How to Install NextCloud on RHEL 8 with Nginx (LEMP Stack)

This tutorial will be showing you how to install NextCloud on RHEL 8 server with Nginx.

What’s NextCloud?

NextCloud is a free open-source self-hosted cloud storage solution. It’s functionally similar to Dropbox. Proprietary cloud storage solutions (Dropbox, Google Drive, etc) are convenient, but at a price: they can be used to collect personal data because your files are stored on some else’s computer. If you worried about privacy, you can switch to NextCloud, which you can install on your private home server or on a virtual private server (VPS). You can upload your files to your server via NextCloud and then sync those files to your desktop computer, laptop or smart phone. This way you have full control of your data.

NextCloud Features

  • Free and open-source
  • End-to-end encryption, meaning files can be encrypted on client device before uploaded to the server, so even if someone steals your server, they can not see your files.
  • Can be integrated with an online office suite (Collobora, OnlyOffice) so you can create and edit your doc, ppt, xls files directly from NextCloud.
  • The app store contains hundreds of apps to extend functionality (like calendar app, notes-taking app, video conferencing app, etc).
  • The sync client are available on Linux, MacOS, Windows, iOS and android.

Prerequisites

NextCloud is written in PHP programing language. To follow this tutorial, you first need to install LEMP stack on RHEL 8. If you haven’t already done so, please check out the following tutorial.

You can install NextCloud on your home server or a VPS (virtual private server).  You also need a domain name. I registered my domain name from NameCheap because the price is low and they give whois privacy protection free for life.

This tutorial uses root account to manage administration tasks. To switch to root, run the following command and enter root password.

su -

Now let’s install NextCloud on the server.

Step 1: Download NextCloud 14 on RHEL 8 Server

Log into your RHEL 8/CentOS 8 server. Then download the NextCloud zip archive onto your server. The latest stable version is 14.0.4 at time of this writing. You may need to change the version number. Go to https://nextcloud.com/install and click the download server button to see the latest version.

install nextcloud on RHEL 8

You can run the following command to download it on your server. The download link is always available in the format below. If a new version comes out, simply replace 14.0.4 with the new version number.

wget https://download.nextcloud.com/server/releases/nextcloud-14.0.4.zip

Once downloaded, extract the archive with unzip.

yum install unzip

unzip nextcloud-14.0.4.zip -d /usr/share/nginx/html/

The -d option specifies the target directory. NextCloud web files will be extracted to /usr/share/nginx/nextcloud/.  Then we need to change the owner of this directory to nginx so that Nginx web server can write to this directory.

chown nginx:nginx /usr/share/nginx/html/nextcloud/ -R

Step 2: Create a Database and User in MariaDB

Log into MariaDB database server with the following command. You will need to enter the MariaDB root password to login.

mysql -u root -p

Then create a database for Nextcloud. This tutorial name the database nextcloud. You can use whatever name you like.

create database nextcloud;

Create the database user. Again, you can use your preferred name for this user. Replace your-password with your preferred password.

create user nextclouduser@localhost identified by 'your-password';

Grant this user all privileges on the nextcloud database.

grant all privileges on nextcloud.* to nextclouduser@localhost identified by 'your-password';

Flush privileges and exit.

flush privileges;

exit;

Step 3: Create a Nginx Config File for Nextcloud

Create a nextcloud.conf file in /etc/nginx/conf.d/ directory. I use the Nano command line text editor in this article.

nano /etc/nginx/conf.d/nextcloud.conf

Put the following text into the file. Replace the red-colored text with your actual data. In your DNS manager, create a sub-domain for your NextCloud server like nextcloud.your-domain.com and don’t forget to set A record for the sub-domain.

server {
    listen 80;
    server_name nextcloud.your-domain.com;

    # Add headers to serve security related headers
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    #This header is already set in PHP, so it is commented out here.
    #add_header X-Frame-Options "SAMEORIGIN";

    # Path to the root of your installation
    root /usr/share/nginx/html/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
       return 301 $scheme://$host/remote.php/dav;
    }

    location ~ /.well-known/acme-challenge {
      allow all;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
       rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
       deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
       deny all;
     }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
       include fastcgi_params;
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       #Avoid sending the security headers twice
       fastcgi_param modHeadersAvailable true;
       fastcgi_param front_controller_active true;
       fastcgi_pass unix:/run/php-fpm/www.sock;
       fastcgi_intercept_errors on;
       fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
       try_files $uri/ =404;
       index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
   }

   location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
   }
}

In nano text editor, press Ctrl+O to save the file. Then press Enter to confirm. Press Ctrl+X to exit. Then test Nginx configuration.

nginx -t

If the test is successful, reload Nginx for the changes to take effect.

systemctl reload nginx

Step 4: Install and Enable PHP Modules

Run the following commands to install PHP modules required or recommended by NextCloud.

yum install php-imagick php-common php-gd php-json php-curl php-zip php-xml php-mbstring php-bz2 php-intl

We also need to tell SELinux to allow PHP-FPM to use execmem.

setsebool -P httpd_execmem 1

Then reload PHP-FPM

systemctl reload php-fpm

Step 5: Setting up Permissions

First, tell SELinux allow Nginx and PHP-FPM to read and write to the /usr/share/nginx/html/nextcloud/ directory.

semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/'

restorecon -v '/usr/share/nginx/html/nextcloud/' -R

setsebool -P httpd_unified 1

By default, SELinux forbids Nginx to make network requests to other servers, but later Nginx needs to request TLS certificate status from Let’s Encrypt CA server, so we need to tell SELinux to allow Nginx with the following command.

setsebool -P httpd_can_network_connect 1

By default, there are 3 files in /var/lib/php/ directory whose group owner are set to apache, but we are using Nginx. So we need to change the group owner from apache to nginx.

chown root:nginx /var/lib/php/opcache/

chown root:nginx /var/lib/php/session/

chown root:nginx /var/lib/php/wsdlcache/

Step 6: Enable HTTPS

Now you can access the Nextcloud web install wizard in your browser by entering the domain name for your Nextcloud installation.

nextcloud.your-domain.com

nextcloud centos 8

If the web page can’t load, you probably need to open port 80 in firewall.

firewall-cmd --permanent --zone=public --add-service=http

And port 443 as well.

firewall-cmd --permanent --zone=public --add-service=https

The --permanent option will make this firewall rule persistent across system reboots. Next, reload the firewall daemon for the change to take effect.

systemctl reload firewalld

Now the NextCloud install wizard should be loaded successfully. Before entering any sensitive information, we should enable secure HTTPS connection on Nextcloud. We can obtain a free TLS certificate from Let’s Encrypt.

Download Let’s Encrypt client certbot-auto from EFF website.

wget https://dl.eff.org/certbot-auto

Give execute permission.

chmod a+x certbot-auto

Move it to user’s PATH, like /usr/local/bin/ and rename it to certbot.

sudo mv certbot-auto /usr/local/bin/certbot

We also need to install the virtualenv Python package so that Certbot can create a virtual environment.

pip3 install virtualenv

Now we can use certbot command to obtain a free TLS certificate using the Nginx plugin.

certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email your-email-address -d nextcloud.your-domain.com

Where:

  • –nginx: Use the Nginx authenticator and installer
  • –agree-tos: Agree to Let’s Encrypt terms of service
  • –redirect: Add 301 redirect so that HTTP requests will be redirected to HTTPS.
  • –hsts: Add the Strict-Transport-Security header to every HTTP response.
  • –staple-ocsp: Enables OCSP Stapling to improve performance and user privacy.
  • -d flag is followed by a list of domain names, separated by comma. You can add up to 100 domain names.
  • –email: Email used for registration and recovery contact.

If this is a first run on RHEL 8/CentOS 8 system, you may be asked to install some dependency packages. Press y to continue.

nextcloud centos 8 certbot

You will be asked if you want to receive emails from EFF(Electronic Frontier Foundation). After choosing Y or N, your TLS certificate will be automatically obtained and configured for you, which is indicated by the message below.

rhel 8 certbot dns cloudflare

Finish the Installation in your Web Browser

Now you can access the Nextcloud web install wizard using HTTPS connection. To complete the installation, you need to create an admin account, enter the path of Nextcloud data folder, enter database details created earlier. You can use the default localhost as host address, or you can enter localhost:3306, as MariaDB listens on port 3306.

nextcloud centos 8 nginx

Once it’s done, you will see the Web interface of Nextcloud. Congrats! You can start using it as your private cloud storage.

nextcloud rhel 8

I hope this tutorial helped you install NextCloud on RHEL 8/CentOS 8 server. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂

Rate this tutorial
[Total: 0 Average: 0]

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • If my answer helped you, please consider supporting this site. Thanks :)