Nextcloud @Nginx @Oracle Linux v9.5 with self-signed cert (for virtualization)
preparations
dnf install \
mariadb \
wget \
unzip
Create database
Connect to database server, create database and user for application from wherever it is possible. When safe post-script installation been executed, most probably remote root access is not permitted. Login locally to create new database and user.
ssh anton@lt58ncp1dbn1
sudo su
mariadb -p
CREATE DATABASE ncp1 CHARACTER SET utf8mb4;
CREATE USER 'ncp1rw'@'%' IDENTIFIED BY 'superpass';
GRANT ALL ON ncp1.* TO 'ncp1rw'@'%';
FLUSH PRIVILEGES;
SHOW GRANTS FOR ncp1rw;
+-------------------------------------------------------------------------------------------------------+
| Grants for ncp1rw@% |
+-------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `ncp1rw`@`%` IDENTIFIED BY PASSWORD '*BD9925F1D4C650B93F105762F0FC7F494AD66AC8' |
| GRANT ALL PRIVILEGES ON `ncp1`.* TO `ncp1rw`@`%` |
+-------------------------------------------------------------------------------------------------------+
2 rows in set (0.009 sec)
Check connectivity to database server from application server
[root@lt58ncp1app1 anton]#
mariadb -h lt58ncp1dbn1 -u ncp1rw -p
Generate certificates (self-signed)
Prepare storage
export fqdn="lt58ncp1app1"
export dir="/data/certs/"
mkdir -p ${dir}/CA
mkdir -p ${dir}/${fqdn}
cd ${dir}/CA
pwd
Create CSR and certificate
# create key for CA, give passpharase minimum of four(4) symbols (you want complicated for stronger setups)
openssl genrsa -des3 -out ca.key 1024
# create request for CA certificate
openssl req -new -sha256 -key ca.key -out ca.csr
# create a CA certificate
openssl x509 -req -days 3600 -in ca.csr -out ca.crt -signkey ca.key
# generate a key for new certicate
openssl genrsa -des3 -out server.key 1024
# create request for the new certificate
openssl req -new -sha256 -key server.key -out server.csr
# sign request for new certificate with the CA
openssl x509 -req -sha256 -days 3600 -in server.csr -signkey server.key -out server.crt
Now we have pair of certificate and key, we can rename them
mv ${dir}/CA/server.* ${dir}/${fqdn}/
mv server.crt ${fqdn}.csr
mv server.key ${fqdn}.key
mv server.crt ${fqdn}.crt
Install Nginx webserver
dnf install nginx
systemctl enable nginx
systemctl start nginx
systemctl status nginx
ss -ntap | grep nginx
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=3459,fd=6),("nginx",pid=3457,fd=6))
LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=3459,fd=7),("nginx",pid=3457,fd=7))
Prepare local storage for application (not for data)
download nextcloud and check integrity
Decide which version is going to be deployed. Rule of thumb is to go current major version minus one.
export v=29
wget https://download.nextcloud.com/server/releases/latest-$v.zip
curl https://download.nextcloud.com/server/releases/latest-$v.zip.sha256
sha256sum latest-$v.zip
unzip latest-$v.zip
Change permission to nginx's configuration and applications directories
cat /etc/nginx/nginx.conf | grep user
chown -R www-data:www-data ${dir}/nextcloud/config/
chown -R www-data:www-data ${dir}/nextcloud/apps/
Enable nginx configuration, test it and restart
ln -s /etc/nginx/sites-available/hub.2dz.fi.conf /etc/nginx/sites-enabled/
ls -la /etc/nginx/sites-enabled/
nginx -t
systemctl restart nginx
systemctl status nginx
Install prerequsitives
apt install \
php-fpm \
php-mysql \
php-zip \
php-xml \
php-mbstring \
php-curl \
php-gd
Enable logging:
mkdir -p /var/www/nextcloud/log
chown -R www-data:www-data /var/www/nextcloud/log/
nano /var/www/nextcloud/config/config.php
check log file is created after reloading nextcloud page and it can be tail'ed
ls -la /var/www/nextcloud/log/
tail -f /var/www/nextcloud/log/nextcloud.log