{"id":530,"date":"2020-02-28T07:43:00","date_gmt":"2020-02-28T06:43:00","guid":{"rendered":"https:\/\/www.gonscak.sk\/?p=530"},"modified":"2020-10-29T14:34:23","modified_gmt":"2020-10-29T13:34:23","slug":"how-to-install-nextcloud-on-centos-8-stream","status":"publish","type":"post","link":"https:\/\/www.gonscak.sk\/?p=530","title":{"rendered":"How to install nextcloud v18 on Centos 8 Stream"},"content":{"rendered":"\n

I create a basic installation of Centos 8 stream from iso: CentOS-Stream-8-x86_64-20191219-boot.iso <\/p>\n\n\n\n

During installation I choose minimal applications and standard utilities. Please, enable, network time and set lvm for virtio disk. I set password for root and create a new user, which have root privileges. <\/p>\n\n\n\n

After instalation, I create and LVM encrypted partition, to store encrypted data of nextcloud on it. I will not use nextcloud data encryption. Command below creates encrypted disk. We must enter a passphrase twice<\/p>\n\n\n\n

 cryptsetup -y -v luksFormat \/dev\/vdb<\/pre>\n\n\n\n
Now, we open this partition and look at status:<\/p>\n\n\n\n
cryptsetup luksOpen \/dev\/vdb vdb_crypt\ncryptsetup -v status vdb_crypt\n\n\/dev\/mapper\/vdb_crypt is active.\n   type:    LUKS2\n   cipher:  aes-xts-plain64\n   keysize: 512 bits\n   key location: keyring\n   device:  \/dev\/vdb\n   sector size:  512\n   offset:  32768 sectors\n   size:    209682432 sectors\n   mode:    read\/write\n Command successful.<\/pre>\n\n\n\n
Now, I write 4GB zeros to this device to see, if everything is OK. It is possible, to full-up tho whole device, but it can take a long time. But the true reason is, that this will allocate block data with zeros. This ensures that outside world will see this as random data i.e. it protect against disclosure of usage patterns.<\/p>\n\n\n\n
dd if=\/dev\/zero of=\/dev\/mapper\/vdb_crypt bs=4M count=1000\n4194304000 bytes (4.2 GB, 3.9 GiB) copied, 130.273 s, 32.2 MB\/s<\/pre>\n\n\n\n
Now try close and open this encrypted device. And then, I create an lvm above the luks encrypted disk:<\/p>\n\n\n\n
cryptsetup luksClose vdb_crypt\ncryptsetup luksOpen \/dev\/vdb vdb_crypt\ncryptsetup -v status vdb_crypt\npvcreate \/dev\/mapper\/vdb_crypt\nvgcreate nextcloud \/dev\/mapper\/vdb_crypt\nlvcreate -n data -L+30G nextcloud\nmkdir \/mnt\/test\nmkfs.xfs \/dev\/mapper\/nextcloud-data\nmount \/dev\/mapper\/nextcloud-data \/mnt\/test\/\ntouch \/mnt\/test\/hello \nll \/mnt\/test\/hello\numount \/mnt\/test\/<\/pre>\n\n\n\n
Installing nextcloud and prerequisites<\/h2>\n\n\n\n
And now, we can start with preparing our Centos for nextcloud<\/p>\n\n\n\n
At first, update system. Via dnf (DNF  is the next upcoming major version of YUM, a package manager for RPM-based Linux distributions. It roughly maintains CLI compatibility with YUM and defines a strict API for  extensions and plugins.)<\/p>\n\n\n\n
dnf update -y<\/pre>\n\n\n\n
Next, we install and create empty database for our nextcloud. Then we start it and enable for autostart after boot.
