[UPDATE2] Install Nginx + Nextcloud 18 + Php-Fpm + MariaDB 10 + CODE 4.2 + OnlyOffice Without Docker on Centos 7

vincent13011 · January 28, 2018, 5:59pm

yum update
yum -y install nginx wget unzip mariadb mariadb-server
yum --disableexcludes=main install libxslt.x86_64

##Depot Remi php72 requis
yum install php-common php-gmp php-intl php-imap php-opcache php-fpm php-cli php-gd php-mcrypt php-mysqlnd php-pear php-xml php-mbstring php-pdo php-json php-pecl-apcu php-pecl-apcu-devel php-zip

#Upgrade MARIADB 5.5 → 10
#How to Upgrade MariaDB 5.5 to MariaDB 10.0 on CentOS 7

mysqldump -u “user” -p --all-databases > all_databases.sql
systemctl stop mysql
yum remove mariadb-server mariadb mariadb-libs
yum clean all
yum -y install MariaDB-server MariaDB-client postfix
systemctl start mysql
systemctl enable mysql
#mysql_upgrade ou mysql_secure_installation → Upgrade if exist DATABASE or secure_installation for new database

##Création certificat auto-signé
mkdir -p /var/certs/nginx
openssl req -new -x509 -sha512 -days 3650 -key /var/certs/nginx/key.pem -out /var/certs/nginx/cert.pem
openssl genrsa 4096 >> /var/certs/nginx/key.pem
openssl dhparam 4096 -out /var/certs/nginx/dh4096.pem

chmod 700 /var/certs/nginx
chmod 600 /var/certs/nginx/*

##Edition de la configuration Nginx.conf

##Configuration PHP-FPM

nano /etc/php-fpm.conf

[global]
; Pid file
; Default Value: none
pid = /run/php-fpm/php-fpm.pid

nano /etc/php-fpm.d/www.conf

In line 8 and 10, change user and group to ‘nginx’.
user = nginx
group = nginx
In line 22, make sure php-fpm is running under server port.
listen = 127.0.0.1:9000
Uncomment line 366-370 to activate the php-fpm system environment variables.
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

##Activation APCACHE/CGI
nano /etc/php.ini

#Affiche la version de PHP utilisée sur votre serveur
expose_ph = Off
cgi.fix_pathinfo=1
; Local Variables:
apc.enable_cli = 1
; tab-width: 4
; End:

##Activation OpCache
nano /etc/php.d/10-opcache.ini

zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1

##Configuration MYSQL

[server]

#skip-name-resolve
innodb_buffer_pool_size = 128M
innodb_buffer_pool_instances = 1
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 32M
innodb_max_dirty_pages_pct = 90
query_cache_type = 1
query_cache_limit = 2M
query_cache_min_res_unit = 2k
query_cache_size = 64M
tmp_table_size= 64M
max_heap_table_size= 64M
slow-query-log = 1
slow-query-log-file = /var/log/mysql/slow.log
long_query_time = 1

[mysqld]

character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
binlog_format = MIXED
datadir=/var/lib/mysql
symbolic-links=0

##Enable 4-byte support
innodb_large_prefix=true
innodb_file_format=barracuda
innodb_file_per_table=1

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

nano /etc/my.cnf.d/client.cnf

[client]
default-character-set = utf8mb4

##Modification des droits sur Nginx
chown -R nginx:nginx /etc/nginx/

##Test de la configuration
nginx -t

##restart et démarrage auto des services
systemctl restart nginx
systemctl restart php-fpm
systemctl restart mysql
systemctl enable php-fpm
systemctl enable nginx
systemctl enable mysql

Now configure the MariaDB root password.
mysql_secure_installation

mysql -u root -p
Type Password

Type in the mysql query below to create a new database and a new user.
CREATE DATABASE nextcloud_db CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
create user nextclouduser@localhost identified by ‘MDP’;
grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by ‘MDP’;
flush privileges;

##Récupération de nextcloud
cd /tmp
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
tar -xvf latest.tar.bz2
mv nextcloud/ /usr/share/nginx/html/
cd /usr/share/nginx/html/
mkdir /media/HDD2/nextcloud/data ##DATA nextcloud

##Configuration nextcloud avec Nginx
nano /etc/nginx/conf.d/nextcloud.conf

upstream php-handler {
    server unix:/var/run/nextcloud.sock;
}

server {
	listen 80;
	server_name domaine;
    #enforce https
	return 301 https://$server_name$request_uri;
}

server {	
	listen 443 ssl http2;
	server_name domaine;
	access_log /var/log/nginx/nextcloud.log;

	ssl on;
    ssl_certificate /etc/letsencrypt/live/domaine/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domaine/privkey.pem; # managed by Certbot
	ssl_trusted_certificate /etc/letsencrypt/live/domaine/fullchain.pem;
    ssl_stapling on; #Requires nginx >= 1.3.7
    ssl_stapling_verify on; #Requires nginx => 1.3.7
	include /etc/nginx/ssl.conf;

   #Path to the root of your installation
    root /usr/share/nginx/html/nextcloud/;

location = /robots.txt {
   	allow all;
   	log_not_found off;
    access_log off;
}

#The following 2 rules are only needed for the user_webfinger app.
#Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
#last;

location = /.well-known/carddav {
  return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
}
location = /.well-known/caldav {
  return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
}

#set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4k;

#Disable gzip to avoid the removal of the ETag header
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

#Uncomment if your server is build with the ngx_pagespeed module
#This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location / {
    	rewrite ^ /index.php$request_uri;
	}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
    	deny all;
	}
	location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    	deny all;
	}

location ~ ^/((?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
   	fastcgi_split_path_info ^(.+\.php)(/.*)$;
    	include fastcgi_params;
            try_files $fastcgi_script_name =404;
    	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    	fastcgi_param PATH_INFO $path_info;
    	fastcgi_param HTTPS on;
    	#Avoid sending the security headers twice
    	fastcgi_param modHeadersAvailable true;
    	fastcgi_param front_controller_active true;
    	fastcgi_pass php-handler;
    	fastcgi_intercept_errors on;
    	fastcgi_request_buffering off;
	}

	location ~ ^/(?:updater|oc[ms]-provider)(?:$|\/){
    	try_files $uri/ =404;
    	index index.php;
	}

	#Adding the cache control header for js and css files
	#Make sure it is BELOW the PHP block
	location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
   	try_files $uri /index.php$request_uri;
    	add_header Cache-Control "public, max-age=15778463";
    	#Add headers to serve security related headers (It is intended to
    	#have those duplicated to the ones above)
    	#Before enabling Strict-Transport-Security headers please read into
    	#this topic first.
    	#add_header Strict-Transport-Security "max-age=15768000;
    	#includeSubDomains; preload;";
    	#
    	#WARNING: Only add the preload option once you read about
    	#the consequences in https://hstspreload.org/. This option
    	#will add the domain to a hardcoded list that is shipped
    	#in all major browsers and getting removed from this list
    	#could take several months.
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;
    	#Optional: Don't log access to assets
    	access_log off;
	}

location ~* \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
    	try_files $uri /index.php$request_uri;
    	#Optional: Don't log access to other assets
    	access_log off;
	}

 	location ^~ /apps/rainloop/app/data {
            deny all;
    }

##########Collabora Online##########

	#static files
	location ^~ /loleaflet {
   		proxy_pass https://127.0.0.1:9980;
   		proxy_set_header Host $http_host;
	}

	#WOPI discovery URL
	location ^~ /hosting/discovery {
    	proxy_pass https://127.0.0.1:9980;
    	proxy_set_header Host $http_host;
	}

	#Capabilities
	location ^~ /hosting/capabilities {
		proxy_pass https://localhost:9980;
		proxy_set_header Host $http_host;
	}

