Verify PHP is installed and the version. You can see I was able to install PHP v8.1.4
sudo php -v
Open the php.ini config file and set your timezone. You will need to uncomment the line for date.timezone and set it to your timezone of choice and set it to your timezone of choice. .
Secure or instance of Maria DB by running the ‘mariadb_secure_installation‘ command.
sudo mariadb-secure-installation
Enter your root credentials when prompted. For the next two prompts, if you have your root account protected correctly, it will tell you so and you can follow the recommendation to enter ‘n’ for them.
For the next four prompts, enter ‘Y’ for them.
Check your MariaDB and what version it is running this command below or login into the database and check as shown in the image below.
So I’m going to walk thru installing Nextcloud on CentOS 7. Your mileage will vary if you attempt to use this as a guide to install NextCloud on CentOS 8 (which is EOL) or CentOS Stream 8/9 as it is not intended for those versions of CentOS.
Nextcloud is an open-source self-hosted sync and file sharing server that was forked from OwnCloud. It is written in PHP and JavaScript and supports multiple databases like MySQL, PostgreSQL, SQLite, and Oracle Database.
Before we get started, we will need to make sure we are set up with a LAMP stack. LAMP stands for Linux, Apache, MySQL, PHP. It’s bascially setting us up as a web server. And since we are going to be a webserver, we should also add Let’s Encrypt for SSL on our machine.
First step is to update your system.
yum -y update
Install PHP
To install PHP 8, you will need to add the EPEL and Remi repositories to your machine. You should also import the repo’s signing key.
Verify PHP is installed and the version. You can see I was able to install PHP v8.0.17
php -v
Open the php.ini config file and set your timezone. You will need to uncomment the line for date.timezone and set it to your timezone of choice.
vi /etc/php.ini
date.timezone = Pacific/Honolulu
Raise PHP’s memory limit
sed -i '/^memory_limit =/s/=.*/= 512M/' /etc/php.ini
Install Apache
Install Apache on your machine.
yum -y install httpd mod_ssl
Start Apache and enable the Apache service at boot.
systemctl start httpd
systemctl enable httpd
Install MariaDB
Add the MariaDB repository to your machine
cat <<EOF | sudo tee /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.6/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF
Clean the yum cache
yum makecache fast
Install MariaDB 10.6
yum -y install MariaDB-server MariaDB-client
Start and enable MariaDB service:
systemctl start mariadb
systemctl enable mariadb
Secure or instance of Maria DB by running the ‘mariadb_secure_installation‘ command.
mariadb-secure-installation
Enter your root credentials when prompted. For the next two prompts, if you have your root account protected correctly, it will tell you so and you can follow the recommendation to enter ‘n’ for them.
For the next four prompts, enter ‘Y’ for them.
Check your MariaDB and what version it is running this command below or login into the database and check as shown in the image below.
mysql -V
Create the Database and the user account for NextCloud using the commands below.
Take note of what you set for: <nextcloud_db> : This will be the name of your NextCloud database. <nextcloud_user> : This will be the NextCloud user. <nextcloud_pw> : This is a strong password that you have created for your ‘nextcloud_user’.
mysql -u root -p
create database <nextcloud_db>;
create user '<nextclouduser>'@'localhost' identified BY '<nextcloud_pw>';
grant all privileges on <nextcloud_db>.* to '<nextclouduser>'@'localhost';
flush privileges;
\q
Give Apache access to MariaDB
setsebool -P httpd_can_network_connect_db 1
Let us go ahead and reboot the system before we proceed with installing NextCloud.
init 6
Installing NextCloud
Download the packages needed to download and unzip NextCloud
yum -y install wget unzip
Next, download the latest stable release of NextCloud to your system.
Create a data directory to store files that get uploaded to NextCloud. If you use a symlink, this can be any type of path to a NAS, SAN, or NFS. Give Apache permiss
Give the Apache user and group ownership of the NextCloud folder.
chown apache:apache -R /var/www/html/nextcloud
The next step will create an Apache VirtualHost configuration file.
vi /etc/httpd/conf.d/nextcloud.conf
Copy and paste the following code block into the file. Note: Make sure to update the “ServerName” and “ServerAdmin” settings to suit your environment. The “ServerName” is its FQDN, so remember to setup your DNS entry for it, if necessary.
<VirtualHost *:80>
ServerName nextcloud.pwwf.com
ServerAdmin nextcloud.admin@pwwf.com
DocumentRoot /var/www/html/nextcloud
<directory /var/www/html/nextcloud>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
</directory>
</VirtualHost>
Configure SELinux
Install the SEMange package.
yum -y install policycoreutils-python
Add the context rules to allow NextCloud to write data into its directories.
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data'
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini'
restorecon -Rv /var/www/html
Open your web browser of choice and enter either the server name URL you entered in the ‘nextcloud.conf’ file, or alternatively you could use the IP address of your machine, to access the NextCloud Web GUI.
example – http://nextcloud.pwwf.com/ http://10.1.2.169/
The first fields are for creating an admin account for your NextCloud instance. Set it to anything you wish, just don’t forget those credentials.
Then select “MySQL/MariaDB” and configure the database fields with the information we used earlier when we set up the database in MariaDB.
Then click on the “Install” button at the very bottom of the page.
Once the install completes, your dashboard will be ready to use. In your browser, go to: http://<ServerName>/nextcloud/index.php/apps/dashboard
Having HTTP access is great… but I think that we would like to have some security. There are plenty of paid services out there to get an SSL from. But for this post let us add SSL encryption using the FREE resource that is Let’s Encrypt so that we can utilize HTTPS without any additional cost.
The first thing we need to do is install certbot.
yum -y install epel-release certbot
Next we will need to request our SSL certificate for this machine.
Note: If certbot is not working for you, you will need to figure out whatever issue it is having before proceeding. If you cannot resolve it, the rest of this article will not benefit you. Unfortunately, troubleshooting certbot is outside the scope of this article.
After the SSL certificate has successfully been generated, it is time to edit your Apache config file for NextCloud, again.
vi /etc/httpd/conf.d/nextcloud.conf
Make your configuration file look like what I have below. Note: Make sure to update the “ServerName” and “ServerAdmin” settings to suit your environment.
To remove the “index.php” from every URL, open the Nextcloud config file.
vi /var/www/html/nextcloud/config/config.php
Depending on how your config file is setup, you will add one of the following entries below based on how your URL is configured. If you get this wrong, don’t worry, you will see an “Internal Server Error” message instead of your NextCloud page and will have to come back into this file and change it.
If your line for “overwrite.cli.url” looks like this
Now go back to your browser and in the address bar, enter your pretty url without the ‘index.php’ in it… In my case, it will be “https://nextcloud.pwwf.com/”
Proxy override
I was having an issue with the UI inside NextCloud. I could view folders and files, but I could not create new folders or files. After some troubleshooting recreating the NextCloud server and testing before adding the SSL certificate and also after adding the certificate, as well as testing bypassing the proxy I was able to confirm that the proxy was indeed causing me my headaches. This should help you if you are behind a proxy…
vi /var/www/html/nextcloud/config/config.php
Under your line for “overwrite.cli.url” add this entry.
'overwriteprotocol' => 'https',
This will make sure that any requests, and replies, are done over HTTPS and now HTTP.
Max Upload
PHP is going to try to limit the file upload size that you can use. Since I know you are going to probably want to save/share some large files, let us update those limits to something more realistic.
vi /etc/php.ini
Search the file and update these values to your desired limit, I’m going to set it to 10GB.
While you can adjust these values to your environment, just remember to always make your “post_max_size” a little bit larger than your “upload_max_filesize”. This will keep you from having any issues when uploading a file that is the same size as your max upload limit.
Lastly, you will need to restart Apache.
systemctl restart httpd
Trash Cleanup
So NextCloud isn’t always great at cleaning up your deleted files. By design, it is set to hold on to your deleted items for 30 days, then it only forces a delete if you are running low on space. Since you’re probably sitting on at least a few terabytes of storage, those deleted files may never actually get deleted.
vi /var/www/html/nextcloud/config/config.php
Open your NextCloud config file.
Here is how you can control NextCloud’s behavior with these settings.
auto – default setting. keeps files and folders in the trash bin for 30 days and automatically deletes anytime after that if space is needed (note: files may not be deleted if space is not needed).
D, auto – keeps files and folders in the trash bin for D+ days, delete anytime if space needed (note: files may not be deleted if space is not needed)
auto, D – delete all files in the trash bin that are older than D days automatically, delete other files anytime if space needed
D1, D2 – keep files and folders in the trash bin for at least D1 days and delete when exceeds D2 days (note: files will not be deleted automatically if space is needed)
disabled – trash bin auto clean disabled, files and folders will be kept forever
To automatically delete the files after 30 days and allow NextCloud to purge them sooner if space is needed, you can add this line.
'trashbin_retention_obligation' => 'auto, 30',
To retain the files for 30 days and then absolutely purge them after 40 days, you would add this line.
'trashbin_retention_obligation' => '30, 40',
Install ClamAV
Here is how to add the open source antivirus tool ClamAV to the CentOS machine and configure it automatically run a virus scan on newly uploaded files. ClamAV detects all forms of malware including Trojan horses, viruses, and worms, and it operates on all major file types including Windows, Linux, and Mac files, compressed files, executables, image files, Flash, PDF, and many others. ClamAV’s Freshclam daemon automatically updates its malware signature database at scheduled intervals.
First edit freshclam.conf and configure your options.
vi /etc/freshclam.conf
Freshclam updates your malware database, so you want it to run frequently to get updated malware signatures. Run it manually post-installation to download your first set of malware signatures:
freshclam
Next, edit scan.conf.
vi /etc/clamd.d/scan.conf
Uncomment this line
LocalSocket /run/clamd.scan/clamd.sock
When you’re finished you must enable the clamd service file and start clamd:
With CentOS 8 now EOL, it is officially time to upgrade CentOS 8 virtual machines to CentOS 8 Stream. The good news is that it is even quicker and easier than the upgrade from CentOS 7 to CentOS 8 was.
First things first… Take a backup of your virtual machine, or at least a snapshot so that you have something you can revert back to if something goes wrong in this process.
Take a look at what release your CentOS machine is currently running.
cat /etc/centos-release
cat /etc/os-release
As you can see this machine is currently on CentOS 8.5.2111.
At this point, I’m going to enter “sudo su” on my VM and then enter my credentials, so that I can continue as ‘root’ and I don’t have to type “sudo” before every single command.
To begin, start by updating your system.
dnf -y update
The next step is to update your machine to the current CentOS Stream release package.
List and view all of the enabled repositories. You should see they are set to “CentOS Stream 8”.
sudo dnf repolist
Next, synchronize all of the installed packages on your machine.
Note: For situational awareness, this step will upgrade or downgrade packages to match the new CentOS Stream ABI/API and will apparently break 100% RHEL compatibility due to the ABI/API change. This is the perfect example of why you would want to take a full backup of the system before making any changes, just in case the ABI/API change breaks one of your applications running on the system.
dnf -y distro-sync
Reboot your system.
init 6
Confirm that we are now running on CentOS 8 Stream.
cat /etc/centos-release
cat /etc/os-release
We can now see that this machine is now running on CentOS Stream 8.
Warning: CentOS 8 has reached End of Life (EOL) and is no longer supported. You should really consider moving to a supported OS such as CentOS 8 Stream.
I was looking at some virtual machines earlier today and I realized that they were not running the most current version of CentOS. Since I am going to upgrade them, I figured it’d be the perfect time to document the process of how to do it.
The first thing I do is make a backup of my virtual machine. You can’t recover from an accident if you don’t have a recovery point. At the very least, make sure you have taken a snapshot of your virtual machine.
Next, I verify what version of CentOS I’m on by running the following command.
cat /etc/centos-release
From the screenshot below you can see that I am currently on version 7.9.2009.
At this point, I’m going to enter “sudo su” on my VM and then enter my credentials, so that I can continue as ‘root’ and I don’t have to type “sudo” before every single command.
First step is to install the EPEL repository.
yum -y install epel-release
Next, install both ‘yum-utils’ and ‘rpmconf’ by using this command.
yum -y install yum-utils rpmconf
Next, use ‘rpmconf’ to resolve the RPM packages that are in use on your VM.
rpmconf -a
Then clean up any packages that are not required by your system.
CentOS Linux 8 had actually reached the End Of Life (EOL) as of December 31st, 2021. Which means that CentOS 8 will no longer receive development from the official CentOS project. After that EOL date, if you need to update your CentOS (yes, that means us right now), you need to change the mirrors to point to vault.centos.org where they are archived. So a better option would actually be to upgrade to CentOS Stream instead, but we’ll save that for another post… Here is how to change the mirrors.
cd /etc/yum.repos.d/
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
dnf update
cd
There are two packages, dracut-network and rpmconf, that conflict with upgradingand need to be removed.
dnf remove dracut-network rpmconf
Remove the old CentOS 7 kernel
rpm -e `rpm -q kernel`
Remove any conflicting packages that are not needed any longer
I found a great Bitnami Docs KB article describing how to check the status of, and stop/start/restart the services running on your Bitnami instance.
Each Bitnami stack includes a control script that lets you easily check the status of, stop, start and restart services.
These are the commands that you would use. If you use them as-is below it will perform the specified action against all the Bitnami services on your instance.
Or use any of the above against a single service that is running, such as Apache only, by passing the service’s name as an argument after the desired action, such as restart.
sudo /opt/bitnami/ctlscript.sh restart apache
The easiest way to learn the names of the services that are on your Bitnami instance is by simply checking all of their statuses with the status command as it returns the names of all the services on your instance.
I was trying to upload an ova file thru vCenter when I got an error message about a controller type in this particular ova. From prior troubleshooting, I knew that the workaround was to just log directly onto a host and upload the ova directly to the host. I know I had done this before so I was confused for a brief moment when I got the error message:
Access to resource settings on the host is restricted to the server that is managing it: xx.xx.xx.xx.
Okay… so the ESXi host is being managed by vCenter. How do I finagle my upload onto a host? Here’s how…
Enable SSH (if it is disabled) on the ESXi host you want to upload/deploy your ova or ovf to.
You should know how/where to enable SSH… If you don’t there are plenty of articles you can google.
Connect to the host via SSH.
We want to stop the service that allows the ESXi host and the vCenter to communicate. To do so we want to run the following commands.
/etc/init.d/vpxa stop /etc/init.d/hostd restart
Deploy your ova or ovf to your host thru the ESXi host’s DCUI WebGUI.
After you deploy your virtual machine, restart the VPXA service via SSH on the ESXi host.
/etc/init.d/vpxa start
Wait a couple of minutes while the ESXi host and your vCenter re-establish communication between each other.
If SSH was previously disabled, re-disable it on your host.
After getting a new desk you need to get some hardware to finish dialing it in how you want. For me, after getting a new desk at home, one of those things that I needed was a way to mount my monitor. I spent more hours reading through product reviews than I’d like to admit, but the end result was something I’m happy with.
So heading into my search I had a few things in mind. First, I’m not against purchasing expensive items if their value is worth it. That said, I did not want to go spending a few hundred dollars on a new mount. I felt like there were so many Chinese knockoffs on the Amazon alone that I could surely find a good deal on something of middle-of-the-road quality. Ideally, I wanted to spend under $100 on it. The second thing I really wanted was a mount that would fit dual monitors The plan was to search for a dual monitor stand so I could have two screens running. The third thing I was looking for was for it to be a clamp-on style mount. Having a child in my house I wanted something that would be secured to the desk. Something that I wouldn’t have to worry about being top-heavy and toppling over if the little one was screwing around and “bumped” the desk too hard.
So now that I laid out my wants, how did I do, and what did I decide to get?
After reading a ton of reviews I decided to shift from a dual monitor to a single monitor stand. Having two individual arms would allow me better flexibility on the screen size. With my current monitors being two different sizes (32″ and 21″) this makes things easy and in the future, I don’t ever have to worry about the monitor size as a limitation.
I had lots of clamp-style mounts to choose from on Amazon. It ended up being pretty easy to find one that I liked. However, one thing that I hadn’t originally considered getting was a reinforcement bracket for the clamp. It helps to distribute the pressure from the mount’s clamp and protects the desk from stress fractures over time. It’s basically just a small steel plate that sits between the desk and the clamp. After looking at my desk and giving it some thought, I figured it’d be worth the few extra bucks it cost.
My final purchase was a fully articulating arm for up to a 32″ monitor. I spent $32.99 on it and I feel like I got a good deal on itconsidering how high some of the arms can cost. The one I purchased was the MountUp Single Monitor Desk Mount.
And because nothing can ever go smoothly, the VESA mount holes on the arm and one of my monitors were different sizes. So I ended up getting the Husky Mounts VESA adaptor for it for $10.95. It solved my issue no problem.
So I managed to get a solution that works for me all for $50 per monitor (not including the VESA adaptor). I think that I did alright getting everything I wanted for $100.
