Wondering how to deploy nextcloud aws s3 bucket? Our in-house experts are here to help you out with this article. Our AWS support is here to offer a lending hand with your queries and issues.

How to deploy nextcloud aws s3 bucket?

Today, let us see the steps followed by our support techs to deploy nextcloud.

Create a virtual server on AWS EC2

For performance and legal reasons you should select the closest AWS region, but if you want to spend as little as possible check the EC2 pricing page for the most convenient regions.

Open the AWS EC2 dashboard and press the Launch Instance button.

The first step involves choosing the operating system for your virtual server.

In the next step you must select the instance type (General Purpose, Compute Optimized, Memory Optimized, …) and size (CPU, RAM, …).

To run Nextcloud smoothly you need at least 1GB of RAM: 512MB for Nextcloud, plus an additional 512 MB for the web server and database.

Then you must create the “virtual disk”: the proposed 8 GB volume provides plenty of space for the application since all files are going to store on AWS S3.

Finally, you must create/use a security group allowing the following traffic:

• SSH: if you connect from a static IP (or a network with a known range of IPs) update the Source field accordingly; otherwise, for additional security, use a different port.
• HTTP/HTTPS: note that using a custom domain and a free Let’s Encrypt certificate, all HTTP connections will be automatically redirected to HTTPS.

In the final step you can review the configuration and provision your virtual server pressing the Launch button. To be able to connect via SSH, you must create or choose an existing key pair, whose public key is automatically deployed to the server.

Assign an Elastic IP to the virtual server

After a while your instance appears as running on the EC2 dashboard and you can connect via SSH using the instance public IP or DNS, but if you restart your server to change its type, increase disk size, … your public IP and DNS will change, so if you are going to use a domain you need an AWS Elastic IP, a public IP persistent across reboots, resizing, … .

Elastic IP Addresses – Amazon Elastic Compute Cloud

From the EC2 dashboard, click on the Elastic IPs on the left menu, press the Allocate new address button at the top of the new page and the Allocate button in the wizard page: a new Elastic IP will be reserved for you to use.

Go back to the list of reserved Elastic IPs, right click on the the IP address and select Associate address.

In the Associate address form just fill the Instance field with the ID of your EC2 instance and press the Associate button.

Now in the EC2 dashboard your instance will report it’s using the Elastic IP.

Now connect to the server via SSH to install Nextcloud.

Install Nextcloud

The installation process is documented in the following script, let’s break it down.

• snap install nextcloud: install the Nextcloud application, Apache web server and MySQL database with a production-ready configuration
• nextcloud.manual-install: create the Nextcloud administrator account
• nextcloud.occ config:system:set trusted_domains: add your domain to the list of domains Nextcloud will accept connections from (e.g. cloud.example.com).
• snap set nextcloud php.memory-limit=512M: update PHP memory limits (512 MB is the recommended minimum)

Setup custom (sub-)domain

To use Nextcloud with your domain (and later obtain a Let’s Encrypt SSL certificate) you need to add an A Record to your domain DNS configuration.

Enable HTTPS connections with Let’s Encrypt

Now we are ready to configure SSL on the server: just run the nextcloud.enable-https lets-encrypt command and follow the instructions.

Setup external storage with AWS S3

Login to the Nextcloud application, click on the profile icon on the upper-right corner and select Apps. Open the Disabled apps page from the left menu and enable the following two applications:

Enable server encryption

Click again on the profile icon on the upper-right corner, select Settings and select Administration > Security from the left menu. Under the Server-side encryption section check the Enable server-side encryption option and press the Enable encryption button.

If you later change your mind and want to disable encryption, you need to connect to your server via SSH and run the following commands:

• nextcloud.occ maintenance:mode --on: put the Nextcloud server into maintenance mode to prevent any user activity until decryption is completed
• nextcloud.occ encryption:decrypt-all: decrypt all files and disable encryption
• nextcloud.occ maintenance:mode --off: put the Nextcloud server back online

Nextcloud occ command is a command-line interface to perform mostly administrative tasks.

Create a IAM user for AWS S3

Before creating the user, we need to define a policy giving full S3 permissions only on the bucket where files are going to be stored.

You can use the following JSON template, just replace cloud.example.com with the name of your bucket.

Using the DNS name reduces the possibility that someone else will try to create a bucket with the same name as long as the domain is registered to you.

Open the IAM dashboard, select Policies from the left menu and press the Create policy button. In the JSON field just paste your IAM policy and click on the Review policy button.

Give a policy a meaningful name and description, then press the Create policy button.

Go back to the IAM dashboard, select Users from the left menu and press the Add user button. Choose a user name and grant it only programmatic access, then press the Next: Permissions button.

In the next step search for the policy you just created, select it and go forward until you reach the review step, then press the Create user button.

Configure AWS S3 folder

Once you successfully created the user and downloaded its credentials (as a CSV file), click on the profile icon on the upper-right corner, select Settings and Administration > External storages from the left menu.

Choose the folder name associated to the S3 bucket and fill the mandatory fields:

• Bucket: the bucket name must be the same you used in the IAM policy and the bucket itself must not exist, otherwise Nextcloud will raise an error when tries to create it
• Access token / Secret key: use the values provided in the user credential file you downloaded.

Check the Enable SSL and Enable Path Style options and press the checkmark icon on the right to save the changes and create the bucket. If everything goes fine, a green icon appears on the left, just before the folder name field.

Now open the Nextcloud file manager, open the S3 folder and upload a file. Since files are encrypted on the Nextcloud server, if you download the file directly from S3 you will notice it’s a sequence of random bytes.

Backup encryption keys

Since encryption keys are stored inside Nextcloud data directory, you should immediately perform a backup of your EBS volume.

[Looking for a solution to another query? We’re happy to help.]

Conclusion

In this article, we provide a quick and simple solution from our Support team to how to deploy nextcloud aws s3 bucket