How to Install Nextcloud with Nginx and PHP 7.3 on CentOS 8

How to Install Nextcloud with Nginx and PHP 7.3 on CentOS 8

All

Linux Articles / All 51 Views comments

Nextcloud is a free (open supply) dropbox-like software program, a forkĀ of the ownCloud undertaking. Nextcloud is written in PHP and JavaScript, it helps many database methods like MySQL/MariaDB, PostgreSQL, Oracle database and SQLite.

To maintain your information in sync between desktop and server, Nextcloud gives purposes for Home windows, Linux and Mac desktops and a cellular software for Android and iOS.

On this tutorial, we present you the right way to set up Nextcloud 17 with the Nginx net server, PHP 7.three and MariaDB database on a CentOS Eight server. We'll set up Nextcloud and safe it with a free Let's Encrypt SSL certificates.

Prerequisite

For this information, we'll set up Nextcloud on the CentOS Eight server with 2GB of RAM, 25GB of free area, and 2CPUs.

What we'll do:

  • Set up Nginx Net Server
  • Set up PHP-FPM 7.three
  • Configure PHP-FPM 7.three
  • Set up and Configure the MariaDB Database
  • Generate SSL Letsencrypt
  • Obtain Nextcloud 17
  • Setup Nginx Virtualhost for Nextcloud
  • Setup SELinux for Nextcloud
  • Nextcloud Publish-Set up

Step 1 - Set up Nginx

First, we'll set up the Nginx webserver to the CentOS Eight server and open the HTTP and HTTPS port on the firewalld.

Set up Nginx from the AppStream repository utilizing the dnf command under.

sudo dnf set up nginx

As soon as the set up is full, begin the nginx service and add it to the system boot.

systemctl begin nginx
systemctl allow nginx

Now verify the nginx service standing utilizing the command under.

systemctl standing nginx

You'll get the nginx service is up and operating on CentOS Eight server.

Start Nginx with systemd

Subsequent, we'll add the HTTP and HTTPS providers to the firewalld.

Add the HTTP and HTTPS providers to the firewalld utilizing the firewall-cmd command under.

firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent

After that, reload the firewalld providers.

firewall-cmd --reload

In consequence, you've got efficiently put in the Nginx net server and open the HTTP and HTTPS ports on the CentOS Eight server.

Configure the Firewall

Step 2 - Set up PHP-FPM

Based on the Nextcloud system requirement, it is advisable to make use of the PHP 7.2 or PHP 7.three for its set up.

For this information, we might be utilizing the PHP 7.three that may be put in from the REMI repository.

Earlier than going any additional, we'll allow the 'PowerTools' repository and add the EPEL and REMI repositories for CentOS Eight server.

Run the dnf command under.

sudo dnf config-manager --set-enabled PowerTools
sudo dnf set up epel-release
sudo dnf set up https://rpms.remirepo.internet/enterprise/remi-release-Eight.rpm

Now verify all out there repository on the system.

dnf repolist

And you'll get the end result as under.

Check DNF Repositories

You've got enabled the 'PowerTools' repository and added the EPEL and REMI repositories for CentOS Eight.

Subsequent, we'll allow the PHP 7.three REMI repository.

Verify all out there modules for PHP packages.

dnf module listing php

Now allow the module of PHP 7.three REMI repository.

dnf module allow php:remi-7.three

Add Remi repository in CentOS 8

After that, set up PHP and PHP-FPM 7.three packages for Nextcloud utilizing the dnf command under.

sudo dnf set up php-fpm php-cli php-devel php-gd php-mysqlnd php-pear php-xml php-mbstring php-pdo php-json php-pecl-apcu php-pecl-apcu-devel php-pecl-imagick-devel php-intl php-opcache php-zip

And you have put in PHP and PHP-FPM 7.three to the CentOS Eight system.

Step three - Configure PHP-FPM 7.three

On this step, we'll arrange the PHP-FPM for Nextcloud deployment.

Edit the 'php.ini' configuration utilizing the next command.

vim /and so forth/php.ini

Uncomment and alter the configuration as under.

memory_limit = 512M
date.timezone = Asia/Jakarta
cgi.fixpathinfo = zero

Save and shut.

