Build NextCloud Server.

Exported on 23-Aug-2021 14:58:28

Build a Nextcloud server. Nextcloud is a suit of client-server software to provide easy file sharing. This blueprint installs and configures the environment on an already installed RHEL 8 machine.

Parameters

Name Type Script Reference Default Value Comment
Linux: Environment Name Text linuxEnvironmentName DEV1
Linux: Prompt Color Text linuxPromptColor 33m
Linux: Root User Linux OS Credential linuxRootUser
NextCloud Server Linux / Unix Server nextcloudServer
NextCloud: WebApp Admin User Generic Credential nextcloudWebappAdminUser
PostGreSQL: Service User Generic Credential postgresqlServiceUser
Smtp Server Generic Server smtpServer This placeholder represents the SMTP smart host server where all mail will be sent to. The SMTP smart host then sends the mail where it needs to go.
Target Environment Servers Server Group targetEnvironmentServers The servers in this group are added to the hosts file for this server being built
Target Server Generic Server targetServer
Target Server: Admin Email Text targetServerAdminEmail admin@example.com The email address that all server admin emails will go to
Target Server: Installer Tmp Path Text targetServerInstallerTmpPath /tmp/installers The temporary path used for installers that need to be copied to the server then installed.
Target Server: Lin Linux / Unix Server targetServerLin The target server is a generic placeholder, usually used for the server a script will run on. For example, the server being built if the procedure is building a server.

1 - RHEL8 SOS Install Utilities

Install package updates and common dependencies for Application Server.

1.1 - R8 PU Install Net-Tools

Install Base Linux networking programs.

The connection details have changed from the last step.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y net-tools

1.2 - R8 PU Install Git

Install GIT open source control system.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y git

1.3 - R8 PU Install Tar

Install tar which is used to create acrhives and extract the archive files.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y tar

1.4 - R8 PU Install Bzip2

Install bzip2 which is a block-sorting file compressor.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y bzip2

1.5 - R8 PU Install Unzip

Install unzip for working with ZIP archives.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y unzip

1.6 - R8 PU Install Rsync

Install rsync which is a faster, flexible tool for copying files to remote computers.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y rsync

1.7 - R8 PU Install Telnet

Install telnet tool to allow communication to another host.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y telnet

1.8 - R8 PU Install NC

Install Netcat a powerful and versatile network tool.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
dnf install -y nc

1.9 - R8 PU Install Wireshark

Install wireshark that will interactively dump and analyze network traffic.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y wireshark

1.10 - R8 PU Install Nano

Install the nano editor.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y nano

1.11 - R8 PU Deploy nmon

Copy nmon installer package to to server.

This step has the following parameters

Name Script Reference Default Value
Target Server: Installer Tmp Path {targetServerInstallerTmpPath} /tmp/installers

Login as user on node

Connect via SSH
ssh user@hostname
Deploy archive RHEL8 EPEL nmon.tar to remote path {targetServerInstallerTmpPath}
  1. Locate Files archive "RHEL8 EPEL nmon.tar", This can be downloaded from Attune
  2. Copy the Files archive to the server
  3. Extract the root of the Files archive to {targetServerInstallerTmpPath}, relative to the home directory
  4. Check that the files are in the correct location

1.12 - R8 PU Install nmon

Install nmon which displays and records local system information.
Remove the installer package.

This step has the following parameters

Name Script Reference Default Value
Target Server: Installer Tmp Path {targetServerInstallerTmpPath} /tmp/installers

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
D={targetServerInstallerTmpPath}/pkg_nmon

yum install -y $D/nmon*rpm

rm -rf $D

1.13 - R8 PU Deploy iftop

Copy iftop installer package to to server.

This step has the following parameters

Name Script Reference Default Value
Target Server: Installer Tmp Path {targetServerInstallerTmpPath} /tmp/installers

Login as user on node

Connect via SSH
ssh user@hostname
Deploy archive RHEL8 EPEL iftop.tar to remote path {targetServerInstallerTmpPath}
  1. Locate Files archive "RHEL8 EPEL iftop.tar", This can be downloaded from Attune
  2. Copy the Files archive to the server
  3. Extract the root of the Files archive to {targetServerInstallerTmpPath}, relative to the home directory
  4. Check that the files are in the correct location

1.14 - R8 PU Install iftop

Install iftop which displays bandwidth usage on an interface by host.
Remove the installer package.

This step has the following parameters

Name Script Reference Default Value
Target Server: Installer Tmp Path {targetServerInstallerTmpPath} /tmp/installers

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
D={targetServerInstallerTmpPath}/pkg_iftop

yum install -y $D/iftop*rpm

rm -rf $D

1.15 - R8 PU Deploy p7zip

Copy p7zip installer package to to server.

