Setup Nextcloud 19.0.4 on Fedora 32



  • Been a while, but I had a need to set up a new instance. I went with Nextcloud 19.0.4 because I will be migrating another Nextcloud 19.0.4 instance that is running on CentOS 7 to this new instance on Fedora 32.

    Let's get right to it. Like my more recent guides, I will make use of environment variables. This means you cannot close out your terminal session until this is complete, or you will have to wipe the instance and start from scratch.

    Admin user username for the Web interface

    # Obviously, change this to the admin username you want.
    export ADMIN_USER='guiadmin'
    

    Admin user password for the web interface

    # If you do not want a random password, put somthing here that you want.
    export ADMIN_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24)"
    

    I highly recommend not changing anything else unless you know what you are doing.

    Root password for MariaDB

    export DB_ROOT_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24)"
    

    Database name to use for application

    export DB_NAME='nextcloud'
    

    Database user to use for application

    export DB_USER='nc_user'
    

    Generate a random password for the nextcloud database user

    export DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24)"
    

    The location to install nextcloud (it will be a subfolder of this)

    export WWW_PATH='/var/www/html'
    

    The subfolder nextcloud will be named

    export APP_FOLDER='nextcloud'
    

    The full path the data folder will be located

    If you know what you are doing and will have the data on another disk, I still recommend mounting said disk to this location.

    export DATA_PATH=$WWW_PATH/$APP_FOLDER'/data'
    

    I broke out all of the package installs by what they are for.
    I feel this helps with the learning/understanding for someone following this guide.
    These could just be one long command line.


    Optional Management Packages

    # These are tools I use on pretty much every Fedora instance
    # Configuration of them, if required, is not covered here.
    sudo dnf install -y nano sysstat glances htop dnf-automatic
    

    Required Packages

    sudo dnf install -y httpd mariadb mariadb-server php wget policycoreutils-python-utils tar bzip2 mod_ssl
    

    Required PHP Packages

    sudo dnf install -y php-common php-gd php-json php-xml php-mbstring php-process php-pecl-zip
    

    Required PHP Package for MariaDB backend

    sudo dnf install -y php-mysqlnd
    

    Optional Redis Cache

    sudo dnf install -y redis php-pecl-redis5
    

    Optional PHP Packages, mostly to clear warnings in dashboard.

    See official guide for sub-systems that actually use these

    sudo dnf install -y php-pecl-imagick php-bcmath php-gmp php-intl
    

    Create the root directory to extract nextcloud into

    sudo mkdir -p $WWW_PATH/$APP_FOLDER
    

    Get NextCloud

    wget https://download.nextcloud.com/server/releases/nextcloud-19.0.4.tar.bz2
    

    Extract NextCloud

    sudo tar xvf nextcloud-19.0.4.tar.bz2 --strip-components 1 -C $WWW_PATH/$APP_FOLDER
    

    Remove the downloaded file

    rm *.bz2
    

    Create the data directory

    sudo mkdir -p $DATA_PATH
    

    Set ownership of the app and data folders to the http user

    sudo chown apache:apache -R $WWW_PATH/$APP_FOLDER
    sudo chown apache:apache $DATA_PATH
    

    Create the nextcloud apache config file

    sudo tee -a /etc/httpd/conf.d/nextcloud.conf > /dev/null << EOF
    Alias /nextcloud "/var/www/html/nextcloud/"
    <Directory "/var/www/html/nextcloud">
      Options +FollowSymLinks
      AllowOverride All
      <IfModule mod_dav.c>
            Dav off
      </IfModule>
      SetEnv HOME /var/www/html/nextcloud
      SetEnv HTTP_HOME /var/www/html/nextcloud
    </Directory>
    <Directory "/var/www/nextcloud/data/">
      # just in case if .htaccess gets disabled
        Require all denied
    </Directory>
    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>
    EOF
    

