Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi

JaredBusch

So you now have a nice pretty private file sync install, except it is not using SSL!
That is not secure!
Well, the Let's Encrypt project fixes that for us.

Note: If you are running behind a proxy on another local host, there is no need to setup SSL as your proxy should handle the SSL termination.

I need to clean this up to use some sed commands to simplify but did not have time to test that.

#install certbot with the apache plugin for SSL
yum -y install mod_ssl python-certbot-apache

#restart apache
systemctl restart httpd

#open the firewall for https
firewall-cmd --zone=public --add-port=https/tcp --permanent
#reload the firewall
firewall-cmd --reload

Now you can run certbot

#run certbot to get your SSL certificate, you will a warning that it could not update a vhost file. That is because there is not one named to match the domain. That is beyond the scope of this guide.
certbot --apache certonly --email [email protected] --domain nexcloud.domain.com --agree-tos --non-interactive

now update apache to look for the cert files.

#update ssl.conf
nano /etc/httpd/conf.d/ssl.conf
#replace
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/letsencrypt/live/nextcloud.domain.com/cert.pem

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.domain.com/privkey.pem

SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
SSLCertificateChainFile /etc/letsencrypt/live/nextcloud.domain.com/chain.pem

#restart apache
systemctl restart httpd

remove the ability to use http by removing the allow in the firewall.

#remove the allow for http
firewall-cmd --zone=public --remove-port=80/tcp --permanent
#reload the firewall
firewall-cmd --reload

#navigate to your site via SSL
https://nextcloud.domain.com

JaredBusch

If you are running your Nexcloud instance behind a reverse proxy that handles the SSL, then your links may all be going out as http instead of https.

This is because Nextcloud tries to figure this out on its own and it only sees the http connection hitting it. You can override this default behavior by updating the Nextcloud config.php to contain the following line.

'overwriteprotocol' => 'https',

Alex Sage

@JaredBusch I'll be texting in a few hours

JaredBusch

If I have time today, I will do this again and get some screenshots of the browser wizard filled out with the examples as listed above.

Alex Sage

@JaredBusch I am thinking about scripting it out, unless you already have started on it?

JaredBusch

@aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

@JaredBusch I am thinking about scripting it out, unless you already have started on it?

There is no point in something like that. If you want an invisible install, use the official appliance.
https://nextcloud.com/install/#instructions-server
https://www.techandme.se/nextcloud-vm/

Guides like this are for education as well as to provide clear instructions for a manual setup.

Once I spend a few minutes figuring out the proper sed statements, this entire thing can be concatenated into a one liner with ; separators. That is not the point.

Alex Sage

@JaredBusch said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

There is no point in something like that. If you want an invisible install, use the official appliance.

I could, but I trust you, and I have no idea what is in the official appliance

Also it runs on Ubuntu, and I like Cent OS since I am studying for my RHCSA.

scottalanmiller

@aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

@JaredBusch I am thinking about scripting it out, unless you already have started on it?

Going to Ansible or something like that is like a scripted install, but more automated and, if created idempotently, can be used to enforce consistency down the road. If you were to take the time to script the install here, it's worth considering moving to that approach. No need for an infrastructure to do that, you can just store an Ansible playbook on GIT or similar (there is free hosting out there for that) then just pull it from there.

scottalanmiller

@aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

@JaredBusch I'll be texting in a few hours

Hopefully not while driving

Alex Sage

@scottalanmiller hey it was 4AM lol

scottalanmiller

@aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

@scottalanmiller hey it was 4AM lol

Way too late to be texting then

Emad R

Hi,

I did the above steps starting from Centos 7 1611 minimal updated.

Got the above results ...

I tried disabling selinux
Changing permissions to 0777 on /var/www/html/nextcloud
disabling the firewalld
same results

I made sure that I am doing everything as above

Thank you for your hard work, and guide. I prefer using it cause your are using PHP7 unlike the rest.

scottalanmiller

Do a netstat -tulpn to see what it is listening for.

Alex Sage

@msff-amman-Itofficer also double check the firewall

JaredBusch

@msff-amman-Itofficer at what point in the guide are you?

scottalanmiller

@aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

@msff-amman-Itofficer also double check the firewall

The forbidden error means that the firewall is open.

JaredBusch

The default log file is nextcloud.log located in /var/www/html/nextcloud/data.

tail /var/www/html/nextcloud/data/nextcloud.log

JaredBusch

Here is what my systemlooks like:

ls -lZ /var/www/html
drwxr-xr-x. root apache unconfined_u:object_r:httpd_sys_content_t:s0 nextcloud

ls -lZ /var/www/html/nextcloud/
drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 3rdparty
drwxr-x---. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 apps
drwxr-x---. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 assets
-rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 AUTHORS
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 config
-rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 console.php
drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 core
-rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 cron.php
lrwxrwxrwx. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 data -> /home/nc_data
-rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 db_structure.xml
drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 etc
-rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 index.html
-rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 index.php
drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 l10n
drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 lib
-rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 occ
drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 ocs
drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 ocs-provider
-rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 public.php
-rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 remote.php
drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 resources
-rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 robots.txt
drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 settings
-rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 status.php
drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 themes
drwxr-x---. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 updater
-rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 version.php

Since I made a symlink to my data directory I had to deviate a bit from the guide personally.

ls -lZ /home/
drwxrwx---. root apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 nc_data

ls -lZ /home/nc_data/
drwxr-xr-x. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 appdata_ocuy4ccap2ee
drwxr-xr-x. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 files_external
-rw-r--r--. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 index.html
drwxr-xr-x. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 jbusch
-rw-r-----. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 nextcloud.log
-rw-r--r--. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 themedinstancelogo

Emad R

@JaredBusch @scottalanmiller

Log have not been created

Emad R

@JaredBusch said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

ide are you?

Finished it completely.