Install NextCloud on CentOS 7 using Alibaba Cloud ECS

本文涉及的产品
云数据库 RDS MySQL,集群系列 2核4GB
推荐场景:
搭建个人博客
RDS MySQL Serverless 基础系列,0.5-2RCU 50GB
云数据库 RDS PostgreSQL,集群系列 2核4GB
简介: NextCloud is a free and open source self-hosted service that lets you host your files onto your own private server, providing you full control over your data.

Understanding_Data_Caching

By Liptan Biswas, Alibaba Cloud Tech Share Author

NextCloud is a free and open source self-hosted alternative to Dropbox or Google Drive. It lets you host your files onto your own private server, providing you full control over your data. Because of the open architecture of NextCloud, you can use apps to improve its functionality. NextCloud uses the best security practices to secure data and has built-in collaboration and sharing features. You can also turn on the encryption feature, which will encrypt all your data on disk. Apart from hosting files, NextCloud can also be used to store the contacts and make secure audio/video calls. It supports multiple authentication mechanisms and is available in multiple languages. Desktop and mobile applications are also available for multiple platforms to sync your files.

Prerequisite

Create a new ECS instance choosing CentOS 7.4 as the operating system. Connect to your ECS instance and log in as the root user. To follow this guide, you will also need a domain name that needs to be pointed towards your ECS instance.

Once you are logged into your CentOS 7 instance, run the following command to update your base system with the latest available packages.

yum -y update

Create a new user.

adduser nextcloud
passwd nextcloud

Add the user to sudo group and switch to the newly created user.

usermod -aG wheel nextcloud
sudo su - nextcloud

Install Nginx with PHP 7

As of now, Nextcloud supports PHP version 7.0 and 7.1. In this tutorial, we will install PHP 7.1. Install EPEL and Remi repository so that we can install the pre-built PHP packages directly.

sudo yum -y install epel-release yum-utils nano unzip
sudo rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum-config-manager --enable remi-php71

Install Nginx web server and PHP 7.1 along with the required PHP modules.

sudo yum -y install nginx php php-fpm php-mysqlnd php-ctype php-dom php-gd php-iconv php-json php-libxml php-mbstring php-posix php-xml php-zip php-openssl php-zlib php-curl php-fileinfo php-bz2 php-intl php-mcrypt php-ftp php-exif php-gmp php-memcached php-imagick

Edit the loaded PHP configuration file.

sudo nano /etc/php.ini

Set the appropriate time zone and memory limit. If you want, you can use -1 as the memory limit, which will remove the limits on the amount of memory a script may consume. Uncomment and set 0 to the value of cgi.fix_pathinfo and increase the file upload limits. Once you have updated the parameters, the updates should look like as shown below.

; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 512M

...    
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone =Asia/Kolkata

...
cgi.fix_pathinfo=0

...
post_max_size = 512M

...
upload_max_filesize = 512M

Once you have done configuring php.ini, open the php-fpm configuration file.

sudo nano /etc/php-fpm.d/www.conf

Look for the user and group parameters and change it from apache to nginx. Find listen = 127.0.0.1:9000 file to comment it out and append listen = /var/run/php-fpm/php-fpm.sock just below it. Finally, uncomment listen.owner and change its value from nobody to nginx. Once you have updated the parameters, the updates should look like as shown below.

user = nginx
group = nginx

...    

;listen = 127.0.0.1:9000
listen = /var/run/php-fpm/php-fpm.sock

...

listen.owner = nginx
listen.group = nginx

Also, search for the following line and uncomment them to enable php environment variables.