    Open the firewall for https only

    sudo firewall-cmd --add-service=https --permanent
    sudo firewall-cmd --reload
    

    Start mariadb and set to start on boot

    sudo systemctl enable --now mariadb
    

    Start redis (used for memcache)

    sudo systemctl enable --now redis
    

    Create Database and user with session variables

    sudo mysql -e "CREATE DATABASE $DB_NAME;"
    sudo mysql -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
    sudo mysql -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost';"
    sudo mysql -e "FLUSH PRIVILEGES;"
    

    Secure MariaDB (this does what mysql_secure_installation performs without interaction)

    sudo mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
    sudo mysql -e "DELETE FROM mysql.user WHERE User='';"
    sudo mysql -e "FLUSH PRIVILEGES;"
    sudo mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$DB_ROOT_PASS';"
    

    Allow the webserver to send email and connect to the network

    sudo setsebool -P httpd_can_sendmail 1
    sudo setsebool -P httpd_can_network_connect 1
    

    Set SELinux HTTPD_RW on app and data folders so the GUI based updater can run

    sudo semanage fcontext -a -t httpd_sys_rw_content_t "${WWW_PATH}/${APP_FOLDER}(/.*)?"
    sudo semanage fcontext -a -t httpd_sys_rw_content_t "${DATA_PATH}(/.*)?"
    sudo restorecon -FR $WWW_PATH/$APP_FOLDER
    sudo restorecon -FR $DATA_PATH
    

    If your data folder is a subfolder of the root (default for this guide), you will see this error. That is normal.
    ValueError: File context for /var/www/html/nextcloud/data(/.*)? already defined

    Update PHP memory limit

    sudo sed -i -e 's/memory_limit.*/memory_limit = 512M/' /etc/php.ini
    

    Install the instance

    sudo -u apache php $WWW_PATH/$APP_FOLDER/occ maintenance:install --database "mysql" --database-name $DB_NAME --database-user $DB_USER --database-pass $DB_PASS --admin-user $ADMIN_USER --admin-pass $ADMIN_PASS --data-dir $DATA_PATH
    

    Mark the ip address as a trusted host

    sudo -u apache php $WWW_PATH/$APP_FOLDER/occ config:system:set trusted_domains 1 --value=$(ip a sh | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
    

    Remove the last line of the nextcloud config file

    sudo sed -i -e '$d' $WWW_PATH/$APP_FOLDER/config/config.php
    

    Append the Pretty URL setting and force SSL

    sudo tee -a $WWW_PATH/$APP_FOLDER/config/config.php > /dev/null << EOF
      'htaccess.RewriteBase' => '/',
      'overwriteprotocol' => 'https',
    EOF
    

    Append the redis cache settings

    sudo tee -a $WWW_PATH/$APP_FOLDER/config/config.php > /dev/null << EOF
      'memcache.locking' => '\\OC\\Memcache\\Redis',
      'memcache.local' => '\\OC\\Memcache\\Redis',
      'redis' =>
      array (
        'host' => 'localhost',
        'port' => 6379,
      ),
    );
    EOF
    

    Update Apache's document root.

    sudo sed -i 's#\(^DocumentRoot\).*$#\1 "'$WWW_PATH/$APP_FOLDER\"# /etc/httpd/conf/httpd.conf
    

    Update the .htaccess file

    sudo -u apache php $WWW_PATH/$APP_FOLDER/occ maintenance:update:htaccess
    

    Start Apache and enable for reboot.

    sudo systemctl enable --now httpd
    

    Update the PHP Opcache config

    # maybe not needed anymore, only this setting is different than default
    sudo sed -i -e 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=1/' /etc/php.d/10-opcache.ini;
    sudo systemctl restart php-fpm
    

    Create a file with the setup information used.

    cat >> setup.info << EOF
    MySql Database Name     : $DB_NAME
    Database User           : $DB_USER
    Database User Password  : $DB_PASS
    Database Root Password  : $DB_ROOT_PASS
    GUI Admin User          : $ADMIN_USER
    GUI Admin User Password : $ADMIN_PASS
    EOF
    

    Your installation is now complete.

    A record of random passwords was saved to ~/setup.info"
    Or run this to see your GUI log in credentials.

    echo "GUI Login: $ADMIN_USER / $ADMIN_PASS"
    

    In the settings overview, you should see this after log in.
    b0dc6866-d819-44ef-b235-f268760cfa1d-image.png



  • @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    session variables

    What is that? I think you mean environment variables?



  • @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    session variables

    What is that? I think you mean environment variables?

    Yes. But I will almost 100% call them session variables. Similar to how I will almost 100% type doe snot when I want to say does not. I type that sooo much.



  • @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    session variables

    What is that? I think you mean environment variables?

    Yes. But I will almost 100% call them session variables. Similar to how I will almost 100% type doe snot when I want to say does not. I type that sooo much.

    Yeah, I understand what you mean. 🙂

    BTW, what does the now switch do here?
    sudo systemctl enable --now mariadb

    Isn't this enough?
    sudo systemctl enable mariadb



  • @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    session variables

    What is that? I think you mean environment variables?

    Yes. But I will almost 100% call them session variables. Similar to how I will almost 100% type doe snot when I want to say does not. I type that sooo much.

    Yeah, I understand what you mean. 🙂

    BTW, what does the now switch do here?
    sudo systemctl enable --now mariadb

    Isn't this enough?
    sudo systemctl enable mariadb

    Been a while since I checked, but enable alone did not start the service. The --now switch starts it while enabling it to start on boot.
    Basically the same as

    systemctl start mariadb
    systemctl enable mariadb
    


  • @JaredBusch

    Think you need some more sudo in the "Update the PHP Opcache config" section.

    And I think you need to be root to create conf files under apache as well:
    "Create the nextcloud apache config file" section



  • Note to all, I have not yet ran though my instructions in one go. This is basically a copy paste of them as I built up the server.

    I'll wipe it tomorrow and do it again to make sure the instructions are solid.



  • @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    And I think you need to be root to create conf files under apache as well:
    "Create the nextcloud apache config file" section

    No, because it is created in the local folder and then moved and permissions fixed.

    Because you cannot sudo cat >> /restricted/folder/fuck.conf << EOF



  • @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    Note to all, I have not yet ran though my instructions in one go. This is basically a copy paste of them as I built up the server.

    I'll wipe it tomorrow and do it again to make sure the instructions are solid.

    Well, you did great work anyway. It takes a lot of time to make instructions.



  • @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    Because you cannot sudo cat >> /restricted/folder/fuck.conf << EOF

    I wouldn't know. I just go root and go to work. I'm too lazy to type sudo a hundred times. Probably frowned upon but I don't care.



  • @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    Because you cannot sudo cat >> /restricted/folder/fuck.conf << EOF

    I wouldn't know. I just go root and go to work. I'm too lazy to type sudo a hundred times. Probably frowned upon but I don't care.

    I'm so used to typing sudo, I type it even when I sudo su - into root.



  • @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    Because you cannot sudo cat >> /restricted/folder/fuck.conf << EOF

    I wouldn't know. I just go root and go to work. I'm too lazy to type sudo a hundred times. Probably frowned upon but I don't care.

    I'm so used to typing sudo, I type it even when I sudo su - into root.

    I've used debian a lot and sudo isn't even installed by default. Well, in a minimal install that is.



  • @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    I've used debian a lot and sudo isn't even installed by default. Well, in a minimal install that is.

    Yeah, I learned that when I setup my current Unifi and UNMS controllers.

    I run those on Debian, and no matter the OS, I always do minimal installs for server instances.



  • @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    And I think you need to be root to create conf files under apache as well:
    "Create the nextcloud apache config file" section

    No, because it is created in the local folder and then moved and permissions fixed.

    Because you cannot sudo cat >> /restricted/folder/fuck.conf << EOF

    Using sudo with tee works well.

    sudo tee -a config.php  <<EOF
      'memcache.locking' => '\\OC\\Memcache\\Redis',
      'memcache.local' => '\\OC\\Memcache\\Redis',
      'redis' =>
      array (
        'host' => 'localhost',
        'port' => 6379,
      ),
    );
    EOF
    


  • @black3dynamite said in Setup Nextcloud 19.0.4 on Fedora 32:

    Using sudo with tee works well.

