UX

Build your own personal cloud

Picture of an Intel NUC and the logos or RHEL, Nextcloud and Collabora Online

On this page

Introduction

Goal

This blog post describes the process of building your own personal cloud with an Intel NUC (a small desktop computer), Red Hat Enterprise Linux (the most stable Linux distribution), Cockpit (the official server management software of Red Hat Enterprise Linux), Nextcloud (a comprehensive open source cloud platform) and Collabora Online (an emerging open source online office suite).

With this setup you will be able to:

  • Synchronise your files
    Nextcloud comes with the applications Nextcloud Desktop and Nextcloud Files. With these applications you can synchronise your local files with your own server online.

  • Edit documents online
    Nextcloud offers a very good integration of Collabora Online. When installed, you will be able to edit your office documents online in your browser!

  • Make online video calls
    Ever dreamed of having your own video platform? Well, Nextcloud comes with Nextcloud Talk and with this application you can easily create your own online video meetings!

  • Have your own groupware application
    Nextcloud comes with Nextcloud Groupware which consists of Nextcloud Mail, Nextcloud Calendar and Nextcloud Contacts. With these applications together, you can have your own groupware application.

Motivation

We live in an age where we increasingly spend our time online and save our personal data on one of the big cloud platforms (Google, Facebook, Microsoft, Apple and Amazon). This way we become more and more dependent on these services and lose our control of our personal data. Wouldn't be great if we could stop this movement and start taking back control? Well, that's the goal of this project: to build your own cloud platform so you don't have to rely on external cloud services. This way, you own your personal data again and have full control of your privacy. Wouldn't it be great if everybody started doing this?

Why I wrote this blog post

The reasons why I wrote this blog post are:

  1. When I write my own tutorial, I'm doing things step-by-step, and doing so, I make fewer mistakes.
  2. This tutorial is also my own logbook, so I can look up what I have done earlier.
  3. By writing and sharing this tutorial, I hope it will be a bit easier for others to build their own personal cloud. I tried to write this tutorial 'bulletproof', or in other words, as easy and well-structured as possible. To achieve this, I edited and reordered the text multiple times. Hopefully, I succeeded.

Hardware requirements

The goal was to create a server as simple and cheap as possible but still powerful enough to be able to run multiple virtual machines. For the hardware of the server, I chose an Intel NUC because they are small (11.7 cm x 11.2 cm x 5.1 cm), power efficient, and capable enough to be used as a home server.

I bought the Intel NUC10i3FNH with the following specifications:

  • Intel i3 processor (10th generation)
  • 16 GB of memory
  • SSD of 256 GB

The Intel NUC cost me 541 euro. A lot of money, but probably the least you have to spend on a private home server.

An Intel i3 processor is more than enough for a server that only will be used by a handful of people at the same time. Something like an I5 would only be required when more than 20 people will be using Nextcloud Talk at the same time.

Initially, I bought the Intel NUC with 8 GB of memory, but later I upgraded the system with another 8 GB of memory. In doing so, I was able to allocate 8 GB to the virtual machine with Nextcloud (see the next section for the software setup), 4 GB to the virtual machine for development purposes, and still have 4 GB left for the host. By allocating 8 GB to the virtual machine with Nextcloud, I don't need to be afraid that it will run out of memory when I'm using Nextcloud Talk.

The size of the SSD depends (of course) on the amount of data that you want to back up. I only have 33 GB of valuable data, so 256 GB is more than enough for me.

When choosing the size of the SSD, consider the following:

  1. Red Hat Enterprise Linux requires at least 10 GB of disk space (but 20 GB is recommended) for the host and for every virtual machine.
  2. If you want to use the new backup tool Nextcloud Backup you need a SSD of at least twice the size of your data because during the backup a complete (but temporary) copy of the data is made.

While the size of a SSD doesn't have any impact on the performance of the server, remember that if you have a lot of data (e.g. terabytes), the initial backup can take quite a long time (hours or maybe even days).

Software setup

Below you can find a diagram of the software setup.

The setup is as follows:

  • Red Hat Enterprise Linux 
    Red Hat Enterprise Linux is used as the host operating system and as the operating system inside the virtual machines. The requirements of Red Hat Enterprise Linux can be found here.

  • Cockpit
    Cockpit is used as the server management software and is installed on the host. With Cockpit you can create virtual machines and containers. For creating and running virtual machines it uses KVM (Kernel Virtual Machine) and for running containers it uses Podman. KVM is the virtualisation technology built into the Linux kernel, and Podman is the container engine developed by Red Hat (and can be used as a drop-in replacement of Docker).

  • Apache
    Apache runs on the host, and is used as a reverse proxy to the virtual machines. Inside the virtual machines Apache is installed as the main web server.
    A reverse proxy is an application that redirects traffic from the internet to one or more servers in the local network. During this step the internet traffic is 'offloaded' from HTTPS to HTTP (in other words: SSL is removed). Seen from the internet, the reverse proxy is the end point of the communication.

  • Nextcloud
    Nextcloud is the online cloud platform and is installed inside the first virtual machine. With Nextcloud you can synchronise your files, run your own video platform and have your own groupware application. In the Nextcloud App Store you can find all the applications that you can install.

  • Collabora Online
    Collabora Online is an emerging online open source office suite whose back-end (Collabora CODE) is based on LibreOffice. With Collabora Online you can edit LibreOffice documents and Microsoft Office documents in your browser.


This blog post is about the installation of the host server and the first virtual machine. I am, however, planning to create a second virtual machine and an additional container. In the second virtual machine, I want to create a PHP development environment by installing the complete LAMP stack and the open source online IDE OpenVSCode. The container will be used to run a private version of Penpot, an open source design and prototyping tool.

While this blog post describes the setup up in which Nextcloud runs inside a virtual machine, this setup isn't necessary if you are only going to use Nextcloud, and aren't going to use any additional virtual machines. In that case, you can leave out the creation of the virtual machines all together, and just install Nextcloud directly on the host. This makes the installation a lot easier and faster, but you also lose the scalability that comes with running applications inside virtual machines.

Alternative to

With the setup, you will be able to replace the following services:

  • File storage services like Dropbox, Google Drive or Microsoft OneDrive.
  • Online office suites like Microsoft 365 or Google Workspace.
  • Videoconferencing software like Zoom, Microsoft Teams or Google Meet.
  • Proprietary groupware applications like Microsoft Outlook or Google Gmail.
  • And while not the goal of the project, with the setup you can also replace virtualisation software like VMware vSphere or Proxmox. 

Red Hat Enterprise Linux

People familiar with Linux probably have a few questions about why I choose Red Hat Enterprise Linux as the main operating system. 

They probably have the following questions:

  1. Why did you choose Red Hat Enterprise Linux and not Linux distribution X?
  2. Don't you have to pay for Red Hat Enterprise Linux?
  3. Why didn't you choose CentOS?

Let's answer these questions!

The reason I choose Red Hat Enterprise Linux (RHEL) and not another Linux distribution, is that Red Hat Enterprise Linux is by far the most tested (and thus stable) Linux distribution. If you want to run a server, Red Hat Enterprise Linux should be your first choice. 

But “Don't you have to pay for Red Hat Enterprise Linux?” a lot of people will probably ask. Well, the answer is “no, not anymore”, and this is due to some changes Red Hat made to the development process of Red Hat Enterprise Linux in December 2020.

The changes made to the development process of RHEL can be seen in the diagram below.

Before December 2020, CentOS was a downstream project of Red Hat Enterprise Linux, after December 2020, CentOS moved to being an upstream project. This change had the following implications: CentOS no longer existed as a free implementation of Red Hat Enterprise Linux, and CentOS (now CentOS Stream) became the development version of Red Hat Enterprise Linux. Because a free version of Red Hat Enterprise Linux was now no longer available, Red Hat relaxed the licensing rules. Instead of being able to install Red Hat Enterprise Linux on just one server, it now became possible to install Red Hat Enterprise Linux up to 16 servers. This change had a significant impact because it now became possible for home users and small business to install Red Hat Enterprise Linux at a small scale for free!

The above story answers the two questions, “Don't you have to pay for Red Hat Enterprise Linux?” and “Why didn't you choose CentOS?” In summary: you don't have to pay anymore for Red Hat Enterprise Linux up to 16 installations, and in all these situations you don't need (or can't use) CentOS anymore (but you can use CentOS Stream). If you still want to use a complete licence-free implementation of Red Hat Enterprise Linux, you can use AlmaLinux or Rocky Linux.

Acknowledgement

This blog wouldn't have been possible without the help from employees and users of Nextcloud, Collabora Online, Apache and Cockpit. Thank you for all your help!

Feedback

If you want to give some feedback, you can use the contact form on this website.

Registration

Get a Red Hat account

The first step is to create a free Red Hat account.

  1. Go to redhat.com
  2. Click on Log in
  3. Click on Register now
  4. Fill in the form and click on Create my account

Get a Developer Subscription

For downloading Red Hat Enterprise Linux you need a No-Cost Red Hat Developer Subscription. You can get this No-Cost Red Hat Developer Subscription when you join the Red Hat Developer Program

  1. Go to developers.redhat.com/register
  2. Use the same e-mail address as in the previous step.
  3. You are now asked to log in, instead of filling in the complete form.
  4. Confirm when asked.

After joining the Red Hat Developer Program, the No-Cost Red Hat Developer Subscription is added to your account automatically. This No-Cost subscription gives you the right to install Red Hat Enterprise Linux on 16 machines

Create install disk

Download RHEL

  1. Go to Red Hat Customer Portal
  2. Click on Products & Services
  3. Click on Red Hat Enterprise Linux
  4. Click on Download Latest - Red Hat Enterprise Linux 8
  5. Download Red Hat Enterprise Linux 8.4 Binary DVD (9.43 GB)

You can download Red Hat Enterprise Linux on multiple locations but the advantage of this location is that it also shows the checksums of the ISO files.

The ISO file is so big (9.43 GB) because it contains all versions of Red Hat Enterprise Linux (server, workstation, etc.) and all kinds of development tools.

Verify the download

It's important to know that the ISO file that we downloaded hasn't been corrupted during the download. To verify that the ISO file hasn't been corrupted, follow the steps below.

1. Go to the location where you saved the ISO image.

2. Run the following command.

sha256sum rhel-8.4-x86_64-dvd.iso

3. Check if the output is the same as the checksum on the website.

Create a bootable USB

For creating a bootable USB drive with Red Hat Enterprise Linux you need a USB drive with at least 8 GB (the image of Red Hat Enterprise Linux on the USB drive is 4.7 GB).

1. Insert the USB drive into your computer or laptop.

2. Find the device name of the USB drive:

a. Install the command lsscsi.

On Fedora:

sudo dnf install lsscsi

Or on Ubuntu:

sudo apt install lsscsi

b. Run the following command.

lsscsi

Example output:

[0:0:0:0]    disk    Kingston DataTraveler 3.0       /dev/sda 
[N:0:4:1]    disk    PM981 NVMe Samsung 512GB__1     /dev/nvme0n1

In the output above you can read that the USB drive with the name Kingston DataTraveler 3.0 is attached to device sda in the directory dev.

3. Use the command dd to write the ISO file to the USB drive.

Structure

sudo dd if=[absolute path to the ISO file] of=[absolute path to the device]

Example

sudo dd if=/var/home/verhoeckx/Downloads/rhel-8.4-x86_64-dvd.iso of=/dev/sda

On my system it took 15 minutes to write the ISO file to the USB drive.

4. Unmount the USB drive:

a. Find the mount point.

lsblk

Example output

NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda           8:0    1  28.8G  0 disk 
└─sda1        8:1    1  28.8G  0 part /run/media/verhoeckx/KINGSTON
zram0       252:0    0     8G  0 disk [SWAP]
nvme0n1     259:0    0 476.9G  0 disk 
├─nvme0n1p1 259:1    0   600M  0 part /boot/efi
├─nvme0n1p2 259:2    0     1G  0 part /boot
└─nvme0n1p3 259:3    0 475.4G  0 part /var/home

Here you can see that the main partition on the USB drive (sda1) is mounted ('connected') to the location /run/media/verhoeckx/KINGSTON

b. Unmount the USB drive.

umount /run/media/verhoeckx/KINGSTON

5. Keep the RHEL ISO file.

You will need the RHEL ISO image to install it in a virtual machine.

Install RHEL

Pre-installation

  1. Connect the Intel NUC with a network cable to the router.
  2. Connect the Intel NUC with a HDMI cable to a monitor.
  3. Connect a mouse and a keyboard to the Intel NUC.
  4. Connect the adapter and power cable to a power outlet.
  5. Insert the USB drive in a free USB port.

The actual installation

Warning: it's only possible to enable the Ethernet connection in step 12 if there is a network cable connected to the Intel NUC. The Ethernet connection must be enabled because otherwise you won't have a network connection after the installation!

Don't use the automatic storage configuration. It creates multiple maximised XFS partitions (one for the normal user and one for root) which can't be shrunk!

  1. Press the power button;-)
    If the Intel NUC doesn't boot from the USB device, you can press F10 to get into the boot menu.
  2. Select Test this media & install Red Hat Enterprise Linux 8.4
  3. Select the language for the installation.
  4. Keyboard: change if necessary.
  5. Language Support: change if necessary.
  6. Time & Date: select a city to set the time and date.
  7. Connect to Red Hat: keep it on Not Registered
  8. Installation Source: keep it on Local media
  9. Software Selection: select the base environment Minimal Install
  10. Installation Destination:

    Select Custom under Storage Configuration and click on Done

    To add a partition click on the plus sign (+).

    a. Add a partition with the mount point /boot/efi and a capacity of 600 MiB
    b. Add a partition with the mount point /boot and a capacity of 1 GiB
    c. Add a partition with the mount point swap (without the / ) and a capacity of 8 GiB
    d. Add a partition with the mount point / and leave the capacity empty
        (When you leave the capacity empty all available space will be used.)

    For setting up the above partition scheme, I used the documentation below.
    RHEL 8: Appendix B. Partitioning reference
    What is the recommended swap size for Red Hat platforms? 

    Click on Done
    Click Accept Changes

  11. KDUMP: keep it on enabled.
  12. Network & Host name: enable the Ethernet connection.
    Disable the WIFI connection if there is one.
    Here you can also change the host name of the Intel NUC.
  13. Security Policy: set the switch Apply security policy on OFF
  14. Root Password: set a root password.
  15. User Creation: create at least one user.
    Make this user administrator (or in other words: give it sudo / root rights).
  16. Calmly review all the settings ;-)
  17. Start the Installation by clicking on Begin Installation
    On my system the installation took around 3 minutes.
  18. Reboot the system by clicking on Reboot system
  19. Log in and power-off the system with the command poweroff

Connect to the network

Now you installed Red Hat Enterprise Linux it's time to place the Intel NUC at the location that you want and connect the Intel NUC with an Ethernet cable to the router or switch. After you have done so, press the power button on the Intel NUC to power-on the device.

To log back in the system we need to know the IP-address it got from the router. The only way to know this, is to log in to the router and see which IP address was assigned to the device.

  1. Open a browser and go to the IP address 192.168.1.1
    It's possible that your router can be found on another IP address. In that case, consult the documentation of your router.
  2. Log in the router with the username and password.
    If you don't know the username and password, consult the documentation of your router.
  3. Look up the IP address in the network table
    On my router (Netgear) this table is called 'Attached Devices' but the manufacturer of your router may have given it another name. Try to find something similar. Look for the device name to find its IP address.
  4. Write down the IP address.
    We need this IP address to log into the system with SSH.

Log in to the system with SSH

Now that we have the IP address of the Intel NUC, we can log in to the system with SSH.

1. Open a terminal.

2. Run the command below.

ssh [username]@[IP address]

3. Enter your password.

Yes, we are back in!

Register the system

Get the username of your Red Hat account

To register the system with Red Hat you need to know the username (Red Hat login) of your Red Hat account. Follow the steps below to find your Red Hat username.

  1. Go to redhat.com
  2. Click on Log in and log in with your e-mail address and password.
  3. Click on Account Details
  4. Click on Login & password
  5. Your Red Hat username is your Red Hat login
  6. Write it down somewhere.

The actual registration

1.  Register your No-Cost Red Hat Developer Subscription.

sudo subscription-manager register --username [username Red Hat account] --password [password Red Hat account]

2. Set the role of the system to Red Hat Enterprise Linux Server

sudo subscription-manager role --set="Red Hat Enterprise Linux Server"

3. Set the service level the the system to Self-Support

sudo subscription-manager service-level --set="Self-Support"

4. Set the usage of the system to Development/Test

sudo subscription-manager usage --set="Development/Test"

5. Attach the Intel NUC to your No-Cost Red Hat Developer Subscription

sudo subscription-manager attach

The No-Cost Red Hat developer subscription gives you the right to install Red Hat Enterprise Linux on 16 (virtual) machines. When you attach the Intel NUC to your subscription it is counted as one of those 16 machines / installations.

When you go to the Red Hat Customer Portal you will see that you have one "Red Hat Developer Subscription for Individuals" and that 1 of 16 installations (6%) is being used (see Entitlement Usage).

Update the system

Run the following command.

sudo dnf upgrade

Enable auto update

1. Install the package dnf-automatic

sudo dnf install dnf-automatic

2. Install the command line text editor vim

sudo dnf install vim

3. Open the file /etc/dnf/automatic.conf

sudo vim /etc/dnf/automatic.conf

Press i to get into insert mode, set apply_updates to yes, press Esc to exit insert mode and type :wq to save and exit vim.

4. Enable and start the service.

sudo systemctl enable --now dnf-automatic.timer

5. Check if the service is running (exit with CTRL + C).

sudo systemctl list-timers *dnf-*

The system will now check every day at 06:00 for available updates. If there is an update the packages will be downloaded and installed.

You can check the default schedule here:

cat /usr/lib/systemd/system/dnf-automatic.timer

Install Cockpit

Now that we finished the installation of Red Hat Enterprise Linux we can start installing Cockpit on the server.

1. Log in to your server.

ssh [username]@[IP address]

2. Install Cockpit.

sudo dnf install cockpit

3. Enable Cockpit in systemd

sudo systemctl enable cockpit.socket

4. Start the application Cockpit.

sudo systemctl start cockpit.socket

5. Open Cockpit in a browser.

Open a browser and go to the address below.

[IP address Intel NUC]:9090

When you visit the address you probably get a warning that the website can't be trusted. Ignore this message and add a security exception to the website. After you have added the security exception you get the login page of Cockpit.

You can now log in with the user account that you created during the installation of Red Hat Enterprise Linux.

Securing the system

Securing SSH

Enable public-key authentication

By default SSH uses a username and password to log in to the system. While this is a safe way to log in to the system, it doesn't prevent your machine from a brute force SSH attack. If we configure the system in such a way that it uses public-key authentication this has the advantage that a brute force SSH attack becomes impossible and we can configure the server in such a way that logging in with a password isn't necessary anymore.

After you configured the server with public-key encryption, you will only be able to log in to the server with the laptop or computer on which you configured the key-pair (the public and private key).

How public-key encryption exactly works is out of the scope of this blog post but you can find many great articles on the internet!

   

1. Go back to the laptop or computer that you used to log in to the server.

2. Log in to with your normal user account.

3. Open a terminal.

4. Generate the public and private key pair utilising the RSA-algorithm.

ssh-keygen -t rsa

When you get the question to enter a passphrase, just press enter. This way you don't configure a passphrase and you will be able to log in to the Intel NUC without a password.

The private key can be found here:

~/.ssh/id_rsa

And the public key can be found here: 

~/.ssh/id_rsa.pub

5. Copy the public key to the user account on your Intel NUC.

ssh-copy-id -i ~/.ssh/id_rsa.pub [username]@[IP address]

After you have installed the public key on the server, you can log in to the Intel NUC without a password. This may seem insecure but remember that you now use public-key authentication in the background!

Disable all password authentication

While we have enabled public-key authentication for one user on the server for one account on your laptop, it's still possible to log in to the server with just a password from another account or from another computer! In other words: we are, by far, not protected from a brute force SSH attack!

To finish our protection to a brute force SSH attack we have to disable all password authentication on the server. This has the advantage that the root account is now blocked also.

1. Open the file /etc/ssh/sshd_config

sudo vim /etc/ssh/sshd_config

2. Find the line with the text PasswordAuthentication

/PasswordAuthentication

With the forward slash (/) you can search for a word in the document.

3. Change yes into no

Press i to get into insert mode, change yes to no, press Esc to exit insert mode and type :wq to save and exit vim.

4. Reload the SSH daemon.

sudo systemctl reload sshd

Now that we have enabled public-key authentication and disabled all password authentication, there is only one way to log in to the server and that's from your user account on your laptop to the user account on the server. Save the usernames and passwords of both user accounts (otherwise you won't be able to log in to the server anymore)!

Secure Cockpit

Block the root account

  1. Log in to Cockpit
  2. Open the tab Accounts
  3. Check Lock account

It's now not possible anymore to log in to Cockpit with the root account.

Internet connection

Now we have secured SSH and Cockpit we can safely connect the Intel NUC to the internet. The first step is to enable port forwarding on the router so that internet traffic, that arrives at the router, can reach the Intel NUC.

Enable port forwarding

Port forwarding has to be enabled for the following ports: 22 (SSH), 80 (HTTP), 443 (HTTPS) and 9090 (Cockpit).

  1. Open a browser and go to the IP address 192.168.1.1
    It's possible that your router can be found on another IP address. In that case, consult the documentation of your router.
  2. Log in to the router with the username and password.
    If you don't know the username and password, consult the documentation of your router.
  3. Enable port forwarding on the router.

    How you have to do this, is different on every router. On my Netgear router I had to follow the following steps:

    a. Click on the tab Advanced
    b. Click on Advanced Setup
    c. Click on Port Forwarding / Port Triggering

    For every service / port:

    d. Click on Add Custom Service
    e. Give the service a name (SSH / HTTP / HTTPS /Cockpit).
    f.  External Starting Port and External Ending Port: the port number (22 / 80 / 443 / 9090)
    g. Internal Starting Port and Internal Ending Port: the port number (22 / 80 / 443 / 9090)
    h. Internal IP address: the local IP-address of the Intel NUC.
    i.  Click on Apply

You can now reach the Intel NUC using the public IP address of your router. 

You can find the public IP address of your router with the following command:

host myip.opendns.com resolver1.opendns.com

Try to log in to the server with SSH and the public IP address:

ssh [username]@[Public IP address router]

And try to log in to Cockpit with the public IP address:

[Public IP address router]:9090

Configuring DNS

To be able to reach the server with a domain name, you have to add a domain name to a DNS server on the internet.

Here you have a few options:

  1. If you already have a registered domain you can add a subdomain and point it to the public IP address of the router. The advantage is that you can add the DNS entry yourself and you don't have to pay for an extra service. The disadvantage is that the IP address can change and if it does, you loose the connection with the server. If this happens, the only solution is to edit the DNS entry manually again.
  2. You register a new domain name and make it point to the public IP address of the router. This has the same disadvantage as the first solution.
  3. You register a domain name with a Dynamic DNS service provider (for example NoIP.com) and make it point to the public IP address of your router.
    The advantage of using a Dynamic DNS service provider is that they actively monitor your router and that they change the DNS entry automatically if they see that the public IP address of your router has changed. The disadvantage of such a service is that it you have to rely on a third party service and that it cost you money.

Whatever solution you choose, make sure that at the end of this step you have a registered domain (or subdomain) name pointing to your router. If necessary, call your web hosting provider for more information. 

Check if DNS works correctly by entering the domain name followed by the port number of Cockpit (:9090). If successful, you get the login screen of Cockpit.

Install Apache 

For our installation we have to install Apache twice: once on the host and once in a virtual machine. The installation on the host is only used to forward requests to the virtual machine. We are going to install Apache on the host now and we will install Apache on the virtual machine later.

1. Log in to the server.

ssh [username]@[local or public IP address]

2. Install the Apache web server.

sudo dnf install httpd

3. Enable the Apache web server in systemd

sudo systemctl enable httpd

4. Start the Apache web server.

sudo systemctl start httpd

5. Open port 80 and 443 in the firewall.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

6. Add a new configuration file.

a. Go to the directory /etc/httpd/conf.d

cd /etc/httpd/conf.d

b. Create a new configuration file. 

Give it the name virtualhosts.conf

sudo vim virtualhosts.conf

c. Add the following code.

ServerName localhost
DocumentRoot /var/www/html/

Press i to get into insert mode, copy and past the code, press Esc to exit insert mode and type :wq to save and close the file.

7. Enable HTTP connections in SELinux

sudo setsebool -P httpd_can_network_connect on

8. Restart Apache.

sudo systemctl restart httpd

9. Check if the connection works.

If you now enter the domain name you should see the Red Hat Enterprise Linux Test Page. If you see this page it means that Apache is installed and configured correctly on the server!

VM installation

Log in to the server with SSH.

ssh [username]@[IP address server]

Install Cockpit-machines

1. Install the package cockpit-machines

sudo dnf install cockpit-machines

2. Start the libvirtd service. 

sudo systemctl start libvirtd.service

Install a virtual network

1. Install the package libvirt-daemon-config-network

sudo dnf install libvirt-daemon-config-network

2. Start the virtual network with the name default

sudo virsh net-start default

Create a new storage pool

1. First create a new directory on the root file system

sudo mkdir /storage

2. Log in to Cockpit
3. Open the tab Virtual Machines
     (If you don't see this tab, press F5 to refresh the interface.)
4. Click on Storage pools
5. Click on Create storage pool

    Settings
    Connection: System
    Name: Give the storage pool a distinctive name.
    Type: Filesystem directory
    Target path: select /storage
    Startup: Start pool when host boots.

6. Click on Create
7. Click on the just created storage pool and click Activate

Create a new storage volume

  1. Go to Storage pools
  2. Click on the storage pool you just created.
  3. Click on tab Storage volumes
  4. Click on Create volume

    Settings
    Name: Give the volume a distinctive name.
    Size: Set the size of the virtual volume (e.g. 100 GB).

  5. Format: keep qcow2
  6. Click on Create

Copy the image to the server

1. Go to the location where you saved the RHEL ISO image.

2. Run the command below to copy the RHEL ISO image to the server.

   We use root because we copy the file to a directory on the root file system.

scp rhel-8.4-x86_64-dvd.iso root@[IP addresss server]:/var/lib/libvirt/images/

3. Wait until the system has finished copying the file (on my system it took 12 minutes).

Create the virtual machine

  1. Log into Cockpit
  2. Go to tab Virtual Machines
  3. Click on Create VM
  4. Name: give the virtual machine a distinctive name (e.g. Nextcloud).
  5. Connection: choose System
  6. Installation type: choose Local install media
  7. Installation source: select /var/lib/libvirt/images/rhel-8.4-x86_64-dvd.iso
  8. Operating system: Red Hat Enterprise Linux 8.4 (Ootpa)
  9. Storage: select the storage pool that you created earlier.
  10. Volume: select the volume you created earlier.
  11. Memory: Nextcloud needs at least 4 GB
  12. Keep Run unattended installation unchecked.
  13. Deselect Immediately start VM
  14. Click on Create

Install RHEL in the VM

Install RHEL

  1. Go to tab Virtual Machines
  2. Click on the just created virtual machine.
  3. Click on Install
  4. Click in the VNC console
  5. Select Test this media & install Red Hat Enterprise Linux 8.4
  6. Select the language you want to use during the installation.
  7. Keyboard: change if necessary.
  8. Language Support: change if necessary.
  9. Time & Date: select a city to set the time and the date.
  10. Connect to Red Hat: keep it on Not Registered
  11. Installation Source: keep it on Local media
  12. Software Selection: select the base environment Minimal Install
  13. Installation Destination:

    Select Custom under Storage Configuration and click on Done

    To add a partition click on the plus sign (+).

    a. Add a partition with the mount point biosboot (without the/ ) and a capacity of 1 MiB
    b. Add a partition with the mount point /boot and a capacity of 1 GiB
    c. Add a partition with the mount point swap (without the / ) and a capacity of 4 GiB
    d. Add a partition with the mount point / and leave the capacity empty.
        (When you leave the capacity empty all available space will be used.)

    Click on Done
    Click on Accept Changes

  14. KDUMP: keep it on enabled.
  15. Network & Host name: enable the Ethernet connection.
    Here you can also change the host name of the virtual machine.
  16. Security Policy: set the switch Apply security policy on OFF
  17. Root Password: set a root password.
  18. User Creation: create at least one user.
    Make this user administrator (or in other words: give it sudo / root rights).
  19. Calmly review all the settings ;-)
  20. Start the Installation by clicking onBegin Installation
    On my system the installation took around 3 minutes.
  21. Reboot the system by clicking on Reboot system
  22. Keep the system running.

Registering

We are going to use a standard terminal instead of the VNC console because the VNC console doesn't support copy and paste.

1. Log in to your Intel NUC

ssh [username]@[IP address Intel NUC]

2. Log in to the virtual machine

ssh [username]@[IP address virtual machine]

You can find the IP address of the virtual machine in Cockpit:

  1. Go to the tab Virtual Machines
  2. Click on the just created virtual machine.
  3. You can find the IP address in the section Networks

3. Register the virtual machine.

You can find the username (Red Hat login) of your Red Hat account here:

Redhat.com >> Account Details >> Login & password >> Red Hat login

1. Register your No-Cost Red Hat Developer Subscription.

sudo subscription-manager register --username [username Red Hat account] --password [password Red Hat account]

2. Set the role of the system to Red Hat Enterprise Linux Server

sudo subscription-manager role --set="Red Hat Enterprise Linux Server"

3. Set the service level the the system to Self-Support

sudo subscription-manager service-level --set="Self-Support"

4. Set the usage of the system to Development/Test

sudo subscription-manager usage --set="Development/Test"

5. Attach the virtual machine to your No-Cost Red Hat Developer Subscription

sudo subscription-manager attach

Update RHEL

sudo dnf upgrade

Enable auto update in vm

1. Install the package dnf-automatic

sudo dnf install dnf-automatic

2. Install the command line text editor vim.

sudo dnf install vim

3. Open the file /etc/dnf/automatic.conf

sudo vim /etc/dnf/automatic.conf

Press i to get into insert mode, set apply_updates to yes, press Esc to exit insert mode and type :wq to save and exit vim.

4. Enable and start the service.

sudo systemctl enable --now dnf-automatic.timer

5. Check if the service is running (exit with CTRL + C).

sudo systemctl list-timers *dnf-*

The system will now check every day at 06:00 for available updates. If there is an update the packages will be downloaded and installed.

Enable autostart on reboot

Make sure the virtual machine starts when the host machine starts.

  1. Go to the tab Virtual Machines
  2. Click on the just created virtual machine.
  3. Autostart: check Run when the host boots

Install Nextcloud

Log in the virtual machine

a. Log in to the server.

ssh [username]@[IP address Intel NUC]

b. Log in to the virtual machine

ssh [username]@[IP address virtual machine]

Install Apache

1. Install the Apache web server.

sudo dnf install httpd

2. Enable the Apache web server in systemd

sudo systemctl enable httpd

3. Start the Apache web server.

sudo systemctl start httpd

4. Open port 80 and 443 of the firewall.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

5. Enable HTTP connections in SELinux

sudo setsebool -P httpd_can_network_connect on

Add a virtual host file

1. Go to the directory /etc/httpd/conf.d

cd /etc/httpd/conf.d

2. Create a new virtual host file.

sudo vim nextcloud.conf

3. Add the following code.

ServerName localhost

<VirtualHost *:80 >
  DocumentRoot /var/www/html/
  ServerName  [your.domain.com]

  <Directory /var/www/html/>
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews

    <IfModule mod_dav.c>
      Dav off
    </IfModule>

  </Directory>
</VirtualHost>

Replace [your.domain.com] with your domain name.

4. Restart Apache.

sudo systemctl restart httpd

Add a reverse proxy

Now we installed Apache in the virtual machine, we need to add a reverse proxy to the Apache configuration file on the host

1. Exit the virtual machine.

exit

Make sure that you are on the host

2. Go the directory /etc/httpd/conf.d

cd /etc/httpd/conf.d

3. Open the file virtualhosts.conf

sudo vim virtualhosts.conf

4. Add the virtual host that will act as the reverse proxy.

ServerName localhost
DocumentRoot /var/www/html/

<VirtualHost *:80 >
    ServerName [your.domain.com]
    ProxyPreserveHost On
    ProxyPass / http://[IP address virtual machine]/
    ProxyPassReverse / http://[IP address virtual machine]/
</VirtualHost>

Replace [your.domain.com] with your domain name and [IP address virtual machine] with the IP address of the virtual machine.

5. Check the configuration file for syntax errors.

sudo apachectl configtest

6. Restart Apache.

sudo systemctl restart httpd

7. Check the connection.

a. Log in to the virtual machine

ssh [username]@[IP address virtual machine]

b. Go to the document root directory of Apache.

cd /var/www/html

c. Create the file index.html

sudo vim index.html

d. Add the following HTML.

<html>
        <head>
                <title>Test page for the back-end server</title>
        </head>
        <body>
                This is a simple test page hosted on the back-end server.
        </body>
</html>

e. Open a browser and go to your domain name. 

If you have done everything correctly, you should see the web page with the text This is a simple test page hosted on the back-end server

Congratulations: you have successfully configured the reverse proxy!

After this test, you can remove the file index.html because you won't need it anymore.

Install MariaDB

1. Install the MariaDB database client and server.

sudo dnf install mariadb mariadb-server

2. Enable the MariaDB database server in systemd

sudo systemctl enable mariadb

3. Start the MariaDB database server.

sudo systemctl start mariadb

4. Secure the MariaDB installation.

sudo mysql_secure_installation

Create database and user

1. Log in to MariaDB.

mysql -u root -p

2. Create a new database.

create database nextcloud;

3. Create a new database user.

CREATE USER '[username]'@'localhost' IDENTIFIED BY '[password]';

4. Give the user the right to access the nextcloud database.

GRANT ALL PRIVILEGES on nextcloud.* to '[username]'@'localhost';

5. Reload the MariaDB grant tables that are responsible for the user privileges.

flush privileges;

6. Log out of MariaDB.

exit;

Install PHP

1. Install the EPEL repository

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

2. Install the REMI repository

sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

3. Install and enable the PHP REMI 7.4 stream

sudo dnf module install php:remi-7.4

4. Install PHP and all needed modules.

sudo dnf install php php-gd php-mbstring php-intl php-mysqlnd php-opcache php-json php-zip php-dom php-posix

Install Nextcloud server

1. Go to the DocumentRoot directory of Apache.

cd /var/www/html

2. Install wget and unzip

sudo dnf install wget unzip

3. Download Nextcloud 22

sudo wget https://download.nextcloud.com/server/releases/nextcloud-22.1.0.zip

4. Optional: check the integrity of the zip file.

a. Download the MD5 or SHA256 checksum (hash).

sudo wget https://download.nextcloud.com/server/releases/nextcloud-22.1.0.zip.md5
sudo wget https://download.nextcloud.com/server/releases/nextcloud-22.1.0.zip.sha256

b. Compare the Nextcloud zip file with the checksum.

md5sum -c nextcloud-22.1.0.zip.md5
sha256sum -c nextcloud-22.1.0.zip.sha256

6. Optional: check the authenticity of the zip file.

a. Download the digital signature (encrypted hash) of the zip file.

sudo wget https://download.nextcloud.com/server/releases/nextcloud-22.1.0.zip.asc

b. Download the public key of Nextcloud.

sudo wget https://nextcloud.com/nextcloud.asc

c. Add the public key to GNU Privacy Guard (GPG).

sudo gpg --import nextcloud.asc

d. Verify the signature (check if the hashes match).

gpg --verify nextcloud-22.1.0.zip.asc nextcloud-22.1.0.zip

7. Optional: remove the digital signature, public key and checksum files.

sudo rm nextcloud-22.1.0.zip.asc nextcloud.asc nextcloud-22.1.0.zip.md5 nextcloud-22.1.0.zip.sha256

8. Unpack the zip file.

sudo unzip nextcloud-22.1.0.zip

9. Remove the zip file.

sudo rm nextcloud-22.1.0.zip

10. Move the content of the folder nextcloud (including all hidden files) to the folder html

sudo mv nextcloud/* nextcloud/.* .

11. Remove the, now empty, folder nextcloud

sudo rmdir nextcloud

12. Add the folder data

sudo mkdir data

13. Set Apache as the owner of all the files in the DocumentRoot

sudo chown -R apache:apache .

Configure SELinux

1. Install the package policycoreutils-python-utils

sudo dnf install policycoreutils-python-utils

2. Give Nextcloud read and write access to several internal files and directories.

sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/data(/.*)?'
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/config(/.*)?'
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/apps(/.*)?'
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/.htaccess'
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/.user.ini'
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'

3. Enable the above security settings.

sudo restorecon -R '/var/www/html/'

Nextcloud installation wizard

Open a browser and go to your domain name. If you have configured everything correctly, you see the Nextcloud installation wizard.

  1. Create an admin account.
    Enter a username and a password
  2. Click on Storage & databases.
  3. Keep the data folder as it is (/var/www/html/data).
  4. Select MySQL/MariaDB as the database back-end.
  5. Enter the database settings (see Install MariaBD, step 5).
    Enter the name of the database user.
    Enter the password of the database user.
    Enter the name of database (nextcloud).
    Keep the server name on localhost.
  6. Unselect Install recommended apps.
  7. Click on Finish setup.

    If Nextcloud doesn't correctly redirects to the dashboard, enter the address manually:
    [your domain name]/index.php

Enable HTTPS

Add a second virtual host

The SSL-certificate needs to be installed on the host so make sure that you are on the host.

1. Exit the virtual machine.

exit

Make sure that you are on the host

2. Install the Apache module mod_ssl

sudo dnf install mod_ssl

3. Go the directory /etc/httpd/conf.d

cd /etc/httpd/conf.d

4. Open the file virtualhosts.conf

sudo vim virtualhosts.conf

5. Add a second virtual host with the following configuration.

<VirtualHost *:443 >
    ServerName [your.domain.com]
    ProxyPreserveHost On
    ProxyPass / http://[IP address virtual machine]/
    ProxyPassReverse / http://[IP address virtual machine]/
    SSLEngine on
</VirtualHost>

Replace [your.domain.com] with your domain name and [IP address virtual machine] with the IP address of the virtual machine.

6. Redirect port 80 to port 443.

Because we now have a virtual host for port 443 we can redirect all the traffic from the virtual host with port 80 to the virtual host with port 443. The reverse proxy in the virtual host with port 80 can also be removed because it's now in the virtual host with port 443.

The new code for the virtual host with port 80 is:

<VirtualHost *:80 >
    ServerName [your.domain.com]
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =[your.domain.com]
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Replace [your.domain.com] with your domain name.

And the complete code is:

ServerName localhost
DocumentRoot /var/www/html/

<VirtualHost *:80 >
    ServerName [your.domain.com]
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =[your.domain.com]
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443 >
    ServerName [your.domain.com]
    ProxyPreserveHost On
    ProxyPass / http://[IP address virtual machine]/
    ProxyPassReverse / http://[IP address virtual machine]/
    SSLEngine on
</VirtualHost>

7. Check the configuration file for syntax errors.

sudo apachectl configtest

Install Certbot

For requesting the SSL certificate we are going to use the application certbot from the Electronic Frontier Foundation (EFF). 

Make sure that you are on the host

1. Add the Extra Packages for Enterprise Linux (EPEL) repository.

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

2. Install snapd

sudo dnf install snapd

3. Enable the snap daemon in systemd

sudo systemctl enable snapd

4. Start the snap daemon.

sudo systemctl start snapd

5. Enable "classic" snap support (give snaps the same permissions as RPM packages).

sudo ln -s /var/lib/snapd/snap /snap

6. Reboot the server to finalise the installation of snapd

sudo reboot

7. Log back in.

ssh [username]@[IP address server]

8. Install (the latest version of) snap core

sudo snap install core

9. Install the snap certbot with "classic" permissions.

sudo snap install --classic certbot

10. Make sure that the command certbot can be run.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Get the SSL certificate

1. Request the certificate from Let's Encrypt.

sudo certbot --apache

a. Enter your e-mail address
b. Agree to the Terms of Service
c. Agree or disagree to share your e-mail address with the Electronic Frontier Foundation.
d. Select the domain name for which you want to request the SSL certificate.

Wait until the certificate is deployed successfully.

2. Restart Apache.

sudo systemctl restart httpd

3. Test if the renewal of the certificates works fine.

sudo certbot renew --dry-run

4. Test if your website can be reached with HTTPS.
    Open a browser and type https://followed by your domain name.

When you now open the virtual host file again (/etc/httpd/conf.d/virtualhosts.conf) you will see that certbot has added all the necessary directives to configure the SSL certificate!

ServerName localhost
DocumentRoot /var/www/html/

<VirtualHost *:80 >
    ServerName [your.domain.com]
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =[your.domain.com]
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443 >
    ServerName [your.domain.com]
    ProxyPreserveHost On
    ProxyPass / http://[IP address virtual machine]/
    ProxyPassReverse / http://[IP address virtual machine]/
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/[your.domain.com]/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/[your.domain.com]/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

Post installation

Force Nextcloud to use HTTPS

1. Log in on the virtual machine.

ssh [username]@[IP address virtual machine]

2. Go to the configuration folder of Nextcloud

cd /var/www/html/config/

3. Open the configuration file config.php

sudo vim config.php

4. Add the following two lines to PHP array.

  'overwrite.cli.url' => 'https://[your.domain.com]',
  'overwriteprotocol' => 'https',

Replace [your.domain.com] with your domain name.

Increase memory limit

1. Open the file /etc/php.ini

sudo vim /etc/php.ini

2. Search for directive memory_limit

/memory_limit

3. Change the value from 128MB to 512MB

; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 512M

4. Restart Apache.

sudo systemctl restart httpd

5. If the restart of Apache didn't work, reboot the virtual machine.

sudo reboot

Add host as a trusted proxy

1. Open the configuration file of Nextcloud

sudo vim /var/www/html/config/config.php

2. Add the following line to the PHP array.

'trusted_proxies'   => ['Internal IP address host'],

You can get the IP address of the host on the internal (virtual) network by logging out of the virtual machine and running the command hostname -I

3. Restart Apache.

sudo systemctl restart httpd

Enable HSTS

HSTS: HTTP Strict Transport Security

1. Log in on the host

ssh [username]@[IP address server]

2. Open the virtual host file.

sudo vim /etc/httpd/conf.d/virtualhosts.conf

3. Add the following three lines to the virtual host with port 443.

    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>

4. Restart Apache.

sudo systemctl restart httpd

Enable PHP OPcache

1. Log in on the virtual machine.

2. Open the configuration file of OPcache

sudo vim /etc/php.d/10-opcache.ini

3. Check the following values and change or enable them (removing the ;) accordingly.

opcache.enable = 1
opcache.interned_strings_buffer = 8
opcache.max_accelerated_files = 10000
opcache.memory_consumption = 128
opcache.save_comments = 1
opcache.revalidate_freq = 1

4. Restart Apache.

sudo systemctl restart httpd

5. If the restart of Apache didn't work, reboot the virtual machine.

sudo reboot

Redirect CalDAV / CardDAV

1. Log in on the host

2. Open the virtual host file.

sudo vim /etc/httpd/conf.d/virtualhosts.conf

3. Add the following three lines to the virtual host with port 443

RewriteEngine On
RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]

4. Restart Apache

sudo systemctl restart httpd

Add the default phone region

1. Log in on the virtual machine.

2. Open the configuration file of Nextcloud

sudo vim /var/www/html/config/config.php

3. Add the following line to the PHP array.

'default_phone_region' => '[country code]',

Replace the country code with to the country code of your country.
You can find all country codes here.

3. Close and save the file.

Install a memory cache 

1. Log in on the virtual machine.

2. Install the package php-pecl-apcu

sudo dnf install php-pecl-apcu

3. Open the configuration file of Nextcloud

sudo vim /var/www/html/config/config.php

4. Add the line below to the PHP array.

'memcache.local' => '\OC\Memcache\APCu',

5. Restart Apache

sudo systemctl restart httpd

6. Check if command line access of APCu is enabled.

a. Open the configuration file of APCu

sudo vim /etc/php.d/40-apcu.ini

b. Check if the variable apc.enable_cli is set to 1 (if not, change the value to 1).

Install missing PHP modules

1. Log in on the virtual machine.

2 Install the PHP modules bcmath

sudo dnf install php-bcmath

3. Install the PHP modules gmp

sudo dnf install php-gmp

4. Install the PHP module imagick

sudo dnf install php-pecl-imagick

Note: packages like php74-php-pecl-imagick do not work.

Update Nextcloud

1. Log in on the virtual machine.

2. Put SELinux in permissive mode

sudo setenforce 0

3. Start the update process.

  1. Log in the Nextcloud web interface.
  2. Go to Settings
  3. Click on Overview
  4. Check if there is an update.
  5. Click on Open updater
  6. Click on Start update
  7. Click on Disable maintenance mode and continue in the web based updater
  8. Click on Start update

4. Put SELinux in enforcing mode

sudo setenforce 1

Configure the email server

In order to be able to send emails, for example when a user has forgotten his/her password, you have to configure the email server. You can configure the email server when you go to Settings -> Basic settings

Email server settings

  1. Send mode: SMTP
  2. Encryption: None or SSL/TLS
  3. From address: an existing email address belonging to your domain.
  4. Authentication method: Login and check Authentication required
  5. Server address: the server address of the SMTP server.
    Consult the online documentation of your web hosting company for the correct address of the SMTP server.
  6. Port number: use port 587 if you use SMTP without encryption (Encryption: None) or port 465 if you use SMTP with encryption (Encryption: SSL/TLS).
  7. Credentials: the username and password to log in to the SMPT server.
    Consult the online documentation of your web hosting company for the correct username and password.
  8. Click on Save, and test the email settings by clicking on Send email

  

I noticed that Nextcloud sometimes gives false warnings like Invalid SMTP password
Just ignore these messages.

Install Nextcloud client

The recommended way to install an app on Linux, is to either use the Flatpak or Snap version of the program. Both package formats use container technologies to isolate the application from the host operating system. Another advantage of these package formats is that updates are installed immediately when they are available.

When you use a Linux distribution with Flatpak of Snap enabled, use the application GNOME Software or KDE Discover to install the Nextcloud client. 

If you can't find the Nextcloud client in GNOME Software or KDE Discover, install the application directly from the website Flathub (for Flatpak apps) or Snapcraft (for Snap packages). Below you can find the addresses.

Flathub

https://flathub.org/apps/details/com.nextcloud.desktopclient.nextcloud

Snapcraft

https://snapcraft.io/nextcloud

Enable autostart

Nextcloud Desktop does have the option Launch on System Startup however this option doesn't work in the Flatpak version of the application. The good news is that in GNOME and KDE both offer a way to start an application at boot time.

On the GNOME desktop:

  1. Install GNOME Tweaks with GNOME Software.
  2. Open the application and open the tab Startup Applications
  3. Click on the add button (+) and select Nextcloud Desktop
  4. Restart your computer and test if Nextcloud starts automatically.

On the KDE desktop:

  1. Open KDE System Settings
  2. Click on the tab Startup and Shutdown
  3. Click on Autostart
  4. Click on Add Program and select Nextcloud Desktop
  5. Restart your computer and test if Nextcloud starts automatically.

Synchronise your files

Clean up files

  1. Log in to you Nextcloud installation.
  2. Go to Files
  3. Click on All files
  4. Select all the default files and templates.
  5. Click on ...Actions and choose Delete
  6. Go to Deleted files
  7. Select all files.
  8. Click on ...Actions and choose Delete permanently

Configure settings

  1. Launch the application but close the window Add Nextcloud account
    Reason: we have to configure the settings first.
  2. Click on the icon in the system tray of your desktop environment.
    If you use GNOME: install the extension AppIndicator and KStatusNotifierItem Support to see the system tray.
  3. Select Settings
  4. Increase the size of the setting Ask for confirmation before synchronizing folders larger than to a value that is higher than any directory in your home directory. This way you will never be asked to confirm the synchronisation of a directory. Tip: use the application Disk Usage Analyzer to find the size of the directories.
  5. Click on Edit Ignored Files
  6. Deselect Sync hidden files
  7. Click on OK
  8. Close the window.

In version 3.3.3 of the Nextcloud app the deselecting of the option Sync hidden files isn't saved and you have to add the expression .* (all hidden files) manually.

1. Open the window Edit Ignored Files
2. Click on Add
3. Type .*
4. Click on OK
5. Click again on OK

Synchronise your files

  1. Click on the icon in the system tray of your desktop environment.
  2. Click on Add account
  3. Click on Log in to your Nextcloud
  4. Enter the address of the Nextcloud server.

    After you entered the address and clicked on Next, you are redirected to a web page on your Nextcloud server and asked to log in. This in order to grant the desktop application access to the Nextcloud installation.

    1. Click on Log in
    2. Log in with your username and password.
    3. Click on Grant access
    4. Close the browser window and go back to the Desktop application.

  5. Select the folder (or complete home directory) that you want to synchronise.
  6. Keep Synchronize everything from server selected.
  7. Keep Keep local data selected in order to preserve all files on your laptop/computer.
  8. Click on Connect
  9. Wait until all files and directories are synced. 

    Depending on the number and size of your files this can take many hours! On my system the synchronisation of 33 GB took more than two hours.

Exclude Downloads directory

  1. Create a backup of the Downloads directory.
  2. Click in the system tray on the Desktop client and choose Settings
  3. Uncheck the checkbox to the left of the directory Downloads
    A warning will appear that the Downloads directory, including all the data, will be removed from the local file system. 
  4. Choose Apply
    The directory Downloads and all the data will now be removed from the local file system.
  5. Create a new directory with the name Downloads
  6. Restore all the data that you saved previously.

Install Collabora Office

Install Collabora Online app

  1. Log in the Nextcloud web interface.
  2. Go to Apps
  3. Click on App bundles
  4. Go to HUB bundle
  5. Click on Enable all

The HUB bundle installs the Collabora Online app and the CODE server (CODE stand for Collabora Online Development Edition).

Set the forward protocol

1. Log in on the host

2. Open the virtual host file.

sudo vim /etc/httpd/conf.d/virtualhosts.conf

3. Add the following line to the virtual host with port 443

RequestHeader set X-Forwarded-Proto https

4. Restart Apache.

sudo systemctl restart httpd

Fix SELinux issues

At this stage it's likely that Collabora Online isn't working correctly because SELinux is preventing applications to access the built-in AppImage. To test this is the case, run (on the virtual machine) sudo setenforce 0 to put SELinux in permissive mode. If Collabora works fine now, you know it's a SELinux issue. You can put SELinux in enforcing mode again by running sudo setenforce 1

When using setenforce it may be necessary to restart Apache to make sure that all related processes are stopped and restarted.

To find and fix the exact causes, follow the next steps.

1. Log in on the virtual machine.

2. Install the SELinux debugging tools

sudo dnf install setroubleshoot setools

3. Run the command sealert

sudo sealert -a /var/log/audit/audit.log

4. Read the report and find the issues that are related to the built-in AppImage.

5. Execute the given instructions.

In my case, for example, I had to enter the following commands (there were more issues) :

sudo ausearch -c 'php-fpm' --raw | audit2allow -M my-phpfpm
sudo semodule -X 300 -i my-phpfpm.pp

sudo ausearch -c 'sh' --raw | audit2allow -M my-sh
sudo semodule -X 300 -i my-sh.pp

The above commands allow PHP-FPM and Bash to access the built-in AppImage.

The command audit2allow generates a SELinux security policy module based on the output of the previous command (ausearch). By running semodule the security policy module is installed and enabled.

Fix all the SELinux warnings about Collabora Online that you can find. 

6. Check if Collabora Online is working properly now by opening a LibreOffice file.

Configure Groupware

The Nextcloud Groupware bundle, consisting of Nextcloud Calendar, Contacts and Mail, is probably already installed so you don't have to do anything for this. You have to, however, configure the email server in such a way that you can send and receive emails. When you open the mail application for the first time your are asked to enter the email settings. Choose the tab Manual to enter the settings manually. 

Email settings

  1. Enter a username and choose an email address that belongs to your domain.
  2. Enter address of the IMAP server.
    Consult the online documentation of your web hosting company for the correct address of the IMAP server.
  3. Choose the level of security: None or SSL/TLS
  4. Enter the port number.
    Use port number 143 if you use IMAP without encryption (IMAP Security: None) or port number 993 if you use IMAP with encryption (IMAP Security: SSL/TLS).
  5. Enter the username and password to log in to the IMAP server.
    Consult the online documentation of your web hosting company for the correct username and password.
  6. Enter the address of the SMTP server.
    Consult the online documentation of your web hosting company for the correct address of the SMTP server.
  7. Choose the level of security: None or SSL/TLS
  8. Enter the port number.
    Port number: use port 587 if you use SMTP without encryption (SMTP Security: None) or port 465 if you use SMTP with encryption (SMTP Security: SSL/TLS).
  9. Enter the username and password to log in to the SMTP server.
    Consult the online documentation of your web hosting company for the correct username and password.
  10. Click on Connect

After connecting, test if you can send and receive emails correctly. The email application is quite basic but it works!

Manual update

When trying to update Nextcloud from version 2.2.0 to 2.2.3 the update got stuck on the step 'Delete old files' and the system was left in an unknown state. To restore the system I had to update Nextcloud manually. Below you can find the instructions how to do this.

1. Stop Apache.

sudo systemctl stop httpd

2. Put SELinux is permissive mode

sudo setenforce 0

3. Back up the database.

mysqldump --single-transaction -h -u [username] -p [db_name] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak

You can find the username, database name and password in the Nextcloud config file.

4. Rename the root directory of Nextcloud.

mv html html-old

5. Create a new root directory.

mkdir html

6. Go to the new root directory.

cd html

7. Download the latest version of Nextcloud.

wget https://download.nextcloud.com/server/releases/nextcloud-22.2.3.zip

8. Unpack the zip file.

unzip nextcloud-22.2.3.zip

9. Remove the zip file.

rm nextcloud-22.2.3.zip

10. Move the content of the folder nextcloud to the folder html (including hidden files).

sudo mv nextcloud/* nextcloud/.* .

11. Remove the (now empty) folder nextcloud

sudo rmdir nextcloud

12. Restore the configuration file.

a. Go to the directory config

cd config

b. Copy the old configuration file to the new installation.

cp ../../html-old/config/config.php .

13. Restore the data.

a. Go the root directory of Nextcloud

cd /var/www/html

b. Move the old data folder to the new installation.

mv ../html-old/data/ .

14. Set Apache as the owner of all the files

sudo chown -R apache:apache .

15 Set the correct file permissions.

sudo find . -type d -exec chmod 750 '{}' \;
sudo find . -type f -exec chmod 640 '{}' \;

16. Put SELinux in enforcing mode

sudo setenforce 1

17. Start Apache.

sudo systemctl start httpd

18. Start the upgrade process.

a. Go to the root directory of Nextcloud

cd /var/www/html

b. Run the command occ upgrade

sudo -u apache php occ upgrade

19. Delete the old SELinux settings.

sudo semanage fcontext -d '/var/www/html/data(/.*)?'
sudo semanage fcontext -d '/var/www/html/config(/.*)?'
sudo semanage fcontext -d '/var/www/html/apps(/.*)?'
sudo semanage fcontext -d '/var/www/html/.htaccess'
sudo semanage fcontext -d '/var/www/html/.user.ini'
sudo semanage fcontext -d '/var/www/html/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'
sudo restorecon -R '/var/www/html/'

20. Add ('renew') the new SELinux settings.

sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/data(/.*)?'
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/config(/.*)?'
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/apps(/.*)?'
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/.htaccess'
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/.user.ini'
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'
sudo restorecon -R '/var/www/html/'

22. Log in to your updated Nextcloud installation!

It's possible that even after renewing the SELinux settings, Collabora Online still doesn't load. In that case we have to search again for SELinux messages.

Run the command sealert to find all SELinux issues.

sudo sealert -a /var/log/audit/audit.log

Read the report and find all the issues that are related Collabora Online. Execute the given commands. Hopefully, it will work again!