with Nextcloud.
Setting up your own cloud system is a powerful alternative to gain full control over your data, save on the costs of commercial services over time, and protect your privacy. In this guide, I will explain the fundamental architectural choices and practical steps you need to know before successfully installing Nextcloud, based on my own experiences.
Why Did I Need to Set Up My Own Cloud?
For years, I used commercial cloud services like Google Drive and Dropbox for both personal and work projects. While their initial convenience and zero management overhead were appealing, over time, certain limitations and cost factors pushed me to seek my own solution. Especially for some financial calculators in a side product of mine, keeping the collected data on commercial clouds began to feel risky, both in terms of KVKK (Personal Data Protection Law) and my internal audits.
Commercial cloud services often present disadvantages such as specific file size limits, API usage restrictions, and rising subscription fees with increasing storage needs. For example, at one point, while managing hundreds of GBs of log files from clients, I ran into Google Drive’s daily upload limits. This severely disrupted my workflow and forced me to find a more flexible, controllable solution. It was at this point that Nextcloud’s open-source nature and the extensive control it offered convinced me.
What You Need to Know Before Starting Nextcloud Installation
While Nextcloud installation is not technically very complex, making the right fundamental architectural choices is critical for a successful and stable system. In my first attempt, I installed it on an old Raspberry Pi I had, but I quickly gave up due to insufficient performance and disk I/O issues. Therefore, paying attention to hardware and software infrastructure choices is essential.
First, you need to determine the server where Nextcloud will run. This could be a VPS (Virtual Private Server), an old computer at home, or a dedicated server. I allocated one of the VPSs I use for my side products to Nextcloud. A minimum of 2 CPU cores, 4 GB RAM, and a fast SSD disk are ideal for medium-scale usage. If you will have more than 10 active users or frequently work with large files, you should consider increasing these values.
Operating System and Web Server Selection
Nextcloud performs best on Linux-based systems. My preference is usually Ubuntu Server or Debian; their stability and extensive community support make it easier to find solutions to any problems you might encounter. As for the web server, I prefer Nginx over Apache. Nginx’s low resource consumption and high concurrent connection management are more suitable for applications like Nextcloud that perform intensive I/O operations.
# Update basic packages after Ubuntu Server installation
sudo apt update && sudo apt upgrade -y
# Install Nginx
sudo apt install nginx -y
# Install PHP-FPM (along with necessary PHP modules for Nextcloud)
sudo apt install php-fpm php-mysql php-mbstring php-gd php-curl php-xml php-zip php-intl php-imagick php-gmp php-bcmath php-redis -yInstalling these basic packages prepares the environment necessary for Nextcloud to run. However, the truly critical point is to configure these components to be compatible with Nextcloud. For example, adjusting values like memory_limit and upload_max_filesize in PHP-FPM settings according to Nextcloud’s needs will prevent issues with large file uploads.
Database Selection and Optimization: Why PostgreSQL is My Preference
Nextcloud supports various databases such as MariaDB/MySQL, PostgreSQL, and SQLite. While SQLite offers a simple solution for small, single-user installations, it has serious limitations in terms of performance and scalability. Since I worked with PostgreSQL for years in a production ERP, I generally prefer PostgreSQL for my Nextcloud installations as well.
PostgreSQL’s robustness, advanced query optimization capabilities, and enterprise-level features like transaction outbox make it a strong candidate for Nextcloud. MariaDB or MySQL can also be used, but in my experience, PostgreSQL has provided more stable performance, especially in intensive I/O operations and large datasets. Since Nextcloud’s file indexing and synchronization processes require intensive database usage, a properly optimized PostgreSQL installation is critically important.
PostgreSQL Optimization Tips
After installing PostgreSQL, making some basic adjustments in the postgresql.conf file significantly affects performance. You should adjust parameters like shared_buffers, work_mem, and effective_cache_size according to your server’s RAM amount. Here’s what my basic settings look like for Nextcloud on a VPS:
# /etc/postgresql/<version>/main/postgresql.conf
# Example values, should be adjusted based on your server's RAM
shared_buffers = 1GB # 25% of total RAM
work_mem = 64MB # Memory per query, be careful in multi-user systems
maintenance_work_mem = 256MB # For VACUUM and INDEX operations
effective_cache_size = 3GB # 50-75% of total RAM
max_connections = 100 # Should be adjusted based on Nextcloud's needs
wal_buffers = 16MB # Affects WAL write performance
synchronous_commit = off # Can be turned off for performance, but carries data loss risk
fsync = on # Should remain on for data integrityAdditionally, adding appropriate indexes to the database tables used by Nextcloud can also improve performance. Nextcloud also has its own optimization commands:
# Check database indexes with Nextcloud's own CLI tool
sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indicesThis command helps speed up database queries by adding missing indexes recommended by Nextcloud.
Storage Layer and Performance: Disk Selection and Settings
The heart of Nextcloud is the file storage layer. Correct disk selection and file system settings directly affect overall system performance. In my first attempts, which started with old HDDs, I experienced significant I/O delays, especially with a large number of small files. Therefore, I strongly recommend using SSDs for the Nextcloud data directory and database.
NVMe SSDs offer much higher read/write speeds compared to SATA SSDs and are the best choice if your budget allows. If you need a large amount of storage space and your budget is limited, you can keep the main data directory on HDDs, but you must host the database and Nextcloud application files on an SSD.
File System and Mount Settings
For the file system, ext4 generally provides sufficient performance on Linux systems. However, if you are looking for advanced features like data integrity and snapshots, you might consider copy-on-write (CoW) file systems like ZFS or Btrfs. I often use ext4 due to its simplicity and stability.
When mounting disks, adding some optimization options to the fstab file can improve I/O performance. Especially the noatime option eliminates the overhead of updating access time on every file access, thereby increasing performance.
# Example entry in /etc/fstab file
# UUID=xxxx-xxxx /mnt/nextcloud_data ext4 defaults,noatime,discard 0 2
# Here:
# UUID=xxxx-xxxx: UUID of your disk (you can find it with lsblk -f command)
# /mnt/nextcloud_data: Mount point for the Nextcloud data directory
# ext4: File system
# defaults: Default mount options
# noatime: Disables access time updates (performance increase)
# discard: Enables TRIM command for SSDs (performance and lifespan)Security and Remote Access: Nginx, SSL, and Fail2ban
One of the biggest advantages of setting up your own cloud is having full control over security. However, this also means a great responsibility. If you are not careful when exposing Nextcloud to the internet, it can easily become a target. That’s why I not only use Nginx as a reverse proxy but also implement layers like SSL encryption and brute-force protection.
Nginx, while directing incoming requests to Nextcloud’s PHP-FPM service, also allows us to encrypt all communication using free SSL certificates from Let’s Encrypt. SSL provides basic protection against eavesdropping attacks during data transfer.
Nginx and SSL Configuration
A typical Nginx server block configuration for Nextcloud looks like this:
# /etc/nginx/sites-available/nextcloud.conf
server {
listen 80;
server_name nextcloud.yourdomain.com;
return 301 https://$host$request_uri; # Redirect all HTTP requests to HTTPS
}
server {
listen 443 ssl http2;
server_name nextcloud.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/nextcloud.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nextcloud.yourdomain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/nextcloud.yourdomain.com/chain.pem;
# SSL settings for security and performance
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
# HSTS (HTTP Strict Transport Security)
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
# Required headers for Nextcloud
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag "none";
add_header X-Download-Options "noopen";
add_header X-Permitted-Cross-Domain-Policies "none";
add_header Referrer-Policy "no-referrer";
root /var/www/nextcloud; # Nextcloud installation directory
location = /robots.txt {
allow all;
log_not_found off;
}
location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; }
location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; }
# ... other Nextcloud location settings ...
# (This part can be taken from Nextcloud's official Nginx configuration guide)
}Brute-Force Protection with Fail2ban
Nextcloud’s login screen is a potential target for cyber attackers. fail2ban is an indispensable tool against brute-force attacks, especially those attempting weak passwords through trial and error. fail2ban automatically blocks IP addresses that make a certain number of failed login attempts within a specific period.
By defining a special fail2ban jail for Nextcloud, we can monitor Nextcloud’s own logs:
# /etc/fail2ban/jail.d/nextcloud.conf
[nextcloud]
enabled = true
port = http,https
filter = nextcloud
logpath = /var/www/nextcloud/data/nextcloud.log
maxretry = 5
bantime = 3600 # 1 hour banIt is also necessary to create the nextcloud.conf filter for this jail:
# /etc/fail2ban/filter.d/nextcloud.conf
[Definition]
failregex = {"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core","method":".*","url":".*","user":".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","userAgent":".*","version":".*"}Maintenance and Monitoring: Keeping Your Own Cloud Alive
Setting up Nextcloud is only half the battle. Regular maintenance and monitoring are essential to keep the system stable, secure, and performant. In one client’s system, the Nextcloud service stopped because we didn’t notice the disk was full, which disrupted the reporting flow. To avoid such situations, it’s necessary to be proactive.