    I'll try that when I redo the install.

    I know I tried tee a couple years ago and things did not work right. I might have just screwed up the syntax, causing my own problems.



  • @black3dynamite said in Setup Nextcloud 19.0.4 on Fedora 32:

    Using sudo with tee works well.

    Yeah, that works for the apache vhost file, and will work with the nextcloud config file once I work out what to do instead of head -n 1 for that.



  • ok fixed. thanks.

    sed '$d' for the win there.



  • @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    ok fixed. thanks.

    sed '$d' for the win there.

    Nice! I was about to post that command.



  • @black3dynamite since you are better with sed than I am... Or at least better with Google and the man pages than I am..

    How can I fix this to use the environment variables instead of manual.

    This is part of the next step to use the "pretty URL" as it is called.
    It works fine like this.

    sudo sed -i -e 's/\(^DocumentRoot\s*\).*$/\1"\/var\/www\/html\/nextcloud"/' /etc/httpd/conf/httpd.conf
    

    But I want it to use the above $WWW_PATH and $APP_FOLDER variables.



  • @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    @black3dynamite since you are better with sed than I am... Or at least better with Google and the man pages than I am..

    How can I fix this to use the environment variables instead of manual.

    This is part of the next step to use the "pretty URL" as it is called.
    It works fine like this.

    sudo sed -i -e 's/\(^DocumentRoot\s*\).*$/\1"\/var\/www\/html\/nextcloud"/' /etc/httpd/conf/httpd.conf
    

    But I want it to use the above $WWW_PATH and $APP_FOLDER variables.

    What does the line do exactly?
    Sets the DocumentRoot parameter to /var/www/html/nextcloud ?

    What does $WWW_PATH and $APP_FOLDER contain?
    Ah, the first post says: /var/www/html and nextcloud



  • @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    What does the line do exactly?
    Sets the DocumentRoot parameter to /var/www/html/nextcloud ?

    Correct.

    (      # Start a capture group
    ^      # Matches the start of the line 
    DocumentRoot  # Matches the word I am want
    \s     # a space character I should probably remove that. came from an example I found
    *      # umm everything maybe? not sure inside the capture group also likely need removed
    )      # End capture group 
    .*     # Matches anything
    $      # Matches the end of the line
    

    So, sed should find any instance of DocumentRoot at the beging of a line. This happens only once in a default Apache config file.

    The capture group means to capture the term within the parentheses in a variable. This is the 1 in the replacement section of the s/// command.

    I am then appending "/var/www/html/nextcloud" to the captured string "DocumentRoot" to end up with his
    a7813a10-f6c7-4e2b-bbb8-9faa43d02bc9-image.png



  • @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    What does $WWW_PATH and $APP_FOLDER contain?
    Ah, the first post says: /var/www/html and nextcloud

    And that is why I want to use the environment variables. Not everyone installs everything to the default location.



  • @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    sudo sed -i -e 's/(^DocumentRoot\s*).*$/\1"/var/www/html/nextcloud"/' /etc/httpd/conf/httpd.conf

    Better sed. I removed the \s*

    1e498b1a-06b5-46f6-90a6-c7a3dee31f99-image.png



  • @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    sudo sed -i -e 's/(^DocumentRoot\s*).*$/\1"/var/www/html/nextcloud"/' /etc/httpd/conf/httpd.conf

    Better sed. I removed the \s*

    1e498b1a-06b5-46f6-90a6-c7a3dee31f99-image.png

    I think you can simplify it way more.

    • you don't need -e
    • don't use the / separator, use for instance #. So s#expression#replacement#. Then you don't have to escape your paths. And then you can put your variables straight in.


