firefrost-operations-manual/docs/nextcloud-deployment.md

NextCloud Deployment - World Downloads Portal

Date: February 9, 2026
Server: Ghost VPS (64.50.188.14)
Status: ✅ OPERATIONAL
Service: 7 of 7 (Phase 0.5: 100% complete)

---

Deployment Summary

Duration: ~2.5 hours (including troubleshooting)
URL: https://downloads.firefrostgaming.com

Components:

• NextCloud 32.0.5
• PostgreSQL database
• PHP 8.3-FPM
• Nginx reverse proxy
• SSL certificate (Let's Encrypt)

---

Installation Steps

1. PHP Stack Installation

apt install -y php8.3-fpm php8.3-mysql php8.3-curl php8.3-gd \
  php8.3-intl php8.3-mbstring php8.3-xml php8.3-zip \
  php8.3-imagick php8.3-bcmath php8.3-gmp php8.3-pgsql unzip curl

2. PostgreSQL Database

sudo -u postgres psql << 'SQL'
CREATE USER nextcloud WITH PASSWORD 'FrostFire2026Cloud';
CREATE DATABASE nextcloud OWNER nextcloud;
\c nextcloud
GRANT ALL ON SCHEMA public TO nextcloud;
GRANT ALL ON DATABASE nextcloud TO nextcloud;
\q
SQL

CRITICAL: ALTER DATABASE OWNER required for proper permissions

3. NextCloud Download

cd /var/www
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
tar -xjf latest.tar.bz2
rm latest.tar.bz2
chown -R www-data:www-data /var/www/nextcloud

4. Nginx Configuration

Key points:

• Remove $uri/ from try_files to prevent directory listing
• Add rewrite for index.php routing
• Proper FastCGI parameters for HTTPS

Final working config:

location / {
    try_files $uri /index.php$request_uri;
}

NOT:

location / {
    try_files $uri $uri/ /index.php$request_uri;  # WRONG - causes 403
}

5. SSL Certificate

certbot --nginx -d downloads.firefrostgaming.com \
  --non-interactive --agree-tos \
  --email mkrause612@gmail.com --redirect

6. Web Installation

• Navigate to https://downloads.firefrostgaming.com
• Admin: mkrause612 / FireFrost2026Admin
• Database: PostgreSQL (NOT MySQL/MariaDB by default)
• Database details:
  • User: nextcloud
  • Password: FrostFire2026Cloud
  • Database: nextcloud
  • Host: localhost:5432

7. Permissions

chown -R www-data:www-data /var/www/nextcloud
find /var/www/nextcloud -type d -exec chmod 750 {} \;
find /var/www/nextcloud -type f -exec chmod 640 {} \;
chmod 770 /var/www/nextcloud/data
chmod -R 770 /var/www/nextcloud/apps

---

Challenges Encountered

1. PostgreSQL Not Supported (Initial)

Error: "Database is not supported"
Solution: Install php8.3-pgsql module
Command: apt install -y php8.3-pgsql

2. Directory Index Forbidden (403)

Error: "directory index of /var/www/nextcloud/apps/dashboard/ is forbidden"
Root Cause: Nginx try_files $uri $uri/ attempted directory listing
Solution: Remove $uri/ from location blocks

3. Redirect Loops

Error: "ERR_TOO_MANY_REDIRECTS"
Root Cause: Dashboard app + custom redirects
Solution: Temporarily disable dashboard, fix Nginx routing

4. Browser Cache Issues

Error: Stuck on /apps/dashboard even after fixes
Solution: Clear browser cookies/cache, use incognito mode

---

Verification

# Test HTTPS
curl -I https://downloads.firefrostgaming.com

# Check permissions
ls -la /var/www/nextcloud

# Verify PostgreSQL connection
sudo -u www-data php /var/www/nextcloud/occ config:system:get dbtype

# Check trusted domains
sudo -u www-data php /var/www/nextcloud/occ config:system:get trusted_domains

Expected Results:

• HTTP/2 200 response
• All files owned by www-data
• dbtype: pgsql
• trusted_domains includes downloads.firefrostgaming.com

---

Post-Installation Configuration

Trusted Domains

sudo -u www-data php occ config:system:set trusted_domains 0 \
  --value="downloads.firefrostgaming.com"
sudo -u www-data php occ config:system:set overwrite.cli.url \
  --value="https://downloads.firefrostgaming.com"
sudo -u www-data php occ config:system:set overwriteprotocol \
  --value="https"

Disable Dashboard (if needed)

sudo -u www-data php occ app:disable dashboard

Maintenance Mode

sudo -u www-data php occ maintenance:mode --off

---

Integration with Subscriber System

Purpose: World download access for $5+ subscribers

Workflow (Manual Phase 1):

1. Subscriber pays via Paymenter
2. Manual NextCloud account creation
3. Email credentials to subscriber
4. Grant access to world backup folders

Future (Phase 2):

• Paymenter webhook triggers automatic account creation
• Automated credential emails
• Automated folder permission grants

Future (Phase 3):

• SSO/OAuth integration across all services
• Real-time subscription validation

---

Maintenance

Updates:

sudo -u www-data php /var/www/nextcloud/updater/updater.phar

Backups:

• Database: pg_dump nextcloud
• Files: /var/www/nextcloud/data/

Monitoring:

• Added to Uptime Kuma (pending)
• Check via https://downloads.firefrostgaming.com/login

---

Key Learnings

1. PostgreSQL requires php-pgsql module - not installed by default
2. Nginx directory listing must be disabled for NextCloud routing
3. ALTER DATABASE OWNER critical for proper permissions
4. Browser cache can persist after server fixes
5. Dashboard app can conflict with initial setup
6. Web installation easier than CLI for complex configs

---

Files Modified

Nginx:

• /etc/nginx/sites-available/downloads.firefrostgaming.com

NextCloud:

• /var/www/nextcloud/config/config.php (auto-generated)

SSL:

• /etc/letsencrypt/live/downloads.firefrostgaming.com/

---

Success Criteria

• ✅ HTTPS working (HTTP/2 200)
• ✅ Web interface accessible
• ✅ PostgreSQL connection stable
• ✅ File upload/download functional
• ✅ SSL certificate valid (expires May 11, 2026)
• ✅ Permissions locked down
• ✅ No 403 or redirect errors

---

Fire + Frost = Where Passion Meets Precision 🔥❄️

Phase 0.5: 100% COMPLETE