	#main websocket
	location ~ ^/lool/(.*)/ws$ {
   		proxy_pass https://127.0.0.1:9980;
   		proxy_set_header Upgrade $http_upgrade;
   		proxy_set_header Connection "Upgrade";
   		proxy_set_header Host $http_host;
   		proxy_read_timeout 36000s;
	}

	#download, presentation and image upload
	location ~ ^/lool {
		proxy_pass https://127.0.0.1:9980;
		proxy_set_header Host $http_host;
	}

	#Admin Console websocket
	location ^~ /lool/adminws {
   		proxy_pass https://127.0.0.1:9980;
   		proxy_set_header Upgrade $http_upgrade;
   		proxy_set_header Connection "Upgrade";
   		proxy_set_header Host $http_host;
   		proxy_read_timeout 36000s;
	}
}

# Installation de Cerbot for Nginx (SSL)

yum install certbot-nginx

#Création certificat
certbot --nginx -d example.com --rsa-key-size 4096 (example.com represente le nom de domaine)

#Création Diffie-Hellman Parameters
openssl dhparam 4096 -out /var/certs/nginx/dhparam.pem

#Intégration des sécurité SSL dans /etc/nginx/ssl.conf

nano /etc/nginx/ssl.conf

##SSL
#ssl_ecdh_curve secp384r1; # Si nginx pas récent ou openssl > 1.1.0+
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_dhparam /etc/nginx/cert/dhparam.pem; # utiliser si ecdh non disponible.
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
#ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES256:AES256+EDH:!aNULL:!SHA;
#ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384';
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;

#Resolver DNS FDN
resolver 80.67.169.12 80.67.169.40 valid=300s;
resolver_timeout 3s;

##HSTS
#Cette en-tête permet d'éviter le vol de cookies et le downgrade SSL
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
#Eviter de se faire piller son site
add_header X-Robots-Tag "none" always;
# Evite que le contenu soit interprété différemment que définit dans le mime Type
add_header X-Content-Type-Options "nosniff" always;
#Protection contre le clickjacking
add_header X-Frame-Options "SAMEORIGIN" always;
#Protection contre les failles X-XSS
add_header X-XSS-Protection "1; mode=block" always;
#Faille spécifique à IE8
add_header X-Download-Options "noopen" always;
# Interdire l'embarquement de tout ou partie de votre site dans un site ou logiciel tiers
add_header X-Permitted-Cross-Domain-Policies "none" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

add_header Referrer-Policy "no-referrer" always;
add_header Feature-Policy "geolocation 'self'";

#Renew certificat
crontab -e

5 4 * * 1 /usr/bin/certbot renew --quiet
18 4 * * 1 /usr/bin/systemctl reload nginx

This tells cron to attempt to renew your certificates every Monday morning at 4:15 AM and reload NGINX 3 minutes later.

##Isolation nexcloud
#voir Ubuntu 22.04 – Installation de Nextcloud (Nginx, PHP7-FPM, MariaDB et SSL/TLS) – HowTo Wared
#Création User nextcloud

sudo adduser nextcloud
sudo chown -R nextcloud:nginx /usr/share/nginx/html/nextcloud
sudo chown -R nextcloud:nginx /media/HDD2/nextcloud
sudo chmod -R o-rwx /usr/share/nginx/html/nextcloud
sudo chmod -R o-rwx /media/HDD2/nextcloud

#Configuration Php-FPM for nextcloud
nano /etc/php-fpm.d/nextcloud.conf

[nextcloud]
listen = /var/run/nextcloud.sock

listen.owner = nextcloud
listen.group = nginx

user = nextcloud
group = nginx

pm = ondemand
pm.max_children = 56
pm.process_idle_timeout = 60s
pm.max_requests = 500

