NextCloud : Install2022/07/27 |
Install NextCloud which is the Cloud Storage System.
|
|
[1] | |
[2] |
Configure SSL/TLS for Apache httpd.
HTTPS connection is required when using Chat, Camera, Screen Sharing features and so on. |
[3] | |
[4] | |
[5] | Install other required PHP modules. |
# install from EPEL
[root@dlp ~]#
dnf --enablerepo=epel -y install php-pear php-mbstring php-pdo php-intl php-xml php-gd php-mysqlnd php-bcmath php-gmp php-soap php-sodium php-opcache php-devel php-pecl-zip php-pecl-json-post php-pecl-apcu php-pecl-redis5 php-pecl-imagick redis
[root@dlp ~]#
vi /etc/php-fpm.d/nextcloud.conf ;; create new
[nextcloud]
user = apache
group = apache
listen = /run/php-fpm/nextcloud.sock
listen.acl_users = apache
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
;; maybe you need to configure parameters below if users want to upload large files
php_value[max_execution_time] = 3600
php_value[memory_limit] = 2G
php_value[post_max_size] = 2G
php_value[upload_max_filesize] = 2G
php_value[max_input_time] = 3600
php_value[max_input_vars] = 2000
php_value[date.timezone] = Asia/Tokyo
php_value[opcache.memory_consumption] = 128
php_value[opcache.interned_strings_buffer] = 32
php_value[opcache.max_accelerated_files] = 10000
php_value[opcache.revalidate_freq] = 1
php_value[opcache.save_comments] = 1
php_value[opcache.jit] = 1255
php_value[opcache.jit_buffer_size] = 128M
systemctl restart php-fpm |
[6] | Create a User and Database on MariaDB for NextCloud. |
[root@dlp ~]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 10.5.16-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> create database nextcloud; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all privileges on nextcloud.* to nextcloud@'localhost' identified by 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit Bye |
[7] | Configure Apache httpd for NextCloud. Make sure the NextCloud version you'd like to download on the site below. ⇒ https://download.nextcloud.com/server/releases/ |
[root@dlp ~]#
vi /etc/httpd/conf.d/nextcloud.conf # create new file # change the server name and SSL/TLS certificate path to suit your environment Timeout 3600 ProxyTimeout 3600 DirectoryIndex index.php index.html Header set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" <VirtualHost *:80> DocumentRoot /var/www/nextcloud ServerName dlp.srv.world </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www/nextcloud ServerName dlp.srv.world SSLEngine on SSLCertificateFile /etc/letsencrypt/live/dlp.srv.world/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/dlp.srv.world/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/dlp.srv.world/chain.pem </VirtualHost> <Directory "/var/www/nextcloud"> Options FollowSymLinks MultiViews AllowOverride All Require all granted <FilesMatch \.(php|phar)$> SetHandler "proxy:unix:/run/php-fpm/nextcloud.sock|fcgi://localhost" </FilesMatch> </Directory> wget https://download.nextcloud.com/server/releases/latest.zip -P /var/www/ [root@dlp ~]# unzip /var/www/latest.zip -d /var/www/ [root@dlp ~]# chown -R apache:apache /var/www/nextcloud [root@dlp ~]# systemctl restart httpd |
[8] | If SELinux is enabled, change policy. |
[root@dlp ~]# setsebool -P httpd_can_network_connect on [root@dlp ~]# setsebool -P httpd_unified on [root@dlp ~]# setsebool -P httpd_execmem on [root@dlp ~]# setsebool -P httpd_use_fusefs on [root@dlp ~]# setsebool -P nis_enabled on
[root@dlp ~]#
vi nextcloud.te # create new module nextcloud 1.0; require { type configfs_t; type httpd_t; type redis_t; type rpm_t; type fusefs_t; type httpd_sys_script_t; type fuse_device_t; type httpd_sys_rw_content_t; type kernel_t; type lib_t; type init_t; type unconfined_t; type local_login_t; type crond_t; type policykit_t; type lsmd_t; type mcelog_t; type firewalld_t; type systemd_logind_t; type irqbalance_t; type udev_t; type sshd_t; type NetworkManager_t; type virt_qemu_ga_t; type unconfined_service_t; type syslogd_t; type setroubleshootd_t; type rhsmcertd_t; type getty_t; type mysqld_t; type auditd_t; type chronyd_t; type system_dbusd_t; class file { create unlink write open read execute execute_no_trans getattr }; class dir { add_name write read remove_name rmdir getattr setattr mounton search }; class lnk_file unlink; class chr_file { open read write }; class process setrlimit; class system module_request; class capability dac_read_search; class filesystem { mount unmount }; } #============= httpd_t ============== allow httpd_t configfs_t:dir getattr; allow httpd_t lib_t:dir { add_name remove_name setattr write }; allow httpd_t lib_t:file { create unlink write }; #============= httpd_sys_script_t ============== allow httpd_sys_script_t fuse_device_t:chr_file { open read write }; allow httpd_sys_script_t httpd_sys_rw_content_t:dir mounton; allow httpd_sys_script_t httpd_sys_rw_content_t:file { execute execute_no_trans }; allow httpd_sys_script_t lib_t:dir setattr; allow httpd_sys_script_t self:process setrlimit; allow httpd_sys_script_t kernel_t:system module_request; allow httpd_sys_script_t NetworkManager_t:dir search; allow httpd_sys_script_t NetworkManager_t:file { getattr open read }; allow httpd_sys_script_t auditd_t:dir search; allow httpd_sys_script_t auditd_t:file { getattr open read }; allow httpd_sys_script_t chronyd_t:dir search; allow httpd_sys_script_t chronyd_t:file { getattr open read }; allow httpd_sys_script_t crond_t:dir search; allow httpd_sys_script_t crond_t:file { getattr open read }; allow httpd_sys_script_t firewalld_t:dir search; allow httpd_sys_script_t firewalld_t:file { getattr open read }; allow httpd_sys_script_t getty_t:dir search; allow httpd_sys_script_t getty_t:file { getattr open read }; allow httpd_sys_script_t httpd_t:dir search; allow httpd_sys_script_t httpd_t:file { getattr open read }; allow httpd_sys_script_t init_t:dir search; allow httpd_sys_script_t init_t:file { getattr open read }; allow httpd_sys_script_t irqbalance_t:dir search; allow httpd_sys_script_t irqbalance_t:file { getattr open read }; allow httpd_sys_script_t kernel_t:dir search; allow httpd_sys_script_t kernel_t:file { getattr open read }; allow httpd_sys_script_t local_login_t:dir search; allow httpd_sys_script_t local_login_t:file { getattr open read }; allow httpd_sys_script_t lsmd_t:dir search; allow httpd_sys_script_t lsmd_t:file { getattr open read }; allow httpd_sys_script_t mcelog_t:dir search; allow httpd_sys_script_t mcelog_t:file { getattr open read }; allow httpd_sys_script_t mysqld_t:dir search; allow httpd_sys_script_t mysqld_t:file { getattr open read }; allow httpd_sys_script_t policykit_t:dir search; allow httpd_sys_script_t policykit_t:file { getattr open read }; allow httpd_sys_script_t rhsmcertd_t:dir search; allow httpd_sys_script_t rhsmcertd_t:file { getattr open read }; allow httpd_sys_script_t setroubleshootd_t:dir search; allow httpd_sys_script_t setroubleshootd_t:file { getattr open read }; allow httpd_sys_script_t sshd_t:dir search; allow httpd_sys_script_t sshd_t:file { getattr open read }; allow httpd_sys_script_t syslogd_t:dir search; allow httpd_sys_script_t syslogd_t:file { getattr open read }; allow httpd_sys_script_t system_dbusd_t:dir search; allow httpd_sys_script_t system_dbusd_t:file { getattr open read }; allow httpd_sys_script_t systemd_logind_t:dir search; allow httpd_sys_script_t systemd_logind_t:file { getattr open read }; allow httpd_sys_script_t udev_t:dir search; allow httpd_sys_script_t udev_t:file { getattr open read }; allow httpd_sys_script_t unconfined_service_t:dir search; allow httpd_sys_script_t unconfined_service_t:file { getattr open read }; allow httpd_sys_script_t unconfined_t:dir search; allow httpd_sys_script_t unconfined_t:file { getattr open read }; allow httpd_sys_script_t virt_qemu_ga_t:dir search; allow httpd_sys_script_t virt_qemu_ga_t:file { getattr open read }; allow httpd_sys_script_t redis_t:dir search; allow httpd_sys_script_t redis_t:file { getattr open read }; allow httpd_sys_script_t rpm_t:dir search; allow httpd_sys_script_t rpm_t:file { getattr open read }; allow httpd_sys_script_t fusefs_t:file { execute execute_no_trans }; allow httpd_sys_script_t fusefs_t:filesystem mount; allow httpd_sys_script_t fusefs_t:filesystem unmount; allow httpd_sys_script_t self:capability dac_read_search; #============= init_t ============== allow init_t httpd_sys_rw_content_t:dir { read remove_name rmdir write }; allow init_t httpd_sys_rw_content_t:file unlink; allow init_t httpd_sys_rw_content_t:lnk_file unlink; checkmodule -m -M -o nextcloud.mod nextcloud.te [root@dlp ~]# semodule_package --outfile nextcloud.pp --module nextcloud.mod [root@dlp ~]# semodule -i nextcloud.pp |
[9] | Access to the URL [https://(Servers Hostname)/] with Web browser on any Client, then following screen is displayed. Configure Administrative user account and Database connection information. Input any admin user name and password. For Database, specify MariaDB user and database you added on [6]. That's OK, Click [Install]. |
[10] | Select whether to install NextCloud recommended applications. On thid example, install them. |
[11] | NextCloud start page is displayed. |
[12] | After finishing Setup, it's possible to access to NextCloud to the URL [https://(Servers Hostname)/]. |
[13] | This is the Nextcloud start page. |
[14] | After initial setup, configure memory cache and [default_phone_region] value that are the NextCloud recommended requirements. |
[root@dlp ~]#
vi /var/www/nextcloud/config/config.php ..... ..... // add a line in the section // replace [default_phone_region] value to your own region (ISO 3166-1) 'installed' => true, 'memcache.local' => '\OC\Memcache\APCu', 'default_phone_region' => 'JP', 'maintenance_window_start' => 1, 'memcache.locking' => '\OC\Memcache\Redis', 'memcache.distributed' => '\OC\Memcache\Redis', 'redis' => array( 'host' => 'localhost', 'port' => 6379, 'timeout' => 0.0, ), );[root@dlp ~]# sudo -u apache php --define apc.enable_cli=1 /var/www/nextcloud/occ db:add-missing-indices The current PHP memory limit is below the recommended value of 512MB. Adding additional mail_messages_strucanalyz_idx index to the oc_mail_messages table, this can take some time... oc_mail_messages table updated successfully. Adding additional mail_class_creat_idx index to the oc_mail_classifiers table, this can take some time... oc_mail_classifiers table updated successfully. Adding additional mail_acc_prov_idx index to the oc_mail_accounts table, this can take some time... oc_mail_accounts table updated successfully. Adding additional mail_alias_accid_idx index to the oc_mail_aliases table, this can take some time... oc_mail_aliases table updated successfully. Adding additional mail_messages_mb_id_uid_uidx index to the oc_mail_messages table, this can take some time... Removing mail_messages_mb_id_uid index from the oc_mail_messages table oc_mail_messages table updated successfully. Adding additional mail_smime_certs_uid_email_idx index to the oc_mail_smime_certificates table, this can take some time... Removing mail_smime_certs_uid_idx index from the oc_mail_smime_certificates table oc_mail_smime_certificates table updated successfully. Adding additional mail_trusted_senders_idx index to the oc_mail_trusted_senders table, this can take some time... Removing mail_trusted_senders_type index from the oc_mail_trusted_senders table oc_mail_trusted_senders table updated successfully. Adding additional mail_coll_idx index to the oc_mail_coll_addresses table, this can take some time... Removing mail_coll_addr_userid_index index from the oc_mail_coll_addresses table Removing mail_coll_addr_email_index index from the oc_mail_coll_addresses table oc_mail_coll_addresses table updated successfully.[root@dlp ~]# systemctl enable --now redis [root@dlp ~]# systemctl reload httpd |
Sponsored Link |