WEBCARA | NextCloud

Oracle Linux 10

Operating System

Apache 2.4

Web Server

MySQL 8.4

Database Server

PHP 8.4

Scripting Server

Redis

RAM Cache Server

NextCloud 32

Storage Collaboration Server

Setup the hardware system as below:

Memory

2GB.

Processor

1 socket 2 cores.

Storage-1

Maximum 48GB for operating system.

Storage-2

Minimum 64GB for file storage.

NIC

1-port.

Operating System

Oracle Linux 10 Installation

Localization	Time & Date	Asia/Kuala Lumpur timezone
User Settings	Root Account	Enable root account Allow root SSH login with password
User Settings	User Creation	No user will be created
Software	Software Selection	Base Environment Minimal Install
System	Installation Destination	Automatic partioning
System	Network & Host Name	Host Name (FQDN) & DHCP

Oracle Linux 10 System Readiness

NTP Settings

Modify file '/etc/chrony.conf'

[root]#

vi '/etc/chrony.conf'

Remark existing pool 2.pool.ntp.org iburst

Add server [your-ntp-server] iburst

Expected Result:

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (https://www.pool.ntp.org/join.html).

# pool 2.pool.ntp.org iburst

server [your-ntp-server] iburst

Update OS

Perform system update by issuing following command.

[root]#

dnf update -y && reboot

Web Server

Install Apache HTTPD Web Server

Install Apache HTTPD web server.

[root]#

dnf install -y httpd

Start Apache HTTPD service.

[root]#

systemctl start httpd

Also set Apache HTTPD service to auto-start upon OS reboot.

[root]#

systemctl enable httpd

Allow incoming HTTP traffic to passing through.

[root]#

firewall-cmd --get-active-zone

[root]#

firewall-cmd --zone=public --list-services

[root]#

firewall-cmd --permanent --zone=public --add-service=http

[root]#

firewall-cmd --reload

[root]#

firewall-cmd --zone=public --list-services

Configure Apache HTTPD

Prepare default underlying directory structure and it's SElinux security context.

[root]#

mkdir --parents '/var/www/logs'

[root]#

chown root:root '/var/www/logs'

[root]#

chmod 755 '/var/www/logs'

[root]#

chcon -u system_u -t httpd_log_t '/var/www/logs'

Create a Welcome webpage.

[root]#

cat > '/var/www/html/index.html' << EOL

<!DOCTYPE html>

<HEAD>

<title>WELCOME | System OK</title>

</HEAD>

<BODY>

<h2>System OK</h2>

</BODY>

</HTML>

EOL

Configure SElinux for the Welcome index file.

[root]#

chcon -u system_u '/var/www/html/index.html'

Create Welcome config file.

[root]#

cat > '/etc/httpd/conf.d/xtra.welcome.httpd-default.conf' << EOL

ServerName 127.0.0.1

LogFormat "%t %h %u %>s \"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\"" httpd-logs

ServerName "LocalHost"

ServerAlias "localhost"

ErrorLog '/var/www/logs/127.0.0.1.httpd.error.log'

CustomLog '/var/www/logs/127.0.0.1.httpd.access.log' httpd-logs

DocumentRoot '/var/www/html/'

</VirtualHost>

EOL

Configure SElinux for the Welcome config file.

[root]#

chcon -u system_u '/etc/httpd/conf.d/xtra.welcome.httpd-default.conf'

Restart Apache HTTPD service.

[root]#

systemctl restart httpd

[root]#

systemctl status httpd

Prepare Additional Future Usage HTTPD Directory

Prepare addtional for future use of other website directory structure and it's security context.

[root]#

mkdir --parents '/var/www/sites'

[root]#

chown apache:apache '/var/www/sites'

[root]#

chmod 700 '/var/www/sites'

[root]#

chcon -u system_u -t httpd_sys_content_t '/var/www/sites'

Database Server

Install Oracle MySQL Server

Install Oracle MySQL 8.4

[root]#

dnf install -y mysql8.4-server

Start Oracle MySQL service.

