I create a basic installation of Centos 8 stream from iso: CentOS-Stream-8-x86_64-20191219-boot.iso
During installation I choose minimal applications and standard utilities. Please, enable, network time and set lvm for virtio disk. I set password for root and create a new user, which have root privileges.
After instalation, I create and LVM encrypted partition, to store encrypted data of nextcloud on it. I will not use nextcloud data encryption. Command below creates encrypted disk. We must enter a passphrase twice
cryptsetup -y -v luksFormat /dev/vdb
Now, we open this partition and look at status:
cryptsetup luksOpen /dev/vdb vdb_crypt cryptsetup -v status vdb_crypt /dev/mapper/vdb_crypt is active. type: LUKS2 cipher: aes-xts-plain64 keysize: 512 bits key location: keyring device: /dev/vdb sector size: 512 offset: 32768 sectors size: 209682432 sectors mode: read/write Command successful.
Now, I write 4GB zeros to this device to see, if everything is OK. It is possible, to full-up tho whole device, but it can take a long time. But the true reason is, that this will allocate block data with zeros. This ensures that outside world will see this as random data i.e. it protect against disclosure of usage patterns.
dd if=/dev/zero of=/dev/mapper/vdb_crypt bs=4M count=1000 4194304000 bytes (4.2 GB, 3.9 GiB) copied, 130.273 s, 32.2 MB/s
Now try close and open this encrypted device. And then, I create an lvm above the luks encrypted disk:
cryptsetup luksClose vdb_crypt cryptsetup luksOpen /dev/vdb vdb_crypt cryptsetup -v status vdb_crypt pvcreate /dev/mapper/vdb_crypt vgcreate nextcloud /dev/mapper/vdb_crypt lvcreate -n data -L+30G nextcloud mkdir /mnt/test mkfs.xfs /dev/mapper/nextcloud-data mount /dev/mapper/nextcloud-data /mnt/test/ touch /mnt/test/hello ll /mnt/test/hello umount /mnt/test/
Installing nextcloud and prerequisites
And now, we can start with preparing our Centos for nextcloud
At first, update system. Via dnf (DNF is the next upcoming major version of YUM, a package manager for RPM-based Linux distributions. It roughly maintains CLI compatibility with YUM and defines a strict API for extensions and plugins.)
dnf update -y
Next, we install and create empty database for our nextcloud. Then we start it and enable for autostart after boot.
If you wish, you can skip installations of MariaDB and you can use built-in SQLite. Then you can continue with installing apache web server.
dnf -y install mariadb-server ... systemctl start mariadb systemctl enable mariadb
Now, we run post installation script to finish setting up mariaDB server:
mysql_secure_installation Set root password? [Y/n] y Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] y Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y
Now, we can create a database for nextcloud.
mysql -u root -p ... CREATE DATABASE nextcloud; GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost' IDENTIFIED BY 'YOURPASSWORD'; FLUSH PRIVILEGES; exit;
Now, we install Apache web server, and we start it and enable for autostart after boot:
dnf install httpd -y systemctl start httpd.service systemctl enable httpd.service
And set up firewall fow port http/80 and ssh/20 only:
systemctl status httpd firewall-cmd --list-all firewall-cmd --zone=public --permanent --remove-service=dhcpv6-client firewall-cmd --zone=public --permanent --add-service=http firewall-cmd --reload
Now point your browser to this server and look, if you see a Apache test page.
Now we can install php. Nextcloud (at this time is version 18.0.1) and support PHP (7.1, 7.2 or 7.3). So I use remi repositories and install php 7.3:
dnf -y install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm dnf module list php dnf module reset php dnf module enable php:remi-7.3 dnf info php dnf install php php-gd php-mbstring php-intl php-pecl-apcu php-mysqlnd php-pecl-imagick.x86_64 php-ldap php-pecl-zip.x86_64 php-process.x86_64 php -v php --ini |grep Loaded sed -i "s/post_max_size = 8M/post_max_size = 500M/" /etc/php.ini sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 500M/" /etc/php.ini sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php.ini systemctl start php-fpm.service systemctl enable php-fpm.service
And now, we can install nextcloud:
mkdir -p /var/www/html/nextcloud/data
cd /var/www/html/nextcloud/
mount /dev/mapper/nextcloud-data /var/www/html/nextcloud/data/
wget https://download.nextcloud.com/server/releases/nextcloud-18.0.1.zip
unzip nextcloud-18.0.1.zip
rm nextcloud-18.0.1.zip
mv nextcloud/* .
mv nextcloud/.htaccess .
mv nextcloud/.user.ini .
rmdir nextcloud/
mkdir /var/www/html/nextcloud/data
chown -R apache:apache /var/www/html/nextcloud/
find /var/www/html/nextcloud/ -type d -exec chmod 750 {} \;
find /var/www/html/nextcloud/ -type f -exec chmod 640 {} \;
Now create configuration file for nextcloud in httpd:
vim /etc/httpd/conf.d/nextcloud.conf
<VirtualHost *:80>
DocumentRoot /var/www/html/nextcloud/
ServerName your.server.com
<Directory /var/www/html/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
</VirtualHost>apachectl graceful
Refer to nextcloud admin manual, you can run into permissions problems. Run these commands as root to adjust permissions:
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini' restorecon -Rv '/var/www/html/nextcloud/'
If you see error “-bash: semanage: command not found”, install packages:
dnf provides /usr/sbin/semanage dnf install policycoreutils-python-utils-2.9-3.el8_1.1.noarch
Now, we can check via built-in php scripts, in what state we are:
cd /var/www/html/nextcloud/ sudo -u apache php occ -h sudo -u apache php occ -V sudo -u apache php occ status
And finally, we can access our nextcloud and set up administrators password via our web: http://you-ip/
If you see default httpd welcome page, disable all lines in: /etc/httpd/conf.d/welcome.conf
Now you must complete the installation via web interface. Set Administrator’s password and locate to MariaDB with used credentials:
Database user: nextclouduser Database password: YOURPASSWORD Database name: nextcloud host: localhost
In settings of nextcloud, go to section Administration > Overview. You can see some problems. If so, try to fix it. I had three problems. No apcu memory cache configured. So add at nextcloud config.php:
'memcache.local' => '\OC\Memcache\APCu',
Then I must edit som php variables, to set properly opcache: edit and adjust:
vim /etc/php.d/10-opcache.ini
Then I must edit httpd setting, because .htaccess wont working. So change apache config:
vim /etc/httpd/conf/httpd.conf section: Directory "/var/www/html" AllowOverride None change to: AllowOverride All
And gracefuly restart apache:
apachectl graceful
Next, I find out, that my nextcloud instance cannot connect to internet and checks for update. I think, that this is on selinux (enforcing mode). So run check and find out, what is happening:
sealert -a /var/log/audit/audit.log
And the result:
SELinux is preventing /usr/sbin/php-fpm from name_connect access on the tcp_socket port 80 Additional Information: Source Context system_u:system_r:httpd_t:s0 Source Path /usr/sbin/php-fpm Port 80 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing --------- If you believe that php-fpm should be allowed name_connect access on the port 80 tcp_socket by default. If you want to allow httpd to can network connect Then you must tell SELinux about this by enabling the 'httpd_can_network_connect' boolean.
So I allow httpd to can network connect via:
setsebool -P httpd_can_network_connect 1
And that is complete. If you wont secure http (https), try to find out another post on this page.
Have fun