Sunday, 28 July 2019

NextCloud on RHEL 8

Cloud Storage under your control

If you too are wary of storing your personal or corporate data on a public cloud under conditions over which you have no control, and if you have your own hardware and technical skills, consider Nextcloud, a software suite written in PHP that you can run on your own private servers to provide similar functionality as DropBox, Google Docs or Microsoft OneDrive.

It is open source software, licensed under the GNU Affero General Public License which guarantees that you can use, study, share and improve the software without any legal risks, so there is no cost if you are prepared to support it yourself, though the Nextcloud OEM offers Enterprise Subscriptions if you need additional features and access to technical expertise and capabilities from them.

The generic installation instructions are here, but to make life easier, here is a more specific guide to install Nextcloud on Redhat Enterprise Linux 8 and PostgreSQL, running on Apache.

Prerequisites

Conveniently, RHEL 8 provides all the prerequisites with the recommended versions straight out of the box. Install as root, or run with sudo, the instructions that follow.

PHP 7.2

Install the following PHP modules:
# dnf install -y php php-gd php-mbstring php-intl php-json \
php-zip php-process php-xml php-bz2 php-fileinfo php-intl php-pgsql
List the PHP modules that have been installed to check that all PHP prerequisites have been met:
# php -m
Note that you may come across instructions that include php-imagick, but this is no longer recommended for security reasons (though you could still install it manually if this is a deal-breaker).

Apache HTTP 2.4

If you haven't already installed and enabled Apache, do so now:
# dnf install -y httpd
# systemctl enable httpd
# systemctl start httpd
Open port 80 on the firewall:
# firewall-cmd --zone=public --add-service=http --permanent
# firewall-cmd --reload
HTTP is OK for basic installation purposes, but you must get a SSL certificate and use HTTPS on port 443 to secure the service in production.

Check that the Apache server has loaded all the required PHP modules by creating a file called 'phpinfo.php' under the Apache base directory '/var/www/html/' with the following content:
<?php
     phpinfo ();
?>
Browse to 'http://<your-server>/phpinfo.php' and admire your progress so far. Don't forget to delete it immediately after congratulating yourself. No point in giving miscreants more information than they need to know.

PostgreSQL 10.6

Nextcloud recommends MySQL or MariaDB, but PostgreSQL has enterprise-strength features that the other two do not provide, so use it instead:
# dnf install -y postgresql-server postgresql
Initialise the database:
# postgresql-setup --initdb
 * Initializing database in '/var/lib/pgsql/data'
 * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log
Start PostgreSQL and enable it to start after reboot:
# systemctl start postgresql
# systemctl enable postgresql
Check that it is running by listing processes listening to port 5432:
# lsof -i tcp:5432
COMMAND    PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
postmaste 6629 postgres    4u  IPv6  65975      0t0  TCP localhost:postgres (LISTEN)
postmaste 6629 postgres    5u  IPv4  65976      0t0  TCP localhost:postgres (LISTEN)
Set the password for the database administrator user postgres:
# su - postgres
$ psql
psql (10.6)
Type "help" for help.

postgres=# \password postgres
Enter new password: 
Enter it again: 
postgres=# \q
$ exit
logout
Configure PostgreSQL to listen for connections from the outside world by editing '/var/lib/pgsql/data/postgresql.conf' with your favourite text editor and set listen_addresses:
listen_addresses = '*'
Enable MD5-encrypted password authentication from localhost by editing '/var/lib/pgsql/data/pg_hba.conf' as follows:
# IPv4 local connections:
host all          all          127.0.0.1/32         md5
Now you should be able to connect to the database from any user on the server:
# psql -h localhost -U postgres
Password for user postgres: 
psql (10.6)
Type "help" for help.
Note that if you are unable to connect with 'psql -h localhost -U postgres', but 'psql -h 127.0.0.1 -U postgres' works okay, check that your '/etc/hosts' is correctly resolving 'localhost' to the local loopback address '127.0.0.1'  .

Install NextCloud

Downloads

Download these files from here to a convenient place (such as '/tmp'):
# cd /tmp
# wget https://download.nextcloud.com/server/releases/nextcloud-16.0.3.tar.bz2
# wget https://download.nextcloud.com/server/releases/nextcloud-16.0.3.tar.bz2.sha256
Verify the checksums to ensure integrity:
# sha256sum nextcloud-16.0.3.tar.bz2
a13f68ce47a1362318629ba5b118a59fa98358bb18f4afc371ea15104f2881f3  nextcloud-16.0.3.tar.bz2
# cat nextcloud-16.0.3.tar.bz2.sha256
a13f68ce47a1362318629ba5b118a59fa98358bb18f4afc371ea15104f2881f3  nextcloud-16.0.3.tar.bz2
They are the same, so proceed to untar the application to the Apache directory:
# tar -xvjf nextcloud-16.0.3.tar.bz2 -C /var/www/html/
Manually create a data folder for use by the installation wizard later on:
# mkdir /var/www/html/nextcloud/data
Change the ownership of the '/var/www/html/nextcloud' directory to allow the Apache server access:
# chown -R apache:apache /var/www/html/nextcloud

SELinux

By default RHEL 8 implements SELinux security policies. Check the status as follows:
# getenforce
Enforcing
If 'Enforcing' either turn off SELinux by editing '/etc/selinux/config' to set SELINUX=disabled and reboot (not recommended), or configure SELinux appropriately as per this (recommended):
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'

# restorecon -Rv '/var/www/html/nextcloud/'

# setsebool -P httpd_can_network_connect 1
# setsebool -P httpd_execmem 1
# systemctl reload php-fpm

Create database

Create an empty database for use by Nextcloud:
# su - postgres
psql
CREATE USER nextcloud WITH PASSWORD 'YOUR_PASSWORD';
CREATE DATABASE nextcloud TEMPLATE template1 ENCODING 'UNICODE';
ALTER DATABASE nextcloud OWNER TO nextcloud;
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
\q
exit

Fire up Nextcloud

Restart the Apache instance:
# systemctl restart httpd

Browse to 'http://your-server-ip/nextcloud' and, all being well, you should see:
Create an admin account and enter the PostgreSQL details:
Then click Finish setup.

NextCloud on RHEL 8

Cloud Storage under your control If you too are wary of storing your personal or corporate data on a public cloud under conditions over wh...