 If you wish, you can skip installations of MariaDB and you can use built-in SQLite. Then you can continue with installing apache web server.<\/p>\n\n\n\n
dnf -y install mariadb-server\n...\nsystemctl start mariadb\nsystemctl enable mariadb<\/pre>\n\n\n\n
Now, we run post installation script to finish setting up mariaDB server:<\/p>\n\n\n\n
mysql_secure_installation\nSet root password? [Y\/n] y\nRemove anonymous users? [Y\/n] y\nDisallow root login remotely? [Y\/n] y\nRemove test database and access to it? [Y\/n] y\nReload privilege tables now? [Y\/n] y<\/pre>\n\n\n\n
Now, we can create a database for nextcloud.<\/p>\n\n\n\n
mysql -u root -p\n...\nCREATE DATABASE nextcloud;\nGRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost' IDENTIFIED BY 'YOURPASSWORD';\nFLUSH PRIVILEGES;\nexit;<\/pre>\n\n\n\n
Now, we install Apache web server, and we start it and enable for autostart after boot:<\/p>\n\n\n\n
dnf install httpd -y\nsystemctl start httpd.service\nsystemctl enable httpd.service<\/pre>\n\n\n\n
And set up firewall fow port http\/80 and ssh\/20 only:<\/p>\n\n\n\n
systemctl status httpd\nfirewall-cmd --list-all\nfirewall-cmd --zone=public --permanent --remove-service=dhcpv6-client\nfirewall-cmd --zone=public --permanent --add-service=http\nfirewall-cmd --reload<\/pre>\n\n\n\n
Now point your browser to this server and look, if you see a Apache test page.<\/p>\n\n\n\n
Now we can install php. Nextcloud (at this time is version 18.0.1) and support PHP (7.1, 7.2 or 7.3). So I use remi repositories and install php 7.3:<\/p>\n\n\n\n
dnf -y install dnf-utils http:\/\/rpms.remirepo.net\/enterprise\/remi-release-8.rpm\ndnf module list php\ndnf module reset php\ndnf module enable php:remi-7.3\ndnf info php\ndnf install php php-gd php-mbstring php-intl php-pecl-apcu php-mysqlnd php-pecl-imagick.x86_64 php-ldap php-pecl-zip.x86_64 php-process.x86_64\nphp -v\nphp --ini |grep Loaded\nsed -i \"s\/post_max_size = 8M\/post_max_size = 500M\/\" \/etc\/php.ini\nsed -i \"s\/upload_max_filesize = 2M\/upload_max_filesize = 500M\/\" \/etc\/php.ini\nsed -i \"s\/memory_limit = 128M\/memory_limit = 512M\/\" \/etc\/php.ini\nsystemctl start php-fpm.service\nsystemctl enable php-fpm.service<\/pre>\n\n\n\n
And now, we can install nextcloud:<\/p>\n\n\n\n
mkdir -p \/var\/www\/html\/nextcloud\/data\ncd \/var\/www\/html\/nextcloud\/\nmount \/dev\/mapper\/nextcloud-data \/var\/www\/html\/nextcloud\/data\/\nwget https:\/\/download.nextcloud.com\/server\/releases\/nextcloud-18.0.1.zip\nunzip nextcloud-18.0.1.zip\nrm nextcloud-18.0.1.zip\nmv nextcloud\/* .\nmv nextcloud\/.htaccess .\nmv nextcloud\/.user.ini .\nrmdir nextcloud\/\nmkdir \/var\/www\/html\/nextcloud\/data\nchown -R apache:apache \/var\/www\/html\/nextcloud\/\nfind \/var\/www\/html\/nextcloud\/ -type d -exec chmod 750 {} \\; \nfind \/var\/www\/html\/nextcloud\/ -type f -exec chmod 640 {} \\;<\/pre>\n\n\n\n
Now create configuration file for nextcloud in httpd:<\/p>\n\n\n\n
vim \/etc\/httpd\/conf.d\/nextcloud.conf<\/pre>\n\n\n\n
<VirtualHost *:80>\n  DocumentRoot \/var\/www\/html\/nextcloud\/\n  ServerName  your.server.com\n\n  <Directory \/var\/www\/html\/nextcloud\/>\n    Require all granted\n    AllowOverride All\n    Options FollowSymLinks MultiViews\n\n    <IfModule mod_dav.c>\n      Dav off\n    <\/IfModule>\n\n  <\/Directory>\n<\/VirtualHost><\/code><\/pre>\n\n\n\n
apachectl graceful<\/pre>\n\n\n\n
Refer to nextcloud admin manual, you can run into permissions problems. Run these commands as root to adjust permissions:<\/p>\n\n\n\n
semanage fcontext -a -t httpd_sys_rw_content_t '\/var\/www\/html\/nextcloud\/data(\/.*)?'\nsemanage fcontext -a -t httpd_sys_rw_content_t '\/var\/www\/html\/nextcloud\/config(\/.*)?'\nsemanage fcontext -a -t httpd_sys_rw_content_t '\/var\/www\/html\/nextcloud\/apps(\/.*)?'\nsemanage fcontext -a -t httpd_sys_rw_content_t '\/var\/www\/html\/nextcloud\/.htaccess'\nsemanage fcontext -a -t httpd_sys_rw_content_t '\/var\/www\/html\/nextcloud\/.user.ini'\nrestorecon -Rv '\/var\/www\/html\/nextcloud\/'<\/pre>\n\n\n\n
