Nextcloud 安装与优化 (环境: centos7 php7 nginx MariaDB)
前期玩了一段时间这个,但当时都是基于宝塔面板的,很多东西都不知道是为了什么,现在根据前期各位大神的作品,从头到尾做了一次。发现对于我们小白来说问题不在于安装,而在于优化,而大神们将优化说的比较少,所以我将自己的过程记录下:
一、准备工作:
1、查看系统版本并升级
cat /etc/redhat-release
yum update -y
2、将自带的epel、nginx、php全部卸载
rpm -qa|grep php
rpm -qa|grep php-common
rpm -qa|grep nginx
3、关闭selinux ,关闭防火墙
a、vi /etc/selinux/config,修改SELINUX=disabled
b、systemctl stop firewalld.service
systemctl disable firewalld.service
一、安装nginx、并进行配置
1、首先要为CentOS添加epel源
yum -y install epel-release
yum -y install nginx
2、再添加一个yum源来安装php-fpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
3、安装php7-fpm和一些其它的必要的组件
yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel
4、完成后,检查一下php-fpm是否已正常安装
php -v
5、配置php7-fpm
vim /etc/php-fpm.d/×××w.conf
user = nginx //将用户和组都改为nginx
group = nginx
.....
listen = 127.0.0.1:9000 //php-fpm所监听的端口为9000
......
env[HOSTNAME] = $HOSTNAME //去掉下面几行注释,去掉前面的符号
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
6、在/var/lib目录下为session路径创建一个新的文件夹,并将用户名和组设为nginx
mkdir -p /var/lib/php/session
chown nginx:nginx -R /var/lib/php/session/
7、启动Nginx和php-fpm服务,并添加开机启动
systemctl start php-fpm
systemctl start nginx
systemctl enable php-fpm
systemctl enable nginx
二、安装并配置MariaDB
1、yum安装MaraiDB服务
yum -y install mariadb mariadb-server
2、启动MariaDB服务并添加开机启动
systemctl start mariadb
systemctl enable mariadb
3、接下来设置MariaDB的root密码
[root@nextcloud-server ~]# mysql_secure_installation //按照提示设置密码,首先会询问当前密码,密码默认为空,直接回车即可
Enter current password for root (enter for none): //直接回车
Set root password? [Y/n] Y
New password: //输入新密码
Re-enter new password: //再次输入新密码
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
4、设置完MariaDB的密码后,使用命令行登录MariaDB,并为Nextcloud创建相应的用户和数据库。
例如数据库为nextcloud_db,用户为nextclouduser,密码为nextcloudpasswd:
[root@nextcloud-server ~]# mysql -p
......
MariaDB [(none)]> create database nextcloud_db;
MariaDB [(none)]> create user nextclouduser@localhost identified by 'nextcloudpasswd';
MariaDB [(none)]> grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'nextcloudpasswd';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> \q
三、为Nextcloud生成自签名SSL证书
1、cd /etc/nginx
mkdir cert
cd /etc/nginx/cert/
openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
.....
