(Nextcloud server installation) |
|||
(One intermediate revision by the same user not shown) | |||
Line 7: | Line 7: | ||
===Configuration of self generated SSL certificate=== | ===Configuration of self generated SSL certificate=== | ||
to encrypt communications between clients and host you need an encryption certificate | |||
# dnf install crypto-utils | # dnf install crypto-utils | ||
Line 24: | Line 24: | ||
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key | SSLCertificateKeyFile /etc/pki/tls/private/hostname.key | ||
To force SSL usage in server Nextcloud follow Apache documentation about Virtual Hosts. A "Let's Encrypt" certificate is highly recommended instead of a self generated SSL certificate | To force SSL usage in server Nextcloud follow Apache documentation about Virtual Hosts. '''A "Let's Encrypt" certificate is highly recommended instead of a self generated SSL certificate'''. | ||
Also read [https://docs.nextcloud.com/server/10/admin_manual/configuration_server/harden_server.html Nextcloud server hardening guide] | Also read [https://docs.nextcloud.com/server/10/admin_manual/configuration_server/harden_server.html Nextcloud server hardening guide] | ||
===Installation MariaDB/MySQL=== | ===Installation MariaDB/MySQL=== |
Latest revision as of 08:40, 17 March 2017
Introduction
Nextcloud is a software that permits users to create a personal cloud system
Installation
To install Nextcloud, run:
# dnf install nextcloud
Configuration of self generated SSL certificate
to encrypt communications between clients and host you need an encryption certificate
# dnf install crypto-utils
# genkey hostname
Answer no to question "Would you like to send a Certificate Request (CSR) to a Certificate Authority (CA)?"
To let httpd service using SSL, the following dependencies need to be installed
# dnf install mod_ssl openssl
and edit
/etc/httpd/conf.d/ssl.conf
adding to the bottom
SSLCertificateFile /etc/pki/tls/certs/hostname.crt SSLCertificateKeyFile /etc/pki/tls/private/hostname.key
To force SSL usage in server Nextcloud follow Apache documentation about Virtual Hosts. A "Let's Encrypt" certificate is highly recommended instead of a self generated SSL certificate. Also read Nextcloud server hardening guide
Installation MariaDB/MySQL
# dnf install mariadb-server # systemctl enable --now mariadb $ mysql_secure_installation
when you will be prompted for root password, simply press Enter without writing anything. Answer yes to the question about creating a root user, then enter a password. Now you have to create an user and the database for Nextcloud usage
$ mysql -u root -p CREATE USER 'username'@'localhost' IDENTIFIED BY 'password'; CREATE DATABASE IF NOT EXISTS nextcloud; GRANT ALL PRIVILEGES ON nextcloud.* TO 'username'@'localhost' IDENTIFIED BY 'password'; FLUSH PRIVILEGES; quit
taking care of replacing username with the proper username. A good candidate could be nextcloud_user. Do not forget to insert datas into symbols. In case password contain symbols, be careful because certain characters could be interpreted as escape chars (like />). In that case the procedure will look to be ended flawlessly, but next time you will try to authenticate you will get authentication errors in connecting to the DB.
Nextcloud server initialization
# cd /usr/share/nextcloud/ # sudo -u apache php occ maintenance:install --data-dir /var/lib/nextcloud/data/ --database "mysql" --database-name "nextcloud" --database-user "nextcloud" --database-pass "database_password" --admin-user "nextcloud_admin" --admin-pass "nextcloud_admin_password"
Firewall configuration
# firewall-cmd --list-all-zones | grep active
In our case
public (default, active)
so we will use public zone and following commands to enable http e https services access
# firewall-cmd --permanent --zone=public --add-service=http # firewall-cmd --permanent --zone=public --add-service=https # firewall-cmd --reload
Grant access to remote hosts
To let Nextcloud be reached from remote hosts, you have to edit
# /etc/nextcloud/config.php
adding server IP address in 'trusted_domains' section. Finally run
# ln -s /etc/httpd/conf.d/nextcloud-access.conf.avail /etc/httpd/conf.d/z-nextcloud-access.conf