Bobcares

Nextcloud Nginx SSL: Installation and Management

PDF Header PDF Footer

Let us go through the Nextcloud installation with Nginx SSL in detail. Bobacres answers all of your questions on installing Nextcloud with Nginx ssl with our server management support services.

 

Install Nextcloud with Nginx and SSL/TLS Certificates on CentOS 8

 

nextcloud nginx ssl

 

Firstly, run System Update. Check to see if the system packages are up to date. Type in the following to check:

 
dnf updateCopy Code
 

After that Install LEMP Stack. Set up the LEMP stack first before running Nextcloud with Nginx.

 

Install Other Required PHP Modules

Run the scripts below to install any additional PHP modules or packages that are required.

 
dnf install php-gd php-json php-curl php-mbstring php-intl php-xml php-zip php-pear php-soapCopy Code
 

Install other necessary packages;

 
dnf install zip wget tar policycoreutils-python-utilsCopy Code
 

Configure PHP

Change the value of cgi.fix pathinfo to 0 in /etc/php.ini.

 
vim /etc/php.ini
...
;cgi.fix_pathinfo=1
cgi.fix_pathinfo=0
...Copy Code
 

Make the following modifications to /etc/php-fpm.d/www.conf:

 
vim /etc/php-fpm.d/www.conf
...
user = nginx
group = nginx
...
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
...Copy Code
 

Create Nextcloud Database and Database User

Make sure that InnoDB is the default storage engine before building the MariaDB/MySQL database for Nextcloud:

 
mysql -u root -p
show engines;
+--------------------+---------+----------------------------------------------------------------------------------+--------------+------+------------+
| Engine             | Support | Comment                                                                          | Transactions | XA   | Savepoints |
+--------------------+---------+----------------------------------------------------------------------------------+--------------+------+------------+
...
...
| InnoDB             | DEFAULT | Supports transactions, row-level locking, foreign keys and encryption for tables | YES          | YES  | YES        |
...Copy Code
 

Make sure the support is set to DEFAULT.

 

Next, create Nextcloud database. Note that the name of the database is not standard and remember to change it during the nextcloud nginx SSL installation process.  

 
create database abcd;Copy Code
 

Create a Nextcloud database user with full access to the Nextcloud database.

 
grant all privileges on abcd.* to ncadmin@localhost identified by 'P@ssW0rd';Copy Code
 

Exit the database and reload the privileges tables.

 
flush privileges; 
quitCopy Code
 

Download and Install Nextcloud

The next step in the process is to download and install the Next cloud from the source to as the next step to install nextcloud with nginx ssl. 

 
wget https://download.nextcloud.com/server/releases/latest.zipCopy Code
 

Extract Nextcloud to Web Root Directory

As in here, Nginx is configured as the Web server, the Nextcloud files and configurations should be placed under /usr/share/nginx/html/nextcloud. Depending on the usercase, the path may differ. This makes it easier for installing nextcloud with nginx ssl.

 

 

unzip latest.zip -d /usr/share/nginx/html/Copy Code
 

Generate SSL/TLS Certificates

To begin configuring Nextcloud with SSL/TLS certificates, firstly generate the certificates. Consider using publicly trustworthy certificates from the choice CA when operating Nextcloud in production situations.

 

 

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/nc-selfsigned.key -out /etc/pki/tls/nc-selfsigned.crtCopy Code

Configuring Nginx for Nextcloud

The next important step for installing Nextcloud with Nginx is Nextcloud includes an example Nginx configuration code. Simply take the setup and modify it to fit the surroundings.

vim /etc/nginx/conf.d/nextcloud.conf
upstream php-handler {
    server unix:/run/php-fpm/www.sock;
}

server {
    listen 80;
    server_name nextcloud.abcd-1234.com;
    # enforce https
    return 301 https://$server_name:443$request_uri;
}

server {
    listen 443 ssl http2;
    server_name nextcloud.abcd-1234.com;

    ssl_certificate /etc/pki/tls/nc-selfsigned.crt;
    ssl_certificate_key /etc/pki/tls/nc-selfsigned.key;

    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;

    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /usr/share/nginx/html/nextcloud;

    access_log /var/log/nginx/nc_access_log;
    error_log /var/log/nginx/nc_error_log;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    location / {
        rewrite ^ /index.php;
    }

    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    }
    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;

        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
        try_files $uri /index.php$request_uri;
        access_log off;
    }
}

Save the configuration file and exit. After that configure up a Nextcloud data directory.  

 
mkdir /usr/share/nginx/html/nextcloud/dataCopy Code
 

And then Nginx should be given user and group ownership of the Nextcloud directory.

 
chown -R nginx:nginx /usr/share/nginx/html/nextcloudCopy Code
 

Make sure that Nextcloud directories and files have the necessary permissions for easy nextcloud installation with Nginx ssl.

 
find /usr/share/nginx/html/nextcloud/ -type d -exec chmod 750 {} \;Copy Code
 
find /usr/share/nginx/html/nextcloud/ -type f -exec chmod 640 {} \;Copy Code
 

Set the Nginx as the owner of the PHP session directory. 

 
chown nginx:nginx -R /var/lib/php/session/Copy Code
 

Check for syntax problems in Nginx.   

 
nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfulCopy Code
 

Start Nginx and PHP-FPM again.

 
systemctl restart nginx php-fpmCopy Code
 

Allow Nginx HTTP/HTTPS traffic on FirewallD

If firewallD is operating, use the following command to open ports 80 and 443.

 
firewall-cmd --add-port={80,443}/tcp --permanent
firewall-cmd --reloadCopy Code
 

Configure SELinux

Nextcloud also provides SELinux options, which should at the very least resolve the permission concerns with Nextcloud. Run the following commands, and make sure to replace the Nextcloud installation paths as needed. The path set up to the nextcloud installation with the Nginx SSL.

 
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)?' 
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config(/.*)?' 
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps(/.*)?' 
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess' 
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini' 
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'
restorecon -Rv '/usr/share/nginx/html/nextcloud/'Copy Code
 

Finalize Nextcloud Setup on Browser

To complete the installation and setup, go to Nextcloud on the browser. Enter the Nextcloud admin user’s name and password on the Nextcloud user interface. After that, specify the backend database and the connection information. Here, select MariaDB from the storage and database drop-down, enter the Nextcloud data directory, select MySQL/MariaDB as the database, and enter the connection settings as described previously.

 

To finish the configuration, click Finish setup. When the setup is complete, a login window will appear. Log in to Nextcloud using the admin credentials created during setup. This is the final step in the entire process of installing Nextcloud with Nginx and SSL/TLS Certificates on CentOS.

 

[Need assistance with similar queries? We are here to help]

 

Conclusion

To conclude, the process of installing the Nextcloud with Nginx SSL demands nothing but a few simple steps of enabling PHP and configuring the Nginx for Nextcloud.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Get featured on the Bobcares blog and share your expertise with a global tech audience.

WRITE FOR US
server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Speed issues driving customers away?
We’ve got your back!