Now edit the PHP opcache configuration '/and so on/php.d/10-opcache.ini'.

vim /and so forth/php.d/10-opcache.ini

Change the configuration as under.

opcache.allow=1
opcache.interned_strings_buffer=Eight
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

Save and shut.

Subsequent, edit the PHP-FPM configuration '/and so on/php-fpm.d/www.conf'.

vim /and so on/php-fpm.d/www.conf

Change the 'consumer' and 'group' to 'nginx'.

consumer = nginx
group = nginx

Change the 'pay attention' configuration to the sock file as under.

pay attention = /run/php-fpm/www.sock

Uncomment the PHP setting variable under.

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/native/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

Uncomment the opcache configuration on the final line.

php_value[opcache.file_cache] = /var/lib/php/opcache

Save and shut.

Now create a brand new listing for PHP session and opcache, then change the proprietor of these directories to 'nginx' consumer and group.

mkdir -p /var/lib/php/session,opcache
chown -R nginx:nginx /var/lib/php/session,opcache

And you have accomplished the PHP-FPM configuration for Nextcloud set up.

Begin the PHP-FPM service and add it to the system boot.

systemctl allow php-fpm
systemctl begin php-fpm

Configure PHP 7.3

Now examine the PHP-FPM sock file and the service standing.

netstat -pl | grep php
systemctl standing php-fpm

And you'll get the outcome as under.

Configure PHP-FPM

In consequence, the PHP-FPM up and operating underneath the sock file '/run/php-fpm/www.sock'.

Step four - Set up and Configure MariaDB

On this step, we'll set up the MariaDB database server, setup the basis password authentication, and create a brand new database and consumer for Nextcloud.

Set up the MariaDB database utilizing the dnf command under.

sudo dnf set up mariadb mariadb-server

As soon as the set up is full, begin the MariaDB service and add it to the system boot.

systemctl begin mariadb
systemctl allow mariadb

And the MariaDB service is up and operating.

Configure MariaDB

Subsequent, we'll arrange the basis password authentication utilizing the 'mysql_secure_installation' command under.

mysql_secure_installation

Sort your root password and sort 'Y' for the remaining configuration.

Set a root password? [Y/n] Y
Take away nameless customers? [Y/n] Y
Take away check database and entry to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

And the MariaDB root password has been configured.

Now log in to the MySQL shell utilizing the mysql command under.

mysql -u root -p
TYPE YOUR ROOT PASSWORD

Now create a brand new database 'nextcloud_db' and create a brand new consumer 'nextclouduser' with the password 'nextcloudpassdb' utilizing the queries under.

create database nextcloud_db;
create consumer [email protected] recognized by 'nextcloudpassdb';
grant all privileges on nextcloud_db.* to [email protected] recognized by 'nextcloudpassdb';
flush privileges;

And you have created the database and consumer for Nextcloud set up.

Set up the Nextcloud database

Step four - Generate SSL Letsencrypt

On this step, we'll generate the SSL letsencrypt utilizing the 'certbot'. The SSL certificates will probably be used to safe Nextcloud entry.

Set up certbot from the EPEL repository utilizing the dnf command under.

sudo dnf set up certbot

As soon as the set up is full, generate the SSL certificates for the Nextcloud area identify utilizing the command under and ensure to vary the area identify and e mail tackle with your personal.

certbot certonly --webroot --webroot-path /usr/share/nginx/html --agree-tos -m [email protected] -d cloud.hakase-labs.io

As soon as it is full, all generated SSL certificates are situated on the '/and so forth/letsencrypt/reside/cloud.hakase-labs.io' listing.

Examine it utilizing the next command.

ls -lah /and so on/letsencrypt/reside/cloud.hakase-labs.io/

And you have generated the SSL letsencrypt utilizing the certbot device.

Step 5 - Obtain and Set up Nextcloud

On this step, we'll obtain the newest model of Nextcloud 17.

