Home » Blog » Setting up Nextcloud on CentOS 8 with Nginx and SSL/TLS

Information

Setting up Nextcloud on CentOS 8 with Nginx and SSL/TLS

Benhcmark Administrator

09/09/2025

0 Views 0

SaveSavedRemoved 0

A Complete Guide to Installing Nextcloud on CentOS 8 with Nginx and SSL

In an era of growing concerns over data privacy and digital ownership, hosting your own cloud storage solution is an increasingly popular and powerful choice. Nextcloud stands out as a leading open-source platform that allows you to create a private, self-hosted cloud for file sharing, collaboration, and communication, putting you in complete control of your data.

This comprehensive guide will walk you through the entire process of installing and securing Nextcloud on a CentOS 8 server, using Nginx as the web server and Let’s Encrypt for free SSL/TLS encryption. By following these steps, you will deploy a robust, secure, and high-performance private cloud.

Prerequisites

Before we begin, ensure you have the following in place:

• A server running a fresh installation of CentOS 8.
• A non-root user with sudo privileges.
• A fully qualified domain name (FQDN), such as cloud.yourdomain.com, pointed to your server’s public IP address.
• A basic firewall configured (we will use firewalld).

Step 1: Installing the Core Dependencies (Nginx, MariaDB, and PHP)

Our first step is to install the necessary software components that Nextcloud relies on: a web server (Nginx), a database (MariaDB), and the PHP scripting language.

First, update your system’s package index:

sudo dnf update -y

Next, install Nginx. The version in the default CentOS repositories is sufficient.

sudo dnf install nginx -y

Now, let’s install MariaDB, a popular and reliable open-source database server.

sudo dnf install mariadb-server mariadb -y

Finally, we need to install PHP and several essential extensions that Nextcloud requires to function correctly.

sudo dnf install php-fpm php-mysqlnd php-gd php-json php-intl php-mbstring php-xml php-zip php-opcache php-curl php-gmp php-imagick -y

Once all packages are installed, start and enable the services so they automatically launch on boot.

sudo systemctl enable --now nginx
sudo systemctl enable --now mariadb
sudo systemctl enable --now php-fpm

Step 2: Configuring the Database for Nextcloud

With MariaDB installed, we need to secure it and create a dedicated database and user for our Nextcloud installation.

First, run the initial security script. This will prompt you to set a root password, remove anonymous users, and enhance security.

sudo mysql_secure_installation

Follow the on-screen prompts. It’s highly recommended to answer ‘Y’ (yes) to all questions for a secure setup.

Next, log in to the MariaDB shell as the root user:

sudo mysql -u root -p

Enter the root password you just set. Now, execute the following commands to create the database, user, and grant the necessary permissions. Remember to replace 'your_strong_password' with a unique, strong password.

CREATE DATABASE nextcloud_db;
CREATE USER 'nextcloud_user'@'localhost' IDENTIFIED BY 'your_strong_password';
GRANT ALL PRIVILEGES ON nextcloud_db.* TO 'nextcloud_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

You now have a secure and ready database for Nextcloud.

Step 3: Downloading and Preparing Nextcloud

It’s time to download the latest version of Nextcloud and place it in the correct web directory.

Navigate to the /tmp directory and use wget to download the latest stable release from the official Nextcloud website.

cd /tmp
wget https://download.nextcloud.com/server/releases/latest.zip

Once the download is complete, unzip the archive:

unzip latest.zip

This will create a nextcloud directory. We will move this directory to /var/www/ to serve it with Nginx.

sudo mv nextcloud /var/www/

The final and most critical preparation step is to set the correct ownership and permissions. The web server user (nginx) needs to be able to read, write, and execute files within this directory.

sudo chown -R nginx:nginx /var/www/nextcloud/

This command ensures Nginx can manage the Nextcloud files, which is essential for installation, updates, and app management.

Step 4: Configuring the Nginx Server Block

By default, Nginx serves a default page. We need to create a specific configuration file (a “server block”) to tell Nginx how to handle requests for your Nextcloud domain and how to process PHP files.

Create a new configuration file in the conf.d directory:

sudo nano /etc/nginx/conf.d/nextcloud.conf

Paste the following configuration into the file. Be sure to replace cloud.yourdomain.com with your actual domain name.

upstream php-handler {
    server unix:/run/php-fpm/www.sock;
}

server {
    listen 80;
    server_name cloud.yourdomain.com;

    # Add HSTS header for security
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;

    root /var/www/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    # Set client body size to a large value
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json;

    index index.php;
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
        rewrite ^ /index.php$request_uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on; # Important for SSL
        fastcgi_pass php-handler;
    }

    location ~* \.(?:css|js|woff|svg|gif)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        access_log off;
    }

    location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$request_uri;
        access_log off;
    }
}

Save and close the file. To ensure there are no syntax errors in your configuration, run:

sudo nginx -t

If the test is successful, restart Nginx to apply the changes:

sudo systemctl restart nginx

Step 5: Securing Your Domain with Let’s Encrypt SSL

An encrypted connection is non-negotiable for a cloud storage platform. We will use Certbot to automatically obtain and configure a free SSL certificate from Let’s Encrypt.

First, open your firewall to allow HTTPS traffic:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Next, install the Certbot client and its Nginx plugin:

sudo dnf install certbot python3-certbot-nginx -y

Now, run Certbot. It will automatically detect your domain from the Nginx configuration, obtain a certificate, and configure Nginx to use it.

sudo certbot --nginx -d cloud.yourdomain.com

Follow the prompts to enter your email address and agree to the terms of service. When asked about redirecting HTTP traffic, it is strongly recommended to choose the option to redirect all traffic to HTTPS.

Certbot will confirm a successful installation and your certificate’s expiration date. It will also set up an automatic renewal process.

Step 6: Finalizing the Nextcloud Installation

With all the server-side configuration complete, the final step is to set up Nextcloud through its web interface.

Open your web browser and navigate to your domain (e.g., https://cloud.yourdomain.com).

You will be presented with the Nextcloud setup page.

1. Create an admin account: Choose a username and a strong password for your administrator account.
2. Configure the database: Click on “Storage & database.”
   • Select MySQL/MariaDB.
   • Enter the database details you created in Step 2:
     • Database user: nextcloud_user
     • Database password: your_strong_password
     • Database name: nextcloud_db
     • Database host: localhost
3. Click the Finish setup button.

The installation may take a minute or two. Once complete, you will be logged into your new, secure Nextcloud dashboard.

Post-Installation Security and Performance Tips

To ensure your Nextcloud instance runs smoothly and securely, consider these final steps:

• Set up a Cron Job: By default, Nextcloud uses a method called AJAX to run background tasks, which can be unreliable. For better performance, switch to a system cron job. Edit your crontab as the nginx user: sudo -u nginx crontab -e and add the following line:
  
*/5 * * * * php -f /var/www/nextcloud/cron.php

  Then, in your Nextcloud admin settings under “Basic settings,” select “Cron.”
• Enable Memory Caching: For a significant performance boost, configure a memory cache like Redis or APCu. This reduces database load and speeds up the user interface.

You have now successfully deployed a secure, private, and powerful cloud storage solution on your own server. You are in full control of your data, with the flexibility to expand and customize your cloud to fit your needs.

Source: https://kifarunix.com/install-nextcloud-with-nginx-and-ssl-tls-certificates-on-centos-8/