How to install NextCloud 18 server on CentOS 8.x and 7.x

NextCloud CentOS Logo

NextCloud is a Dropbox-like solution for self-hosted file sharing and syncing. Installing NextCloud 18 on CentOS is quite simple. Whether you want to backup, have file-syncing or just have a Google Calendar alternative, this guide is for you.

What is NextCloud? Is it like a “cloud”?

cloud computing

If you stumbled here by chance and don’t know what NextCloud is, here is an article explaining its principal features and advantages/disadvantages. In this other article you can find NextCloud 18 new features. To tell you the truth, NextCloud is a SaaS cloud, if you want to know more about cloud types you can read this article.

In this article we will cover the installation of the server (not the client).

What’s the newest version?

The newest version of this tutorial is the following:

Looking for an earlier version of this tutorial?

Step1: Install software

Important
I take NO responsibility of what you do with your machine; use this tutorial as a guide and remember you can possibly cause data loss if you touch things carelessly.

The first step in order to install NextCloud 18 is to install a web server and PHP.

CentOS 7CentOS 8

Since CentOS 7 ships with PHP 5.4 by default but NextCloud 18 requires at least PHP 7 we’ll also be installing PHP 7 from a third-party repository. The following procedure will install apache as webserver. Input the commands one by one to avoid errors!

If you’d rather use PHP 7.3, you can follow this tutorial: how to install PHP 7.3 on CentOS 7. PHP 7.3 isn’t yet available in this repository.

Warning!
If you decided to use PHP 7.3 rather than PHP 7.2 using the past tutorial, replace each instance of php72w with php73w in all the successive commands.

Open a terminal and input the following commands:

# yum install epel-release
# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
# yum install httpd php72w php72w-dom php72w-mbstring php72w-gd php72w-pdo php72w-json php72w-xml php72w-zip php72w-curl php72w-pear php72w-intl setroubleshoot-server bzip2 php72w-pecl-imagick
Info
This guide won’t help you install ImageMagick. NextCloud needs ImageMagick to generate image previews (it should still work, albeit not for SVGs). In CentOS 8 ImageMagick has been replaced by GraphicMagick, a fork of the former. Unfortunately, NextCloud is unable to use GraphicMagick and still needs ImageMagick. I have tried different ways to make it work and the only reliable way is to compile ImageMagick from source and install the pecl extension. Since I found it to be a cumbersome process that will someday be obsolete I have decided not to include it in this guide.

Open a terminal and input the following commands:

# yum install epel-release
# yum install httpd php php-dom php-mbstring php-gd php-pdo php-json php-xml php-zip php-curl php-pear php-intl php-pecl setroubleshoot-server bzip2

Step 2: Database selection

Now that you got the software, you need to choose a database that will support the installation. You have three choices:

  • SQLite: is a single-file database. It is suggested only for small installations since it will slow NextCloud down sensibly.
  • MariaDB/MySQL: are popular open source databases especially amongst web developers. It is the suggested choice.
  • PostgreSQL: a popular enterprise-class database. More complicated than MySQL/MariaDB.

Now, this choice won’t really alter the functionality of NextCloud (except if you use SQLite), so pick whatever you know best. If you’re unsure pick MariaDB/MySQL.

SQLiteCentOS 7 MySQL/MariaDBCentOS 8 MySQL/MariaDBCentOS 7 PostgreSQLCentOS 8 PostgreSQL

No additional steps are required if you choose SQLite.

Install the software:

# yum install mariadb-server php72w-mysql

Start (and enable at boot) the service:

# systemctl start mariadb
# systemctl enable mariadb

Next step is to configure the database management system. During the configuration you will be prompted to choose a root password, pick a strong one.

# mysql_secure_installation

Now you need to enter the database (you will be asked the password you just set):

$ mysql -u root -p

Now that you are in create a database:

CREATE DATABASE nextcloud;

Now you need to create the user that will be used to connect to the database:

CREATE USER 'nc_user'@'localhost' IDENTIFIED BY 'YOUR_PASSWORD_HERE';

The last step is to grant the privileges to the new user:

GRANT ALL PRIVILEGES ON nextcloud.* TO 'nc_user'@'localhost';
FLUSH PRIVILEGES;

When you’re done type Ctrl-D to exit.

Install the software:

# yum install mariadb-server php-mysqlnd

Start (and enable at boot) the service:

# systemctl start mariadb
# systemctl enable mariadb

Next step is to configure the database management system. During the configuration you will be prompted to choose a root password, pick a strong one.

# mysql_secure_installation

Now you need to enter the database (you will be asked the password you just set):

$ mysql -u root -p

Now that you are in create a database:

CREATE DATABASE nextcloud;

Now you need to create the user that will be used to connect to the database:

CREATE USER 'nc_user'@'localhost' IDENTIFIED BY 'YOUR_PASSWORD_HERE';

The last step is to grant the privileges to the new user:

GRANT ALL PRIVILEGES ON nextcloud.* TO 'nc_user'@'localhost';
FLUSH PRIVILEGES;

When you’re done type Ctrl-D to exit.

