قالب وردپرس درنا توس
Home / How To / How to install Nextcloud with Nginx and PHP 7.3 on CentOS 8

How to install Nextcloud with Nginx and PHP 7.3 on CentOS 8



Nextcloud is a free (open source) dropbox-like software, a fork for your own Cloud project. Nextcloud is written in PHP and JavaScript, it supports many database systems such as MySQL / MariaDB, PostgreSQL, Oracle database and SQLite.

To keep your files in sync between desktop and server, Nextcloud offers applications for Windows, Linux and Mac desktops and a mobile application for Android and iOS.

In this tutorial we will show you how to install Nextcloud 17 with Nginx web server, PHP 7.3 and MariaDB database on a CentOS 8 server. We will install Nextcloud and secure it with a free Let's Encrypt SSL certificate.

Prerequisite

For this guide, we will install Nextcloud on the CentOS 8 server with 2 GB of RAM, 25 GB of free space, and 2 CPUs.

What we will do:

  • Install Nginx Web Server
  • Install PHP-FPM 7.3
  • Configure PHP-FPM 7.3
  • Install and configure the MariaDB database
  • Generate SSL Letsencrypt
  • Download Nextcloud 1
    7
  • Setting Nginx Virtual Host for Nextcloud
  • Setting SELinux for Nextcloud
  • Nextcloud Post Installation

Step 1 – Installing Nginx

First we install Nginx web server to the CentOS 8 server The HTTP and HTTPS port on the firewall.

Install Nginx from the AppStream repository with the dnf command below.

  sudo dnf install nginx 

When the installation is complete, start nginx and add it to the system boot.

  syste mctl start nginx 
systemctl enable nginx

Now check the status of nginx using the command below.

  systemctl status nginx 

You will get the nginx service running on CentOS 8 server.

 Start Nginx with systemd

Then we add the HTTP and HTTPS services to the firewall.

Add the HTTP and HTTPS services to the firewall using the firewall cmd command below.

  firewall-cmd --add-service = http --permanent 
firewall-cmd --add-service = https --permanent

After that, reload the firewall services.

  firewall cmd - reload [19659020] As a result, you have successfully installed the Nginx web server and opened the HTTP and HTTPS ports on the CentOS 8. server. 

 Configure the firewall

Step 2 - Install PHP-FPM

According to the Nextcloud system requirement, it is recommended to use PHP 7.2 or PHP 7.3 for the installation.

For this guide, we will use PHP 7.3 that can be installed from the REMI archive.

Before proceeding, we will activate the "PowerTools" layer and add the EPEL and REMI storage for CentOS 8 server.

Run the dnf command below.

  sudo dnf config manager - set-enabled PowerTools 
sudo dnf install epel release
sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

Now check all available repositories in the system.

  dnf repolist 

And you will get the result as below.

 Check DNF Repositories

You have enabled the "PowerTools archive and added the EPEL and REMI archives for CentOS 8.

Then we activate PHP 7.3 REMI archive.

Check all available modules for PHP packages.

  dnf module list php 

Now enable module for PHP 7.3 REMI storage.

  dnf module enable php: remi-7.3 

 Add Remi file in C entOS 8

Then install PHP and PHP-FPM 7.3 packages for Nextcloud with the command dnf below.

  sudo dnf install php-fpm php-cli php-devel php-gd php- mysqlnd php pears php-xml php-mbstring php-pdo php-json php-pecl-apcu php-pecl-apcu-devel php-pecl-imagick-devel php-intl php-cache php-zip 

And you have installed PHP and PHP-FPM 7.3 for the CentOS 8. system

Step 3 - Configure PHP-FPM 7.3

In this step we will set PHP-FPM for the implementation of Nextcloud. [19659002] Edit & # 39; php.ini & # 39; configuration using the following command.

  vim /etc/php.inivud19659020??Comment and change the configuration as below. 

  memory_limit = 512M 
date.timezone = Asia / Jakarta
cgi.fixpathinfo = 0

Save and close.

Now edit PHP opcache configuration & # 39; /etc/php.d/10-opcache.ini'. Vintage19659019vudvim /etc/php.d/10-opcache.ini [19659020] Change configuration as below .

  opcache.enable = 1 
opcache.interned _strings_buffer = 8
opcache.max_accelerated_files = 10000
opcache.memory_consumption = 128
opcache.save_comments = 1
[1965902059redigera]. -Fpm configuration & # 39; /etc/php-fpm.d/www.conf' .ebrit19659019achtevim /etc/php-fpm.d/www.confebrit19659020 ch el & # 39; the user & # 39; and & # 39; group & # 39; to & # 39; nginx & # 39; .

  user = nginx 
group = nginx

Change the "listen" configuration to the sock file as below.

  list = /run/php-fpm/www.sockebrit19659020??Comment PHP environment variable below. 

  env [HOSTNAME] = $ HOSTNAME 
env [PATH] = / usr / local / bin: / usr / bin: / bin
env [TMP] = / tmp
env [TMPDIR] = / tmp
env [TEMP] = / tmp

Deselect the opcache configuration on the last row.

  php_value [opcache.file_cache] = / var / lib / php / opcache 

Save and close.

Now create a new directory for PHP session and opcache, then change the owner of these directories to & # 39; ng inx & # 39; user and group.

  mkdir -p / var / lib / php / {session, opcache} 
chown -R nginx: nginx / var / lib / php / {session, opcache}

And you have completed PHP-FPM- configuration for the Nextcloud installation.

Launch the PHP-FPM service and add it to the system boot.

  systemctl enable php-fpm 
systemctl start php-fpm

 Configure PHP 7.3

Now check the PHP-FPM sock file and service status.

  netstat -pl | grep php 
systemctl status php-fpm

And you will get the result as below.

 Configure PHP-FPM

As a result, PHP-FPM comes up and runs under the sock file & # 39; /run/php-fpm/www.sock' .man19659087 ?? Step 4 - Installing and Configuring MariaDB

In this step, we will install the MariaDB database server, set up root password authentication and create a new database and user for Nextcloud.

Install the MariaDB database with the dnf command below.

  sudo dnf install mariadb mariadb server 

When the installation is complete, start the MariaDB service and add it to the system boot.

  systemctl start mariadb 
systemctl enable mariadb

And MariaDB service is running.

 Configure MariaDB

Next, we will set the root password authentication with the & # 39; mysql_secure_installation & # 39; below.

  mysql_secure_installation 

Type your root passw word and type & # 39; Y & # 39; for the rest of the configuration.

  Set a root password? [Y/n] Y 
Remove anonymous users? [Y/n] Y
Delete the test database and access it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

And the MariaDB root password has been configured.

Log in to the MySQL shell using the mysql command below.

  mysql -u root -p 
TYPE YOUR ROOT PASSWORD [19659020] Now create a new database & # 39; nextcloud_db & # 39; and create a new user & # 39; nextclouduser & # 39; with the password & # 39; nextcloudpassdb & # 39; using the questions below.

  create database nextcloud_db; 
create user [email protected] identified with "nextcloudpassdb";
grant all privileges on nextcloud_db. * To [email protected] identified with "nextcloudpassdb";
flush privileges;

And you have created the database and user for the Nextcloud installation.

 Set Nextcloud Database

Step 4 - Generate SSL Letsencrypt

In this step we will generate the SSL let encryption with & # 39; certbot & # 39; The SSL certificates will be used to secure Nextcloud access.

Install certbot from EPEL layer with the dnf command below.

  sudo dnf install certbot 

When the installation is complete, generate the Nextcloud domain name SSL certificates with the command below and be sure to change the domain name and email address with your own.

  certbot certonly --webroot --webroot-path / usr / share / nginx / html --agree-tos -m [email protected] -d cloud.hakase-labs.io 

When done, all are generated SSL certificate in the & # 39; /etc/letsencrypt/live/cloud.hakase-labs.io' directory.

Check it using the following command.

  ls -lah /etc/letsencrypt/live/cloud.hakase-labs.io/ Tu 1919909020. And you have generated SSL song encryption with the certbot tool. 

Step 5 - Download and install Nextcloud

In this step we will download the latest version of Nextcloud 17.

