Deploy Nextcloud on Rocky Linux 9 (Nginx or Docker)

Nextcloud Overview

Nextcloud is a cost-free, open-source solution for hosting and administering file storage services. It delivers features comparable to Google Drive, including sharing files and working together, but it operates fully on infrastructure you manage yourself. The project’s source code is openly published on GitHub for anyone to inspect or contribute to.

Deployment Options on Rocky Linux 9

In this guide, you will set up Nextcloud on Rocky Linux 9 using one of two approaches: a hands-on installation with Nginx, PHP, and MariaDB, or a container-based deployment with Docker and Docker Compose. Each option covers secure web server setup, database configuration, and optional HTTPS so access can be encrypted.

Prerequisites

Before starting, make sure you:

• Can access a Rocky Linux 9 server with a non-root account that has sudo rights.
• Have created a DNS A record that points your server’s IP to a hostname such as nextcloud.example.com.

This part prepares your system for installing Nextcloud. You will refresh packages, install needed tools, and get the environment ready for web, database, and PHP components.

Update System Packages

Update the installed packages on your system.

console

Copy

$ sudo dnf update

If you are asked to confirm, press Y to proceed and install the available updates.

Install Required Utilities and Dependencies

Install core utilities and dependencies for the setup.

console

Copy

$ sudo dnf install epel-release unzip curl wget policycoreutils-python-utils dnf-plugins-core -y

These packages deliver the key tools for preparing a web application and handling SELinux-related tasks.

Download the Nextcloud Web Application Files

Fetch the Latest Nextcloud Release

Download the newest Nextcloud package.

console

Copy

$ wget https://download.nextcloud.com/server/releases/latest.zip

This command pulls the latest stable Nextcloud version into your current directory.

Unpack the Archive

Extract the downloaded ZIP file.

console

Copy

$ unzip latest.zip

This unpacks the contents into a nextcloud/ folder that holds the application files.

Create the Web Root Directory

Verify the destination web root is present.

console

Copy

$ sudo mkdir -p /var/www/

Move Nextcloud into the Web Root

Relocate the extracted directory into /var/www.

console

Copy

$ sudo mv nextcloud/ /var/www/

The Nextcloud application can now be served from /var/www/nextcloud.

Install MariaDB Database Server

Nextcloud keeps its settings and user information in a relational database. It can work with MySQL, PostgreSQL, SQLite, and Oracle, though SQLite should be used mainly for tests or very small deployments. Here, you will install and set up MariaDB as the production database backend.

Create a MariaDB Repository File

Create a dedicated repository configuration for MariaDB.

console

Copy

$ sudo tee /etc/yum.repos.d/MariaDB.repo > /dev/null <<EOF
[mariadb]
name = MariaDB
baseurl = https://rpm.mariadb.org/11.4/rhel/\$releasever/\$basearch
gpgkey = https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck = 1
EOF

Install MariaDB Server and Client

Install both the database server and client tools.

console

Copy

$ sudo dnf install MariaDB-server MariaDB-client

Enable and Start MariaDB

Start MariaDB now and configure it to launch on boot.

console

Copy

$ sudo systemctl enable --now mariadb

Harden the MariaDB Installation

Run the secure installation routine for MariaDB.

console

Copy

$ sudo mariadb-secure-installation

This script walks you through defining the root password and tightening basic security settings. When asked, provide a strong root password, then respond with Y to the remaining questions to apply the suggested default protections.

Configure the MariaDB Database for Nextcloud

Log In to the MariaDB Root Account

Sign in to MariaDB as the root user.

console

Copy

$ mariadb -u root -p

Type in the root password you defined while running mariadb-secure-installation.

Create the Nextcloud Database

Create a new database dedicated to Nextcloud.

sql

Copy

MariaDB [(none)]> CREATE DATABASE nextcloud;

Create a Dedicated Nextcloud Database User

Create a separate MariaDB user for Nextcloud to use.

sql

Copy

MariaDB [(none)]> CREATE USER 'nextcloud'@'127.0.0.1' IDENTIFIED BY 'StrongPass';

Swap StrongPass for a secure, alphanumeric password.

