nextcloud个人网盘搭建

一，基础环境准备

# 系统初始化
# 如果时区不对，请修改时区
#mv /etc/localtime /etc/localtime_bak
#ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

# 修改selinux
vi /etc/selinux/config
  SELINUX=disabled
 # 修改当前环境的selinux
setenforce 0
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
iptables -F
# 安装基础包
yum  install -y net-tools vim lrzsz wget tree ``screen` `lsof` `tcpdump ``bash``-completion.noarch ntp zip unzip git
yum install -y gcc gcc-c++ libstdc++ make cmake curl bind-utils 
yum install -y epel-release yum-utils curl policycoreutils-python mlocate bzip2
# 时钟同步
crontab -e
*/30 * * * * ntpdate ntp1.aliyun.com
# 开机启动时钟同步
vim /etc/rc.local
ntpdate ntp1.aliyun.com

# 修改主机名
hostnamectl set-hostname cloud.139
# exit 退出重新登录

安装php

sudo yum install epel-release
sudo rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

yum --enablerepo=remi-php73 install php

yum --enablerepo=remi-php73 install php-xml php-soap php-xmlrpc php-mbstring php-json php-gd php-mcrypt php-mysql
yum --enablerepo=remi-php73 install php-fpm
yum --enablerepo=remi-php73 install php73-php-pecl-zip.x86_64 php73-php-pecl-mysql.x86_64 php73-php-pecl-mysql-xdevapi.x86_64 php73-php-pecl-mysqlnd-azure.x86_64 php73-php-pdo-dblib.x86_64

yum --enablerepo=remi-php73 search php | grep php73

vim /etc/php-fpm.d/www.conf

设置运行的账号全部为nginx
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

listen的方式和端口一定要正确，此处的配置与NGINX一定要对应。
listen = 127.0.0.1:9000

启用此处几个配置
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

下一步，创建一下session目录，并且修改权限。

mkdir -p /var/lib/php/session
chown nginx:nginx -R /var/lib/php/session/ 

systemctl start php-fpm

systemctl status php-fpm

cd /etc/nginx/

vim nginx.conf

location ~ \.php$ {
            # 设置监听端口
            fastcgi_pass   127.0.0.1:9000;
            # 设置nginx的默认首页文件(上面已经设置过了，可以删除)
            fastcgi_index  index.php;
            # 设置脚本文件请求的路径
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            # 引入fastcgi的配置文件
            include        fastcgi_params;
        }

systemctl restart nginx

cd /usr/share/nginx/html

vim phpinfo.php

http://192.168.0.110/phpinfo.php

二， 安装和配置 MariaDB

使用CENTOS来安装mysql数据或者使用mariadb都是比较简单的过程。

yum install mariadb mariadb-server

开机启动
systemctl enable mariadb

启动mariadb服务
systemctl start mariadb

配置mariadb
mysql_secure_installation
会提示设置root的密码

Remove anonymous users? [Y/n] <– 是否删除匿名用户，Y回车

Disallow root login remotely? [Y/n] <–是否禁止root远程登录,n回车,

Remove test database and access to it? [Y/n] <– 是否删除test数据库，y回车

Reload privilege tables now? [Y/n] <– 是否重新加载权限表，y回车

mysql -uroot -p

create database nextcloud_db;
show databases;

三，生成SSL证书

#创建文件证书的目录
mkdir -p /etc/nginx/cert/
# 生成证书
openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
#修改权限 
chmod 700 /etc/nginx/cert
chmod 600 /etc/nginx/cert/* 

四，安装和配置nextcloud

#解压
unzip nextcloud-23.0.4.zip
#移动到nginx的root目录
mv nextcloud/ /usr/share/nginx/html/

#创建一个存放文件的Data目录
cd /usr/share/nginx/html/
mkdir -p nextcloud/data/

#变更 nextcloud 目录的拥有者为 nginx 用户和组
chown nginx:nginx -R nextcloud/

cd /etc/nginx/conf.d/

vi nextcloud.conf

upstream php-handler {
    server 127.0.0.1:9000;
 #server unix:/var/run/php5-fpm.sock;
}

server {
    listen 80;
    server_name ip;
 # enforce https
 return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name ip;

    ssl_certificate /etc/nginx/cert/nextcloud.crt;
    ssl_certificate_key /etc/nginx/cert/nextcloud.key;

 # Add headers to serve security related headers
 # Before enabling Strict-Transport-Security headers please read into this
 # topic first.
    add_header Strict-Transport-Security "max-age=15768000;
    includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

 # Path to the root of your installation
    root /usr/share/nginx/html/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
 }

 # The following 2 rules are only needed for the user_webfinger app.
 # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        add_header Strict-Transport-Security "max-age=15768000;
        includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
 }

    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
 # Optional: Don't log access to other assets
        access_log off;
    }
} 

extension=/opt/remi/php73/root/usr/lib64/php/modules/zip.so

extension=/opt/remi/php73/root/usr/lib64/php/modules/mysql.so

extension=/opt/remi/php73/root/usr/lib64/php/modules/pdo.so

extension=/opt/remi/php73/root/usr/lib64/php/modules/mysqlnd.so

extension=/opt/remi/php73/root/usr/lib64/php/modules/mysqli.so