Store Production Installation

There are two ways to install the store, both are mutually exclusive (means: don’t mix and match). If you are looking for a development setup, proceed to Store Development Installation, otherwise continue.


This guide will use Ubuntu 16.04, Apache and PostgreSQL to set up the app store. You can of course also use different distributions and web-servers, however we will not be able to support you.

Installing Packages

First you want to switch your machine to an up to date Node.js version and install Yarn:

curl -sS | sudo apt-key add -
echo "deb xenial main" | sudo tee /etc/apt/sources.list.d/nodesource.list
echo "deb-src xenial main" | sudo tee -a /etc/apt/sources.list.d/nodesource.list

curl -sS | sudo apt-key add -
echo "deb stable main" | sudo tee /etc/apt/sources.list.d/yarn.list

Then install the following libraries:

sudo apt-get update
sudo apt-get install python3-venv python3-wheel libxslt-dev libxml2-dev libz-dev libpq-dev build-essential python3-dev python3-setuptools git gettext libssl-dev libffi-dev nodejs yarn

Database Setup

Then install the database:

sudo apt-get install postgresql

configure it:

echo "listen_address = ''" | sudo tee -a /etc/postgresql/9.5/main/pg_ident.conf
sudo systemctl restart postgresql.service

and create a user and database:

sudo -s
su - postgres
CREATE USER nextcloudappstore WITH PASSWORD 'password';
CREATE DATABASE nextcloudappstore OWNER nextcloudappstore;


Use your own password instead of the password example!

App Store Setup

Before you begin to set up the App Store, make sure that your locales are set up correctly. You can fix your locales by running:

export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
sudo dpkg-reconfigure locales

Afterwards change into your preferred target folder, clone the repository using git and change into it:

cd /path/to/target
git clone
cd appstore

Afterwards set up a new virtual environment by running the following command:

python3 -m venv venv

This will create a local virtual environment in the venv folder. You only need to do this once in the beginning.

Then activate it:

source venv/bin/activate


The above command changes your shell settings for the current session only, so once you launch a new terminal you need to run the command again to register all the paths.


Keep in mind that you need to have the virtual environment activated for all the following commands

Installing Required Libraries

Next install the required libraries:

pip install --upgrade wheel
pip install --upgrade pip
pip install -r requirements/base.txt
pip install -r requirements/production.txt

Adjusting Default Settings

To get your instance running in production you need to create your production settings file in nextcloudappstore/settings/ which overwrites and enhances the settings defined in nextcloudappstore/settings/ The production settings file is excluded from version control and should contain at least something like the following:

from nextcloudappstore.settings.base import *

# DEBUG must be false to not leak sensitive content
DEBUG = False

# generate the SECRET_KEY by yourself for instance by using the following command:
# env LC_CTYPE=C tr -dc "a-zA-Z0-9-_\$\?" < /dev/urandom | head -c 64; echo
SECRET_KEY = 'change this!'


# E-Mail settings which are used to send mails (e.g. confirm account messages)
# for more configuration options consult the Django documentation
ADMINS = [('Your Name', '')]
EMAIL_HOST = 'localhost'

# postgres or other db if needed if anything other than sqlite is used
# you need to create the database, user and password first
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': 'nextcloudappstore',
        'USER': 'nextcloudappstore',
        'PASSWORD': 'password',
        'HOST': '',
        'PORT': '5432',

# The following lines are HTTPS only!
CSP_IMG_SRC = ('https:',)

# Path to where your static content lies (e.g. CSS, JavaScript and images)
# This should point to a directory served by your web-server
STATIC_ROOT = '/var/www/'

# Url for serving content uploaded by users, ideally different domain

# Path to where user uploaded content lies, should point to a directory
# served by your web-server
MEDIA_ROOT = '/var/www/'

# Public and private keys for Googles recaptcha

LOGGING['handlers']['file']['filename'] = LOG_FILE
LOGGING['handlers']['file']['level'] = LOG_LEVEL
LOGGING['loggers']['django']['level'] = LOG_LEVEL

# Discourse user that is allowed to create categories. This will be used
# to automatically create categories when registering apps

# Overridable Defaults: #

# Url for serving non user uploaded files like CSS, JavaScript and images
# STATIC_URL = '/static/'

# Url or domain for serving user uploaded files
# MEDIA_URL = '/media/'

# how many times a user is allowed to call the app upload route per day
# REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['app_upload'] = '100/day'
# how many times a user is allowed to call the app register route per day
# REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['app_register'] = '100/day'

# Only set this parameter if you want to use a different tmp directory for app downloads
# RELEASE_DOWNLOAD_ROOT = '/other/tmp'

# Only set if you want a different log location than the one in the main directory
# Make sure that this appears above the first use
# LOG_FILE = '/path/to/appstore/appstore.log'

# minimum number of comments to calculate a rating

# number of days to include from today in the recent ratings calculation

# MAX_DOWNLOAD_FILE_SIZE = 1024 ** 2  # bytes
# MAX_DOWNLOAD_TIMEOUT = 60  # seconds
# MAX_DOWNLOAD_SIZE = 20 * (1024 ** 2)  # bytes
#     'No .git directories': r'\.git$'
# }


# If given a sub category will be created at this location
# If not given a root category will be created
# You can get the category id here at the /categories.json route, e.g.

Then set the file as the active settings file:

export DJANGO_SETTINGS_MODULE=nextcloudappstore.settings.production


Absolutely make sure to generate a new SECRET_KEY value! Use the following command for instance to generate a token:

env LC_CTYPE=C tr -dc "a-zA-Z0-9-_\$\?" < /dev/urandom | head -c 64; echo

For more settings, check the settings documentation.

Creating the Database Schema

After all settings are adjusted, create the database schema by running the following command:

python migrate

Creating an Admin User

To create the initial admin user and verify his email, run the following command:

python createsuperuser --username admin --email
python verifyemail --username admin --email

The first command will ask for the password.

Loading Initial Data

To pre-populate the database with categories and other data run the following command:

python loaddata nextcloudappstore/core/fixtures/*.json

Initializing Translations

To import all translations run:

python compilemessages
python importdbtranslations

Building the Frontend

To build the frontend run:

yarn install
yarn run build

Placing Static Content

Django web apps usually ship static content such as JavaScript, CSS and images inside the project folder’s apps. In order for them to be served by your web server they need to be gathered and placed inside a folder accessible by your server. To do that first create the appropriate folders:

sudo mkdir -p /var/www/
sudo mkdir -p  /var/www/

Then copy the files into the folders by executing the following commands:

sudo chown -R $(whoami):users /var/www
python collectstatic
sudo chown -R www-data:www-data /var/www

This will place the contents inside the folder configured under the key STATIC_ROOT and MEDIA_ROOT inside your nextcloudappstore/settings/

Configuring the Web-Server

First install Apache and mod_wsgi:

sudo apt-get install apache2 libapache2-mod-wsgi-py3

Then adjust the config in /etc/apache2/sites-enabled/default.conf and add the following configuration to your VirtualHost section:

<VirtualHost *:80>

WSGIDaemonProcess apps python-home=/path/to/appstore/venv python-path=/path/to/appstore
WSGIProcessGroup apps
WSGIScriptAlias / /path/to/appstore/nextcloudappstore/
WSGIPassAuthorization On
Alias /static/ /var/www/
Alias /schema/apps/info.xsd /path/to/appstore/nextcloudappstore/api/v1/release/info.xsd
Alias /schema/apps/database.xsd /path/to/appstore/nextcloudappstore/api/v1/release/database.xsd

<Directory /path/to/appstore/nextcloudappstore>
        Require all granted

<Directory /path/to/appstore/nextcloudappstore/api/v1/release>
    <Files info.xsd>
        Require all granted
        Header always set X-Content-Type-Options nosniff
        Header always set X-XSS-Protection: 1; mode=block
    <Files database.xsd>
        Require all granted
        Header always set X-Content-Type-Options nosniff
        Header always set X-XSS-Protection: 1; mode=block

<Directory /var/www/>
    Require all granted
    AllowOverride None
    Header always set X-Content-Type-Options nosniff
    Header always set X-XSS-Protection: 1; mode=block

<Directory /var/www/>
    Require all granted
    AllowOverride None
    Header always set X-Content-Type-Options nosniff
    Header always set X-XSS-Protection: 1; mode=block



Your configuration will look different depending on where you place your static files and if you enable SSL. This is just a very minimal non HTTPS example.


It could be that you need to enable mod_headers. To do this simply run sudo a2enmod headers

Finally restart Apache:

sudo systemctl restart apache2


Depending on where you have configured the log file location, you need to give your web server access to it. By default the logfile is in the main directory which also contains the and README.rst.

First create the log file:

touch appstore.log


Then give your web server access to it:

sudo chown www-data:www-data appstore.log

Afterwards restart your web server:

sudo systemctl restart apache2

Configure Social Logins

Once the App Store is up and running social login needs to be configured. The App Store uses django-allauth for local and social login. In order to configure these logins, most providers require you to register your app beforehand.


GitHub is currently the only supported social login. In order to register the App Store, go to your application settings page and enter the following details:

Afterwards your client id and client secret are displayed. These need to be saved inside the database. To do that, either log into the admin interface, change your site’s domain and add GitHub as a new social application or run the following command:

python setupsocial --github-client-id "CLIENT_ID" --github-secret "SECRET" --domain


The above mentioned domains need to be changed if you want to run the App Store on a different server.


For local testing use localhost:8000 as domain name. Furthermore the confirmation mail will also be printed in your shell that was used to start the development server.

Sync Nextcloud Releases from GitHub

The App Store needs to know about Nextcloud versions because:

Before 3.2.0 releases were imported either manually or via the a shipped JSON file. This process proved to be very tedious. In 3.2.0 a command was introduced to sync releases (git tags) directly from GitHub.

The GitHub API now requires you to be authenticated so you need to obtain and configure a GitHub OAuth2 token before you run the sync command.

After obtaining the token from GitHub, add it anywhere in your settings file (nextcloudappstore/settings/, e.g.:

GITHUB_API_TOKEN = '4bab6b3dfeds8857371a48855dse87d38d4b7e65'

You can run the command by giving it the oldest supported Nextcloud version:

python syncnextcloudreleases --oldest-supported="12.0.0"

All existing versions prior to this release will be marked as not having a release, new versions will be imported and the latest version will be marked as current version.

You can also do a test run and see what kind of versions would be imported:

python syncnextcloudreleases --oldest-supported="12.0.0" --print

To automate syncing you might want to add the command as a cronjob and schedule it every hour.


Only one sync command should be run at a time, otherwise race conditions might cause unpredictable results. To ensure this use a proper cronjob daemon that supports running only one command at a time, for instance SystemD timers


If run the command outside of your virtual environment you need to prefix the full path to the desired Python executable, e.g.

venv/bin/python syncnextcloudreleases --oldest-supported="12.0.0"

Keeping Up To Date

Updating an instance is scripted in scripts/maintenance/ Depending on your distribution you will have to adjust the scripts contents.

For Ubuntu you can run the provided script:

git pull --rebase origin master
sudo chown -R $(whoami):users /var/www
bash scripts/maintenance/ apache
sudo chown -R www-data:www-data /var/www


The above commands assume that your static content is located in /var/www


By default monitoring the application via New Relic is supported by simply placing a file called newrelic.ini into the base folder (the folder that also contains the file).