Country Name (2 letter code) [XX]:cn //国家
State or Province Name (full name) []:beijing //省份
Locality Name (eg, city) [Default City]:beijing //地区名字
Organization Name (eg, company) [Default Company Ltd]:kevin //公司名
Organizational Unit Name (eg, section) []:Technology //部门
Common Name (eg, your name or your server's hostname) []:kevin //CA主机名
Email Address []:kevin@wangshibo.cn
×××和文件夹权限
$ chmod 600 /etc/nginx/cert/*
$ chmod 700 /etc/nginx/cert
四、下载并安装Nextcloud
yum -y install wget unzip
cd /usr/local/src/
wget https://download.nextcloud.com/server/releases/nextcloud-14.0.3.zip
unzip nextcloud-14.0.3.zip
ls
mv nextcloud /usr/share/nginx/html/
进入Nginx的root目录,并为Nextcloud创建data目录,将Nextcloud的用户和组修改为nginx
cd /usr/share/nginx/html/
mkdir -p nextcloud/data/
chown nginx:nginx -R nextcloud/
五、设置Nginx虚拟主机
进入Nginx的虚拟主机配置文件所在目录并创建一个新的虚拟主机配置(记得修改两个server_name为自己的域名)
*小白要注意:
我的云主机中需要将listen 443改为442,listen80改为81,并在安全组中对这两个端口进行放行。这里困惑了很久,因为服务商关闭了80和443端口,所以,我修改为其他的,同时在云主机—安全组中,要对这两个端口进行放行(你如果备案的话,就不存在修改端口号的问题,只需要在安全组中进行放行)
cd /etc/nginx/conf.d/
vim nextcloud.conf
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name xxx.com;
enforce https
return 301 https://$server_name$request_uri;}
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate /etc/nginx/cert/nextcloud.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /usr/share/nginx/html/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}}
接下来测试以下配置文件是否有错误,确保没有问题后重启Nginx服务。
[root@nextcloud-server conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nextcloud-server conf.d]# systemctl restart nginx
七、安装Nextcloud
解析上面nginx中配置的域名nextcloud.kevin-inc.com,访问访问http://nextcloud.kevin-inc.com进行Nextcloud界面安装(访问http域名会自动跳转到https,安装提示安装即可!)
重要的地方来了,因为各位大神都是左写一部分,右写一部分,所有我花费了很多时间来配置,下面我将我的一些错误的解决标识出来:
一、解决内存缓存问题:
1、安装redis
yum install redis -y
systemctl start redis
systemctl enable redis
ps ax | grep redis
2、安装扩展:php-redis
原则:安装和php版本一致的扩展
解决办法
a.通过命令查看当前php版本
php -v
b.列出所有的可以安装的php软件包列表
yum list | grep php7
c、查看redis包全名并安装
yum install php70w-pecl-redis.x86_64
d.重启php-fpm
systemctl restart php-fpm
3、编辑配置文件
cd /usr/share/nginx/html/nextcloud/config/
cp config.php config.php.bak
vi config.php
'memcache.local' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
),
systemctl restart nginx
systemctl start redis
systemctl enable redis
二、解决:The PHP OPcache module is not loaded.问题
1、find / -name “php.ini” 找到php.ini文件
2、备份php.ini cp /etc/php.ini /etc/php.ini.bak
3、下载对应php版本的OPcache
a、yum list | grep php7
b、安装
yum install php70w-opcache.x86_64
c、重启php-fpm
systemctl restart php-fpm
4、编辑opcache配置文件:
位置:/etc/php.d/opcache.ini
vi /etc/php.d/opcache.ini
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
三、 centos7 里搭建的nextcloud后无法登录
创建并设置 /var/lib/php/session 目录权限后问题解决。
chown nginx:nginx -R /var/lib/php/session/
四、 内部服务器错误:
cd /usr/share/nginx/html/
chown nginx:nginx -R nextcloud/
五、定时任务解决:
centos7中定时任务设置:
1、进入目录:
cd /etc/systemd/system/
2、创建文件
vi nextcloudcron.service
[Unit]
Description=Nextcloud cron.php job
[Service]
User=nginx
ExecStart=/usr/bin/php -f /usr/share/nginx/html/nextcloud/cron.php
[Install]
WantedBy=basic.target
将nginx和 /usr/share/nginx/html/nextcloud/cron.php保存为自己的用户名和地址
保存退出
3、创建nextcloudcron.timer
[Unit]
Description=Run Nextcloud cron.php every 15 minutes
[Timer]
OnBootSec=5min
OnUnitActiveSec=15min
Unit=nextcloudcron.service
[Install]
WantedBy=timers.target
4、运行
systemctl start nextcloudcron.timer
systemctl enable nextcloudcron.timer
转载于:https://blog.51cto.com/774579/2320775
1114
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