Updates and Backup
Regularly updating the Nextcloud application, the underlying operating system, and the database is important to patch security vulnerabilities and benefit from new features. You can perform updates from Nextcloud’s own web interface or using the occ command.
Backup is an indispensable part of any disaster recovery plan. Nextcloud data consists of two main components: files and the database. You should back up both regularly. My preference is to dump the database with pg_dump and copy the data directory to another storage unit with rsync.
#!/bin/bash
DATE=$(date +%Y-%m-%d_%H-%M-%S)
BACKUP_DIR="/mnt/backups/nextcloud"
NEXTCLOUD_DIR="/var/www/nextcloud"
DB_USER="nextcloud_user"
DB_NAME="nextcloud_db"
mkdir -p $BACKUP_DIR
# Database backup
sudo -u postgres pg_dump -U $DB_USER $DB_NAME > $BACKUP_DIR/nextcloud_db_$DATE.sql
# Nextcloud data directory backup (with rsync)
rsync -Aax $NEXTCLOUD_DIR/data $BACKUP_DIR/nextcloud_data_$DATE
rsync -Aax $NEXTCLOUD_DIR/config $BACKUP_DIR/nextcloud_config_$DATE
echo "Nextcloud backup completed: $DATE"You can define this script as a cron job to run automatically daily or weekly.
Monitoring and Debugging
For Nextcloud to run stably, it’s important to monitor server resources (CPU, RAM, disk I/O) and Nextcloud’s own logs. You can follow system logs with journalctl, Nginx access/error logs, and Nextcloud’s own nextcloud.log file.
# Live tail Nextcloud logs
tail -f /var/www/nextcloud/data/nextcloud.log
# Check Nextcloud's system status
sudo -u www-data php /var/www/nextcloud/occ statusThese commands allow you to detect potential problems early. Continuously monitoring disk usage is especially critical to prevent situations like “disk fires.”
Quick Setup with Docker Compose: A Practical Solution
The manual installation steps I described above are ideal for those who want more control over their system. However, if you are looking for a faster and more isolated installation, Docker Compose is an excellent option. I frequently use Docker Compose in my test environments or for rapid prototyping.
Docker Compose simplifies installation and facilitates dependency management by running Nextcloud, PostgreSQL, and Nginx in separate containers. However, it’s important to be careful about the disk I/O performance or memory limits of Docker containers. A wrongly configured Docker Compose setup can lead to “container memory limit” issues or slow disk access.
Here is a simple docker-compose.yml example for Nextcloud:
# docker-compose.yml
version: '3'
services:
db:
image: postgres:13-alpine
restart: always
volumes:
- db_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: nextcloud_db
POSTGRES_USER: nextcloud_user
POSTGRES_PASSWORD: your_strong_db_password
networks:
- nextcloud_network
app:
image: nextcloud:latest
restart: always
volumes:
- nextcloud_data:/var/www/html
environment:
POSTGRES_DB: nextcloud_db
POSTGRES_USER: nextcloud_user
POSTGRES_PASSWORD: your_strong_db_password
POSTGRES_HOST: db
NEXTCLOUD_TRUSTED_DOMAINS: nextcloud.yourdomain.com
ports:
- 8080:80 # Open port 8080 if running behind an Nginx reverse proxy
networks:
- nextcloud_network
depends_on:
- db
volumes:
db_data:
nextcloud_data:
networks:
nextcloud_network:
driver: bridgeThis configuration sets up the Nextcloud application and PostgreSQL database in an isolated manner. You can use Nginx as a reverse proxy in a separate container or directly on your server. Paying particular attention to the volumes section ensures that your data persists even if the container is deleted.
Conclusion: Your Own Cloud, Your Own Control
Moving away from commercial cloud services like Google Drive and setting up your own cloud with Nextcloud, while initially requiring some effort and technical knowledge, offers countless benefits in the long run in terms of data privacy, cost control, and flexibility. In my own experiences, I’ve seen how correct this decision was for both my personal data and my small side projects.
Remember that managing your own cloud is a process that requires continuous learning and maintenance. With the right hardware and software choices, meticulous security configuration, and regular maintenance routines, you can safely use your Nextcloud for many years. The challenges you encounter on this journey will teach you valuable lessons in system administration and network security. The next step could be integrating your Nextcloud with your personal automations.