Since Nginx is by far better than Apache, especially because it handles a high number of simultaneous requests better and uses substantially less RAM, we don’t recommend using Apache, for any purpose. However, if for whatever reason you want to use Apache instead of Nginx to serve Nextcloud and its applications, including SIP Trip Phone, SMS Relentless and Pax Fax, we explain here how to configure it.
It is assumed that you have already installed Apache from the Debian repository. After you download the Nextcloud archive from the official website and extract it in the Nextcloud root directory, you can notice that there is a preconfigured .htaccess file in the root directory. That file contains specific settings needed by Nextcloud and you should leave it as it is. However, to fully configure Apache to serve Nextcloud and its applications, you should follow the steps explained below. You can serve Nextcloud on a subdomain, like cloud.example.com, which we recommend, or on a subdirectory, like example.com/nextcloud. Both situations are described below.
1. Configure Apache to serve Nextcloud on a subdomain
In this example the Nextcloud root directory is /var/www/cloud.example.com . This means that all Nextcloud files are stored in that directory. To serve Nextcloud using the subdomain cloud.example.com, so that the login page is accessible at https://cloud.example.com, first create the configuration file for Nextcloud:
nano /etc/apache2/sites-available/nextcloud-on-subdomain.confAdd the following content inside this file:
<VirtualHost *:80>
ServerName cloud.example.com
Redirect permanent / https://cloud.example.com/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/cloud.example.com
ServerName cloud.example.com
Protocols h2 http/1.1
ProxyRequests off
SSLProxyEngine on
ProxyPreserveHost on
Header always set Strict-Transport-Security "max-age=63072000;"
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLUseStapling on
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLCertificateFile /etc/letsencrypt/live/cloud.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/cloud.example.com/chain.pem
SSLOpenSSLConfCmd DHParameters /etc/nginx/ssl/dhparam.pem
<Directory /var/www/cloud.example.com/>
Require all granted
Options FollowSymlinks MultiViews
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/cloud.example.com
SetEnv HTTP_HOME /var/www/cloud.example.com
Satisfy Any
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php/php8.2-fpm.sock|fcgi://localhost"
</FilesMatch>
# Ths is needed by SIP Trip Phone
<Directory /var/www/cloud.example.com/apps/sip_trip_phone/phone/>
DirectoryIndex index.php
RewriteBase /phone
</Directory>
# Ths is also needed by SIP Trip Phone
<Location /var/www/cloud.example.com/apps/sip_trip_phone/lib/>
# If SIP Trip Phone is connected directly to Telnyx,
# the following 2 lines should be replaced with:
# ProxyPass http://sip.telnyx.com:7443
# ProxyPassReverse http://sip.telnyx.com:7443
ProxyPass http://0.0.0.0:8088/ws/
ProxyPassReverse http://0.0.0.0:8088/ws/
Order allow,deny
Allow from all
RequestHeader set X-Real-IP $remote_addr
RequestHeader set Host $http_host
RequestHeader set X-Forwarded-For $proxy_add_x_forwarded_for
RequestHeader set Upgrade $http_upgrade
RequestHeader set Connection "upgrade"
</Location>
LogLevel warn
ErrorLog /var/log/sites/cloud.example.com/error.log
CustomLog /var/log/sites/cloud.example.com/access.log combined
</VirtualHost>
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)Replace example.com with your domain. If you use SSL certificates different from the ones from Let’s Encrypt, you should adjust the paths to the corresponding certificate files accordingly. This example assumes that your subdomain is ‘cloud’ but obviously, you can change that to anything you prefer. Therefore, the host can be mycloud.example.com, nc.example.com, etc. If your PHP version is different from 8.2, change the version number accordingly on the SetHandler line from above.
Please note that if you connect SIP Trip Phone to the SIP provider via Asterisk, inside the <Location /var/www/cloud.example.com/apps/sip_trip_phone/lib/> block, the ProxyPass and ProxyPassReverse parameters should look as shown above:
ProxyPass http://0.0.0.0:8088/ws/
ProxyPassReverse http://0.0.0.0:8088/ws/However, if you connect SIP Trip Phone directly to Telnyx, the two parameters should look like this:
ProxyPass http://sip.telnyx.com:7443
ProxyPassReverse http://sip.telnyx.com:7443where http://sip.telnyx.com:7443 is the URL and port provided by Telnyx for direct WebRTC connections.
Create the directory to store the access log and the error log:
mkdir -p /var/log/sites/cloud.example.comEnable the newly created configuration file:
a2ensite nextcloud-on-subdomain.confThis command will place a symbolic link to /etc/apache2/sites-available/nextcloud-on-subdomain.conf in the /etc/apache2/sites-enabled directory. You should check that the /etc/apache2/sites-enabled directory contains only the symbolic link nextcloud-on-subdomain.conf and nothing else.
