Project Goal
Provide a private cloud storage solution with Nextcloud, enabling secure data exchange with friends and family, accessible via a personal domain with proper TLS encryption.
Initial Situation
- Server: vServer
- Domain: registered domain pointing to vServer
- Services: Apache2, MariaDB, PHP
- Network Security: Firewall (UFW), HTTPS via Let’s Encrypt/Certbot
Implementation Steps
-
Domain Setup
- Registered domain and created A-record pointing to the vServer’s public IP.
-
Nextcloud Installation
- Installed Apache2, MariaDB, PHP modules.
- Downloaded and configured Nextcloud in
/var/www/nextcloud.
- Created a dedicated DB and user for Nextcloud.
-
Apache2 vHost Configuration
- Configured vHost to redirect all HTTP (port 80) traffic to HTTPS (443).
- Added reverse proxy rules for secure access to Nextcloud web interface.
-
TLS Certificates
- Installed Certbot and generated free TLS certificates via Let’s Encrypt.
-
Firewall / UFW
- Allowed only required ports:
80/tcp (HTTP → only for Certbot renewal / redirection)443/tcp (HTTPS)
- Denied all other inbound traffic.
-
User Management
- Created user accounts for friends and family.
- Enabled file sharing with expiration and password protection.
Result
- Fully functional, secure cloud storage accessible via custom domain.
- HTTPS enforced (Certbot, Let’s Encrypt).
- Firewall locked down to essentials.