Skip to content

Commit

Permalink
rocky-linux#1867 fix markdown violation in cms, communications, conta…
Browse files Browse the repository at this point in the history
…iners
  • Loading branch information
nishaaaaaant committed Mar 29, 2024
1 parent e87fbd2 commit 549d226
Show file tree
Hide file tree
Showing 5 changed files with 173 additions and 174 deletions.
122 changes: 59 additions & 63 deletions docs/guides/cms/cloud_server_using_nextcloud.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,14 @@ tags:

## Prerequisites And Assumptions

* Server running Rocky Linux (you can install Nextcloud on any Linux distribution, but this procedure will assume you're using Rocky).
* A high degree of comfort operating from the command line for installation and for configuration.
* Knowledge of a command-line editor. For this example, we are using _vi_, but you can use your favorite editor if you have one.
* While Nextcloud can be installed via a snap application, we will be documenting just the .zip file installation.
* We will be applying concepts from the Apache "sites enabled" document (linked to down below) for directory setup.
* We will also be using the _mariadb-server_ hardening procedure (also linked to later) for database setup.
* Throughout this document we will assume that you are root, or that you can be by using _sudo_.
* We are using an example domain of "yourdomain.com" in the configuration.
- Server running Rocky Linux (you can install Nextcloud on any Linux distribution, but this procedure will assume you're using Rocky).
- A high degree of comfort operating from the command line for installation and for configuration.
- Knowledge of a command-line editor. For this example, we are using _vi_, but you can use your favorite editor if you have one.
- While Nextcloud can be installed via a snap application, we will be documenting just the .zip file installation.
- We will be applying concepts from the Apache _sites enabled_ document (linked to down below) for directory setup.
- We will also be using the _mariadb-server_ hardening procedure (also linked to later) for database setup.
- Throughout this document we will assume that you are root, or that you can be by using _sudo_.
- We are using an example domain of <yourdomain.com> in the configuration.

## Introduction

Expand All @@ -33,40 +33,39 @@ Taking the cloud back into your own environment is a way to reclaim security of

Nextcloud offers an open source cloud with security and flexibility in mind. Note that building a Nextcloud server is a good exercise, even if you opt to take your cloud off-site in the end. The following procedure deals with setting up Nextcloud on Rocky Linux.


## Nextcloud Install
## Nextcloud Install

### Installing And Configuring Repositories and Modules

For this installation, we will require two repositories. We need to install the EPEL (Extra Packages for Enterprise Linux), and the Remi Repository for PHP 8.0
For this installation, we will require two repositories. We need to install the EPEL (Extra Packages for Enterprise Linux), and the Remi Repository for PHP 8.0

!!! note

A minimum PHP version 7.3 or 7.4 is required and the Rocky Linux version of 7.4 does not contain all of the packages that Nextcloud needs. We are going to use PHP 8.0 from the Remi repository instead.

To install the EPEL run:

```
```bash
dnf install epel-release
```

To install the Remi repository run (note: if you are using Rocky Linux 9.x, substitute in 9 next to "release-" below):
To install the Remi repository run (note: if you are using Rocky Linux 9.x, substitute in 9 next to `release-` below):

```
```bash
dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
```

Then run `dnf upgrade` again.

Run the following to see a list of php modules that can be enabled:

```
```bash
dnf module list php
```

which gives you this output for Rocky Linux 8.x (similar output will show for Rocky Linux 9.x):

```
```bash
Rocky Linux 8 - AppStream
Name Stream Profiles Summary
php 7.2 [d] common [d], devel, minimal PHP scripting language
Expand All @@ -85,27 +84,27 @@ Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
We want to grab the newest PHP that Nextcloud is compatible with, which at this moment is 8.0, so we will enable that module by doing:
```
```bash
dnf module enable php:remi-8.0
```
To see how this changes the output of the module list, run the module list command again and you will see the "[e]" next to 8.0:
```
```bash
dnf module list php
```
And the output again is the same except for this line:
```
```bash
php remi-8.0 [e] common [d], devel, minimal PHP scripting language
```
### Installing Packages
Our example here uses Apache and mariadb, so to install what we need, we simply need to do the following:
```
```bash
dnf install httpd mariadb-server vim wget zip unzip libxml2 openssl php81-php php81-php-ctype php81-php-curl php81-php-gd php81-php-iconv php81-php-json php81-php-libxml php81-php-mbstring php81-php-openssl php81-php-posix php81-php-session php81-php-xml php81-php-zip php81-php-zlib php81-php-pdo php81-php-mysqlnd php81-php-intl php81-php-bcmath php81-php-gmp
```
Expand All @@ -115,29 +114,29 @@ dnf install httpd mariadb-server vim wget zip unzip libxml2 openssl php81-php ph
Set _apache_ to start on boot:
```
```bash
systemctl enable httpd
```
Then start it:
```
```bash
systemctl start httpd
```
#### Create The Configuration
In the "Prerequisites and Assumptions" section, we mentioned that we will be using the [Apache Sites Enabled](../web/apache-sites-enabled.md) procedure for our configuration. Click over to that procedure and set up the basics there, and then return to this document to continue.
In the _Prerequisites and Assumptions_ section, we mentioned that we will be using the [Apache Sites Enabled](../web/apache-sites-enabled.md) procedure for our configuration. Click over to that procedure and set up the basics there, and then return to this document to continue.
For Nextcloud, we will need to create the following configuration file.
```
```bash
vi /etc/httpd/sites-available/com.yourdomain.nextcloud
```
Your configuration file should look something like this:
```
```bash
<VirtualHost *:80>
DocumentRoot /var/www/sub-domains/com.yourdomain.nextcloud/html/
ServerName nextcloud.yourdomain.com
Expand All @@ -152,76 +151,75 @@ Your configuration file should look something like this:
</VirtualHost>
```
Once done, save your changes (with `SHIFT:wq!` for _vi_).
Once done, save your changes (with ++shift+colon+"w"+"q"+exclam for _vi_).
Next, create a link to this file in /etc/httpd/sites-enabled:
```
```bash
ln -s /etc/httpd/sites-available/com.yourdomain.nextcloud /etc/httpd/sites-enabled/
```
#### Creating The Directory
As noted in the configuration above, the _DocumentRoot_ needs to be created. This can be done by:
```
```bash
mkdir -p /var/www/sub-domains/com.yourdomain.com/html
```
This is where our Nextcloud instance will be installed.

#### Configuring PHP
We need to set the time zone for PHP. To do this, open up php.ini with your text editor of choice:
```
```bash
vi /etc/opt/remi/php81/php.ini
```
Then find the line:
```
```php
;date.timezone =
```
We need to remove the remark (;) and set our time zone. For our example time zone, we would put in either:
We need to remove the remark (++semicolon++) and set our time zone. For our example time zone, we would put in either:
```
```php
date.timezone = "America/Chicago"
```
OR
```
```php
date.timezone = "US/Central"
```
Then save and exit the php.ini file.
Note that for the sake of keeping things the same, your time zone in the _php.ini_ file should match up to your machine's time zone setting. You can find out what this is set to by doing the following:

```
```bash
ls -al /etc/localtime
```

Which should show you something like this, assuming you set your time zone when you installed Rocky Linux and are living in the Central time zone:

```
```bash
/etc/localtime -> /usr/share/zoneinfo/America/Chicago
```

#### Configuring mariadb-server

Set _mariadb-server_ to start on boot:

```
```bash
systemctl enable mariadb
```

And then start it:

```
```bash
systemctl restart mariadb
```

Expand All @@ -231,57 +229,56 @@ Again, as indicated earlier, we will be using the setup procedure for hardening

The next few steps assume that you are remotely connected to your Nextcloud server via _ssh_ with a remote console open:

* Navigate to the [Nextcloud web site](https://nextcloud.com/).
* Let your mouse hover over "Get Nextcloud" which will bring up a drop-down menu.
* Click on "Server Packages".
* Right-click on "Download Nextcloud" and copy the link address (the exact syntax of this is different from browser to browser).
* In your remote console on the Nextcloud server, type "wget" and then a space and paste in what you just copied. You should get something like the following: `wget https://download.nextcloud.com/server/releases/nextcloud-21.0.1.zip` (note that the version could be different).
* Once you hit enter, the download of the .zip file will start and will be completed fairly quickly.
- Navigate to the [Nextcloud web site](https://nextcloud.com/).
- Let your mouse hover over `Get Nextcloud` which will bring up a drop-down menu.
- Click on `Server Packages`.
- Right-click on `Download Nextcloud` and copy the link address (the exact syntax of this is different from browser to browser).
- In your remote console on the Nextcloud server, type `wget` and then a space and paste in what you just copied. You should get something like the following: `wget https://download.nextcloud.com/server/releases/nextcloud-21.0.1.zip` (note that the version could be different).
- Once you hit enter, the download of the .zip file will start and will be completed fairly quickly.

Once the download is complete, unzip the Nextcloud zip file by using the following:

```
```bash
unzip nextcloud-21.0.1.zip
```

### Copying Content And Changing Permissions

After completing the unzip step, you should now have a new directory in /root called "nextcloud." Change into this directory:
After completing the unzip step, you should now have a new directory in _/root_ called "nextcloud." Change into this directory:

```
```bash
cd nextcloud
```

And either copy or move the content to our _DocumentRoot_:

```
```bash
cp -Rf * /var/www/sub-domains/com.yourdomain.nextcloud/html/
```

OR

```
```bash
mv * /var/www/sub-domains/com.yourdomain.nextcloud/html/
```

Now that everything is where it should be, the next step is to make sure that apache owns the directory. To do this, run:

```
```bash
chown -Rf apache.apache /var/www/sub-domains/com.yourdomain.nextcloud/html
```

For security reasons, we also want to move the "data" folder from inside to outside of the _DocumentRoot_. Do this with the following command:
For security reasons, we also want to move the _data_ folder from inside to outside of the _DocumentRoot_. Do this with the following command:

```
```bash
mv /var/www/sub-domains/com.yourdomain.nextcloud/html/data /var/www/sub-domains/com.yourdomain.nextcloud/
```


### Configuring Nextcloud

Now comes the fun! First, make sure that you have your services running. If you followed the above steps, they should already be running. We have had several steps between those initial service starts, so let's go ahead and restart them, just to be sure:
```
```bash
systemctl restart httpd
systemctl restart mariadb
```
Expand All @@ -290,22 +287,20 @@ If everything restarts and there are no issues, then you are ready to move on.
To do the initial configuration, we want to actually load the site in a web browser:
```
http://nextcloud.yourdomain.com/
```
<http://nextcloud.yourdomain.com/>
Assuming that you've done everything correctly so far, you should be presented with a Nextcloud setup screen:

![nextcloud login screen](../images/nextcloud_screen.jpg)

There are a couple of things that we want to do differently than the defaults that show up:

* At the top of the web page, where it says "Create an admin account", set the user and password. For the sake of this document, we are entering "admin" and setting a strong password. Remember to save this somewhere safe (like a password manager) so that you don't lose it! Even though you have typed into this field, don't hit 'Enter' until we have done all of the setup fields!
* Under the "Storage & database" section, change the "Data folder" location from the default document root, to where we moved the data folder earlier: `/var/www/sub-domains/com.yourdomain.nextcloud/data`.
* Under the "Configure the database" section, change from "SQLite" to "MySQL/MariaDB" by clicking on that button.
* Type the MariaDB root user and password that you set earlier into the "Database user" and "Database password" fields.
* In the "Database name" field, type "nextcloud".
* In the "localhost" field, type "localhost:3306" (3306 is the default _mariadb_ connect port).
- At the top of the web page, where it says `Create an admin account`, set the user and password. For the sake of this document, we are entering `admin` and setting a strong password. Remember to save this somewhere safe (like a password manager) so that you don't lose it! Even though you have typed into this field, don't hit ++enter++ until we have done all of the setup fields!
- Under the `Storage & database` section, change the `Data folder` location from the default document root, to where we moved the data folder earlier: `/var/www/sub-domains/com.yourdomain.nextcloud/data`.
- Under the `Configure the database` section, change from `SQLite` to `MySQL/MariaDB` by clicking on that button.
- Type the MariaDB root user and password that you set earlier into the `Database user` and `Database password` fields.
- In the `Database name` field, type `nextcloud`.
- In the `localhost` field, type <localhost:3306> (3306 is the default _mariadb_ connect port).

Once you have all this, click `Finish Setup` and you should be up and running.

Expand All @@ -320,4 +315,5 @@ The "Nextcloud Manual.pdf" file is the user manual, so that users can get famili
At this point, don't forget that this is a server that you will be storing company data on. It's important to get it locked down with a firewall, get the [backup set up](../backup/rsnapshot_backup.md), secure the site with an [SSL](../security/generating_ssl_keys_lets_encrypt.md), and any other duties that are required to keep your data safe.

## Conclusions

A decision to take the company cloud in house is one that needs to be evaluated carefully. For those that decide that keeping company data locally is preferable over an external cloud host, Nextcloud is a good alternative.
Loading

0 comments on commit 549d226

Please sign in to comment.