Deploy Nextcloud. Your Cloud in AWS

1. Check and choose free domain name. You can check the free domain names in AWS Route 53 or in other service (I bought it in
Then you need to specifice DNS server in your provider (can take some time, up to 24 hours)

Add DNS server to domain name

2. Access to AWS Console. Here we need — IAM, Route 53, S3, EC2

Steps from AWS Console:
1. Add rules to your security group(s) and be sure what your EC2 instance has open ports — 80, 443, 22 (as a minimum).
2. Create S3 bucket and user for S3 bucket. This two steps will be customized later in NC Console.

Main steps (not a best practice):
1. Deploy the EC2 instance. Ubuntu from AWS was a good choice for me. Notice the Public IP
2. Connect to your EC2 as you want and update it.
sudo apt update
3. Install NextCloud by snap
snap install nextcloud
4. Configure the NextCloud software:
sudo nextcloud.manual-install login password (actually, this command doesnt work for me — it just creates a user, but doesnt setup password)
5. Chech trusted domains (the first output will be localhost):
sudo nextcloud.occ config:system:get trusted_domains
6. Set trusted domains (with you domain name):
sudo nextcloud.occ config:system:set trusted_domains 1 —
7. Generate SSL certificate:
sudo nextcloud.enable-https lets-encrypt
On this step you already now Public IP and if you have a domain name you can create an A record in AWS R53

AWS Route53

Also, to avoid changing a Public IP after rebooting EC2 instance we need to assign an Elastic IP and assosiate it with your EC2 instance. Be aware, if you want to do it after the NC was installed, you Public IP will be assingned to EC2 and you should change DNS record.

Elastic IP

Security Group inbound rules in me case look like with.

Inbound SG

Security Group outbound rules just allow all out traffic from from EC2 instance

Outbound SG

From the S3 side. If we want to store images in dedicated scalable storage we need to attach separate S3 bucket with some «cold» storage. In this case we should create new IAM user with specific permission (S3 Object Lambda is not nessesary I suppose but was attached by default):

IAM user for S3 bucket

Create bucket with no public access:

S3 bucket in AWS Console

Add bucket in NextCloud console:

Add S3 bucket in NC Console

The work is done! Optionaly, we can do some checks about a good SSL certificate (in other cases NC doesnt work). Lets encrypt cert is generated only for 3 month and then you should do a renewal.

Check SSL certificate

Also, there is a service in NextCloud that check some staff if you specify the domain name of your home cloud.

NextCloud checks

Just in case. If you want to somehow monitor your EC2 instance you can do a basic Topic and Subscription in SNS service. A simple checks was done by me:

SNS settings

Usefull commands for NextCloud console:

cat /var/snap/nextcloud/current/logs/nextcloud.log
nano /var/snap/nextcloud/current/nextcloud/config/config.php
snap start nexcloud
snap status nextcloud
snap restart nextcloud
nextcloud.occ user:resetpassword admin

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *