Post Installation / Updating / Configuration in CentOS7

I have Nextcloud successfully installed (manual installation of LAMP components and original Nextcloud install was 10.0.1), updated (first to 10.0.2 then using the Beta Channel method to 11.0.0) and accessible and routable from the Internet in Ubuntu Server 16.04.

However, I’d like the same results and would prefer to use CentOS7 for production instead.

I’ve attempted about 25 different installations, with most failing with an HTTP 500 Error. Then today tried a fresh install of 10.0.2, I added [setenforce 0] at the very end and it worked! But now it’s less secure…ugh. Then I wondered, does Ubuntu Server lack this type of security? Nextcloud suggested I move the …/data/… folder out of the web folder, so I move it out and update the necessary file. Good to go. Still have access.

Logged in, switched to Beta channel and the update to 11.0.0 was available. Clicked update and when Checking for write permissions, error. Dang, thought I was so close.

Error:

Check for write permissions
The following places can not be written to:

  • /var/www/html/updater/…/.
  • /var/www/html/updater/…/3rdparty/.

…and the list goes on and on and on. It’s all in the …/updater/… folder.

So, two things, first, when I enable [setenforce 1], I get the HTTP 500 error. Only when I lower the security, can I connect. But i’m sure this can’t be the preferred method. So I must be missing a setting?

Second, I’m going to try another fresh installation; but preinstall with 11.0.0… However, I don’t think the original “write permissions” error is resolved? It’s still sitting there until the next update?

I want to start opening up my nextCloud for field testing; but need to get these issues resolved before production and implementing for my company. So, any help would be grateful.

clean install with 11.0.0 was successful. can access only with setenforce 0.

decided to drive on and enable SSL using Let’s Encrypt. Ran certbot and got errors about virtualhost and errored out. created my nextcloud.*.conf file and made changes to the httpd.conf. tried restarting and got all kinds of errors.

too tired to make everything sync. will try again tomorrow.

Regarding usage of SELinux:
Did you set some necessariy booleans? Here are some I had to set for my last installation:
sudo setsebool -P cron_can_relabel 1
sudo setsebool -P httpd_setrlimit 1
sudo setsebool -P httpd_run_stickshift 1
sudo setsebool -P httpd_can_network_connect_db 1
sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_can_sendmail 1
sudo setsebool -P httpd_unified 1
sudo setsebool -P httpd_execmem 1

and if required:
sudo setsebool -P httpd_can_connect_ldap 1
sudo setsebool -P httpd_use_nfs 1

If there are still problems check what a “audit2allow -a -w” tells you.

awesome. I will test those. thank you, Xenu.

applied the first set of setsebool commands with no luck. applied the other two setsebool commands. no luck.

audit2allow -a -w:
type=AVC msg=audit(1482428700.414:568): avc: denied { getattr } for pid=14158 comm=“httpd” path="/var/www/nextcloud/index.php" dev=“dm-0” ino=16790108 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
Was caused by:
Unknown - should be dontaudit’d by active policy
Possible mismatch between this policy and the one under which the audit message was generated.

            Possible mismatch between current in-memory boolean settings vs. permanent ones.

type=AVC msg=audit(1482428717.340:570): avc: denied { getattr } for pid=14154 comm=“httpd” path="/var/www/nextcloud/index.php" dev=“dm-0” ino=16790108 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
Was caused by:
Unknown - should be dontaudit’d by active policy
Possible mismatch between this policy and the one under which the audit message was generated.

            Possible mismatch between current in-memory boolean settings vs. permanent ones.

type=AVC msg=audit(1482428717.340:569): avc: denied { getattr } for pid=14154 comm=“httpd” path="/var/www/nextcloud/index.php" dev=“dm-0” ino=16790108 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
Was caused by:
Unknown - should be dontaudit’d by active policy
Possible mismatch between this policy and the one under which the audit message was generated.

            Possible mismatch between current in-memory boolean settings vs. permanent ones.

This just tells you that it was denied in the past but with the current selinux modules loaded it would have been allowed. Delete your files in /var/log/audit/* and reboot if you want old warnings gone when you run audit2allow.

My Nextcloud11 install on Ubuntu Server is perfect and running very good. SSL is set up and moving files around.

But I want to try getting it running on CentOS7 one more time.

I have used 5 different installation guides on the Internet, do you or anyone else have a really good guide that you would recommendation to follow?

after doing more testing, I’ve narrowed the installation how-to steps for Centos7 down to two. very happy about that.

here’s my next question:
nextcloud installation directory: /var/www/html/
index.html and index.php are included in that html directory.
http://serveraddress directs to http://serveraddress/index.php/login

i replaced the index.html with only a “hello world” text index.html and it still goes to http://serveraddress/index.php/login in the browser.

so it appears that the script in the original index.html doesn’t really control the traffic from http://serveraddress to http://serveraddress/index.php/login

where or what is the configuration or conf file that auto directs traffic to the login page? I would like to use index.html as the default landing page where i can build a webpage instead, and then from there point to index.php.