STILL A WIP
SERVER PREP
SET HOSTNAME
sudo hostnamectl set-hostname nextcloud.schotty.com
ENABLE & CONFIGURE FIREWALL
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --permanent --add-service=mysql
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
ADD EPEL REPO
sudo yum -y install epel-release
sudo yum -y update
ADD FAIL2BAN
sudo yum -y install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
CREATE NEW USER
sudo useradd $USERNAME
sudo passwd $USERNAME
ADD USER TO SUDOERS
sudo visudo
add:
$USERNAME ALL=(ALL) ALL
log in as user to validate u/n & p/w on local system copy tls cert over:
ssh-copy-id $USERNAME@host
FIX SSH
edit /etc/ssh/sshd_config to have the following lines. Change any existing to be the following:
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
Restart sshd:
sudo systemctl restart sshd
Open another terminal window and log in as $USERNAME. If successful, log ALL users (including root) out, and log in as $USERNAME and sudo -s to become root for future work via the tutorial, and future maintenance.
INSTALL APACHE HTTP DAEMON & PHP
sudo yum install httpd -y
sudo systemctl start httpd.service
sudo systemctl enable httpd.service
sudo yum -y install yum-utils http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum-config-manager --enable remi-php70
sudo yum -y install php php-opcache php-mysql php-pecl-zip php-xml php-mbstring php-gd php-process php-pdo php-pear php-pear-Net-Curl php-mcrypt php-intl php-ldap php-smbclient php-imap php-pear-MDB2 php-pear-MDB2-Driver-mysqli bzip2 policycoreutils-python redis php-pecl-redis
sudo yum -y update
sudo php --ini |grep Loaded
sudo sed -i "s/post_max_size = 8M/post_max_size = 100M/" /etc/php.ini
sudo sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 100M/" /etc/php.ini
sudo systemctl restart httpd
APACHE CONFIGURATION
-
Add to the very end of /etc/httpd/conf/httpd.conf
<Directory /var/www/html/nextcloud/data> Require all denied </Directory>
-
Add to the very end of /etc/httpd/conf.d/ssl.conf above final
<IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" </IfModule>
PHP CONFIGURATION
Add the following to /etc/php.d/opcache.ini. If the file does not exist, create it (likely does not exist).
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
Restart Apache
sudo systemctl restart httpd
INSTALL CERTBOT & RETRIEVE TLS CERTIFICATE
-
Install certbot
sudo yum -y install certbot sudo certbot certonly -d your.domain.tld
-
Edit /etc/httpd/conf.d/ssl.conf and add at the bottom the following lines, or find the commented out ones mid-way thru the config. You will need to correct for your domain. The exact path will be in the trailing text from the previous certbot command.
SSLCertificateFile /etc/letsencrypt/live/domain.tld/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/domain.tld/chain.pem
-
Restart Apache
sudo systemctl restart httpd
IMPORTING PREVIOUS INSATLLATION
BACKUP OLD SERVER DATA
sudo -u apache php occ maintenance:mode --on
sudo yum -y install rsync
sudo rsync -Aax /var/www/html/nextcloud/ /path/to/backup/nextcloud-dirbkp/
BACKUP APPROPRIATE DATABASE
Determine actual DB type:
sudo grep dbtype /var/www/html/nextcloud/config/config.php
SQLITE
sudo sqlite3 /var/www/html/nextcloud/data/owncloud.db .dump > /path/to/backup/nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
MARIADB
sudo mysqldump --single-transaction -h [server] -u [username] -p[password] [db_name] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
POSTGRESQL
sudo PGPASSWORD="password" pg_dump [db_name] -h [server] -U [username] -f nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
RESTORE BACKUP ON NEW SERVER
RESTORE NEXTCLOUD DATA
sudo yum -y install rsync
sudo rsync -Aax nextcloud-dirbkp/ /var/www/html/nextcloud/
sudo chown -R apache:apache /var/www/html/nextcloud
sudo find /var/www/html/nextcloud -type d -print0 | xargs -0 chmod 750
sudo find /var/www/html/nextcloud -type f -print0 | xargs -0 chmod 640
SQLITE
sudo rm /var/www/html/nextcloud/data/owncloud.db
sudo sqlite3 /var/www/html/nextcloud/data/owncloud.db < /path/to/nextcloud-sqlbkp.bak
MARIADB
INSTALL & PREP MARIADB SQL DAEMON
sudo yum -y install mariadb mariadb-server
sudo systemctl start mariadb
sudo systemctl enable mariadb
sudo mysql_secure_installation
CLEAN DATABASE
sudo mysql -h [server] -u [username] -p[password] -e "DROP DATABASE nextcloud"
sudo mysql -h [server] -u [username] -p[password] -e "CREATE DATABASE nextcloud"
If you use UTF8 with multibyte support (e.g. for emoijs in filenames), use:
sudo mysql -h [server] -u [username] -p[password] -e "DROP DATABASE nextcloud"
sudo mysql -h [server] -u [username] -p[password] -e "CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci"
# RESTORE DATABASE BACKUP
sudo mysql -h [server] -u [username] -p[password] [db_name] < nextcloud-sqlbkp.bak
POSTGRESQL
CLEAN DATABASE
sudo PGPASSWORD="password" psql -h [server] -U [username] -d nextcloud -c "DROP DATABASE \"nextcloud\";"
sudo PGPASSWORD="password" psql -h [server] -U [username] -d nextcloud -c "CREATE DATABASE \"nextcloud\";"
RESTORE DATABASE BACKUP
sudo PGPASSWORD="password" pg_restore -c -d nextcloud -h [server] -U [username] nextcloud-sqlbkp.bak