Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi



  • So you now have a nice pretty private file sync install, except it is not using SSL!
    That is not secure!
    Well, the Let's Encrypt project fixes that for us.

    Note: If you are running behind a proxy on another local host, there is no need to setup SSL as your proxy should handle the SSL termination.

    I need to clean this up to use some sed commands to simplify but did not have time to test that.

    #install certbot with the apache plugin for SSL
    yum -y install mod_ssl python-certbot-apache
    
    #restart apache
    systemctl restart httpd
    
    #open the firewall for https
    firewall-cmd --zone=public --add-port=https/tcp --permanent
    #reload the firewall
    firewall-cmd --reload
    

    Now you can run certbot

    #run certbot to get your SSL certificate, you will a warning that it could not update a vhost file. That is because there is not one named to match the domain. That is beyond the scope of this guide.
    certbot --apache certonly --email [email protected] --domain nexcloud.domain.com --agree-tos --non-interactive
    

    now update apache to look for the cert files.

    #update ssl.conf
    nano /etc/httpd/conf.d/ssl.conf
    #replace
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateFile /etc/letsencrypt/live/nextcloud.domain.com/cert.pem
    
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.domain.com/privkey.pem
    
    SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
    SSLCertificateChainFile /etc/letsencrypt/live/nextcloud.domain.com/chain.pem
    
    #restart apache
    systemctl restart httpd
    

    remove the ability to use http by removing the allow in the firewall.

    #remove the allow for http
    firewall-cmd --zone=public --remove-port=80/tcp --permanent
    #reload the firewall
    firewall-cmd --reload
    
    #navigate to your site via SSL
    https://nextcloud.domain.com
    

    0_1489698745153_upload-829d5a34-af1b-4900-887e-8684b3481dfc



  • If you are running your Nexcloud instance behind a reverse proxy that handles the SSL, then your links may all be going out as http instead of https.

    This is because Nextcloud tries to figure this out on its own and it only sees the http connection hitting it. You can override this default behavior by updating the Nextcloud config.php to contain the following line.

    'overwriteprotocol' => 'https',
    


  • @JaredBusch I'll be texting in a few hours 🙂



  • If I have time today, I will do this again and get some screenshots of the browser wizard filled out with the examples as listed above.



  • @JaredBusch I am thinking about scripting it out, unless you already have started on it?



  • @aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

    @JaredBusch I am thinking about scripting it out, unless you already have started on it?

    There is no point in something like that. If you want an invisible install, use the official appliance.
    https://nextcloud.com/install/#instructions-server
    https://www.techandme.se/nextcloud-vm/

    Guides like this are for education as well as to provide clear instructions for a manual setup.

    Once I spend a few minutes figuring out the proper sed statements, this entire thing can be concatenated into a one liner with ; separators. That is not the point.



  • @JaredBusch said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

    There is no point in something like that. If you want an invisible install, use the official appliance.

    I could, but I trust you, and I have no idea what is in the official appliance

    Also it runs on Ubuntu, and I like Cent OS since I am studying for my RHCSA.



  • @aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

    @JaredBusch I am thinking about scripting it out, unless you already have started on it?

    Going to Ansible or something like that is like a scripted install, but more automated and, if created idempotently, can be used to enforce consistency down the road. If you were to take the time to script the install here, it's worth considering moving to that approach. No need for an infrastructure to do that, you can just store an Ansible playbook on GIT or similar (there is free hosting out there for that) then just pull it from there.



  • @aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

    @JaredBusch I'll be texting in a few hours 🙂

    Hopefully not while driving 😉



  • @scottalanmiller hey it was 4AM lol



  • @aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

    @scottalanmiller hey it was 4AM lol

    Way too late to be texting then 😉



  • 1_1489607043027_2017-03-15 21_43_30-77.245.14.252 - vSphere Client.png 0_1489607043026_2017-03-15 21_43_42-77.245.14.252 - vSphere Client.png

    Hi,

    I did the above steps starting from Centos 7 1611 minimal updated.

    Got the above results ... 😞

    I tried disabling selinux
    Changing permissions to 0777 on /var/www/html/nextcloud
    disabling the firewalld
    same results

    I made sure that I am doing everything as above

    Thank you for your hard work, and guide. I prefer using it cause your are using PHP7 unlike the rest.