Before downloading the next source code, inst. the entire zip package to the system.

  sudo dnf install unzip 

Now go to directory & # 39; / var / www / & # 39; and download the Nextcloud source code with the wget command as below.

  cd / var / www / 
wget https://download.nextcloud.com/server/releases/nextcloud-17.0.2.zipebrit19659020??Extract the Nextcloud source code with the command below.

  unzip nextcloud-17.0.2. zip 

And you get a new directory called & # 39; nextcloud & # 39 ;.

Now create a new "data" directory for Nextcloud. The "data" directory will be used to store user data.

  mkdir -p / var / www / nextcloud / data / 

After that, change the owner of the "nextcloud" directory to "nginx" users and group.

  sudo chown -R nginx: nginx / var / www / nextcloud 

And you have downloaded the latest Nextcloud 17 to the & # 39; / var / www & # 39; directory.

 Download NextCloud

Step 6 - Set up Nginx Virtual Host for Nextcloud

After downloading the Nextcloud source code, we will set up Nginx virtual host for Nextcloud.

Go to directory & # 39; /etc/nginx/conf.d' and create a new configuration & # 39; nextcloud.conf & # 39 ;.

  cd /etc/nginx/conf.d/strong19459016achtevim nextcloud.conf 

Now change the domain name and SSL certificate path with your own and paste the following configuration into it.

  upstream php manager [
#server 127.0.0.1:9000; quarter19459016vudserver unix: /run/php-fpm/www.sock;
}

server {
listen 80;
listen [::]: 80;
server name cloud.hakase-labs.io;
# maintain https
return 301 https: // $ server_name: 443 $ request_uri;
}

server {
listen 443 ssl http2;
listen [::]: 443 ssl http2;
server name cloud.hakase-labs.io;

# Use Mozilla's guidelines for SSL / TLS settings
# https://mozilla.github.io/ server-side-tls / ssl-config-generator /
# NOTE: some settings below may be redundant
ssl_certificate /etc/ssl/nginx/fullchain.pem; ebrit19459016 Edinssl_certificate_key / etc / ssl / nginx / privkey.pem;

# Add headings to earn safety related headings
# Before activating headlines for strict transport security please read this
# topic first.
#add_header Strict-Transport-Security "max-Age = 15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the charging option after reading about the
# consequences in https://hstspreload.org/. This option
# will add the domain to a hair-coded list sent
# in all major browsers and removed from this list
# may take several months.
add_header Referrer policy "no-referrer" always;
add_header X- Content type option "nosniff" always;
always add_header X download option "noopen";
always add_header X-Frame option "SAMEORIGIN";
add_header X-Permitted-Cross-Domain- Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode = block" always;

# Delete X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

# The path to the root of your installation
root / var / www / nextcloud;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

# The following two rules are only needed for the user_webfinger app.
# Uncheck it if you plan to use this app.
#rewrite ^ /. well known / host-meta /public.php?service=host-meta last;
#rewrite ^ /. well known / host-meta.json /public.php?service=host-meta-json last;

# The following rule is only needed for the social app.
# Cancel it if you "plan to use this app.
#rewrite ^ /. Well-known / webfinger /public.php?service=webfinger last;

location = /.well-known/ carddav {
return 301 $ schedule: // $ host: $ server_port / remote.php / dav;
}
location = /.well-known/caldav {
return 301 $ schedule: / / $ host: $ server_port / remote.php / dav;
}

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Enable gzip but do not delete ETag- headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified 1945_01yp; javascript-application / json-application / ld + json-application / manifest + json-application / rss + xml-application / vnd.geo + json-application / vnd.ms-fontobject-application tion / x-font-ttf-application / x-web-app-manifest + json application / xhtml + xml application / xml font / open-type image / bmp image / svg + xml image / x-icon text / cache-manifest text / css text / plain text / vcard text / vnd .rim.location.xloc text / vtt text / x-component text / x-cross-domain-policy;