Install the software:

# yum install postgresql postgresql-server php72w-pgsql

Run the setup:

# postgresql-setup initdb

Start (and enable at boot) the service:

# systemctl start postgresql
# systemctl enable postgresql

Now you need to enter the database:

$ sudo -u postgres psql

Now that you are in create a database:

CREATE DATABASE nextcloud;

Now you need to create the user that will be used to connect to the database:

CREATE USER nc_user WITH PASSWORD 'YOUR_PASSWORD_HERE';

The last step is to grant the privileges to the new user:

GRANT ALL PRIVILEGES ON DATABASE nextcloud to nc_user;

When you’re done type \q and press enter to exit.

Warning!
You may experience difficulties in authenticating NextCloud with PostgreSQL since the local authentication method is set to ident by default. If you want to change it keep reading.

The configuration file for PostgreSQL is a file located in /var/lib/pgsql/data/pg_hba.conf . Open it with your favourite editor and look for the marked line (line 5):

# TYPE  DATABASE        USER            ADDRESS                 METHOD
# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            ident
# IPv6 local connections:
host    all             all             ::1/128                 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     postgres                                peer
#host    replication     postgres        127.0.0.1/32            ident
#host    replication     postgres        ::1/128                 ident

Replace ident with md5 on that line and restart PostgreSQL:

# systemctl restart postgresql

Install the software:

# yum install postgresql postgresql-server php-pgsql

Run the setup:

# postgresql-setup initdb

Start (and enable at boot) the service:

# systemctl start postgresql
# systemctl enable postgresql

Now you need to enter the database:

$ sudo -u postgres psql

Now that you are in create a database:

CREATE DATABASE nextcloud;

Now you need to create the user that will be used to connect to the database:

CREATE USER nc_user WITH PASSWORD 'YOUR_PASSWORD_HERE';

The last step is to grant the privileges to the new user:

GRANT ALL PRIVILEGES ON DATABASE nextcloud to nc_user;

When you’re done type \q and press enter to exit.

Warning!
You may experience difficulties in authenticating NextCloud with PostgreSQL since the local authentication method is set to ident by default. If you want to change it keep reading.

The configuration file for PostgreSQL is a file located in /var/lib/pgsql/data/pg_hba.conf . Open it with your favourite editor and look for the marked line (line 5):

# TYPE  DATABASE        USER            ADDRESS                 METHOD
# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            ident
# IPv6 local connections:
host    all             all             ::1/128                 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     postgres                                peer
#host    replication     postgres        127.0.0.1/32            ident
#host    replication     postgres        ::1/128                 ident

Replace ident with md5 on that line and restart PostgreSQL:

# systemctl restart postgresql

Step 3: Install NextCloud

This step involves getting the software and configure Apache to run it.

CentOS 7/8

With these step we download the software and extract it:

# cd /var/www/html
# curl -o nextcloud-18-latest.tar.bz2 https://download.nextcloud.com/server/releases/latest-18.tar.bz2
# tar -xvjf nextcloud-18-latest.tar.bz2
# mkdir nextcloud/data
# chown -R apache:apache nextcloud
# rm nextcloud-18-latest.tar.bz2

Now we need to create a new file in /etc/httpd/conf.d/nextcloud.conf . Feel free to use whatever editor you feel comfortable with and add the following lines:

Alias /nextcloud "/var/www/html/nextcloud/"

<Directory /var/www/html/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/html/nextcloud
 SetEnv HTTP_HOME /var/www/html/nextcloud

</Directory>

Step 4: Setting Apache and SELinux

In this step we’ll start (and enable) the webserver and we’ll set SELinux up. Now, many tutorials will tell you to disable SELinux (because it is a difficult component to manage). Instead, I suggest you to keep it on and add the rules for NextCloud:

CentOS 7/8
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?' # semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess' # semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini' # restorecon -Rv '/var/www/html/nextcloud/'

If you decided to use a Mariadb/MySQL/PostgreSQL, you also need to allow apache to access it:

# setsebool -P httpd_can_network_connect_db 1

In case you chose PostgreSQL you also need to enable httpd_execmem (I’m still investigating why this is needed):

# setsebool -P httpd_execmem 1

Another important thing to do is to raise PHP’s memory limit:

# sed -i '/^memory_limit =/s/=.*/= 512M/' /etc/php.ini

Now that you’ve configured SELinux let’s start and enable Apache:

# systemctl start httpd
# systemctl enable httpd

Step 5: Configuring firewall

This step is essential when your firewall is enabled. If your firewall is enabled you won’t be able to access your NextCloud 18 instance; on the other hand if it isn’t enabled you shouldn’t have any problems and you can simply skip this step. 

Tip!
Keep in mind having a firewall enabled is a good security practice and you should already have one enabled.

In order for the firewall to work, it must be enabled. This guide will not include this part. When you enable a firewall many things can go wrong, e.g. you’re using SSH, you enable the firewall and your connection is cut and can’t connect otherwise, hence you should carefully review the documentation from your distribution.

To open the ports needed by NextCloud 18 follow these steps:

FirewallDIPtables

FirewallD is a newer firewall used to simplify firewall management. If you’re using it you can simply do:

# firewall-cmd --add-service http --permanent
# firewall-cmd --add-service https --permanent
# firewall-cmd --reload

IPtables is an older firewall (still widely used), if you have disabled firewallD you can use IPtables directly.

# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

Step 6: Install

Once you’re done, it’s time to install everything. Head to http://YOUR_IP_ADDRESS/nextcloud/ and you will be facing the following screen:

NextCloud 18 installation screen
NextCloud 18 installation

Select an administrator username and password. Then click on “Storage & Database“, here you can select the data folder, but if you don’t know what you’re doing it’s best if you leave it with the default value. Then select the database you chose during step 2. Fill everything and if you’ve followed all the steps correctly you should be seeing the following screen, after a short while you will be redirected to the second screen:

NextCloud 18 during the installation of apps
NextCloud 18 installing apps
NextCloud 18 Files app
NextCloud 18 Files app

Step 7: Enable Caching (suggested)

NextCloud is good but it can be very slow if you don’t configure a caching solution. There are two caching solutions covered in this guide:

  • PHP OPcache: a PHP inbuilt cache solution that speeds up scripts execution.
  • Redis server: a fast in-memory key-value store that speeds up everything in NextCloud.

Enabling OPcache

CentOS 7/8

Open a terminal and input the following commands:

# yum install php-opcache

Now you need to edit a file located at /etc/php.d/10-opcache.ini . With your favorite editor, edit the file and make it look like this:

; Enable Zend OPcache extension module
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

These values are suggested by NextCloud, but you’re free to tweak them to suit your needs. Once you’re done you can restart apache:

# systemctl restart httpd

Installing and configuring Redis

CentOS 7CentOS 8

Open a terminal and input the following commands:

# yum install redis php72w-pecl-redis

Now you must configure NextCloud to use Redis. To do so you need to edit the NextCloud configuration file located at /var/www/html/nextcloud/config/config.php . The file will look like this, add the highlighted lines:

<?php
$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' =>
  array (
    0 => 'YOUR_IP',
  ),
  'datadirectory' => '/var/www/html/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '15.0.0.10',
  'overwrite.cli.url' => 'http://YOUR_IP/nextcloud',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nc_user',
  'dbpassword' => 'YOUR_PASSWORD_HERE',
  'installed' => true,
  'memcache.locking' => '\OC\Memcache\Redis',
  'memcache.distributed' => '\OC\Memcache\Redis',
  'memcache.local' => '\OC\Memcache\Redis',
  'redis' => [
    'host' => 'localhost',
    'port' => 6379,
    'timeout' => 3,
  ],
);

These settings will enable NextCloud to use Redis for caching and file locks. Of course these settings are just an example, you can tweak them to suit your needs.

Now you need to modify (for some reason) the Redis port SELinux label in order to enable Apache to access Redis:

# semanage port -m -t http_port_t -p tcp 6379

Lastly, enable and start Redis and restart the webserver:

# systemctl start redis
# systemctl enable redis
# systemctl restart httpd

Open a terminal and input the following commands:

# yum install redis

Now you must configure NextCloud to use Redis. To do so you need to edit the NextCloud configuration file located at /var/www/html/nextcloud/config/config.php . The file will look like this, add the highlighted lines:

<?php
$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' =>
  array (
    0 => 'YOUR_IP',
  ),
  'datadirectory' => '/var/www/html/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '15.0.0.10',
  'overwrite.cli.url' => 'http://YOUR_IP/nextcloud',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nc_user',
  'dbpassword' => 'YOUR_PASSWORD_HERE',
  'installed' => true,
  'memcache.locking' => '\OC\Memcache\Redis',
  'memcache.distributed' => '\OC\Memcache\Redis',
  'memcache.local' => '\OC\Memcache\Redis',
  'redis' => [
    'host' => 'localhost',
    'port' => 6379,
    'timeout' => 3,
  ],
);

These settings will enable NextCloud to use Redis for caching and file locks. Of course these settings are just an example, you can tweak them to suit your needs.

Lastly, enable and start Redis and restart the webserver:

# systemctl enable --now redis
# systemctl restart httpd php-fpm

Step 8: Expose NextCloud to Internet (optional)

Important
Hosting applications available to the Internet is potentially dangerous. In order to keep your applications safe you need to be proficient in system security and to follow security best practices.

