本文介绍如何在 CentOS 7.6 服务器中安装和配置最新版本的 Nextcloud 16.0.1,部署基于 mariadb、Nginx 和 PHP7.2-FPM 。全部使用yum包安装
一、系统准备
1、最小化安装centos7.6
2、将yum源更改为国内源,并添加epel源。建议使用utsc提供的源。
二、安装nginx和php
1、安装nginx
[root@pan ~]# yum -y install nginx
2、安装php7.2
[root@pan ~]#rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
[root@pan ~]# yum -y install php72w-fpm php72w-cli php72w-gd php72w-mysql php72w-pear php72w-xml php72w-mbstring php72w-pdo php72w-json php72w-pecl-apcu
3、配置php-fpm
[root@pan ~]# vi /etc/php-fpm.d/www.conf
.
.
.
user = nginx //将用户和组都改为nginx
group = nginx
.
.
.
listen = 127.0.0.1:9000 //注意:php-fpm所监听的端口为9000
.
.
.
env[HOSTNAME] = $HOSTNAME //去掉下面几行注释
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp4、在/var/lib目录下为session路径创建一个新的文件夹,并将用户名和组设为nginx
[root@pan ~]# mkdir -p /var/lib/php/session
[root@pan ~]# chown nginx:nginx -R /var/lib/php/session/
5、启动Nginx和php-fpm服务,并添加开机启动
[root@pan ~]# systemctl start php-fpm
[root@pan ~]# systemctl start nginx
[root@pan ~]# systemctl enable nginx
[root@pan ~]# systemctl enable php-fpm
三、安装并配置MariaDB
1、yum安装MaraiDB服务
[root@pan ~]# yum -y install mariadb mariadb-server
2、启动MariaDB服务并添加开机启动
[root@pan ~]# systemctl start mariadb
[root@pan ~]# systemctl enable mariadb
3、设置MariaDB的root密码
[root@pan ~]# mysql_secure_installation
4、创建nextcloud数据库、数据库用户和密码,分别为nextcloud_db、nextclouduser、nextcloudpasswd
MariaDB [(none)]> create database nextcloud_db;
MariaDB [(none)]> create user nextclouduser@localhost identified by'nextcloudpasswd';
MariaDB [(none)]> grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by'nextcloudpasswd';
MariaDB [(none)]> flush privileges;
四、为Nextcloud生成自签名SSL证书
[root@pan ~]# mkdir -p /etc/nginx/cert
[root@pan cert]# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
Generating a 2048 bit RSA private key
.......................................................................................+++
.....+++
writing new private key to '/etc/nginx/cert/nextcloud.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:jilin
Locality Name (eg, city) [Default City]:cc
Organization Name (eg, company) [Default Company Ltd]:cctc
Organizational Unit Name (eg, section) []:nc
Common Name (eg, your name or your server's hostname) []:pan
Email Address []:478201@qq.com
[root@pan cert]# chmod 700 /etc/nginx/cert
[root@pan cert]# chmod 600 /etc/nginx/cert/*
五、下载并安装Nextcloud
[root@pan cert]# yum -y install wget unzip
[root@pan cert]# cd /usr/local/src/
[root@pan src]#
wget https://download.nextcloud.com/server/releases/nextcloud-16.0.1.zip
[root@pan src]# unzip nextcloud-16.0.1.zip
[root@pan src]# mv nextcloud /usr/share/nginx/html/
并为Nextcloud创建data目录,将Nextcloud的用户和组修改为nginx
[root@pan src]# cd /usr/share/nginx/html/
[root@pan html]# mkdir -p nextcloud/data
[root@pan html]# chown nginx:nginx -R nextcloud/
六、配置Nginx虚拟主机,注意将server_name修改成你的服务器名称
[root@pan html]# vi /etc/nginx/conf.d/nextcloud.conf
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name pan.cctc.edu.cn; #需修改
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name pan.cctc.edu.cn; #需修改
ssl_certificate /etc/nginx/cert/nextcloud.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
#add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /usr/share/nginx/html/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
#add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
} 测试以下配置文件是否有错误,确保没有问题后重启Nginx服务
[root@pan html]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@pan html]# systemctl restart nginx
七、设置Firewalld防火墙和SELinux
[root@pan conf.d]# setenforce 0
[root@pan conf.d]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@pan conf.d]# firewall-cmd --permanent --add-service=http
success
[root@pan conf.d]# firewall-cmd --permanent --add-service=https
success
[root@pan conf.d]# firewall-cmd --reload
八、利用向导,完成Nextcloud安装
九、进一步优化
1、安装建议php模块
[root@pan conf.d]# yum install php72w-intl php72w-pecl-imagick
2、增加php内存
[root@pan ~]# vi /etc/php.ini
.
.
.
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 512M
.
.
.3、安装cache
[root@pan nginx]# yum install memcached php72w-pecl-memcached
[root@pan nginx]# systemctl start memcached
[root@pan nginx]# systemctl enable memcached
配置memcache
[root@pan nginx]# vi /usr/share/nginx/html/nextcloud/config/config.php
<?php
$CONFIG = array (
.
.
.
.
.
'installed' => true,
'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\OC\Memcache\Memcached',
'memcached_servers' => array(
array('localhost', 11211),
),
);注意:'memcache.local' => '\OC\Memcache\APCu',单独使用无法正常工作
重启php-fpm
[root@pan conf.d]# systemctl restart php-fpm
参考:https://www.cnblogs.com/kevingrace/p/8343060.html
扫一扫
908
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
