NextCloud 二进制部署
本文为个人原创,文中的环境可能因人而异,所以如搭建不成功的情况请检查个人的Nginx和Php环境,注意查看报错信息和日志记录!对于环境配置问题,原本是采用 Centos 7 3.10.0-1160.2.2.el7.x86_64 + Nginx 1.18 + Mysql 5.7.25 + Php 7.2,但最新版本 Nextcloud 20 版本提示已不再支持 php 7.2了,因此更正成 php 7.4,以下内容仅供参考;
部署机器
Esxi 6.7 SSD+HHD
系统环境系统与内核:Centos 7 3.10.0-1160.2.2.el7.x86_64 + Nginx 1.18 + Mysql 5.7.25 + Php 7.4
环境配置
设置 Firewalld 和 SELinux
$ setenforce 0
$ sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
$ firewall-cmd --permanent --add-service=http
$ firewall-cmd --permanent --add-service=https
$ firewall-cmd --permanent --zone=public --add-port=3306/tcp
$ firewall-cmd --reload
Nginx安装
1.1 下载依赖并编译安装
$ yum -y install pcre pcre-devel zlib zlib-devel openssl openssl-devel perl*
$ cd /usr/local/src
$ wget http://nginx.org/download/nginx-1.18.0.tar.gz
$ tar -zxvf nginx-1.18.0.tar.gz && cd nginx-1.18.0
$ ./configure --prefix=/usr/local/nginx --with-http_perl_module --with-http_stub_status_module --with-http_ssl_module --with-openssl-opt="enable-tlsext"
$ make && make install
1.2 创建权限用户
$ groupadd nginx
$ useradd -M -g nginx -s /sbin/nologin nginx
$ vim /usr/local/nginx/conf/nginx.conf
user nginx nginx;
1.3 设置自启动服务
$ vim /lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
$ systemctl enable nginx.service
$ systemctl start nginx.service
MySQL安装
1.1 清除其他数据库信息
$ rpm -qa mysql
$ rpm -qa | grep mariadb
$ rpm -e --nodeps 文件名
1.2 安装环境依赖包并编译安装
$ yum -y install wget cmake gcc gcc-c++ ncurses numactl ncurses-devel libaio-devel openssl openssl-devel libaio
$ cd /usr/local/src/
$ wget https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.25-linux-glibc2.12-x86_64.tar.gz
$ tar -zxvf mysql-5.7.25-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
$ mv mysql-5.7.25-linux-glibc2.12-x86_64/ mysql/
1.3 创建权限用户并修改配置
$ groupadd mysql
$ useradd -r -g mysql mysql
$ cd /usr/local/mysql/
$ chown -R mysql:mysql ./
$ cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql
$ vim /etc/init.d/mysql
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
$ vim /etc/my.cnf
[client]
port = 3306
default-character-set=utf8
[mysqld]
basedir = /usr/local/mysql
datadir = /usr/local/mysql/data
port = 3306
character-set-server=utf8
default_storage_engine = InnoDB
sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
$ cd /usr/local/mysql/bin/
$ ./mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data
# 执行完毕后会自动生成默认的密码在执行记录中,注意复制出来
$ service mysql start
1.4 修改默认MySQL密码及访问权限
# 进入mysql/bin目录下执行
$ ./mysql -uroot -p
Enter password:输入默认的临时密码
set password=password('新密码');
grant all privileges on *.* to 'root'@'%' identified by '访问密码';
flush privileges;
1.5 设置开机启动和环境变量
$ chkconfig --list
$ chkconfig --add mysql
$ chkconfig mysql on
$ vim /etc/profile
# mysql
export MYSQL_HOME=/usr/local/mysql
export PATH=$PATH:$MYSQL_HOME/bin
$ source /etc/profile
$ systemctl status mysql.service
$ systemctl restart mysql.service
PHP安装
1.1 创建权限用户
$ groupadd php
$ useradd -M -g php -s /sbin/nologin php
1.2 下载依赖并编译安装
$ yum -y install libxml2-devel sqlite-devel libcurl-devel oniguruma-devel libpng-devel libjpeg-devel freetype-devel libzip-devel openssl-devel
# No package oniguruma-devel available.导致下述编译失败,提前补充依赖环境
configure: error: Package requirements (oniguruma) were not met:
No package 'oniguruma' found
$ yum -y install http://down.24kplus.com/linux/oniguruma/oniguruma-6.7.0-1.el7.x86_64.rpm
$ yum -y install http://down.24kplus.com/linux/oniguruma/oniguruma-devel-6.7.0-1.el7.x86_64.rpm
--------------------------------------------------------------------------------------------------
$ cd /usr/local/src
$ wget https://www.php.net/distributions/php-7.4.13.tar.gz
$ tar -zxvf php-7.4.13 && cd php-7.4.13
$ ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-mhash --with-openssl --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-iconv --with-zlib --enable-inline-optimization --disable-debug --disable-rpath --enable-shared --enable-bcmath --enable-shmop --enable-sysvsem --enable-gd --with-jpeg --with-freetype --enable-mbregex --enable-mbstring --enable-ftp --enable-pcntl --enable-sockets --enable-soap --without-pear --with-gettext --enable-session --with-curl --enable-opcache --enable-fpm --with-fpm-user=php --with-fpm-group=php --without-gdbm --enable-fast-install --disable-fileinfo
$ make && make install
1.3 创建配置文件
# 复制相关配置文件到php安装路径
$ cp /usr/local/src/php-7.4.13/sapi/fpm/init.d.php-fpm /usr/local/php/
$ cp /usr/local/src/php-7.4.13/php.ini-production /usr/local/php/etc/php.ini
# 创建php-fpm.conf配置文件
$ cd /usr/local/php/etc
php-fpm.conf.default php-fpm.d php.ini
$ cp php-fpm.conf.default php-fpm.conf
$ cd /usr/local/php/etc/php-fpm.d
$ cp www.conf.default www.conf
# 启动php-fpm测试启动脚本
$ cd /usr/local/php
$ bash init.d.php-fpm start
1.5 创建自启服务
$ vim /etc/systemd/system/php-fpm.service
[Unit]
Description=php-fpm
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/php/sbin/php-fpm
PrivateTmp=True
[Install]
WantedBy=multi-user.target
# 因之前已启动过php-fpm,现9000端口被占用无法启动服务,杀死进程再启动服务
$ netstat -lntup | grep 9000
$ killall php-fpm
$ systemctl start php-fpm.service
$ systemctl enable php-fpm.service
1.6 环境变量配置
$ vim /etc/profile
# php
export PHP_HOME=/usr/local/php
export PATH=$PATH:$PHP_HOME/bin
$ source /etc/profile
# 检查php-fpm是否正常安装
$ php -v
PHP 7.4.13 (cli) (built: Dec 8 2020 10:07:16) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
Redis安装
确认编译和依赖环境
$ gcc -v
# 6以上要求gcc版本号在5以上
# Centos7 gcc版本默认4.8.3,Red Hat 为了软件的稳定和版本支持,yum 上版本也是4.8.3,所以无法使用yum进行软件更新,所以使用scl。
# scl软件集(Software Collections),是为了给 RHEL/CentOS 用户提供一种以方便、安全地安装和使用应用程序和运行时环境的多个(而且可能是更新的)版本的方式,同时避免把系统搞乱
$ yum -y install centos-release-scl scl-utils-build
$ yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ devtoolset-9-binutils
$ scl enable devtoolset-9 bash
# 注意:scl命令启用只是临时的,推出xshell或者重启就会恢复到原来的gcc版本。如果要长期生效的话,执行如下:
$ echo "source /opt/rh/devtoolset-9/enable" >>/etc/profile
$ wget https://download.redis.io/releases/redis-6.0.9.tar.gz
$ tar -zxvf redis-6.0.9.tar.gz && cd redis-6.0.9
$ make && cd /usr/local/src/redis-6.0.9/src
$ make install PREFIX=/usr/local/redis
$ mkdir /usr/local/redis/etc && cd /usr/local/src/redis
$ cp redis.conf /usr/local/redis/etc/
创建启动服务
$ vim /usr/lib/systemd/system/redis.service
[Unit]
Description=Redis
After=network.target
[Service]
# Type=forking
PIDFile=/var/run/redis_6379.pid
ExecStart=/usr/local/redis/bin/redis-server /usr/local/redis/etc/redis.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
$ systemctl daemon-reload
$ systemctl start redis
$ systemctl enable redis
# 创建 redis 命令软链接
$ ln -s /usr/local/redis/bin/redis-cli /usr/bin/redis
# 异常处理
WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
解决方法:将/proc/sys/net/core/somaxconn值设置为redis配置文件中的tcp-baklog值一致即可
$ echo '511' > /proc/sys/net/core/somaxconn
# 上述为临时,下述为永久处理
$ echo 'net.core.somaxconn= 1024' >> /etc/sysctl.conf
$ sysctl -p
WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl...is to take effect.
原因分析:overcommit_memory设置为0,在内存不足的情况下,后台保存会失败,要解决这个问题需要将此值改为1,然后重新加载,使其生效
$ echo 'vm.overcommit_memory=1' >> /etc/sysctl.conf
$ sysctl -p
WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command .
警告:您的内核中启用了透明的大页面(THP)支持。这将创建与ReDIS的延迟和内存使用问题。若要修复此问题,请运行命令“EngEng/mS/mL/mM/ExpListNo.HugPoIP/启用”为root,并将其添加到您的/etc/rc.local,以便在重新启动后保留设置。在禁用THP之后,必须重新启动redis。
$ echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled
# 上述为临时,下述为永久处理,将如下加入到/etc/rc.local
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
Nextcloud安装
1.1 配置php-fpm
$ vim /usr/local/php/etc/php-fpm.d/www.conf
# 去掉下面几行注释
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
1.2 为Nextcloud创建相应的用户和数据库。
例如数据库为nextcloud_db,用户为nextclouduser,密码为nextcloudpasswd:
$ mysql -uroot -p
mysql> create database nextcloud_db;
mysql> create user nextclouduser@localhost identified by 'nextcloudpasswd';
mysql> grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'nextcloudpasswd';
mysql> grant all privileges on *.* to 'nextclouduser'@'%' identified by 'nextcloudpasswd';
mysql> flush privileges;
1.3 为Nextcloud添加ssl证书
# 没有就创建一个
$ cd /usr/local/nginx/cert/
把ssl证书存放到该目录下
$ openssl req -new -x509 -days 365 -nodes -out ./nextcloud.crt -keyout ./nextcloud.key
Generating a 2048 bit RSA private key
.....................................................................................................................+++
...................................................................................................+++
writing new private key to './nextcloud.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #国家
State or Province Name (full name) []:GuangDong #省份
Locality Name (eg, city) [Default City]:DG #地区
Organization Name (eg, company) [Default Company Ltd]:CompanyName #公司名
Organizational Unit Name (eg, section) []:IT #部门
Common Name (eg, your name or your server's hostname) []:Cloud #域名
Email Address []:yuikuen.yuen@hotmail.com #邮箱
[root@Cloud cert]# ll
total 8
-rw-r--r--. 1 root root 1399 Dec 4 09:48 nextcloud.crt
-rw-r--r--. 1 root root 1704 Dec 4 09:48 nextcloud.key
然后将证书文件的权限设置为660
$ chmod 700 /usr/local/nginx/cert
$ chmod 600 /usr/local/nginx/cert/*
$ ll
total 8
-rw-------. 1 root root 1399 Dec 4 09:48 nextcloud.crt
-rw-------. 1 root root 1704 Dec 4 09:48 nextcloud.key
1.4 下载并安装Nextcloud
$ wget https://download.nextcloud.com/server/releases/nextcloud-20.0.3.zip
$ unzip nextcloud-20.0.3.zip
$ mv nextcloud /usr/local/nginx/html/nextcloud
1.5 修改配置并创建配置文件
$ vim /usr/local/nginx/conf/nginx.conf
location / {
root html;
index index.php index.html index.htm;
}
# 取消注释并开启支持php
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# 最后增加vhosts目录
include /usr/local/nginx/vhosts/*.conf;
$ vim /usr/local/nginx/vhosts/nextcloud.conf
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
# listen 80;
# server_name 你的域名;
# enforce https
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name 127.0.0.1;
ssl_certificate /usr/local/nginx/cert/nextcloud.crt;
ssl_certificate_key /usr/local/nginx/cert/nextcloud.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /usr/local/nginx/html/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 1024M; # 上传文件最大限制,php.ini中也要修改。
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 150;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
问题集
未找到 PHP zip 模块未安装
$ cd /usr/local/src/php-7.4.13/ext/zip/
$ /usr/local/php/bin/phpize
Configuring for:
PHP Api Version: 20190902
Zend Module Api No: 20190902
Zend Extension Api No: 320190902
$ ./configure --with-php-config=/usr/local/php/bin/php-config
$ make && make install
# php.ini配置文件增加zip模块
$ vim /usr/local/php/etc/php.ini
extension=zip
报错1:Zip编译 /usr/local/php/bin/phpize 时报 Libzip、Cmake 版本过旧**
CMake Error at CMakeLists.txt:4 (CMAKE_MINIMUM_REQUIRED):
CMake 3.0.2 or higher is required. You are running version 2.8.12.2
-- Configuring incomplete, errors occurred!
# 卸载旧版本再下载新版本安装
$ yum remove cmake -y
$ wget https://cmake.org/files/v3.19/cmake-3.19.0.tar.gz
$ tar -zxvf cmake-3.19.0.tar.gz && cd cmake-3.19.0
$ ./bootstrap
$ gmake && gmake install
$ ln -s /usr/local/bin/cmake /usr/bin/
-----------------------------------------------------------------------------------------------------
configure: error: Package requirements (libzip >= 0.11 libzip != 1.3.1 libzip != 1.7.0) were not met:
Requested 'libzip >= 0.11' but version of libzip is 0.10.1
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively, you may set the environment variables LIBZIP_CFLAGS
and LIBZIP_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
# 卸载旧版本再下载新版本安装
$ yum remove libzip -y
$ wget https://libzip.org/download/libzip-1.7.3.tar.gz
$ tar -zxvf libzip-1.7.3.tar.gz && cd libzip-1.7.3
$ mkdir build && cd build \
&& cmake -DCMAKE_INSTALL_PREFIX=/usr .. \
&& make \
&& sudo make install
报错2:登录无限循环或报、服务器不能完成您的请求、内部服务器错误不能完成请求
请求的ID会不断改变,查询logo也没有太多有用的信息,基本是php session权限的问题,首先检查 php-fpm 的设置,确保 user 和 group 和 web 服务器一致;
$ vim /usr/local/php/etc/php-fpm.d/www.conf
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
# 根据客户端替换
user = nginx
group = nginx
$ chown -R root:nginx /usr/local/php/include/php/ext/session/
$ chown nginx:nginx -R /usr/local/nginx/html/nextcloud
$ systemctl resetart php-fpm
# 如没有作用或你不知道web服务器用户是什么,可以试下下述命令再清空浏览器Cookie,就可以登陆成功;
$ chmod -R 777 /usr/local/php/include/php/ext/session/
报错3:以下内容为无论是 Php 7.2 或 Php 7.4 在 ‘安全与设置警告’ 时都可能出现的情况;因为在安装的过程中,无报错并且也成功搭建使用,修正过程较为繁杂,在此记录以备使用。(Nextcloud 最新版本使用 Php 7.2 时提示 PHP 版本不再支持并且使用cron任务时总提醒有错误,因此才重新采用 Php 7.4 再部署)
关于phpsize: https://www.php.net/manual/en/install.pecl.phpize.php
是用来扩展php扩展模块的,通过phpize可以建立php的外挂模块,比如你想在原来编译好的php中加入memcached或者ImageMagick等扩展模块,可以使用phpize。
PHP 内存限制低于建议值 512MB。
$ vim ./etc/php.ini
# 找到 memory_limit = 128M,将128M修改为512M,数值按内存情况及需要而定,保存退出
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 512M
PHP 的安装似乎不正确,无法访问系统环境变量。getenv("PATH") 函数测试返回了一个空值
$ vim /etc/profile
# php
export PHP_HOME=/usr/local/php
export PATH=$PATH:$PHP_HOME/bin
$ source /etc/profile
未找到 PHP 的 "fileinfo" 模块
$ cd /usr/local/src/php-7.4.13/ext/fileinfo/
$ /usr/local/php/bin/phpize
$ ./configure --with-php-config=/usr/local/php/bin/php-config
$ make && make install
$ vim /usr/local/php/etc/php.ini
extension=fileinfo
PHP 的 OPcache 模块未载入
$ cd /usr/local/src/php-7.4.13/ext/opcache
$ /usr/local/php/bin/phpize
$ ./configure --with-php-config=/usr/local/php/bin/php-config
$ make && make install
----------------------------------------------------------------------
Build complete.
Don't forget to run 'make test'.
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20170718/
# make install生成文件路径地址,如果不列不生效,zend_extension抄写绝对路径;
$ vim /usr/local/php/etc/php.ini
[opcache]
zend_extension = opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
PHP 的 intl 模块未载入
$ cd /usr/local/src/php-7.4.13/ext/intl
$ /usr/local/php/bin/phpize
$ ./configure --with-php-config=/usr/local/php/bin/php-config
----------------------------------------------------------------------------
checking for icu-config... no
not found
configure: error: Unable to detect ICU prefix or no failed. Please verify ICU install prefix and make sure icu-config works.
# 报错缺少依赖,安装后再执行上述编译
$ yum install libicu-devel -y
$ ./configure --with-php-config=/usr/local/php/bin/php-config
$ make && make install
$ vim /usr/local/php/etc/php.ini
extension=intl
PHP 的 gmp 模块未载入
$ cd /usr/local/src/php-7.4.13/ext/gmp
$ /usr/local/php/bin/phpize
$ ./configure --with-php-config=/usr/local/php/bin/php-config
-----------------------------------------------------------------------------
configure: WARNING: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers.
checking for gawk... gawk
checking for GNU MP support... yes, shared
configure: error: Unable to locate gmp.h
# 缺少依赖并且re2c版本过旧,更新后重新执行编译安装
$ yum install -y gmp-devel
$ git clone https://github.com/skvadrik/re2c.git re2c
$ cd re2c
$ mkdir -p m4
$ ./autogen.sh && ./configure --prefix=/usr && make && make install
$ re2c -v
re2c 2.0.3
$ ./configure --with-php-config=/usr/local/php/bin/php-config
$ make && make install
$ vim /usr/local/php/etc/php.ini
extension=gmp
PHP 的 imagick 模块未载入
# 先安装imageMagic,再安装imagick扩展
$ yum install -y ImageMagick*
--------------------------------------------------------------
# 上述命令快捷安装,但建议下述方法,便于以后维护图片存放地方
$ wget http://www.imagemagick.org/download/ImageMagick.tar.gz
$ tar -zxvf ImageMagick.tar.gz
$ ./configure --prefix=/usr/local/imagemagick
$ make && make install
$ /usr/local/imagemagick/bin/convert -version
$ wget https://pecl.php.net/get/imagick-3.4.4.tgz
$ tar -zxvf imagick-3.4.4.tgz && cd imagick-3.4.4
$ /usr/local/php/bin/phpize
$ ./configure --with-php-config=/usr/local/php/bin/php-config
$ make && make install
$ vim /usr/local/php/etc/php.ini
extension=imagick
内存缓存未配置,为了提升使用体验,请尽量配置内存缓存
"Internal Server Error"错误,原因在于设置了 Redis ,但未安装 php-redis 扩展
$ wget https://github.com/phpredis/phpredis/archive/5.3.2.tar.gz -O phpredis-5.3.2.tar.gz
$ tar -zxvf phpredis-5.3.2.tar.gz && cd phpredis-5.3.2
$ /usr/local/php/bin/phpize
$ ./configure --with-php-config=/usr/local/php/bin/php-config
$ make && make install
$ vim /usr/local/php/etc/php.ini
extension=redis
$ vim /usr/local/nginx/html/nextcloud/config/config.php
<?php
$CONFIG = array (
'instanceid' => 'oc3qw04mfgb7',
'passwordsalt' => 'eaM689LAzlEexqqvrVNVbaT7XYqSj/',
'secret' => 'j00erJTSl4wEd8mVLOOyomNLZKma2RP8iYSSylPexWMtxaLR',
'trusted_domains' =>
array (
0 => '188.188.4.44',
),
# 增加下述Redis内容
'memcache.local' => '\OC\Memcache\Redis',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => '127.0.0.1',
'port' => 6379,
),
'datadirectory' => '/home/cloud',
'dbtype' => 'mysql',
'version' => '20.0.2.2',
'overwrite.cli.url' => 'http://188.188.4.44/nextcloud',
'dbname' => 'nextcloud_db',
'dbhost' => '127.0.0.1:3306',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextclouduser',
'dbpassword' => 'Sinath90?',
'installed' => true,
);
HTTP 头 "Referrer-Policy" 未设置成 "no-referrer","no-referrer-when-downgrade","strict-origin","strict-origin-when-cross-origin" 或 "same-origin"。
$ vim /usr/local/nginx/vhosts/nextcloud.conf
...
server {
listen 443 ssl;
server_name 127.0.0.1;
ssl_certificate /usr/local/nginx/cert/nextcloud.crt;
ssl_certificate_key /usr/local/nginx/cert/nextcloud.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy "no-referrer"; #增加此行配置
...
Cron任务
$ crontab -u nginx -e
# 注意使用客户用户执行方可生效
*/1 * * * * sudo -u nginx php -f /usr/local/nginx/html/nextcloud/cron.php
$ systemctl restart crond
$ systemctl status crond
# 查看‘安全与设置警告’和‘后台任务’发现经常未正常执行,查看日志后发现执行报错
(nginx) CMD (sudo -u nginx php -f /usr/local/nginx/html/nextcloud/cron.php)
(CRON) ERROR chdir failed (/home/nginx): No such file or directory
(sudo) ERROR (getpwnam() failed)
原因使用 nginx 这种 nologin 用户执行定时任务会报错,只需要在home目录下,创建个 nginx 文件夹就 OK 了;
$ mkdir /home/nginx
$ chown nginx:nginx /home/nginx
$ ll /home/
# 用crontab来执行php,是不走apache,nginx,所以$_SERVER,$_ENV这类变量根本用不了
(nginx) CMD (php -f /usr/local/nginx/html/nextcloud/cron.php)
(nginx) CMDOUT (/bin/bash: php: command not found)
$ vim /etc/crontab
*/1 * * * * nginx /usr/local/php/bin/php -f /usr/local/nginx/html/nextcloud/cron.php >> /home/nginx/cron.log
# 任务成功、失败都会有提示mail,但postfix异常会导致报错,可采取删除解决
$ systemctl stop postfix
$ yum remove postfix
浙公网安备 33010602011771号