Most people will want to access their files from whatever location they are. To do so, your newly created NextCloud instance needs to be connected to the Internet.

Given that you need to take care of port-forwarding (if you’re a home user) and domain configuration (which varies according to your provider), here you can find the instructions to create a virtual host with Apache.

CentOS 7/8

Using your favorite text editor, edit the file we created previously at /etc/httpd/conf.d/nextcloud.conf . And make it look like this:

<VirtualHost *:80>
  ServerName YOURDOMAIN.TLD
  ServerAdmin [email protected]
  DocumentRoot /var/www/html/nextcloud

  <directory /var/www/html/nextcloud>
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews
    SetEnv HOME /var/www/html/nextcloud
    SetEnv HTTP_HOME /var/www/html/nextcloud
  </directory>
</VirtualHost>

It is important to set ServerName according to a domain you own and have configured correctly. Now you need to add YOURDOMAIN.TLD to the trusted domains in the NextCloud config file. You can do so with the following command:

$ sudo -u apache php /var/www/html/nextcloud/occ config:system:set trusted_domains 2 --value=YOURDOMAIN.TLD

Once you complete this step you won’t be able to access NextCloud through http://YOUR_IP_ADDRESS/nextcloud anymore. Instead you will be able to access it through http://YOURDOMAIN.TLD (notice /nextcloud is gone).

Lastly, restart the webserver:

# systemctl restart httpd

Step 9: Get a free SSL certificate with Let’s Encrypt! (SUGGESTED!

Now that you have your NextCloud instance up and running you’re good to go, but beware: you’re not safe. Internet is a dangerous place for your data and you will most likely need an SSL certificate to ensure your communications are encrypted. Provided you own a domain name you can get one for free using Let’s Encrypt! No catches, free forever.

Warning!
Let’s Encrypt has rate limits in place to prevent inappropriate usage of the CA. There’s a limit on the numbers of attempts you can do before getting a temporary ban. During this setup, if things go wrong, I suggest you to use the –staging option to avoid the temporary ban. The –staging option will use a testing server and will not issue valid certificates. When you have completed the procedure against the test server successfully, you can remove the –staging option to obtain the real certificate.
CentOS 7CentOS 8

Open a terminal and input the following commands:

# yum install certbot certbot-apache

Now you will run the command to install a certificate, follow the procedure and you will get everything configured out of the box:

$ sudo certbot --apache

Lastly, restart the webserver:

# systemctl restart httpd

If you need further help you can follow my other tutorial on Let’s Encrypt on CentOS (the apache part).

Open a terminal and input the following commands:

# wget https://dl.eff.org/certbot-auto
# mv certbot-auto /usr/local/bin/certbot-auto
# chown root /usr/local/bin/certbot-auto
# chmod 0755 /usr/local/bin/certbot-auto

Now you will run the command to install a certificate, follow the procedure and you will get everything configured out of the box:

$ sudo /usr/local/bin/certbot-auto --apache

Lastly, restart the webserver:

# systemctl restart httpd

Run the following part to set up automatic renewal through cron:

$ echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null
Image courtesy of mark | marksei
mark

You may also like...

7 Responses

  1. Fahmi says:

    Hello, Thanks for the tutoriel. However i steel have an error message while trying to open a docx file with OnlyOffice:

    Community document server is not supported for this instance, please setup and configure an external document server

    can’t execute x2t binary, ensure php can execute binaries in the app folder

  2. Andrea Giuliani says:

    Hi, thanks for the good job. After i installed redis i received Internal Server Error.But If i remove memcache line it woks. May you help me?

  3. greavette says:

    Hello and thank you for these instructions.

    I’d like to install ldap on my Nextcloud 18 (CentOS 7). Would you be able to provide the necessary installation steps I would need to execute in order to be able to enable the ldap app in Nextcloud 18?

    Thank you.

    • greavette says:

      Hello,

      To be clear, I already have a domain setup on my lan. I want to be able to connect Nextcloud to my domain but the LDAP app on Nextcloud is disabled (greyed out). What would I need to install on CentOS 7 to enable this app on Nextcloud?

      Thank you.

      • mark says:

        Hello greavette, as you have the directory up and running you have the most difficult point behind you, the reason you’re not allowed to enable the LDAP extension is probably because you’re missing the php-ldap package.

        • greavette says:

          Thanks very much Mark for your reply. Very much appreciate you responding.

          Would you be able to assist with what the command is to install php-ldap? I’m struggling to find the right command to use to install what I need for CentOS servers? I found posts related to the command needed for Ubuntu…but I’ve not found the right yum install command for CentOS 7.

          Thank you.

          • greavette says:

            I think I found it!

            yum install php72w-ldap.x86_64

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: