At first, please update your centos. Every command I use, is used as root 😉
yum -y update
Installing database server MariaDB
Next, we install and create empty database for our nextcloud. Then we start it and enable for autostart after boot.
If you wish, you can skip installations of MariaDB and you can use built-in SQLite. Then you can continue with installing apache web server.
yum -y install mariadb mariadb-server ... systemctl start mariadb systemctl enable mariadb
Now, we run post installation script to finish setting up mariaDB server:
mysql_secure_installation ... Enter current password for root (enter for none): ENTER Set root password? [Y/n] Y Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
Now, we can create a database for nextcloud.
mysql -u root -p ... CREATE DATABASE nextcloud; GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost' IDENTIFIED BY 'YOURPASSWORD'; FLUSH PRIVILEGES; exit;
Installing Apache Web Server with ssl (letsencrypt)
Now, we install Apache web server, and we start it and enable for autostart after boot:
yum install httpd -y systemctl start httpd.service systemctl enable httpd.service
Now, we install ssl for apache and allow https service for firewall:
yum -y install epel-release
yum -y install httpd mod_ssl
...
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --reload
systemctl restart httpd.service
systemctl status httpdNow we can access our server via https://out.server.sk
If we want signed certificate from letsencrypt, we can do it with next commands. Certboot will ask some questions, so answer them.
yum -y install python-certbot-apache
certbot --apache -d example.comIf we are good, we can see:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem.
...
And we can test our page with this:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest
Install PHP 7
As creators of nextcloud recommends at minimal PHP 5.4, I use php 7.
PHP 5.4 has been end-of-life since September 2015 and is no longer supported by the PHP team. RHEL 7 still ships with PHP 5.4, and Red Hat supports it. Nextcloud also supports PHP 5.4, so upgrading is not required. However, it is highly recommended to upgrade to PHP 5.5+ for best security and performance.
Now we must add some additional repositories:
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
And we can install php 7.2:
yum install mod_php72w.x86_64 php72w-common.x86_64 php72w-gd.x86_64 php72w-intl.x86_64 php72w-mysql.x86_64 php72w-xml.x86_64 php72w-mbstring.x86_64 php72w-cli.x86_64 php72w-process.x86_64
Check in:
php --ini |grep Loaded Loaded Configuration File: /etc/php.ini php -v PHP 7.2.22 (cli) (built: Sep 11 2019 18:11:52) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
In my case, I will use nextcloud as my backup device, so I increase the default upload limit to 200MB.
sed -i "s/post_max_size = 8M/post_max_size = 200M/" /etc/php.ini sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 200M/" /etc/php.ini sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php.ini
Restart web server:
systemctl restart httpd
Installing Nextcloud
At first, I install wget tool for download and unzip:
yum -y install wget unzip
Now we can download nextcloud (at this time the latest version is 16.0.4). And extract it from archive to final destination. Then we change ownership of this directory:
wget https://download.nextcloud.com/server/releases/nextcloud-16.0.4.zip ... unzip nextcloud-16.0.4.zip -d /var/www/html/ ... chown -R apache:apache /var/www/html/nextcloud/
Check, if you have enabled SELinux by command sestatus:
sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31
Refer to nextcloud admin manual, you can run into permissions problems. Run these commands as root to adjust permissions:
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini' restorecon -Rv '/var/www/html/nextcloud/'
If you see error “-bash: semanage: command not found”, install packages:
yum provides /usr/sbin/semanage
yum install policycoreutils-python-2.5-33.el7.x86_64
And finally, we can access our nextcloud and set up administrators password via our web: https://you-ip/nextcloud
Now you must complete the installation via web interface. Set Administrator’s password and locate to MariaDB with used credentials:
Database user: nextclouduser Database password: YOURPASSWORD Database name: nextcloud host: localhost
In my case, I must create a DATA folder under out nextcloud and set permissions:
mkdir /var/www/html/nextcloud/data chown apache:apache /var/www/html/nextcloud/data -R semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?' restorecon -Rv '/var/www/html/nextcloud/'
For easier access, I created a permanent redirect for my IP/domain Nextcloud root folder. This redirect allow you to open page
https://your-ip
and redirect you to:
https://your-ip/nextcloud
You must edit httpd.conf file and add this line into directory /var/www/html:
vim /etc/httpd/conf/httpd.conf ... RedirectMatch ^/$ https://your-ip/nextcloud ... systemctl restart httpd.service
If we see an error like “Your data directory and files are probably accessible from the Internet. The .htaccess file is not working. ” try edit and change variable
vim /etc/httpd/conf/httpd.conf
....
<Directory "/var/www/html">
AllowOverride All
Require all granted
Options Indexes FollowSymLinks
</Directory>
Enable updates via the web interface
To enable updates via the web interface, you may need this to enable writing to the directories:
setsebool httpd_unified on
When the update is completed, disable write access:
setsebool -P httpd_unified off
Disallow write access to the whole web directory
For security reasons it’s suggested to disable write access to all folders in /var/www/ (default):
setsebool -P httpd_unified off
A way to enable enhanced security with own configuration file
vim /etc/httpd/conf.d/owncloud.conf
...
Alias /nextcloud "/var/www/html/nextcloud/"
<Directory /var/www/html/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>