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
request_terminate_timeout = 300
php_value[error_log] = /var/log/php-fpm/nextcloud-error.log
php_flag[log_errors] = On
php_value[memory_limit] = 512M
php_value[open_basedir] =/dev/:/tmp/:/var/lib/php/:/usr/share/nginx/html/nextcloud/:/media/HDD2/nextcloud/:/dev/urandom:/var/run/clamd.scan/:/proc/meminfo
php_value[upload_tmp_dir] = /media/HDD2/nextcloud/tmp/
php_value[max_input_time] = 3600
php_value[max_execution_time] = 3600
php_value[disable_functions] = passthru,exec,popen,phpinfo,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session/nextcloud
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache/nextcloud
php_value[opcache.file_cache] = /var/lib/php/opcache/nextcloud
php_value[upload_max_filesize] = 10G
php_value[post_max_size] = 10G
php_flag[file_uploads] = On
php_flag[allow_url_fopen] = On

systemctl enable php-fpm.service
systemctl restart nginx mysql php-fpm

##Edition des droits pour nextcloud
yum -y install policycoreutils-python

chown nextcloud:nginx -R /usr/share/nginx/html/nextcloud/
chown nextcloud:nginx -R /media/HDD2/nextcloud/

#DATA nextcloud

#Préparation des droits

/sbin/semanage fcontext -a -t httpd_sys_rw_content_t -s system_u ‘/media/HDD2/nextcloud(/.)?’
/sbin/semanage fcontext -a -t httpd_sys_rw_content_t -s system_u '/usr/share/nginx/html/nextcloud/config(/.)?’
/sbin/semanage fcontext -a -t httpd_sys_rw_content_t -s system_u ‘/usr/share/nginx/html/nextcloud/apps(/.)?’
/sbin/semanage fcontext -a -t httpd_sys_rw_content_t -s system_u ‘/usr/share/nginx/html/nextcloud/.htaccess’
/sbin/semanage fcontext -a -t httpd_sys_rw_content_t -s system_u ‘/usr/share/nginx/html/nextcloud/.user.ini’
/sbin/semanage fcontext -a -t httpd_sys_rw_content_t -s system_u ‘/var/log/onlyoffice/documentserver/nginx.error.log’
/sbin/semanage fcontext -a -t clamd_var_run_t -s system_u '/var/run/clamd.nextcloud(/.)?’

#Application des droits Selinux (R: Recursif; v : Verbose; F : Application context + user)

/sbin/restorecon -RvF ‘/usr/share/nginx/html/nextcloud/’
/sbin/restorecon -RvF ‘/media/HDD2/nextcloud/’
/sbin/restorecon -RvF ‘/var/log/onlyoffice/documentserver/nginx.error.log’
/sbin/restorecon -RvF ‘/var/run/clamd.nextcloud/’

setsebool -P httpd_can_sendmail on

sudo -u nextcloud sed -i “s/upload_max_filesize=./upload_max_filesize=10240M/" /usr/share/nginx/html/nextcloud/.user.ini
sudo -u nextcloud sed -i "s/post_max_size=./post_max_size=10240M/” /usr/share/nginx/html/nextcloud/.user.ini
sudo -u nextcloud sed -i “s/output_buffering=.*/output_buffering=‘Off’/” /usr/share/nginx/html/nextcloud/.user.ini

##Configuration nextcloud (WEB)

Créate Admin User Nextcloud
Storage : /media/HDD2/nextcloud/data
DATABASE : MariaDB
USER/MDP/BDD/localhost

##Optimisation nextcloud
nano /usr/share/nginx/html/nextcloud/config/config.php
Ajouter :