Grant Full Privileges to the Nextcloud User

Allow that user complete access to the Nextcloud database.

sql

Copy

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'127.0.0.1';

Reload Privileges

Apply the permission changes immediately.

sql

Copy

MariaDB [(none)]> FLUSH PRIVILEGES;

Exit the MariaDB Console

Leave the MariaDB prompt.

sql

Copy

MariaDB [(none)]> exit

Test the New Database User Login

Confirm the new user can connect successfully.

console

Copy

$ mariadb -u nextcloud -p -h 127.0.0.1

Enter the password you set earlier.

Verify the Database Exists

Check that the nextcloud database is present.

sql

Copy

MariaDB [(none)]> SHOW DATABASES;

Output:

+--------------------+
| Database           |
+--------------------+
| information_schema |
| nextcloud          |
+--------------------+

Exit the session by typing exit.

Tune MariaDB for Nextcloud

Nextcloud needs particular MariaDB options for proper compatibility and strong performance. Adjust the MariaDB configuration so it matches these requirements.

Edit the MariaDB Configuration File

Open the MariaDB server configuration file in your editor.

console

Copy

$ sudo nano /etc/my.cnf.d/server.cnf

Add Settings Under the [mysqld] Section

In the [mysqld] block, insert these lines:

ini

Copy

bind-address = 127.0.0.1
character_set_server = utf8mb4
collation_server = utf8mb4_general_ci
transaction_isolation = READ-COMMITTED
binlog_format = ROW
innodb_large_prefix = 1
innodb_file_format = barracuda
innodb_file_per_table = 1

bind-address = 127.0.0.1: Limits connections to localhost only.

character_set_server and collation_server: Set utf8mb4 to support full Unicode.

transaction_isolation = READ-COMMITTED: Avoids inconsistencies from reading uncommitted data.

binlog_format = ROW: Enhances replication precision and recovery behavior.

InnoDB options: Allow bigger index prefixes, Barracuda file format, and per-table tablespaces.

Add Settings Under the [server] Section

In the [server] block of the same file, add these lines:

ini

Copy

skip_name_resolve = 1
innodb_buffer_pool_size = 128M
innodb_buffer_pool_instances = 1
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 32M
innodb_max_dirty_pages_pct = 90
query_cache_type = 1
query_cache_limit = 2M
query_cache_min_res_unit = 2K
query_cache_size = 64M
tmp_table_size = 64M
max_heap_table_size = 64M
slow_query_log = 1
slow_query_log_file = /var/log/mysql/slow.log
long_query_time = 1

skip_name_resolve: Turns off DNS lookups to speed up connections.

innodb_* parameters: Set buffer pools, flushing, and log buffers for steady performance.

query_cache_* parameters: Control query caching (note: deprecated in MariaDB 11.4 and may be ignored).

tmp_table_size and max_heap_table_size: Set thresholds for temporary and memory tables.

slow_query_log options: Enable and configure slow query logging to analyze performance.

Restart MariaDB

Restart MariaDB so the new configuration takes effect.

console

Copy

$ sudo systemctl restart mariadb

Verify MariaDB Is Running

Check the MariaDB service status.

console

Copy

$ sudo systemctl status mariadb

Install PHP 8 for Nextcloud

Nextcloud needs PHP to operate. PHP 8.3 or newer is recommended for better speed, memory use, and compatibility. In this part, you will install PHP 8.3, enable the required modules, and set up PHP-FPM to work with Nginx.

Check Available PHP Streams

List the PHP module streams that are available on Rocky Linux 9.

console

Copy

$ sudo dnf module list php

PHP 8.3 ships by default with Rocky Linux 9, but some packages may be missing. To make sure every required module is available, you must add and enable the Remi repository for PHP 8.3.

Add the Remi Repository

Install the Remi repository package.

console

Copy

$ sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm

The Remi repository is a reliable third-party source that provides current PHP builds for Enterprise Linux systems.

