一、环境:
系统: ubuntu 1804
数据库: mysql
服务器: nginx
二、环境配置:
1. 安装ubuntu1804:
(不做赘述)
2. 安装mysql:
sudo apt-get install mysql-server
经过一系列配置之后可以正常使用.
(不做赘述…)
2.1 创建nextcloud的数据库:
为nextcloud服务单独创建一个数据及数据表方便管理:
1.创建数据库:
create database ncloud charset=utf8;
2.创建用户并绑定数据库权限:
# 新建用户nextcloud,绑定ncloud数据库的所有权限
mysql> grant all privileges on ncloud.* to "nextcloud"@"%" identified by "12345679";
Query OK, 0 rows affected, 1 warning (0.00 sec)
# 刷新
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
3.安装nginx服务器:
sudo apt-get install nginx nginx-extras
安装完成后, 浏览器输入: 127.0.0.1, 检查服务器是否安装成功并启动
ps: 附上nginx的常用命令:
启动命令:sudo service nginx {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}
查看版本:sudo nginx -v
检查配置文件:sudo nginx -t
查看端口被占用情况:netstat -apn
更精确的查找:netstat -apn | grep 80
4.安装PHP及相关应用:
这一项不能直接参考nextcloud的官方文档, 因为官方文档给出的是Apache的php依赖,所以,
sudo apt-get -y install php-fpm php-cli php-json php-curl php-imap php-gd php-mysql php-xml php-zip php-intl php-imagick php-mbstring
配置PHP:
$ sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.2/fpm/php.ini
$ sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.2/fpm/php.ini
$ sudo sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=1/" /etc/php/7.2/fpm/php.ini
$ sudo sed -i "s/upload_max_filesize = .*/upload_max_filesize = 200M/" /etc/php/7.2/fpm/php.ini
$ sudo sed -i "s/post_max_size = .*/post_max_size = 200M/" /etc/php/7.2/fpm/php.ini
ps:
配置的时候不要盲目的复制,要核对好php的版本.
重启PHP-FPM:
sudo systemctl restart php7.2-fpm
这个时候可以测试一下php是否安装成功并与nginx服务器联通
5.下载NextCloud:
(下载的问题,直接去官网下载压缩包,活着使用wget命令进行下载)
解压到 /var/www/ 目录并更改权限:
unzip nextcloud-xx.xx.zip
sudo mkdir /var/www/
sudo mv nextcloud/ /var/www/
sudo chown -R www-data: /var/www/nextcloud
6. 安装配置Nginx:
6.1生成生成自签名证书:
我们可以创建一个目录用来存放所有SSL相关文件,在/etc/nginx下创建:
$ sudo mkdir /etc/nginx/ssl
创建 SSL密钥和证书文件:
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
我们来看一看上面命令各个选项的意思:
- openssl:这是创建和管理OpenSSL密钥、证书和其它文件的命令行工具
- req:指定使用X.509证书签名要求(CSR)
- -x509:创建自签名证书,而不生成签名请求
- -nodes:证书不使用密码,我们需要Nginx能直接读取文件,在重启Nginx时,不用输入密码
- -days 365::证书的有效时间,这里是一年
- -newkey rsa:2048:同时生成一个新证书和新密钥,RSA密钥长度:2048位
- -keyout:密钥生成的路径
- -out:证书生成的路径
执行上面命令,需要回答一系列问题。其中,最重要的一个问题是Common Name (e.g. server FQDN or YOUR name),输入你的域名。如果没有域名的话,使用ip地址。
问题大似如下:
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:hainan
Locality Name (eg, city) []:sanya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:topspeedsnail.
Organizational Unit Name (eg, section) []:topspeedsnail
Common Name (e.g. server FQDN or YOUR name) []:your_domain.com
Email Address []:admin@your_domain.com
这样在/etc/nginx/ssl目录下生成了2个文件,就是nginx ssl的认证证书
官方的nginx配置文件
upstream php-handler {
# php-fpm的服务需要根据自己的实际去改
#server 127.0.0.1:9000;
server unix:/var/run/php/php7.2-fpm.sock;
}
server {
listen 80;
listen [::]:80;
# 域名根据自己的实际情况去改
server_name cloud.example.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# 域名根据自己的实际情况去改
server_name cloud.example.com;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
# 下边两个是ssl的证书文件,很重要,需要根据实际情况去改
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
# 这里是nextcloud的项目文件目录,需要根据实际情况去改
root /var/www/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
# rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$request_uri;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
最后:
重启php-fpm:
sudo systemctl restart php7.2-fpm
重启nginx服务或者重新加载nginx配置文件。
启动nginx服务:
service nginx start
重新加载配置文件:
nginx -s reload
当前的最后:
因为对nginx的不熟悉, 所以还是会有一下问题的,总之是可以用了,先这样吧…
1806
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