  • Do a netstat -tulpn to see what it is listening for.



  • @msff-amman-Itofficer also double check the firewall 😉



  • @msff-amman-Itofficer at what point in the guide are you?



  • @aaronstuder said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

    @msff-amman-Itofficer also double check the firewall 😉

    The forbidden error means that the firewall is open.



  • The default log file is nextcloud.log located in /var/www/html/nextcloud/data.

    tail /var/www/html/nextcloud/data/nextcloud.log


  • Here is what my systemlooks like:

    ls -lZ /var/www/html
    drwxr-xr-x. root apache unconfined_u:object_r:httpd_sys_content_t:s0 nextcloud
    
    ls -lZ /var/www/html/nextcloud/
    drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 3rdparty
    drwxr-x---. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 apps
    drwxr-x---. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 assets
    -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 AUTHORS
    drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 config
    -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 console.php
    drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 core
    -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 cron.php
    lrwxrwxrwx. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 data -> /home/nc_data
    -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 db_structure.xml
    drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 etc
    -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 index.html
    -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 index.php
    drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 l10n
    drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 lib
    -rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 occ
    drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 ocs
    drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 ocs-provider
    -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 public.php
    -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 remote.php
    drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 resources
    -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 robots.txt
    drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 settings
    -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 status.php
    drwxr-x---. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 themes
    drwxr-x---. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 updater
    -rw-r-----. root   apache unconfined_u:object_r:httpd_sys_content_t:s0 version.php
    

    Since I made a symlink to my data directory I had to deviate a bit from the guide personally.

    ls -lZ /home/
    drwxrwx---. root apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 nc_data
    
    ls -lZ /home/nc_data/
    drwxr-xr-x. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 appdata_ocuy4ccap2ee
    drwxr-xr-x. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 files_external
    -rw-r--r--. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 index.html
    drwxr-xr-x. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 jbusch
    -rw-r-----. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 nextcloud.log
    -rw-r--r--. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 themedinstancelogo
    


  • @JaredBusch @scottalanmiller

    0_1489610289562_2017-03-15 22_37_47-77.245.14.252 - vSphere Client.png

    Log have not been created



  • @JaredBusch said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

    ide are you?

    Finished it completely.



  • @JaredBusch

    Thanks this will help, will give it a detailed look but since its nearing night time where I live, I might try that tomorrow.



  • @msff-amman-Itofficer said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

    @JaredBusch said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

    ide are you?

    Finished it completely without any errors.

    Obviously not. List out our directory structure as I showed and compare what your permissions look like to what I listed



  • @JaredBusch

    I think its something related to HTTPS at this moment.

    1_1489611100139_2017-03-15 22_49_40-77.245.14.252 - vSphere Client.png 0_1489611100138_2017-03-15 22_49_23-77.245.14.252 - vSphere Client.png



  • @msff-amman-Itofficer said in Install NextCloud 11.0.2 on CentOS 7 with PHP 7.1 from Remi:

    @JaredBusch

    I think its something related to HTTPS at this moment.

    that is way beyond the first part of the guide.



  • If you got to the HTTPS setup, then you also did the section to complete the setup first? So this means it should have already been working.

    But that is not the case because there is no log file.



  • @msff-amman-Itofficer Your SELinux contexts are wrong.

    The config, data, and apps direcotry need RW access

    httpd_sys_rw_content_t



  • Guide updated to add allow for Redis network connect from HTTPD

    setsebool -P httpd_can_network_connect 1
    


  • @JaredBusch

    But i disabled selinux and the same issue occurred...

    I tried more with HTTPS self signed and also enabled SElinux and did your desired changes but same thing.

    I highly believe that if you start from fresh centos and did the above the same scenario will occur.



  • @msff-amman-Itofficer while that is of course possible those post instructions were posted after I had done a new install to verify my instructions from the first install so while possible I find it unlikely. Also I've already shown that you've got SE Lenix settings incorrect so you might also have other mistakes. Why don't you start over?



  • @msff-amman-Itofficer I am sitting down to lunch and spinning up a new instance on Vultr to test.