Setup Nextcloud 19.0.4 on Fedora 32

JaredBusch

Been a while, but I had a need to set up a new instance. I went with Nextcloud 19.0.4 because I will be migrating another Nextcloud 19.0.4 instance that is running on CentOS 7 to this new instance on Fedora 32.

Let's get right to it. Like my more recent guides, I will make use of environment variables. This means you cannot close out your terminal session until this is complete, or you will have to wipe the instance and start from scratch.

Admin user username for the Web interface

# Obviously, change this to the admin username you want.
export ADMIN_USER='guiadmin'

Admin user password for the web interface

# If you do not want a random password, put somthing here that you want.
export ADMIN_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24)"

I highly recommend not changing anything else unless you know what you are doing.

Root password for MariaDB

export DB_ROOT_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24)"

Database name to use for application

export DB_NAME='nextcloud'

Database user to use for application

export DB_USER='nc_user'

Generate a random password for the nextcloud database user

export DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24)"

The location to install nextcloud (it will be a subfolder of this)

export WWW_PATH='/var/www/html'

The subfolder nextcloud will be named

export APP_FOLDER='nextcloud'

The full path the data folder will be located

If you know what you are doing and will have the data on another disk, I still recommend mounting said disk to this location.

export DATA_PATH=$WWW_PATH/$APP_FOLDER'/data'

I broke out all of the package installs by what they are for.
I feel this helps with the learning/understanding for someone following this guide.
These could just be one long command line.

Optional Management Packages

# These are tools I use on pretty much every Fedora instance
# Configuration of them, if required, is not covered here.
sudo dnf install -y nano sysstat glances htop dnf-automatic

Required Packages

sudo dnf install -y httpd mariadb mariadb-server php wget policycoreutils-python-utils tar bzip2 mod_ssl

Required PHP Packages

sudo dnf install -y php-common php-gd php-json php-xml php-mbstring php-process php-pecl-zip

Required PHP Package for MariaDB backend

sudo dnf install -y php-mysqlnd

Optional Redis Cache

sudo dnf install -y redis php-pecl-redis5

Optional PHP Packages, mostly to clear warnings in dashboard.

See official guide for sub-systems that actually use these

sudo dnf install -y php-pecl-imagick php-bcmath php-gmp php-intl

Create the root directory to extract nextcloud into

sudo mkdir -p $WWW_PATH/$APP_FOLDER

Get NextCloud

wget https://download.nextcloud.com/server/releases/nextcloud-19.0.4.tar.bz2

Extract NextCloud

sudo tar xvf nextcloud-19.0.4.tar.bz2 --strip-components 1 -C $WWW_PATH/$APP_FOLDER

Remove the downloaded file

rm *.bz2

Create the data directory

sudo mkdir -p $DATA_PATH

Set ownership of the app and data folders to the http user

sudo chown apache:apache -R $WWW_PATH/$APP_FOLDER
sudo chown apache:apache $DATA_PATH

Create the nextcloud apache config file

sudo tee -a /etc/httpd/conf.d/nextcloud.conf > /dev/null << EOF
Alias /nextcloud "/var/www/html/nextcloud/"
<Directory "/var/www/html/nextcloud">
  Options +FollowSymLinks
  AllowOverride All
  <IfModule mod_dav.c>
        Dav off
  </IfModule>
  SetEnv HOME /var/www/html/nextcloud
  SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>
<Directory "/var/www/nextcloud/data/">
  # just in case if .htaccess gets disabled
    Require all denied
</Directory>
<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
EOF

Open the firewall for https only

sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --reload

Start mariadb and set to start on boot

sudo systemctl enable --now mariadb

Start redis (used for memcache)

sudo systemctl enable --now redis

Create Database and user with session variables

sudo mysql -e "CREATE DATABASE $DB_NAME;"
sudo mysql -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
sudo mysql -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost';"
sudo mysql -e "FLUSH PRIVILEGES;"

Secure MariaDB (this does what mysql_secure_installation performs without interaction)

sudo mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
sudo mysql -e "DELETE FROM mysql.user WHERE User='';"
sudo mysql -e "FLUSH PRIVILEGES;"
sudo mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$DB_ROOT_PASS';"

Allow the webserver to send email and connect to the network

sudo setsebool -P httpd_can_sendmail 1
sudo setsebool -P httpd_can_network_connect 1