Enable Remi and the PHP 8.3 Module

Enable the Remi repository and switch PHP to the 8.3 stream.

console

Copy

$ sudo dnf config-manager --set-enabled remi
$ sudo dnf module enable php:remi-8.3

Install PHP 8.3, PHP-FPM, and Extensions

Install PHP 8.3 together with PHP-FPM and the required extensions.

console

Copy

$ sudo dnf install php php-fpm php-intl php-sodium php-ctype \
 php-curl php-dom php-gd php-mbstring php-posix php-session \
 php-xml php-zip php-zlib php83-php-pecl-redis php-mysqlnd -y

Configure PHP-FPM to Use the nginx User

Edit the PHP-FPM pool configuration file.

console

Copy

$ sudo nano /etc/php-fpm.d/www.conf

Change the following lines:

ini

Copy

user = nginx
group = nginx

Increase the PHP Memory Limit

Edit the main PHP configuration file to raise memory limits.

console

Copy

$ sudo nano /etc/php.ini

Change the following line:

ini

Copy

memory_limit = 512M

Enable and Start PHP-FPM

Start PHP-FPM and ensure it runs at boot.

console

Copy

$ sudo systemctl enable --now php-fpm

Update SELinux for MariaDB Socket Access

Adjust SELinux so PHP-FPM can reach the MariaDB socket.

console

Copy

$ sudo semanage fcontext -a -t mysqld_var_run_t "/var/lib/mysql/mysql.sock"

Restart All Services

Restart services so every change is active.

console

Copy

$ sudo systemctl restart php-fpm nginx mariadb

Install and Configure Nginx Web Server

Nextcloud needs a web server to deliver its frontend and process PHP requests. Nginx is a slim, fast, and efficient web server that fits this role well. Use the steps below to install and set it up.

Install Nginx

Install the Nginx package.

console

Copy

$ sudo dnf install nginx -y

DNF will automatically trust the GPG key and install the stable release from your enabled repository.

Enable and Start Nginx

Start Nginx now and make it launch automatically on boot.

console

Copy

$ sudo systemctl enable --now nginx

Confirm Nginx Is Active

Check that the service is running.

console

Copy

$ sudo systemctl status nginx

The status output should show that the service is active (running).

Open Firewall Ports for HTTP and HTTPS

Allow inbound traffic on ports 80 and 443.

console

Copy

$ sudo firewall-cmd --zone=public --permanent --add-port=80/tcp
$ sudo firewall-cmd --zone=public --permanent --add-port=443/tcp

Reload the Firewall

Apply the firewall changes.

console

Copy

$ sudo firewall-cmd --reload

Open your server’s IP in a browser. If Nginx is set up properly, you will see the standard welcome page:

Nginx default page

Set Ownership for the Nextcloud Directory

Update file ownership so Nginx can read and run the Nextcloud files.

console

Copy

$ sudo chown -R nginx:nginx  /var/www/nextcloud

Adjust Directory Permissions

Give the owner read, write, and execute permissions on the Nextcloud folder.

console

Copy

$ sudo chmod -R 750 /var/www/nextcloud

Create the Nextcloud Nginx Configuration File

Create a new Nginx config file for Nextcloud.

console

Copy

$ sudo nano /etc/nginx/conf.d/nextcloud.conf

Add the Nextcloud Server Block

Insert the following configuration. Replace nextcloud.example.com with your real domain.

ini

Copy

# PHP-FPM socket
upstream php-handler {
    server unix:/run/php-fpm/www.sock;
}

# Cache control for assets
map $arg_v $asset_immutable {
    "" "";
    default ", immutable";
}

server {
    listen 80;
    listen [::]:80;
    server_name nextcloud.example.com;

    root /var/www/nextcloud;
    server_tokens off;

    client_max_body_size 512M;
    client_body_timeout 300s;
    fastcgi_buffers 64 4K;

    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    client_body_buffer_size 512k;

    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "noindex, nofollow" always;
    add_header X-XSS-Protection "1; mode=block" always;

    fastcgi_hide_header X-Powered-By;

    include mime.types;
    types {
        text/javascript mjs;
    }

    index index.php index.html /index.php$request_uri;

    location = / {
        if ($http_user_agent ~ ^DavClnt) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ^~ /.well-known {
        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }
        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
        return 301 /index.php$request_uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

    location ~ \.php(?:$|/) {
        rewrite ^/(?!index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|.+/richdocumentscode(_arm64)?/proxy) /index.php$request_uri;

