centos7 nextcloud nginx php mariadb 安装配置

张映 发表于 2019-07-27

分类目录: 服务器相关

标签:, , ,

samba做为共享文件服务器,其实还是挺不错的。但是用户管理,权限管理,文件操作记录等,非常的薄弱了。针对于这些问题,nextcloud就是不错的选择。

一,安装webtatic源和epel源

# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
# yum install epel-release

二,安装nginx,php,mariadb

1,安装

# yum install php72w-fpm php72w-cli php72w-gd php72w-mcrypt php72w-mysql php72w-pear php72w-xml php72w-mbstring \
php72w-pdo php72w-json php72w-pecl-apcu php72w-pecl-apcu-devel nginx mariadb mariadb-server

2,配置php

# vim /etc/php-fpm.d/www.conf
.....
user = nginx //将用户和组都改为nginx
group = nginx
.....
listen = 127.0.0.1:9000 //php-fpm所监听的端口为9000
......
env[HOSTNAME] = $HOSTNAME //去掉下面几行注释
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

# chown nginx:nginx -R /var/lib/php/session/
# ll
总用量 0
drwxrwx--- 2 nginx nginx 6 6月 2 18:04 session
drwxrwx--- 2 root root 6 6月 2 18:04 wsdlcache

# vim /etc/php.ini
......
max_execution_time = 0 //默认是30秒,改为0,表示没有限制
......
post_max_size = 8000M //设定 POST 数据所允许的最大大小
......
upload_max_filesize = 8000M //表示所上传的文件的最大大小

3,生成证书

# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
Generating a 2048 bit RSA private key
......................................................+++
.....................................................+++
writing new private key to '/etc/nginx/cert/nextcloud.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shanghai
Locality Name (eg, city) [Default City]:shanghai
Organization Name (eg, company) [Default Company Ltd]:test
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server's hostname) []:test
Email Address []:zhangying@test.com

证书建议不要自己生成,提示不安全。

4,配置nginx

# vim /etc/nginx/nginx.conf
http {
.....
client_max_body_size 8000M;  //设置最大上传大小
.....
}

# cat /etc/nginx/conf.d/cloud.conf
upstream php-handler {
 server 127.0.0.1:9000;
 #server unix:/var/run/php5-fpm.sock;
}

server {
 listen 80;
 server_name cloud.tank.com;
 # enforce https
 return 301 https://$server_name$request_uri;
}

server {
 listen 443 ssl;
 server_name cloud.tank.com;

 ssl_certificate /etc/nginx/cert/nextcloud.crt;
 ssl_certificate_key /etc/nginx/cert/nextcloud.key; 

 # Add headers to serve security related headers
 # Before enabling Strict-Transport-Security headers please read into this
 # topic first.
 add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
 add_header X-Content-Type-Options nosniff;
 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Robots-Tag none;
 add_header X-Download-Options noopen;
 add_header X-Permitted-Cross-Domain-Policies none;

 # Path to the root of your installation
 root /var/www/html/nextcloud/;  //nextcloud,web目录

 location = /robots.txt {
 allow all;
 log_not_found off;
 access_log off;
 }

 # The following 2 rules are only needed for the user_webfinger app.
 # Uncomment it if you're planning to use this app.
 #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
 #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
 # last;

 location = /.well-known/carddav {
 return 301 $scheme://$host/remote.php/dav;
 }
 location = /.well-known/caldav {
 return 301 $scheme://$host/remote.php/dav;
 }

 # Disable gzip to avoid the removal of the ETag header
 gzip off;

 # Uncomment if your server is build with the ngx_pagespeed module
 # This module is currently not supported.
 #pagespeed off;

 error_page 403 /core/templates/403.php;
 error_page 404 /core/templates/404.php;

 location / {
 rewrite ^ /index.php$uri;
 }

 location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
 deny all;
 }
 location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
 deny all;
 }

 location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
 include fastcgi_params;
 fastcgi_split_path_info ^(.+\.php)(/.*)$;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param HTTPS on;
 #Avoid sending the security headers twice
 fastcgi_param modHeadersAvailable true;
 fastcgi_param front_controller_active true;
 fastcgi_pass php-handler;
 fastcgi_intercept_errors on;
 fastcgi_request_buffering off;
 }

 location ~ ^/(?:updater|ocs-provider)(?:$|/) {
 try_files $uri/ =404;
 index index.php;
 }

 # Adding the cache control header for js and css files
 # Make sure it is BELOW the PHP block
 location ~* \.(?:css|js)$ {
 try_files $uri /index.php$uri$is_args$args;
 add_header Cache-Control "public, max-age=7200";
 # Add headers to serve security related headers (It is intended to
 # have those duplicated to the ones above)
 # Before enabling Strict-Transport-Security headers please read into
 # this topic first.
 add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";
 add_header X-Content-Type-Options nosniff;
 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Robots-Tag none;
 add_header X-Download-Options noopen;
 add_header X-Permitted-Cross-Domain-Policies none;
 # Optional: Don't log access to assets
 access_log off;
 }

 location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
 try_files $uri /index.php$uri$is_args$args;
 # Optional: Don't log access to other assets
 access_log off;
 }
}

5,配置mariadb

# systemctl start mariadb

# mysql_secure_installation
Enter current password for root (enter for none): //直接回车
Set root password? [Y/n] Y
New password: //输入新密码
Re-enter new password: //再次输入新密码

Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

# mysql -u root -p

MariaDB [(none)]> create database nextcloud;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nextcloud.* to nextcloud@localhost identified by 'tanktest';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

三,安装配置nextcloud

1,下载

# wget -c https://download.nextcloud.com/server/releases/nextcloud-16.0.3.zip

# unzip nextcloud-16.0.3.zip

# mv nextcloud /var/www/html

# chown nginx.nginx -R /var/www/html/nextcloud  //web目录

# mkdir /mnt/data   //数据目录

# chown nginx.nginx -R /mnt/data/

注意:nextcloud16,需要php7.1及以上

2,启动nginx ,php

# systemctl start nginx
# systemctl start php-fpm

3,访问nginx配置的域名,配置nextcloud

nextcloud 数据库配置

nextcloud 数据库配置

四,安装缓存

1,安装opcache,redis

# yum install php72w-opcache redis php72w-pecl-redis

2,配置opcache

# vim /etc/php.d/opcache.ini

zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

# systemctl restart php-fpm //重启php-fpm

3,配置redis

# systemctl start redis

# vim /var/www/html/nextcloud/config/config.php  //添加以下内容

'memcache.locking' => '\OC\Memcache\Redis',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.local' => '\OC\Memcache\Redis',
'redis' => [
 'host' => 'localhost',
 'port' => 6379,
 'timeout' => 3,
],

五,增加外部存储

1,开启

右上角=》应用=》启用 External storage support

2,添加外部存储目录

# mkdir /home/nextcloud/data1
# chown nginx.nginx -R /home/nextcloud/data1

右上角=》设置=》第二个 外部存储
nextcloud 增加外部存储

nextcloud 增加外部存储

这个外部存储,可以根分组绑定,分组根人绑定,这样可以实现,一部分人共享某一目录

六,安装客户端

https://nextcloud.com/install/#install-clients

安装客户端时,要填一个server地址,就填写nginx的servername,https的。

装了客户端后,可以实现,本地和云端的自动同步



转载请注明
作者:海底苍鹰
地址:http://blog.51yip.com/server/2156.html

留下评论

留下评论
  • (必需)
  • (必需) (will not be published)
  • (必需)   7X3=?