# Uncomment if your server is built with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

location / {
rewrite ^ /index.php; Chapter19459016 ch anuposition19659137ocation location ~ ^ / (?: Build | test | config | lib | 3rd lot | templates | data) / {
denies all;
}
location ~ ^ / (?: . | Autotest | occ | query | indie | db_ | console) {
denies all;
}

location ~ ^ / (?: Index | remote | public | cron | core / ajax / update | status | ocs / v [12] | updates /.+ | oc [ms] provider /.+) . Php (?: $ | /) {
fastcgi_split_path_info ^ (. +? . Php) ( /.* |) $;
set $ path_info $ fastcgi_path_info;
try_files $ fastcgi_script_name = 404;
includes fastcgi_params;
fastcgi_param SCRIPT_FILENAME $ document_root $ fastcgi_script_name;
fastcgi_param PAT9_PATI_SPAT_PATI_PATI_PATI_PATI_PATI_PATI_PATI_PATI_PATI_SPAT_PATI_SPAT_PATI_SPATT_SPI_SPI headers twice
fastcgi_param
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-h andler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}

location ~ ^ / (?: Updater | oc [ms] provider) (?: $ | /) {
try_files $ uri / = 404;
index index.php;
}

# Adding the cache control head for js, css, and map files
# Make sure it is BELOW the PHP block
location ~ . (?: css | js | woff2? | svg | gif | map) $ {
try_files $ uri /index.php$request_uri; 3.819459016vudad_header Cache-Control "public, max-age = 15778463";
# Add headings to serve security related headings (It is intended that
# have those copied to the above)
# Before enabling strict transport security headings please read in
# this topic first.
#add_header Strict-Transport-Security "max-age = 15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the charging option after reading about the
# consequences in https://hstspreload.org/. This option
# will add the domain to a hair-coded list sent
# in all major browsers and removed from this list
# may take several months.
add_header Referrer policy "no-referrer" always;
add_header X- Content type option "nosniff" always;
always add_header X download option "noopen";
always add_header X-Frame option "SAMEORIGIN";
add_header X-Permitted-Cross-Domain- Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode = block" always;

# Optional: Do not log in to access
access_log off;
}

location ~ . (?: png | html | ttf | ico | jpg | jpeg | bcmap) $ {
try_files $ uri /index.php$request_uri; Greece 19459016 selected # Optional: Do not log in to other assets
access_log off;
}
}

[19659020] Save and close.

Then test the nginx configuration and restart the Nginx service. And make sure there is nothing wrong.

  nginx -t 
systemctl restart nginx

Now the Nginx service will open a new HTTPS port on the system, check it with the following command.

  netstat -plntu 

And you will get the result as below.

 Configure Nginx for Nextcloud

As a result, you have added the virtual host configuration of Nginx for Nextcloud and enabled the secure HTTPS on top.

Step 7 - Configure SELinux for Nextcloud

For this tutorial, we will use SELinux in enfo rcing mode. And we set SELinux for the Nextcloud installation.

Install the SELinux management tool with the dnf command below.

  sudo dnf install policycoreutils-python-utils 

Now run the following command as root on your server. [19659019] semanage fcontext -a-t httpd_sys_rw_content_t & # 39; / var / www / nextcloud / data (/.*)?&# 39; ?? 19459016 Dollsemanage fcontext -a-t httpd_sys_rw_content_t & # 39; / var / www / nextcloud / config (& # 39;
semanage fcontext -at httpd_sys_rw_content_t & # 39; /var/www/nextcloud/apps(/.*)?'Mute19459016 Dollar Manager fcontext -a-httpd_sys_tw_c & # 39; / var / www / nextcloud / is ()? & # 39;
semanage fcontext -at httpd_sys_rw_content_t & # 39; /var/www/nextcloud/.htaccess'varp19459016 ch aneman fcontext -a-t httpd_sys_rw & # 39; / var / www / nextcloud / [1945900] restorecon -Rv & # 39; / var / www / nextcloud / & # 39;

And the SELinux configuration for Nextcloud is complete.

 Configure SELinux for Nextcloud

Step 8 - Nextcloud Install Wizard

Now open your browser and type your Nextcloud domain name in the address bar.

https: //cloud.hakase-labs. io / [19659002] Now you get the Nextcloud installation page as below.

 Nextcloud web installer

Enter your admin user and password, then select & # 39; MySQL / M ariaDB & # 39; as your database and write database information that you created on top.

Now click on "Finish Installation" button and the installation will begin.

When the installation is complete, you will receive the Nextcloud dashboard as shown below.

 NextCloud on CentOS 8

As a result, you have successfully installed the latest Nextcloud 17 with Nginx web server, PHP-FPM 7.3 and the MariaDB database on the CentOS 8 server.

Reference


Source link