ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi

    IT Discussion
    how to guide real instructions nextcloud nextcloud 11 centos centos 7 php 7 remi
    10
    81
    27.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by JaredBusch

      This Guide assumes that you are starting from CentOS 7 R1611 Minimal.

      Install CentOS 7 and then either log in as root, su to root, or prepend everything here with sudo. Your choice.

      #Update centos
      yum update -y
      
      #install helper packages
      yum install -y wget nano yum-utils
      
      #install EPEL
      yum install -y epel-release
      
      #install Remi 
      yum install -y http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
      
      #enable PHP 7.1 by editing the repo file and changing enabled=0 to 1
      yum-config-manager --enable remi-php71
      

      Now install all of the packages that will be needed by NextCloud

      #Install all required and optional packages
      yum -y install httpd mariadb mariadb-server php php-gd php-pdo php-pear php-mbstring php-xml php-pear-Net-Curl php-mcrypt php-intl php-ldap php-smbclient php-imap php-mysql php-pear-MDB2 php-pear-MDB2-Driver-mysqli php-pecl-zip bzip2 policycoreutils-python redis php-pecl-redis
      

      Install NextCloud 11.0.2. Update the wget and tar command to reflect the current version at the time of your installation.

      #Create the root directory to extract nextcloud to
      mkdir -p /var/www/html/nextcloud
      
      #Get NextCloud
      wget https://download.nextcloud.com/server/releases/nextcloud-11.0.2.tar.bz2
      
      #Extract NextCloud
      tar xvf nextcloud-11.0.2.tar.bz2 -C /var/www/html
      
      #Create directories not created by extract
      mkdir -p /var/www/html/nextcloud/data
      
      #get the nextcloud apache config file
      # the current file is currently broken for this guide, use the original commit version below.
      #wget -O /etc/httpd/conf.d/nextcloud.conf https://raw.githubusercontent.com/nextcloud/server-packages/master/centos/nextcloud.conf
      wget -O /etc/httpd/conf.d/nextcloud.conf https://raw.githubusercontent.com/nextcloud/server-packages/18f3837752589739b53bc62705c45a54faddbb4a/centos/nextcloud.conf
      

      Now set up proper ownership and permissions to the files.

      #default everything to root:apache
      chown -R root:apache /var/www/html/nextcloud/.
      
      #set default directory and file permissions
      find /var/www/html/nextcloud -type d -exec chmod 0750 {} \;
      find /var/www/html/nextcloud -type f -exec chmod 0640 {} \;
      
      #change ownership of folders and files
      chmod 0755 /var/www/html/nextcloud
      chmod 0755 /var/www/html/nextcloud/occ
      chown apache:apache /var/www/html/nextcloud/occ
      chmod 0644 /var/www/html/nextcloud/.htaccess
      chown apache:apache /var/www/html/nextcloud/.htaccess
      find /var/www/html/nextcloud/apps -exec chmod 0750 {} \;
      chown -R apache:apache /var/www/html/nextcloud/apps
      find /var/www/html/nextcloud/updater -exec chmod 0750 {} \;
      chown -R apache:apache /var/www/html/nextcloud/updater
      find /var/www/html/nextcloud/data -exec chmod 0755 {} \;
      chown -R apache:apache /var/www/html/nextcloud/data
      find /var/www/html/nextcloud/config -exec chmod 0755 {} \;
      chown -R apache:apache /var/www/html/nextcloud/config
      

      Open the firewall and start the database services.

      #open the firewall for http
      firewall-cmd --zone=public --add-port=http/tcp --permanent
      firewall-cmd --reload
      
      #start the mariadb and set to start on boot
      systemctl start mariadb
      systemctl enable mariadb
      
      #start redis (used for memcache)
      systemctl start redis
      systemctl enable redis
      

      Create the NextCloud database and then secure the mariadb install.

      Change ncuser, ncuserpassword, and somesecurepassword to something private.

