Guide to Nextcloud

Requirements

Short version

For 50 users:

  • 4 CPUs

  • 8 GB RAM

  • As much disk space as the users’ files plus 30 GB.

But please read also the long version.

Long version

In GRNET, where Nextcloud is being used, as of 2026, by about 50 users, we have it installed on VMs with very slow disks, which are the bottleneck. In order to work around this, we’ve put MySQL on a separate VM, and that latter VM has two disks: one for the redo logs and one for the data files. Thus we effectively use three disks in parallel. However on a server with modern disks (let alone one with SSD), it is unlikely this will be necessary.

Our Nextcloud server has 16 CPUs and 32 GB RAM, however the CPUs are mostly idle, and there are 20 GB RAM free and 9 GB used for buffers and cache. On our MySQL server it’s hard to talk about RAM because MySQL always consumes the entire available RAM, however its 8 CPUs are mostly idle. Our feeling from what we see is that if the disk was faster, a single server as described in the short version above would suffice.

However the machine load also depends on what these 50 users are doing, and every organization is different. In GRNET about half are developers/devops who use Nextcloud very little. For your organization we don’t know, but it’s likely you won’t know either before you see the system in action.

Regarding disk space, we see that the installed system and the MySQL data are slightly over 10 GB, but MySQL grows slowly. Therefore the 30 GB that we propose is approximately twice as much as is needed and will result in about 50% usage, not including users’ files.

Usage

The collection has an examples directory. Use it like this:

  1. Ensure you have a valid domain name on which to install Nextcloud (it’s hard to use an invalid domain name because certbot will not work properly).

  2. Ensure the collection is installed as explained in the “Installation” section above.

  3. Copy examples/nextcloud-deploy elsewhere and go there to make changes.

  4. Find all instances of example.com and modify them as needed.

  5. Run the playbook: ansible-playbook site.yml.

For more information, check the role reference.

FAQ

The mysql Ansible module is missing

Ansible versions older than 2.10 are not supported by Ansible. Please upgrade Ansible to a supported version.

An error occurs while executing the reboot task

This occurs when the target machine is localhost, that is, when the Ansible controller is the same machine as the Nextcloud server. This is not supported.

Why ferm?

Short answer: It’s simpler and better.

Longer answer: iptables is hard to use and many users prefer ufw. While it is often sufficient, ufw is too simple. It can work well for years but at some point you will need something it doesn’t do. For example, you may want to deny access to a given IP address; this rule must be among the first checked, and with ufw it’s hard to define the order of rules (at least with Ansible).

With ferm, all firewall configuration is in files in /etc/ferm. Entering service ferm reload replaces all iptables with those specified in /etc/ferm. service ferm stop deactivates the firewall. The syntax of these files is simple and intuitive, resulting in ferm being easier, although this also depends on your experience.

ferm is also preferred by others, such as the debops project.

For more information on how we use ferm with Ansible, read the Firewall section of the “common” role.