#KONFIGURASI SSH CENTOS7

1. Pastikan SSH sudah terinstall

2. vi /etc/ssh/sshd_config
- Aktifkan Port 22
- Aktifkan MaxAuthTries dan MaxSessions ( Rubah sesuai dengan kebutuhan )
- Pastikan PermitRootLogin sudah Mati
- Tambahkan perintah AllowUsers ‘username’ dipaling bawah
3. systemctl restart sshd
4. firewall-cmd –permanent –add-port=22/tcp
5. firewall-cmd –reload

#KONFIGURASI VSFTD CENTOS7

1. Pastikan sudah terhubung ke Internet

2. Yum install vsftpd
3. vi /etc/vsftpd/vsftpd.conf
- Matikan anonymous_enable=YES
4. systemctl start vsftpd
systemctl enable vsftpd
5. setsebool -P tftp_home_dir on
6. setsebool -P allow_ftpd_full_access on
7. firewall-cmd –permanent –add-port=21/tcp
8. firewall-cmd –reload

#PHP7.2 PHP-FPM CENTOS7

1. yum update
2. yum install epel-release
3. yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
4. vi /etc/yum.repos.d/remi-php72.repo
- [remi-php72]
- enabled=1
5. yum install php-fpm php-cli php-devel php-gd php-mysqlnd php-pear php-xml php-mbstring php-
pdo php-json php-pecl-apcu-devel php-pecl-imagick-devel php-intl php-opcache php-zip
6. vi /etc/php.ini
- cgi.fix_pathinfo=1
- upload_max_filesize = 500M
- post_max_size = 500M
 7. vi /etc/php-fpm.d/www.conf
- user = nginx
- group = nginx
- listen = 127.0.0.1:6000 ( Ubah Port sesuai keubutuhan )
- env[HOSTNAME] = $HOSTNAME
- env[PATH] = /usr/local/bin:/usr/bin:/bin
- env[TMP] = /tmp
- env[TMPDIR] = /tmp
- env[TEMP] = /tmp
8. systemctl start php-fpm ( akan terjadi error karena user/group nginx belum terinstall )
9. systemctl enable php-fpm
10. chown nginx:nginx -R /var/lib/php/session/

#MARIADB 10.4 CENTOS7

1. yum install wget

2. cd /home
3. wget https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
4. chmod +x mariadb_repo_setup
5. ./mariadb_repo_setup
6. yum install MariaDB-server
7. systemctl start mariadb
8. systemctl enable mariadb
9. mysql_secure_installation
- Isi Password sesuai kebutuhan
- Switch to unix_socket authentication = n
- Change the root password = y
- Remove Anonymous users = y
- Disallow root login remotely = y
- Remove test database and access to it = n
- Reload privilege tables now = y
10. mysql -u root -p
11. create database nextcloud;
12. create user nextcloud@localhost identified by 'password';
13. grant all privileges on nextcloud.* to nextcloud@localhost identified by 'password';
14. flush privileges;
15. yum install phpmyadmin
16. cd /etc/nginx/conf.d
17. nano phpmyadmin.conf
 server {
listen 81;
root /usr/share/phpMyAdmin/;
include /etc/nginx/default.d/*.conf;
location / {
try_files $uri $uri/ /index.php?q=$request_uri; }
client_max_body_size 100M;
error_page 404 /404.html;
location = /40x.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root /usr/share/phpMyAdmin;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_read_timeout 500;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;}
}

18. systemctl restart nginx

19. systemctl restart php-fpm
20. systemctl restart mariadb
21. firewall-cmd –permanent –add-port=81/tcp
22. firewall-cmd –reload
23. chown -R nginx:nginx /var/lib/php/session/
24. buka phpmyadmin di browser menggunkaan ipaddress:81
#NGINX CENTOS7 & INSTALL NEXTCLOUD

1. yum update
2. yum install epel-release
3. yum install nginx
4. systemctl start nginx
5. systemctl enable nginx
6. vi /etc/nginx/nginx.conf , hapus semua konfigurasi awalnya lalu copas conf dibawa taro di
nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

include /etc/nginx/conf.d/*.conf;
index index.php index.html index.htm;
client_max_body_size 100M;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
}
7. cd /home
8. mkdir nextcloud
9. yum install wget unzip
10. wget https://download.nextcloud.com/server/releases/nextcloud-19.0.1.zip
11. unzip nextcloud-19.0.1.zip
12. chmod -R 775 /home/nextcloud/
13. chown -R namauser:nginx /home/nextcloud/
14. Selanjutnya membuat Virtual host untuk Nextcloud nya pada Nginx
15. cd /etc/nginx/conf.d
16. vi nextcloud.conf, copy text dibawah ini, dan save pada file nextcloud.conf

upstream php-handler {
server 127.0.0.1:9000;
}

server {
listen 80;
server_name 192.168.1.253;
# enforce https
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name 192.168.1.253;

ssl_certificate /etc/nginx/cert/nextcloud.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.key;

# Add headers to serve security related headers

# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

# Path to the root of your installation

root /home/nextcloud/;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;

location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}

# set max upload size

client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header

gzip off;

# Uncomment if your server is build with the ngx_pagespeed module

# This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;

error_page 404 /core/templates/404.php;

location / {
rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
 }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location ~
^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-
provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}

# Adding the cache control header for js and css files

# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
 add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}

location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}

#SELINUX ENABLE NGINX

1. yum install setroubleshoot-server

2. semanage permissive -a httpd_t

#CREATE SSL cert & key

1. mkdir -p /etc/nginx/cert/
2. openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout
/etc/nginx/cert/nextcloud.key
3. chmod 700 /etc/nginx/cert
4. chmod 600 /etc/nginx/cert/*
5. Isi Data”nya sampai selesai
6. systemctl restart nginx
7. systemctl restart php-fpm
8. firewall-cmd –permanent –add-port=80/tcp
9. firewall-cmd –permanent –add-port=443/tcp
10. firewall-cmd –reload
11. Setelah itu buka browser dan buka alamat nextcloud kalian, isi data”nya dengan lengkap dan
benar