{"id":143,"date":"2021-08-06T16:38:43","date_gmt":"2021-08-06T14:38:43","guid":{"rendered":"https:\/\/itc-lucke.com\/?p=143"},"modified":"2022-01-17T17:41:06","modified_gmt":"2022-01-17T16:41:06","slug":"nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt","status":"publish","type":"post","link":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/","title":{"rendered":"NextCloud &#8211; Ubuntu 20.04 LTS"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1030\" height=\"631\" src=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-1030x631.jpg\" alt=\"\" class=\"wp-image-940\" srcset=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-1030x631.jpg 1030w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-300x184.jpg 300w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-768x471.jpg 768w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-705x432.jpg 705w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu.jpg 1235w\" sizes=\"auto, (max-width: 1030px) 100vw, 1030px\" \/><\/figure>\n\n<h2 class=\"wp-block-heading\" id=\"h-1-vorbereitungen-ubuntu-20-04-lts\">1.Preparations Ubuntu 20.04 LTS<\/h2>\n\n<p>You need an Ubuntu 20.04 LTS on a root\/ vServer of your choice.&#13;\nI can recommend &#8220;<a href=\"https:\/\/www.hetzner.com\/de\/\" target=\"_blank\" rel=\"noopener\">Hetzner<\/a>&#8220;.&#13;\n&#13;\nThere you can order a v-server billed by the minute and try out your cloud directly.<\/p>\n\n<p>If you use my affiliate link, <strong>Hetzner will give you 20 EUR<\/strong> to try it out.<\/p>\n\n<!--more-->\n\n<pre class=\"wp-block-preformatted\"><a rel=\"noreferrer noopener\" href=\"https:\/\/hetzner.cloud\/?ref=JzOsvjRDbjiL\" data-type=\"URL\" data-id=\"https:\/\/hetzner.cloud\/?ref=JzOsvjRDbjiL\" target=\"_blank\">https:\/\/hetzner.cloud\/?ref=JzOsvjRDbjiL<\/a><\/pre>\n\n<p>Alternatively, NextCloud can also be operated at home, for which there are various options (recommendation links from Amazon):<\/p>\n\n<ul class=\"wp-block-list\"><li>cheap: <a href=\"https:\/\/amzn.to\/3dxa94J\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/amzn.to\/3dxa94J<\/a><\/li><li>the middle class: <a href=\"https:\/\/amzn.to\/3dxa94J\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/amzn.to\/3dxa94J<\/a>&#13;\n(CPU, RAM any many LAN connections):<\/li><li>Power User: <a rel=\"noreferrer noopener\" href=\"https:\/\/amzn.to\/3qIJZ2t\" target=\"_blank\">https:\/\/amzn.to\/3qIJZ2t<\/a><\/li><\/ul>\n\n<p>Next, we update the system and install unzip:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo apt update && sudo upgrade -y&#13;\nsudo apt install unzip<\/pre>\n\n<h3 class=\"wp-block-heading\" id=\"h-1-1-apache-2-webserver-installieren\">1.1 Install Apache 2 web server<\/h3>\n\n<p>F\u00fcr unseren Server haben wir uns f\u00fcr den Apache2 Webserver entschieden und installieren diesen mit folgendem Befehl und pr\u00fcfen direkt im Anschluss den Status:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo apt install -y apache2 apache2-utils&#13;\nsystemctl status apache2<\/pre>\n\n<p>The output should look something like this:<\/p>\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"996\" height=\"326\" src=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image.png\" alt=\"\" class=\"wp-image-946\" srcset=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image.png 996w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-300x98.png 300w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-768x251.png 768w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-705x231.png 705w\" sizes=\"auto, (max-width: 996px) 100vw, 996px\" \/><\/figure>\n\n<p>If the service does not run, you can start it with the following command:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo systemctl start apache2<\/pre>\n\n<p>The service is now running, but would not start on reboot. So that Apache2 also starts again at the next system start:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo systemctl enable apache2<\/pre>\n\n<h3 class=\"wp-block-heading\" id=\"h-1-2-mariadb-datenbank-installieren\">1.2 Install MariaDB database<\/h3>\n\n<p>We install MariaDB via the command line and then check the status output, similar to the Apache2 web server:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo apt install mariadb-server mariadb-client&#13;\nsystemctl status mariadb<\/pre>\n\n<p>The database is installed. The output of the systemcrl status mariadb looks like this or something similar:<\/p>\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"983\" height=\"397\" src=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-1.png\" alt=\"\" class=\"wp-image-948\" srcset=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-1.png 983w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-1-300x121.png 300w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-1-768x310.png 768w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-1-705x285.png 705w\" sizes=\"auto, (max-width: 983px) 100vw, 983px\" \/><\/figure>\n\n<p>If the database is not started immediately, you can do this with:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo systemctl start mariadb<\/pre>\n\n<p>Here, too, we add the instruction to restart the database if we reboot the system:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo systemctl enable mariadb<\/pre>\n\n<p>We then run the post-installation security script.<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo mysql_secure_installation<\/pre>\n\n<p>Since the database does not yet have a password, we can simply answer the first question of the password with ENTER. Now we are asked for a password and we answer with Y to assign a new root password for MariaDB. REMEMBER or WRITE IT DOWN!<\/p>\n\n<p>BILD<\/p>\n\n<p>You can answer all other questions by pressing ENTER. No more information is required here.<\/p>\n\n<p>We can now also log in via the ROOT rights of our OS root user. This can be done with the following command:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo mariadb -u root&#13;\nexit;<\/pre>\n\n<p>With exit; we leave the database environment again. We can now take a look at the release notes:<\/p>\n\n<pre class=\"wp-block-preformatted\">mariadb --version<\/pre>\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1030\" height=\"325\" src=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-2-1030x325.png\" alt=\"\" class=\"wp-image-951\" srcset=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-2-1030x325.png 1030w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-2-300x95.png 300w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-2-768x243.png 768w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-2-705x223.png 705w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-2.png 1070w\" sizes=\"auto, (max-width: 1030px) 100vw, 1030px\" \/><\/figure>\n\n<h3 class=\"wp-block-heading\" id=\"h-1-3-php-7-4-installieren\">1.3 Install PHP 7.4<\/h3>\n\n<p>The current version is 7.4:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo apt install php7.4 libapache2-mod-php7.4 php7.4-mysql php-common php7.4-cli php7.4-common php7.4-json php7.4-opcache php7.4-readline php7.4-fpm<\/pre>\n\n<p>We have chosen php-fpm (FastCGI Process Manager version) and activate this as follows, and then restart Apache2:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo a2enmod proxy_fcgi setenvif&#13;\nsudo a2enconf php7.4-fpm&#13;\nsudo systemctl restart apache2<\/pre>\n\n<p>With this we have installed PHP on the Ubuntu and with this we check the version:<\/p>\n\n<pre class=\"wp-block-preformatted\">php --version<\/pre>\n\n<h2 class=\"wp-block-heading\" id=\"h-2-nextcloud-installation\">2. NextCloud-Installation<\/h2>\n\n<h3 class=\"wp-block-heading\" id=\"h-2-1-nextcloud-laden-und-entpacken\">2.1 Download and unpack Nextcloud<\/h3>\n\n<p>We log into our Ubuntu as root and download the current installation file from the Nextcloud website. At the time of the script, this is version 20.0.4:<\/p>\n\n<pre class=\"wp-block-preformatted\">wget https:\/\/download.nextcloud.com\/server\/releases\/nextcloud-20.0.4.zip<\/pre>\n\n<p>We now unpack the installation package into the directory \/var\/www\/nextcloud\/ and assign the rights for our Apache2:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo unzip nextcloud-20.0.4.zip -d \/var\/www\/&#13;\nsudo chown www-data:www-data \/var\/www\/nextcloud\/ -R<\/pre>\n\n<h3 class=\"wp-block-heading\" id=\"h-2-2-datenbank-fur-nextcloud-anlegen\">2.2 Create database for NextCloud<\/h3>\n\n<p>Now we create a database and a database user. You can choose these freely, but make a good note of them. We will need them later for the installation. In my case, I named the database &#8216;nextcloud' and the user &#8216;nextclouduser'. You can choose any of these, but replace them with your values in the following lines. Likewise the &#8216;yourpasswd':<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo mysql&#13;\n&#13;\ncreate database nextcloud;&#13;\n&#13;\ncreate user nextclouduser@localhost identified by 'yourpasswd';&#13;\n&#13;\ngrant all privileges on nextcloud.* to nextclouduser@localhost identified by 'yourpasswd';&#13;\n&#13;\nflush privivleges;&#13;\n&#13;\nexit;<\/pre>\n\n<h3 class=\"wp-block-heading\" id=\"h-2-3-virtuellen-host-im-apache2-anlegen\">2.3 Creating a virtual host in Apache2<\/h3>\n\n<p>In our example here, we create a virtual host. You may have other websites that you want to host here.&#13;\nYou should now have configured a domain on your server. In my case I have chosen cloud.my-domain.com. This is a subdomain. Create an A record in your DNS administration for the domain:&#13;\ncloud.your-domain.com should point to the server IP.<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo nano \/etc\/apache2\/sites-available\/nextcloud.conf<\/pre>\n\n<p>The following content goes into this file, but remember to replace the cloud.my-domain.com with yours.<\/p>\n\n<pre class=\"wp-block-preformatted\"><virtualhost>&#13;\n        DocumentRoot \"\/var\/www\/nextcloud\"&#13;\n        ServerName cloud.meine-domain.com&#13;\n        ErrorLog ${APACHE_LOG_DIR}\/nextcloud.error&#13;\n        CustomLog ${APACHE_LOG_DIR}\/nextcloud.access combined&#13;\n        <directory><\/directory>&#13;\n            Require all granted&#13;\n            Options FollowSymlinks MultiViews&#13;\n            AllowOverride All&#13;\n           <ifmodule mod_dav.c=\"\">&#13;\n               Dav off&#13;\n           <\/ifmodule>&#13;\n        SetEnv HOME \/var\/www\/nextcloud&#13;\n        SetEnv HTTP_HOME \/var\/www\/nextcloud&#13;\n        Satisfy Any&#13;\n       &#13;\n<\/virtualhost><\/pre>\n\n<p>Now we prepare Apache for the virtual host and activate Apache modules:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo a2ensite nextcloud.conf&#13;\nsudo a2enmod rewrite headers env dir mime setenvif ssl<\/pre>\n\n<p>We can test the configuration:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo apache2ctl -t<\/pre>\n\n<p>We then restart Apache.<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo systemctl restart apache2<\/pre>\n\n<p>In my case, calling cloud.my-domain.com still showed the default start screen of Ubuntu Apache2. We still have to deactivate the default virtual host here:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo a2dissite 000-default<\/pre>\n\n<p>Now we install the required PHP modules:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo apt install php-imagick php7.4-common php7.4-mysql php7.4-fpm php7.4-gd php7.4-json php7.4-curl  php7.4-zip php7.4-xml php7.4-mbstring php7.4-bz2 php7.4-intl php7.4-bcmath php7.4-gmp&#13;\n&#13;\nsudo systemctl reload apache2<\/pre>\n\n<p>With this, I could already access the Nextcloud via IP\/ domain name in the browser.<\/p>\n\n<h3 class=\"wp-block-heading\" id=\"h-2-4-let-s-encrypt\">2.4. Let's Encrypt<\/h3>\n\n<p>Safe is safe, here too the awarding of a certificate is sensible and important. Our cloud should be secure! For this purpose, we install the Certbot:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo apt install certbot python3-certbot-apache<\/pre>\n\n<p>Next, we run the following command to get a free Let's Encrypt certificate. Replace the email and domain back to your values.<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo certbot --apache --agree-tos --redirect --staple-ocsp --email email@meine-domain.com -d cloud.meine-domain.com<\/pre>\n\n<p>We still activate the HSTS header in nextcloud-le-ssl.conf:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo nano \/etc\/apache2\/sites-enabled\/nextcloud-le-ssl.conf<\/pre>\n\n<p>Here we insert the following line above the  line:<\/p>\n\n<pre class=\"wp-block-preformatted\">Header always set Strict-Transport-Security \"max-age=31536000\"<\/pre>\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"916\" height=\"321\" src=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-4.png\" alt=\"\" class=\"wp-image-953\" srcset=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-4.png 916w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-4-300x105.png 300w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-4-768x269.png 768w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-4-705x247.png 705w\" sizes=\"auto, (max-width: 916px) 100vw, 916px\" \/><\/figure>\n\n<p>We let Apache2 check the configuration again before restarting the service:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo apache2ctl -t&#13;\nsudo systemctl reload apache2<\/pre>\n\n<h3 class=\"wp-block-heading\" id=\"h-2-5-datenverzeichnis-festlegen-und-installation-abschliessen\">2.5 Set data directory and complete installation<\/h3>\n\n<p>I do not want the data to be in the subdirectory \/var\/www\/nextcloud but in parallel in \/var\/www\/cloud-data. You can also choose a different storage location, then simply replace the path with your own!<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo mkdir \/var\/www\/cloud-data&#13;\nsudo chown www-data:www-data \/var\/www\/cloud-data -R<\/pre>\n\n<p>A lot of preparation has been done so far, now it's off to the browser and we kick off the actual installation:<\/p>\n\n<pre class=\"wp-block-preformatted\">https:\/\/cloud.meine-domain.com<\/pre>\n\n<p>We now see the classic blue NextCloud screen and can create an ADMIN account. I do not recommend the classic admin or root here, but choose your own. Choose a password and enter it.<\/p>\n\n<p>Our data directory is now entered under the Data Folder field:<\/p>\n\n<pre class=\"wp-block-preformatted\">\/var\/www\/cloud-data\/<\/pre>\n\n<p>Then we add the database data. <\/p>\n\n<p>Nextcloud now performs the installation and we can then log in with the admin account and create users.<\/p>\n\n<p>If you forget your root access, you can connect to the server via the console and reset the password with:<\/p>\n\n<pre class=\"wp-block-preformatted\">sudo -u www-data php \/var\/www\/nextcloud\/occ user:resetpassword <em>nextcloud_username<\/em><\/pre>\n\n<h3 class=\"wp-block-heading\" id=\"h-2-6-nextcloud-optimieren\">2.6 Optimise NextCloud<\/h3>\n\n<h4 class=\"wp-block-heading\" id=\"h-2-6-1-memory-limit\">2.6.1. Memory Limit<\/h4>\n\n<h4 class=\"wp-block-heading\" id=\"h-2-6-2-cache-einrichten\">2.6.2 Set up cache<\/h4>\n\n<h4 class=\"wp-block-heading\" id=\"h-2-6-3-fehlende-indexe-erganzen\">2.6.3 Add missing indexes<\/h4>\n\n<h2 class=\"wp-block-heading\" id=\"h-3-fail2ban\">3. fail2ban<\/h2>\n\n<p>fail2ban can be used not only for e-mail or SSH access, but also to protect our NextCloud against access by third parties by blocking the user's access after a predefined number of failed attempts.<\/p>\n\n<p>For this we download the fail2ban package:<\/p>\n\n<pre class=\"wp-block-preformatted\">apt install fail2ban<\/pre>\n\n<p>Then we create a log file in which the failed attempts are stored and which is read out by fail2ban. This file must be provided with the appropriate rights for the web server.<\/p>\n\n<p>Now that we have a log file, we can tell NextCloud to log failed attempts in this very file. To do this, we need to make changes in the following file. To do this, we call our Nano with the file:<\/p>\n\n<pre class=\"wp-block-preformatted\">nano \/var\/www\/nextcloud\/config\/config.php<\/pre>\n\n<p>We now need to insert the following block into the file:<\/p>\n\n<pre class=\"wp-block-preformatted\">'log_type' =&gt; 'file',&#13;\n'logtimezone' =&gt; 'Europe\/Berlin',&#13;\n'logfile' =&gt; '\/var\/log\/nextcloud.log',&#13;\n'loglevel' =&gt; 2,<\/pre>\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"745\" height=\"688\" src=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-5.png\" alt=\"\" class=\"wp-image-955\" srcset=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-5.png 745w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-5-300x277.png 300w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-5-705x651.png 705w\" sizes=\"auto, (max-width: 745px) 100vw, 745px\" \/><\/figure>\n\n<p>Then we create a filter for the NextCloud. We do this by creating the following file:<\/p>\n\n<pre class=\"wp-block-preformatted\">nano \/etc\/fail2ban\/filter.d\/nextcloud.conf<\/pre>\n\n<p>We then write the content in it as follows:<\/p>\n\n<pre class=\"wp-block-preformatted\">[Definition]&#13;\n_groupsre = (?:(?:,?\\s<em>\"\\w+\":(?:\"[^\"]+\"|\\w+))<\/em>)&#13;\n failregex = ^{%(_groupsre)s,?