CentOS8.2+PHP7.2+Nginx1.14
写在最前面
读万卷书不如行万里路
之前家里有个群晖DS218+,关机一个多月回来后发现无法开机,返厂维修搞不定直接折价给我退钱了(感谢jd售后)。想着DS720+即将发布就暂未入手老款机型,左等右等,等到花儿都谢了(截至7月2号还未发布新品)。无意间逛咸鱼发现一款100+元小主机,甚欢喜。低功耗cpu双核1037u,千兆网卡,2.5寸SATA。很小巧,金属机身,满意,最最最重要【便宜】,这价格就不用报备了,开心拿下。(要不要上张图呢,算了,广告嫌疑)
安装系统与软件
系统
小主机可以安装Windows x64嵌入式版本,使用还算流畅。
作为喜欢折腾的我肯定不满现状,于是乎,格盘重装CentOS
重装系统很简单,CentOS8.2 下载地址1(163下载速度真不赖)
系统更新、安装小工具
8.2的软件包维护使用的dnf命令,使用起来很方便,超级舒心
##更新
dnf update
##安装net-tools 、 unzip
dnf install -y net-tools unzip
###################常用dnf命令####################
# dnf search nginx #查找安装包 #
# dnf info nginx.x86_64 #查看nginx版本 #
#################################################
关闭防火墙、SELINUX
#状态
systemctl status firewalld
#停止
systemctl stop firewalld
#删除自启动
systemctl disable firewalld
#启动
##systemctl start firewalld
#设置自启动
##systemctl enable firewalld
getenforce
#临时调整 重启失效
setenforce 0
cd /etc/selinux/
cp config config_`date +%Y%m%d`
##永久关闭SELINUX
sed -i 's/SELINUX=enforcing/SELINUX=Permissive/' config
getenforce
安装Nginx
#安装nginx
dnf install -y nginx
cd /etc/nginx
#删除nginx.conf中的空行和注释行
mv nginx.conf nginx.conf_`date +%Y%m%d`
grep -Ev '#|^%|^$' nginx.conf_`date +%Y%m%d` > nginx.conf
##赋权
chown nginx:nginx -R /usr/share/nginx/html
#启动nginx
systemctl start nginx
#状态
systemctl status nginx
##获取ip地址
ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d '/'
浏览器验证http://ip
安装PHP
#安装php
dnf install -y php
#启动php-fpm
systemctl start php-fpm
安装Mysql
#安装mysql
dnf install -y mysql-server
#初始化mysql
/usr/sbin/mysqld --initialize --user=mysql
#启动mysql
systemctl start mysqld
#查询密码
grep password /var/log/mysql/mysqld.log
mysql -uroot -p
mysql> alter user 'root'@'localhost' identified by 'new-passwd';
mysql> flush privileges;
mysql> quit;
Nginx和PHP整合
##新增index.php用于测试
echo -e "<?php \nphpinfo();\n?>" > /usr/share/nginx/html/index.php
chown nginx:nginx /usr/share/nginx/html/index.php
##备份配置文件
cp /etc/nginx/conf.d/php-fpm.conf /etc/nginx/conf.d/php-fpm.conf_`date +%Y%m%d`
cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.conf_`date +%Y%m%d`
#vi /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
root /usr/share/nginx/html;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 5001 default_server;
listen [::]:5001 default_server;
server_name _;
include /etc/nginx/default.d/*.conf;
location / {
}
#主要是增加这一段以及修改监听端口
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
#vi /etc/php-fpm.d/www.conf
;修改user、group
[www]
user = nginx
group = nginx
;Nextcloud客户端提及需要新增如下一行
;env[PATH] = /usr/local/bin:/usr/bin:/bin:/usr/local/php/bin
#重启服务
systemctl restart nginx
systemctl restart php-fpm
浏览器验证http://ip:5001/index.php
安装NextCloud
Nextcloud下载
版本自行确认:nextcloud-19.0.0[nextcloud-19.0.0]、nextcloud-20.0.0[nextcloud-20.0.0]
生成自签名ssl证书
如有域名可以自行去域名提供商处下载
mkdir -p /etc/nginx/cert
cd /etc/nginx/cert/
openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
##自用 可以随意填写
Country Name (2 letter code) [XX]:cn #国家
State or Province Name (full name) []:Shanghai #省份
Locality Name (eg, city) [Default City]:Shanghai #地区名字
Organization Name (eg, company) [Default Company Ltd]:Admin #公司名
Organizational Unit Name (eg, section) []:Admin #部门
Common Name (eg, your name or your server's hostname) []:Admin #CA主机名
Email Address []:Admin@Admin.com #Email地址
# 修改证书和文件夹权限
chmod 600 /etc/nginx/cert/*
chmod 700 /etc/nginx/cert
Nextcloud安装
以nextcloud-19.0.0版本为例:
ftp上传nextcloud-19.0.0.zip至/usr/share/nginx/html
cd /usr/share/nginx/html
unzip nextcloud-19.0.0.zip
#vi /etc/nginx/conf.d/nextcloud.conf3
server、server_name、ssl、root 按需修改
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php-fpm/www.sock;
}
server {
listen 80;
listen [::]:80;
server_name cloud.example.com;
# enforce https
return 301 https://$server_name:443$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.example.com;
ssl_certificate /etc/nginx/cert/nextcloud.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.key;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /usr/share/nginx/html/nextcloud;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri;
access_log off;
}
}
#修改nginx.conf,删除server
#vi /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
#fastcgi_buffers 8 128k;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
}
服务启动
##先赋权
chown nginx:nginx -R /var/lib/php/session/
chown nginx:nginx -R /usr/share/nginx/html
##重启nginx
systemctl restart nginx
##重启php-fpm
systemctl restart php-fpm
##重启mysql
systemctl restart mysqld
页面配置
https://ip:port/
后续
未完待续,如有以为及时评价留言^^