How to install NextCloud 14 server on CentOS 7.x

NextCloud CentOS Logo

NextCloud is a Dropbox-like solution for self-hosted file sharing and syncing. Installing NextCloud 14 on CentOS is quite simple. Whether you want to backup, have file-syncing or just have a Google Calendar alternative, this guide is for you.

What is NextCloud? Is it like a “cloud”?

If you stumbled here by chance and don’t know what NextCloud is, here is an article explaining its principal features and advantages/disadvantages. In this other article you can find NextCloud 14 new features. To tell you the truth, NextCloud is a SaaS cloud, if you want to know more about cloud types you can read this article.

In this article we will cover the installation of the server (not the client).

Looking for an earlier version of this tutorial?

Step1: Install software

Important
I take absolutely NO responsibility of what you do with your machine; use this tutorial as a guide and remember you can possibly cause data loss if you touch things carelessly.

The first step in order to install NextCloud 14 is to install a web server and PHP. Since CentOS 7 ships with PHP 5.4 by default but NextCloud 14 requires at least PHP 7 we’ll also be installing PHP 7 from a third-party repository. The following procedure will install apache as webserver. Input the commands one by one to avoid errors!

CentOS 7

If you’d rather use PHP 7.1, you can follow this tutorial: how to install PHP 7.1 on CentOS 7.

Warning!
If you decided to use PHP 7.1 rather than PHP 7.0 using the past tutorial, replace each instance of php70w with php71w in all the successive commands.

Open a terminal and input the following commands:

# yum install epel-release
# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
# yum install httpd php70w php70w-dom php70w-mbstring php70w-gd php70w-pdo php70w-json php70w-xml php70w-zip php70w-curl php70w-mcrypt php70w-pear setroubleshoot-server bzip2

Step 2: Database selection

Now that you got the software, you need to choose a database that will support the installation. You have three choices:

  • SQLite: is a single-file database. It is suggested only for small installations since it will slow NextCloud down sensibly.
  • MariaDB/MySQL: are popular open source databases especially amongst web developers. It is the suggested choice.
  • PostgreSQL: a popular enterprise-class database. More complicated than MySQL/MariaDB.

Now, this choice won’t really alter the functionality of NextCloud (except if you use SQLite), so pick whatever you know best. If you’re unsure pick MariaDB/MySQL.

SQLiteMySQL/MariaDBPostgreSQL

No additional steps are required if you choose SQLite.

Install the software:

# yum install mariadb-server php70w-mysql

Start (and enable at boot) the service:

# systemctl start mariadb
# systemctl enable mariadb

Next step is to configure the database management system. During the configuration you will be prompted to choose a root password, pick a strong one.

# mysql_secure_installation

Now you need to enter the database (you will be asked the password you just set):

$ mysql -u root -p

Now that you are in create a database:

CREATE DATABASE nextcloud;

Now you need to create the user that will be used to connect to the database:

CREATE USER 'nc_user'@'localhost' IDENTIFIED BY 'YOUR_PASSWORD_HERE';

The last step is to grant the privileges to the new user:

GRANT ALL PRIVILEGES ON nextcloud.* TO 'nc_user'@'localhost';
FLUSH PRIVILEGES;

When you’re done type Ctrl-D to exit.

Install the software:

# yum install postgresql postgresql-server php70w-pgsql

Run the setup:

# postgresql-setup initdb

Start (and enable at boot) the service:

# systemctl start postgresql
# systemctl enable postgresql

Now you need to enter the database:

$ sudo -u postgres psql

Now that you are in create a database:

CREATE DATABASE nextcloud;

Now you need to create the user that will be used to connect to the database:

CREATE USER nc_user WITH PASSWORD 'YOUR_PASSWORD_HERE';

The last step is to grant the privileges to the new user:

GRANT ALL PRIVILEGES ON DATABASE nextcloud to nc_user;

When you’re done type \q and press enter to exit.

Warning: You may experience difficulties in authenticating NextCloud with PostgreSQL since the local authentication method is set to ident by default. If you want to change it keep reading.

The configuration file for PostgreSQL is a file located in /var/lib/pgsql/data/pg_hba.conf . Open it with your favourite editor and look for the marked line:

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            ident
# IPv6 local connections:
host    all             all             ::1/128                 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     postgres                                peer
#host    replication     postgres        127.0.0.1/32            ident
#host    replication     postgres        ::1/128                 ident

Replace ident with md5 on that line and restart PostgreSQL:

# systemctl restart postgresql

Step 3: Install NextCloud

This step involves getting the software and configure Apache to run it.

CentOS 7

With these step we download the software and extract it:

# cd /var/www/html
# curl -o nextcloud-14-latest.tar.bz2 https://download.nextcloud.com/server/releases/latest-14.tar.bz2
# tar -xvjf nextcloud-14-latest.tar.bz2
# mkdir nextcloud/data
# chown -R apache:apache nextcloud
# rm nextcloud-14-latest.tar.bz2

Now we need to create a new file in /etc/httpd/conf.d/nextcloud.conf . Feel free to use whatever editor you feel comfortable with and add the following lines:

Alias /nextcloud "/var/www/html/nextcloud/"

<Directory /var/www/html/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/html/nextcloud
 SetEnv HTTP_HOME /var/www/html/nextcloud

</Directory>

Step 4: Setting Apache and SELinux

In this step we’ll start (and enable) the webserver and we’ll set SELinux up. Now, many tutorials will tell you to disable SELinux (because it is a difficult component to manage). Instead, I suggest you to keep it on and add the rules for NextCloud:

# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini'
# restorecon -Rv '/var/www/html/nextcloud/'

If you decided to use a Mariadb/MySQL/PostgreSQL, you also need to allow apache to access it:

# setsebool -P httpd_can_network_connect_db 1

Now that you’ve configured SELinux let’s start and enable Apache:

CentOS 7

Start (and enable at boot) the service:

# systemctl start httpd
# systemctl enable httpd

Step 5: Configuring firewall

This step is essential when your firewall is enabled. If your firewall is enabled you won’t be able to access your NextCloud 14 instance; on the other hand if it isn’t enabled you shouldn’t have any problems and you can simply skip this step. 

Tip!
Keep in mind having a firewall enabled is a good security practice and you should already have one enabled.

In order for the firewall to work, it must be enabled. This guide will not include this part. When you enable a firewall many things can go wrong, e.g. you’re using SSH, you enable the firewall and your connection is cut and can’t connect otherwise, hence you should carefully review the documentation from your distribution.

To open the ports needed by NextCloud 14 follow these steps:

FirewallDIPtables

FirewallD is a newer firewall used to simplify firewall management. If you’re using it you can simply do:

# firewall-cmd --add-service http --permanent
# firewall-cmd --add-service https --permanent
# firewall-cmd --reload

IPtables is an older firewall (still widely used), if you have disabled firewallD you can use IPtables directly.

# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

Step 6: Install

Once you’re done, it’s time to install everything. Head to http://YOUR_IP_ADDRESS/nextcloud/ and you will be facing the following screen:

NextCloud 14 Installation

NextCloud 14 Installation

Select an administrator username and password. Then click on “Storage & Database“, here you can select the data folder, but if you don’t know what you’re doing it’s best if you leave it with the default value. Then select the database you chose during step 2. Fill everything and if you’ve followed all the steps correctly you should be seeing the following screen:
NextCloud 14 welcome screen

NextCloud 14 Installation

Image courtesy of mark | marksei
mark

You may also like...

7 Responses

  1. Pepo Rios says:

    Hi Mark… Thank you for sharing, please friend its very dificult install nextcluud 14 with nginx and postgres?

  2. Joe says:

    Hi Mark thanks for a great tutorial, however its missing a very important and required step.
    SSL Installation. I dont really know much about it and would love to see tutorial for NextCloud 14 CentOS7 with LetsEncrypt SSL installation and automatic renewal.

    Could you please provide a tutorial for it. I can’t imagine using this installation on open unsecured HTTP connection.

    Thanks

    • mark says:

      Hello Joe I completely agree with you, I wouldn’t expose a NC installation (or whatever site) without SSL at all, especially now that LE gives SSL away for free, to the Internet. I’ve been trying to integrate a LE/SSL tutorial with my NC tutorial series for a long time but I still haven’t found a nice way to integrate it without compromising on the usability of this guide. It will surely come out at some point, in the meanwhile I’ve got a tutorial on setting up Let’s Encrypt! on CentOS be sure to check it out! : )

      • Joe says:

        Hi Mark thank you for all your great work, tutorials are fantastic and easy to follow and thank you for your feedback on SSL issue, and looking forward to some solution that will work perfectly with your tutorials.
        I looked into LE SSL but due to the fact that is valid for only 90 Days i would like to stick with 2 other options.
        here is a request for
        1. Self Generated SSL Cert tutorial on Centos 7 that would work with NextCloud
        2. Commercial Validated SSL for NextCloud

        i am capable to get 2 years commercial ssl for a decent price. So that would work for me :) as long as they would work with NextCloud.
        I would like to deploy it and have it secured asap :)

        p.s.
        is there a Fail2Ban tut? i would like to protect DB ports SSH and NextCloud Login.

        Great work !

        • mark says:

          Hello Joe, thank you for your appreciation. You shouldn’t worry about the 90-day expiration period on LE certificates, if you configure the certificate for automatic renewal it will literally automatically-renew for another 90 days about 14 days before the actual expiration. This process will work every time and should be considered a valid (and more reliable) alternative to commercial SSL. When a standard SSL certificate expires, you will have to install the new one or your visitors will encounter problems. With LE and Certbot this isn’t the case anymore since the certificates are renewed automatically. If you were to approach a certificate expiration, LE will also send you an email to warn you, and that’s pretty useful.

          Self-signed certificates should be avoided for any production deployment, unless you’re the only user. Whatever SSL certificate will work with whatever web application, including NC, so long they’re well coded. SSL actually is more of a web-server thing rather than a web app one.

          You shouldn’t expose the DB port to the Internet, unless you have some very specific requirements. You should use Unix sockets or hide the DB port in a private non-Internet-accessible network.

          I don’t currently have a Fail2Ban-only tutorial, but you can actually check this tutorial: Change SSH port on CentOS 7. This tutorial includes a fail2ban section that you can easily adapt for port 22 (in case you don’t want to change your port).

  3. Andres Sierra says:

    Hi, after upgrading to 14.03 y had to install php70w-intl to get rid of errors in nextcloud log like “You are using a fallback implementation of the intl extension. Installing the native one is highly recommended instead.”

    I have a similar setup to yours. Just wanted to advice just in case. Truth is maybe some app I’ve installed forced this error.

    I checked documentation and php.intl is required.

    Regards

    • mark says:

      Hello Andres, php-intl is indeed recommended, will update my guide(s) as soon as possible. What you’re experiencing is not caused by some other app, but by NextCloud itself that expects to be able to use the library. Can’t yet figure how I missed this one. Thank you for your help : )

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: