Bobcares

Nextcloud Nginx SSL: Installation and Management

by | Aug 18, 2022

Let us go through the Nextcloud installation with Nginx SSL in detail. Bobacres answers all of your questions on installing Nextcloud with Nginx ssl with our server management support services.

 

Install Nextcloud with Nginx and SSL/TLS Certificates on CentOS 8

 

nextcloud nginx ssl

 

Firstly, run System Update. Check to see if the system packages are up to date. Type in the following to check:

 

dnf update

 

After that Install LEMP Stack. Set up the LEMP stack first before running Nextcloud with Nginx.

 

Install Other Required PHP Modules

Run the scripts below to install any additional PHP modules or packages that are required.

 

dnf install php-gd php-json php-curl php-mbstring php-intl php-xml php-zip php-pear php-soap

 

Install other necessary packages;

 

dnf install zip wget tar policycoreutils-python-utils

 

Configure PHP

Change the value of cgi.fix pathinfo to 0 in /etc/php.ini.

 

vim /etc/php.ini ... ;cgi.fix_pathinfo=1 cgi.fix_pathinfo=0 ...

 

Make the following modifications to /etc/php-fpm.d/www.conf:

 

vim /etc/php-fpm.d/www.conf ... user = nginx group = nginx ... env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp ...

 

Create Nextcloud Database and Database User

Make sure that InnoDB is the default storage engine before building the MariaDB/MySQL database for Nextcloud:

 

mysql -u root -p show engines; +--------------------+---------+----------------------------------------------------------------------------------+--------------+------+------------+ | Engine | Support | Comment | Transactions | XA | Savepoints | +--------------------+---------+----------------------------------------------------------------------------------+--------------+------+------------+ ... ... | InnoDB | DEFAULT | Supports transactions, row-level locking, foreign keys and encryption for tables | YES | YES | YES | ...

 

Make sure the support is set to DEFAULT.

 

Next, create Nextcloud database. Note that the name of the database is not standard and remember to change it during the nextcloud nginx SSL installation process.  

 

create database abcd;

 

Create a Nextcloud database user with full access to the Nextcloud database.

 

grant all privileges on abcd.* to ncadmin@localhost identified by 'P@ssW0rd';

 

Exit the database and reload the privileges tables.

 

flush privileges; quit

 

Download and Install Nextcloud

The next step in the process is to download and install the Next cloud from the source to as the next step to install nextcloud with nginx ssl. 

 

wget https://download.nextcloud.com/server/releases/latest.zip

 

Extract Nextcloud to Web Root Directory

As in here, Nginx is configured as the Web server, the Nextcloud files and configurations should be placed under /usr/share/nginx/html/nextcloud. Depending on the usercase, the path may differ. This makes it easier for installing nextcloud with nginx ssl.

 

  unzip latest.zip -d /usr/share/nginx/html/

 

Generate SSL/TLS Certificates

To begin configuring Nextcloud with SSL/TLS certificates, firstly generate the certificates. Consider using publicly trustworthy certificates from the choice CA when operating Nextcloud in production situations.

 

  openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/nc-selfsigned.key -out /etc/pki/tls/nc-selfsigned.crt

Configuring Nginx for Nextcloud

The next important step for installing Nextcloud with Nginx is Nextcloud includes an example Nginx configuration code. Simply take the setup and modify it to fit the surroundings.

vim /etc/nginx/conf.d/nextcloud.conf
upstream php-handler {
    server unix:/run/php-fpm/www.sock;
}

server {
    listen 80;
    server_name nextcloud.abcd-1234.com;
    # enforce https
    return 301 https://$server_name:443$request_uri;
}

server {
    listen 443 ssl http2;
    server_name nextcloud.abcd-1234.com;

    ssl_certificate /etc/pki/tls/nc-selfsigned.crt;
    ssl_certificate_key /etc/pki/tls/nc-selfsigned.key;

    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;

    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /usr/share/nginx/html/nextcloud;

    access_log /var/log/nginx/nc_access_log;
    error_log /var/log/nginx/nc_error_log;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    location / {
        rewrite ^ /index.php;
    }

    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    }
    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;

        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
        try_files $uri /index.php$request_uri;
        access_log off;
    }
}

Save the configuration file and exit. After that configure up a Nextcloud data directory.  

 

mkdir /usr/share/nginx/html/nextcloud/data

 

And then Nginx should be given user and group ownership of the Nextcloud directory.

 

chown -R nginx:nginx /usr/share/nginx/html/nextcloud

 

Make sure that Nextcloud directories and files have the necessary permissions for easy nextcloud installation with Nginx ssl.

 

find /usr/share/nginx/html/nextcloud/ -type d -exec chmod 750 {} \;

 

find /usr/share/nginx/html/nextcloud/ -type f -exec chmod 640 {} \;

 

Set the Nginx as the owner of the PHP session directory. 

 

chown nginx:nginx -R /var/lib/php/session/

 

Check for syntax problems in Nginx.   

 

nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

 

Start Nginx and PHP-FPM again.

 

systemctl restart nginx php-fpm

 

Allow Nginx HTTP/HTTPS traffic on FirewallD

If firewallD is operating, use the following command to open ports 80 and 443.

 

firewall-cmd --add-port={80,443}/tcp --permanent firewall-cmd --reload

 

Configure SELinux

Nextcloud also provides SELinux options, which should at the very least resolve the permission concerns with Nextcloud. Run the following commands, and make sure to replace the Nextcloud installation paths as needed. The path set up to the nextcloud installation with the Nginx SSL.

 

semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess' semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini' semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?' restorecon -Rv '/usr/share/nginx/html/nextcloud/'

 

Finalize Nextcloud Setup on Browser

To complete the installation and setup, go to Nextcloud on the browser. Enter the Nextcloud admin user’s name and password on the Nextcloud user interface. After that, specify the backend database and the connection information. Here, select MariaDB from the storage and database drop-down, enter the Nextcloud data directory, select MySQL/MariaDB as the database, and enter the connection settings as described previously.

 

To finish the configuration, click Finish setup. When the setup is complete, a login window will appear. Log in to Nextcloud using the admin credentials created during setup. This is the final step in the entire process of installing Nextcloud with Nginx and SSL/TLS Certificates on CentOS.

 

[Need assistance with similar queries? We are here to help]

 

Conclusion

To conclude, the process of installing the Nextcloud with Nginx SSL demands nothing but a few simple steps of enabling PHP and configuring the Nginx for Nextcloud.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.