Owncloud 10 CentOS 7 Installation

  • Update your CentOS to the latest version.

sudo yum update -y

  • Install NGINX and PHP on CentOS 7

sudo yum install -y yum-utils epel-release
sudo yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum-config-manager --enable remi-php72
sudo yum install -y nginx php php-fpm ImageMagick
sudo systemctl enable nginx
sudo systemctl enable php-fpm
sudo systemctl start nginx
sudo systemctl start php-fpm

sudo sed -ie 's|listen = 127.0.0.1:9000|listen = /var/run/php-fpm.sock|g' /etc/php-fpm.d/www.conf
sudo sed -ie 's|listen.owner = apache|listen.owner = nginx|g' /etc/php-fpm.d/www.conf
sudo sed -ie 's|listen.group = apache|listen.owner = nginx|g' /etc/php-fpm.d/www.conf
sudo rm /etc/php-fpm.d/www.confe
sudo systemctl restart php-fpm

  • Setting MySQL Database

sudo yum install -y https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm
sudo yum-config-manager --enable mysql57-community
sudo yum update -y
sudo yum install -y mysql-community-server
sudo systemctl enable mysqld
sudo systemctl start mysqld
cat /var/log/mysqld.log | grep -i 'temporary password'

COPY the temporary password from MySQL Log files
Example : [Note] A temporary password is generated for root@localhost: v2e&kx-t1#-W

sudo mysql_secure_installation
Enter password for user root : 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : 
Reply with Y to confirm the installation

mysql -u root -p
mysql > CREATE DATABASE owncloud;
mysql > GRANT ALL PRIVILEGES ON owncloud.* TO owncloud@localhost IDENTIFIED BY  WITH GRANT OPTION;
mysql > FLUSH PRIVILEGES;

  • Install Owncloud

sudo rpm --import https://download.owncloud.org/download/repositories/10.0/CentOS_7/repodata/repomd.xml.key
sudo wget http://download.owncloud.org/download/repositories/10.0/CentOS_7/ce:10.0.repo -O /etc/yum.repos.d/ce:10.0.repo
sudo yum clean all
sudo yum install -y owncloud-files

  • Install NGINX LetsEncrypt SSL + Cloudflare DNS Plugin

sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
sudo yum install -y python2-certbot-nginx python2-certbot-dns-cloudflare.noarch

sudo cat /etc/letsencrypt/cloudflare.ini << EOF
dns_cloudflare_api_key = <CLOUDFLARE_API_KEY>
dns_cloudflare_email = <CLOUDFLARE_EMAIL>
EOF

sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -d ,*. --preferred-challenges dns-01

  • Setting NGINX Server Block

sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096
sudo cat > /etc/nginx/conf.d/owncloud.conf << EOF | tee
upstream php-handler {
    server unix:/var/run/php-fpm.sock;
}

server {
    listen 80;
    access_log /var/log/nginx/owncloud/access.log;
    error_log /var/log/nginx/owncloud/error.log;
    server_name cloud.max-metal.us;
    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl http2;
    error_log /var/log/nginx/owncloud/error.log;
    server_name ;

    ssl_certificate /home/VMuliadi/ssl_certificate/fullchain4.pem;
    ssl_certificate_key /home/VMuliadi/ssl_certificate/privkey4.pem;
    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on; 
    ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
    ssl_session_timeout  10m;
    ssl_session_tickets off; # Requires nginx >= 1.5.9
    ssl_stapling on; # Requires nginx >= 1.3.7
    ssl_stapling_verify on; # Requires nginx => 1.3.7

    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    # Path to the root of your installation
    root /var/www/html/owncloud/;
    location ~ \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "max-age=15778463";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
    }

    location ~ \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map)$ {
        add_header Cache-Control "public, max-age=7200";
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
    }
}
EOF
sudo nginx -t 
sudo nginx -s reload

Leave a Reply

Your email address will not be published. Required fields are marked *