Debian 9 with nextcloud 14 and fail2ban ufw ssl

Debian 9 to 14 by philip.meyer@twistermax.de 26.11.2018

sources:
https://stackoverflow.com/questions/11621053/redirect-http-to-https-on-default-virtual-host-without-servername

Nextcloud https mit self-signed Zertifikat einrichten

Tutorial: Wie Ihr Eure Nextcloud-Installation mit Fail2Ban absichern könnt


https://www.howtoforge.com/tutorial/install-nextcloud-server-and-client-on-debian-9/
https://nextclouders.de/nextcloud-in-weniger-als-20-minuten/

1.) apt update
2.) apt upgrade
3.) reboot
4.) apt install mc open-vm-tools –> open-vm-tools nur bei ESXi oder Workstation
5.) reboot
——————————————————————————–
6.) apt-get install apache2 mariadb-server
7.) systemctl start apache2
8.) systemctl enable apache2
9.) systemctl start mysql
10.) systemctl enable mariadb
11.) apt install libapache2-mod-php php7.0 php7.0-xml php7.0-cgi php7.0-cli php7.0-gd php7.0-curl php7.0-zip php7.0-mysql php7.0-mbstring wget unzip
——————————————————————————-
12.) mysql_secure_installation
13.) every question until „change root password“ to answer yes
14.) mysql -u root -p
15.) CREATE DATABASE nextclouddb;
16.) CREATE USER ’nextcloud’@’localhost‘ IDENTIFIED BY ‚mypassword‘;
17.) GRANT ALL PRIVILEGES ON nextclouddb.* TO ’nextcloud’@’localhost‘;
18.) FLUSH PRIVILEGES;
19.) \q
20.) mysql -u nextcloud -p
21.) use nextcloud
22.) \q
——————————————————————————-
23.) wget https://download.nextcloud.com/server/releases/latest.zip
24.) unzip latest.zip
25.) mv nextcloud /var/www/html/
26.) chown -R www-data:www-data /var/www/html/nextcloud
27.) nano /etc/apache2/sites-available/nextcloud.conf
27a.) <VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot „/var/www/html/nextcloud“
ServerName 192.168.0.187
<Directory „/var/www/html/nextcloud/“>
Options MultiViews FollowSymlinks

AllowOverride All
Order allow,deny
Allow from all
</Directory>
TransferLog /var/log/apache2/nextcloud_access.log
ErrorLog /var/log/apache2/nextcloud_error.log
</VirtualHost>
28.) a2dissite 000
29.) a2ensite nextcloud
30.) systemctl restart apache2
———————Firewall————————————————–
31.) apt install ufw
32.) ufw enable
33.) ufw allow 22
34.) ufw allow 80
35.) ufw allow 443
——————————————————————————
36.) configure on your ip-address http://XXX.XXX.XXX.XXX with a bowser
37.) admin-name,admin-password, db-connection usw.
————————-secure ssh——————————————-
38.) i’ve you got another user (not root), you can go to the next step, otherwise:
useradd -g users -d /home/(newuser) -s /bin/bash (newuser)
passwd (newuser)
mkdir /home/(newuser)
chown (newuser):users /home/(newuser)/
39.) nano /etc/ssh/sshd_config
40.) edit in sshd_config „PermitRootLogin yes“ to „PermitRootLogin no“
41.) /etc/init.d/ssh reload
————————-fail2ban———————————————
42.) apt install fail2ban
43.) cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
44.) nano /etc/fail2ban/jail.local
–> [DEFAULT] bantime = 86400
–> [DEFAULT] findtime = 600
–> [DEFAULT] maxretry = 3
45.) in jail.local section [jail] add:
[nextcloud_logins]
enabled = true
logpath = /var/www/html/nextcloud/data/nextcloud.log
port = http,https
46.) in jail.local section [jail] add:
[nextcloud_logins]
enabled = true
logpath = /var/www/html/nextcloud/data/nextcloud.log
port = http,https
47.) nano /etc/fail2ban/filter.d/nextcloud_trusted.conf
line 1:[Definition]
line 2:failregex = ^.*\“remoteAddr\“:\“<HOST>\“.*Trusted domain error.*$
48.) nano /etc/fail2ban/filter.d/nextcloud_logins.conf
line 1:[Definition]
line 2:failregex = ^.*\“remoteAddr\“:\“<HOST>\“.*Login failed:.*$
49.) systemctl restart fail2ban
50.) nano /var/www/html/nextcloud/config/config.php
add the following lines:
‚logfile‘ => ‚/var/nextcloud_data/nextcloud.log‘,
‚loglevel‘ => 2,
51.) service fail2ban restart
————————–activate ssl——————————————
52.) a2enmod ssl
53.) systemctl restart apache2
54.) openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/nextcloud.key -out /etc/apache2/ssl/nextcloud.crt
55.) nano /etc/apache/sites-avaiable/nextcloud-ssl.conf
add:
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/nextcloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/nextcloud.crt
SSLCertificateKeyFile /etc/apache2/ssl/nextcloud.key
</VirtualHost>
56.) a2ensite nextcloud-ssl.conf
57.) systemctl restart apache2
——————————Redirect Port 80——————————–
58.) nano /etc/apache2/sites-available/nextcloud.conf change to this:
<VirtualHost *:80>
ServerName yourdomain
RedirectPermanent / https://yourdomain/
</VirtualHost>