        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
        fastcgi_max_temp_file_size 0;
    }

    location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463$asset_immutable";
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "noindex, nofollow" always;
        add_header X-XSS-Protection "1; mode=block" always;
        access_log off;
    }

    location ~ \.(?:otf|woff2?)$ {
        try_files $uri /index.php$request_uri;
        expires 7d;
        access_log off;
    }

    location /remote {
        return 301 /remote.php$request_uri;
    }

    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }
}

Test the Nginx Configuration

Validate the Nginx config for syntax errors.

console

Copy

$ sudo nginx -t

Output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Allow SELinux Access for Nginx

Update SELinux labels so Nginx can access the Nextcloud files.

console

Copy

$ sudo chcon -R -t httpd_sys_content_t /var/www/nextcloud

Restart Nginx

Restart the Nginx web server.

console

Copy

$ sudo systemctl restart nginx

Verify Nginx Is Running

Confirm that Nginx is running and active.

console

Copy

$ sudo systemctl status nginx

Make sure the output displays active (running) so you know Nginx is working.

Secure Nextcloud with HTTPS

Use Certbot to automatically request and install a TLS certificate from Let’s Encrypt. Certbot works with Nginx to enable HTTPS and safely redirect HTTP traffic.

Install Certbot and the Nginx Plugin

Install Certbot along with its Nginx integration.

console

Copy

$ sudo dnf install certbot python3-certbot-nginx -y

Generate and Install the TLS Certificate

Request and apply the certificate for your domain.

console

Copy

$ sudo certbot --nginx -d nextcloud.example.com

–nginx: Applies the Nginx plugin to configure HTTPS automatically.

-d nextcloud.example.com: Replace this with your own domain name.

When prompted:

• Provide your email address so you can receive renewal notices.
• Agree to the terms of service.
• Select the option that redirects all HTTP traffic to HTTPS.

Make sure ports 80 (HTTP) and 443 (HTTPS) are open in the firewall before you run Certbot.

Docker Deployment for Nextcloud

Docker offers separated, self-contained environments for rolling out applications such as Nextcloud. This part guides you through installing Docker on Rocky Linux 9 and creating the directory layout needed for a container-based Nextcloud setup.

Install Docker

Update the Package Index

Refresh the package metadata.

console

Copy

$ sudo dnf makecache

Add the Official Docker Repository

Add Docker’s upstream repository to your system.

console

Copy

$ sudo dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo

Install Docker Packages

Install Docker Engine, CLI tools, container runtime, and Compose components.

console

Copy

$ sudo dnf install docker-ce docker-ce-cli containerd.io \
   docker-buildx-plugin docker-compose-plugin -y

Enable and Start Docker

Start Docker now and configure it to run automatically at boot.

console

Copy

$ sudo systemctl enable --now docker

Verify Docker Is Running

Check the Docker service status.

console

Copy

$ sudo systemctl status docker

Ensure the status shows active (running) so you know Docker is working.

Add Your User to the docker Group

Add your account to the docker group so you do not need sudo for Docker commands.

console

Copy

$ sudo usermod -aG docker $(whoami)

Log out and log back in so the group change applies. You can also restart your shell session instead.

Prepare Docker Directory for Nextcloud

Create the Nextcloud Docker Configuration Directory

Create the directory where Docker Compose files and settings will live.

console

Copy

$ sudo mkdir -p /opt/nextcloud-docker

Create an Environment File for Docker Compose

Create the .env file used by Docker Compose.

console

Copy

$ sudo nano /opt/nextcloud-docker/.env

Add Environment Variables

Insert the following values, replacing credentials and domain where needed.

ini

Copy

MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud
MYSQL_PASSWORD=SecurePassword123#
MYSQL_ROOT_PASSWORD=SecurePassword#

NEXTCLOUD_ADMIN_USER=admin
NEXTCLOUD_ADMIN_PASSWORD=Passw0rd123$

DOMAIN=nextcloud.example.com
EMAIL=admin@example.com

Variable Breakdown

MYSQL_DATABASE: The MariaDB database name that Nextcloud will use.

MYSQL_USER: The database username assigned to Nextcloud.

MYSQL_PASSWORD: The password for the Nextcloud database user.