  • @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    sudo sed -i -e 's/(^DocumentRoot\s*).*$/\1"/var/www/html/nextcloud"/' /etc/httpd/conf/httpd.conf

    Better sed. I removed the \s*

    1e498b1a-06b5-46f6-90a6-c7a3dee31f99-image.png

    I think you can simplify it way more.

    • you don't need -e
    • don't use the / separator, use for instance #. So s#expression#replacement#. Then you don't have to escape your paths. And then you can put your variables straight in.

    Don't think you need the sed script inside a quoted string either.

    Maybe something like this:

    sudo sed -i s#\(^DocumentRoot\).*$#\1$WWW_PATH/$APP_FOLDER# /etc/httpd/conf/httpd.conf
    

    If you want quotes around the sed "instructions" use " so you get variable expansion, and not '.
    But you don't need to quote a string as long as it doesn't contain spaces.



  • @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    you don't need -e

    You just trying to fix all my old habits?



  • @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    sudo sed -i -e 's/(^DocumentRoot\s*).*$/\1"/var/www/html/nextcloud"/' /etc/httpd/conf/httpd.conf

    Better sed. I removed the \s*

    1e498b1a-06b5-46f6-90a6-c7a3dee31f99-image.png

    I think you can simplify it way more.

    • you don't need -e
    • don't use the / separator, use for instance #. So s#expression#replacement#. Then you don't have to escape your paths. And then you can put your variables straight in.

    Don't think you need the sed script inside a quoted string either.

    Maybe something like this:

    sudo sed -i s#\(^DocumentRoot\).*$#\1$WWW_PATH/$APP_FOLDER# /etc/httpd/conf/httpd.conf
    

    If you want quotes around the sed "instructions" use " so you get variable expansion, and not '.
    But you don't need to quote a string as long as it doesn't contain spaces.

    I'll try it in a bit on my local test instance.

    I'm in the middle of migrating the CentOS 7 system to the Fedora 32 system that caused me to write this in the first place.



  • Could not make it execute without the quotes
    But this works.

    sudo sed -i 's#\(^DocumentRoot\).*$#\1 "'"$WWW_PATH"'/'"$APP_FOLDER"'"#' /etc/httpd/conf/httpd.conf
    


  • @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    @Pete-S said in Setup Nextcloud 19.0.4 on Fedora 32:

    sudo sed -i -e 's/(^DocumentRoot\s*).*$/\1"/var/www/html/nextcloud"/' /etc/httpd/conf/httpd.conf

    Better sed. I removed the \s*

    1e498b1a-06b5-46f6-90a6-c7a3dee31f99-image.png

    I think you can simplify it way more.

    • you don't need -e
    • don't use the / separator, use for instance #. So s#expression#replacement#. Then you don't have to escape your paths. And then you can put your variables straight in.

    Don't think you need the sed script inside a quoted string either.

    Maybe something like this:

    sudo sed -i s#\(^DocumentRoot\).*$#\1$WWW_PATH/$APP_FOLDER# /etc/httpd/conf/httpd.conf
    

    If you want quotes around the sed "instructions" use " so you get variable expansion, and not '.
    But you don't need to quote a string as long as it doesn't contain spaces.

    I'll try it in a bit on my local test instance.

    I'm in the middle of migrating the CentOS 7 system to the Fedora 32 system that caused me to write this in the first place.

    Hmm, maybe you need some quotes anyway,

    The sed thing is really s#regexp#\1 /www/whatever# (using `# as delimiter).
    Where \1 tell sed to use the capture result of the first group which is "DocumentRoot".
    Then a space and then the new path.



  • @JaredBusch said in Setup Nextcloud 19.0.4 on Fedora 32:

    Could not make it execute without the quotes
    But this works.

    sudo sed -i 's#\(^DocumentRoot\).*$#\1 "'"$WWW_PATH"'/'"$APP_FOLDER"'"#' /etc/httpd/conf/httpd.conf
    

    OK try this then:

    sudo sed -i 's#\(^DocumentRoot\).*$#\1 '$WWW_PATH/$APP_FOLDER# /etc/httpd/conf/httpd.conf