nextcloud搭建私有云盘
一、基础环境准备
1、安装一台centos7的linux服务器。
# 系统初始化 # 如果时区不对,请修改时区 #mv /etc/localtime /etc/localtime_bak #ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime # 修改selinux vi /etc/selinux/config SELINUX=disabled # 修改当前环境的selinux setenforce 0 # 关闭防火墙 systemctl stop firewalld systemctl disable firewalld iptables -F # 安装基础包 yum install -y net-tools vim lrzsz wget tree screen lsof tcpdump bash-completion.noarch ntp zip unzip git yum install -y gcc gcc-c++ libstdc++ make cmake curl bind-utils yum install -y epel-release yum-utils curl policycoreutils-python mlocate bzip2 # 时钟同步 crontab -e */30 * * * * ntpdate ntp1.aliyun.com # 开机启动时钟同步 vim /etc/rc.local ntpdate ntp1.aliyun.com # 修改主机名 hostnamectl set-hostname cloud.139 # exit 退出重新登录
2、安装LNMP环境
安装nginx
yum install gcc gcc-c++ autoconf automake make cmake zlib zlib-devel openssl openssl-devel pcre pcre-devel -y mkdir /data/apps/shell/software -p cd /data/apps/shell/software/ wget -c http://nginx.org/download/nginx-1.16.1.tar.gz wget -c http://labs.frickle.com/files/ngx_cache_purge-2.3.tar.gz git clone git://github.com/vozlt/nginx-module-vts.git useradd www -M -s /sbin/nologin tar xf nginx-1.16.1.tar.gz tar xf ngx_cache_purge-2.3.tar.gz cd nginx-1.16.1/ ./configure --prefix=/data/apps/nginx \ --user=www --group=www \ --with-http_ssl_module \ --with-http_stub_status_module \ --with-http_gzip_static_module \ --with-mail \ --with-mail_ssl_module \ --with-http_realip_module \ --with-stream \ --with-pcre \ --add-module=../ngx_cache_purge-2.3 \ --add-module=../nginx-module-vts make && make install vim /usr/lib/systemd/system/nginx.service [Unit] Description=nginx service After=network.target [Service] Type=forking ExecStart=/data/apps/nginx/sbin/nginx ExecReload=/data/apps/nginx/sbin/nginx -s reload ExecStop=/data/apps/nginx/sbin/nginx -s quit PrivateTmp=true [Install] WantedBy=multi-user.target
配置nginx
# 将默认的nginx.conf替换成我们的配置
# 新建vhost/cloud.conf
# 新建目录,后续存放nextcloud的代码。
mkdir /data/apps/web/nextcloud
# 编辑nginx配置
vim vhost/cloud.conf
server {
listen 80;
server_name localhost;
root html;
index index.js index.html index.htm index.php;
access_log /data/apps/nginx/logs/cloud.access.log;
error_log /data/apps/nginx/logs/cloud.error.log;
location / {
root /data/apps/web/nextcloud;
index index.html index.htm index.php;
try_files $uri $uri/ /index.php?$query_string;
}
error_page 500 502 503 504 /50x.html;
location ~ \.php$ {
send_timeout 120;
fastcgi_read_timeout 120;
fastcgi_connect_timeout 120;
fastcgi_send_timeout 120;
client_max_body_size 600m;
root /data/apps/web/nextcloud;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location = /50x.html {
root /data/apps/nginx/html;
}
}安装php
yum install php
php-devel php-pearphp-gmp php-zip php-xml php-gd php-mcrypt php-devel php-mysql php-gd php-bcmath php-pdo php-pecl-imagick php-fpm php-curl -y# 按照文档安装好php之后,修改配置 # 配置PHP-FPM vi /etc/php-fpm.d/www.conf # 将用户和组都改为pi user = www group = www # 注意:php-fpm所监听的端口为9000 listen = 127.0.0.1:9000 # 去掉下面几行注释 env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp # 增加php内存 vi /etc/php.ini # 每个脚本可以消耗的时间,单位也是秒 max_input_time = 60 # 脚本运行最大消耗的内存 memory_limit = 1024M # 上载文件的最大许可大小 upload_max_filesize = 1024M # 在/var/lib目录下为session路径创建一个新的文件夹,并将用户名和组设为nginx mkdir -p /var/lib/php/session chown www:www -R /var/lib/php/session/
重启服务:
systemctl restart php-fpm
安装mysql
yum install mysqld -y
配置mysql
# 创建nextcloud库 create database nextcloud; # 赋予权限给linno用户 grant all privileges on nextcloud.* to linno@'127.0.0.1'; # 刷新权限 flush privileges;
二、安装nextcloud
去官网下载安装包
官网下载地址:https://nextcloud.com/install/#instructions-server
有三种方式安装,我们选择压缩包安装。
下载安装包
wget -c https://download.nextcloud.com/server/releases/nextcloud-18.0.4.zip
解压
unzip nextcloud-18.0.4.zip mkdir -p /data/apps/web/ mv nextcloud /data/apps/web/
修改权限
chown -R www.www ./
浏览器访问地址:http://172.16.143.139
默认会使用SQLite数据库,所以我们需要修改数据为mysql。
点击存储与数据库,点击MySQL/MariaDB,切换到MySQL配置,输入相关的配置信息。
三、修改配置
1、生成ssl证书
# openssl生成秘钥 openssl req -new -x509 -days 365 -nodes -out /data/apps/nginx/conf/ssl/nextcloud.crt -keyout /data/apps/nginx/conf/ssl/nextcloud.key
下面是要输入的一些参数
Generating a 2048 bit RSA private key ......+++ .............+++ writing new private key to '/data/apps/nginx/conf/ssl/nextcloud.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:guangdong Locality Name (eg, city) [Default City]:guangzhou Organization Name (eg, company) [Default Company Ltd]:doubles Organizational Unit Name (eg, section) []:doubles Common Name (eg, your name or your server's hostname) []:doubles Email Address []:doubles@doubles.com
2、创建nextcloud.conf
# cd /data/apps/nginx/conf/vhost
# 之前的移走 mv cloud.conf cloud.conf_2020042902 vim nextcloud.conf
下面为nextcloud.conf的配置,主要替换了ssl证书的路径,与root目录的路径
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name localhost;
# enforce https
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /data/apps/nginx/conf/ssl/nextcloud.crt;
ssl_certificate_key /data/apps/nginx/conf/ssl/nextcloud.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
#root /usr/share/nginx/html/nextcloud/;
root /data/apps/web/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 10240M; # 上传文件最大限制,php.ini中也要修改,最后优化时会提及。
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}重载配置
/data/apps/nginx/sbin/nginx -t /data/apps/nginx/sbin/nginx -s reload
四、查看web页面
登录后如下:
搭建成功.
如果要使用移动端,可以去应用市场下载nextcloud 的移动app,连接上该地址。