If you see error \u201c-bash: semanage: command not found\u201d, install packages:<\/p>\n\n\n\n
dnf provides \/usr\/sbin\/semanage\ndnf install policycoreutils-python-utils-2.9-3.el8_1.1.noarch<\/pre>\n\n\n\n
Now, we can check via built-in php scripts, in what state we are:<\/p>\n\n\n\n
cd \/var\/www\/html\/nextcloud\/\nsudo -u apache php occ -h\nsudo -u apache php occ -V\nsudo -u apache php occ status<\/pre>\n\n\n\n
And finally, we can access our nextcloud and set up administrators password via our web: http:\/\/you-ip\/<\/p>\n\n\n\n
If you see default httpd welcome page, disable all lines in: \/etc\/httpd\/conf.d\/welcome.conf
Now you must complete the installation via web interface. Set  Administrator\u2019s password and locate to MariaDB with used credentials:<\/p>\n\n\n\n
Database user: nextclouduser\nDatabase password: YOURPASSWORD\nDatabase name: nextcloud\nhost: localhost<\/pre>\n\n\n\n
In settings of nextcloud, go to section Administration > Overview. You can see some problems. If so, try to fix it. I had three problems. No apcu memory cache configured. So add at nextcloud config.php:<\/p>\n\n\n\n
'memcache.local' => '\\OC\\Memcache\\APCu',<\/pre>\n\n\n\n
Then I must edit som php variables, to set properly opcache: edit and adjust:<\/p>\n\n\n\n
vim \/etc\/php.d\/10-opcache.ini<\/pre>\n\n\n\n
Then I must edit httpd setting, because .htaccess wont working. So change apache config:<\/p>\n\n\n\n
vim \/etc\/httpd\/conf\/httpd.conf\n\nsection<\/em>: Directory \"\/var\/www\/html\"\nAllowOverride None\nchange to:<\/em> \nAllowOverride All<\/pre>\n\n\n\n
And gracefuly restart apache:<\/p>\n\n\n\n
apachectl graceful<\/pre>\n\n\n\n
Next, I find out, that my nextcloud instance cannot connect to internet and checks for update. I think, that this is on selinux (enforcing mode). So run check and find out, what is happening:<\/p>\n\n\n\n
sealert -a \/var\/log\/audit\/audit.log<\/pre>\n\n\n\n
And the result:<\/p>\n\n\n\n
SELinux is preventing \/usr\/sbin\/php-fpm from name_connect access on the tcp_socket port 80\nAdditional Information:\nSource Context                system_u:system_r:httpd_t:s0\nSource Path                   \/usr\/sbin\/php-fpm\nPort                          80\nSelinux Enabled               True\nPolicy Type                   targeted\nEnforcing Mode                Enforcing\n---------\nIf you believe that php-fpm should be allowed name_connect access on the port 80 tcp_socket by default.\nIf you want to allow httpd to can network connect\nThen you must tell SELinux about this by enabling the 'httpd_can_network_connect' boolean.<\/pre>\n\n\n\n
So I allow httpd to can network connect via:<\/p>\n\n\n\n
setsebool -P httpd_can_network_connect 1<\/pre>\n\n\n\n
And that is complete. If you wont secure http (https), try to find out another post on this page.<\/p>\n\n\n\n
Have fun<\/p>\n ","protected":false},"excerpt":{"rendered":"
I create a basic installation of Centos 8 stream from iso: CentOS-Stream-8-x86_64-20191219-boot.iso During installation I choose minimal applications and standard utilities. Please, enable, network time and set lvm for virtio disk. I set password for root and create a new user, which have root privileges. After instalation, I create and LVM encrypted partition, to store … Continue reading How to install nextcloud v18 on Centos 8 Stream<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[95,116,119,118,94,97,51,96,70,117,115],"class_list":["post-530","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-apache","tag-centos-8","tag-cryptsetup","tag-dnf","tag-httpd","tag-luks","tag-lvm","tag-mariadb","tag-nextcloud","tag-php-7-3","tag-selinux"],"_links":{"self":[{"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/posts\/530","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=530"}],"version-history":[{"count":14,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/posts\/530\/revisions"}],"predecessor-version":[{"id":717,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/posts\/530\/revisions\/717"}],"wp:attachment":[{"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}