{"id":818,"date":"2017-09-25T07:24:43","date_gmt":"2017-09-25T00:24:43","guid":{"rendered":"https:\/\/trichev.com\/blog\/?p=818"},"modified":"2017-09-26T02:09:55","modified_gmt":"2017-09-25T19:09:55","slug":"owncloud-10-0-on-centos-7","status":"publish","type":"post","link":"https:\/\/trichev.com\/blog\/2017\/09\/25\/owncloud-10-0-on-centos-7\/","title":{"rendered":"Owncloud 10.0 on CentOS 7"},"content":{"rendered":"<p><strong>FirewallD<\/strong><\/p>\n<p><code>#yum install policycoreutils-python<br \/>\nfirewall-cmd --permanent --add-service=http<br \/>\nfirewall-cmd --permanent --add-service=https<br \/>\nfirewall-cmd --reload<\/code><\/p>\n<p><strong>MySQL(MariaDB)<\/strong><\/p>\n<p><code>yum install mariadb-server mariadb<\/code><\/p>\n<p><code>systemctl enable mariadb<br \/>\nsystemctl start mariadb<\/code><\/p>\n<p><code>mysql_secure_installation<\/code><\/p>\n<pre><code>mysql -u root -p\r\nCREATE DATABASE owncloud;\r\nGRANT ALL ON owncloud.* to 'ownclouduser'@'localhost' IDENTIFIED BY 'password';\r\nFLUSH PRIVILEGES;\r\nquit\r\n<\/code><\/pre>\n<p>\n<strong>HTTPS<\/strong><\/p>\n<p><code>mkdir \/etc\/ssl\/nginx\/<br \/>\nrestorecon -Rv \/etc\/ssl\/nginx\/<\/code><\/p>\n<p><code>openssl req -new -x509 -days 365 -nodes -out \/etc\/ssl\/nginx\/drive.domain.com.crt -keyout \/etc\/ssl\/nginx\/drive.domain.com.key -subj \"\/CN=drive.domain.com\"<br \/>\nopenssl dhparam -out \/etc\/ssl\/nginx\/dh4096.pem 4096<\/code><\/p>\n<p><strong>Nginx<\/strong><\/p>\n<p><code>yum install epel-release<br \/>\nyum install nginx<\/code><\/p>\n<p><code>systemctl enable nginx<br \/>\nsystemctl start nginx<\/code><\/p>\n<pre><code>vi \/etc\/nginx\/conf.d\/drive.domain.com.conf\r\nupstream php-handler {\r\n    #server 127.0.0.1:9000;\r\n    # Depending on your used PHP version\r\n    #server unix:\/var\/run\/php5-fpm.sock;\r\n    #server unix:\/var\/run\/php7-fpm.sock;\r\n    server unix:\/var\/run\/php-fpm\/php-fpm.sock;\r\n}\r\n\r\nserver {\r\n    listen 80;\r\n    server_name drive.domain.com www.drive.domain.com;\r\n\r\n    # For Lets Encrypt, this needs to be served via HTTP\r\n    location \/.well-known\/acme-challenge\/ {\r\n        root \/usr\/share\/nginx\/html; # Specify here where the challenge file is placed\r\n    }\r\n\r\n    # enforce https\r\n    location \/ {\r\n        return 301 https:\/\/$server_name$request_uri;\r\n    }\r\n}\r\n\r\nserver {\r\n    listen 443 ssl http2;\r\n    server_name drive.domain.com www.drive.domain.com;\r\n\r\n    ssl_certificate \/etc\/ssl\/nginx\/drive.domain.com.crt;\r\n    ssl_certificate_key \/etc\/ssl\/nginx\/drive.domain.com.key;\r\n\r\n    # Example SSL\/TLS configuration. Please read into the manual of\r\n    # nginx before applying these.\r\n    ssl_session_timeout 5m;\r\n    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\r\n    ssl_ciphers \"-ALL:EECDH+AES256:EDH+AES256:AES256-SHA:EECDH+AES:EDH+AES:!ADH:!NULL:!aNULL:!eNULL:!EXPORT:!LOW:!MD5:!3DES:!PSK:!SRP:!DSS:!AESGCM:!RC4\";\r\n    ssl_dhparam \/etc\/ssl\/nginx\/dh4096.pem;\r\n    ssl_prefer_server_ciphers on;\r\n    keepalive_timeout    70;\r\n    ssl_stapling on;\r\n    ssl_stapling_verify on;\r\n\r\n    # Add headers to serve security related headers\r\n    # Before enabling Strict-Transport-Security headers please read into this topic first.