\\s<em>\"remoteAddr\":\"\"%(_groupsre)s,?\\s<\/em>\"message\":\"Login failed:&#13;\n             ^{%(_groupsre)s,?\\s<em>\"remoteAddr\":\"\"%(_groupsre)s,?\\s<\/em>\"message\":\"Trusted domain error.&#13;\n datepattern = ,?\\s<em>\"time\"\\s<\/em>:\\s*\"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?\"<\/pre>\n\n<p>Now we create a new jail for fail2ban. To do this, we call up our editor again with the following file:<\/p>\n\n<pre class=\"wp-block-preformatted\">nano \/etc\/fail2ban\/jail.conf<\/pre>\n\n<p>The following block is then added at the end of the file:<\/p>\n\n<pre class=\"wp-block-preformatted\">[nextcloud]&#13;\nbackend = auto&#13;\nenabled = true&#13;\nport = 80,443&#13;\nprotocol = tcp&#13;\nfilter = nextcloud&#13;\nmaxretry = 3&#13;\nbantime = 86400&#13;\nfindtime = 43200&#13;\nlogpath = \/var\/log\/nextcloud.log<\/pre>\n\n<p>The line action = sends an e-mail to the admin. If this is not desired, you can also omit it. We restart the service:<\/p>\n\n<pre class=\"wp-block-preformatted\">service fail2ban restart<\/pre>\n\n<p>Now we can also test the filter:<\/p>\n\n<pre class=\"wp-block-preformatted\">fail2ban-client status<\/pre>\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"701\" height=\"265\" src=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-7.png\" alt=\"\" class=\"wp-image-957\" srcset=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-7.png 701w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-7-300x113.png 300w\" sizes=\"auto, (max-width: 701px) 100vw, 701px\" \/><\/figure>\n\n<p>After an attempt to log in and use a wrong password, the failed attempt could be seen directly.<\/p>\n\n<p>Here is a closer look at the filter:<\/p>\n\n<pre class=\"wp-block-preformatted\">fail2ban-regex \/var\/log\/nextcloud.log \/etc\/fail2ban\/filter.d\/nextcloud.conf<\/pre>\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"528\" src=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-8.png\" alt=\"\" class=\"wp-image-959\" srcset=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-8.png 750w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-8-300x211.png 300w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-8-705x496.png 705w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/figure>\n\n<p>With this, we have also completed the locking out of strangers.<\/p>\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1030\" height=\"557\" src=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-9-1030x557.png\" alt=\"\" class=\"wp-image-961\" srcset=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-9-1030x557.png 1030w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-9-300x162.png 300w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-9-768x416.png 768w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-9-705x381.png 705w, https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/image-9.png 1340w\" sizes=\"auto, (max-width: 1030px) 100vw, 1030px\" \/><figcaption>Security check at https:\/\/www.ssllabs.com\/ssltest\/analyze.html<\/figcaption><\/figure>\n\n<p>I hope the tutorial was understandable and you got through it well. If you have any questions, write in the comments or send me an email.<\/p>\n\n<p>Regards,&#13;\nSascha<\/p>\n\n<p>Sources:<\/p>\n\n<p style=\"font-size:10px\"><a href=\"https:\/\/www.linuxbabe.com\/ubuntu\/install-nextcloud-ubuntu-20-04-apache-lamp-stack\">https:\/\/www.linuxbabe.com\/ubuntu\/install-nextcloud-ubuntu-20-04-apache-lamp-stack<\/a><\/p>\n\n<p style=\"font-size:10px\"><a href=\"https:\/\/www.linuxbabe.com\/ubuntu\/install-lamp-stack-ubuntu-20-04-server-desktop\">https:\/\/www.linuxbabe.com\/ubuntu\/install-lamp-stack-ubuntu-20-04-server-desktop<\/a><\/p>\n\n<p style=\"font-size:10px\"><a href=\"https:\/\/askubuntu.com\/questions\/1010300\/apache-virtual-host-not-working\">https:\/\/askubuntu.com\/questions\/1010300\/apache-virtual-host-not-working<\/a><\/p>\n\n<p style=\"font-size:10px\"><a href=\"https:\/\/docs.nextcloud.com\/server\/19\/admin_manual\/installation\/harden_server.html#setup-a-filter-and-a-jail-for-nextcloud\">https:\/\/docs.nextcloud.com\/server\/19\/admin_manual\/installation\/harden_server.html#setup-a-filter-and-a-jail-for-nextcloud<\/a><\/p>\n\n<p style=\"font-size:10px\"><a href=\"https:\/\/docs.nextcloud.com\/server\/20\/admin_manual\/configuration_server\/caching_configuration.html#id1\">https:\/\/docs.nextcloud.com\/server\/20\/admin_manual\/configuration_server\/caching_configuration.html#id1<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>1.Preparations Ubuntu 20.04 LTS You need an Ubuntu 20.04 LTS on a root\/ vServer of your choice.