Earlier than downloading the nextcloud supply code, set up the zip package deal to the system.

sudo dnf set up unzip

Now go to the '/var/www/' listing and obtain the Nextcloud supply code utilizing the wget command as under.

cd /var/www/
wget https://obtain.nextcloud.com/server/releases/nextcloud-17.zero.2.zip

Extract the Nextcloud supply code utilizing the command under.

unzip nextcloud-17.zero.2.zip

And you'll get a brand new listing referred to as 'nextcloud'.

Now create a brand new 'knowledge' listing for Nextcloud. The 'knowledge' listing can be used to retailer consumer knowledge.

mkdir -p /var/www/nextcloud/knowledge/

After that, change the proprietor of 'nextcloud' listing to the 'nginx' consumer and group.

sudo chown -R nginx:nginx /var/www/nextcloud

And you have downloaded the newest Nextcloud 17 to the '/var/www' listing.

Download NextCloud

Step 6 - Arrange Nginx Digital Host for Nextcloud

After downloading the Nextcloud supply code, we'll arrange the Nginx digital host for Nextcloud.

Go to the '/and so forth/nginx/conf.d' listing and create a brand new configuration 'nextcloud.conf'.

cd /and so forth/nginx/conf.d/
vim nextcloud.conf

Now change the area identify and SSL certificates path with your personal and paste the next configuration into it.

upstream php-handler 
#server 127.zero.zero.1:9000;
server unix:/run/php-fpm/www.sock;

server
pay attention 80;
pay attention [::]:80;
server_name cloud.hakase-labs.io;
# implement https
return 301 https://$server_name:443$request_uri;

server
pay attention 443 ssl http2;
pay attention [::]:443 ssl http2;
server_name cloud.hakase-labs.io;

# Use Mozilla's tips for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings under could be redundant
ssl_certificate /and so forth/ssl/nginx/fullchain.pem;
ssl_certificate_key /and so forth/ssl/nginx/privkey.pem;

# Add headers to serve safety associated headers
# Earlier than enabling Strict-Transport-Safety headers please learn into this
# matter first.
#add_header Strict-Transport-Safety "max-age=15768000; includeSubDomains; preload;" all the time;
#
# WARNING: Solely add the preload choice when you examine
# the results in https://hstspreload.org/. This feature
# will add the area to a hardcoded record that's shipped
# in all main browsers and getting faraway from this listing
# might take a number of months.
add_header Referrer-Coverage "no-referrer" all the time;
add_header X-Content material-Sort-Choices "nosniff" all the time;
add_header X-Obtain-Choices "noopen" all the time;
add_header X-Body-Choices "SAMEORIGIN" all the time;
add_header X-Permitted-Cross-Area-Insurance policies "none" all the time;
add_header X-Robots-Tag "none" all the time;
add_header X-XSS-Safety "1; mode=block" all the time;

# Take away X-Powered-By, which is an info leak
fastcgi_hide_header X-Powered-By;

# Path to the basis of your set up
root /var/www/nextcloud;

location = /robots.txt
permit all;
log_not_found off;
access_log off;

# The next 2 guidelines are solely wanted for the user_webfinger app.
# Uncomment it should you're planning to make use of this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta final;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json final;

# The next rule is simply wanted for the Social app.
# Uncomment it for those who're planning to make use of this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger final;

location = /.well-known/carddav
return 301 $scheme://$host:$server_port/distant.php/dav;

location = /.well-known/caldav
return 301 $scheme://$host:$server_port/distant.php/dav;

# set max add measurement
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Allow gzip however don't take away ETag headers
gzip on;
gzip_vary on;
gzip_comp_level four;
gzip_min_length 256;
gzip_proxied expired no-cache no-store personal no_last_modified no_etag auth;
gzip_types software/atom+xml software/javascript software/json software/ld+json software/manifest+json software/rss+xml software/vnd.geo+json software/vnd.ms-fontobject software/x-font-ttf software/x-web-app-manifest+json software/xhtml+xml software/xml font/opentype picture/bmp picture/svg+xml picture/x-icon textual content/cache-manifest textual content/css textual content/plain textual content/vcard textual content/vnd.rim.location.xloc textual content/vtt textual content/x-component textual content/x-cross-domain-policy;

