简介:
Nextcloud 是一款自由 (开源) 的类 Dropbox 软件,由 ownCloud 分支演化形成。它使用 PHP 和 JavaScript 编写,支持多种数据库系统,比如
MySQL/MariaDB、PostgreSQL、Oracle 数据库和 SQLite。它可以使你的桌面系统和云服务器中的文件保持同步,Nextcloud 为 Windows、Linux、Mac、
安卓以及苹果手机都提供了客户端支持。同时,Nextcloud 也并非只是 Dropbox 的克隆,它还提供了很多附加特性,如日历、联系人、计划任务以及流媒体 Ampache。
Nextcloud内置了Office文档、图片相册、日历联系人、两步验证、文件管理、RSS阅读等丰富的应用,我发现Nextcloud已经仅仅可以用作个人或者团队存储与共享,
还可以打造成为一个个人办公平台,几乎相当于一个个人的Dropbox了。
以下内容将介绍如何在 CentOS 7 服务器中安装和配置最新版本的 Nextcloud 16,并且会通过 Nginx 和 PHP7-FPM 来运行 Nextcloud,同时使用 MariaDB
做为数据库系统。Nextcloud云盘环境部署后,可以实现web网页端、手机移动端和桌面客户端三者数据同步,其中桌面客户端可以在本地设置一个文件夹,用于同步数据,
这样也就相当于在本地备份了数据。同时客户端只要设置开机启动,即只要是启动状态中,它和网页端的数据就是自动同步的。
部署机器的系统是Centos7.3版本
一、安装并配置Nginx和php-fpm
将自带的epel、nginx、php全部卸载(rpm -e ... --nodeps) [root@nextcloud-server ~]# rpm -qa|grep php [root@nextcloud-server ~]# rpm -qa|grep php-common [root@nextcloud-server ~]# rpm -qa|grep nginx 更新centos7内核以及包等 [root@nextcloud-server ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@nextcloud-server ~]# yum -y update [root@nextcloud-server ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) CentOS默认的yum源中并不包含Nginx和php-fpm,首先要为CentOS添加epel源: [root@nextcloud-server ~]# yum -y install epel-release [root@nextcloud-server ~]# yum -y install nginx
需要再添加一个yum源来安装php-fpm,可以使用webtatic(这个yum源对国内网络来说恐怕有些慢,当然你也可以选择其它的yum源)安装php7.2
[root@nextcloud-server ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm [root@nextcloud-server ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm [root@nextcloud-server ~]# yum remove php-common -y [root@nextcloud-server ~]# yum install -y php72w php72w-opcache php72w-xml php72w-mcrypt php72w-gd php72w-devel php72w-mysql php72w-intl php72w-mbstring
完成后,检查一下php-fpm是否已正常安装
[root@nextcloud-server ~]# php -v PHP 7.2.19 (cli) (built: Jun 2 2019 09:49:05) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.2.19, Copyright (c) 1999-2018, by Zend Technologies
配置php-fpm
[root@nextcloud-server ~]# vim /etc/php-fpm.d/www.conf ..... user = nginx //将用户和组都改为nginx group = nginx ..... listen = 127.0.0.1:9000 //php-fpm所监听的端口为9000 ...... env[HOSTNAME] = $HOSTNAME //去掉下面几行注释 env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp
在/var/lib目录下为session路径创建一个新的文件夹,并将用户名和组设为nginx
[root@nextcloud-server ~]# mkdir -p /var/lib/php/session [root@nextcloud-server ~]# chown nginx:nginx -R /var/lib/php/session/ [root@nextcloud-server ~]# ll -d /var/lib/php/session/ drwxr-xr-x 2 nginx nginx 4096 Jul 24 17:40 /var/lib/php/session/ 启动Nginx和php-fpm服务,并添加开机启动 [root@nextcloud-server ~]# systemctl start php-fpm [root@nextcloud-server ~]# systemctl start nginx [root@nextcloud-server ~]# systemctl enable php-fpm [root@nextcloud-server ~]# systemctl enable nginx
二、安装并配置MariaDB
使用MaraiDB作为Nextcloud数据库。yum安装MaraiDB服务
[root@nextcloud-server ~]# yum -y install mariadb mariadb-server
启动MariaDB服务并添加开机启动
[root@nextcloud-server ~]# systemctl start mariadb [root@nextcloud-server ~]# systemctl enable mariadb
初始化设置MariaDB的root密码
[root@nextcloud-server ~]# mysql_secure_installation //按照提示设置密码,首先会询问当前密码,密码默认为空,直接回车即可
Enter current password for root (enter for none): //直接回车
Set root password? [Y/n] Y
New password: //输入新密码
Re-enter new password: //再次输入新密码
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
==============================================================================================
或者采用另一种修改密码的方式:跳过授权表
1)在/etc/my.cnf文件里添加"skip-grant-tables"
2)重启mariadb服务
3)无密码登陆mariadb,然后重置mysql密码
MariaDB [(none)]> update mysql.user set password=password("kevin@123") where user="root";
4)去掉/etc/my.cnf文件里的"skip-grant-tables"内容
5)重启mariadb服务
6)这样就可以使用上面重置的新密码kevin@123登陆mariadb了
设置完MariaDB的密码后,使用命令行登录MariaDB,并为Nextcloud创建相应的用户和数据库。例如数据库为nextcloud_db,用户为nextclouduser,密码为nextcloudpasswd:[root@nextcloud-server ~]# mysql -p ...... MariaDB [(none)]> create database nextcloud_db; MariaDB [(none)]> create user nextclouduser@localhost identified by ‘nextcloudpasswd‘; MariaDB [(none)]> grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by ‘nextcloudpasswd‘; MariaDB [(none)]> flush privileges;
三、为Nextcloud添加ssl证书
[root@nextcloud-server ~]# cd /etc/nginx/cert/ 把ssl证书存放到该目录下[root@izwz91s0gf4qff7s73cceez cert]# ll total 68380 -rw-r--r-- 1 root root 1675 Jul 22 10:10 2531841_www.shujuy.xyz.key -rw-r--r-- 1 root root 4046 Jul 22 10:11 2531841_www.shujuy.xyz_nginx.zip -rw-r--r-- 1 root root 3667 Jul 22 10:10 2531841_www.shujuy.xyz.pem 然后将证书文件的权限设置为660 [root@nextcloud-server cert]# chmod 700 /etc/nginx/cert [root@nextcloud-server cert]# chmod 600 /etc/nginx/cert/*
[root@nextcloud-server ~]# yum -y install wget unzip bzip2 [root@nextcloud-server ~]# cd /usr/local/src/ [root@nextcloud-server src]# wget https://download.nextcloud.com/server/releases/nextcloud-16.0.1.tar.bz2 [root@nextcloud-server src]# tar jxvf nextcloud-16.0.1.tar.bz2 [root@nextcloud-server src]# mv nextcloud /apps/ [root@nextcloud-server src]# chown nginx:nginx -R /data1/nextcloud/
五、设置Nginx虚拟主机
进入Nginx的虚拟主机配置文件所在目录并创建一个新的虚拟主机配置(记得修改两个server_name为自己的域名):
[root@nextcloud-server ~]# cd /etc/nginx/conf.d/ [root@nextcloud-server conf.d]# vim nextcloud.conf
upstream php-handler { server 127.0.0.1:9000; #server unix:/var/run/php5-fpm.sock; } server { listen 80; server_name nextcloud.kevin-inc.com; # enforce https return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name nextcloud.kevin-inc.com; ssl_certificate /etc/nginx/cert/nextcloud.crt; ssl_certificate_key /etc/nginx/cert/nextcloud.key; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Path to the root of your installation root /apps/html/nextcloud/; location = /robots.txt { allow all; log_not_found off; access_log off; } # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you‘re planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json # last; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } # set max upload size client_max_body_size 512M; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location / { rewrite ^ /index.php$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~* \.(?:css|js)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into # this topic first. add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don‘t log access to assets access_log off; } location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # Optional: Don‘t log access to other assets access_log off; } }
接下来测试以下配置文件是否有错误,确保没有问题后重启Nginx服务。
[root@nextcloud-server conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@nextcloud-server conf.d]# systemctl restart nginx
六、为Nextcloud设置Firewalld防火墙和SELinux
可以选择关闭Firewalld和SELinux [root@nextcloud-server ~]# systemctl stop firewalld [root@nextcloud-server ~]# systemctl disable firewalld [root@nextcloud-server ~]# setenforce 0 [root@nextcloud-server ~]# getenforce disable [root@nextcloud-server ~]# cat /etc/sysconfig/selinux ...... SELINUX=disabled
如果打开了防火墙,则需要设置Firewalld和SELinux
首先需要安装SElinux管理工具policycoreutils-python[root@nextcloud-server ~]# yum -y install policycoreutils-python
接着设置SELinux
[root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t ‘/apps/nextcloud/data(/.*)?‘
[root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t ‘/apps/nextcloud/config(/.*)?‘
[root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t ‘/apps/nextcloud/apps(/.*)?‘
[root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t ‘/apps/nextcloud/assets(/.*)?‘
[root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t ‘/apps/nextcloud/.htaccess‘
[root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t ‘/apps/nextcloud/.user.ini‘
[root@nextcloud-server ~]# restorecon -Rv ‘/apps/nextcloud/‘
接下来设置Firewlld防火墙,为Nextcloud开放http和https两个端口
[root@nextcloud-server ~]# systemctl start firewalld
[root@nextcloud-server ~]# systemctl enable firewalld
[root@nextcloud-server ~]# firewall-cmd --permanent --add-service=http
[root@nextcloud-server ~]# firewall-cmd --permanent --add-service=https
[root@nextcloud-server ~]# firewall-cmd --reload
七、安装Nextcloud
解析上面nginx中配置的域名nextcloud.kevin-inc.com,访问访问http://nextcloud.kevin-inc.com进行Nextcloud界面安装(访问http域名会自动跳转到https,安装提示安装即可!) 346 yum -y install memcached
347 cat /etc/sysconfig/memcached
348 systemctl start memcached
349 systemctl enable memcached
350 lsof -i:11211
351 yum install lsof
352 lsof -i:11211
353 cd /apps/nextcloud
354 ll
355 cd config/
356 ll
357 cp -a config.php config.php.bar
358 ll
359 vim config.php
360 vim /etc/php.ini
361 cd /etc/
362 cpp -a php.ini php.ini.bar
363 cp -a php.ini php.ini.bar
364 vim php.ini
365 vim /etc/nginx/conf.d/nextcloud.conf
366 systemctl restart php-fpm
367 systemctl restart nginx
原文:https://www.cnblogs.com/iamjianghao/p/11239949.html