Install NextCloud in CentOS 7

1. yum -y update
2. systemctl disable firewalld
3. Add new repository

yum install http://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/ius-release-1.0-13.ius.centos7.noarch.rpm

yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

4. Install required 9 package:

yum install httpd

yum install mariadb-server

yum install mod_php70uphp70u-gd php70u-json php70u-mysqlnd php70u-mbstring php70u-intl php70u-mcryptphp70u-pecl-imagick php70u-xml

5. Install Optional 5 Package:

yum install php70u-ldapphp70u-pecl-smbclient php70u-imap php70u-gmp php70u-opcache

6. Enable and start apache

systemctl enable httpd

systemctl start httpd

7. Database config:
   1. Enable MariaDB to automatically start after server reboot:

systemctl enable mariadb

2. Start MariaDB:

systemctl start mariadb

3. Now run the post installation security script:
4. mysql_secure_installation
5. Login mariadb

mysql -u root -p

6. Create database and user; grant access to the user

CREATE DATABASE nextcloud;

CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY'yourpassword';

GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost' IDENTIFIEDBY 'yourpassword' WITH GRANT OPTION;

FLUSH PRIVILEGES;

7. Set binlong format

SET GLOBAL binlog_format = 'MIXED';

EXIT;

8. Download and install nextcloud
   1. Go to the path

Cd

2. Download the installation file

Yuminstall wget

wget https://download.nextcloud.com/server/releases/nextcloud-12.0.3.zip

3. Install tools and unzip the file

sudo yum install unzip -y

unzip nextcloud-12.0.3.zip

4. Move to theweb root folder and grant access

mv nextcloud/* /var/www/html

cd nextcloud

mv .htaccess /var/www/html/.htaccess

mv .user.ini /var/www/html/.user.ini

mkdir /var/www/html/data

chown apache:apache -R /var/www/html

9. ConfigApacheserver

cd /etc/httpd/conf

cp httpd.conf /etc/httpd/conf/httpd.conf.backup

vihttpd.conf

<Directory/var/www/html/>
  Options +FollowSymlinks
  AllowOverride All

  Options +FollowSymlinks

  AllowOverride All

<IfModulemod_dav.c>

  Dav off

 </IfModule>

SetEnv HOME /var/www/html

 SetEnv HTTP_HOME /var/www/html

</Directory>

 

10. ConfigPHPmoudle

cd/etc/php.d

vi10-opcache.ini

The PHP OPcache is not properly configured. For better performance we recommend to use following settings in the php.ini:

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

 

11. Install selinux policy management tools

yum-y install policycoreutils-python

12. Setting the selinux policy

vi/etc/selinux/config

SELINUX=disabled

setenforce0

getenforceto check the status.

 

semanage fcontext -a -t httpd_sys_rw_content_t'/var/www/html/html/data(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t'/var/www/html/html/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t'/var/www/html/html/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/html/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/html/.user.ini'

semanage fcontext -a -t httpd_sys_rw_content_t'/var/www/html/html/config(/.*)?'

semanage fcontext -a -t httpd_sys_rw_content_t'/var/www/html/html/apps(/.*)?'

semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/html/.htaccess'

semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/html/.user.ini'

restorecon -Rv '/var/www/html/html/'

13. Restart httpd service

Servicehttpd restart

 

14. Install redis and php-pecl-redis

yum install php70u-pecl-redis

yum install redis

systemctl enable redis

systemctl start redis

systemctl status redis

15. Config for the next cloud

vi /var/www/html/conf/config.php

 

'filelocking.enabled' => true,

'memcache.locking' => '\OC\Memcache\Redis',

'redis' => array(

     'host' =>'localhost',

     'port' => 6379,

     'timeout' => 0.0,

     'password' => '',// Optional, if not defined no password will be used.

      ),

16. Config the SSL

 

yum install mod_ssl openssl

#产生私钥
openssl genrsa -out ca.key 2048
# 产生 CSR
openssl req -new -key ca.key -out ca.csr
# 产生自我签署的金钥
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
# 复制文件至正确位置
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

假如你迁移了这些文件而不是复制它们，你可以用以下的指命来矫正这些文件的 SELinux脉络，因为 /etc/pki/*的正确脉络定义已包含在 SELinux政策里。

estorecon -RvF /etc/pki

接著我们须要更新 Apache SSL的配置文件

i +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf

请修改路径至金钥文件的存储位置。如果你采用上面的方法，这会是

SLCertificateFile /etc/pki/tls/certs/ca.crt

然后在再低数行的位置为凭证金钥文件设置正确路径。如果你按照上面的指引，这会是：

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

 

17. Add more to http.conf

vi/etc/httpd/conf

 

<VirtualHost *:80>

   ServerName172.21.183.129

   Redirect permanent / https://172.21.183.129/

</VirtualHost>

 

 

<VirtualHost *:443>

  ServerName172.21.183.129

    <IfModulemod_headers.c>

      Header always setStrict-Transport-Security "max-age=15552000; includeSubDomains"

    </IfModule>

 </VirtualHost>