Nextcloud : Nextcloud Secure Apache with Let's Encrypt on Ubuntu And Update Version.

Nextcloud : Nextcloud Secure Apache with Let's Encrypt on Ubuntu And Update Version.

https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-ubuntu-18-04/
1.

1. sudo apt update
2. sudo apt install certbot

2.

1. openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

3.

1. mkdir -p /var/lib/letsencrypt/.well-known
2. chgrp www-data /var/lib/letsencrypt
3. chmod g+s /var/lib/letsencrypt

4.

1. nano /etc/apache2/conf-available/letsencrypt.conf

insert this.

Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/"
<Directory "/var/lib/letsencrypt/">
AllowOverride None
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>

5.

1. nano /etc/apache2/conf-available/ssl-params.conf

insert this.

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off

SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"

6.

1. a2enmod ssl
2. a2enmod headers
3. a2enconf letsencrypt
4. a2enconf ssl-params
5. a2enmod http2
6. systemctl reload apache2

7.

1. certbot certonly --agree-tos --email suwit@scivalve.com --webroot -w /var/lib/letsencrypt/ -d nextcloud.scivalve.com.com -d http://www.nextcloud.scivalve.com

8. output show

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2020-03-12. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

9.

1. nano /etc/apache2/sites-available/000-default.conf

1. <VirtualHost *:80>
2.   ServerName nextcloud.scivalve.com
3.   ServerAlias http://www.nextcloud.scivalve.com
4.  
5.   Redirect permanent / https://nextcloud.scivalve.com/
6. </VirtualHost>
7.  
8. <VirtualHost *:443>
9.   ServerName nextcloud.scivalve.com
10.   ServerAlias http://www.nextcloud.scivalve.com
11.  
12.   Protocols h2 http:/1.1
13.  
14.   <If "%{HTTP_HOST} == 'www.nextcloud.scivalve.com'">
15.     Redirect permanent / https://nextcloud.scivalve.com/
16.   </If>
17.  
18.   DocumentRoot /var/www/nextcloud
19.   ErrorLog ${APACHE_LOG_DIR}/nextcloud.scivalve.com-error.log
20.   CustomLog ${APACHE_LOG_DIR}/nextcloud.scivalve.com-access.log combined
21.  
22.   SSLEngine On
23.   SSLCertificateFile /etc/letsencrypt/live/nextcloud.scivalve.com/fullchain.pem
24.   SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.scivalve.com/privkey.pem
25.  
26.   # Other Apache Configuration
27.  
28. </VirtualHost>

10.

1. systemctl reload apache2

11. SSL Server Test
https://www.ssllabs.com/ssltest/
12. Auto Renew

1. nano /etc/cron.d/certbot

insert

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --renew-hook "systemctl reload apache2"

13. Test Run Renew

1. certbot renew --dry-run

Update Vertion 13 ---> 15
ทำได้โดย Up ทีละ Version จะ Up ข้ามเลยไม่ได้
13 --> 14 --> 15 (ปัจจุบันถึง Version 18 แล้ว)

วิธี Update เข้าชื่อ admin --> Setting --> Overview --> กด check update
ถ้ามี Version ใหม่จะมีให้กด Open Update แล้วทำตามขั้นตอน เลือก Update Web Browser

ต้องดูคำเตือน ด้วย ถ้าไม่มี Update ได้เลยถ้ามีต้องแก้คำเตือนก่อน