\r\n    add_header Strict-Transport-Security \"max-age=15552000; includeSubDomains\";\r\n    add_header X-Content-Type-Options nosniff;\r\n    add_header X-Frame-Options \"SAMEORIGIN\";\r\n    add_header X-XSS-Protection \"1; mode=block\";\r\n    add_header X-Robots-Tag none;\r\n    add_header X-Download-Options noopen;\r\n    add_header X-Permitted-Cross-Domain-Policies none;\r\n\r\n    # Path to the root of your installation\r\n    root \/usr\/share\/nginx\/html;\r\n\r\n    location = \/robots.txt {\r\n        allow all;\r\n        log_not_found off;\r\n        access_log off;\r\n    }\r\n\r\n    # The following 2 rules are only needed for the user_webfinger app.\r\n    # Uncomment it if you're planning to use this app.\r\n    #rewrite ^\/.well-known\/host-meta \/public.php?service=host-meta last;\r\n    #rewrite ^\/.well-known\/host-meta.json \/public.php?service=host-meta-json last;\r\n\r\n    location = \/.well-known\/carddav {\r\n        return 301 $scheme:\/\/$host\/remote.php\/dav;\r\n    }\r\n    location = \/.well-known\/caldav {\r\n        return 301 $scheme:\/\/$host\/remote.php\/dav;\r\n    }\r\n\r\n    # set max upload size\r\n    client_max_body_size 16400M;\r\n    fastcgi_buffers 64 4K;\r\n\r\n    # Disable gzip to avoid the removal of the ETag header\r\n    # Enabling gzip would also make your server vulnerable to BREACH\r\n    # if no additional measures are done. See https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=773332\r\n    gzip off;\r\n\r\n    # Uncomment if your server is build with the ngx_pagespeed module\r\n    # This module is currently not supported.\r\n    #pagespeed off;\r\n\r\n    error_page 403 \/core\/templates\/403.php;\r\n    error_page 404 \/core\/templates\/404.php;\r\n\r\n    location \/ {\r\n        rewrite ^ \/index.php$uri;\r\n    }\r\n\r\n    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {\r\n        return 404;\r\n    }\r\n    location ~ ^\/(?:\\.|autotest|occ|issue|indie|db_|console) {\r\n        return 404;\r\n    }\r\n\r\n    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|core\/templates\/40[34])\\.php(?:$|\/) {\r\n        fastcgi_split_path_info ^(.+\\.php)(\/.*)$;\r\n        include fastcgi_params;\r\n        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\r\n        fastcgi_param SCRIPT_NAME $fastcgi_script_name; # necessary for owncloud to detect the contextroot https:\/\/github.com\/owncloud\/core\/blob\/v10.0.0\/lib\/private\/AppFramework\/Http\/Request.php#L603\r\n        fastcgi_param PATH_INFO $fastcgi_path_info;\r\n        fastcgi_param HTTPS on;\r\n        fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice\r\n        fastcgi_param front_controller_active true;\r\n        fastcgi_read_timeout 180; # increase default timeout e.g. for long running carddav\/ caldav syncs with 1000+ entries\r\n        fastcgi_pass php-handler;\r\n        fastcgi_intercept_errors on;\r\n        fastcgi_request_buffering off; #Available since NGINX 1.7.11\r\n    }\r\n\r\n    location ~ ^\/(?:updater|ocs-provider)(?:$|\/) {\r\n        try_files $uri $uri\/ =404;\r\n        index index.php;\r\n    }\r\n\r\n    # Adding the cache control header for js and css files\r\n    # Make sure it is BELOW the PHP block\r\n    location ~ \\.