CentOS7にNextCloudを導入する

  • Ryuichirou Ryuichirou
  • 2 months ago
CentOS7にNextCloudを導入する

NextCloudはDropBoxやOneDriveのようなクラウド上のファイル共有のオープンソース版になります。
このような分野にはowncloudが使われてきたのですが、徐々に終息しており代りにNextCloudが使われるようになってきました。

ここでは、CentOS7にNextCloudを導入する手順を公開します。

クライアントはWindowsやAndroid、ubuntuでも使えますので一度導入されることをお勧めします。

日本語版(Qiita)
https://qiita.com/S_Katz/items/bc0e368cc13d854ba9c7

ほぼほぼNextcloud公式ドキュメントにのっている内容です。これに基づいて進めていきます。(英語の公式版インストールマニュアル)
https://docs.nextcloud.com/server/15/admin_manual/installation/source_installation.html#example-installation-on-centos-7-server


①インストール作業に必要なパッケージをインストールします。
yum install -y epel-release yum-utils unzip curl wget bash-completion 

②システムを最新状態にアップデートします。
yum -y update

③Webサーバ(Apache)をインストールします。
yum install -y httpd

④Apacheの追加設定ファイルを作成します。
vi /etc/httpd/conf.d/nextcloud.conf

(内容)

  DocumentRoot /var/www/html/
  ServerName 192.168.xxx.yyy

  Require all granted
  AllowOverride All
  Options FollowSymLinks MultiViews



⑤Apacheを自動起動するように設定し、Apacheを起動します。

systemctl enable httpd.service
systemctl start  httpd.service
systemctl status httpd.service

● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since 土 2019-02-09 10:55:11 UTC; 9s ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 14165 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─14165 /usr/sbin/httpd -DFOREGROUND
           ├─14166 /usr/sbin/httpd -DFOREGROUND
           ├─14167 /usr/sbin/httpd -DFOREGROUND
           ├─14168 /usr/sbin/httpd -DFOREGROUND
           ├─14169 /usr/sbin/httpd -DFOREGROUND
           └─14170 /usr/sbin/httpd -DFOREGROUND

⑥Nextcloudの動作に必要なPHPモジュールをインストールします。
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install -y php72w php72w-cli php72w-common php72w-curl php72w-gd php72w-mbstring \
 php72w-mysqlnd php72w-process php72w-xml \
 php72w-zip php72w-opcache php72w-pecl-apcu php72w-intl php72w-pecl-redis
yum -y install bzip2

⑦Nextcloudパッケージ本体とチェックサムファイル(Nextcloudパッケージ本体が正しくダウンロードされて
いるかをチェックするためのファイル)をダウンロードします。
wget https://download.nextcloud.com/server/releases/nextcloud-15.0.4.tar.bz2
wget https://download.nextcloud.com/server/releases/nextcloud-15.0.4.tar.bz2.md5

⑧チェックサムファイルを利用してNextcloudパッケージが正しくダウンロードされているか確認します。
md5sum -c nextcloud-15.0.4.tar.bz2.md5 < nextcloud-15.0.4.tar.bz2
(結果)
nextcloud-15.0.4.tar.bz2: 完了

⑨ダウンロードしたNextcloudパッケージを展開します。
tar xf nextcloud-15.0.4.tar.bz2

⑩展開したNextcloudをWebサーバのドキュメントルートにコピーします。
cp -R nextcloud/ /var/www/html/

⑪Nextcloudのデータディレクトリを作成します。
mkdir /var/www/html/nextcloud/data

⑫Nextcloudのディレクトリ全体で読み書きができるように所有者情報を変更します。
chown -R apache:apache /var/www/html/nextcloud

⑬Apacheを再起動します。
systemctl restart httpd.service
systemctl status httpd.service
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since 土 2019-02-09 11:03:50 UTC; 10s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 14288 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
 Main PID: 14292 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─14292 /usr/sbin/httpd -DFOREGROUND
           ├─14293 /usr/sbin/httpd -DFOREGROUND
           ├─14294 /usr/sbin/httpd -DFOREGROUND
           ├─14295 /usr/sbin/httpd -DFOREGROUND
           ├─14296 /usr/sbin/httpd -DFOREGROUND
           └─14297 /usr/sbin/httpd -DFOREGROUND

⑭データベース(MariaDB)をインストールします。
yum install -y mariadb mariadb-server

⑮MariaDBを自動起動するように設定し、MariaDBを起動します。
systemctl enable mariadb.service
systemctl start mariadb.service
systemctl status mariadb.service
● mariadb.service - MariaDB database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
   Active: active (running) since 土 2019-02-09 11:11:53 UTC; 11s ago
  Process: 14483 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
  Process: 14404 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
 Main PID: 14482 (mysqld_safe)
   CGroup: /system.slice/mariadb.service
           ├─14482 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
           └─14645 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mys...

