Skip to content

STILL A WIP

SERVER PREP

SET HOSTNAME

    sudo hostnamectl set-hostname nextcloud.schotty.com

ENABLE & CONFIGURE FIREWALL

    sudo systemctl start firewalld
    sudo systemctl enable firewalld

    sudo firewall-cmd --permanent --add-service=mysql
    sudo firewall-cmd --permanent --add-service=http
    sudo firewall-cmd --permanent --add-service=https
    sudo firewall-cmd --permanent --add-service=ssh
    sudo firewall-cmd --reload

ADD EPEL REPO

    sudo yum -y install epel-release 
    sudo yum -y update

ADD FAIL2BAN

    sudo yum -y install fail2ban
    sudo systemctl enable fail2ban
    sudo systemctl start fail2ban

CREATE NEW USER

    sudo useradd $USERNAME
    sudo passwd $USERNAME

ADD USER TO SUDOERS

    sudo visudo

add:

    $USERNAME  ALL=(ALL)       ALL

log in as user to validate u/n & p/w on local system copy tls cert over:

    ssh-copy-id $USERNAME@host

FIX SSH

edit /etc/ssh/sshd_config to have the following lines. Change any existing to be the following:

    PermitRootLogin no
    PubkeyAuthentication yes
    PasswordAuthentication no

Restart sshd:

    sudo systemctl restart sshd

Open another terminal window and log in as $USERNAME. If successful, log ALL users (including root) out, and log in as $USERNAME and sudo -s to become root for future work via the tutorial, and future maintenance.

INSTALL APACHE HTTP DAEMON & PHP

    sudo yum install httpd -y
    sudo systemctl start httpd.service
    sudo systemctl enable httpd.service

    sudo yum -y install yum-utils http://rpms.remirepo.net/enterprise/remi-release-7.rpm
    sudo yum-config-manager --enable remi-php70
    sudo yum -y install php php-opcache php-mysql php-pecl-zip php-xml php-mbstring php-gd php-process php-pdo php-pear php-pear-Net-Curl php-mcrypt php-intl php-ldap php-smbclient php-imap php-pear-MDB2 php-pear-MDB2-Driver-mysqli bzip2 policycoreutils-python redis php-pecl-redis

    sudo yum -y update

    sudo php --ini |grep Loaded
    sudo sed -i "s/post_max_size = 8M/post_max_size = 100M/" /etc/php.ini
    sudo sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 100M/" /etc/php.ini

    sudo systemctl restart httpd

APACHE CONFIGURATION

  1. Add to the very end of /etc/httpd/conf/httpd.conf 

    <Directory /var/www/html/nextcloud/data>
  Require all denied
</Directory>

  2. Add to the very end of /etc/httpd/conf.d/ssl.conf above final 

    <IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>

PHP CONFIGURATION

Add the following to /etc/php.d/opcache.ini. If the file does not exist, create it (likely does not exist).

    opcache.enable=1
    opcache.enable_cli=1
    opcache.interned_strings_buffer=8
    opcache.max_accelerated_files=10000
    opcache.memory_consumption=128
    opcache.save_comments=1
    opcache.revalidate_freq=1

Restart Apache

    sudo systemctl restart httpd

INSTALL CERTBOT & RETRIEVE TLS CERTIFICATE

  1. Install certbot

    sudo yum -y install certbot
sudo certbot certonly -d your.domain.tld

  2. Edit /etc/httpd/conf.d/ssl.conf and add at the bottom the following lines, or find the commented out ones mid-way thru the config. You will need to correct for your domain. The exact path will be in the trailing text from the previous certbot command.

    SSLCertificateFile /etc/letsencrypt/live/domain.tld/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.tld/chain.pem

  3. Restart Apache

    sudo systemctl restart httpd

IMPORTING PREVIOUS INSATLLATION

BACKUP OLD SERVER DATA

    sudo -u apache php occ maintenance:mode --on
    sudo yum -y install rsync
    sudo rsync -Aax /var/www/html/nextcloud/ /path/to/backup/nextcloud-dirbkp/

BACKUP APPROPRIATE DATABASE

Determine actual DB type:

    sudo grep dbtype /var/www/html/nextcloud/config/config.php
SQLITE
    sudo sqlite3 /var/www/html/nextcloud/data/owncloud.db .dump > /path/to/backup/nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
MARIADB
    sudo mysqldump --single-transaction -h [server] -u [username] -p[password] [db_name] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
POSTGRESQL
    sudo PGPASSWORD="password" pg_dump [db_name] -h [server] -U [username] -f nextcloud-sqlbkp_`date +"%Y%m%d"`.bak

RESTORE BACKUP ON NEW SERVER

RESTORE NEXTCLOUD DATA
    sudo yum -y install rsync
    sudo rsync -Aax nextcloud-dirbkp/ /var/www/html/nextcloud/
    sudo chown -R apache:apache /var/www/html/nextcloud
    sudo find /var/www/html/nextcloud -type d -print0 | xargs -0 chmod 750
    sudo find /var/www/html/nextcloud -type f -print0 | xargs -0 chmod 640
SQLITE
    sudo rm /var/www/html/nextcloud/data/owncloud.db
    sudo sqlite3 /var/www/html/nextcloud/data/owncloud.db < /path/to/nextcloud-sqlbkp.bak
MARIADB
INSTALL & PREP MARIADB SQL DAEMON
    sudo yum -y install mariadb mariadb-server
    sudo systemctl start mariadb
    sudo systemctl enable mariadb
    sudo mysql_secure_installation
CLEAN DATABASE
    sudo mysql -h [server] -u [username] -p[password] -e "DROP DATABASE nextcloud"
    sudo mysql -h [server] -u [username] -p[password] -e "CREATE DATABASE nextcloud"

If you use UTF8 with multibyte support (e.g. for emoijs in filenames), use:

    sudo mysql -h [server] -u [username] -p[password] -e "DROP DATABASE nextcloud"
    sudo mysql -h [server] -u [username] -p[password] -e "CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci"
# RESTORE DATABASE BACKUP
    sudo mysql -h [server] -u [username] -p[password] [db_name] < nextcloud-sqlbkp.bak
POSTGRESQL
CLEAN DATABASE
    sudo PGPASSWORD="password" psql -h [server] -U [username] -d nextcloud -c "DROP DATABASE \"nextcloud\";"
    sudo PGPASSWORD="password" psql -h [server] -U [username] -d nextcloud -c "CREATE DATABASE \"nextcloud\";"
RESTORE DATABASE BACKUP
    sudo PGPASSWORD="password" pg_restore -c -d nextcloud -h [server] -U [username] nextcloud-sqlbkp.bak
TEST MIGRATION

CREATING NEW INSTALLATION

SETTING UP COLLABORA/CODE