&#13; I can recommend &#8220;Hetzner&#8220;.&#13; &#13; There you can order a v-server billed by the minute and try out your cloud directly. If you use my affiliate link, Hetzner will give you 20 EUR to try it out.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[44],"tags":[],"class_list":["post-143","post","type-post","status-publish","format-standard","hentry","category-tutorial-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>NextCloud - Ubuntu 20.04 LTS - IT Consulting Lucke<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NextCloud - Ubuntu 20.04 LTS\" \/>\n<meta property=\"og:description\" content=\"1.Preparations Ubuntu 20.04 LTS You need an Ubuntu 20.04 LTS on a root\/ vServer of your choice.&#013; I can recommend &#8220;Hetzner&#8220;.&#013; &#013; There you can order a v-server billed by the minute and try out your cloud directly. If you use my affiliate link, Hetzner will give you 20 EUR to try it out.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/\" \/>\n<meta property=\"og:site_name\" content=\"IT Consulting Lucke\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-06T14:38:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-01-17T16:41:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-1030x631.jpg\" \/>\n<meta name=\"author\" content=\"Sascha Lucke\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sascha Lucke\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/\"},\"author\":{\"name\":\"Sascha Lucke\",\"@id\":\"https:\/\/itc-lucke.com\/#\/schema\/person\/a845232324f539b9a5c8b78c2117b992\"},\"headline\":\"NextCloud &#8211; Ubuntu 20.04 LTS\",\"datePublished\":\"2021-08-06T14:38:43+00:00\",\"dateModified\":\"2022-01-17T16:41:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/\"},\"wordCount\":1254,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-1030x631.jpg\",\"articleSection\":[\"Tutorial\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/\",\"url\":\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/\",\"name\":\"NextCloud - Ubuntu 20.04 LTS - IT Consulting Lucke\",\"isPartOf\":{\"@id\":\"https:\/\/itc-lucke.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-1030x631.jpg\",\"datePublished\":\"2021-08-06T14:38:43+00:00\",\"dateModified\":\"2022-01-17T16:41:06+00:00\",\"author\":{\"@id\":\"https:\/\/itc-lucke.com\/#\/schema\/person\/a845232324f539b9a5c8b78c2117b992\"},\"breadcrumb\":{\"@id\":\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#primaryimage\",\"url\":\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-1030x631.jpg\",\"contentUrl\":\"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-1030x631.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/itc-lucke.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NextCloud &#8211; Ubuntu 20.04 LTS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/itc-lucke.com\/#website\",\"url\":\"https:\/\/itc-lucke.com\/\",\"name\":\"IT Consulting Lucke\",\"description\":\"IT - Infrastruktur - Marketing - Social Media - Specials\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/itc-lucke.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/itc-lucke.com\/#\/schema\/person\/a845232324f539b9a5c8b78c2117b992\",\"name\":\"Sascha Lucke\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/1aa2254039630f6220a9200f0dd4a88eb26b00a54dddf2bc4211e82825828c4e?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1aa2254039630f6220a9200f0dd4a88eb26b00a54dddf2bc4211e82825828c4e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1aa2254039630f6220a9200f0dd4a88eb26b00a54dddf2bc4211e82825828c4e?s=96&d=mm&r=g\",\"caption\":\"Sascha Lucke\"},\"url\":\"https:\/\/itc-lucke.com\/en\/author\/sascha-lucke\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"NextCloud - Ubuntu 20.04 LTS - IT Consulting Lucke","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/","og_locale":"en_US","og_type":"article","og_title":"NextCloud - Ubuntu 20.04 LTS","og_description":"1.Preparations Ubuntu 20.04 LTS You need an Ubuntu 20.04 LTS on a root\/ vServer of your choice.