Enable the necessary Apache modules:
a2enmod rewrite headers env dir mime setenvif ssl proxy proxy_fcgiNext, open the Nextcloud configuration file:
nano /var/www/cloud.example.com/config/config.phpEnable pretty URLs (remove the index.php part from all Nextcloud URLs) by adding/editing the following lines below the version line:
'overwrite.cli.url' => 'https://cloud.example.com',
'htaccess.RewriteBase' => '/',Update the .htaccess file by running the following occ command:
sudo -u www-data php /var/www/cloud.example.com/occ maintenance:update:htaccessRestart Apache:
systemctl restart apache2Configure logrotate to rotate the newly created log files:
nano /etc/logrotate.d/apache2Add the following block at the bottom of the file:
/var/log/sites/cloud.example.com/access.log /var/log/sites/cloud.example.com/error.log {
missingok
rotate 10
compress
delaycompress
notifempty
create 0640 www-data adm
size 2M
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then
run-parts /etc/logrotate.d/httpd-prerotate
fi
endscript
postrotate
if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
invoke-rc.d apache2 reload 2>&1 | logger -t apache2.logrotate
fi
endscript
}
Replace example.com with your domain.
2. Configure Apache to serve Nextcloud on a subdirectory
In this example the Nextcloud root directory is /var/www/nextcloud. This means that all Nextcloud files are stored in /var/www/nextcloud. To serve Nextcloud on the subdirectory example.com/nextcloud, so that the login page can be accessed by navigating to https://example.com/nextcloud, first create the configuration file for Nextcloud:
nano /etc/apache2/sites-available/nextcloud-on-subdirectory.confAdd the following content inside this file:
Alias /nextcloud "/var/www/nextcloud/"
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/nextcloud
ServerName example.com
Protocols h2 http/1.1
ProxyRequests off
SSLProxyEngine on
ProxyPreserveHost on
Header always set Strict-Transport-Security "max-age=63072000;"
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLUseStapling on
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLOpenSSLConfCmd DHParameters /etc/nginx/ssl/dhparam.pem
<Directory /var/www/nextcloud/>
Require all granted
Options FollowSymlinks MultiViews
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
Satisfy Any
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php/php8.2-fpm.sock|fcgi://localhost"
</FilesMatch>
# Ths is needed by SIP Trip Phone
<Directory /var/www/nextcloud/apps/sip_trip_phone/phone/>
DirectoryIndex index.php
RewriteBase /phone
</Directory>
# Ths is also needed by SIP Trip Phone
<Location /var/www/nextcloud/apps/sip_trip_phone/lib/>
# If SIP Trip Phone is connected directly to Telnyx,
# the following 2 lines should be replaced with:
# ProxyPass http://sip.telnyx.com:7443
# ProxyPassReverse http://sip.telnyx.com:7443
ProxyPass http://0.0.0.0:8088/ws/
ProxyPassReverse http://0.0.0.0:8088/ws/
Order allow,deny
Allow from all
RequestHeader set X-Real-IP $remote_addr
RequestHeader set Host $http_host
RequestHeader set X-Forwarded-For $proxy_add_x_forwarded_for
RequestHeader set Upgrade $http_upgrade
RequestHeader set Connection "upgrade"
</Location>
LogLevel warn
ErrorLog /var/log/sites/example.com/error.log
CustomLog /var/log/sites/example.com/access.log combined
</VirtualHost>
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)Replace example.com with your domain. (Instead of example.com you can use www.example.com in a similar way. In that case the redirections should be changed accordingly.) If you use SSL certificates different from the ones from Let’s Encrypt, you should adjust the paths to the corresponding certificate files accordingly. If your PHP version is different from 8.2, change the version number accordingly on the SetHandler line from above.
Please note that if you connect SIP Trip Phone to the SIP provider via Asterisk, inside the <Location /var/www/nextcloud/apps/sip_trip_phone/lib/> block, the ProxyPass and ProxyPassReverse parameters show look as shown above:
ProxyPass http://0.0.0.0:8088/ws/
ProxyPassReverse http://0.0.0.0:8088/ws/However, if you connect SIP Trip Phone directly to Telnyx, the two parameters should look like this:
ProxyPass http://sip.telnyx.com:7443
ProxyPassReverse http://sip.telnyx.com:7443where http://sip.telnyx.com:7443 is the URL and port provided by Telnyx for direct WebRTC connections.
Create the directory to store the access log and the error log:
mkdir -p /var/log/sites/example.comEnable the newly created configuration file:
a2ensite nextcloud-on-subdirectory.confEnable the necessary Apache modules:
a2enmod rewrite headers env dir mime setenvif ssl proxy proxy_fcgiNext, open the Nextcloud configuration file:
nano /var/www/nextcloud/config/config.phpEnable pretty URLs (remove the index.php part from all Nextcloud URLs) by adding/editing the following lines below the version line:
'overwrite.cli.url' => 'https://example.com/nextcloud',
'htaccess.RewriteBase' => '/nextcloud',Update the .htaccess file by running the following occ command:
sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccessRestart Apache:
systemctl restart apache2Configure logrotate to rotate the newly created log files:
nano /etc/logrotate.d/apache2Add the following block at the bottom of the file:
/var/log/sites/example.com/access.log /var/log/sites/example.com/error.log {
missingok
rotate 10
compress
delaycompress
notifempty
create 0640 www-data adm
size 2M
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then
run-parts /etc/logrotate.d/httpd-prerotate
fi
endscript
postrotate
if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
invoke-rc.d apache2 reload 2>&1 | logger -t apache2.logrotate
fi
endscript
}
Replace example.com with your domain.