Set SELinux HTTPD_RW on app and data folders so the GUI based updater can run

sudo semanage fcontext -a -t httpd_sys_rw_content_t "${WWW_PATH}/${APP_FOLDER}(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t "${DATA_PATH}(/.*)?"
sudo restorecon -FR $WWW_PATH/$APP_FOLDER
sudo restorecon -FR $DATA_PATH

If your data folder is a subfolder of the root (default for this guide), you will see this error. That is normal.
ValueError: File context for /var/www/html/nextcloud/data(/.*)? already defined

Update PHP memory limit

sudo sed -i -e 's/memory_limit.*/memory_limit = 512M/' /etc/php.ini

Install the instance

sudo -u apache php $WWW_PATH/$APP_FOLDER/occ maintenance:install --database "mysql" --database-name $DB_NAME --database-user $DB_USER --database-pass $DB_PASS --admin-user $ADMIN_USER --admin-pass $ADMIN_PASS --data-dir $DATA_PATH

Mark the ip address as a trusted host

sudo -u apache php $WWW_PATH/$APP_FOLDER/occ config:system:set trusted_domains 1 --value=$(ip a sh | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')

Remove the last line of the nextcloud config file

sudo sed -i -e '$d' $WWW_PATH/$APP_FOLDER/config/config.php

Append the Pretty URL setting and force SSL

sudo tee -a $WWW_PATH/$APP_FOLDER/config/config.php > /dev/null << EOF
  'htaccess.RewriteBase' => '/',
  'overwriteprotocol' => 'https',
EOF

Append the redis cache settings

sudo tee -a $WWW_PATH/$APP_FOLDER/config/config.php > /dev/null << EOF
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'localhost',
    'port' => 6379,
  ),
);
EOF

Update Apache's document root.

sudo sed -i 's#\(^DocumentRoot\).*$#\1 "'$WWW_PATH/$APP_FOLDER\"# /etc/httpd/conf/httpd.conf

Update the .htaccess file

sudo -u apache php $WWW_PATH/$APP_FOLDER/occ maintenance:update:htaccess

Start Apache and enable for reboot.

sudo systemctl enable --now httpd

Update the PHP Opcache config

# maybe not needed anymore, only this setting is different than default
sudo sed -i -e 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=1/' /etc/php.d/10-opcache.ini;
sudo systemctl restart php-fpm

Create a file with the setup information used.

cat >> setup.info << EOF
MySql Database Name     : $DB_NAME
Database User           : $DB_USER
Database User Password  : $DB_PASS
Database Root Password  : $DB_ROOT_PASS
GUI Admin User          : $ADMIN_USER
GUI Admin User Password : $ADMIN_PASS
EOF

Your installation is now complete.

A record of random passwords was saved to ~/setup.info"
Or run this to see your GUI log in credentials.

echo "GUI Login: $ADMIN_USER / $ADMIN_PASS"

In the settings overview, you should see this after log in.

1337

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

session variables

What is that? I think you mean environment variables?

JaredBusch

@Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

session variables

What is that? I think you mean environment variables?

Yes. But I will almost 100% call them session variables. Similar to how I will almost 100% type doe snot when I want to say does not. I type that sooo much.

1337

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

@Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

session variables

What is that? I think you mean environment variables?

Yes. But I will almost 100% call them session variables. Similar to how I will almost 100% type doe snot when I want to say does not. I type that sooo much.

Yeah, I understand what you mean.

BTW, what does the now switch do here?
sudo systemctl enable --now mariadb

Isn't this enough?
sudo systemctl enable mariadb

JaredBusch

@Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

@Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

session variables

What is that? I think you mean environment variables?

Yes. But I will almost 100% call them session variables. Similar to how I will almost 100% type doe snot when I want to say does not. I type that sooo much.

Yeah, I understand what you mean.

BTW, what does the now switch do here?
sudo systemctl enable --now mariadb

Isn't this enough?
sudo systemctl enable mariadb

Been a while since I checked, but enable alone did not start the service. The --now switch starts it while enabling it to start on boot.
Basically the same as

systemctl start mariadb
systemctl enable mariadb

1337

@JaredBusch

Think you need some more sudo in the "Update the PHP Opcache config" section.

And I think you need to be root to create conf files under apache as well:
"Create the nextcloud apache config file" section

JaredBusch

Note to all, I have not yet ran though my instructions in one go. This is basically a copy paste of them as I built up the server.

I'll wipe it tomorrow and do it again to make sure the instructions are solid.

JaredBusch

@Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

And I think you need to be root to create conf files under apache as well:
"Create the nextcloud apache config file" section

No, because it is created in the local folder and then moved and permissions fixed.

Because you cannot sudo cat >> /restricted/folder/fuck.conf << EOF

1337

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

Note to all, I have not yet ran though my instructions in one go. This is basically a copy paste of them as I built up the server.

I'll wipe it tomorrow and do it again to make sure the instructions are solid.

Well, you did great work anyway. It takes a lot of time to make instructions.

1337

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

Because you cannot sudo cat >> /restricted/folder/fuck.conf << EOF

I wouldn't know. I just go root and go to work. I'm too lazy to type sudo a hundred times. Probably frowned upon but I don't care.

JaredBusch

@Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

Because you cannot sudo cat >> /restricted/folder/fuck.conf << EOF

I wouldn't know. I just go root and go to work. I'm too lazy to type sudo a hundred times. Probably frowned upon but I don't care.

I'm so used to typing sudo, I type it even when I sudo su - into root.

1337

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

@Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

Because you cannot sudo cat >> /restricted/folder/fuck.conf << EOF

I wouldn't know. I just go root and go to work. I'm too lazy to type sudo a hundred times. Probably frowned upon but I don't care.

I'm so used to typing sudo, I type it even when I sudo su - into root.

I've used debian a lot and sudo isn't even installed by default. Well, in a minimal install that is.

JaredBusch

@Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

I've used debian a lot and sudo isn't even installed by default. Well, in a minimal install that is.

Yeah, I learned that when I setup my current Unifi and UNMS controllers.

I run those on Debian, and no matter the OS, I always do minimal installs for server instances.

black3dynamite

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

@Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

And I think you need to be root to create conf files under apache as well:
"Create the nextcloud apache config file" section

No, because it is created in the local folder and then moved and permissions fixed.

Because you cannot sudo cat >> /restricted/folder/fuck.conf << EOF

Using sudo with tee works well.

sudo tee -a config.php  <<EOF
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'localhost',
    'port' => 6379,
  ),
);
EOF

JaredBusch

@black3dynamite said in Setup Nextcloud 19.0.4 on Fedora 32:

Using sudo with tee works well.

I'll try that when I redo the install.

I know I tried tee a couple years ago and things did not work right. I might have just screwed up the syntax, causing my own problems.

JaredBusch

@black3dynamite said in Setup Nextcloud 19.0.4 on Fedora 32:

Using sudo with tee works well.

Yeah, that works for the apache vhost file, and will work with the nextcloud config file once I work out what to do instead of head -n 1 for that.

JaredBusch

ok fixed. thanks.

sed '$d' for the win there.

black3dynamite

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

ok fixed. thanks.

sed '$d' for the win there.

Nice! I was about to post that command.

JaredBusch

@black3dynamite since you are better with sed than I am... Or at least better with Google and the man pages than I am..

How can I fix this to use the environment variables instead of manual.

This is part of the next step to use the "pretty URL" as it is called.
It works fine like this.

sudo sed -i -e 's/\(^DocumentRoot\s*\).*$/\1"\/var\/www\/html\/nextcloud"/' /etc/httpd/conf/httpd.conf

But I want it to use the above $WWW_PATH and $APP_FOLDER variables.

1337

@JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

@black3dynamite since you are better with sed than I am... Or at least better with Google and the man pages than I am..

How can I fix this to use the environment variables instead of manual.

This is part of the next step to use the "pretty URL" as it is called.
It works fine like this.
sudo sed -i -e 's/$^DocumentRoot\s*$.*$/\1"\/var\/www\/html\/nextcloud"/' /etc/httpd/conf/httpd.conf
But I want it to use the above $WWW_PATH and $APP_FOLDER variables.

What does the line do exactly?
Sets the DocumentRoot parameter to /var/www/html/nextcloud ?

~~What does $WWW_PATH and $APP_FOLDER contain?~~
Ah, the first post says: /var/www/html and nextcloud