‘loglevel’ => 3,
‘logfile’ => ‘/media/HDD2/nextcloud/data/nextcloud.log’,
‘logdateformat’ => ‘F d, Y H:i:s’,
‘logtimezone’ => ‘Europe/Berlin’,
‘cron_log’ => true,
‘memcache.local’ => ‘\OC\Memcache\APCu’,
‘memcache.locking’ => ‘\OC\Memcache\Redis’,
‘preview_max_x’ => 1024,
‘preview_max_y’ => 768,
‘preview_max_scale_factor’ => 1,
‘redis’ =>
array (
‘host’ => ‘/var/run/redis/redis-server.sock’,
‘port’ => 0,
‘timeout’ => 0.0,
#next row only, if set in redis.conf before!
‘Password’ => ‘’,
),
‘auth.bruteforce.protection.enabled’ => false,
‘updatechecker’ => true,
‘updater.server.url’ => ‘https://updates.nextcloud.com/updater_server/’,
‘updater.release.channel’ => ‘stable’,
‘trashbin_retention_obligation’ => ‘auto, 7’,
‘tempdirectory’ => ‘/media/HDD2/nextcloud/tmp’,
‘enable_previews’ => true,
‘enabledPreviewProviders’ =>
array (
0 => ‘OC\Preview\PNG’,
1 => ‘OC\Preview\JPEG’,
6 => ‘OC\Preview\MP3’,
7 => ‘OC\Preview\TXT’,
9 => ‘OC\Preview\Movie’,
10 => ‘OC\Preview\MSOffice2003’,
11 => ‘OC\Preview\MSOffice2007’,
12 => ‘OC\Preview\MSOfficeDoc’,
13 => ‘OC\Preview\OpenDocument’,
14 => ‘OC\Preview\PDF’,
),

sudo -u nextcloud php /usr/share/nginx/html/nextcloud/occ config:app:set --value=“32 64 1024” previewgenerator squareSizes
sudo -u nextcloud php /usr/share/nginx/html/nextcloud/occ config:app:set --value=“64 128 1024” previewgenerator widthSizes
sudo -u nextcloud php /usr/share/nginx/html/nextcloud/occ config:app:set --value=“64 256 1024” previewgenerator heightSizes
sudo -u nextcloud php /usr/share/nginx/html/nextcloud/occ preview:generate-all

systemctl restart nginx php-fpm

##Execution du cron pour l’optimisation de nextcloud

mkdir /var/lib/nginx
chown nginx:nginx /var/lib/nginx

crontab -u nextcloud -e

*/15 * * * * php -f /usr/share/nginx/html/nextcloud/cron.php
@daily php -f /usr/share/nginx/html/nextcloud/occ preview:pre-generate >> /var/log/previewgenerator.log"
touch /var/log/previewgenerator.log
chown nextcloud:nextcloud /var/log/previewgenerator.log

##Add support utf8mb4 nextcloud

cd /usr/share/nginx/html/nextcloud

sudo -u nextcloud php occ config:system:set mysql.utf8mb4 --type boolean --value=“true”
sudo -u nextcloud php occ maintenance:repair

##Depuis l’interface Web :

Installer l’application : TOTP (double authentification)

Paramètres personnel de l’utilisateur/Activer la double authentification (Avec Google Authentificator) → Sauvegarde clé de récupération.
Générer un mot de passe “Application” pour le client Desktop “Nextcloud”

#update nextcloud :

Via shell

cd /usr/share/nginx/html/nextcloud
sudo -u nextcloud php updater/updater.phar
sudo -u nextcloud php occ maintenance:mode --off

#Upgrading to Nextcloud 13 :
#With Nextcloud 13 we added a new index to the share table which should result in significant performance improvements:
sudo -u nextcloud php occ db:add-missing-indice
#With Nextcloud 13 we switched to bigint for the file ID’s in the file cache table:
sudo -u nextcloud php occ db:convert-filecache-bigint

#Upgrading to Nextcloud 14/15 :

cd /usr/share/nginx/html/nextcloud
sudo -u nextcloud php updater/updater.phar
sudo -u nextcloud php occ maintenance:mode --off
sudo -u nextcloud occ upgrade
sudo chown -R nextcloud:nginx /usr/share/nginx/html/nextcloud
sudo chown -R nextcloud:nginx /media/HDD2/nextcloud
sudo chmod -R o-rwx /usr/share/nginx/html/nextcloud
sudo chmod -R o-rwx /media/HDD2/nextcloud
find /usr/share/nginx/html/nextcloud/ -type d -exec chmod 750 {} ;
find /usr/share/nginx/html/nextcloud/ -type f -exec chmod 640 {} ;

#Préparation des droits

/sbin/semanage fcontext -a -t httpd_sys_rw_content_t -s system_u ‘/media/HDD2/nextcloud(/.)?’
/sbin/semanage fcontext -a -t httpd_sys_rw_content_t -s system_u '/usr/share/nginx/html/nextcloud/config(/.)?’
/sbin/semanage fcontext -a -t httpd_sys_rw_content_t -s system_u ‘/usr/share/nginx/html/nextcloud/apps(/.)?’
/sbin/semanage fcontext -a -t httpd_sys_rw_content_t -s system_u ‘/usr/share/nginx/html/nextcloud/.htaccess’
/sbin/semanage fcontext -a -t httpd_sys_rw_content_t -s system_u ‘/usr/share/nginx/html/nextcloud/.user.ini’
/sbin/semanage fcontext -a -t httpd_sys_rw_content_t -s system_u ‘/var/log/onlyoffice/documentserver/nginx.error.log’
/sbin/semanage fcontext -a -t clamd_var_run_t -s system_u '/var/run/clamd.nextcloud(/.)?’

#Application des droits Selinux (R: Recursif; v : Verbose; F : Application context + user)

/sbin/restorecon -RvF ‘/usr/share/nginx/html/nextcloud/’
/sbin/restorecon -RvF ‘/media/HDD2/nextcloud/’
/sbin/restorecon -RvF ‘/var/log/onlyoffice/documentserver/nginx.error.log’
/sbin/restorecon -RvF '/var/run/clamd.nextcloud/
#Réparation nextcloud
sudo -u nextcloud php /usr/share/nginx/html/nextcloud/occ db:add-missing-indice
sudo -u nextcloud php /usr/share/nginx/html/nextcloud/occ maintenance:repair
sudo -u nextcloud php /usr/share/nginx/html/nextcloud/occ maintenance:data-fingerprint
sudo -u nextcloud php /usr/share/nginx/html/nextcloud/console.php files:scan --all

##Install Collabora Online: Collabora

##Install OnlyOffice onlyoffice

###############################

Error :

LOOP → File permissions in /var/lib/php/ are all wrong if you are using NginX.
chown nginx:nginx /var/lib/php/session/
chown root:nginx /var/lib/php/wsdlcache/
chown root:nginx /var/lib/php/opcache/

WOPI HOST Error → Delete “add_header Content-Security-Policy”

Else : chmod -R 777 /var/lib/php/session

Error PDF Viewer → add_header X-Frame-Options “SAMEORIGIN”;

Error update nextcloud.log → Supprimer le fichier nextcloud.log

Erreur cron php : Fatal Error Unable to create lock file: Bad file descriptor → chown root:root tmp && chmod 777 -R tmp/

gdavid · July 6, 2018, 11:56am

Hi Vincent. Thanks for your post. It was very useful for me, trying to do on Debian9 the same as you’ve done on CentOS.
Everything is working with Nextcloud13, but I have a problem with Collabora. Starting the loolwsd service results in a process listening on port 9981, but no process is listening on port 9980.
The only warning log line starting the service is:

kit-16319-16315 2018-07-06 11:53:20.903225 [ loolkit ] WRN Waking up dead poll thread [kit], started: false, finished: false| ./net/Socket.hpp:550

I really know nothing about CODE and how it works, so I’m no able to debug this situation.
Googling around “collabora nothing on port 9980” gave me no clue.
Any suggestion to point me in the righ direction?
Many thanks
g

gdavid · July 6, 2018, 12:58pm

I found the problem!

on debian 9 i examied listenin ports via ss -l4 and it returned no 9980 port, but ss -ntpl showed me port 9980 too. So the process actually is listening on that port.
the error I got opening an odt file from nexcloud, indeed, was not related to the port problem. I debugged it and I found it was a certificate problem because I use self-signed certificate. Appending my certificate to /var/www/nextcloud/resources/config/ca-bundle.crt solved the issue.
Hope it helps someone with my same isuue.

Reiner_Nippes · July 6, 2018, 1:46pm

Hi g,

I used this how to

https://www.c-rieger.de/nextcloud-and-collabora-nginx/

to write my ansible playbooks

github.com

ReinerNippes/nextcloud13/blob/devel/roles/prep_collabora/tasks/main.yml

---
# tasks file for prep_collabora

- name: pull collabora image
  docker_image:
    name: collabora/code
    
- name: configure nginx
  blockinfile:
    path: /etc/nginx/conf.d/nextcloud.conf 
    block: |
      location ^~ /loleaflet {
      proxy_pass https://localhost:9980;
      proxy_set_header Host $http_host;
      }
      location ^~ /hosting/discovery {
      proxy_pass https://localhost:9980;
      proxy_set_header Host $http_host;
      }
      location ^~ /lool {

This file has been truncated. show original

and both methods are working. So maybe you’ll find te answer to your question there.

vincent13011 · July 18, 2018, 3:53pm

Hello gdavid,

Indeed, I use Centos but the tutorial is general :).

I am happy that my tutorial was able to help you and that you have solved your problem.

Moreover, I encounter the same problem concerning the error on Collabora even if it works correctly. If you find the solution, I’m interested

“kit-22935-22927 2018-07-18 12: 04: 39.570028 [loolkit] WRN Wake the dead query thread [kit], started: false, finished: false | ./net/Socket.hpp:550”

Best regards,
Vincent

gdavid · August 1, 2018, 6:19pm

I Vincent. As I wrote on my previous post (answering to myself), the solution I fond to the error is related to self signed certificates

In practice, you have to perform this from shell:
# cat /path/to/my/certificate.crt >> /var/www/nextcloud/resources/config/ca-bundle.crt
Be sure to use double “>” sign, otherwise you delete all the others certification authorities pre-stored in the cert bundle.
Hope it helps

PALOUF34 · March 25, 2019, 1:36pm

Hello,

I’m sorry to bring up an old subject, but I can’t do the operation on the collabora part.
For information, I am obliged to relaunch the container collaborates very regularly which means that I would like to implement this solution.

I installed the official packages for my debian 9 version, I also made the modifications of the different ones indicated at the beginning of the topic.

the CODE 4 log file is not created so it is not impossible to have a trace.
here is the error I have in the nginx logs concerning the nextcloud

failed (111: Connection refused) while connecting to upstream, client: X.X.X.X, server: tld.fr, request: "GET /loleaflet/dist/admin/admin.html HTTP/2.0", upstream: "https://127.0.0.1:9980/loleaflet/dist/admin/admin.html", host: "tld.fr"

Do you have any idea where the problem might come from?

cordially.

Transl

vincent13011 · March 25, 2019, 2:29pm

Bonjour,

Avez-vous accès en localhost via https://127.0.0.1:9980 ?
Le service est bien démarré ? Avez-vous des logs de démarrage de loolwsd ?

Cordialement,

PALOUF34 · March 25, 2019, 3:50pm

Bonjour,
j’ai trouvé la solution, le problème venait de l’accès au fichier de log qui ne pouvais pas ce faire…
ainsi qu’un problème pour la lecture des fichier pour le certificat.

cela fonctionne parfaitement, c’est même plus rapide.

merci pour l’idée.

Hello,

I found the solution, the problem came from the access to the log file that could not do this…
as well as a problem with reading the files for the certificate.

it works perfectly, it’s even faster.

Thank you for the idea.