Nextcloud

IT
IT
IT
405
文章
1
评论
2020年5月21日14:12:14 评论 5,776 9727字阅读32分25秒

简介

Nextcloud 是一款自由 (开源) 的类 Dropbox 软件,由 ownCloud 分支演化形成。它使用 PHP 和 JavaScript 编写,支持多种数据库系统,比如 MySQL/MariaDB、PostgreSQL、Oracle 数据库和 SQLite。它可以使你的桌面系统和云服务器中的文件保持同步,Nextcloud 为 Windows、Linux、Mac、安卓以及苹果手机都提供了客户端支持。Nextcloud 并非只是 Dropbox 的克隆,它还提供了很多附加特性,如日历、联系人、计划任务以及流媒体 Ampache。

Nextcloud

[vip]

安装

[root@instance-7tgaowaa ~]# yum -y install epel-release nginx

然后我们还需要为 php7-fpm 添加另外一个仓库。互联网中有很个远程仓库提供了 PHP 7 系列包,我在这里使用的是 webtatic

[root@instance-7tgaowaa ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Retrieving https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
warning: /var/tmp/rpm-tmp.lszNa0: Header V4 RSA/SHA1 Signature, key ID 62e74ca5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:webtatic-release-7-3 ################################# [100%]
[root@instance-7tgaowaa ~]# yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel

查看版本

[root@instance-7tgaowaa ~]# php -v
PHP 7.0.30 (cli) (built: Apr 28 2018 08:14:08) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies

配置 PHP7-FPM

在这一个步骤中,我们将配置 php-fpm 与 Nginx 协同运行。Php7-fpm 将使用 nginx 用户来运行,并监听 9000 端口。

使用 vim 编辑默认的 php7-fpm 配置文件

[root@instance-7tgaowaa ~]# vim /etc/php-fpm.d/www.conf

user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

listen = 127.0.0.1:9000

 env[HOSTNAME] = $HOSTNAME
 env[PATH] = /usr/local/bin:/usr/bin:/bin
 env[TMP] = /tmp
 env[TMPDIR] = /tmp
 env[TEMP] = /tmp

下一步,就是在 /var/lib/ 目录下创建一个新的文件夹 session,并将其拥有者变更为 nginx 用户。

[root@instance-7tgaowaa ~]# mkdir -p /var/lib/php/session
[root@instance-7tgaowaa ~]# chown nginx:nginx -R /var/lib/php/session/

然后启动 php-fpm 和 Nginx,并且将它们设置为随开机启动的服务

[root@instance-7tgaowaa ~]# systemctl start php-fpm
[root@instance-7tgaowaa ~]# systemctl start nginx
[root@instance-7tgaowaa ~]# systemctl enable php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
[root@instance-7tgaowaa ~]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

安装和配置 MariaDB

[root@instance-7tgaowaa ~]# yum -y install mariadb mariadb-server

[root@instance-7tgaowaa ~]# systemctl start mariadb
[root@instance-7tgaowaa ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@instance-7tgaowaa ~]#

现在开始配置 MariaDB 的 root 用户密码。

[root@instance-7tgaowaa ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

nextcloud_db 数据库和 nextclouduser 数据库用户创建完成

[root@instance-7tgaowaa ~]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 21
Server version: 5.5.56-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database nextcloud_db;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> create user nextclouduser@localhost identified by 'nextclouduser@';
Query OK, 0 rows affected (0.00 sec)


MariaDB [(none)]> grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'nextclouduser@';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

为 Nextcloud 生成一个自签名 SSL 证书

[root@instance-7tgaowaa ~]# mkdir -p /etc/nginx/cert/
[root@instance-7tgaowaa ~]# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
Generating a 2048 bit RSA private key
...................+++
........................................+++
writing new private key to '/etc/nginx/cert/nextcloud.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
[root@instance-7tgaowaa ~]# chmod 700 /etc/nginx/cert
[root@instance-7tgaowaa ~]# chmod 600 /etc/nginx/cert/*

下载和安装 Nextcloud

[root@instance-7tgaowaa ~]# yum install -y unzip 

[root@instance-7tgaowaa ~]# cd /tmp
[root@instance-7tgaowaa tmp]# wget https://download.nextcloud.com/server/releases/nextcloud-12.0.4.zip
[root@instance-7tgaowaa tmp]# unzip nextcloud-12.0.4.zip 
[root@instance-7tgaowaa tmp]# mv nextcloud/ /usr/share/nginx/html/

下一步,转到 Nginx 的 web 根目录为 Nextcloud 创建一个 data 文件夹。

[root@instance-7tgaowaa tmp]# cd /usr/share/nginx/html/
[root@instance-7tgaowaa html]# mkdir -p nextcloud/data/
[root@instance-7tgaowaa html]# chown nginx:nginx -R nextcloud/

在 Nginx 中为 Nextcloud 配置虚拟主机

[root@instance-7tgaowaa html]# cd /etc/nginx/conf.d/
[root@instance-7tgaowaa conf.d]# vim nextcloud.conf

upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name wp.centoscn.cn;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name wp.centoscn.cn;
ssl_certificate /etc/nginx/cert/nextcloud.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /usr/share/nginx/html/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}

检查

[root@instance-7tgaowaa conf.d]# nginx -t 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@instance-7tgaowaa conf.d]# systemctl restart nginx

Nextcloud 安装

https://wp.centoscn.cn/

Nextcloud

Nextcloud

[/vip]

继续阅读
  • 我的QQ
  • QQ扫一扫
  • weinxin
  • 我的头条
  • 头条扫一扫
  • weinxin
IT
  • 本文由 发表于 2020年5月21日14:12:14
  • 除非特殊声明,本站文章均为原创,转载请务必保留本文链接
Teambition 网盘与阿里云盘数据合并说明 CentOS

Teambition 网盘与阿里云盘数据合并说明

前言 Teambition 团队是阿里巴巴的一个创新产品团队,除了你熟悉的 Teambition App,「阿里云盘」也是我们的作品,它们都属于阿里云正在打造的新一代「云服务」。 过去几个月,我们投入...
CentOS8安装Jenkins CentOS

CentOS8安装Jenkins

简述 Jenkins 是最流行的,开源的,基于 Java 的自动化服务器,它允许你很容易的设置一个持续集成和持续发布的管道。 持续集成 (CI)是一个 DevOps 实践。当团队成员正常提交代码到版本...

您必须才能发表评论!