• A+

Linux、Nginx、MariaDB环境下部署Nextcloud14的过程

   2018-11-02    阅读: 381 次    评论 0 条       百度已收录
国家为人而立, 而非人为国家而活。——爱因斯坦
本文共2082个字,预计阅读时间需要6分钟。

前几天,脑子一抽买了阿里云ECS后,一直有点后悔,但已经买了,也退不掉。所以这几天一直在想着装个什么,不能浪费啊!!!最后思来想去,决定要不装个私有云盘玩玩。网上的私有云盘有SeaFile、Owncloud、Nextcloud这三个主要的。通过综合比较,SeaFile不免费,Owncloud与Nextcloud原是一家,最终决定那就先装Nextcloud吧。既然决定了,那就不能闲着,说干就干!!

本此主要在CentOS7.4下安装和配置最新版本的 Nextcloud 14,并且会通过 Nginx 和 PHP7.2-FPM 来运行 Nextcloud,同时使用 MariaDB 做为数据库系统。

阿里云ECS的系统是Centos7.4版本

  1. [root@chyiyanghost~]#cat /etc/redhat-release
  2. CentOS Linux release 7.4.1708 (Core)

一、安装并配置Nginx和php7.2-fpm

将自带的epel、nginx、php全部卸载(rpm -e ... --nodeps)

  1. [root@chyiyanghost~]#rpm -qa|grep php
  2. [root@chyiyanghost~]#rpm -qa|grep php-common
  3. [root@chyiyanghost~]#rpm -qa|grep nginx

CentOS默认的yum源中并不包含Nginx和php-fpm,首先要为CentOS添加epel源:

  1. [root@chyiyanghost~]#yum -y install epel-release
  2. [root@chyiyanghost~]#yum -y install nginx

需要再添加一个yum源来安装php-fpm,可以使用webtatic

  1. [root@chyiyanghost~]#rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

安装php7.2-fpm和一些其它的必要的组件

  1. [root@chyiyanghost~]#yum -y install php72w-fpm php72w-cli php72w-gd php72w-mcrypt php72w-mysql php72w-pear php72w-xml php72w-mbstring php72w-pdo php72w-json php72w-pecl-apcu php72w-pecl-apcu-devel

需要说明的是php72为php7.2,如果要装php7.1就改为php71,php7.0就是php70
完成后,检查一下php-fpm是否已正常安装

  1. [root@chyiyanghost~]#php -v
  2. PHP 7.2.11 (cli) (built: Oct 11 2018 19:14:35) (NTS)
  3. Copyright (c) 1997-2018 The PHP Group
  4. Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

配置php-fpm

  1. root@chyiyanghost~]#vim /etc/php-fpm.d/www.conf
  2. .....
  3. user = nginx //将用户和组都改为nginx
  4. group = nginx
  5. .....
  6. listen = 127.0.0.1:9000 //php-fpm所监听的端口为9000
  7. ......
  8. env[HOSTNAME] = $HOSTNAME //去掉下面几行注释
  9. env[PATH] = /usr/local/bin:/usr/bin:/bin
  10. env[TMP] = /tmp
  11. env[TMPDIR] = /tmp
  12. env[TEMP] = /tmp

按ESC,输入wq!保存退出。
在/var/lib目录下为session路径创建一个新的文件夹,并将用户名和组设为nginx

  1. [root@chyiyanghost~]#mkdir -p /var/lib/php/session
  2. [root@chyiyanghost~]#chown nginx:nginx -R /var/lib/php/session/
  3. [root@chyiyanghost~]#ll -d /var/lib/php/session/
  4. drwxr-xr-x 2 nginx nginx 4096 Nov 1 12:23 /var/lib/php/session/

启动Nginx和php-fpm服务,并添加开机启动

  1. [root@chyiyanghost~]#systemctl start php-fpm
  2. [root@chyiyanghost~]#systemctl start nginx
  3. [root@chyiyanghost~]#systemctl enable php-fpm
  4. Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service. //提示成功信息
  5. [root@chyiyanghost~]#systemctl enable nginx
  6. Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service. //提示成功信息

二、安装并配置MariaDB

使用MaraiDB作为Nextcloud数据库。yum安装MaraiDB服务

  1. [root@chyiyanghost~]#yum -y install mariadb mariadb-server

启动MariaDB服务并添加开机启动

  1. [root@chyiyanghost~]#systemctl start mariadb
  2. [root@chyiyanghost~]#systemctl enable mariadb
  3. Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service. //提示信息

接下来设置MariaDB的root密码

  1. [root@chyiyanghost~]#mysql_secure_installation //按照提示设置密码,首先会询问当前密码,密码默认为空,直接回车即可
  2. Enter current password for root (enter for none): //直接回车
  3. Set root password?[Y/n]Y
  4. New password: //输入新密码
  5. Re-enter new password: //再次输入新密码
  6. Remove anonymous users?[Y/n]Y
  7. Disallow root login remotely?[Y/n]Y
  8. Remove test database and access to it?[Y/n]Y
  9. Reload privilege tables now?[Y/n]Y

设置完MariaDB的密码后,使用命令行登录MariaDB,并为Nextcloud创建相应的用户和数据库。
例如数据库为nextcloud_db,用户为nextclouduser,密码为nextcloudpasswd:

  1. [root@chyiyanghost~]#mysql -p
  2. ......
  3. MariaDB [(none)]>create database nextcloud_db;
  4. Query OK, 1 row affected (0.00sec)
  5. MariaDB [(none)]>create user nextclouduser@localhost identified by'nextcloudpasswd';
  6. Query OK, 0 rows affected (0.00sec)
  7. MariaDB [(none)]>grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by'nextcloudpasswd';
  8. Query OK, 0 rows affected (0.00sec)
  9. MariaDB [(none)]>flush privileges;
  10. Query OK, 0 rows affected (0.00sec)
  11. MariaDB [(none)]>exit
  12. Bye

三、为Nextcloud生成自签名SSL证书
为SSL证书创建一个新的文件夹:

  1. [root@chyiyanghost~]#mkdir -p /etc/nginx/cert/
  2. [root@chyiyanghost~]#cd /etc/nginx/cert/
  3. [root@chyiyanghost cert]#openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
  4. .....
  5. Country Name (2 letter code) [XX]:cn //国家
  6. State or Province Name (full name) []:shaanxi //省份
  7. Locality Name (eg, city) [Default City]:shaanxi //地区名字
  8. Organization Name (eg, company) [Default Company Ltd]:chyiyang //公司名
  9. Organizational Unit Name (eg, section) []:Technology //部门
  10. Common Name (eg, your name or your server's hostname) []:chyiyang //CA主机名
  11. Email Address []:330601425@qq.com

然后将证书文件的权限设置为660

  1. [root@chyiyanghost cert]#chmod 700 /etc/nginx/cert
  2. [root@chyiyanghost cert]#chmod 600 /etc/nginx/cert/*

四、下载并安装Nextcloud

  1. [root@chyiyanghost~]#yum -y install wget unzip
  2. [root@chyiyanghost~]#cd /usr/local/src/
  3. [root@chyiyanghost src]#wget https://download.nextcloud.com/server/releases/nextcloud-14.0.3.zip
  4. [root@chyiyanghost src]#unzip nextcloud-14.0.3.zip
  5. [root@nextcloud-server src]#ls
  6. nextcloud nextcloud-14.0.3.zip
  7. [root@chyiyanghost src]#mv nextcloud /usr/share/nginx/html/

进入Nginx的root目录,并为Nextcloud创建data目录,将Nextcloud的用户和组修改为nginx

  1. [root@chyiyanghost src]#mv nextcloud /usr/share/nginx/html/
  2. [root@chyiyanghost src]#cd /usr/share/nginx/html/
  3. [root@chyiyanghost html]#mkdir -p nextcloud/data/
  4. [root@chyiyanghost html]#chown nginx:nginx -R nextcloud/
  5. [root@chyiyanghost html]#ll -d nextcloud
  6. drwxr-xr-x 15 nginx nginx 4096 Nov 1 15:50 nextcloud

五、设置Nginx虚拟主机

进入Nginx的虚拟主机配置文件所在目录并创建一个新的虚拟主机配置(记得修改两个server_name为自己的域名):

  1. [root@chyiyanghost html]#cd /etc/nginx/conf.d/
  2. [root@chyiyanghost conf.d]#vim nextcloud.conf
  3. upstream php-handler {
  4.  server 127.0.0.1:9000;
  5.  #server unix:/var/run/php5-fpm.sock;
  6. } 
  7. server {
  8.  listen 80;
  9.  server_name chyiyang.net;
  10.  # enforce https
  11.  return 301 https://$server_name$request_uri;
  12. } 
  13. server {
  14.  listen 443 ssl;
  15.  server_name chyiyang.net; 
  16.  ssl_certificate /etc/nginx/cert/nextcloud.crt;
  17.  ssl_certificate_key /etc/nginx/cert/nextcloud.key; 
  18.  # Add headers to serve security related headers
  19.  # Before enabling Strict-Transport-Security headers please read into this
  20.  # topic first.
  21.  add_header Strict-Transport-Security "max-age=15768000;
  22.  includeSubDomains; preload;";
  23.  add_header X-Content-Type-Options nosniff;
  24.  add_header X-Frame-Options "SAMEORIGIN";
  25.  add_header X-XSS-Protection "1; mode=block";
  26.  add_header X-Robots-Tag none;
  27.  add_header X-Download-Options noopen;
  28.  add_header X-Permitted-Cross-Domain-Policies none; 
  29.  # Path to the root of your installation
  30.  root /usr/share/nginx/html/nextcloud/; 
  31.  location = /robots.txt {
  32.  allow all;
  33.  log_not_found off;
  34.  access_log off;
  35.  }
  36.  
  37.  # The following 2 rules are only needed for the user_webfinger app.
  38.  # Uncomment it if you're planning to use this app.
  39.  #rewrite ^/.well-known/host-meta /public.php service=host-meta last;
  40.  #rewrite ^/.well-known/host-meta.json /public.php service=host-meta-json
  41.  # last;
  42.  
  43.  location = /.well-known/carddav {
  44.  return 301 $scheme://$host/remote.php/dav;
  45.  }
  46.  location = /.well-known/caldav {
  47.  return 301 $scheme://$host/remote.php/dav;
  48.  }
  49.  
  50.  # set max upload size
  51.  client_max_body_size 512M;
  52.  fastcgi_buffers 64 4K;
  53.  
  54.  # Disable gzip to avoid the removal of the ETag header
  55.  gzip off;
  56.  
  57.  # Uncomment if your server is build with the ngx_pagespeed module
  58.  # This module is currently not supported.
  59.  #pagespeed off;
  60.  
  61.  error_page 403 /core/templates/403.php;
  62.  error_page 404 /core/templates/404.php;
  63.  
  64.  location / {
  65.  rewrite ^ /index.php$uri;
  66.  }
  67.  
  68.  location ~ ^/( :build|tests|config|lib|3rdparty|templates|data)/ {
  69.  deny all;
  70.  }
  71.  location ~ ^/( :\.|autotest|occ|issue|indie|db_|console) {
  72.  deny all;
  73.  }
  74.  
  75.  location ~ ^/( :index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php( :$|/) {
  76.  include fastcgi_params;
  77.  fastcgi_split_path_info ^(.+\.php)(/.*)$;
  78.  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  79.  fastcgi_param PATH_INFO $fastcgi_path_info;
  80.  fastcgi_param HTTPS on;
  81.  #Avoid sending the security headers twice
  82.  fastcgi_param modHeadersAvailable true;
  83.  fastcgi_param front_controller_active true;
  84.  fastcgi_pass php-handler;
  85.  fastcgi_intercept_errors on;
  86.  fastcgi_request_buffering off;
  87.  }
  88.  
  89.  location ~ ^/( :updater|ocs-provider)( :$|/) {
  90.  try_files $uri/ =404;
  91.  index index.php;
  92.  }
  93.  
  94.  # Adding the cache control header for js and css files
  95.  # Make sure it is BELOW the PHP block
  96.  location ~* \.( :css|js)$ {
  97.  try_files $uri /index.php$uri$is_args$args;
  98.  add_header Cache-Control "public, max-age=7200";
  99.  # Add headers to serve security related headers (It is intended to
  100.  # have those duplicated to the ones above)
  101.  # Before enabling Strict-Transport-Security headers please read into
  102.  # this topic first.
  103.  add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";
  104.  add_header X-Content-Type-Options nosniff;
  105.  add_header X-Frame-Options "SAMEORIGIN";
  106.  add_header X-XSS-Protection "1; mode=block";
  107.  add_header X-Robots-Tag none;
  108.  add_header X-Download-Options noopen;
  109.  add_header X-Permitted-Cross-Domain-Policies none;
  110.  # Optional: Don't log access to assets
  111.  access_log off;
  112.  }
  113.  
  114.  location ~* \.( :svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
  115.  try_files $uri /index.php$uri$is_args$args;
  116.  # Optional: Don't log access to other assets
  117.  access_log off;
  118.  }
  119. }

接下来测试以下配置文件是否有错误,确保没有问题后重启Nginx服务。

  1. [root@chyiyanghost conf.d]#nginx -t
  2. nginx:the configuration file /etc/nginx/nginx.conf syntax is ok
  3. nginx:configuration file /etc/nginx/nginx.conf test is successful
  4. [root@chyiyanghost conf.d]#systemctl restart nginx

六、为Nextcloud设置Firewalld防火墙和SELinux

可以选择关闭Firewalld和SELinux

  1. [root@chyiyanghost~]#systemctl stop firewalld
  2.  
  3. [root@chyiyanghost~]#systemctl disable firewalld
  4.  
  5. [root@chyiyanghost~]#setenforce 0
  6.  
  7. [root@chyiyanghost~]#getenforce
  8. disable
  9.  
  10. [root@chyiyanghost~]#cat /etc/sysconfig/selinux
  11. ......
  12. SELINUX=disabled

如果打开了防火墙,则需要设置FirewalldSELinux
首先需要安装SElinux管理工具policycoreutils-python

  1. [root@chyiyanghost~]#yum -y install policycoreutils-python

接着设置SELinux

  1. [root@chyiyanghost~]#semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)'
  2. [root@chyiyanghost~]#semanage fcontext -a -t httpd_sys_rw_content_t'/usr/share/nginx/html/nextcloud/config(/.*)'
  3. [root@chyiyanghost~]#semanage fcontext -a -t httpd_sys_rw_content_t'/usr/share/nginx/html/nextcloud/apps(/.*)'
  4. [root@chyiyanghost~]#semanage fcontext -a -t httpd_sys_rw_content_t'/usr/share/nginx/html/nextcloud/assets(/.*)'
  5. [root@chyiyanghost~]#semanage fcontext -a -t httpd_sys_rw_content_t'/usr/share/nginx/html/nextcloud/.htaccess'
  6. [root@chyiyanghost~]#semanage fcontext -a -t httpd_sys_rw_content_t'/usr/share/nginx/html/nextcloud/.user.ini'
  7. [root@chyiyanghost~]#restorecon -Rv'/usr/share/nginx/html/nextcloud/'

接下来设置Firewlld防火墙,为Nextcloud开放http和https两个端口

  1. [root@chyiyanghost~]#systemctl start firewalld
  2. [root@chyiyanghost~]#systemctl enable firewalld
  3. [root@chyiyanghost~]#firewall-cmd --permanent --add-service=http
  4. [root@chyiyanghost~]#firewall-cmd --permanent --add-service=https
  5. [root@chyiyanghost~]#firewall-cmd --reload

七、安装Nextcloud

解析上面nginx中配置的域名chyiyang.net,访问访问http://chyiyang.net进行Nextcloud界面安装(访问http域名会自动跳转到https,安装提示安装即可!)

安装截图

 

安装截图

 

安装截图

至此,nextcloud算是部署完成了。

本文地址:https://www.chyiyang.cn/12.html
本文标题:Linux、Nginx、MariaDB环境下部署Nextcloud14的过程
版权声明:本站所有文章除特别声明外,均采用 署名-非商业性使用-禁止演绎 4.0 国际 许可协议。请尊重他人的劳动成果,转载请写明出处!
所属分类:Linux

发表评论


表情