Lesson 1Sizing CPU, RAM, and storage for 25 users and 2 TB first-year growth with headroomDetermine CPU, RAM, and storage needs for about 25 users with 2 TB expected growth in the first year. Learn to size for peak load, add headroom for bursts, and plan expansion without disrupting existing Nextcloud services.
Estimating concurrent users and workload patternsCPU core counts and virtualization overheadRAM sizing for PHP, database, and cacheStorage capacity, growth, and safety marginsLesson 2Remote access options: VPN vs direct HTTPS, pros/cons, and access control implicationsEvaluate remote access options for users connecting to Nextcloud. Compare VPN-based access with direct HTTPS exposure, and understand authentication, access control, and logging implications for each approach.
User access patterns and threat modelingSite‑to‑site and client VPN design optionsDirect HTTPS exposure and hardeningAccess control, SSO, and audit loggingLesson 3Database selection: MariaDB/MySQL vs PostgreSQL — pros, tuning, and version recommendationsChoose between MariaDB/MySQL and PostgreSQL for Nextcloud. Review pros and cons, recommended versions, and basic tuning for connections, buffers, and storage engines to achieve stable, predictable performance at small scale.
MariaDB/MySQL vs PostgreSQL feature overviewVersion support and compatibility guidanceCore tuning: connections, buffers, cachesBackup, restore, and maintenance routinesLesson 4PHP version selection and required PHP modules; version lifecycle and compatibility with Nextcloud releasesChoose a supported PHP version and required modules for Nextcloud. Understand lifecycle timelines, compatibility with releases, and how to configure PHP-FPM settings for performance, stability, and secure operation.
Supported PHP versions for Nextcloud releasesRequired and recommended PHP extensionsPHP‑FPM pools, limits, and performanceTracking PHP lifecycle and security updatesLesson 5High-availability and scaling considerations for future growth and optional storage expansion strategiesPlan for high availability and future scaling of your Nextcloud environment. Explore vertical vs horizontal scaling, clustering options, and storage expansion strategies so you can grow capacity without major redesigns.
Vertical vs horizontal scaling trade‑offsLoad balancers and application clusteringScaling database and cache componentsExpanding storage pools and migration pathsLesson 6Network design: DNS naming conventions, internal vs external records, split-horizon DNSDesign a DNS layout that cleanly separates internal and external views for Nextcloud. Learn naming conventions, split-horizon DNS, and how to avoid conflicts, leaks, and certificate issues when exposing services securely.
Choosing consistent DNS names and subdomainsInternal vs external DNS zones and recordsImplementing split‑horizon DNS safelyDNS considerations for TLS and certificatesLesson 7Ports and firewall planning: required ports, NAT, and secure exposure of servicesPlan firewall rules and port exposure for a secure Nextcloud deployment. Identify required ports, design NAT and port forwarding, and decide how to publish web, database, and admin interfaces while minimising attack surface.
Required ports for HTTP, HTTPS, and adminDesigning firewall rules and default policiesNAT, port forwarding, and DMZ placementRestricting admin and database network accessLesson 8Choosing web server: Apache vs Nginx configuration differences and performance/compatibility with NextcloudDecide between Apache and Nginx as the web server for Nextcloud. Compare configuration models, performance, and compatibility, and learn how to enable HTTPS, caching, and important security headers on each platform.
Apache vs Nginx architecture differencesNextcloud rewrite rules and pretty URLsTLS, HTTP/2, and compression settingsCaching, headers, and security hardeningLesson 9Selecting a Linux distribution: Debian, Ubuntu LTS, CentOS/Rocky — stability and support rationaleSelect a Linux distribution that offers stability and long-term support for Nextcloud. Compare Debian, Ubuntu LTS, and Rocky-like platforms in terms of lifecycle, package versions, ecosystem, and security update practices.
Debian: stability, packages, and ecosystemUbuntu LTS: cadence and vendor supportRocky‑style RHEL clones: pros and limitsKernel, PHP, and database version impactsLesson 10Choosing storage types: HDD, SATA SSD, NVMe, RAID levels, and file system considerationsSelect storage hardware and layout for performance and reliability. Compare HDD, SATA SSD, and NVMe, choose RAID levels, and evaluate file systems to balance cost, speed, and resilience for Nextcloud data and database workloads.
Workload patterns for Nextcloud file storageComparing HDD, SATA SSD, and NVMe optionsRAID levels for redundancy and performanceChoosing file systems and mount optionsLesson 11HTTPS and TLS architecture overview: reverse proxies, SSL termination, and certificate choices (Let’s Encrypt vs commercial)Design HTTPS and TLS architecture for your Nextcloud stack. Learn how reverse proxies and SSL termination work, when to use Let’s Encrypt or commercial certificates, and how to manage renewals and secure ciphers.
End‑to‑end TLS vs TLS termination choicesReverse proxy roles and common topologiesLet’s Encrypt automation and ACME clientsWhen to consider commercial certificatesLesson 12Assessing on-premise vs hosted VM trade-offs for privacy, performance, and costCompare on-premise hardware with hosted virtual machines for a Nextcloud deployment. Evaluate privacy, compliance, performance, cost, and operational effort to choose a platform that fits your organisation’s risk profile and budget.
Data residency, compliance, and legal controlLatency, throughput, and user experience impactCapEx vs OpEx and total cost of ownershipOperational effort, skills, and support needs
