Pre-requirenments:
1. Check and choose free domain name. You can check the free domain names in AWS Route 53 or in other service (I bought it in reg.ru).
Then you need to specifice DNS server in your provider (can take some time, up to 24 hours)
2. Access to AWS Console. Here we need — IAM, Route 53, S3, EC2
Steps from AWS Console:
1. Add rules to your security group(s) and be sure what your EC2 instance has open ports — 80, 443, 22 (as a minimum).
2. Create S3 bucket and user for S3 bucket. This two steps will be customized later in NC Console.
Main steps (not a best practice):
1. Deploy the EC2 instance. Ubuntu from AWS was a good choice for me. Notice the Public IP
2. Connect to your EC2 as you want and update it.
sudo apt update
3. Install NextCloud by snap
snap install nextcloud
4. Configure the NextCloud software:
sudo nextcloud.manual-install login password (actually, this command doesnt work for me — it just creates a user, but doesnt setup password)
5. Chech trusted domains (the first output will be localhost):
sudo nextcloud.occ config:system:get trusted_domains
6. Set trusted domains (with you domain name):
sudo nextcloud.occ config:system:set trusted_domains 1 —value=www.shnxtcld.com
7. Generate SSL certificate:
sudo nextcloud.enable-https lets-encrypt
On this step you already now Public IP and if you have a domain name you can create an A record in AWS R53
Also, to avoid changing a Public IP after rebooting EC2 instance we need to assign an Elastic IP and assosiate it with your EC2 instance. Be aware, if you want to do it after the NC was installed, you Public IP will be assingned to EC2 and you should change DNS record.
Security Group inbound rules in me case look like with.
Security Group outbound rules just allow all out traffic from from EC2 instance
From the S3 side. If we want to store images in dedicated scalable storage we need to attach separate S3 bucket with some «cold» storage. In this case we should create new IAM user with specific permission (S3 Object Lambda is not nessesary I suppose but was attached by default):
Create bucket with no public access:
Add bucket in NextCloud console:
The work is done! Optionaly, we can do some checks about a good SSL certificate (in other cases NC doesnt work). Lets encrypt cert is generated only for 3 month and then you should do a renewal.
Also, there is a service in NextCloud that check some staff if you specify the domain name of your home cloud.
Just in case. If you want to somehow monitor your EC2 instance you can do a basic Topic and Subscription in SNS service. A simple checks was done by me:
Usefull commands for NextCloud console:
cat /var/snap/nextcloud/current/logs/nextcloud.log
nano /var/snap/nextcloud/current/nextcloud/config/config.php
snap start nexcloud
snap status nextcloud
snap restart nextcloud
nextcloud.occ user:resetpassword admin
host www.shnxtcld.com ns-920.awsdns-51.net