Install Nextcloud with Nginx and SSL / TLS certificates on CentOS 8

Welcome to our guide on another enterprise file synchronization and sharing solution. We will learn how to install Future cloud Use Nginx and SSL / TLS certificates on CentOS 8.

Want to try ownCloud? Check out our guide to setting up ownCloud server on CentOS 8 via the following link;

Install ownCloud server on CentOS 8

Install Nextcloud with Nginx and SSL / TLS certificates on CentOS 8

To install Nextcloud with Nginx and SSL / TLS certificates on CentOS 8, these are the steps used in our environment. Feel free to modify the steps to suit your environment.

Run system update

Make sure your system packages are up to date.

dnf update

Install the LEMP stack

To run Nextcloud with Nginx, you first need to set up the LEMP stack. In the previous guide, we provided a guide on how to set up the LEMP stack on CentOS 8. Please click on the link below;

Install LEMP Stack on CentOS 8

Install other required PHP modules

To install other required PHP modules and other packages, run the following command;

dnf install php-gd php-json php-curl php-mbstring php-intl php-xml php-zip php-pear php-soap

Install other required packages;

dnf install zip wget tar policycoreutils-python-utils

Configure PHP

Edit /etc/php.ini And set cgi.fix_pathinfo to 0.

vim /etc/php.ini
...
;cgi.fix_pathinfo=1
cgi.fix_pathinfo=0
...

Edit /etc/php-fpm.d/www.conf And make the following changes;

vim /etc/php-fpm.d/www.conf
...
user = nginx
group = nginx
...
# Uncomment these lines by removing the ; at the beginning of the lines.
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
...

Create Nextcloud database and database user

Before creating a MariaDB / MySQL database for Nextcloud, make sure InnoDB is the default storage engine.

mysql -u root -p
show engines;
+--------------------+---------+----------------------------------------------------------------------------------+--------------+------+------------+
| Engine             | Support | Comment                                                                          | Transactions | XA   | Savepoints |
+--------------------+---------+----------------------------------------------------------------------------------+--------------+------+------------+
...
...
| InnoDB             | DEFAULT | Supports transactions, row-level locking, foreign keys and encryption for tables | YES          | YES  | YES        |
...

Make sure support is set to default.

Next, create the Nextcloud database (The names of the databases and database users used here are not standard, please use any name you like).

create database ncdb;

Create a Nextcloud database user with all privileges granted on the Nextcloud database.

grant all privileges on ncdb.* to [email protected] identified by '[email protected]';

Reload the privilege table and exit the database.

flush privileges;
quit

Download and install Nextcloud

In this guide, we will install Nextcloud from source code. Therefore, from the time of writing, download the latest stable release v17.0.2 of Nextcloud. Publish page.

wget https://download.nextcloud.com/server/releases/latest.zip

Extract Nextcloud to the web root directory

Since we use Nginx as our web server, we put the Nextcloud files and configuration below, /usr/share/nginx/html/nextcloud. Depending on your situation, the path may be different.

unzip latest.zip -d /usr/share/nginx/html/

Generate SSL / TLS Certificate

Well, to set up Nextcloud with an SSL / TLS certificate, you first need to generate a certificate. This guide uses a self-signed certificate for demonstration. If you run Nextcloud in a production environment, consider using a public trust certificate from your preferred CA.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/nc-selfsigned.key -out /etc/pki/tls/nc-selfsigned.crt

Configure Nginx for Nextcloud

Nextcloud provides Nextcloud sample Nginx configuration code. You can simply get the configuration and adjust it to suit your environment settings.

vim /etc/nginx/conf.d/nextcloud.conf

Make sure to replace server name, web root, path to SSL / TLS certificate accordingly.

upstream php-handler {
    server unix:/run/php-fpm/www.sock;
}

server {
    listen 80;
    server_name nextcloud.kifarunix-demo.com;
    # enforce https
    return 301 https://$server_name:443$request_uri;
}

server {
    listen 443 ssl http2;
    server_name nextcloud.kifarunix-demo.com;

    ssl_certificate /etc/pki/tls/nc-selfsigned.crt;
    ssl_certificate_key /etc/pki/tls/nc-selfsigned.key;

    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;

    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /usr/share/nginx/html/nextcloud;

    access_log /var/log/nginx/nc_access_log;
    error_log /var/log/nginx/nc_error_log;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    location / {
        rewrite ^ /index.php;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+).php(?:$|/) {
        fastcgi_split_path_info ^(.+?.php)(/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|oc[ms]-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~ .(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;

        access_log off;
    }

    location ~ .(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
        try_files $uri /index.php$request_uri;
        access_log off;
    }
}

Save and exit the configuration file.

Create Nextcloud data directory;

mkdir /usr/share/nginx/html/nextcloud/data

Set the user and group ownership of the Nextcloud directory to nginx.

chown -R nginx:nginx /usr/share/nginx/html/nextcloud

Set appropriate permissions for Nextcloud directories and files.

find /usr/share/nginx/html/nextcloud/ -type d -exec chmod 750 {} ;
find /usr/share/nginx/html/nextcloud/ -type f -exec chmod 640 {} ;

Set the ownership of the PHP session directory to nginx.

chown nginx:nginx -R /var/lib/php/session/

Verify that Nginx has no syntax errors.

nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart Nginx and PHP-FPM.

systemctl restart nginx php-fpm

Allow Nginx HTTP / HTTPS traffic on FirewallD

If firewallD is running, run the following command to open ports 80 and 443.

firewall-cmd --add-port={80,443}/tcp --permanent
firewall-cmd --reload

Configure SELinux

and also, Nextcloud provides SELinux configuration At least you should solve the permissions issue of Nextcloud. Run the following command and make sure Replace Nextcloud installation path Correspondingly.

semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'

restorecon -Rv '/usr/share/nginx/html/nextcloud/'

Complete Nextcloud setup on your browser

You can now access Nextcloud from your browser to complete the installation and setup. Note that we have configured HTTP redirects to HTTPS, so if you use a URL to access Nextcloud, nextcloud.kifarunix-demo.com (Replace accordingly), you will be redirected to HTTPS, and since we are using a self-signed SSL / TLS certificate, please skip the warning;

On the Nextcloud user interface, enter the name and password of the Nextcloud administrator user.

Next, you need to define the back-end database and connection details. In this demo we are using MariaDB and click Storage and database Drop-down menu, set Nextcloud data directory, select MySQL/MariaDB As a database, follow the steps created above to set up connection details.

Install Nextcloud with Nginx and SSL / TLS certificates on CentOS 8

Please click Complete setup Complete the configuration.

After the setup is complete, you will be welcomed in the login window.

Install Nextcloud with Nginx and SSL / TLS certificates on CentOS 8

Enter the administrator credentials created during the setup process and log in to Nextcloud.

Install Nextcloud with Nginx and SSL / TLS certificates on CentOS 8

This marks the end of this tutorial on how to install Nextcloud with Nginx and SSL / TLS certificates on CentOS 8. You can now explore this awesome tool further.

reference

Nextcloud latest management manual

.

Sidebar