From Fedora Project Wiki

(Nextcloud server installation)
 
Line 7: Line 7:


===Configuration of self generated SSL certificate===
===Configuration of self generated SSL certificate===
affinché le comunicazioni tra host e server siano crittografate, occorre generare una chiave ed un certificato
to encrypt communications between clients and host you need an encryption certificate


  # dnf install crypto-utils
  # dnf install crypto-utils
Line 26: Line 26:
To force SSL usage in server Nextcloud follow Apache documentation about Virtual Hosts. A "Let's Encrypt" certificate is highly recommended instead of a self generated SSL certificate
To force SSL usage in server Nextcloud follow Apache documentation about Virtual Hosts. A "Let's Encrypt" certificate is highly recommended instead of a self generated SSL certificate
Also read [https://docs.nextcloud.com/server/10/admin_manual/configuration_server/harden_server.html Nextcloud server hardening guide]
Also read [https://docs.nextcloud.com/server/10/admin_manual/configuration_server/harden_server.html Nextcloud server hardening guide]


===Installation MariaDB/MySQL===
===Installation MariaDB/MySQL===

Revision as of 08:39, 17 March 2017

Introduction

Nextcloud is a software that permits users to create a personal cloud system

Installation

To install Nextcloud, run:

# dnf install nextcloud

Configuration of self generated SSL certificate

to encrypt communications between clients and host you need an encryption certificate

# dnf install crypto-utils
# genkey hostname

Answer no to question "Would you like to send a Certificate Request (CSR) to a Certificate Authority (CA)?"

To let httpd service using SSL, the following dependencies need to be installed

# dnf install mod_ssl openssl

and edit

/etc/httpd/conf.d/ssl.conf

adding to the bottom

SSLCertificateFile /etc/pki/tls/certs/hostname.crt
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key

To force SSL usage in server Nextcloud follow Apache documentation about Virtual Hosts. A "Let's Encrypt" certificate is highly recommended instead of a self generated SSL certificate Also read Nextcloud server hardening guide

Installation MariaDB/MySQL

# dnf install mariadb-server
# systemctl enable --now mariadb
$ mysql_secure_installation

when you will be prompted for root password, simply press Enter without writing anything. Answer yes to the question about creating a root user, then enter a password. Now you have to create an user and the database for Nextcloud usage

$ mysql -u root -p
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS nextcloud;
GRANT ALL PRIVILEGES ON nextcloud.* TO 'username'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
quit

taking care of replacing username with the proper username. A good candidate could be nextcloud_user. Do not forget to insert datas into symbols. In case password contain symbols, be careful because certain characters could be interpreted as escape chars (like />). In that case the procedure will look to be ended flawlessly, but next time you will try to authenticate you will get authentication errors in connecting to the DB.

Nextcloud server initialization

# cd /usr/share/nextcloud/
# sudo -u apache php occ maintenance:install --data-dir /var/lib/nextcloud/data/ --database "mysql" --database-name "nextcloud"  --database-user "nextcloud" --database-pass "database_password" --admin-user "nextcloud_admin" --admin-pass "nextcloud_admin_password"

Firewall configuration

# firewall-cmd --list-all-zones | grep active

In our case

public (default, active)

so we will use public zone and following commands to enable http e https services access

# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# firewall-cmd --reload

Grant access to remote hosts

To let Nextcloud be reached from remote hosts, you have to edit

# /etc/nextcloud/config.php

adding server IP address in 'trusted_domains' section. Finally run

# ln -s /etc/httpd/conf.d/nextcloud-access.conf.avail /etc/httpd/conf.d/z-nextcloud-access.conf