Building a NextCloud server at home

I’ve been upset to think about Google holding so many of my files but the service Google provides in keeping things in sync between my several comupters has been just too convenient.  The NextCloud project has been on my horizon for soem time because it offers me things I care about: self sufficiency, privacy and security.  It’s an amazing project and my goals for using it are right at the simplest end of the spectrum of users.  Surprisingly, I found it a little hard to get super basic advice – the admin guide is hundreds of pages long.  I knew it coudn’t be hard but I struggled to find an ‘Idiot’s guide’….so here it is.

Step 1: Build a host

My intent was to host my own files locally, in my home.  A cloud in my house.  I maintain a couple of servers and use virtual machines under vmWare but I could just as easily have used any old PC or laptop with a bit of storage space.  I installed Ubuntu server I still use the 18.04 LTS relaese because of its generous maintenance period.  It’s here.

Update and patch it:

sudo apt-get update

sudo apt-get upgrade

Step 2: Install

The next steps were too easy for any one to have documented them — except u/Lognei on reddit who put together a basic post on basic installations.  Thanks!  We will use the snap tool to install in one command.  Lovely.

sudo apt-get install snapd

snap install nextcloud

So, now we have an application which is automatically running and all our further work can be most easily accomplished on the web interface using any browser.  The only stumpling point is, ‘What do I type into the address bar?’ First try:


and type hostname.local into your browser (substitute the name of your host for ‘hostname’ obviously!) The didn’t help me in my environment so I used an ip address directly. did the trick for me and your’s will be different (try ifconfig if you need help finding your ip address.)

Step 3: Remote access

I want my NextCloud to be accessible locally and from my laptop, office machine, phones and tablets.  Basically from where ever. That is always going to bring about security concerns but the NextCloud project itself is super secure.  Just take care!

I had a domain already registered – we’ll call it  So I logged into the company that manages the DNS for  That’s the directory that links the readable URL ( to the machine readable ip address.  For the record I use Zoneedit for that and have for years.   I added a subdomain called ‘cloud’ so now points to my Home ip address.  That a constant address for my, but your may change each time your modem drops out – check out dynamic DNS if that proplem applies to you.

Next I needed to look at my router and its firewall to allow incoming requests for the NextCloud services to reach the server we set up in the steps above.  These incoming requests are on ports 443 (and possibly port 80). In my router I was able to add a port forwarding rule so that all incoming requests on port 443 are directed to the ip address of the server running NextCloud. Good

So now if I type into any browser, I get the log in page of my NextCloud server.

Step 4: Add users

The first user on a NextCloud server is called ‘admin’.  Not a very personalised choice.  Once through the login screen it was trivial to add a new user with my proper name.

Step 5: SSL

This got me for a bit and took a bit of googling to get right.  To keep your data safe when it is transmitted from your NextCloud server, across the internet to your laptop or phone it needs to be encrypted in transit.  This is part of the https protocol and is required by most browsers in 2020.  If its not there you will get big warnings that your connections are insecure.  To allow encryption your server needs a certificate and we will use a certificate from Let’s Encrypt (its free!).

When I initially set out to do this the process failed but another kind blogger helped me out with and important first step:

apt install resolvconf

nextcloud.enable-https lets-encrypt

When asked enter the domain name that you plan to use to access NextCloud (remember  Now your data will traverse the internet in a form that no one can read (unless they break into your server and steal your certificate).

Step 6: Download clients

Nextcloud runs a little client on each of your machines to keep you files synced.  They’re here. I installed clients under Ubuntu linux, Windows 10, Window 7, and Android and connected my new user.  I could now save a file on one machine and see it arrive on any of the others around a minute later.  Cool.

Step 7: Encryption

Being able to manage the security of my stuff is a big deal to me.  Not that I have anything to hide but rather that I like to assert my right to keep my stuff to myself.  Human rights stuff.  NextCloud has a bunch of stuff to extend security beyond HTTPS.  All you files can be encrypted on the hard drive of the server but this may be easier to achieve by allowing the operating system to encrypt the entire hard drive.  That’s my preferred pathway.  I have enabled end-to-end encryption after reading this TechRepublic post.  There’s a bit of fiddling here including adding two apps in the NextCloud web interface – you need ‘Default encryption module’ and ‘End-to-End Encryption’. Once they are running you can set up folders to be encrypted before any files are transmitted over the internet.  I’m still trying to think how much that helps me.  It does ensure that the files are encrypted at rest on the server as well as in transit.  That’s a good thing.


Step 8: TODO External storage

My Nextcloud runs as a virtual machine inside another host. It’s nice to keep VMs small so they can be moved and backed up and so on. I’ll need to add more storage to my cloud before it can store all of my documents. More research is my next step.

Moved my blog to a new host using Duplicator plugin for WordPress

After many years it was time to move and my other sites to a new host. The reasons are not important but the process was scary.

There are lots of descriptions scattered about about how to export, transfer and reinstall a WordPress site but they were all a little different and used widely different technologies. One of my reasons for moving involved php. My old host had been slow to update php and the new host was much more up to date. I was anxious that the difference might break the transfer – and just to make things worse – so was the software I used. Any way, we got there.

I ended up using these instructions from DreamHost which were not too hard to follow and got me home. Duplicator has free and paid versions and I came across no reason to use the paid version.  The free plugin did everything I needed.  If your site is huge then the pro paid version may be for you.

Only one plugin broke – my  plugin – so I’ll be off to get that restored next.

Best of luck to anyone out to transfer a site… it can be done.

Upgraded to SSL now all browsers are getting upset

SSL logoI have belatedly upgraded this blog to serve pages using the more secure SSL. I have no confidential content here and no real need for encrypted delivery but one by on all the major browsers are putting up bigger warnings to users accessing insecure http pages.

The process was fairly simple – my website host was able to provide a certificate with only a couple of clicks of the admin panel. I then used a plugin called ‘Really Simple SSL‘ to make the changes required to the WordPress installation.

Now we’re off and away. If you could use a walkthrough of the preocess try this at WordPress Beginner.

Starting with mail

I’ve been working off this how-to put together by the electronic frontier foundation to establish a working email client with capacity to send and retieve encrypted email.  I’d recommend it as a usable, noob-friendly guide.

Regaining my privacy on line

Just starting to confront a battle of getting back to having some genuine on line privacy. As a long time user of gmail I always knew that Google could read my mail and serve me ads to suit. However it is so clear that many many others can read my mail too. Time to establish some personal space.
I think I’ll need:
Encrypted messaging
Encrypted email

Im not trying to be anonymous and I really don’t have any offensive views so I’m happy if you know who I (really) am.

How did I get here?

In my search for a short domain name I was so delighted to find that was available.  I just loved the idea of being able to play games with the domain name like:
I had to go and look up what the .io domain was all about. The British Indian Ocean Territory (Wikipedia here) is not somewhere I’ve spent any time.  Still, I liked the name. It’s taken me forever to get things on line and I’m motivated now to blog a little about internet security, privacy, politics, online freedoms and so on. Happy reading out there.