This article mainly describes how to use Nginx and php7-fpm to install Nextcloud in CentOS7, will run Nextcloud through Nginx and PHP7-FPM, while using MariaDB as a database system.
Nextcloud is a free (open source) class Dropbox software that evolved from the OwnCloud branch. It is written in PHP and JavaScript and supports a variety of database systems such as MYSQL/MARIADB, PostgreSQL, Oracle database, and SQLite. It keeps your desktop and cloud files in sync, and Nextcloud provides client support for Windows, Linux, Mac, Android, and iphone. Nextcloud is not just a Dropbox clone, it also offers many additional features such as calendars, contacts, scheduled tasks, and streaming media ampache.
In this article, I'll show you how to install and configure the latest version of Nextcloud 10 on the CentOS 7 server. I will run Nextcloud through Nginx and PHP7-FPM, and use MariaDB as the database system.
Prerequisite
64-bit CentOS 7
Root Permissions for the server
Step 1-Install Nginx and PHP7-FPM in CentOS 7
Before starting the installation of Nginx and PHP7-FPM, we also learned to add the warehouse source of the EPEL package first. Use the following command:
Yum-y Install Epel-release
Now start installing Nginx from the EPEL warehouse:
Yum-y Install Nginx
Then we also need to add another repository for PHP7-FPM. There is a remote repository in the Internet that provides PHP 7 series packages, which I use in webtatic.
Add PHP7-FPM webtatic Warehouse:
RPM-UVH https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Then there are some packages that are required to install PHP7-FPM and Nextcloud.
Copy the Code code as follows:
Yum-y Install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-p Do Php70w-json PHP70W-PECL-APCU Php70w-pecl-apcu-devel
Finally, check the PHP version number from the server terminal to verify that PHP is installed correctly.
Php-v
Step 2-Configure PHP7-FPM
In this step, we will configure the PHP-FPM to run in conjunction with Nginx. PHP7-FPM will use nginx
the user to run and listen to the 9000
port.
Use Vim to edit the default php7-fpm configuration file.
Vim/etc/php-fpm.d/www.conf
In lines 8th and 10th, user
and group
assigned to nginx
.
user = Nginxgroup = Nginx
On line 22nd, make sure that PHP-FPM is running on the specified port.
Listen = 127.0.0.1:9000
Uncomment the 第366-370 line to enable the PHP-FPM system environment variable.
Env[hostname] = $HOSTNAMEenv [PATH] =/usr/local/bin:/usr/bin:/binenv[tmp] =/tmpenv[tmpdir] =/tmpenv[temp] =/tmp
Save the file and exit the Vim editor.
The next step is to /var/lib/
create a new folder in the session
directory and change its owner to the nginx
user.
Mkdir-p/var/lib/php/sessionchown nginx:nginx-r/var/lib/php/session/
Then start the PHP-FPM and Nginx and set them to the service that starts with the boot.
sudo systemctl start php-fpmsudo systemctl start Nginxsudo systemctl enable Php-fpmsudo Systemctl enable Nginx
PHP7-FPM Configuration Complete
Step 3-Install and configure MariaDB
I use MariaDB as the Nextcloud database here. You can yum
install packages directly from the CentOS default remote repository using commands mariadb-server
.
Yum-y Install mariadb Mariadb-server
Start MariaDB and add it to the service that is started with the system.
Systemctl start Mariadbsystemctl Enable MARIADB
Now start configuring the root user password for MariaDB.
Mysql_secure_installation
Type Y
, and then set the root password for MariaDB.
Set root Password? [y/n] Ynew password:re-enter new Password:remove anonymous users? [y/n] Ydisallow Root login remotely? [y/n] Yremove test database and access to it? [y/n] Yreload privilege tables now? [y/n] Y
This sets the password and now logs in to the MySQL shell and creates a new database and user for Nextcloud. Here I create nextcloud_db
the database named and the user named nextclouduser
, the user password is nextclouduser@
. Of course, you have to choose a more secure password for your own system.
Mysql-u root-p
Enter the MariaDB root password to log in to the MySQL shell.
