Nextcloud Nginx SSL: Installation and Management

Let us go through the Nextcloud installation with Nginx SSL in detail. Bobacres answers all of your questions on installing Nextcloud with Nginx ssl with our server management support services.

Install Nextcloud with Nginx and SSL/TLS Certificates on CentOS 8

 

 

Firstly, run System Update. Check to see if the system packages are up to date. Type in the following to check:

dnf updateCopy Code

After that Install LEMP Stack. Set up the LEMP stack first before running Nextcloud with Nginx.

Install Other Required PHP Modules

Run the scripts below to install any additional PHP modules or packages that are required.

dnf install php-gd php-json php-curl php-mbstring php-intl php-xml php-zip php-pear php-soapCopy Code

Install other necessary packages;

dnf install zip wget tar policycoreutils-python-utilsCopy Code

Configure PHP

Change the value of cgi.fix pathinfo to 0 in /etc/php.ini.

vim /etc/php.ini
...
;cgi.fix_pathinfo=1
cgi.fix_pathinfo=0
...Copy Code

Make the following modifications to /etc/php-fpm.d/www.conf:

vim /etc/php-fpm.d/www.conf
...
user = nginx
group = nginx
...
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
...Copy Code

Create Nextcloud Database and Database User

Make sure that InnoDB is the default storage engine before building the MariaDB/MySQL database for Nextcloud:

mysql -u root -p
show engines;
+--------------------+---------+----------------------------------------------------------------------------------+--------------+------+------------+
| Engine             | Support | Comment                                                                          | Transactions | XA   | Savepoints |
+--------------------+---------+----------------------------------------------------------------------------------+--------------+------+------------+
...
...
| InnoDB             | DEFAULT | Supports transactions, row-level locking, foreign keys and encryption for tables | YES          | YES  | YES        |
...Copy Code

Make sure the support is set to DEFAULT.

Next, create Nextcloud database. Note that the name of the database is not standard and remember to change it during the nextcloud nginx SSL installation process.  

create database abcd;Copy Code

Create a Nextcloud database user with full access to the Nextcloud database.

grant all privileges on abcd.* to ncadmin@localhost identified by 'P@ssW0rd';Copy Code

Exit the database and reload the privileges tables.

flush privileges; 
quitCopy Code

Download and Install Nextcloud

The next step in the process is to download and install the Next cloud from the source to as the next step to install nextcloud with nginx ssl. 

wget https://download.nextcloud.com/server/releases/latest.zipCopy Code

Extract Nextcloud to Web Root Directory

As in here, Nginx is configured as the Web server, the Nextcloud files and configurations should be placed under /usr/share/nginx/html/nextcloud. Depending on the usercase, the path may differ. This makes it easier for installing nextcloud with nginx ssl.

 

unzip latest.zip -d /usr/share/nginx/html/Copy Code

Generate SSL/TLS Certificates

To begin configuring Nextcloud with SSL/TLS certificates, firstly generate the certificates. Consider using publicly trustworthy certificates from the choice CA when operating Nextcloud in production situations.

 

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/nc-selfsigned.key -out /etc/pki/tls/nc-selfsigned.crtCopy Code

Configuring Nginx for Nextcloud

The next important step for installing Nextcloud with Nginx is Nextcloud includes an example Nginx configuration code. Simply take the setup and modify it to fit the surroundings.

vim /etc/nginx/conf.d/nextcloud.conf

upstream php-handler {
    server unix:/run/php-fpm/www.sock;
}

server {
    listen 80;
    server_name nextcloud.abcd-1234.com;
    # enforce https
    return 301 https://$server_name:443$request_uri;
}

server {
    listen 443 ssl http2;
    server_name nextcloud.abcd-1234.com;

    ssl_certificate /etc/pki/tls/nc-selfsigned.crt;
    ssl_certificate_key /etc/pki/tls/nc-selfsigned.key;

    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;

    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /usr/share/nginx/html/nextcloud;

    access_log /var/log/nginx/nc_access_log;
    error_log /var/log/nginx/nc_error_log;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    location / {
        rewrite ^ /index.php;
    }

    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    }
    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;

        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
        try_files $uri /index.php$request_uri;
        access_log off;
    }
}

Save the configuration file and exit. After that configure up a Nextcloud data directory.  

mkdir /usr/share/nginx/html/nextcloud/dataCopy Code

And then Nginx should be given user and group ownership of the Nextcloud directory.

chown -R nginx:nginx /usr/share/nginx/html/nextcloudCopy Code

Make sure that Nextcloud directories and files have the necessary permissions for easy nextcloud installation with Nginx ssl.

find /usr/share/nginx/html/nextcloud/ -type d -exec chmod 750 {} \;Copy Code

find /usr/share/nginx/html/nextcloud/ -type f -exec chmod 640 {} \;Copy Code

Set the Nginx as the owner of the PHP session directory. 

chown nginx:nginx -R /var/lib/php/session/Copy Code

Check for syntax problems in Nginx.   

nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfulCopy Code

Start Nginx and PHP-FPM again.

systemctl restart nginx php-fpmCopy Code

Allow Nginx HTTP/HTTPS traffic on FirewallD

If firewallD is operating, use the following command to open ports 80 and 443.

firewall-cmd --add-port={80,443}/tcp --permanent
firewall-cmd --reloadCopy Code

Configure SELinux

Nextcloud also provides SELinux options, which should at the very least resolve the permission concerns with Nextcloud. Run the following commands, and make sure to replace the Nextcloud installation paths as needed. The path set up to the nextcloud installation with the Nginx SSL.

semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)?' 
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config(/.*)?' 
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps(/.*)?' 
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess' 
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini' 
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'
restorecon -Rv '/usr/share/nginx/html/nextcloud/'Copy Code

Finalize Nextcloud Setup on Browser

To complete the installation and setup, go to Nextcloud on the browser. Enter the Nextcloud admin user’s name and password on the Nextcloud user interface. After that, specify the backend database and the connection information. Here, select MariaDB from the storage and database drop-down, enter the Nextcloud data directory, select MySQL/MariaDB as the database, and enter the connection settings as described previously.

To finish the configuration, click Finish setup. When the setup is complete, a login window will appear. Log in to Nextcloud using the admin credentials created during setup. This is the final step in the entire process of installing Nextcloud with Nginx and SSL/TLS Certificates on CentOS.

[Need assistance with similar queries? We are here to help]

Conclusion

To conclude, the process of installing the Nextcloud with Nginx SSL demands nothing but a few simple steps of enabling PHP and configuring the Nginx for Nextcloud.