NextCloud on RHEL 8

Cloud Storage under your control

If you too are wary of storing your personal or corporate data on a public cloud under conditions over which you have no control, and if you have your own hardware and technical skills, consider Nextcloud, a software suite written in PHP that you can run on your own private servers to provide similar functionality as DropBox, Google Docs or Microsoft OneDrive.

It is open source software, licensed under the GNU Affero General Public License which guarantees that you can use, study, share and improve the software without any legal risks, so there is no cost if you are prepared to support it yourself, though the Nextcloud OEM offers Enterprise Subscriptions if you need additional features and access to technical expertise and capabilities from them.

The generic installation instructions are here, but to make life easier, here is a more specific guide to install Nextcloud on Redhat Enterprise Linux 8 and PostgreSQL, running on Apache.

Prerequisites

Conveniently, RHEL 8 provides all the prerequisites with the recommended versions straight out of the box. Install as root, or run with sudo, the instructions that follow.

PHP 7.2

Install the following PHP modules:

# dnf install -y php php-gd php-mbstring php-intl php-json \
php-zip php-process php-xml php-bz2 php-fileinfo php-intl php-pgsql

List the PHP modules that have been installed to check that all PHP prerequisites have been met:

# php -m

Note that you may come across instructions that include php-imagick, but this is no longer recommended for security reasons (though you could still install it manually if this is a deal-breaker).

Apache HTTP 2.4

If you haven't already installed and enabled Apache, do so now:

# dnf install -y httpd
# systemctl enable httpd
# systemctl start httpd

Open port 80 on the firewall:

# firewall-cmd --zone=public --add-service=http --permanent
# firewall-cmd --reload

HTTP is OK for basic installation purposes, but you must get a SSL certificate and use HTTPS on port 443 to secure the service in production.

Check that the Apache server has loaded all the required PHP modules by creating a file called 'phpinfo.php' under the Apache base directory '/var/www/html/' with the following content:

<?php
     phpinfo ();
?>

Browse to 'http://<your-server>/phpinfo.php' and admire your progress so far. Don't forget to delete it immediately after congratulating yourself. No point in giving miscreants more information than they need to know.

PostgreSQL 10.6

Nextcloud recommends MySQL or MariaDB, but PostgreSQL has enterprise-strength features that the other two do not provide, so use it instead:

# dnf install -y postgresql-server postgresql

Initialise the database:

# postgresql-setup --initdb
 * Initializing database in '/var/lib/pgsql/data'
 * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log

Start PostgreSQL and enable it to start after reboot:

# systemctl start postgresql
# systemctl enable postgresql

Check that it is running by listing processes listening to port 5432:

# lsof -i tcp:5432
COMMAND    PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
postmaste 6629 postgres    4u  IPv6  65975      0t0  TCP localhost:postgres (LISTEN)
postmaste 6629 postgres    5u  IPv4  65976      0t0  TCP localhost:postgres (LISTEN)

Set the password for the database administrator user postgres:

# su - postgres
$ psql
psql (10.6)
Type "help" for help.

postgres=# \password postgres
Enter new password: 
Enter it again: 
postgres=# \q
$ exit
logout

Configure PostgreSQL to listen for connections from the outside world by editing '/var/lib/pgsql/data/postgresql.conf' with your favourite text editor and set listen_addresses:

listen_addresses = '*'

Enable MD5-encrypted password authentication from localhost by editing '/var/lib/pgsql/data/pg_hba.conf' as follows:

# IPv4 local connections:
host all          all          127.0.0.1/32         md5

Now you should be able to connect to the database from any user on the server:

# psql -h localhost -U postgres
Password for user postgres: 
psql (10.6)
Type "help" for help.

Note that if you are unable to connect with 'psql -h localhost -U postgres', but 'psql -h 127.0.0.1 -U postgres' works okay, check that your '/etc/hosts' is correctly resolving 'localhost' to the local loopback address '127.0.0.1'  .

Install NextCloud

Downloads

Download these files from here to a convenient place (such as '/tmp'):

# cd /tmp
# wget https://download.nextcloud.com/server/releases/nextcloud-16.0.3.tar.bz2
# wget https://download.nextcloud.com/server/releases/nextcloud-16.0.3.tar.bz2.sha256

Verify the checksums to ensure integrity:

# sha256sum nextcloud-16.0.3.tar.bz2
a13f68ce47a1362318629ba5b118a59fa98358bb18f4afc371ea15104f2881f3  nextcloud-16.0.3.tar.bz2
# cat nextcloud-16.0.3.tar.bz2.sha256
a13f68ce47a1362318629ba5b118a59fa98358bb18f4afc371ea15104f2881f3  nextcloud-16.0.3.tar.bz2

They are the same, so proceed to untar the application to the Apache directory:

# tar -xvjf nextcloud-16.0.3.tar.bz2 -C /var/www/html/

Manually create a data folder for use by the installation wizard later on:

# mkdir /var/www/html/nextcloud/data

Change the ownership of the '/var/www/html/nextcloud' directory to allow the Apache server access:

# chown -R apache:apache /var/www/html/nextcloud

SELinux

By default RHEL 8 implements SELinux security policies. Check the status as follows:

# getenforce
Enforcing

If 'Enforcing' either turn off SELinux by editing '/etc/selinux/config' to set SELINUX=disabled and reboot (not recommended), or configure SELinux appropriately as per this (recommended):

# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'

# restorecon -Rv '/var/www/html/nextcloud/'

# setsebool -P httpd_can_network_connect 1
# setsebool -P httpd_execmem 1

# systemctl reload php-fpm

Create database

Create an empty database for use by Nextcloud:

# su - postgres
psql
CREATE USER nextcloud WITH PASSWORD 'YOUR_PASSWORD';
CREATE DATABASE nextcloud TEMPLATE template1 ENCODING 'UNICODE';
ALTER DATABASE nextcloud OWNER TO nextcloud;
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
\q
exit

Fire up Nextcloud

Restart the Apache instance:

# systemctl restart httpd

Browse to 'http://your-server-ip/nextcloud' and, all being well, you should see:

Create an admin account and enter the PostgreSQL details:

Then click Finish setup.

GitHub Pages and Jekyll themes

By default, a newly generated Jekyll site uses a theme called Minima. It is a simple, spartan theme with very little to recommend it, so I decided to replace it with one of the supported themes instead.

GitHub Pages Supported Themes

According to the documentation, it should be easy enough: just edit _config.yml and replace minima with the name of the new theme, jekyll-theme-tactile for example.

Actually it was not so easy because the other themes have a more simplistic layout scheme than the Minima theme, so when you serve up the site, you end up with error messages about missing layouts.

The end result is a blank screen and lots of beating your head on the keyboard.

Jekyll layouts

The default Jekyll theme minima has four built-in layouts that are used by different pages of the blog.

When you switch to one of the other GitHub Pages themes, the new theme might only have the default.html layout, so when you switch from Minima to Tactile or Cayman, for example, you will get a blank page because the other layouts are missing.

If you examine the source code of the Minima theme, you will see that there are four layout files in the _layouts folder:

• default.html: the default base layout
• home.html: layout for the home page
• page.html: layout for other pages such as About, Contacts etc
• post.html: layout for the blog posts

The first step to sorting the problem out is to copy the missing layout files from the minima theme into your own _layouts folder. Don't copy the file default.html for now, just the missing files:

├── _layouts
│   ├── home.html
│   ├── page.html
│   └── post.html

Now you can change the theme without triggering error messages and the site will be visible.

Note that the website will fall back to use the default.html layout that is baked into in the gem of the new theme that you selected, so it may or may not have the functionality you require.

The next step is to use the default.html layout file from the theme that you have chosen as the basis for improving the functionality.

I am using jekyll-theme-tactile, so copy default.html from the Tactile repo to your _layouts folder.

├── _layouts
│   ├── default.html (from the repo of the theme you selected)
│   ├── home.html    (from minima)
│   ├── page.html    (from minima)
│   └── post.html    (from minima)

Commit your changes and push to GitHub:

$ git add --all
$ git commit -m "Add missing layouts"
$ git push

You will not see any changes when you reload the website, but now you have the raw material to build a more usable site.

Favicon

The first thing I did was to add a favicon to the site.

Create favicon.png from an image using GIMP or an on-line tool like faviconit, then copy the image to the root folder of your site and add this line to the <head> section of default.html:

<link rel="shortcut icon" type="image/png" href="favicon.png">

Protip: if you don't see the favicon after you have pushed to github.io, clear your cache and refresh the page. Most browsers should respond to Ctrl+F5 to do the same thing.

Clickable title

Make the title a hyperlink to the site to make it easier to navigate back to Home by adding this line to the <header> section of the <body> of default.html:

<h1><a class="site-title" rel="author" 
      href="{{ "/" | relative_url }}">{{ site.title | escape }}</a></h1>

Further reading

Shout out to this blog post which was extremely helpful when I first hit problems with Jekyll theming.

This book Creating Blogs with Jekyll is a good guide to static website generators.

GitHub Pages, Jekyll and Centos 7

I have been digging into GitHub Pages as an alternative blog platform in case Blogger follows Google+ to the Great Big BitBucket in the Sky. WordPress is an obvious alternative to Blogger but GitHub Pages offers a simpler escape route.

This post describes how to create and maintain a personal web site on GitHub Pages, and to migrate Blogger content to the new site.

GitHub Pages

GitHub Pages is a static website hosting service for personal, organizational, or project-specific pages that are driven directly from your GitHub repository.

You can use either HTML or Markdown to create the pages. It is a static site hosting service so it doesn't support server-side code such as PHP, Ruby, or Python.