[root]#

systemctl start mysqld

Also set Oracle MySQL service to auto-start upon OS reboot.

[root]#

systemctl enable mysqld

Check Oracle MySQL installed version.

[root]#

mysql --version

Secure Oracle MySQL Installation by running the security script to set a root password, remove anonymous users, and restrict remote access.

[root]#

mysql_secure_installation

Test Oracle MySQL installation. The command shown here mean login using username root and display MySQL version.

[root]#

mysqladmin -u root -p version

Configure Oracle MySQL For NextCloud File

Create new database for NextCloud File usage. This is a very small database just to store NextCloud File configuration settings, not the file repository.

[root]#

mysql -u root -p

mysql>

CREATE USER 'adminsqlnextcloud'@'localhost' IDENTIFIED BY 'AD31n15#^sqlnextcloud';

mysql>

CREATE DATABASE IF NOT EXISTS db_nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

mysql>

GRANT ALL PRIVILEGES ON db_nextcloud.* TO 'adminsqlnextcloud'@'localhost';

mysql>

FLUSH PRIVILEGES;

mysql>

quit;

Check Oracle MySQL Transaction Isolation Levels. NextCloud File require the level is READ-COMMITTED

[root]#

mysql -u root -p

mysql>

SELECT @@transaction_isolation;

mysql>

SET SESSION TRANSACTION ISOLATION LEVEL READ COMMITTED;

mysql>

quit;

[root]#

systemctl restart mysqld

Check Oracle MySQL Binary Logging Format. NextCloud File require the logging format is BINLOG_FORMAT = ROW

[root]#

mysql -u root -p

mysql>

SELECT @@binlog_format;

mysql>

SET SESSION binlog_format = 'ROW';

mysql>

quit;

[root]#

systemctl restart mysqld

Scripting Server

PHP Installation

Oracle Linux 10 does not bundled with EPEL (Extra Packages for Enterprise Linux). So need to install the EPEL manually.

[root]#

dnf repolist

[root]#

dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm

[root]#

dnf repolist

[root]#

dnf update -y

Install PHP version 8.4.

[root]#

dnf install -y https://rpms.remirepo.net/enterprise/remi-release-10.rpm

[root]#

dnf module reset -y php

[root]#

dnf module install -y php:remi-8.4

[root]#

dnf install -y php

Install PHP 8.4 modules.

[root]#

dnf install -y php-gd

[root]#

dnf install -y php-json php-mysqlnd php-posix php-zip

[root]#

dnf install -y php-intl

[root]#

dnf install -y php-gmp php-bcmath

[root]#

dnf install -y php-apcu php-redis

[root]#

dnf install -y php-imagick

Check PHP8.4 modules.

[root]#

php -m

Configure PHP 8.4

Configure memory limit for NextCloud File in file '/etc/php.ini' by increasing it to 512M from default 128M. The setting is located under Resource Limits section.

[root]#

vi '/etc/php.ini'

Expected Result:

; Maximum amount of memory a script may consume

; https://php.net/memory-limit

memory_limit = 512M

NextCloud File strictly requires code comments to be preserved in opcode, which is the default. Make sure the setting in '/etc/php.d/10-opcache.ini' is uncomment.

[root]#

vi '/etc/php.d/10-opcache.ini'

Expected Result:

; The amount of memory for interned strings in Mbytes.

opcache.interned_strings_buffer=12

; If disabled, all PHPDoc comments are dropped from the code to reduce the

; size of the optimized code.

opcache.save_comments=1

Configure APCu for NextCloud File located in file '/etc/php.d/40-apcu.ini'.

[root]#

vi '/etc/php.d/40-apcu.ini'

Expected Result:

; Setting this enables APCu for the CLI version of PHP

; (Mostly for testing and debugging).

apc.enable_cli=1

Restart and check Apache HTTPD service after configuring PHP.

