How to install Nextcloud using Nginx and PHP7-FPM in CentOS7

Prerequisites

1. 64-bit centos 7

2. Root permissions on the server

Step 1 - Install nginx and php7-fpm in centos 7

Before starting to install nginx and php7-fpm, we also need to add Repository source for epel packages. Use the following command:

yum -y install epel-release

Now start installing nginx from the epel repository:

yum -y install nginx

Then we also need to add another repository for php7-fpm. There are many remote repositories on the Internet that provide php 7 series packages. I use webtatic here.

Add php7-fpm webtatic repository:

rpm -uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Then install php7-fpm and some packages needed by nextcloud.

Copy code The code is as follows:

yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w- json php70w-pecl-apcu php70w-pecl-apcu-devel

Finally, check the version number of php from the server terminal to verify whether php is installed correctly.

php -v

Step 2 - Configure php7-fpm

In this step, we will configure php-fpm to run together with nginx. php7-fpm will run as user nginx and listen on port 9000.

Use vim to edit the default php7-fpm configuration file.

vim /etc/php-fpm.d/www.conf

In lines 8 and 10, user and group are assigned the value nginx.

user = nginx
group = nginx

On line 22, make sure php-fpm is running on the specified port.

listen = 127.0.0.1:9000

Uncomment lines 366-370 and enable the system environment variables of php-fpm.

env[hostname] = $hostname
env[path] = /usr/local/bin:/usr/bin:/bin
env[tmp] = /tmp
env[tmpdir] = /tmp
env[temp] = /tmp

Save the file and exit the vim editor.

The next step is to create a new folder session in the /var/lib/ directory and change its owner to nginx user.

mkdir -p /var/lib/php/session
chown nginx:nginx -r /var/lib/php/session/

Then start php-fpm and nginx, and set them as services that start at boot.

sudo systemctl start php-fpm
sudo systemctl start nginx
sudo systemctl enable php-fpm
sudo systemctl enable nginx

php7-fpm configuration completed

Step 3 - Install and configure mariadb

I use mariadb as the database of nextcloud. You can directly use the yum command to install the mariadb-server package from the centos default remote repository.

yum -y install mariadb mariadb-server

Start mariadb and add it to the service started with the system.

systemctl start mariadb
systemctl enable mariadb

Now start configuring the root user password of mariadb.

mysql_secure_installation

Type y , and then set the root password of mariadb.

set root password? [y/n] y
new password:
re-enter new password:
remove anonymous users? [y/n] y
disallow root login remotely? [y/n] y
remove test database and access to it? [y/n] y
reload privilege tables now? [y/n] y

The password is now set, now log in to the mysql shell and create a new database and user for nextcloud. Here I create a database named nextcloud_db and a user named nextclouduser . The user password is nextclouduser@. Of course, choose a more secure password for your own system.

mysql -u root -p

Enter the root password of mariadb to log in to the mysql shell.

Enter the following mysql query statement to create a new database and user.

create database nextcloud_db;
create user nextclouduser@localhost identified by 'nextclouduser@';
grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'nextclouduser@';
flush privileges;

nextcloud_db Database and nextclouduser Database user creation completed

Step 4 - Generate a self-signed ssl certificate for nextcloud

In the tutorial, I will have the client run nextcloud with an https connection. You can use a free SSL certificate such as let's encrypt, or create a self-signed SSL certificate yourself. Here I use openssl to create my own self signed ssl certificate.

Create a new directory for the ssl file:

mkdir -p /etc/nginx/cert/

As follows, use openssl to generate a new ssl certificate.

Copy code The code is as follows:

openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/ cert/nextcloud.key

Finally use the chmod command to set the permissions of all certificate files to 600.

chmod 700 /etc/nginx/cert
chmod 600 /etc/nginx/cert/*

Step 5 - Download and install nextcloud

I directly use the wget command to download nextcloud to the server, so it needs to be installed first wget. In addition, you also need to install unzip to decompress. Use the yum command to install these two programs.

yum -y install wget unzip

First enter the /tmp directory, and then use wget to download the latest nextcloud 10 from the official website.

cd /tmp
wget https://download.nextcloud.com/server/releases/nextcloud-10.0.2.zip

Unzip nextcloud and move it to the /usr/share/nginx/html/ directory.

unzip nextcloud-10.0.2.zip
mv nextcloud/ /usr/share/nginx/html/

Next step, go to the web root directory of nginx and create a data folder for nextcloud.

cd /usr/share/nginx/html/
mkdir -p nextcloud/data/

Change nextcloud The owner of the directory is nginx user and group.

chown nginx:nginx -r nextcloud/

Step 6 - Configure virtual host for nextcloud in nginx

在步骤 5 我们已经下载好了 nextcloud 源码，并配置好了让它运行于 nginx 服务器中，但我们还需要为它配置一个虚拟主机。在 nginx 的 conf.d 目录下创建一个新的虚拟主机配置文件 nextcloud.conf。

cd /etc/nginx/conf.d/
vim nextcloud.conf

将以下内容粘贴到虚拟主机配置文件中：

upstream php-handler {
  server 127.0.0.1:9000;
  #server unix:/var/run/php5-fpm.sock;
}
server {
  listen 80;
  server_name cloud.nextcloud.co;
  # enforce https
  return 301 https://$server_name$request_uri;
}
server {
  listen 443 ssl;
  server_name cloud.nextcloud.co;
  ssl_certificate /etc/nginx/cert/nextcloud.crt;
  ssl_certificate_key /etc/nginx/cert/nextcloud.key;
  # add headers to serve security related headers
  # before enabling strict-transport-security headers please read into this
  # topic first.
  add_header strict-transport-security "max-age=15768000;
  includesubdomains; preload;";
  add_header x-content-type-options nosniff;
  add_header x-frame-options "sameorigin";
  add_header x-xss-protection "1; mode=block";
  add_header x-robots-tag none;
  add_header x-download-options noopen;
  add_header x-permitted-cross-domain-policies none;
  # path to the root of your installation
  root /usr/share/nginx/html/nextcloud/;
  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }
  # the following 2 rules are only needed for the user_webfinger app.
  # uncomment it if you're planning to use this app.
  #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
  # last;
  location = /.well-known/carddav {
   return 301 $scheme://$host/remote.php/dav;
  }
  location = /.well-known/caldav {
   return 301 $scheme://$host/remote.php/dav;
  }
  # set max upload size
  client_max_body_size 512m;
  fastcgi_buffers 64 4k;
  # disable gzip to avoid the removal of the etag header
  gzip off;
  # uncomment if your server is build with the ngx_pagespeed module
  # this module is currently not supported.
  #pagespeed off;
  error_page 403 /core/templates/403.php;
  error_page 404 /core/templates/404.php;
  location / {
    rewrite ^ /index.php$uri;
  }
  location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
  }
  location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
  }
  location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    fastcgi_param script_filename $document_root$fastcgi_script_name;
    fastcgi_param path_info $fastcgi_path_info;
    fastcgi_param https on;
    #avoid sending the security headers twice
    fastcgi_param modheadersavailable true;
    fastcgi_param front_controller_active true;
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
    fastcgi_request_buffering off;
  }
  location ~ ^/(?:updater|ocs-provider)(?:$|/) {
    try_files $uri/ =404;
    index index.php;
  }
  # adding the cache control header for js and css files
  # make sure it is below the php block
  location ~* \.(?:css|js)$ {
    try_files $uri /index.php$uri$is_args$args;
    add_header cache-control "public, max-age=7200";
    # add headers to serve security related headers (it is intended to
    # have those duplicated to the ones above)
    # before enabling strict-transport-security headers please read into
    # this topic first.
    add_header strict-transport-security "max-age=15768000;
    includesubdomains; preload;";
    add_header x-content-type-options nosniff;
    add_header x-frame-options "sameorigin";
    add_header x-xss-protection "1; mode=block";
    add_header x-robots-tag none;
    add_header x-download-options noopen;
    add_header x-permitted-cross-domain-policies none;
    # optional: don't log access to assets
    access_log off;
  }
  location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
    try_files $uri /index.php$uri$is_args$args;
    # optional: don't log access to other assets
    access_log off;
  }
}

保存文件并退出 vim。

下载测试以下该 nginx 配置文件是否有错误，没有的话就可以重启服务了。

nginx -t
systemctl restart nginx

步骤 7 - 为 nextcloud 配置 selinux 和 firewalld 规则

本教程中，我们将以强制模式运行 selinux，因此需要一个 selinux 管理工具来为 nextcloud 配置 selinux。

使用以下命令安装 selinux 管理工具。

yum -y install policycoreutils-python

然后以 root 用户来运行以下命令，以便让 nextcloud 运行于 selinux 环境之下。如果你是用的其他名称的目录，记得将 nextcloud 替换掉。

semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/assets(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini'
restorecon -rv '/usr/share/nginx/html/nextcloud/'

接下来，我们要启用 firewalld 服务，同时为 nextcloud 开启 http 和 https 端口。

启动 firewalld 并设置随系统启动。

systemctl start firewalld
systemctl enable firewalld

现在使用 firewall-cmd 命令来开启 http 和 https 端口，然后重新加载防火墙。

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

至此，服务器配置完成。

步骤 8 - nextcloud 安装

打开你的 web 浏览器，输入你为 nextcloud 设置的域名，我这里设置为 cloud.nextcloud.co，然后会重定向到安全性更好的 https 连接。

设置你的管理员用户名和密码，然后输入数据验证信息，点击 '完成安装 (finish setup)'。

The above is the detailed content of How to install Nextcloud using Nginx and PHP7-FPM in CentOS7. For more information, please follow other related articles on the PHP Chinese website!