![]() They describe the individual services, Docker elements, and settings and are written in YAML (“Yet Another Markup Language”). That’s where the Docker Compose instructions come in - they define how the application should be structured and how the various components interact with each other. Nextcloud is an open-source file sync and sharing software that can be used as a replacement for Google Drive, Yandex Disk and similar cloud-based storage.Docker Compose will be used to manage multi-container applications. Nextcloud now has Onlyoffice to allow shared document editing and Nextcloud talk, to enable video conferencing, so is a virtual office productivity solution. Test hosting on UpCloud! Setting up a new cloud server In this tutorial, we will set up Nextcloud 18 on a single cloud server using nginx as the webserver and PostgreSQL for the database engine. Login to UpCloud and deploy a new server. In this case, we are using a Simple plan server with 1GB Memory, 25 GB storage with the CentOS 8 template. Once your server is deployed login by using SSH. Once logged in change the password, then enter the new password twice. To secure the server, it is good to prevent login as the root user, thus another user needs to be created.Ĭreate a new username for yourself. Then give the new user a password passwd nextcloudĪdd the user to the wheel group to be able to invoke administrative privileges. ![]() Then prevent root login by editing the /etc/ssh/sshd_config file and set PermitRootLogin to no nano /etc/ssh/sshd_config PermitRootLogin noĮxit the editor and restart SSHD service. ![]() Once the reboot process is finished, disconnect and log back into with the new username ssh ĬentOS 8 offers some security protection when SE Linux is enabled. The primary purpose of SE Linux is to control file access permissions by following the principle of least privilege so that programs only access files that they need to. ![]() We will change SE Linux from permissive mode to enforcing mode by setting the SELINUX=enforcing sudo nano /etc/selinux/config SELINUX=enforcing This is especially helpful when running a service such as NextCloud, but it does increase the complexity of the setup. The changes will be applied at the next reboot but to save time, you can change the setting for the runtime using the command below. Lastly, update the installed software sudo dnf -y update Memory protection checking: actual (secure) The output should then give the following. Once done, continue below with the next step. You will need to configure a valid domain name to point to your cloud server IP address to be able to obtain SSL certificates as described later in this guide. If you do not have a domain name, you can use Freenom to get a free temporary domain name. Sudo firewall-cmd -zone=public -add-service=https -permanent Which should give an output similar to HTTP/1.1 200 OKĬreate a firewall rule to allow web access sudo firewall-cmd -zone=public -add-service=http -permanent Should give an output similar to nginx version: nginx/1.14.1Įnable (ensure Nginx automatically starts upon reboot) and start Nginx sudo systemctl enable nginx Then update the repositories and install Nginx sudo dnf -y install nginx Next, we’ll install NGINX to work as the underpinnings of our NextCloud server.īut first, add the EPEL repository which sudo dnf -y install epel-release You can read more about domain name systems and how to configure DNS records to point your domain to the correct IP address at our guide to domain names. Sudo firewall-cmd -reload Getting Let’s Encrypt certificatesĮdit Nginx configuration to indicate the domain name sudo nano /etc/nginx/nfĬhange the server name to use your domain, replace the my. sudo dnf install -y certbot python3-certbot-nginx Next, install Certbot which will automate setting up the certificate. Then obtain the certificates with the following command. and as domains to obtain certificates for, which you should agree to.You can then choose to receive information from the Electronic Frontier Foundation (EFF).It will then ask for your email address and that you read and agree to the terms of service.On the first run, you’ll need to provide Certbot with some details. If successful, you’ll see a confirmation of Certbot having obtained certificates for your domain.įinally indicate that it should redirect all traffic from HTTP to HTTPS.It should then indicate the my.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |