Objective
To set up a secure data storage and sharing system using Nextcloud for GDPR compliance, including data retention policies, encryption, and Two-Factor Authentication (2FA).
Prerequisites
- Operating System: Ubuntu (server or desktop)
- Root Privileges: Ensure you have sudo access
Step 1: Update System and Install Required Dependencies
- Update your system:
sudo apt update
sudo apt upgrade -y
- Install Apache, MariaDB, and PHP 7.4: Since PHP 7.4 is not available by default in recent Ubuntu repositories, add a PPA for older PHP versions.
sudo add-apt-repository ppa:ondrej/php
sudo apt update
- Install PHP 7.4 and necessary extensions:
sudo apt install apache2 mariadb-server libapache2-mod-php7.4 php7.4 php7.4-mysql php7.4-xml php7.4-mbstring php7.4-zip php7.4-gd php7.4-curl php7.4-intl php7.4-bz2 php7.4-json php7.4-sqlite3 php7.4-opcache -y
Step 2: Set Up MariaDB for Nextcloud
- Secure the MariaDB installation:
sudo mysql_secure_installation
Follow the prompts to set up a secure configuration.
- Create a Database and User for Nextcloud:
sudo mysql -u root -p
In the MariaDB prompt, run:
CREATE DATABASE nextcloud;
CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'yourpassword';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost';
FLUSH PRIVILEGES;
EXIT;
Step 3: Download and Configure Nextcloud
- Download Nextcloud:
wget https://download.nextcloud.com/server/releases/nextcloud-21.0.1.zip
unzip nextcloud-21.0.1.zip
sudo mv nextcloud /var/www/html/
- Set Permissions for Nextcloud:
sudo chown -R www-data:www-data /var/www/html/nextcloud
sudo chmod -R 755 /var/www/html/nextcloud
Step 4: Set Up Apache Virtual Host for Nextcloud
- Create a new Apache configuration file for Nextcloud:
sudo nano /etc/apache2/sites-available/nextcloud.conf
-
Add the following configuration (use
localhost
for a local setup):
<VirtualHost *:80>
DocumentRoot /var/www/html/nextcloud
ServerName localhost
<Directory /var/www/html/nextcloud/>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/nextcloud_error.log
CustomLog ${APACHE_LOG_DIR}/nextcloud_access.log combined
</VirtualHost>
- Enable the new configuration and required Apache modules:
sudo a2ensite nextcloud.conf
sudo a2enmod rewrite headers env dir mime
- Restart Apache:
sudo systemctl restart apache2
Step 5: Ensure PHP 7.4 is Enabled in Apache
If multiple PHP versions are installed, ensure Apache is using PHP 7.4.
- Disable any higher PHP versions (if enabled):
sudo a2dismod php8.3
- Enable PHP 7.4:
sudo a2enmod php7.4
- Restart Apache:
sudo systemctl restart apache2
Step 6: Complete Nextcloud Setup in the Browser
-
Open Nextcloud in your browser:
- Go to
http://localhost
orhttp://yourdomain.com
.
- Go to
-
Follow the setup wizard:
- Create an admin account.
-
Specify the data directory (e.g.,
/var/www/html/nextcloud/data
). -
Enter database details:
-
Database user:
nextclouduser
- Database password: The password you set
-
Database name:
nextcloud
-
Database host:
localhost
-
Database user:
- Click Finish Setup to complete the installation.
Step 7: Apply GDPR Compliance Settings
A. Configure Data Retention Policies
-
Install the Retention App:
- Go to Settings > Apps > Admin.
- Enable the File Retention app if available.
-
Define Retention Policies:
- Go to Settings > Administration > Workflow.
- Set up file retention rules (e.g., automatic deletion of old files).
B. Enable Server-Side Encryption
-
Enable the Default Encryption Module:
- Go to Settings > Apps > Security.
- Enable Default Encryption Module.
-
Enable Server-Side Encryption:
- Go to Settings > Administration > Security.
- Enable Server-Side Encryption under the Encryption settings.
C. Enable Two-Factor Authentication (2FA)
-
Install the Two-Factor TOTP Provider App:
- Go to Settings > Apps > Security.
- Enable Two-Factor TOTP Provider.
-
Set Up 2FA for User Accounts:
- Go to Settings > Security in your user profile.
- Follow the setup process to link your account with a 2FA app (e.g., Google Authenticator).
- Admins can enforce 2FA for all users under Administration > Security.
Summary
- Installed Dependencies: Apache, MariaDB, PHP 7.4 with necessary modules.
- Configured MariaDB: Created a database and user for Nextcloud.
- Set Up Nextcloud: Downloaded, configured, and installed Nextcloud.
- Applied GDPR Compliance: Configured data retention, enabled encryption, and set up 2FA.
Your Nextcloud setup is now fully operational with GDPR compliance for secure data management. Let me know if you need further assistance!