&#13; I can recommend &#8220;Hetzner&#8220;.&#13; &#13; There you can order a v-server billed by the minute and try out your cloud directly. If you use my affiliate link, Hetzner will give you 20 EUR to try it out.","og_url":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/","og_site_name":"IT Consulting Lucke","article_published_time":"2021-08-06T14:38:43+00:00","article_modified_time":"2022-01-17T16:41:06+00:00","og_image":[{"url":"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-1030x631.jpg","type":"","width":"","height":""}],"author":"Sascha Lucke","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sascha Lucke","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#article","isPartOf":{"@id":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/"},"author":{"name":"Sascha Lucke","@id":"https:\/\/itc-lucke.com\/#\/schema\/person\/a845232324f539b9a5c8b78c2117b992"},"headline":"NextCloud &#8211; Ubuntu 20.04 LTS","datePublished":"2021-08-06T14:38:43+00:00","dateModified":"2022-01-17T16:41:06+00:00","mainEntityOfPage":{"@id":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/"},"wordCount":1254,"commentCount":0,"image":{"@id":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#primaryimage"},"thumbnailUrl":"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-1030x631.jpg","articleSection":["Tutorial"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/","url":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/","name":"NextCloud - Ubuntu 20.04 LTS - IT Consulting Lucke","isPartOf":{"@id":"https:\/\/itc-lucke.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#primaryimage"},"image":{"@id":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#primaryimage"},"thumbnailUrl":"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-1030x631.jpg","datePublished":"2021-08-06T14:38:43+00:00","dateModified":"2022-01-17T16:41:06+00:00","author":{"@id":"https:\/\/itc-lucke.com\/#\/schema\/person\/a845232324f539b9a5c8b78c2117b992"},"breadcrumb":{"@id":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#primaryimage","url":"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-1030x631.jpg","contentUrl":"https:\/\/itc-lucke.com\/wp-content\/uploads\/2022\/01\/Ubuntu-1030x631.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/itc-lucke.com\/en\/nextcloud-on-ubuntu-20-04-lts-with-fail2ban-and-lets-encrypt\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/itc-lucke.com\/en\/"},{"@type":"ListItem","position":2,"name":"NextCloud &#8211; Ubuntu 20.04 LTS"}]},{"@type":"WebSite","@id":"https:\/\/itc-lucke.com\/#website","url":"https:\/\/itc-lucke.com\/","name":"IT Consulting Lucke","description":"IT - Infrastruktur - Marketing - Social Media - Specials","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/itc-lucke.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/itc-lucke.com\/#\/schema\/person\/a845232324f539b9a5c8b78c2117b992","name":"Sascha Lucke","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1aa2254039630f6220a9200f0dd4a88eb26b00a54dddf2bc4211e82825828c4e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1aa2254039630f6220a9200f0dd4a88eb26b00a54dddf2bc4211e82825828c4e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1aa2254039630f6220a9200f0dd4a88eb26b00a54dddf2bc4211e82825828c4e?s=96&d=mm&r=g","caption":"Sascha Lucke"},"url":"https:\/\/itc-lucke.com\/en\/author\/sascha-lucke\/"}]}},"_links":{"self":[{"href":"https:\/\/itc-lucke.com\/en\/wp-json\/wp\/v2\/posts\/143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itc-lucke.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itc-lucke.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itc-lucke.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/itc-lucke.com\/en\/wp-json\/wp\/v2\/comments?post=143"}],"version-history":[{"count":6,"href":"https:\/\/itc-lucke.com\/en\/wp-json\/wp\/v2\/posts\/143\/revisions"}],"predecessor-version":[{"id":964,"href":"https:\/\/itc-lucke.com\/en\/wp-json\/wp\/v2\/posts\/143\/revisions\/964"}],"wp:attachment":[{"href":"https:\/\/itc-lucke.com\/en\/wp-json\/wp\/v2\/media?parent=143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itc-lucke.com\/en\/wp-json\/wp\/v2\/categories?post=143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itc-lucke.com\/en\/wp-json\/wp\/v2\/tags?post=143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}