MYSQL_ROOT_PASSWORD: The root password for MariaDB in the container.

NEXTCLOUD_ADMIN_USER: The first admin username for Nextcloud.

NEXTCLOUD_ADMIN_PASSWORD: The admin account password.

DOMAIN: The full domain name used to reach Nextcloud.

EMAIL: The email address for TLS certificate requests and admin notifications.

Save and exit the file using CTRL+O, Enter, then CTRL+X.

Set Up Nextcloud Docker Services

Create the Host Data Directory

Create a host-side data folder so user uploads are stored outside the container.

console

Copy

$ sudo mkdir /opt/nextcloud-data

Set Ownership to the Default Nextcloud UID/GID

Change ownership to UID/GID 1000, which is the standard Nextcloud user inside Docker.

console

Copy

$ sudo chown -R 1000:1000 /opt/nextcloud-data

Apply Restrictive Permissions

Lock down the data directory with strict permissions.

console

Copy

$ sudo chmod -R 750 /opt/nextcloud-data

Create Docker Compose Configuration

Create the Docker Compose File

Create the docker-compose.yml file for your services.

console

Copy

$ sudo nano /opt/nextcloud-docker/docker-compose.yml

Add the Docker Compose Services

Add the configuration below.

yaml

Copy

services:
  nextcloud:
    image: nextcloud:stable
    container_name: nextcloud
    restart: always
    depends_on:
      - db
      - redis
    env_file:
      - .env
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
      - VIRTUAL_HOST=${DOMAIN}
    volumes:
      - nextcloud_app:/var/www/html
      - /opt/nextcloud-data:/var/www/html/data
    ports:
      - "8080:80"
    networks:
      - internal

  db:
    image: mariadb:11.4.7
    container_name: nextcloud-db
    restart: always
    env_file:
      - .env
    volumes:
      - db_data:/var/lib/mysql
    networks:
      - internal

  redis:
    image: redis:alpine
    container_name: nextcloud-redis
    restart: always
    networks:
      - internal

volumes:
  nextcloud_app:
  db_data:

networks:
  internal:
    driver: bridge

Update the domain names, passwords, and any other values in the .env file so they fit your environment.

Launch the Nextcloud Stack

Go to the nextcloud-docker Directory

Switch into the nextcloud-docker folder.

console

Copy

$ cd /opt/nextcloud-docker/

Validate the Configuration

Check whether the Compose setup is valid.

console

Copy

$ docker compose config

Start the Containers in Detached Mode

Bring up the stack in the background.

console

Copy

$ docker compose --env-file .env up -d

Confirm the Nextcloud Container Responds on Port 8080

Verify the Nextcloud service answers on port 8080.

console

Copy

$ curl -I http://localhost:8080

You should get a 302 Found redirect that points to /login.

List Running Containers

Show which containers are active.

console

Copy

$ docker container ls

Output:

CONTAINER ID   IMAGE              COMMAND                  PORTS               NAMES
abc123...      nextcloud:stable   ...                      8080->80/tcp        nextcloud
def456...      mariadb:11.4.7     ...                      3306/tcp            nextcloud-db
ghi789...      redis:alpine       ...                      6379/tcp            nextcloud-redis

Set the Trusted Domain for Web Access

Add your domain as a trusted host for browser access.

console

Copy

$ docker container exec -u www-data nextcloud php occ config:system:set trusted_domains 1 --value=nextcloud.example.com

Replace nextcloud.example.com with the domain you actually use.

Configure Nextcloud

After you have deployed Nextcloud with Docker Compose, set up Nginx as a reverse proxy and protect the deployment with HTTPS using Let’s Encrypt certificates.

Install Nginx

Install the Nginx Web Server

Install the Nginx package.

console

Copy

$ sudo dnf install nginx -y

Enable and Start Nginx

Start Nginx and make it launch on boot.

console

Copy

$ sudo systemctl enable --now nginx

Configure Nginx as a Reverse Proxy

Create a New Nginx Configuration File

Create a new Nginx config for Nextcloud.

console

Copy

$ sudo nano /etc/nginx/sites-available/nextcloud

Add the Reverse Proxy Server Block

Paste the following, and swap nextcloud.example.com with your own domain.

ini

Copy

server {
    listen 80;
    server_name nextcloud.example.com;

    location / {
        proxy_pass http://localhost:8080/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Enable the Configuration

Activate the new Nginx site configuration.

console

Copy

$ sudo ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/

Test the Nginx Configuration File

Check the configuration for errors.

console

Copy

$ sudo nginx -t

Reload Nginx

Reload Nginx so the proxy config is applied.

console

Copy

$ sudo systemctl reload nginx

Verify That Nginx Is Running

Confirm the service state.

console

Copy

$ sudo systemctl status nginx

Ensure it reports active (running).

Allow Nginx Through the Firewall

Allow HTTP and HTTPS Traffic

Open firewall access for Nginx.

console

Copy

$ sudo ufw allow 'Nginx Full'

Reload the Firewall

Reload UFW to apply the rule.

console

Copy

$ sudo ufw reload

Secure Nextcloud with Trusted SSL

Install Certbot and the Nginx Plugin

Install Certbot and its Nginx module.

console

Copy

$ sudo apt install certbot python3-certbot-nginx -y

Generate and Install the TLS Certificate

Request and apply a Let’s Encrypt certificate.

console

Copy

$ sudo certbot --nginx -d nextcloud.example.com

Certbot will update Nginx automatically and force all HTTP requests to go over HTTPS.

Enable Automatic Renewal

Enable the Certbot Renewal Timer

Turn on the systemd timer so certificates renew automatically.

console

Copy

$ sudo systemctl enable certbot.timer

Test Automatic Renewal

Run a dry test to confirm renewals work.

console

Copy

$ sudo certbot renew --dry-run

Set Trusted Domain and Force HTTPS

Copy the Config File from the Nextcloud Container

Copy config.php out of the running container to your home directory.

console

Copy

$ docker container cp nextcloud:/var/www/html/config/config.php ~/config.php

This command copies config.php from the active container into your home folder.

Edit config.php and Update the Lines Below

Edit config.php and change these entries.

php

Copy

'trusted_domains' => ['nextcloud.example.com'],
'overwrite.cli.url' => 'https://nextcloud.example.com',
'overwriteprotocol' => 'https',

Copy the Updated File Back into the Container

Move the edited config.php into the Nextcloud container again.

console

Copy

$ docker container cp ~/config.php nextcloud:/var/www/html/config/config.php

Open an Interactive Shell in the Container

Start a shell session inside the Nextcloud container.

console

Copy

$ docker container exec -it nextcloud bash

Fix Ownership of the Config File

Change ownership of the config file to www-data.

console

Copy

# chown www-data:www-data /var/www/html/config/config.php

Set Correct Permissions on the Config File

Apply the right permissions to config.php.

console

Copy

# chmod 640 /var/www/html/config/config.php

Exit the Container

Leave the container shell.

console

Copy

# exit

Restart the Container

Restart Nextcloud so the config changes are applied.

console

Copy

$ docker container restart nextcloud

Access and Set Up Nextcloud

After the installation finishes and the containers are up, open your Nextcloud instance in a browser at:

https://nextcloud.example.com

In the setup wizard, do the following:

• Create an administrator username and choose a strong password.
• Set the data directory path (keep the default unless you changed it earlier).
• Select MySQL/MariaDB as the database type.
• Enter these details:

• Database user: nextcloud
• Password: the one you configured
• Database name: nextcloud
• Host: db (when using Docker) or 127.0.0.1 (when using local MariaDB)

When setup is done, you can expand Nextcloud with more apps, sort and share files, and synchronize data across devices using the web UI or the mobile and desktop clients. This provides a single, central place to manage your private cloud storage through an easy-to-use dashboard.

Conclusion

In this guide, you installed Nextcloud on Rocky Linux 9 using either a manual deployment or a Docker-based approach. You protected the installation with Nginx and HTTPS, set up the database and Redis, and made sure user data remains on the host system to simplify backups.

The container method delivers isolation, efficient resource usage, and adaptability, while the manual approach gives you fine-grained control of the environment. For more advanced capabilities like external storage integration and groupware features, refer to the Nextcloud documentation.