# Uncomment in case your server is constructed with the ngx_pagespeed module
# This module is presently not supported.
#pagespeed off;

location /
rewrite ^ /index.php;

location ~ ^/(?:construct|checks|config|lib|3rdparty|templates|knowledge)/
deny all;

location ~ ^/(?:.|autotest|occ|challenge|indie|db_|console)
deny all;

location ~ ^/(?:index|distant|public|cron|core/ajax/replace|standing|ocs/v[12]|updater/.+|oc[ms]-provider/.+).php(?:$|/) )$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
embrace fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
# Keep away from sending the safety headers twice
fastcgi_param modHeadersAvailable true;
# Allow fairly urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;

location ~ ^/(?:updater|oc[ms]-provider)(?:$|/)
try_files $uri/ =404;
index index.php;

# Including the cache management header for js, css and map information
# Be sure it's BELOW the PHP block
location ~ .(?:css|js|woff2?|svg|gif|map)$
try_files $uri /index.php$request_uri;
add_header Cache-Management "public, max-age=15778463";
# Add headers to serve safety associated headers (It's meant to
# have these duplicated to those above)
# Earlier than enabling Strict-Transport-Safety headers please learn into
# this matter first.
#add_header Strict-Transport-Safety "max-age=15768000; includeSubDomains; preload;" all the time;
#
# WARNING: Solely add the preload choice when you examine
# the results in https://hstspreload.org/. This feature
# will add the area to a hardcoded listing that's shipped
# in all main browsers and getting faraway from this listing
# might take a number of months.
add_header Referrer-Coverage "no-referrer" all the time;
add_header X-Content material-Sort-Choices "nosniff" all the time;
add_header X-Obtain-Choices "noopen" all the time;
add_header X-Body-Choices "SAMEORIGIN" all the time;
add_header X-Permitted-Cross-Area-Insurance policies "none" all the time;
add_header X-Robots-Tag "none" all the time;
add_header X-XSS-Safety "1; mode=block" all the time;

# Optionally available: Do not log entry to belongings
access_log off;

location ~ .(?:png|html|ttf|ico|jpg|jpeg|bcmap)$
try_files $uri /index.php$request_uri;
# Optionally available: Do not log entry to different belongings
access_log off;

Save and shut.

After that, check the nginx configuration and restart the Nginx service. And ensure there isn't any error.

nginx -t
systemctl restart nginx

Now the Nginx service will open a brand new HTTPS port on the system, examine it utilizing the next command.

netstat -plntu

And you'll get the end result as under.

Configure Nginx for Nextcloud

In consequence, you've got added the Nginx digital host configuration for Nextcloud and enabled the safe HTTPS on prime of it.

Step 7 - Arrange SELinux for Nextcloud

For this tutorial, we can be utilizing the SELinux on the 'implementing' mode. And we'll setup the SELinux for Nextcloud set up.

Set up the SELinux administration device utilizing the dnf command under.

sudo dnf set up policycoreutils-python-utils

Now execute the next command as root in your server.

semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/knowledge(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/belongings(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/.consumer.ini'

restorecon -Rv '/var/www/nextcloud/'

And the SELinux configuration for Nextcloud has been accomplished.

Configure SELinux for Nextcloud

Step Eight - Nextcloud Set up Wizard

Now open your net browser and sort your Nextcloud area identify on the handle bar.

https://cloud.hakase-labs.io/

Now you'll get the Nextcloud set up web page as under.

Nextcloud web installer

Sort your admin consumer and password, then select the 'MySQL/MariaDB' as your database and sort particulars concerning the database that you've got created on prime.

Now click on the 'End Setup' button and the set up will start.

As soon as the set up is full, you'll get the Nextcloud dashboard as under.

NextCloud on CentOS 8

Consequently, you've got efficiently put in the newest Nextcloud 17 with the Nginx net server, PHP-FPM 7.three, and MariaDB database on the CentOS Eight server.

Reference

Comments