This step has the following parameters

Name Script Reference Default Value
Target Server: Installer Tmp Path {targetServerInstallerTmpPath} /tmp/installers

Login as user on node

Connect via SSH
ssh user@hostname
Deploy archive RHEL8 EPEL p7zip.tar to remote path {targetServerInstallerTmpPath}
  1. Locate Files archive "RHEL8 EPEL p7zip.tar", This can be downloaded from Attune
  2. Copy the Files archive to the server
  3. Extract the root of the Files archive to {targetServerInstallerTmpPath}, relative to the home directory
  4. Check that the files are in the correct location

1.16 - R8 PU Install p7zip

Install p7zip a 7-zip file archiver.
Remove the installer package.

This step has the following parameters

Name Script Reference Default Value
Target Server: Installer Tmp Path {targetServerInstallerTmpPath} /tmp/installers

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
D={targetServerInstallerTmpPath}/pkg_p7zip

yum install -y $D/p7zip*rpm

rm -rf $D

2 - RHEL8 SOS Configure OS

Configure OS Config files, fix permissions, set Host name, Disable IPv6 and setup Login Banner.

2.1 - R8 COS Deploy OS Config Files

Copy configuration files onto destination server. Use Mako to update certain values in the files from Attune Parameters.

Login as user on node

Connect via SSH
ssh user@hostname
Deploy archive RHEL8 etc Configs.tar to remote path /
  1. Locate Files archive "RHEL8 etc Configs.tar", This can be downloaded from Attune
  2. Copy the Files archive to the server
  3. Extract the root of the Files archive to /
  4. Check that the files are in the correct location

2.2 - R8 COS Fix OS Config Permissions

Update the permissions on /etc/hosts and also the /etc/profile.d/environment_prompt.sh files.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
chmod ugo+r /etc/profile.d/environment_prompt.sh

chmod ugo+r /etc/hosts

2.3 - RHEL8 Set Hostname

Overwrites the /etc/hostname with the new hostname.
Sets the hostname of the server with the new hostname.

This step has the following parameters

Name Script Reference Default Value
Target Server {targetServer.hostname} None

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
echo "{targetServer.hostname}" > /etc/hostname

hostname "{targetServer.hostname}"

2.4 - RHEL8 Disable IPv6

Check if IPv6 is disabled.
If not disabled then. -disable it in /etc/sysctl.conf. -Reload system paramaters.
Remove IPv6 loopback from /etc/hosts if it exists.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
F="/etc/sysctl.conf"

if grep -q 'net.ipv6' ${F}; then
    echo "IPv6 is already disabled"
else
    echo "Disabling IPv6"
    echo "" >> $F
    echo "# Disable IPv6" >> $F
    echo "net.ipv6.conf.all.disable_ipv6 = 1" >> $F
    echo "net.ipv6.conf.default.disable_ipv6 = 1" >> $F
    sysctl -p
fi

sed -i '/::1/d' /etc/hosts

2.5 - R8 COS Setup Login Banner

Change permissions on /etc/login_banner.
Configure SSH to use the /etc/login_banner.
Restart SSH daemon.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
chmod 644 /etc/login_banner

sed -i 's,# Banner.*,Banner /etc/login_banner,g' /etc/ssh/sshd_config

systemctl restart sshd

3 - RHEL8 SOS Setup Postfix

Setup the sendmail service to use a smart host and redirect all mail from root to a corporate IP

3.1 - R8 MAIL Install Packages

Install postfix a free open-source mail transfer agent.
Install mailx a enhanced version of the mail command.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y postfix mailx

3.2 - R8 MAIL Sendmail check hostname

Sendmail needs a fully qualified domain name to start, If sendmail takes 2 minutes to start, this is your problem.

This step has the following parameters

Name Script Reference Default Value
Target Server {targetServer.fqn}

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
# CHECK HOSTS FILE
# We are looking for this pattern
#
# 192.168.1.1 prodapp1 prodapp1.company.com
# PC_APP_IP PC_APP_HOSTNAME PC_APP_HOSTNAME.PC_DOMAIN_NAME

# Make sure our host file has our FQN at the end.
echo "Checking for line ending with {targetServer.fqn} in /etc/hosts"
grep "{targetServer.fqn}$" /etc/hosts

3.3 - R8 MAIL Setup Postfix Config

Set the configs for postfix

This step has the following parameters

Name Script Reference Default Value
Target Server {targetServer.domain} None
Smtp Server {smtpServer.hostname} None

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
postconf -e 'relayhost = {smtpServer.hostname}'
postconf -e 'mydomain = {targetServer.domain}'
postconf -e 'myorigin = $mydomain'

postfix check

3.4 - R8 MAIL Setup Sendmail aliases

Updating the aliases file redirects mail that would be delivered to the local linux user account to another email account. The email address targetServerAdminEmail is a input to the blueprint.

This step has the following parameters

Name Script Reference Default Value
Target Server: Admin Email {targetServerAdminEmail} admin@example.com

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
# Update /etc/aliases
F=/etc/aliases


# Update the root alias
if grep -q '^root:' $F; then
    echo "Root exists, making sure it's up to date"
    sed -i 's/^root:.*/root:    {targetServerAdminEmail}/g' $F
else
    echo "Adding root alias, making sure it's up to date"
    echo 'root:    {targetServerAdminEmail}' >> $F
fi

3.5 - R8 MAIL Setup Sendmail Compile and Restart

Apply all the sendmail configuration and restart the services

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
# Stop the mail service
echo "Stoping Sendmail"
systemctl stop postfix

# Remove all existing mail.
# f the mail service wasn't working, there could be 1000s of them
echo "Clearing out existing mail queues"
rm -f /var/spool/mqueue/*


# Start sendmail, this script also compiles /etc/aliaeses
echo "Starting Sendmail"
systemctl start postfix

echo "All Done"

3.6 - R8 MAIL Setup Sendmail Test

Test that the sendmail service is working and will send mail to the right email address.

TROUBLESHOOTING. The sendmail log file is normally at /var/log/maillog, but this can be changed depending on the /etc/syslog.conf file.
This command "grep -F 'mail.*' /etc/syslog.conf" will show you where the log file is.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
# Send test email to root
mail -v -s "Attune Sendmail Config Complete" root <<EOF
Attune has completed configuring sendmail on server `hostname`

Hopefully you get this email.

Email sent at `date`
EOF

4 - RHEL8 NCLOUD Yum Install EPEL

Install Epel-release for Linux that includes gpg keys for package signing and repository information to install tools from EPEL (Extra Packages for Enterprise Linux) repository.
Install REMI repository .

The connection details have changed from the last step.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y epel-release
yum install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm

5 - RHEL8 NCLOUD Install PHP

Install PHP.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum module install -y php:remi-7.4
yum install -y httpd \
    php php-dom php-mbstring php-gd php-pdo php-json php-xml \
    php-zip php-curl php-pear php-intl php-bcmath php-gmp \
    setroubleshoot-server bzip2 php-pecl-imagick

6 - RHEL8 NCLOUD Configure PHP

Configure /etc/php.ini to set memory_limit to be 512M.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
sed -i '/^memory_limit =/s/=.*/= 512M/' /etc/php.ini

7 - RHEL8 NCLOUD Install PostgreSQL

Install postgresql a relational database management system.
Install postgresql-server which is the programs needed to runa PostgreSQL server.
Install php-pgsql a PHP database access class for PostgreSQL.
Setup initdb to setup a new PostgreSQL database cluster.
start postgresql daemon.
Enable postgresql to autostart.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y postgresql postgresql-server php-pgsql

postgresql-setup initdb

systemctl start postgresql
systemctl enable postgresql

8 - RHEL8 NCLOUD Configure PostgreSQL

Create Database for nextcloud.
Create Service User based on inputs provided to the blueprint, and set the users password.

This step has the following parameters

Name Script Reference Default Value
PostGreSQL: Service User {postgresqlServiceUser.password} None
PostGreSQL: Service User {postgresqlServiceUser.user} None

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
sudo -i -u postgres psql <<EOF
CREATE DATABASE nextcloud;
CREATE USER {postgresqlServiceUser.user} WITH PASSWORD '{postgresqlServiceUser.password}';
GRANT ALL PRIVILEGES ON DATABASE nextcloud to {postgresqlServiceUser.user};
EOF

9 - RHEL8 NCLOUD Update pg_hba.conf

IF the ServiceUser is not in the pg_hba.conf file then setup the below access.
Trust connections from the localhost as the Serviceuser that is conifgured as an input to this blueprint.
Trust connections from localhost from other users.
Restart the postgresql daemon.

This step has the following parameters

Name Script Reference Default Value
PostGreSQL: Service User {postgresqlServiceUser.user} None

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
F="/var/lib/pgsql/data/pg_hba.conf"
if ! sudo grep -q '{postgresqlServiceUser.user}' $F; then
    echo "host    {postgresqlServiceUser.user}    {postgresqlServiceUser.user}    127.0.0.1/32    trust" | sudo tee $F -a
    sudo sed -i 's,127.0.0.1/32            ident,127.0.0.1/32            trust,g' $F
fi

sudo systemctl restart postgresql

10 - RHEL8 NCLOUD Install NextCloud

Change directory to /var/www
Download nextcloud-19-latest.tar.bz2 from the external location
https::/download.nextcloud.com/server/releases. Extract the contents from the downloaded package file.
Remove the downloaded package file.
Remove the html diretory. Link the html directory to the nextcloud directory. Change the permissions recursively on all files and directory to be owned by user apache and the group set to group apache.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
cd /var/www
curl -o nextcloud-19-latest.tar.bz2 https://download.nextcloud.com/server/releases/latest-19.tar.bz2
tar -xvjf nextcloud-19-latest.tar.bz2
rm nextcloud-19-latest.tar.bz2

rm -rf html
ln -snvf nextcloud html

chown -R apache:apache .

11 - RHEL8 NCLOUD Configure Httpd

Overwrite the existing /etc/httpd/conf.d/nextcloud.conf with the section included here.
Set timeout of httpd service to 3600 to stop large file uploads failing.
Change directory to /etc/httpd/conf.d. Remove the following files welcome.conf autoindex.conf userdir.conf.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
cat <<EOF > /etc/httpd/conf.d/nextcloud.conf

<Directory /var/www/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All
 <IfModule mod_dav.c>
  Dav off
 </IfModule>
 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud
</Directory>

EOF

echo "# Resolves large file uploads failing" >> /etc/httpd/conf/httpd.conf
echo "TimeOut 3600" >> /etc/httpd/conf/httpd.conf

cd /etc/httpd/conf.d
rm welcome.conf autoindex.conf userdir.conf

12 - RHEL8 NCLOUD Configure SELinux

Set the mentioned paths to be Readable and Writeable directories and files used by Apache.
Restorecon sets the security context (extended attributes) on /var/www/nextcloud .
Make a Persistent change that sets http_can_network_connect_db to true to allow Apache HTTP Server scripts and modules to connect to database servers.
Make a Persistent change to allow Apache to use mod_auth_ntlm_winbind.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
semanage fcontext -a -t httpd_sys_rw_content_t '/storage(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/.user.ini'
restorecon -Rv '/var/www/nextcloud/'

setsebool -P httpd_can_network_connect_db 1
setsebool -P httpd_execmem 1

13 - RHEL8 NCLOUD Configure Firewall

Permanently allow incoming network traffic to the http (80) and https (443) ports.
Reload firewall rules from permanent configuration.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
firewall-cmd --add-service http --permanent
firewall-cmd --add-service https --permanent
firewall-cmd --reload

14 - RHEL8 NCLOUD Start HTTPD

Start httpd daemon.
Enable autostart of the httpd daemon.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
systemctl start httpd
systemctl enable httpd

15 - RHEL8 NCLOUD Configure NextCloud DB

As the apache user run the nextcloud install on the local host.
Connect to the database pgsql as the SericeUser that is configured as a input to this blueprint using the password that is set.
Set the admin user for nextcloud as the nextcloudWebappAdminUser that is configured as a input to this blueprint and set the password to the defined password.

This step has the following parameters

Name Script Reference Default Value
PostGreSQL: Service User {postgresqlServiceUser.password} None
PostGreSQL: Service User {postgresqlServiceUser.user} None
NextCloud: WebApp Admin User {nextcloudWebappAdminUser.password} None
NextCloud: WebApp Admin User {nextcloudWebappAdminUser.user} None

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
sudo -u apache php /var/www/nextcloud/occ maintenance:install \
    --database="pgsql" \
    --database-name="nextcloud" \
    --database-host="127.0.0.1" \
    --database-user="{postgresqlServiceUser.user}" \
    --database-pass="{postgresqlServiceUser.password}" \
    --database-table-prefix="" \
    --admin-user="{nextcloudWebappAdminUser.user}" \
    --admin-pass="{nextcloudWebappAdminUser.password}"

16 - RHEL8 NCLOUD Configure NextCloud HTTP

https://blog.effenberger.org/2018/07/09/nextcloud-installation-via-command-line/.
Configure first trusted Nextcloud domain to be nextCloudServer.fqn which is input to the blueprint which should be the fully qualified domain name of the server.
Configure second trusted Nextcloud domain to be nextCloudServer.ip which is the input to the blueprint which should be the ip address of the server.
Configure the base URL for any URLs which are generated within Nextcloud using any kind of command line tools to be the input to the blueprint of the fully qualified domain name of the server.

This step has the following parameters

Name Script Reference Default Value
NextCloud Server {nextCloudServer.fqn}
NextCloud Server {nextCloudServer.ip} None

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
sudo -u apache php /var/www/nextcloud/occ \
    config:system:set trusted_domains 1 --value="{nextCloudServer.fqn}"
    
sudo -u apache php /var/www/nextcloud/occ \
    config:system:set trusted_domains 2 --value="{nextCloudServer.ip}"
    
sudo -u apache php /var/www/nextcloud/occ \
    config:system:set overwrite.cli.url --value="https://{nextCloudServer.fqn}"