Detailed description of how to use Nginx and PHP7-FPM installation in CentOS7 Nextcloud

Source: Internet
Author: User
Tags apcu mysql query free ssl free ssl certificate nginx server ssl certificate
This article mainly describes how to use Nginx and php7-fpm to install Nextcloud in CentOS7, will run Nextcloud through Nginx and PHP7-FPM, while using MariaDB as a database system.

Nextcloud is a free (open source) class Dropbox software that evolved from the OwnCloud branch. It is written in PHP and JavaScript and supports a variety of database systems such as MYSQL/MARIADB, PostgreSQL, Oracle database, and SQLite. It keeps your desktop and cloud files in sync, and Nextcloud provides client support for Windows, Linux, Mac, Android, and iphone. Nextcloud is not just a Dropbox clone, it also offers many additional features such as calendars, contacts, scheduled tasks, and streaming media ampache.

In this article, I'll show you how to install and configure the latest version of Nextcloud 10 on the CentOS 7 server. I will run Nextcloud through Nginx and PHP7-FPM, and use MariaDB as the database system.


    1. 64-bit CentOS 7

    2. Root Permissions for the server

Step 1-Install Nginx and PHP7-FPM in CentOS 7

Before starting the installation of Nginx and PHP7-FPM, we also learned to add the warehouse source of the EPEL package first. Use the following command:

Yum-y Install Epel-release

Now start installing Nginx from the EPEL warehouse:

Yum-y Install Nginx

Then we also need to add another repository for PHP7-FPM. There is a remote repository in the Internet that provides PHP 7 series packages, which I use in webtatic.

Add PHP7-FPM webtatic Warehouse:


Then there are some packages that are required to install PHP7-FPM and Nextcloud.

Copy the Code code as follows:

Yum-y Install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-p Do Php70w-json PHP70W-PECL-APCU Php70w-pecl-apcu-devel

Finally, check the PHP version number from the server terminal to verify that PHP is installed correctly.


Step 2-Configure PHP7-FPM

In this step, we will configure the PHP-FPM to run in conjunction with Nginx. PHP7-FPM will use nginx the user to run and listen to the 9000 port.

Use Vim to edit the default php7-fpm configuration file.


In lines 8th and 10th, user and group assigned to nginx .

user = Nginxgroup = Nginx

On line 22nd, make sure that PHP-FPM is running on the specified port.

Listen =

Uncomment the 第366-370 line to enable the PHP-FPM system environment variable.

Env[hostname] = $HOSTNAMEenv [PATH] =/usr/local/bin:/usr/bin:/binenv[tmp] =/tmpenv[tmpdir] =/tmpenv[temp] =/tmp

Save the file and exit the Vim editor.

The next step is to /var/lib/ create a new folder in the session directory and change its owner to the nginx user.

Mkdir-p/var/lib/php/sessionchown nginx:nginx-r/var/lib/php/session/

Then start the PHP-FPM and Nginx and set them to the service that starts with the boot.

sudo systemctl start php-fpmsudo systemctl start Nginxsudo systemctl enable Php-fpmsudo Systemctl enable Nginx

PHP7-FPM Configuration Complete

Step 3-Install and configure MariaDB

I use MariaDB as the Nextcloud database here. You can yum install packages directly from the CentOS default remote repository using commands mariadb-server .

Yum-y Install mariadb Mariadb-server

Start MariaDB and add it to the service that is started with the system.

Systemctl start Mariadbsystemctl Enable MARIADB

Now start configuring the root user password for MariaDB.


Type Y , and then set the root password for MariaDB.

Set root Password? [y/n] Ynew password:re-enter new Password:remove anonymous users? [y/n] Ydisallow Root login remotely? [y/n] Yremove test database and access to it? [y/n] Yreload privilege tables now? [y/n] Y

This sets the password and now logs in to the MySQL shell and creates a new database and user for Nextcloud. Here I create nextcloud_db the database named and the user named nextclouduser , the user password is nextclouduser@ . Of course, you have to choose a more secure password for your own system.

Mysql-u root-p

Enter the MariaDB root password to log in to the MySQL shell.

Enter the following MySQL query statement to create a new database and user.

Create database Nextcloud_db;create user Nextclouduser@localhost identified by ' nextclouduser@ '; grant all privileges on n Extcloud_db.* to Nextclouduser@localhost identified by ' nextclouduser@ '; flush privileges;

nextcloud_db Database and nextclouduser database user creation complete

Step 4-Generate a self-signed SSL certificate for Nextcloud

In the tutorial, I'll have the client run Nextcloud with an HTTPS connection. You can use a free SSL certificate such as Let's encrypt, or create your own self-signed signed SSL certificate. Here I use OpenSSL to create my own self-signed SSL certificate.

To create a new directory for the SSL file:


As below, use OpenSSL to generate a new SSL certificate.

Copy the Code code as follows:

OpenSSL req-new-x509-days 365-nodes-out/etc/nginx/cert/nextcloud.crt-keyout/etc/nginx/cert/nextcloud.key

Finally, use the chmod command to set the permissions for all certificate files to 600.

chmod 700/etc/nginx/certchmod 600/etc/nginx/cert/*

Step 5-Download and install Nextcloud

I wget download Nextcloud directly to the server using the command, so I need to install it first wget . In addition, installation is required unzip for decompression. Use yum the commands to install the two programs.

Yum-y Install wget Unzip

Go /tmp to the catalogue and wget download the latest Nextcloud 10 from the website.

Cd/tmpwget Https://

Unzip the Nextcloud and move it to the /usr/share/nginx/html/ directory.

Unzip NEXTCLOUD-10.0.2.ZIPMV nextcloud//usr/share/nginx/html/

Next, go to the Nginx Web root directory to create a folder for Nextcloud data .

Cd/usr/share/nginx/html/mkdir-p nextcloud/data/

nextcloud the owner of the Change directory is a nginx user and a group.

Chown Nginx:nginx-r nextcloud/

Step 6-Configure the virtual host for Nextcloud in Nginx

In step 5 we have downloaded the Nextcloud source code, and configured to let it run in the Nginx server, but we also need to configure it a virtual host. conf.d Create a new virtual host configuration file in the Nginx directory nextcloud.conf .

Cd/etc/nginx/conf.d/vim nextcloud.conf

Paste the following into the virtual host configuration file:

Upstream Php-handler {server; #server Unix:/var/run/php5-fpm.sock;}  server {Listen 80;  server_name; # Enforce HTTPS return 301 https://$server _name$request_uri;}  server {listen 443 SSL;  server_name;  SSL_CERTIFICATE/ETC/NGINX/CERT/NEXTCLOUD.CRT;  Ssl_certificate_key/etc/nginx/cert/nextcloud.key;   # ADD headers to serve security related headers # before enabling Strict-transport-security headers  # Topic first.  Add_header strict-transport-security "max-age=15768000; Includesubdomains;  preload; ";  Add_header x-content-type-options Nosniff;  Add_header x-frame-options "Sameorigin"; Add_header x-xss-protection "1;  Mode=block ";  Add_header X-robots-tag None;  Add_header x-download-options Noopen;  Add_header x-permitted-cross-domain-policies None;  # Path to the root of your installation root/usr/share/nginx/html/nextcloud/;    Location =/robots.txt {Allow all;    Log_not_found off; Access_logOff  # The following 2 rules is only needed for the User_webfinger app.  # Uncomment it if you ' re planning the use of this app.  #rewrite ^/.well-known/host-meta/public.php?service=host-meta last;  #rewrite ^/.well-known/host-meta.json/public.php?service=host-meta-json # last;  Location =/.well-known/carddav {return 301 $scheme://$host/remote.php/dav;  } location =/.well-known/caldav {return 301 $scheme://$host/remote.php/dav;  } # Set Max upload size client_max_body_size 512M;  Fastcgi_buffers 4K;  # Disable gzip to avoid the removal of the ETAG header gzip off;  # Uncomment if your server is a build with the Ngx_pagespeed module # This module was currently not supported.  #pagespeed off;  Error_page 403/core/templates/403.php;  Error_page 404/core/templates/404.php;  Location/{rewrite ^/index.php$uri;  } location ~ ^/(?: Build|tests|config|lib|3rdparty|templates|data)/{deny all; } location ~ ^/(?: \.| Autotest|occ|issue|indie|db_|console) {Deny all;  } location ~ ^/(?: index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/    TEMPLATES/40[34]) \.php (?: $|/) {include fastcgi_params;    Fastcgi_split_path_info ^ (. +\.php) (/.*) $;    Fastcgi_param script_filename $document _root$fastcgi_script_name;    Fastcgi_param path_info $fastcgi _path_info;    Fastcgi_param HTTPS on;    #Avoid sending the security headers twice Fastcgi_param modheadersavailable true;    Fastcgi_param front_controller_active true;    Fastcgi_pass Php-handler;    Fastcgi_intercept_errors on;  Fastcgi_request_buffering off;    } location ~ ^/(?: Updater|ocs-provider) (?: $|/) {try_files $uri/= 404;  Index index.php; # Adding the cache control header for JS and CSS files # Make sure it's BELOW the PHP block location ~* \.    (?: Css|js) $ {try_files $uri/index.php$uri$is_args$args;    Add_header Cache-control "public, max-age=7200"; # ADD headers to serve security related headers (It's intended to # has those DUPLicated to the ones above) # before enabling strict-transport-security headers * Read into # This topic first.    Add_header strict-transport-security "max-age=15768000; Includesubdomains;    preload; ";    Add_header x-content-type-options Nosniff;    Add_header x-frame-options "Sameorigin"; Add_header x-xss-protection "1;    Mode=block ";    Add_header X-robots-tag None;    Add_header x-download-options Noopen;    Add_header x-permitted-cross-domain-policies None;  # Optional:don ' t log access to assets access_log off; } location ~* \.    (?: Svg|gif|png|html|ttf|woff|ico|jpg|jpeg) $ {try_files $uri/index.php$uri$is_args$args;  # Optional:don ' t log access to other assets access_log off; }}

Save the file and exit vim.

Download Test the following Nginx configuration file for errors, if not, you can restart the service.

Nginx-tsystemctl Restart Nginx

Step 7-Configure SELinux and FirewallD rules for Nextcloud

In this tutorial, we will run SELinux in forced mode, so we need a selinux management tool to configure SELinux for Nextcloud.

Use the following command to install the SELinux management tool.

Yum-y Install Policycoreutils-python

Then run the following command as the root user to let the Nextcloud run under the SELinux environment. If you are using a directory of other names, remember to nextcloud replace them.

Semanage fcontext-a-T httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data (/.*)? ' Semanage fcontext-a-T httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config (/.*)? ' Semanage fcontext-a-T httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps (/.*)? ' Semanage fcontext-a-T httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/assets (/.*)? ' Semanage fcontext-a-T httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess ' semanage fcontext-a-t httpd _sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini ' restorecon-rv '/usr/share/nginx/html/nextcloud/'

Next, we want to enable the FIREWALLD service while opening both HTTP and HTTPS ports for Nextcloud.

Start Firewalld and set up with system boot.

Systemctl start Firewalldsystemctl Enable Firewalld

Now use the Firewall-cmd command to turn on the HTTP and HTTPS ports, and then reload the firewall.


At this point, the server configuration is complete.

Step 8-nextcloud Installation

Open your Web browser, enter the domain name you set for Nextcloud, I'll set it to here, and redirect to a more secure HTTPS connection.

Set your Admin user name and password, then enter the data verification information and click ' Finish Setup'.

Nextcloud Installation

The Nextcloud admin panel is roughly as follows:

Nextcloud User settings:

Administrative settings:

At this point, we completed the installation of Nextcloud on the CentOS 7 server by using Nginx, PHP7-FPM, MariaDB.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.