I’ve used Nextcloud off and on over the past couple of years and decided to set up a server of my own.

What is Nextcloud?

At its core, Nextcloud is a free and open-source file hosting platform similar to Microsoft OneDrive, Dropbox, or Google Drive. But it also includes plenty of other features, including task lists, calendars, a mail client, video calling and chat, and more, which makes it a viable MS365 replacement. You can even connect AI to it, if that's your thing. You can find the full feature list on the Nextcloud website.

Why run your own server?

Setting up and maintaining your own server can be a lot of work, so why would I want to do this? There are four main reasons:

1. Data sovereignty: My data resides on my own server, which means that I'm not at the mercy of random corporate CEOs. Also, my data isn’t being scanned & sold to advertisers or used to train Big Tech’s AI models.
2. Portability: I’m not locked into proprietary file formats, file structures, etc. Nextcloud uses open standards for file storage, connectivity, etc. If I get mad at Nextcloud or my hosting provider, I can just move my data somewhere else, no problem.
3. Cost: Due to my choices, my server infrastructure is a bit pricey but there is no per-user cost. I can add as many people as I want without having to pay extra. And because Nextcloud is modular, I can add features no additional cost. And there is no risk of a vendor jacking up my subscription fees because there are no subscription fees.
4. Reliability: Since the software runs on my server I don't have to worry about some Big Tech idiot shutting it down for…reasons. If the Nextcloud organization disappears tomorrow I can still happily run my server indefinitely without any problems. Besides, it's a well-supported open-source project, so the community would carry on just fine.

Disclaimer

This article is very technical and definitely written for tech gearheads who are comfortable running servers, using the command line, managing networks and databases, and troubleshooting random problems. If that's not you, feel free to read on, but you're probably better off using a Nextcloud hosting provider.

The infrastructure

My main goal is to build a flexible, scalable environment that will last a long time. There are several ways to run Nextcloud, including as an all-in-one Docker image or in a traditional web server format. I'm not all that comfortable with Docker so I chose the traditional hosting setup. Yes, it's a bit old school, but it works quite well.

I’ve been hosting a few projects with Scaleway for the past year or so and have been super happy with their services and range of products. I recommend Hetzner and Infomaniak if you're looking for cheaper options, though they both offer significantly fewer services, if that matters to you. (As a matter of personal policy I avoid using U.S.-based tech; that could be a topic for another time but you can probably figure it out.)

After quite a bit of cost analysis (by which I mean, "plugging a bunch of crap into a spreadsheet and then staring at it for awhile"), I decided to go with an elastic metal server. For about than $40 per month I get a Ryzen 3600 Pro, 32 Gb RAM, and 2x1TB NVMe drives in a RAID 1 array. Network throughput is configurable; I’m good with the default 500 Mbps for now but can increase to 1 Gbps if needed. Running a similar-spec VPS with attached block storage would be quite bit more expensive than elastic metal, and as a bonus I don't have to share server resources.

To accommodate future growth I chose to run the database on its own node. Because my instance is small and low-volume I chose the smallest managed database server and added 10GB block storage. It adds about $20 to the bill, but gives me tons of flexibility. I can increase the node size, add storage, and even enable high-availability with a few clicks.

I’m using a private network to connect the two servers, so the database is not exposed to the public internet. I also enabled at-rest encryption for the database.

Nextcloud works with MySQL, MariaDB, and PostgreSQL; Scaleway offers MySQL and PostgreSQL managed database options. Because Oracle sucks, I avoid MySQL like the plague. Consequently, I elected to use PostgreSQL for my project.

Here is the basic architecture:

Provision the server & configure the VPC

To get started, I provisioned the elastic metal server with Ubuntu 24.04 and configured the SSH keys. Once signed in, I ran apt update and apt upgrade to make sure everything was up to date.

Configuring the private network was a bit fiddly but works like a charm once it was done. Most folks won't need to do this step, so I'll leave it at that.

Provision the database

Next, I provisioned the database node, created a new PostgreSQL database, added the appropriate user accounts, and set database permissions. Finally, I connected the node to the private network.

