Create an SSL certificate

There are two options [1] here: to create a self-signed certificate o to obtain a Let’s Encrypt certificate. Both options are documented in other articles, so choose either of them and let’s go.

I will assume you have a valid SSL certificate for example.com henceforth.

[1] There is another option: to pay for a ‘cheap’ certificate. But I encourage you to use Let’s Encrypt before going that way.

Check WebDAV support

_$: nginx -V  2>&1 >/dev/null | grep "with-http_dav_module"

Configure nginx

Let’s start with a very basic configuration

/etc/nginx/sites-available/nextcloud.example.com:
-------------------------------------------------
# HTTP: Redirect to HTTPS
server {
    server_name nextcloud.example.com;
    listen 80;
    return 301 https://$server_name$request_uri;
}

# HTTPS
server {
    server_name nextcloud.example.com;
    listen 443 ssl http2;

    ssl_certificate     /etc/nginx/ssl/example.pem;
    ssl_certificate_key /etc/nginx/ssl/example.key;

    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    # Logs
    include conf.d/nextcloud-example-com/logs;

    # Path to the root of your installation
    root /var/www/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    #location / {
    #   rewrite ^ /index.php$uri;
    #}

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
       include fastcgi_params;
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;

       # Avoid sending the security headers twice
       fastcgi_param modHeadersAvailable true;

       fastcgi_param front_controller_active true;
       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
       fastcgi_intercept_errors on;
       fastcgi_request_buffering off;
    }
}

Test the configuration and reload nginx:

_$: nginx -t && systemctl reload nginx.service

Now create two files: index.html and index.php in /var/www/nextcloud.

/var/www/nextcloud/index.html:
------------------------------
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nextcloud on Ubuntu!</title>
</head>
<body>
<h1>Welcome to nextcloud on Ubuntu!</h1>
<p>If you see this page, the nextcloud is on its way.</p>
</body>
</html>

/var/www/nextcloud/index.php:
-----------------------------
<?php echo("PHP looks good!"); ?>

And make sure that both of them are working: