Linux下部署NextCloud私有云盘之基本篇

本人以前搭建过NextCloud,不过由于当时使用的主机有各种限制导致没用起来,前段时间换成阿里云ECS,发现主机性能还不错,于是准备再次搭建NextCloud。

操作系统: CentOS 7.6 64位
 数据库:Mysql 5.7.26
运行环境:Nginx 1.12,PHP 7.2.17

部署mysql

站内有详细的Mysql安装教程,本文不详述,具体请参考CentOS7 安装 MySQL 5.7 详细手册

登录mysql,创建数据库及账户:

ceate database nextcloud;

grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'NextCloud@123';

flush privileges;

部署nginx

yum -y install nginx

配置nginx

修改nginx主要参数:

vim /etc/nginx/nginx.conf

...

http {

    ...

    sendfile             on;
    tcp_nopush           on;
    tcp_nodelay          on;
    keepalive_timeout    65;
    types_hash_max_size  2048;

    server_tokens        off;
    client_max_body_size 4096m;

    gzip                 on;
    gzip_min_length      1k;
    gzip_buffers         64 8k;
    gzip_comp_level      3;
    gzip_types           text/plain text/css application/javascript application/xml+rss application/x-httpd-php image/jpeg image/png;
    gzip_types           application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;
    gzip_vary            on;

    include              /etc/nginx/mime.types;
    default_type         application/octet-stream;

    include /etc/nginx/conf.d/*.conf;
}

vim /etc/nginx/conf.d/yun.conf

    server {
        listen      80;
        listen      443 ssl;
        server_name yun.andylouse.net;
        root        /web/nextcloud;
        index       index.php;

        ssl                       on;
        ssl_certificate           /web/sslkey/nextcloud.pem;
        # ssl_certificate         /web/sslkey/nextcloud.crt;
        ssl_certificate_key       /web/sslkey/nextcloud.key;
        ssl_session_timeout       10m;
        ssl_ciphers               ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        add_header Cache-Control "public, max-age=7200";
        add_header Referrer-Policy "no-referrer";
        add_header X-Frame-Options "SAMEORIGIN";  //若后台检测配置有问题,可将迁移至“location /”中
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Content-Type-Options nosniff;
        add_header X-Permitted-Cross-Domain-Policies none;
        location / {
            # add_header X-Frame-Options "SAMEORIGIN";
            rewrite ^ /index.php$uri;
        }

        location = /robots.txt {
            allow         all;
            access_log    off;
            log_not_found off;
        }

        location = /.well-known/carddav {
            return 301 $scheme://$host/remote.php/dav;
        }

        location = /.well-known/caldav {
            return 301 $scheme://$host/remote.php/dav;
        }

        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }

        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }

        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
            include                   fastcgi_params;
            fastcgi_split_path_info   ^(.+\.php)(/.*)$;
            fastcgi_param             SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param             PATH_INFO $fastcgi_path_info;
            fastcgi_param             HTTPS on;
            fastcgi_param             modHeadersAvailable true;
            fastcgi_param             front_controller_active true;
            fastcgi_pass              127.0.0.1:9000;
            fastcgi_intercept_errors  on;
            fastcgi_request_buffering off;
        }

        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index     index.php;
        }

        location ~* \.(?:css|js)$ {
            try_files  $uri /index.php$uri$is_args$args;
            access_log off;
        }

        location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
            try_files  $uri /index.php$uri$is_args$args;
            access_log off;
        }

        error_page 497 https://$server_name$request_uri;
        error_page 403 /core/templates/403.php;
        error_page 404 /core/templates/404.php;

    }

关于SSL证书说明

本人是申请的阿里云提供的免费SSL证书,但是也可以创建本地SSL证书,方法如下:

openssl req -new -x509 -days 365 -nodes -out /web/sslkey/nextcloud.crt -keyout  /web/sslkey/nextcloud.key

以下根据提示录入:

Country Name (2 letter code) [XX]:cn  //国家
State or Province Name (full name) []:beijing  //省份
Locality Name (eg, city) [Default City]:beijing  //地区
Organization Name (eg, company) [Default Company Ltd]:andylouse  //公司
Organizational Unit Name (eg, section) []:IT  //部门
Common Name (e.g. server FQDN or YOUR name) []:andy  //主机名
Email Address []:andy@andylouse.net  //邮箱

最后设置证书权限:

chmod 700 /web/sslkey
chmod 600 /web/sslkey/*

!!!设置好后请将nginx配置中的pem替换为crt。

部署PHP

部署过程请参照 Linux下部署Nginx+Mysql+PHP搭建WordPress教程

需要调整的参数如下:

vim /etc/php.ini

memory_limit = 512M
upload_max_filesize = 4096M

vi /etc/php-fpm.d/www.conf

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

部署NextCloud

点击 此处 进入官方下载页面,现在最新版本是16.0.1。

cd /web

wget https://download.nextcloud.com/server/releases/nextcloud-16.0.1.zip

unzip nextcloud -16.0.1.zip

chown -R apache:apache nextcloud/

# chmod -R +x nextcloud/

现在开始访问您的域名,设置好后即可使用了。

本篇是基本部署,也就是说保障可以使用了,实际上还有缓存优化、内存优化等,将在下篇讲述。

赞 (0) 打赏

评论 0

评论前必须登录!

登陆 注册

感谢您的支持与帮助

支付宝扫一扫打赏

微信扫一扫打赏