Enter the following MySQL query statement to create a new database and user.
Create database Nextcloud_db;create user Nextclouduser@localhost identified by ' nextclouduser@ '; grant all privileges on n Extcloud_db.* to Nextclouduser@localhost identified by ' nextclouduser@ '; flush privileges;
nextcloud_db
Database and nextclouduser
database user creation complete
Step 4-Generate a self-signed SSL certificate for Nextcloud
In the tutorial, I'll have the client run Nextcloud with an HTTPS connection. You can use a free SSL certificate such as Let's encrypt, or create your own self-signed signed SSL certificate. Here I use OpenSSL to create my own self-signed SSL certificate.
To create a new directory for the SSL file:
Mkdir-p/etc/nginx/cert/
As below, use OpenSSL to generate a new SSL certificate.
Copy the Code code as follows:
OpenSSL req-new-x509-days 365-nodes-out/etc/nginx/cert/nextcloud.crt-keyout/etc/nginx/cert/nextcloud.key
Finally, use the chmod command to set the permissions for all certificate files to 600.
chmod 700/etc/nginx/certchmod 600/etc/nginx/cert/*
Step 5-Download and install Nextcloud
I wget
download Nextcloud directly to the server using the command, so I need to install it first wget
. In addition, installation is required unzip
for decompression. Use yum
the commands to install the two programs.
Yum-y Install wget Unzip
Go /tmp
to the catalogue and wget
download the latest Nextcloud 10 from the website.
Cd/tmpwget Https://download.nextcloud.com/server/releases/nextcloud-10.0.2.zip
Unzip the Nextcloud and move it to the /usr/share/nginx/html/
directory.
Unzip NEXTCLOUD-10.0.2.ZIPMV nextcloud//usr/share/nginx/html/
Next, go to the Nginx Web root directory to create a folder for Nextcloud data
.
Cd/usr/share/nginx/html/mkdir-p nextcloud/data/
nextcloud
the owner of the Change directory is a nginx
user and a group.
Chown Nginx:nginx-r nextcloud/
Step 6-Configure the virtual host for Nextcloud in Nginx
In step 5 we have downloaded the Nextcloud source code, and configured to let it run in the Nginx server, but we also need to configure it a virtual host. conf.d
Create a new virtual host configuration file in the Nginx directory nextcloud.conf
.
Cd/etc/nginx/conf.d/vim nextcloud.conf
Paste the following into the virtual host configuration file:
Upstream Php-handler {server 127.0.0.1:9000; #server Unix:/var/run/php5-fpm.sock;} server {Listen 80; server_name cloud.nextcloud.co; # Enforce HTTPS return 301 https://$server _name$request_uri;} server {listen 443 SSL; server_name cloud.nextcloud.co; SSL_CERTIFICATE/ETC/NGINX/CERT/NEXTCLOUD.CRT; Ssl_certificate_key/etc/nginx/cert/nextcloud.key; # ADD headers to serve security related headers # before enabling Strict-transport-security headers # Topic first. Add_header strict-transport-security "max-age=15768000; Includesubdomains; preload; "; Add_header x-content-type-options Nosniff; Add_header x-frame-options "Sameorigin"; Add_header x-xss-protection "1; Mode=block "; Add_header X-robots-tag None; Add_header x-download-options Noopen; Add_header x-permitted-cross-domain-policies None; # Path to the root of your installation root/usr/share/nginx/html/nextcloud/; Location =/robots.txt {Allow all; Log_not_found off; Access_logOff # The following 2 rules is only needed for the User_webfinger app. # Uncomment it if you ' re planning the use of this app. #rewrite ^/.well-known/host-meta/public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json/public.php?service=host-meta-json # last; Location =/.well-known/carddav {return 301 $scheme://$host/remote.php/dav; } location =/.well-known/caldav {return 301 $scheme://$host/remote.php/dav; } # Set Max upload size client_max_body_size 512M; Fastcgi_buffers 4K; # Disable gzip to avoid the removal of the ETAG header gzip off; # Uncomment if your server is a build with the Ngx_pagespeed module # This module was currently not supported. #pagespeed off; Error_page 403/core/templates/403.php; Error_page 404/core/templates/404.php; Location/{rewrite ^/index.php$uri; } location ~ ^/(?: Build|tests|config|lib|3rdparty|templates|data)/{deny all; } location ~ ^/(?: \.| Autotest|occ|issue|indie|db_|console) {Deny all; } location ~ ^/(?: index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/ TEMPLATES/40[34]) \.php (?: $|/) {include fastcgi_params; Fastcgi_split_path_info ^ (. +\.php) (/.*) $; Fastcgi_param script_filename $document _root$fastcgi_script_name; Fastcgi_param path_info $fastcgi _path_info; Fastcgi_param HTTPS on; #Avoid sending the security headers twice Fastcgi_param modheadersavailable true; Fastcgi_param front_controller_active true; Fastcgi_pass Php-handler; Fastcgi_intercept_errors on; Fastcgi_request_buffering off; } location ~ ^/(?: Updater|ocs-provider) (?: $|/) {try_files $uri/= 404; Index index.php; # Adding the cache control header for JS and CSS files # Make sure it's BELOW the PHP block location ~* \. (?: Css|js) $ {try_files $uri/index.php$uri$is_args$args; Add_header Cache-control "public, max-age=7200"; # ADD headers to serve security related headers (It's intended to # has those DUPLicated to the ones above) # before enabling strict-transport-security headers * Read into # This topic first. Add_header strict-transport-security "max-age=15768000; Includesubdomains; preload; "; Add_header x-content-type-options Nosniff; Add_header x-frame-options "Sameorigin"; Add_header x-xss-protection "1; Mode=block "; Add_header X-robots-tag None; Add_header x-download-options Noopen; Add_header x-permitted-cross-domain-policies None; # Optional:don ' t log access to assets access_log off; } location ~* \. (?: Svg|gif|png|html|ttf|woff|ico|jpg|jpeg) $ {try_files $uri/index.php$uri$is_args$args; # Optional:don ' t log access to other assets access_log off; }}
Save the file and exit vim.
Download Test the following Nginx configuration file for errors, if not, you can restart the service.
Nginx-tsystemctl Restart Nginx
Step 7-Configure SELinux and FirewallD rules for Nextcloud
In this tutorial, we will run SELinux in forced mode, so we need a selinux management tool to configure SELinux for Nextcloud.
Use the following command to install the SELinux management tool.
Yum-y Install Policycoreutils-python
Then run the following command as the root user to let the Nextcloud run under the SELinux environment. If you are using a directory of other names, remember to nextcloud
replace them.
Semanage fcontext-a-T httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data (/.*)? ' Semanage fcontext-a-T httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config (/.*)? ' Semanage fcontext-a-T httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps (/.*)? ' Semanage fcontext-a-T httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/assets (/.*)? ' Semanage fcontext-a-T httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess ' semanage fcontext-a-t httpd _sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini ' restorecon-rv '/usr/share/nginx/html/nextcloud/'
Next, we want to enable the FIREWALLD service while opening both HTTP and HTTPS ports for Nextcloud.
Start Firewalld and set up with system boot.
Systemctl start Firewalldsystemctl Enable Firewalld
Now use the Firewall-cmd command to turn on the HTTP and HTTPS ports, and then reload the firewall.
Firewall-cmd--permanent--add-service=httpfirewall-cmd--permanent--add-service=httpsfirewall-cmd--reload
At this point, the server configuration is complete.
Step 8-nextcloud Installation
Open your Web browser, enter the domain name you set for Nextcloud, I'll set it to cloud.nextcloud.co here, and redirect to a more secure HTTPS connection.
Set your Admin user name and password, then enter the data verification information and click ' Finish Setup'.
Nextcloud Installation
The Nextcloud admin panel is roughly as follows:
Nextcloud User settings:
Administrative settings:
At this point, we completed the installation of Nextcloud on the CentOS 7 server by using Nginx, PHP7-FPM, MariaDB.