If you plan to run the database locally on the server you can install whatever database you prefer. Digital Ocean has a good walkthrough on how to install MariaDB on Ubuntu, for example.

Either way, be sure to properly secure your database and create a non-admin account for Nextcloud to use.

Install Apache and configure the network

Next up, I needed to install and configure Apache. Nextcloud technically works with Nginx, but requires extra work and is not officially supported. Since I’m my own sysadmin and I’m basically lazy, I installed Apache.

$ sudo apt update 

$ sudo apt install apache2

Once Apache is up and running the server displays this page:

With the web server running I next needed to configure my domain's DNS records. I added both the IPv4 and IPv6 records (A and AAAA, respectively).

Install and configure certbot

It's a terrible idea to run a webserver with insecure connections, and there is no excuse to do so since setup is dead simple. First, I installed snap and then Certbot.

$ sudo apt install snapd 
$ sudo snap install --classic certbot
$ sudo ln -s /snap/bin/certbot /usr/local/bin/certbot

Once I had installed Certbot it was time to get a Let's Encrypt certificate:

$ sudo certbot --apache

Finally, test the renewal process to make sure everything is good:

$ sudo certbot renew --dry-run

Because I'm paranoid, I also verified that the renewal had been added to the crontab:

ls -la /etc/cron.d

Sure enough, I can see the Certbot job listed:

drwxr-xr-x 2 root root 4096 Feb 1 01:12 . 
drwxr-xr-x 117 root root 4096 Feb 8 01:58 .. 
-rw-r--r-- 1 root root 802 Apr 16 2023 certbot

At this point I was able to connect to the server using https.

Install and configure UFW

As a final step I needed to lock down the firewall. UFW is a good, if basic, way to help secure the server. My server already had ufw installed so I didn't need to do it myself.

First, I set the firewall to deny incoming traffic by default:

$ sudo ufw default deny incoming

Obviously, I needed to add some rules or else I'd be unable to connect to the server. First up I added SSH, with brute force protection:

$ sudo ufw limit OpenSSH

Next, I added Apache:

$ sudo ufw allow 'Apache Full'

This enables ports 80 and 443 on for both IPv4 and IPv6 in a single command. The last step was to add an additional port for Nextcloud:

$ sudo ufw allow 3478/tcp

I did a double-check to make sure everything looked good and then enabled the firewall.

$ sudo ufw show added Added user rules (see 'ufw status' for running firewall): 
ufw limit OpenSSH
ufw allow 'Apache Full'
ufw allow 3478

Then I just had to enable ufw:

$ sudo ufw enable

Install PHP

At this point I had the database prepped and the web server configured and running., so the bit of pre-installation prep was to install PHP. As of this writing, Nextcloud requires PHP 8.2 but since I’m building new I went with the latest available, which is 8.3. (Technically 8.4 is the latest, but 8.3 is going to be around for awhile, is the recommended version, and is the latest available from the Canonical repositories. Recall that I’m lazy, so I went with 8.3 instead of futzing with adding repositories, keys, etc. to install the next point release.)

$ sudo apt install php8.3

I ran the php command to make sure it had installed correctly:

$ php -v 
PHP 8.3.6 (cli) (built: Jan 7 2026 08:40:32) (NTS) Copyright (c) The PHP Group Zend Engine v4.3.6, Copyright (c) Zend Technologies with Zend OPcache v8.3.6, Copyright (c), by Zend Technologies

Next I needed to install and enable the PHP exension for Apache:

$ sudo apt install libapache2-mod-php8.3 
$ sudo a2enmod php8.3

$ sudo systemctl restart apache2

Once I verified that Apache and PHP were happy workng together I ensured that all the required PHP modules were installed for Nextcloud, including the PostrgreSQL connector.

The last step was to edit a few config settings in php.ini to match recommended values.

Summary

That’s it for this article! Everything is in place and ready to install and configure Nextcloud. I’ll cover that process in my next article.