GitHub Pages can work with any static site generator, but for ease of use it is tightly integrated with the Jekyll static site generator.

You feed it Markdown text and it cranks out a static website, using kramdown to parse the Markdown syntax to generate the HTML pages.

github.io

A website generated by GitHub Pages is hosted at <username>.github.io where <username> is the name of your GitHub account.

GitHub Pages generates the web site from content stored in a repository that you create using the same name.

Follow the instructions here to create your new repository <username>.github.io.

Clone the repository to your development environment so that you can work on it using your favourite editor, then push the changes back up to GitHub. After a moment or two, you will see the fruits of your labours by browsing to https://<username>.github.io.

You could continue to work on this simple local copy to build up a functionally rich website, but you will have to set up a Jekyll development environment to do things like migrate posts from Blogger.

The next section describes how to install Jekyll and use it to generate the website.

Jekyll development environment

Install RVM and Ruby

Jekyll is a Ruby Gem that must be installed on your system, which in my case is a Centos 7 workstation. These instructions should work for other RPM-based distros like RHEL or Fedora.

The pre-requisites are Ruby version 2.4.0 or above, as well as GCC and Make.

Install the development tools group which includes GCC and Make:

$ sudo yum update -y
$ sudo yum install @development-tools

The version of Ruby in the Centos 7 repo does not meet the requirements (it is version 2.0), so build the Ruby Version Manager RVM and use it to install the latest version.

Get the GPG keys and install RVM:

$ sudo gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys \
    409B6B1796C275462A1703113804BB82D39DC0E3 \
    7D2BAF1CF37B13E2069D6956105BD0E739499BDB
$ sudo \curl -sSL https://get.rvm.io | bash -s stable

Note that for reasons best known to the RVM developers, they have prefixed the curl command with a backslash to suppress any aliases for curl. It is not a typo.

Add your Linux user to the RVM group so that it can be used as a non-root user:

$ sudo usermod -a -G rvm <devuser>
$ sudo getent group rvm
rvm:x:1001:<devuser>

where <devuser> is your Linux username.

Logout and login again to activate the group membership.

List all known rubies to find the latest version of Ruby:

$ rvm list known | less

Install the latest version (2.6 in this case) and check the version numbers:

$ rvm install ruby-2.6
$ rvm use 2.6 --default

$ ruby -v
ruby 2.6.0p0 (2018-12-25 revision 66547) [x86_64-linux]

$ gem -v
3.0.1

Install Jekyll and the gem bundler:

$ gem install jekyll bundler

Generate a Jekyll website

Now we will use Jekyll to generate the website from scratch, replacing the simple version you created above, as follows:

$ rm -rf <username>.github.io
$ jekyll new <username>.github.io

Fire it up:

$ cd <username>.github.io
$ bundle exec jekyll serve

Browse to http://localhost:4000 to see your new site. 

Edit _config.yml to change the blog title and other site-specific details. The inaugural post is in _posts/yyyy-mm-dd-welcome-to-jekyll.markdown. Edit it as you see fit.

Note that the default site that Jekyll generated is powered by two gems:

gem "jekyll", "~> 3.8.5"
gem "minima", "~> 2.0"

Before you publish the website to github.io, replace these two with the github-pages gem that has been commented out in the Gemfile, to get the full value of GitHub Pages. Edit your Gemfile to delete these two default Jekyll gems and replace them with the gem that contains the GitHub Pages functionality by uncommenting the line gem "github-pages", group: :jekyll_plugins then update the site to install the gems:

$ vi Gemfile
$ bundle update

Stop and restart the site to make sure all is well.

Publish to github.io

To publish this on github.io, you need to push the newly generated contents to the repo that you created above.

Initialize the current working directory as a Git repository:

$ git init

Stage and commit the files:

$ git add --all
$ git commit -m "Initial commit"

Link your newly generated website to the repo <username>.github.io that you created above by adding the URL of the project repo to the origin of the local git repo and push the contents to GitHub:

$ git remote add origin git@github.com:<username>/<username>.github.io.git
$ git push -u origin master --force

The --force option will overwrite the contents of the GitHub repo with the contents of the newly generated website, so be careful.

Migrate Blogger posts

Migrating your Blogger posts is straightforward because Jekyll provides importers to move from other blog platforms.

Follow these instructions to create a backup file of your Blogger posts called blog-MM-DD-YYYY.xml.

Import the posts into Jekyll:

$ ruby -r rubygems -e 'require "jekyll-import";
    JekyllImport::Importers::Blogger.run({
      "source"                => "/path/to/blog-MM-DD-YYYY.xml",
      "no-blogger-info"       => false, 
      "replace-internal-link" => false, 
    })'

This will generate the posts in _posts. Note that “Labels” will be included in the export as “Tags”.

If you uploaded images to your Blogger posts, they will be visible as links to your original blog, so you will have to download them and insert them locally before you decommission the old blog.