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

Save the file and exit from the editor. Now create a new directory to store the PHP session data.

sudo mkdir -p /var/lib/php/session
sudo chown nginx:nginx -R /var/lib/php/session/

Set appropriate permission and ownership to php-fpm socket file.

sudo chown nginx:nginx /var/run/php-fpm/php-fpm.sock
sudo chmod 660 /var/run/php-fpm/php-fpm.sock

Now, start php-fpm and enable it to automatically start at boot time.

sudo systemctl restart php-fpm
sudo systemctl enable php-fpm

Also, start Nginx web server and enable it to automatically start at boot time.

sudo systemctl restart nginx
sudo systemctl enable nginx

Download NextCloud

Download NextCloud archive on your server.

wget https://download.nextcloud.com/server/releases/nextcloud-12.0.4.zip

You can always find the link to the latest version of the application on the NextCloud download page. Extract the downloaded archive into /usr/share/nginx/nextcloud.

sudo unzip nextcloud-*.zip -d /usr/share/nginx

Create a new directory to store the data.

sudo mkdir /usr/share/nginx/nextcloud/data

Provide appropriate ownership of the files.

sudo chown -R nginx:nginx /usr/share/nginx/nextcloud

All the files of NextCloud has been placed on the server successfully.

Setup SSL

In this tutorial, we will use the free SSL certificate generated by Let's Encrypt CA. However, business users should consider using Alibaba Cloud SSL Certificates Service to achieve a high level of security and reliability.

Certbot is the client application for generating Let's Encrypt free SSL certificates. Install Certbot.

sudo wget https://dl.eff.org/certbot-auto -O /usr/bin/certbot
sudo chmod a+x /usr/bin/certbot

For generating Let's Encrypt certificate, the domain must be pointed towards the ECS instance. If the certbot client could not resolve the domain name to your ECS instance, certificate won't be issued. In that case, make sure that the domain is pointed towards the ECS instance and wait for the DNS to propagate before making the certificate request again.

Generate the SSL certificate for your domain.

sudo certbot certonly --webroot -w /usr/share/nginx/html -d files.example.com

Replace files.example.com with your actual domain name. Provide your email address and accept the license to proceed further. If the certificates are successfully generated, you should see the following output.

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/files.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/files.example.com/privkey.pem
   Your cert will expire on 2018-03-26. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Create a new Nginx server block for virtual hosting of the NextCloud application.

sudo nano /etc/nginx/conf.d/files.example.com.conf

Populate the file with the following configuration.

upstream php-handler {
    server unix:/var/run/php-fpm/php-fpm.sock;
}

server {
    listen 80;
    server_name files.example.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name files.example.com;

    ssl_certificate  /etc/letsencrypt/live/files.example.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/files.example.com/privkey.pem;

    add_header Strict-Transport-Security "max-age=15768000;
    includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    root /usr/share/nginx/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;    

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        add_header Strict-Transport-Security "max-age=15768000;
        includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        access_log off;
    }

    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        access_log off;
    }
}

Make sure to replace all occurrences of files.example.com with your actual domain name. The above configuration includes Gzip compression config, which dynamically compresses the data before sending to the browser. It also includes security and browser caching configurations. Restart the Nginx web server to so that the changes can take effect.

sudo systemctl restart nginx

Setting Up MySQL Database

For hosting the MySQL database, you have two options here. If you want to use a high-performance database server to host the database, you can choose ApsaraDB database instance. If you are a small team and not looking for a pre-optimized database server, you can host the MySQL on the same ECS instance on which NextCloud is installed. This tutorial covers both the installation methods. Based on your choice of the database server, choose any of the database methods described in the tutorial.

Setting up MySQL database on ApsaraDB RDS instance

Using an ApsaraDB RDS instance of MySQL has many benefits over the self-hosted version of MySQL. It is very easy to deploy and provides ease of management with high-performance features such as SQL and parameter optimization.

To create a new ApsaraDB MySQL instance, go to your RDS console and click on Create Instance button. Choose your payment method, region, and zone. Create the RDS instance in the same region and zone where the ECS instance of NextCloud is created. Choose MySQL 5.6 as the database engine. Choose the instance type, for a small team 1GB instance should be enough. Choose the required storage space and network. It is important that you choose the same VPC network and VSwitch in which the ECS instance is running otherwise you will get errors while connecting to the database instance.

Once, you have created the RDS instance wait for few minutes to let it start. Once the instance has successfully started, click on the Manage link to go to the instance's management panel.

1

On basic information interface, click on the Set whitelist link.

2

You will be taken to Security tab. Click on Add a Whitelist Group. Provide a group name and enter the private IP address or Intranet address of the ECS instance on which you are running the NextCloud. You can find the private IP address of the ECS instance on your ECS dashboard.

3

Now, create a new database user for NextCloud database. Navigate to Accounts tab from the sidebar and click on Create Account button. Provide and database username and a password. Make a note of the username and password as we will require that later in the tutorial.

4

Once an account is created, navigate to Databases tab and click on Create Database button. Provide the name of the database and select the username from the list of accounts. Select Read/Write access checkbox. Make sure to choose "utf8mb4" as the character set. This will enable emoji support in NextCloud.

5

Now head back to the Basic Information tab from the sidebar and you will see the Intranet address of your RDS instance.

6

Make a note of the Intranet address which is pointing towards your RDS instance. Now skip the next section of setting up MySQL database server on the ECS instance and proceed to the web-based installation.

Setting up Database server on ECS instance

If you do not want to use ApsaraDB for MySQL database server, you can also install MariaDB into your system. MariaDB is an open source fork of MySQL. Add the repository for the latest version of MariaDB.

echo "[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1" | sudo tee /etc/yum.repos.d/mariadb.repo

Install the MariaDB server and Client.

sudo yum -y install MariaDB-server MariaDB-client

Start MariaDB database server and enable it to automatically start at boot time by running.

sudo systemctl start mariadb
sudo systemctl enable mariadb

Set your root password and secure your MariaDB instance by running.

sudo mysql_secure_installation

Login to your MySQL database server as root user.

mysql -u root -p

Run the following queries to create a new database and a database user for the Nextcloud application.

CREATE DATABASE nextcloud CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'Password123';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Replace Password123 with some strong password in above query. Database for Nextcloud is created. Proceed to install the application using the web-based installer.

Web-based Installation

Open your favorite browser and go to https://files.example.com and you should see the following web page.

7

Specify the administrator account details and expand the Storage & database options. Select the MySQL/MariaDB database type and provide the database username, password and the name of the database. If you are using ApsaraDB than provide the intranet address along with the port number "3306" as the hostname. For example, my hostname is "rm-gs50djs5qdna771jd.mysql.singapore.rds.aliyuncs.com:3306". If you have chosen to install the MariaDB server on your ECS instance, use "localhost:3306" as the hostname. Click on Finish setup button once done.

The installer will now write the database. Once NextCloud is successfully installed, you will be taken to its default dashboard.

8

Head out to the administrative panel and tweak the setting according to your requirements.

Configure Cron Job

By default, NextCloud is configured to use web-based Cron method in which Cron is automatically executed when you open the Nextloud web interface. If the web interface is not accessed for long periods, scheduled tasks are not executed. To make sure that scheduled tasks are regularly executing, you can make a Cron job entry. Open the crontab file for user nginx.

sudo crontab -u nginx -e

Populate the file with.

*/15 * * * * php -f /usr/share/nginx/nextcloud/cron.php

This will automatically execute the scheduled tasks of Nextcloud every fifteen minutes.

Since we have used Let's Encrypt SSL certificates to secure the site. Let's Encrypt provides the certificates for 3 months only. It is recommended to set up a Cron job for automatically renewing the certificates.

Open the crontab file for the root user.

sudo crontab -e

Now add the following line to the file.

0 12 * * 1 /usr/bin/certbot renew --quiet

The above Cron job will run the Certbot client every Monday on 12:00. If the certificates are due for expiry, it will automatically renew them.

Conclusion

And that's it! You should now have a fully functional cloud storage on Alibaba Cloud ECS with NextCloud. In my tutorial, I described in detail the necessary steps to set up NextCloud on CentOS 7.4. I have also provided several configuration options for you, so that you can optimize the installation for your applications. If you're looking to build a robust and enterprise-grade solution, I recommend you to perform the previous installations with Alibaba Cloud products, such as the Alibaba Cloud SSL Certificates Service and ApsaraDB for RDS.

相关实践学习
借助OSS搭建在线教育视频课程分享网站
本教程介绍如何基于云服务器ECS和对象存储OSS,搭建一个在线教育视频课程分享网站。
7天玩转云服务器
云服务器ECS(Elastic Compute Service)是一种弹性可伸缩的计算服务,可降低 IT 成本,提升运维效率。本课程手把手带你了解ECS、掌握基本操作、动手实操快照管理、镜像管理等。了解产品详情: https://www.aliyun.com/product/ecs
目录
相关文章
|
8天前
|
Linux Shell Python
centos执行pip3 install etcd3报错
centos执行pip3 install etcd3报错
|
2月前
|
存储 安全 Linux
新 CentOS 7 服务器的基本配置
新 CentOS 7 服务器的基本配置
42 1
|
2月前
|
运维 网络协议 Linux
揭秘CentOS 7:系统目录奥秘大起底,网卡配置秒变高手,让你的服务器管理飞一般的感觉!
【8月更文挑战第5天】CentOS 7作为RHEL的社区版本,以其稳定性和丰富功能广受好评。本文通过案例分析介绍其系统目录结构及网卡配置方法。系统目录如/(根)、/bin(基本命令)、/boot(启动文件)、/dev(设备文件)、/etc(配置文件)、/home(用户目录)和/lib(共享库)等各司其职。网卡配置通过编辑/etc/sysconfig/network-scripts/下的ifcfg文件实现,如设置ens33接口的静态IP地址、子网掩码、网关和DNS服务器,并通过重启网络服务使配置生效。这是系统管理员必备的技能之一。
48 2
|
2月前
|
微服务
【Azure Cloud Services】云服务频繁发生服务器崩溃的排查方案
【Azure Cloud Services】云服务频繁发生服务器崩溃的排查方案
|
2月前
|
网络协议 Linux Shell
如何在运行Centos 6的虚拟服务器上安装cPanel
如何在运行Centos 6的虚拟服务器上安装cPanel
24 0
|
2月前
|
关系型数据库 MySQL Linux
在 CentOS 7 服务器上安装和保护 phpMyAdmin 与 Apache 的方法
在 CentOS 7 服务器上安装和保护 phpMyAdmin 与 Apache 的方法
45 0
|
2月前
|
Linux 数据安全/隐私保护
在CentOS 7服务器上添加和删除用户的方法
在CentOS 7服务器上添加和删除用户的方法
45 0
|
3月前
|
弹性计算 安全 Ubuntu
新手3分钟1Panel安装教程,使用阿里云服务器CentOS操作系统
在阿里云CentOS 7.9服务器上安装1Panel面板,包括远程连接ECS、执行安装命令、设置安装目录(默认/opt)、开启20410端口、配置安全入口和用户密码。记得在阿里云安全组中开放20410端口以访问面板。
新手3分钟1Panel安装教程,使用阿里云服务器CentOS操作系统
|
4月前
|
弹性计算 安全 Cloud Native
Alibaba Cloud Linux镜像系统超好用!兼容CentOS生态,性能稳定性绝对可以!
Alibaba Cloud Linux是阿里云的自研Linux发行版,兼容CentOS/RHEL,提供长期免费支持。它针对云服务器ECS优化,适用于多种场景,如Web服务、云原生应用等。Alibaba Cloud Linux 3基于Anolis OS 8,提供安全、高性能、十年维护及丰富的开源生态。用户可在ECS购买时选择镜像安装,支持多架构并提供热补丁、解决方案和快速启动版。更换ECS操作系统是免费的。
431 5
|
3月前
|
关系型数据库 MySQL Linux
Linux部署实战前言,MySQL在CentOS安装【单机软件】,MySQL的安装需要root权限,yum install mysql,systemctl enable mysqld开机自启的意思
Linux部署实战前言,MySQL在CentOS安装【单机软件】,MySQL的安装需要root权限,yum install mysql,systemctl enable mysqld开机自启的意思
下一篇
无影云桌面