利用NextCloud配置私有云
Write By CS逍遥剑仙
我的主页: csxiaoyao.com
GitHub: github.com/csxiaoyaojianxian
Email: sunjianfeng@csxiaoyao.com
QQ: 1724338257
NextCloud (https://nextcloud.com/) 是开源云盘服务器,此处利用 LEMP 搭建 NextCloud 运行环境-MariaDB, PHP-FPM 和 Nginx (Ubuntu 16.04)
1. 搭建 LEMP 并配置 https
略,参考csxiaoyao.com服务器迁移记录
2. 为NextCloud创建数据库和用户
创建数据库nextcloud;用户名nextcloud,密码XXXXXXXX
$ sudo mysql -u root -p
mysql> CREATE DATABASE nextcloud;
mysql> GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'XXXXXXXX';
mysql> FLUSH PRIVILEGES;
mysql> exit;3. 配置PHP
$ sudo apt-get -y install php-fpm php-cli php-json php-curl php-imap php-gd php-mysql php-xml php-zip php-intl php-mcrypt php-imagick php-mbstring
配置PHP:
$ sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/fpm/php.ini $ sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/fpm/php.ini $ sudo sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=1/" /etc/php/7.0/fpm/php.ini $ sudo sed -i "s/upload_max_filesize = .*/upload_max_filesize = 200M/" /etc/php/7.0/fpm/php.ini $ sudo sed -i "s/post_max_size = .*/post_max_size = 200M/" /etc/php/7.0/fpm/php.ini
重启PHP-FPM:
$ sudo service php7.0-fpm reload
4. 下载NextCloud
$ cd /tmp $ wget https://download.nextcloud.com/server/releases/nextcloud-12.0.0.zip
解压并更改权限:
$ unzip nextcloud-12.0.0.zip $ sudo mv nextcloud /var/www/html/ $ sudo chown -R www-data: /var/www/html/nextcloud
设置data目录在非程序目录并修改权限
$ sudo mkdir /CloudDiskData $ sudo chown -R www-data: /CloudDiskData
5. 修复问题
1. The test with getenv(“PATH”) only returns an empty response
在php-fpm配置中添加:
$ sudo vi /etc/php/7.0/fpm/php-fpm.conf env[PATH] = /usr/local/bin:/usr/bin:/bin
2. .htaccess未生效
将data数据目录放到非程序目录下
? 修改nginx配置
$ sudo vi /etc/nginx/sites-enabled/default
location ~ ^/(data|config|\.ht|db_structure\.xml|README) { deny all; }
? 在data目录中新建文件
$ touch .ocdata
3. The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds.
修改nginx配置,添加并重启
server {
add_header Strict-Transport-Security max-age=15552000;
}
4. No memory cache has been configured.
$ sudo vi /var/www/html/owncloud/config/config.php # 添加 'memcache.local' => '\OC\Memcache\APCu',
5. The PHP Opcache is not properly configured
$ sudo vi /etc/php/7.0/fpm/php.ini opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1
6. 浏览器访问并升级
旧的操作
1. 安装MariaDB
Ubuntu 16.04 安装 MariaDB
更新升级系统:
$ sudo apt update
$ sudo apt upgrade安装MariaDB:
$ sudo apt install mariadb-server启动MariaDB服务:
$ sudo systemctl start mysql查看状态:
$ sudo systemctl status mysql执行初始化安全脚本,默认root密码为空,设置root密码和其他选项:
$ sudo mysql_secure_installation2. 为NextCloud创建数据库和用户
创建数据库nextcloud;用户名nextcloud,密码XXXXXXXX
$ sudo mysql -u root -p
MariaDB [(none)]> CREATE DATABASE nextcloud;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'XXXXXXXX';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q3. 安装PHP和相关模块
$ sudo apt-get -y install php-fpm php-cli php-json php-curl php-imap php-gd php-mysql php-xml php-zip php-intl php-mcrypt php-imagick php-mbstring
配置PHP:
$ sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/fpm/php.ini $ sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/fpm/php.ini $ sudo sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=1/" /etc/php/7.0/fpm/php.ini $ sudo sed -i "s/upload_max_filesize = .*/upload_max_filesize = 200M/" /etc/php/7.0/fpm/php.ini $ sudo sed -i "s/post_max_size = .*/post_max_size = 200M/" /etc/php/7.0/fpm/php.ini
重启PHP-FPM:
$ sudo systemctl restart php7.0-fpm
4. 下载NextCloud
$ cd /tmp $ wget https://download.nextcloud.com/server/releases/nextcloud-12.0.0.zip
解压到 /var/www/ 目录并更改权限:
$ unzip nextcloud-12.0.0.zip $ sudo mkdir /var/www/ $ sudo mv nextcloud /var/www/html/ $ sudo chown -R www-data: /var/www/html/nextcloud
5. 安装配置Nginx
$ sudo apt-get install nginx nginx-extras
生成自签名证书:
$ sudo mkdir -p /etc/nginx/ssl $ cd /etc/nginx/ssl $ sudo openssl genrsa -des3 -passout pass:x -out nextcloud.pass.key 2048 $ sudo openssl rsa -passin pass:x -in nextcloud.pass.key -out nextcloud.key $ sudo rm nextcloud.pass.key $ sudo openssl req -new -key nextcloud.key -out nextcloud.csr $ sudo openssl x509 -req -days 365 -in nextcloud.csr -signkey nextcloud.key -out nextcloud.crt
也可使用免费的 let encrypt,创建Nginx server block文件:
$ sudo vim /etc/nginx/sites-available/nextcloud
server {
listen 80;
server_name pan.csxiaoyao.com;
return 301 https: //$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name pan.csxiaoyao.com;
root /
var / www / nextcloud;
ssl on;
ssl_certificate / etc / nginx / ssl / nextcloud.crt;
ssl_certificate_key / etc / nginx / ssl / nextcloud.key;
ssl_session_timeout 5m;
ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
add_header X - Content - Type - Options nosniff;
add_header X - Frame - Options "SAMEORIGIN";
add_header X - XSS - Protection "1; mode=block";
add_header X - Robots - Tag none;
add_header X - Download - Options noopen;
add_header X - Permitted - Cross - Domain - Policies none;
access_log /
var / log / nginx / nextcloud.access.log;
error_log /
var / log / nginx / nextcloud.error.log;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well - known / carddav {
return 301 $scheme: //$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme: //$host/remote.php/dav;
}
client_max_body_size 512M;
fastcgi_buffers 64 4K;
gzip off;
error_page 403 / core / templates / 403.php;
error_page 404 / core / templates / 404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/ ( ? : build | tests | config | lib | 3rdparty | templates | data) / {
deny all;
}
location~ ^ /(?:.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~^/ ( ? : index | remote | public | cron | core / ajax / update | status | ocs / v[12] | updater / . + | ocs - provider / . + | core / templates / 40[34]).php( ? : $ | /) {
include fastcgi_params;
fastcgi_split_path_info ^(.+.php)(/. + ) $;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;#
Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix: /var/run / php / php7.0 - fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location~ ^ /(?:updater|ocs-provider)(?:$|/) {
try_files $uri / = 404;
index index.php;
}
location~ * .( ? : css | js) $ {
try_files $uri / index.php$uri$is_args$args;
add_header Cache - Control "public, max-age=7200";
add_header X - Content - Type - Options nosniff;
add_header X - Frame - Options "SAMEORIGIN";
add_header X - XSS - Protection "1; mode=block";
add_header X - Robots - Tag none;
add_header X - Download - Options noopen;
add_header X - Permitted - Cross - Domain - Policies none;#
Optional: Don 't log access to assets
access_log off;
}
location ~* .(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
location ~ /.ht {
deny all;
}
}
创建链接:
$ sudo ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/nextcloud
测试Nginx配置文件:
$ sudo nginx -t
重启nginx:
$ sudo systemctl restart nginx
6. 完成安装
浏览器访问 https://pan.csxiaoyao.com,设置管理员账户和数据库