      #Create a database for nextcloud and a user to access it.
      mysql -e "CREATE DATABASE nextcloud;"
      mysql -e "CREATE USER 'ncuser'@'localhost' IDENTIFIED BY 'ncuserpassword';"
      mysql -e "GRANT ALL ON nextcloud.* TO 'ncuser'@'localhost';"
      mysql -e "FLUSH PRIVILEGES;"
      
      #Secure mariadb. These commands do what mysql_secure_installation does interactively
      mysql -e "UPDATE mysql.user SET Password=PASSWORD('somesecurepassword') WHERE User='root';"
      mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
      mysql -e "DELETE FROM mysql.user WHERE User='';"
      mysql -e "DROP DATABASE test;"
      mysql -e "FLUSH PRIVILEGES;"
      

      Tell SELinux that we want to send email and that the data, config, and apps folders need to be writable by the webserver.

      #tell SELinux to allow apache to send smtp and network connect
      setsebool -P httpd_can_sendmail 1
      setsebool -P httpd_can_network_connect 1
      
      #change SELinux permissions for directories that need apache write access.
      semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
      restorecon -R /var/www/html/nextcloud/config
      semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
      restorecon -R /var/www/html/nextcloud/apps
      semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?'
      restorecon -R /var/www/html/nextcloud/data
      semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/updater(/.*)?'
      restorecon -R /var/www/html/nextcloud/updater
      

      Restart the webserver

      #Restart Apache and enable for reboot.
      systemctl restart httpd
      systemctl enable httpd
      

      Creating a DNS entry is optional, but when the NextCloud first run wizard happens in the browser, it sets the config.php to trust the URL in the browser. If you do not have DNS setup yet, you will have to go back and add this to yout config.php later anyway.

      #create a DNS entry for your server and go to it in your browser to complete the setup
      http://nextcloud.domain.com/nextcloud
      

      On the web GUI, enter your desired admin username and password.
      0_1489694134750_upload-6982fc23-f37f-40b8-8555-02ea1d6737be

      Then click the Storage & database dropdown.
      0_1489694170160_upload-db1dd473-e6ba-47d0-bed0-630e5efed8e7

      Leave the data folder alone unless you know that you changed it when going through the above instructions.
      0_1489694494762_upload-54c0e57e-4f3d-402d-a4d5-5f64d4a28bf0

      Change the database to MySQL/MariaDB
      0_1489694525338_upload-09b6afa0-19f8-4661-b8f8-30f3bfc05068

      Then fill it out with the information you used above.
      0_1489694596256_upload-c7100936-4fff-4a6f-a4c2-1968cc60ce35

      Click the Finish setup button
      0_1489694613615_upload-0e8c9b25-0269-40b1-8d03-b30523f06f01

      You will be automatically logged in and greeted with this.
      0_1489694685297_upload-cdf842b9-179e-4f3e-84e0-a93c3c64c5bb

      Go back to your SSH session and update the NextCloud config.php file to tell it to use redis for the memory cache and file locking.

      #add a line to nextcloud config.php to enable memory cache
      nano /var/www/html/nextcloud/config/config.php
      'memcache.locking' => '\OC\Memcache\Redis',
      'memcache.local' => '\OC\Memcache\Redis',
          'redis' => array(
          'host' => 'localhost',
          'port' => 6379,
      ),
      

      Restart the webserver

      systemctl restart httpd
      

      You now have a fully configured basic install.

      ObsolesceO 1 Reply Last reply Reply Quote 7
      • JaredBuschJ
        JaredBusch
        last edited by JaredBusch

        Now you have a nice working basic install, but the URL (http://nextcloud.domain.com/nextcloud) is nasty.
        Who always wants to see /nextcloud in the URL all the time?
        Also once signed in, you will always see /index.php/ in the URL.
        This is simple to resolve.

        First update the webserver config and config.php to not use the /nextcloud folder

        #remove need to use /nextcloud in URL by changing the document root in apache. This also adds the benefit of giving you a valid page if someone goes to the raw IP.
        nano /etc/httpd/conf/httpd.conf
        DocumentRoot "/var/www/html" to DocumentRoot "/var/www/html/nextcloud"
        
        #update nextcloud config.php to remove /nextcloud
        nano /var/www/html/nextcloud/config/config.php
        'overwrite.cli.url' => 'http://nextcloud.domain.com',
        

        Now update the config.php and have it update the .htaccess file to hide the index.php from the URL.

        # add this line to the nextcloud config.php to remove the index.php in all the URLS
        'htaccess.RewriteBase' => '/',
        
        #then run this to apply it to the .htaccess file
        cd /var/www/html/nextcloud && sudo -u apache php occ maintenance:update:htaccess
        
        #restart apache
        systemctl restart httpd
        

        Now you can go to your URL without the /nextcloud and links will not have the /index.php/ in them.

        #now go to your URL without the /nextcloud
        http://nextcloud.domain.com
        
        1 Reply Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch
          last edited by JaredBusch

          So you now have a nice pretty private file sync install, except it is not using SSL!
          That is not secure!
          Well, the Let's Encrypt project fixes that for us.

          Note: If you are running behind a proxy on another local host, there is no need to setup SSL as your proxy should handle the SSL termination.

          I need to clean this up to use some sed commands to simplify but did not have time to test that.

          #install certbot with the apache plugin for SSL
          yum -y install mod_ssl python-certbot-apache
          
          #restart apache
          systemctl restart httpd
          
          #open the firewall for https
          firewall-cmd --zone=public --add-port=https/tcp --permanent
          #reload the firewall
          firewall-cmd --reload
          

          Now you can run certbot

          #run certbot to get your SSL certificate, you will a warning that it could not update a vhost file. That is because there is not one named to match the domain. That is beyond the scope of this guide.
          certbot --apache certonly --email [email protected] --domain nexcloud.domain.com --agree-tos --non-interactive
          

          now update apache to look for the cert files.

          #update ssl.conf
          nano /etc/httpd/conf.d/ssl.conf
          #replace
          SSLCertificateFile /etc/pki/tls/certs/localhost.crt
          SSLCertificateFile /etc/letsencrypt/live/nextcloud.domain.com/cert.pem
          
          SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
          SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.domain.com/privkey.pem
          
          SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
          SSLCertificateChainFile /etc/letsencrypt/live/nextcloud.domain.com/chain.pem
          
          #restart apache
          systemctl restart httpd
          

          remove the ability to use http by removing the allow in the firewall.

          #remove the allow for http
          firewall-cmd --zone=public --remove-port=80/tcp --permanent
          #reload the firewall
          firewall-cmd --reload
          
          #navigate to your site via SSL
          https://nextcloud.domain.com
          

          0_1489698745153_upload-829d5a34-af1b-4900-887e-8684b3481dfc

          1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch
            last edited by JaredBusch

            If you are running your Nexcloud instance behind a reverse proxy that handles the SSL, then your links may all be going out as http instead of https.

            This is because Nextcloud tries to figure this out on its own and it only sees the http connection hitting it. You can override this default behavior by updating the Nextcloud config.php to contain the following line.

            'overwriteprotocol' => 'https',
            
            A 1 Reply Last reply Reply Quote 1
            • A
              Alex Sage @JaredBusch
              last edited by

              @JaredBusch I'll be texting in a few hours 🙂

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch
                last edited by

                If I have time today, I will do this again and get some screenshots of the browser wizard filled out with the examples as listed above.

                A 1 Reply Last reply Reply Quote 0
                • A
                  Alex Sage @JaredBusch
                  last edited by

                  @JaredBusch I am thinking about scripting it out, unless you already have started on it?

                  JaredBuschJ scottalanmillerS 2 Replies Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @Alex Sage
                    last edited by

                    @aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

                    @JaredBusch I am thinking about scripting it out, unless you already have started on it?

                    There is no point in something like that. If you want an invisible install, use the official appliance.
                    https://nextcloud.com/install/#instructions-server
                    https://www.techandme.se/nextcloud-vm/

                    Guides like this are for education as well as to provide clear instructions for a manual setup.

                    Once I spend a few minutes figuring out the proper sed statements, this entire thing can be concatenated into a one liner with ; separators. That is not the point.

                    A 1 Reply Last reply Reply Quote 0
                    • A
                      Alex Sage @JaredBusch
                      last edited by Alex Sage

                      @JaredBusch said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

                      There is no point in something like that. If you want an invisible install, use the official appliance.

                      I could, but I trust you, and I have no idea what is in the official appliance

                      Also it runs on Ubuntu, and I like Cent OS since I am studying for my RHCSA.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Alex Sage
                        last edited by

                        @aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

                        @JaredBusch I am thinking about scripting it out, unless you already have started on it?

                        Going to Ansible or something like that is like a scripted install, but more automated and, if created idempotently, can be used to enforce consistency down the road. If you were to take the time to script the install here, it's worth considering moving to that approach. No need for an infrastructure to do that, you can just store an Ansible playbook on GIT or similar (there is free hosting out there for that) then just pull it from there.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Alex Sage
                          last edited by

                          @aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

                          @JaredBusch I'll be texting in a few hours 🙂

                          Hopefully not while driving 😉

                          A 1 Reply Last reply Reply Quote 0
                          • A
                            Alex Sage @scottalanmiller
                            last edited by

                            @scottalanmiller hey it was 4AM lol

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Alex Sage
                              last edited by

                              @aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

                              @scottalanmiller hey it was 4AM lol

                              Way too late to be texting then 😉

                              1 Reply Last reply Reply Quote 0
                              • Emad RE
                                Emad R
                                last edited by Emad R

                                1_1489607043027_2017-03-15 21_43_30-77.245.14.252 - vSphere Client.png 0_1489607043026_2017-03-15 21_43_42-77.245.14.252 - vSphere Client.png

                                Hi,

                                I did the above steps starting from Centos 7 1611 minimal updated.

                                Got the above results ... 😞

                                I tried disabling selinux
                                Changing permissions to 0777 on /var/www/html/nextcloud
                                disabling the firewalld
                                same results

                                I made sure that I am doing everything as above

                                Thank you for your hard work, and guide. I prefer using it cause your are using PHP7 unlike the rest.

                                A JaredBuschJ 2 Replies Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  Do a netstat -tulpn to see what it is listening for.

                                  1 Reply Last reply Reply Quote 0
                                  • A
                                    Alex Sage @Emad R
                                    last edited by

                                    @msff-amman-Itofficer also double check the firewall 😉

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • JaredBuschJ
                                      JaredBusch @Emad R
                                      last edited by

                                      @msff-amman-Itofficer at what point in the guide are you?

                                      Emad RE 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Alex Sage
                                        last edited by

                                        @aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

                                        @msff-amman-Itofficer also double check the firewall 😉

                                        The forbidden error means that the firewall is open.

                                        1 Reply Last reply Reply Quote 1
                                        • JaredBuschJ
                                          JaredBusch
                                          last edited by

                                          The default log file is nextcloud.log located in /var/www/html/nextcloud/data.

                                          tail /var/www/html/nextcloud/data/nextcloud.log
                                          
                                          Emad RE 1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch
                                            last edited by JaredBusch

                                            Here is what my systemlooks like:

                                            ls -lZ /var/www/html
                                            drwxr-xr-x. root apache unconfined_u:object_r:httpd_sys_content_t:s0 nextcloud
                                            
                                            ls -lZ /var/www/html/nextcloud/
                                            drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 3rdparty
                                            drwxr-x---. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 apps
                                            drwxr-x---. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 assets
                                            -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 AUTHORS
                                            drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 config
                                            -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 console.php
                                            drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 core
                                            -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 cron.php
                                            lrwxrwxrwx. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 data -> /home/nc_data
                                            -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 db_structure.xml
                                            drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 etc
                                            -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 index.html
                                            -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 index.php
                                            drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 l10n
                                            drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 lib
                                            -rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 occ
                                            drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 ocs
                                            drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 ocs-provider
                                            -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 public.php
                                            -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 remote.php
                                            drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 resources
                                            -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 robots.txt
                                            drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 settings
                                            -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 status.php
                                            drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 themes
                                            drwxr-x---. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 updater
                                            -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 version.php
                                            

                                            Since I made a symlink to my data directory I had to deviate a bit from the guide personally.

                                            ls -lZ /home/
                                            drwxrwx---. root apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 nc_data
                                            
                                            ls -lZ /home/nc_data/
                                            drwxr-xr-x. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 appdata_ocuy4ccap2ee
                                            drwxr-xr-x. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 files_external
                                            -rw-r--r--. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 index.html
                                            drwxr-xr-x. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 jbusch
                                            -rw-r-----. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 nextcloud.log
                                            -rw-r--r--. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 themedinstancelogo
                                            
                                            Emad RE 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 1 / 5
                                            • First post
                                              Last post