Learning to set up NextCloud on Linode Virtual Private Server

Hello Folks - New Guy here. So if this should be posted in another category please advise me. I write this after seeing Jay’s fantastic Sept 2019 YouTube video on the same subject at: https://www.youtube.com/watch?v=EbD1hFzJtls

As a beginner to barely intermediate Linux user/abuser, I will try to undertake this project with the help of the earlier mentioned YouTube video, the associated Wiki and this forum. Before I get too far down the road, hope for community input on these concerns:

  • My chief goal is to duplicate the services of Google Drive, Google Documents and Google Photos using this Linode + NextCloud project. Once set up, I’d like to know if, for example, I try to access a stored spreadsheet (or other file e.g. mp3, .jpg) from JUST a browser without additional NextCloud software or plug ins, would I be able to view and edit the spreadsheet, view photos, edit documents, play music? Can I treat this NextCloud set up JUST like Google Drive / Google Docs and Google Photos (minus the Google data surveillance, collection, etc).

  • Can I share and password protect folders and documents and photos with anyone AND/OR specific people, but allow editing with other people? Especially people who do not have NextCloud services installed?

  • I really don’t want managing this replacement Google Services (Linode + NextCloud) to become a part time job. Once set up, will I continually be having to make security updates and fix things that get broken, other than say running the Linode VPS Ubuntu’s updates every other month or so?

  • How about security? Is the security of data a NextCloud matter, a Linode Matter …or both? Again, I don’t want or need a part time IT job…but I don’t want sensitive info hacked either.

Going out on a limb here… especially for a newbie…
Can the one Linode VPS I create also be configured to be my own secure email server? How about XMPP server OR would I have to create additional VPSs for those jobs? Viewing other YouTubes, think this might be within my skill level IF I can find as good an instructor as Jay.

I want to give my best shot at ‘de Googling’ my life, and Jay’s videos are HEAD and SHOULDERS above the others as far as helping newbies like me with the details I would need. In fact Jay recommended that I try this forum for help.

So what do you think Community, will Linode + NextCloud (+Hover to provide a domain name as Jay recommends) do what I’m looking for…or is this just too ambitions for a guy who really has a basic grasp of Linux Mint only? Thanks to all in advance for your helpful thoughts…

For your first question, yes, you should be able to do everything you’re looking for. Your ability to edit documents online requires you to run a docker container with an office suite inside. I haven’t looked in a while, but last time I did they had some instructions for that aspect. I may look into this again to refresh myself on it.

To be honest, I don’t remember. I deleted my Nextcloud server some time after I completed the video, otherwise I’d log in and test. I may give this another shot when I have some free time.

For updates, I would just install and configure the unattended-updates package. You can set it to automatically reboot the instance overnight when you’re not using it. The only other type of update is for Nextcloud itself, my suggestion would be to log into the Linode interface, shut down the instance, snapshot it, then turn it back on. Then you can install Nextcloud updates when they’re available. You can revert the snapshot if something goes wrong. But you shouldn’t find yourself having to do this terribly often.

Anything that’s publicly available is a security risk. But you can greatly minimize that by installing a firewall, such as ufw. You can limit SSH access to your IP address. You can also enable encryption in Nextcloud as well for further security.

For email, I wouldn’t recommend making the Nextcloud a mail server in and of itself, but Nextcloud does have a mail plugin that allows it to act as a mail client and pull e-mail from your e-mail service. You can consider Proton mail or Fastmail as the back-end email service, two of my favorites.

Hopefully that gives you a good start.

Thank you for your advice. Happy to report that my NextCloud instance is operating as this “newbie” believes it should in those respects I understand. Follow on questions from your reply above. I’m sorry for these truly NEWBIE questions…
do direct me to some basic reference if that is what I need. I got “spoiled” by your tutoring and wiki for this project…

  1. What are the exact steps to set up an “unattended-updates package” ?
    (Shall I do it as in this: https://www.cyberciti.biz/faq/set-up-automatic-unattended-updates-for-ubuntu-20-04/?cf_chl_captcha_tk=56ef986a2c8a296e807df0e8c413d0c566d0f187-1614815251-0-AZ3MWqJ3hfvrs98iGDH9YhZ-tqCstl5EKdaxVJePy3E8mD91KZu_mw-J8xd2dYnrHiNKgCTnXSApOE9mBJFx4NLu5onbQl5F2hYSLh4fKWOXna0W9BYHSyEMx4azrI0Izrj7BtQnxHcJ4poBZXqz0IJfxqzn4YmD3oO0Lmwo5ACMgVGzSPADlpfnxQpmpiQJqEAhSTXX-5blAtJchiAPBvhoyNbvGCLjvD9JSjq8FOrCATcSuSxU4GEIEk1XdwpheCB1fuMmu8bmFlmyp8OjiHfSiIA8q2wXMwZWHEX_2hZIoSWKsLPTt3zuKiDwQikynqIhYXmrBGkjNz_xLLeNF37Pu8uJx8J4Qj3ljMZM9-tmIIuPI5ENXNxzDaxI4Rx7KiXJqDXy7HpolgvdYSDof-6ZlM1sPHJ5dtGS5HN6tN5D9Y_8EidBS6Wu6X3UJZEkrTci-jRsCixVuyVD8mjLs8GcnWJoio6sK_RMOX6vdasb1VkIERFjnKpplFK475ujhjjdqfFXjlKlsMW2_CwED_E9AUvu_kuEhLCZtS_p_AzemC9wnYHpjjZmtK5k0eaan-qJJI3V5o3hXndjW7HTaXGdlLiNppnPDmVL1tu5yduPZ6EZrN71TN1ntTg6l7u5iZ7X_BsOzxV2jUgJjEev1SxseI34dcT1XWRgdvP6_enk)

  2. Can I install ufw (or Gufw) from the Linode server prompt just as I would if I was installing it from my desktop? For example:
    sudo apt install gufw
    $ sudo apt update

Shall I assume any repository needed for ufw/gufw is already part of the server’s repositories?

  1. Once ufw is installed, do I need to do any special configuration? If so, how?
  2. Could you walk me through these steps you mentioned above:
    to log into the Linode interface (I assume you mean on Linode’s webpage with my server info), shut down the instance, snapshot it (how?), then turn it back on. (via the same Linode dashboard). Did I miss anything?

I need specific steps spelled out…I’m just so happy I’ve got this up and running…I’m afraid to break it as I’m already storing non-critical / test documents on it.
Many thanks.

For unattended upgrades, you can simply install the unattended-upgrades package. The article you posted isn’t wrong, but it seems overly complex to me. You can configure the unattended-upgrades service by editing the files in the /etc/apt/apt.conf.d directory. Specifically, the files 50-unattended-upgrades, and 20auto-upgrades. That should be it, there are comments in those files that will help you understand what they do. Even if you don’t edit them, you should still be fine, it should start working pretty much right away. If you want to set up outgoing mail, you can follow virtually any tutorial that sets up postfix for outgoing mail.

I would install ufw instead of gufw on a server. Usually, you won’t need a GUI version on a server unless you’re running a desktop environment. And you shouldn’t need any extra repository in order to install ufw, the Ubuntu-provided package is fine.

For the last step, you can log in to the Linode dashboard, use the shutdown button, and then take a snapshot on the backups tab. That will cost $2 more per month (for the nanode instance type) but is recommended.

Let me know any specifics you may need broken down after the above and we’ll go from there.

Very, very helpful reply. Forgive my tardy reply. Life keeps getting in the way.

Correct me if I’m wrong, but if I want to securely share files or photos, the other person MUST have an account on my NextCloud, right? There is no way to offer password protected files to another person NOT on my NextCloud? I found out I can pass a link…but that link is open to anyone who holds it…

Thank you.

I use Proton mail myself and just wanted to comment on Jays mail recommendation. Proton mail does not have an option to use an external mail client by default (a side effect of the zero knowledge encryption) and requires a software “bridge” to work the account authentication and encryption/decryption of your mail. This bridge works on several platforms but with limited compatibility with different mail apps and none with the nextcloud mail app last I checked. It also requires a premium subscription. On the other hand, if you do get PM with a sub they have the initial version of their encrypted online storage out already and it allows for encrypted password protected file shares with limited number of accesses etc. I did only some initial testing on what was possible and was pleased by what they have implemented.

As far as I remember, you would want the other user to have an account on Nextcloud.

But keep in mind too, you can always encrypt files before sending them, and then give the person the password later or over the phone. When you encrypt files before you e-mail them, you can make any non-secure service relatively secure so long as your password doesn’t get accidentally leaked, or it’s not a common password.

But if you already have Nextcloud set up, and it has an SSL cert, you may as well just use that. There’s also a way to encrypt the underlying storage too.