Nextcloud on RHEL 8 / Centos 8
If you don't like the idea of storing your personal or corporate data on a public cloud, and if you have your own hardware and technical skills, consider deploying Nextcloud, a software suite written in PHP that you can run on-premise that provides similar functionality as DropBox, Google Docs or Microsoft OneDrive.
Cloud storage under your control
Nextcloud is open source software, licensed under the GNU Affero General Public License which guarantees that you can use, study, share and improve the software without any legal risks, so there is no cost if you are prepared to support it yourself, but if you do need additional features, or access to technical expertise and capabilities, the Nextcloud vendor offers Enterprise Subscriptions.
The generic installation instructions are here, but to make life easier, here is a more specific guide to install Nextcloud on Apache, PostgreSQL and Redhat Enterprise Linux 8 or Centos 8.
Prerequisites
Conveniently, RHEL 8 provides all the prerequisites with the recommended versions straight out of the box, so install as root, or run with sudo, the instructions that follow.
PHP 7.2
Install the following PHP modules:
1dnf install -y php php-gd php-mbstring php-intl php-json php-zip php-process php-xml php-bz2 php-fileinfo php-intl php-pgsql
List the PHP modules that have been installed to check that all PHP prerequisites have been met:
1php -m
Note that you may come across instructions that include php-imagick, but this is no longer recommended for security reasons (though you could still install it manually if this is a deal-breaker).
Apache HTTP 2.4
If you haven't already installed and enabled Apache, do so now:
1dnf install -y httpd
2systemctl enable httpd
3systemctl start httpd
Open port 80 on the firewall:
1firewall-cmd --zone=public --add-service=http --permanent
2firewall-cmd --reload
HTTP is OK for a basic installation, but you must get a SSL certificate and use HTTPS on port 443 to secure the service in production.
Check that the Apache server has loaded all the required PHP modules by creating a
file called phpinfo.php
under the Apache base directory /var/www/html/
with the following content:
1<?php phpinfo() ?>
Browse to http://<your-server-IP>/phpinfo.php
and admire your progress so far. Don't forget to delete it immediately after congratulating yourself. No point in giving miscreants more information than they need to know.
PostgreSQL 10
Nextcloud recommends MySQL or MariaDB, but PostgreSQL has enterprise-strength features that the other two do not provide, so install it instead:
1dnf install -y postgresql-server postgresql
Initialise the database:
1postgresql-setup --initdb
By default, the database content are in /var/lib/pgsql/data
and the logs are in /var/lib/pgsql/initdb_postgresql.log
.
Start PostgreSQL and enable it to start after reboot:
1systemctl start postgresql
2systemctl enable postgresql
Check that it is running by listing the processes listening to port 5432:
1lsof -i tcp:5432
2COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
3postmaste 6629 postgres 4u IPv6 65975 0t0 TCP localhost:postgres (LISTEN)
4postmaste 6629 postgres 5u IPv4 65976 0t0 TCP localhost:postgres (LISTEN)
Set the password for the database administrator user postgres:
1su - postgres
2$ psql
3psql (10.6)
4Type "help" for help.
5
6postgres=# password postgres
7Enter new password: <db-password>
8Enter it again: <db-password>
9postgres=# \q
10$ exit
11logout
Enable MD5-encrypted password authentication from localhost
by editing /var/lib/pgsql/data/pg_hba.conf
as follows:
1# IPv4 local connections:
2host all all 127.0.0.1/32 md5
Test the connection from any user on the server:
1psql -h localhost -U postgres
2Password for user postgres: <db-password>
3psql (10.6)
4Type "help" for help.
Install NextCloud
Downloads
Download the latest version from here to a convenient place (such as /tmp
). Download the sha256
hash as well:
1cd /tmp
2wget https://download.nextcloud.com/server/releases/latest.tar.bz2
3wget https://download.nextcloud.com/server/releases/latest.tar.bz2.sha256
Verify the checksums to ensure the integrity of the download:
1sha256sum latest.tar.bz2
2a13f68ce47a1362318629ba5b118a59fa98358bb18f4afc371ea15104f2881f3 latest.tar.bz2
3cat latest.tar.bz2.sha256
4a13f68ce47a1362318629ba5b118a59fa98358bb18f4afc371ea15104f2881f3 latest.tar.bz2
They are the same, so proceed to untar the application into the Apache directory:
1tar -xvjf latest.tar.bz2 -C /var/www/html/
Manually create a data folder for use by the installation wizard later on:
1mkdir /var/www/html/nextcloud/data
Change the ownership of /var/www/html/nextcloud
to allow the Apache server access:
1chown -R apache:apache /var/www/html/nextcloud
SELinux
By default RHEL 8 implements SELinux security policies. Check the status as follows:
1getenforce
2Enforcing
If Enforcing
, either turn off SELinux by editing /etc/selinux/config
to set SELINUX=disabled
and reboot (definitely not recommended in Production), or configure SELinux appropriately as per this recommendation:
1semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?'
2semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
3semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
4semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess'
5semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini'
6semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'
7
8restorecon -Rv '/var/www/html/nextcloud/'
9
10setsebool -P httpd_can_network_connect 1
11setsebool -P httpd_execmem 1
12systemctl reload php-fpm
Create database
Create an empty database for use by Nextcloud:
1su - postgres
2psql
3CREATE USER nextcloud WITH PASSWORD 'YOUR_PASSWORD';
4CREATE DATABASE nextcloud TEMPLATE template1 ENCODING 'UNICODE';
5ALTER DATABASE nextcloud OWNER TO nextcloud;
6GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
7\q
8exit
Fire up Nextcloud
Restart the Apache instance:
1systemctl restart httpd
All being well, you should see the Nextcloud login screen if you browse to http://localhost/nextcloud, as follows:
Create an admin account with a strong password, and enter the database credentials that you created above. Note that the Apache server and the database run on the same server, so the hostname is localhost.