⑯MariaDBの基本セットアップを行います。
いくつか質問されますが New password:、Re-enter new password:で 
rootユーザのパスワードを設定する以外は全て[Enter]キーを押しておきます。

mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] 
New password: 
Re-enter new password:  
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] 
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] 
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] 
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] 
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

⑰MariaDBで扱う文字コードの設定をするため、MariaDB設定ファイルを編集します。
cp -pi /etc/my.cnf.d/server.cnf{,.yyyymmdd}
vi /etc/my.cnf.d/server.cnf

[mariadb] セキュションに以下の1行を追加
character-set-server = utf8mb4

また [client] と [client-mariadb] を以下のようにまるごと追加
[client]

# This group is not read by mysql client library,
# If you use the same .cnf file for MySQL and MariaDB,
# use it for MariaDB-only client options
[client-mariadb]
default-character-set = utf8mb4

⑱設定を反映させるためにMariaDBを再起動します。
systemctl restart mariadb
systemctl status mariadb
● mariadb.service - MariaDB database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
   Active: active (running) since 土 2019-02-09 11:37:54 UTC; 16s ago
  Process: 24927 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
  Process: 24894 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
 Main PID: 24926 (mysqld_safe)
   CGroup: /system.slice/mariadb.service
           ├─24926 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
           └─25101 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mys...

⑲MariaDBコンソールに接続し、文字コードの設定がutf8mb4になっていることを確認します。
mysql -u root -p********
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.60-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

キャラクターセットの確認
MariaDB [(none)]> show variables like "chara%";
+--------------------------+----------------------------+
| Variable_name            | Value                      |
+--------------------------+----------------------------+
| character_set_client     | utf8mb4                    |
| character_set_connection | utf8mb4                    |
| character_set_database   | utf8mb4                    |
| character_set_filesystem | binary                     |
| character_set_results    | utf8mb4                    |
| character_set_server     | utf8mb4                    |
| character_set_system     | utf8                       |
| character_sets_dir       | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.00 sec)

⑳MariaDBコンソールを使い、引き続きNextcloudで使用するユーザ、データベース、権限の追加をします。
ここではそれぞれ以下のとおり設定します。
- ユーザ: nextcloud
- データベース名: nextcloud

MariaDB [(none)]> CREATE DATABASE nextcloud DEFAULT CHARACTER SET utf8mb4;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY '********';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL ON nextcloud.* TO nextcloud;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> SHOW GRANTS FOR 'nextcloud'@'%';
+----------------------------------------------------------+
| Grants for nextcloud@%                                   |
+----------------------------------------------------------+
| GRANT USAGE ON *.* TO 'nextcloud'@'%'                    |
| GRANT ALL PRIVILEGES ON `nextcloud`.* TO 'nextcloud'@'%' |
+----------------------------------------------------------+
2 rows in set (0.00 sec)

MariaDB [(none)]> quit;
Bye



これで、NextCloudをインストールする環境は出来上がりました。
ここからは実際にNextCloudをWebからインストールする手順を説明します。

①ブラウザで http://(サイト名)/nextcloud にアクセスします。下のような画面が出ればOKです。この画面で「ストレージとデータベース」をクリックします。
Nextcloudの管理者向けのユーザー名、パスワードを決めて入力します。
さらに、「データベースを設定してください」で「MySQL/MariaDB」をクリックするとデータベース関連の
設定入力フォームが現れるので、以下のとおり設定値を入力します。
admin
Nextcloudpwd1!

データベースのユーザ名: nextcloud
データベースのパスワード: ********
データベース名: nextcloud
データベースのホスト名: localhost 

②ssl化するためにssl関連モジュールをインストール
yum install -y --enablerepo=epel certbot certbot-apache mod_ssl

③自己証明書の作成
[root@cloudsrv ~]# certbot run --apache -d cloudsrv.aska-ltd.jp
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): munetika@aska-ltd.jp
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: a

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Starting new HTTPS connection (1): supporters.eff.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloudsrv.aska-ltd.jp
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. cloudsrv.aska-ltd.jp (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: dns :: DNS problem: NXDOMAIN looking up A for cloudsrv.aska-ltd.jp

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: cloudsrv.aska-ltd.jp
   Type:   connection
   Detail: dns :: DNS problem: NXDOMAIN looking up A for
   cloudsrv.aska-ltd.jp

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

③.htaccessの修正
vi /var/www/html/nextcloud/.htaccess

  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

を追加とに追加

Ryuichirou

Ryuichirou

vice president

CentOS7にNextCloudを導入する

お気軽に
お問い合わせください。

営業担当がご要望を詳しくヒアリングさせていただきます。

お問い合わせ