工具/运维

利用NextCloud配置私有云

csxiaoyao · 6月29日 · 2017年 · 本文6589字 · 阅读17分钟11

利用NextCloud配置私有云

Write By CS逍遥剑仙
我的主页: csxiaoyao.com
GitHub: github.com/csxiaoyaojianxian
Email: sunjianfeng@csxiaoyao.com
QQ: 1724338257

NextCloud (https://nextcloud.com/) 是开源云盘服务器,此处利用 LEMP 搭建 NextCloud 运行环境-MariaDB, PHP-FPM 和 Nginx (Ubuntu 16.04)

1. 搭建 LEMP 并配置 https

略,参考csxiaoyao.com服务器迁移记录

2. 为NextCloud创建数据库和用户

创建数据库nextcloud;用户名nextcloud,密码XXXXXXXX

<code class="language-shell">$ sudo mysql -u root -p
mysql> CREATE DATABASE nextcloud;
mysql> GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'XXXXXXXX';
mysql> FLUSH PRIVILEGES;
mysql> exit;</code>

3. 配置PHP

<code>$ sudo apt-get -y install php-fpm php-cli php-json php-curl php-imap php-gd php-mysql php-xml php-zip php-intl php-mcrypt php-imagick php-mbstring</code>

配置PHP:

<code>$ sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=1/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/upload_max_filesize = .*/upload_max_filesize = 200M/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/post_max_size = .*/post_max_size = 200M/" /etc/php/7.0/fpm/php.ini</code>

重启PHP-FPM:

<code>$ sudo service php7.0-fpm reload</code>

4. 下载NextCloud

<code>$ cd /tmp
$ wget https://download.nextcloud.com/server/releases/nextcloud-12.0.0.zip</code>

解压并更改权限:

<code>$ unzip nextcloud-12.0.0.zip
$ sudo mv nextcloud /var/www/html/
$ sudo chown -R www-data: /var/www/html/nextcloud</code>

设置data目录在非程序目录并修改权限

<code>$ sudo mkdir /CloudDiskData
$ sudo chown -R www-data: /CloudDiskData</code>

5. 修复问题

1. The test with getenv(“PATH”) only returns an empty response
在php-fpm配置中添加:

<code>$ sudo vi /etc/php/7.0/fpm/php-fpm.conf
env[PATH] = /usr/local/bin:/usr/bin:/bin</code>

2. .htaccess未生效
将data数据目录放到非程序目录下
? 修改nginx配置

<code>$ sudo vi /etc/nginx/sites-enabled/default
location  ~ ^/(data|config|\.ht|db_structure\.xml|README) { deny all; }</code>

? 在data目录中新建文件

<code>$ touch .ocdata</code>

3. The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds.
修改nginx配置,添加并重启

<code>server {
    add_header Strict-Transport-Security max-age=15552000;
}</code>

4. No memory cache has been configured.

<code>$ sudo vi /var/www/html/owncloud/config/config.php
# 添加
'memcache.local' => '\OC\Memcache\APCu',</code>

5. The PHP Opcache is not properly configured

<code>$ sudo vi /etc/php/7.0/fpm/php.ini
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1</code>

6. 浏览器访问并升级


旧的操作

1. 安装MariaDB

Ubuntu 16.04 安装 MariaDB

更新升级系统:

<code class="language-Shell">$ sudo apt update
$ sudo apt upgrade</code>

安装MariaDB:

<code class="language-Shell">$ sudo apt install mariadb-server</code>

启动MariaDB服务:

<code class="language-shell">$ sudo systemctl start mysql</code>

查看状态:

<code class="language-shell">$ sudo systemctl status mysql</code>

执行初始化安全脚本,默认root密码为空,设置root密码和其他选项:

<code class="language-shell">$ sudo mysql_secure_installation</code>

2. 为NextCloud创建数据库和用户

创建数据库nextcloud;用户名nextcloud,密码XXXXXXXX

<code class="language-shell">$ sudo mysql -u root -p
MariaDB [(none)]> CREATE DATABASE nextcloud;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'XXXXXXXX';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q</code>

3. 安装PHP和相关模块

<code>$ sudo apt-get -y install php-fpm php-cli php-json php-curl php-imap php-gd php-mysql php-xml php-zip php-intl php-mcrypt php-imagick php-mbstring</code>

配置PHP:

<code>$ sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=1/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/upload_max_filesize = .*/upload_max_filesize = 200M/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/post_max_size = .*/post_max_size = 200M/" /etc/php/7.0/fpm/php.ini</code>

重启PHP-FPM:

<code>$ sudo systemctl restart php7.0-fpm</code>

4. 下载NextCloud

<code>$ cd /tmp
$ wget https://download.nextcloud.com/server/releases/nextcloud-12.0.0.zip</code>

解压到 /var/www/ 目录并更改权限:

<code>$ unzip nextcloud-12.0.0.zip
$ sudo mkdir /var/www/
$ sudo mv nextcloud /var/www/html/
$ sudo chown -R www-data: /var/www/html/nextcloud</code>

5. 安装配置Nginx

<code>$ sudo apt-get install nginx nginx-extras</code>

生成自签名证书:

<code>$ sudo mkdir -p /etc/nginx/ssl
$ cd /etc/nginx/ssl
$ sudo openssl genrsa -des3 -passout pass:x -out nextcloud.pass.key 2048
$ sudo openssl rsa -passin pass:x -in nextcloud.pass.key -out nextcloud.key
$ sudo rm nextcloud.pass.key
$ sudo openssl req -new -key nextcloud.key -out nextcloud.csr
$ sudo openssl x509 -req -days 365 -in nextcloud.csr -signkey nextcloud.key -out nextcloud.crt</code>

也可使用免费的 let encrypt,创建Nginx server block文件:

<code>$ sudo vim /etc/nginx/sites-available/nextcloud</code>
<code>server {
    listen 80;
    server_name pan.csxiaoyao.com;
    return 301 https: //$server_name$request_uri;
}
server {
    listen 443 ssl http2;
    server_name pan.csxiaoyao.com;
    root /
    var / www / nextcloud;
    ssl on;
    ssl_certificate / etc / nginx / ssl / nextcloud.crt;
    ssl_certificate_key / etc / nginx / ssl / nextcloud.key;
    ssl_session_timeout 5m;
    ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    add_header X - Content - Type - Options nosniff;
    add_header X - Frame - Options "SAMEORIGIN";
    add_header X - XSS - Protection "1; mode=block";
    add_header X - Robots - Tag none;
    add_header X - Download - Options noopen;
    add_header X - Permitted - Cross - Domain - Policies none;
    access_log /
    var / log / nginx / nextcloud.access.log;
    error_log /
    var / log / nginx / nextcloud.error.log;
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
    location = /.well - known / carddav {
        return 301 $scheme: //$host/remote.php/dav; 
    }
    location = /.well-known/caldav {
        return 301 $scheme: //$host/remote.php/dav; 
    }
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;
    gzip off;
    error_page 403 / core / templates / 403.php;
    error_page 404 / core / templates / 404.php;
    location / {
        rewrite ^ /index.php$uri;
    }
    location ~ ^/ ( ? : build | tests | config | lib | 3rdparty | templates | data) / {
        deny all;
    }
    location~ ^ /(?:.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }
    location ~^/ ( ? : index | remote | public | cron | core / ajax / update | status | ocs / v[12] | updater / . + | ocs - provider / . + | core / templates / 40[34]).php( ? : $ | /) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+.php)(/. + ) $;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;#
        Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass unix: /var/run / php / php7.0 - fpm.sock;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }
    location~ ^ /(?:updater|ocs-provider)(?:$|/) {
        try_files $uri / = 404;
        index index.php;
    }
    location~ * .( ? : css | js) $ {
        try_files $uri / index.php$uri$is_args$args;
        add_header Cache - Control "public, max-age=7200";
        add_header X - Content - Type - Options nosniff;
        add_header X - Frame - Options "SAMEORIGIN";
        add_header X - XSS - Protection "1; mode=block";
        add_header X - Robots - Tag none;
        add_header X - Download - Options noopen;
        add_header X - Permitted - Cross - Domain - Policies none;#
        Optional: Don 't log access to assets
        access_log off;
    }
    location ~* .(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        access_log off;
    }
    location ~ /.ht {
        deny all;
    }
}</code>

创建链接:

<code>$ sudo ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/nextcloud</code>

测试Nginx配置文件:

<code>$ sudo nginx -t</code>

重启nginx:

<code>$ sudo systemctl restart nginx</code>

6. 完成安装

浏览器访问 https://pan.csxiaoyao.com,设置管理员账户和数据库

利用NextCloud配置私有云-禅林阆苑

0 条回应

×