Nextcloud

IT
IT
IT
335
文章
1
评论
2020年5月21日14:12:14 评论 843 9727字阅读32分25秒

简介

Nextcloud 是一款自由 (开源) 的类 Dropbox 软件,由 ownCloud 分支演化形成。它使用 PHP 和 JavaScript 编写,支持多种数据库系统,比如 MySQL/MariaDB、PostgreSQL、Oracle 数据库和 SQLite。它可以使你的桌面系统和云服务器中的文件保持同步,Nextcloud 为 Windows、Linux、Mac、安卓以及苹果手机都提供了客户端支持。Nextcloud 并非只是 Dropbox 的克隆,它还提供了很多附加特性,如日历、联系人、计划任务以及流媒体 Ampache。

Nextcloud

[vip]

安装

[root@instance-7tgaowaa ~]# yum -y install epel-release nginx

然后我们还需要为 php7-fpm 添加另外一个仓库。互联网中有很个远程仓库提供了 PHP 7 系列包,我在这里使用的是 webtatic

[root@instance-7tgaowaa ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Retrieving https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
warning: /var/tmp/rpm-tmp.lszNa0: Header V4 RSA/SHA1 Signature, key ID 62e74ca5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:webtatic-release-7-3 ################################# [100%]
[root@instance-7tgaowaa ~]# yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel

查看版本

[root@instance-7tgaowaa ~]# php -v
PHP 7.0.30 (cli) (built: Apr 28 2018 08:14:08) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies

配置 PHP7-FPM

在这一个步骤中,我们将配置 php-fpm 与 Nginx 协同运行。Php7-fpm 将使用 nginx 用户来运行,并监听 9000 端口。

使用 vim 编辑默认的 php7-fpm 配置文件

[root@instance-7tgaowaa ~]# vim /etc/php-fpm.d/www.conf

user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

listen = 127.0.0.1:9000

 env[HOSTNAME] = $HOSTNAME
 env[PATH] = /usr/local/bin:/usr/bin:/bin
 env[TMP] = /tmp
 env[TMPDIR] = /tmp
 env[TEMP] = /tmp

下一步,就是在 /var/lib/ 目录下创建一个新的文件夹 session,并将其拥有者变更为 nginx 用户。

[root@instance-7tgaowaa ~]# mkdir -p /var/lib/php/session
[root@instance-7tgaowaa ~]# chown nginx:nginx -R /var/lib/php/session/

然后启动 php-fpm 和 Nginx,并且将它们设置为随开机启动的服务

[root@instance-7tgaowaa ~]# systemctl start php-fpm
[root@instance-7tgaowaa ~]# systemctl start nginx
[root@instance-7tgaowaa ~]# systemctl enable php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
[root@instance-7tgaowaa ~]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

安装和配置 MariaDB

[root@instance-7tgaowaa ~]# yum -y install mariadb mariadb-server

[root@instance-7tgaowaa ~]# systemctl start mariadb
[root@instance-7tgaowaa ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@instance-7tgaowaa ~]#

现在开始配置 MariaDB 的 root 用户密码。

[root@instance-7tgaowaa ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

nextcloud_db 数据库和 nextclouduser 数据库用户创建完成

[root@instance-7tgaowaa ~]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 21
Server version: 5.5.56-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database nextcloud_db;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> create user nextclouduser@localhost identified by 'nextclouduser@';
Query OK, 0 rows affected (0.00 sec)


MariaDB [(none)]> grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'nextclouduser@';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

为 Nextcloud 生成一个自签名 SSL 证书

[root@instance-7tgaowaa ~]# mkdir -p /etc/nginx/cert/
[root@instance-7tgaowaa ~]# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
Generating a 2048 bit RSA private key
...................+++
........................................+++
writing new private key to '/etc/nginx/cert/nextcloud.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
[root@instance-7tgaowaa ~]# chmod 700 /etc/nginx/cert
[root@instance-7tgaowaa ~]# chmod 600 /etc/nginx/cert/*

下载和安装 Nextcloud

[root@instance-7tgaowaa ~]# yum install -y unzip 

[root@instance-7tgaowaa ~]# cd /tmp
[root@instance-7tgaowaa tmp]# wget https://download.nextcloud.com/server/releases/nextcloud-12.0.4.zip
[root@instance-7tgaowaa tmp]# unzip nextcloud-12.0.4.zip 
[root@instance-7tgaowaa tmp]# mv nextcloud/ /usr/share/nginx/html/

下一步,转到 Nginx 的 web 根目录为 Nextcloud 创建一个 data 文件夹。

[root@instance-7tgaowaa tmp]# cd /usr/share/nginx/html/
[root@instance-7tgaowaa html]# mkdir -p nextcloud/data/
[root@instance-7tgaowaa html]# chown nginx:nginx -R nextcloud/

在 Nginx 中为 Nextcloud 配置虚拟主机

[root@instance-7tgaowaa html]# cd /etc/nginx/conf.d/
[root@instance-7tgaowaa conf.d]# vim nextcloud.conf

upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name wp.centoscn.cn;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name wp.centoscn.cn;
ssl_certificate /etc/nginx/cert/nextcloud.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /usr/share/nginx/html/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}

检查

[root@instance-7tgaowaa conf.d]# nginx -t 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@instance-7tgaowaa conf.d]# systemctl restart nginx

Nextcloud 安装

https://wp.centoscn.cn/

Nextcloud

Nextcloud

[/vip]

继续阅读
  • 我的QQ
  • QQ扫一扫
  • weinxin
  • 我的头条
  • 头条扫一扫
  • weinxin
IT
  • 本文由 发表于 2020年5月21日14:12:14
  • 除非特殊声明,本站文章均为原创,转载请务必保留本文链接
Eureka同步到nacos Nacos

Eureka同步到nacos

官方介绍文档地址 https://nacos.io/zh-cn/docs/nacos-sync.html 官方安装文档地址 https://nacos.io/zh-cn/docs/nacos-sync...
Eureka指定应用的instanceId为IP CentOS

Eureka指定应用的instanceId为IP

痛点 现在所有的应用指定的是服务器默认机器名称,对查看是哪一个服务IP或者单节点自动剔除服务不友好。 像如上图所示,想知道是哪一个节点,还得点开才能获取IP。 改造 全部改成自动获取服务器IP为ins...
阿里云网盘 CentOS

阿里云网盘

申请内测地址 https://survey.aliyun.com/apps/zhiliao/_o6XQjioM 官网地址 https://www.teambition.com/products/pan...
GitLab或Jenkins集成构建工具 CentOS

GitLab或Jenkins集成构建工具

集成构建工具 构建工具是用来将代码编译打包成制品的工具。例如前端项目我们一般使用npm进行打包,后端java项目我们一般使用maven、gradle进行打包。构建工具很多很多,但是集成到gitlab中...