[root]#

systemctl restart httpd

[root]#

systemctl status httpd

Storage Collaboration Server

Prepare Apache HTTPD Website Directory

Create a directory location for NextCloud File web portal.

[root]#

mkdir --parents '/var/www/sites/ncfile'

[root]#

chown apache:apache '/var/www/sites/ncfile'

[root]#

chmod 700 '/var/www/sites/ncfile'

[root]#

chcon -u system_u '/var/www/sites/ncfile'

[root]#

ls -lhZ '/var/www/sites'

[root]#

mkdir --parents '/var/www/sites/ncfile/logs'

[root]#

chown apache:apache '/var/www/sites/ncfile/logs'

[root]#

chmod 700 '/var/www/sites/ncfile/logs'

[root]#

chcon -u system_u -t httpd_log_t '/var/www/sites/ncfile/logs'

[root]#

ls -lhZ '/var/www/sites/ncfile'

Prepare Data Storage For NextCloud File

NextCoud File data repository best not to be stored in same place as root directory.

[root]#

lsblk -fm

Format volume vg2a created earlier in this documentation with XFS filesystem.

[root]#

mkfs --type 'xfs' '/dev/vg2/vg2a'

[root]#

lsblk -fm

Create a mountpoint.

[root]#

mkdir --parents '/mnt/local'

[root]#

chcon -u system_u '/mnt/local'

[root]#

mkdir --parents '/mnt/local/vg2a'

[root]#

chcon -u system_u '/mnt/local/vg2a'

Declare the mountpoint in '/etc/fstab' so that the volume will be auto-mount during OS reboot.

[root]#

echo -e "\n" >> /etc/fstab

[root]#

echo -e "UUID=b3013dc2-9b0a-454a-8fc6-4358529971d0 \t /mnt/local/vg2a \t xfs \t defaults,nofail \t 0 1" >> /etc/fstab

Mount the volume.

[root]#

mount -a

[root]#

systemctl daemon-reload

[root]#

chcon -t mnt_t '/mnt/local/vg2a'

Confirm the volume has been mounted.

[root]#

lsblk

Create directory for NextCloud File data repository and configure it's security context.

[root]#

mkdir --parents '/mnt/local/vg2a/data-ncfile'

[root]#

chown apache:apache '/mnt/local/vg2a/data-ncfile'

[root]#

chmod 700 '/mnt/local/vg2a/data-ncfile'

[root]#

chcon -u system_u -t httpd_sys_rw_content_t '/mnt/local/vg2a/data-ncfile'

[root]#

ls -lhZ '/mnt/local/vg2a'

Install NextCloud

Copy source installation file (32.0.06) to '/tmp' directory.

Extract the source installation file.

[root]#

tar xf '/tmp/nextcloud32.tar.xz' --directory '/var/www/sites/ncfile/' --verbose

Rename the extracted directory.

[root]#

mv '/var/www/sites/ncfile/nextcloud/' '/var/www/sites/ncfile/html/'

Configure SElinux context for NextCloud File generic directory.

[root]#

chown apache:apache '/var/www/sites/ncfile/html' --recursive

[root]#

chmod 600 '/var/www/sites/ncfile/html' --recursive

[root]#

chmod u=rX '/var/www/sites/ncfile/html' --recursive

[root]#

chcon -u system_u -t httpd_sys_content_t '/var/www/sites/ncfile/html' --recursive

[root]#

ls -lhZ '/var/www/sites/ncfile'

[root]#

ls -lhZ '/var/www/sites/ncfile/html'

Configure SElinux context for NextCloud File specific directory.

[root]#

chmod 700 '/var/www/sites/ncfile/html/config' --recursive

[root]#

chcon -t httpd_sys_rw_content_t '/var/www/sites/ncfile/html/config' --recursive

[root]#

chmod 700 '/var/www/sites/ncfile/html/apps' --recursive

[root]#

chcon -t httpd_sys_rw_content_t '/var/www/sites/ncfile/html/apps' --recursive

[root]#

chmod 700 '/var/www/sites/ncfile/html/3rdparty/aws/aws-sdk-php/src/data/logs' --recursive

[root]#

chcon -t httpd_sys_rw_content_t '/var/www/sites/ncfile/html/3rdparty/aws/aws-sdk-php/src/data/logs' --recursive

[root]#

chcon -t httpd_sys_rw_content_t '/var/www/sites/ncfile/html/.htaccess'

[root]#

chcon -t httpd_sys_rw_content_t '/var/www/sites/ncfile/html/.user.ini'

[root]#

ls -lhAZ '/var/www/sites/ncfile/html'

Create Apache HTTPD Config For NextCloud File

Create new config file for NextCloud File.

[root]#

cat > '/etc/httpd/conf.d/xtra.vhost.ncfile.conf' << EOL

ServerName "NextCloud File"

ServerAlias "ncfile.cmxcorp.net"

ErrorLog '/var/www/sites/ncfile/logs/ncfile.cmxcorp.net.httpd.error.log'

CustomLog '/var/www/sites/ncfile/logs/ncfile.cmxcorp.net.httpd.access.log' combined

DocumentRoot '/var/www/sites/ncfile/html/'

Require all granted

AllowOverride All

Options FollowSymLinks MultiViews

Dav off

</Directory>

AddType application/json .js.map

Header set Server "Apache HTTPD on Linux for NextCloud File"

</VirtualHost>

EOL

[root]#

chcon -u system_u '/etc/httpd/conf.d/xtra.vhost.ncfile.conf'

Restart Apache HTTPD service.

[root]#

systemctl restart httpd

[root]#

systemctl status httpd

Launch NextCloud File From Internet Browser

Launch your favorite internet browser and point to your NextCloud File URL. Complete the installation wizard of administrator's username and database connection. Once the wizard complete, exit admin page and further continue tuning NextCloud File settings from command line.

[root]#

php '/var/www/sites/ncfile/html/occ' maintenance:install \

--admin-user 'adminnchub' --admin-pass 'AD31n15#^nchub' \

--data-dir "/mnt/local/vg2a/data-ncfile" \

--database 'mysql' --database-name 'db_nextcloud' --database-user 'adminsqlnextcloud' --database-pass 'AD31n15#^sqlnextcloud'

Configure NextCloud File Trusted Domains

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set trusted_domains 0 --value=nchub.cmxcorp.net

Configure NextCloud File overwrite.cli.url

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set overwrite.cli.url --value="https://nchub.cmxcorp.net"

Execute NextCloud File Mimetype Migrations

[root]#

php '/var/www/sites/ncfile/html/occ' maintenance:repair --include-expensive

Execute NextCloud File Database Indices

[root]#

php '/var/www/sites/ncfile/html/occ' db:add-missing-indices

Configure NextCloud File Maintenance Window Start

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set maintenance_window_start --type=integer --value=1

Configure NextCloud File Default Phone Region

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set default_phone_region --value="MY"

Configure NextCloud File Email

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set mail_domain --value="cmxcorp.info"

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set mail_from_address --value="nextcloud"

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set mail_smtpmode --value=smtp

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set mail_smtphost --value="smtps.cmxcorp.info"

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set mail_smtpport --value="587"

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set mail_smtpauth --value=1

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set mail_smtpname --value="nextcloud@cmxcorp.info"

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set mail_smtppassword --value="P@ssw00rd"

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set mail_smtpsecure --value="ssl"

[root]#

php '/var/www/sites/ncfile/html/occ' config:system:set mail_tlspeerverification --value=false --type=boolean

Putting NextCloud File to maintanance mode.

[root]#

php '/var/www/sites/ncfile/html/occ' maintenance:mode --on

[root]#

php '/var/www/sites/ncfile/html/occ' maintenance:mode --off