(?:css|js)$ {\r\n        try_files $uri \/index.php$uri$is_args$args;\r\n        add_header Cache-Control \"max-age=15778463\";\r\n        # Add headers to serve security related headers (It is intended to have those duplicated to the ones above)\r\n        # Before enabling Strict-Transport-Security headers please read into this topic first.\r\n        add_header Strict-Transport-Security \"max-age=15552000; includeSubDomains\";\r\n        add_header X-Content-Type-Options nosniff;\r\n        add_header X-Frame-Options \"SAMEORIGIN\";\r\n        add_header X-XSS-Protection \"1; mode=block\";\r\n        add_header X-Robots-Tag none;\r\n        add_header X-Download-Options noopen;\r\n        add_header X-Permitted-Cross-Domain-Policies none;\r\n        # Optional: Don't log access to assets\r\n        access_log off;\r\n    }\r\n\r\n    location ~ \\.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map)$ {\r\n        add_header Cache-Control \"public, max-age=7200\";\r\n        try_files $uri \/index.php$uri$is_args$args;\r\n        # Optional: Don't log access to other assets\r\n        access_log off;\r\n    }\r\n}\r\n<\/code><\/pre>\n<p><code>systemctl restart nginx<\/code><\/p>\n<p><strong>PHP<\/strong><\/p>\n<p><code>yum install https:\/\/rpms.remirepo.net\/enterprise\/remi-release-7.rpm<\/code><\/p>\n<p><code>#yum-config-manager --enable remi-php71<br \/>\n#yum --enablerepo=remi-php71 install php-fpm php-cli php-gd php-mcrypt php-mysql php-pear php-xml php-mbstring php-pdo php-json<\/code><\/p>\n<p><code>vi \/etc\/yum.repos.d\/remi-php71.repo<br \/>\n[remi-php71]<br \/>\nenabled=1<\/code><\/p>\n<p><code>yum install php-fpm php-cli php-gd php-mcrypt php-mysqlnd php-pear php-xml php-mbstring php-pdo php-json php-pecl-zip php-intl<\/code><\/p>\n<p><code>php --version<\/code><\/p>\n<p><code>vi \/etc\/php.ini<br \/>\ncgi.fix_pathinfo=0<\/code><\/p>\n<pre><code>vi \/etc\/php-fpm.d\/www.conf\r\nlisten = \/var\/run\/php-fpm\/php-fpm.sock\r\nlisten.owner = nginx\r\nlisten.group = nginx\r\nlisten.mode = 0660\r\nuser = nginx\r\ngroup = nginx\r\nenv[HOSTNAME] = $HOSTNAME\r\nenv[PATH] = \/usr\/local\/bin:\/usr\/bin:\/bin\r\nenv[TMP] = \/tmp\r\nenv[TMPDIR] = \/tmp\r\nenv[TEMP] = \/tmp\r\n<\/code><\/pre>\n<p><code>systemctl enable php-fpm<br \/>\nsystemctl start php-fpm<\/code><\/p>\n<pre><code>vi \/usr\/share\/nginx\/html\/info.php\r\n&lt;? php phpinfo(); ?&gt;\r\n<\/code><\/pre>\n<p>\n<strong>Owncload download and install<\/strong><\/p>\n<p><code>wget https:\/\/download.owncloud.org\/community\/owncloud-10.0.3.tar.bz2<br \/>\ntar jxvf owncloud-10.0.3.tar.bz2<br \/>\nmv owncloud\/* \/usr\/share\/nginx\/html\/<br \/>\nchown -R nginx:nginx \/usr\/share\/nginx\/html\/<\/code><\/p>\n<pre><code>semanage fcontext -a -t httpd_sys_rw_content_t '\/usr\/share\/nginx\/html\/data'\r\nrestorecon '\/usr\/share\/nginx\/html\/data'\r\nsemanage fcontext -a -t httpd_sys_rw_content_t '\/usr\/share\/nginx\/html\/config'\r\nrestorecon '\/usr\/share\/nginx\/html\/config'\r\nsemanage fcontext -a -t httpd_sys_rw_content_t '\/usr\/share\/nginx\/html\/apps'\r\nrestorecon '\/usr\/share\/nginx\/html\/apps'\r\nsemanage fcontext -a -t httpd_sys_rw_content_t '\/usr\/share\/nginx\/html\/assets'\r\nrestorecon '\/usr\/share\/nginx\/html\/assets'\r\n<\/code><\/pre>\n<p><code>chown -R nginx:nginx \/var\/lib\/php\/session<\/code><\/p>\n<h3>Caching<\/h3>\n<p><strong>APCu<\/strong><\/p>\n<p><code>yum install php-devel<br \/>\nyum groupinstall \"Development Tools\"<br \/>\npecl install apcu<\/code><\/p>\n<pre><code>cat &lt; \/etc\/php.d\/20-apcu.ini\r\n; APCu php extension\r\nextension=apcu.so\r\nEOF\r\n<\/code><\/pre>\n<pre><code>vi \/usr\/share\/nginx\/html\/config\/config.php\r\n'memcache.local' =&gt; '\\OC\\Memcache\\APCu',\r\n<\/code><\/pre>\n<p><strong>Redis<\/strong><\/p>\n<p><code>yum install centos-release-scl-rh<br \/>\nyum install rh-redis32-redis<\/code><\/p>\n<p><code>pecl install redis<\/code><\/p>\n<pre><code>chown -R redis:redis \/var\/run\/redis\/\r\nsemanage fcontext -a -t redis_var_run_t '\/var\/run\/redis(\/.*)?'\r\nrestorecon -Rv \/run\/redis\/\r\n<\/code><\/pre>\n<p><code>vi \/etc\/opt\/rh\/rh-redis32\/redis.conf<br \/>\nunixsocket \/var\/run\/redis\/redis.sock<br \/>\nunixsocketperm 700<\/code><\/p>\n<p><code>systemctl start rh-redis32-redis<br \/>\nsystemctl enable rh-redis32-redis<\/code><\/p>\n<pre><code>yum install net-tools\r\nps ax | grep redis\r\nnetstat -tlnp | grep redis\r\n<\/code><\/pre>\n<pre><code>cat &lt; \/etc\/php.d\/20-redis.ini\r\n; Redis php extension\r\nextension=redis.so\r\nEOF\r\n<\/code><\/pre>\n<pre><code>vi \/usr\/share\/nginx\/html\/config\/config.php\r\n'memcache.locking' =&gt; '\\OC\\Memcache\\Redis',\r\n'redis' =&gt; [\r\n     'host' =&gt; '\/var\/run\/redis\/redis.sock',\r\n     'port' =&gt; 0,\r\n],\r\n<\/code><\/pre>\n<p><code>usermod -a -G redis nginx<\/code><\/p>\n<p><strong>Additional SELinux configuration<\/strong><\/p>\n<p><code>setsebool -P daemons_enable_cluster_mode 1<\/code><\/p>\n<pre><code>semodule -l | grep my-redisserver<\/code><\/pre>\n<pre><code>ausearch -c 'redis-server' --raw | audit2allow -M my-redisserver\r\nsemodule -i my-redisserver.pp<\/code><\/pre>\n<pre><code>ausearch -c 'php-fpm' --raw | audit2allow -M my-phpfpm\r\nsemodule -i my-phpfpm.pp<\/code><\/pre>\n<pre><code>ausearch -c 'nginx' --raw | audit2allow -M my-nginx\r\nsemodule -i my-nginx.pp<\/code><\/pre>\n<p><code>setsebool -P httpd_can_sendmail=1<\/code><\/p>\n<p><code>systemctl restart php-fpm nginx; systemctl status php-fpm nginx<\/code><\/p>\n<pre><code>crontab -u nginx -e\r\n*\/15  *  *  *  * \/usr\/bin\/php -f \/usr\/share\/nginx\/html\/cron.php\r\n<\/code><\/pre>\n<p><code>yum install samba-client nfs-utils<\/code><\/p>\n<p>Links:<br \/>\n<a href=\"https:\/\/www.howtoforge.com\/tutorial\/owncloud-centos-install\/\">https:\/\/www.howtoforge.com\/tutorial\/owncloud-centos-install\/<\/a><br \/>\n<a href=\"https:\/\/tecadmin.net\/install-owncloud-on-centos\/\">https:\/\/tecadmin.net\/install-owncloud-on-centos\/<\/a><br \/>\n<a href=\"https:\/\/doc.owncloud.org\/server\/10.0\/admin_manual\">https:\/\/doc.owncloud.org\/server\/10.0\/admin_manual<\/a><br \/>\n<a href=\"https:\/\/www.simplehelix.com\/blog\/uncategorized\/installing-and-configuring-nginx-php-fpm-mariadb-on-centos-7\/\">https:\/\/www.simplehelix.com\/blog\/uncategorized\/installing-and-configuring-nginx-php-fpm-mariadb-on-centos-7\/<\/a><br \/>\n<a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-install-linux-nginx-mysql-php-lemp-stack-on-centos-7\">https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-install-linux-nginx-mysql-php-lemp-stack-on-centos-7<\/a><br \/>\n<a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-upgrade-to-php-7-on-centos-7\">https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-upgrade-to-php-7-on-centos-7<\/a><br \/>\n<a href=\"https:\/\/stackoverflow.com\/questions\/6628275\/how-to-get-my-session-to-write-to-apache\">https:\/\/stackoverflow.com\/questions\/6628275\/how-to-get-my-session-to-write-to-apache<\/a><br \/>\n<a href=\"https:\/\/github.com\/owncloud\/core\/issues\/25927#issuecomment-262703655\">https:\/\/github.com\/owncloud\/core\/issues\/25927#issuecomment-262703655<\/a><br \/>\n<a href=\"https:\/\/doc.owncloud.org\/server\/9.1\/admin_manual\/installation\/selinux_configuration.html#troubleshooting\">https:\/\/doc.owncloud.org\/server\/9.1\/admin_manual\/installation\/selinux_configuration.html#troubleshooting<\/a><br \/>\n<a href=\"https:\/\/doc.owncloud.org\/server\/10.0\/admin_manual\/configuration\/server\/caching_configuration.html#redis-label\">https:\/\/doc.owncloud.org\/server\/10.0\/admin_manual\/configuration\/server\/caching_configuration.html#redis-label<\/a><br \/>\n<a href=\"https:\/\/help.nextcloud.com\/t\/install-nextcloud-into-root-directory-of-my-domain\/2513?page=2\">https:\/\/help.nextcloud.com\/t\/install-nextcloud-into-root-directory-of-my-domain\/2513?page=2<\/a><br \/>\n<a href=\"https:\/\/github.com\/nrk\/predis\/issues\/277\">https:\/\/github.com\/nrk\/predis\/issues\/277<\/a><br \/>\n<a href=\"https:\/\/doc.owncloud.org\/server\/latest\/admin_manual\/installation\/nginx_configuration.html#example-configurations\">https:\/\/doc.owncloud.org\/server\/latest\/admin_manual\/installation\/nginx_configuration.html#example-configurations<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FirewallD #yum install policycoreutils-python firewall-cmd &#8211;permanent &#8211;add-service=http firewall-cmd &#8211;permanent &#8211;add-service=https firewall-cmd &#8211;reload MySQL(MariaDB) yum install mariadb-server mariadb systemctl enable mariadb systemctl start mariadb mysql_secure_installation mysql -u root -p CREATE DATABASE owncloud; GRANT ALL ON owncloud.* to &#8216;ownclouduser&#8217;@&#8217;localhost&#8217; IDENTIFIED BY &#8216;password&#8217;; FLUSH PRIVILEGES; quit HTTPS mkdir \/etc\/ssl\/nginx\/ restorecon -Rv \/etc\/ssl\/nginx\/ openssl req -new -x509 -days 365 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[231],"tags":[212,216,32,251,252,253,250,14,11],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts\/818"}],"collection":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/comments?post=818"}],"version-history":[{"count":13,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts\/818\/revisions"}],"predecessor-version":[{"id":838,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts\/818\/revisions\/838"}],"wp:attachment":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/media?parent=818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/categories?post=818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/tags?post=818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}