确认 Nginx 进程已经启动并且绑定在,NextCloud 运行

翻看商议

利用NextCloud配置私有云 利用NextCloud配置私有云 安装玛丽亚DB 为NextCloud创制数据库和顾客 安装PHP和相关...

介绍

OwnCloud 9.1.4是朝气蓬勃种用于文件分享和数码同步的开源软件,在企业单位十一分有用,你只需在服务器上安装好 ownCloud,就能够通过互连网访谈和采取归于您自身的私有云了。

本学科是有关在CentOS 7上安装ownCloud,Nginx作为Web服务器。

安装 Nginx 和 PHP

率先,安装Nginx。 那么些Web服务器在EPEL存款和储蓄库中可用,所以只需加上它:

# yum install epel-release

接着:

# yum install nginx

接下去,使用webtatic存款和储蓄库安装PHP-FPM(法斯特CGI Process Manager卡塔尔,并累积以下命令:

# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

今昔能够利用ownCloud所需的其余软件包来安装PHP:

# yum install php70w-fpm php70w-cli php70w-json  php70w-mcrypt  php70w-pear php70w-mysql php70w-xml php70w-gd php70w-mbstring php70w-pdo

以CentOS 7、MariaDB、PHP 7、Nginx为条件安排Nextcloud。

启用 PHP FastCGI

5. 设置配备Nginx

$ sudo apt-get install nginx nginx-extras

生成自具名证书:

$ sudo mkdir -p /etc/nginx/ssl
$ cd /etc/nginx/ssl
$ sudo openssl genrsa -des3 -passout pass:x -out nextcloud.pass.key 2048
$ sudo openssl rsa -passin pass:x -in nextcloud.pass.key -out nextcloud.key
$ sudo rm nextcloud.pass.key
$ sudo openssl req -new -key nextcloud.key -out nextcloud.csr
$ sudo openssl x509 -req -days 365 -in nextcloud.csr -signkey nextcloud.key -out nextcloud.crt

也可选取无需付费的 let encrypt,成立Nginx server block文件:

$ sudo vim /etc/nginx/sites-available/nextcloud

server {
    listen 80;
    server_name pan.csxiaoyao.com;
    return 301 https: //$server_name$request_uri;
}
server {
    listen 443 ssl http2;
    server_name pan.csxiaoyao.com;
    root /
    var / www / nextcloud;
    ssl on;
    ssl_certificate / etc / nginx / ssl / nextcloud.crt;
    ssl_certificate_key / etc / nginx / ssl / nextcloud.key;
    ssl_session_timeout 5m;
    ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    add_header X - Content - Type - Options nosniff;
    add_header X - Frame - Options "SAMEORIGIN";
    add_header X - XSS - Protection "1; mode=block";
    add_header X - Robots - Tag none;
    add_header X - Download - Options noopen;
    add_header X - Permitted - Cross - Domain - Policies none;
    access_log /
    var / log / nginx / nextcloud.access.log;
    error_log /
    var / log / nginx / nextcloud.error.log;
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
    location = /.well - known / carddav {
        return 301 $scheme: //$host/remote.php/dav; 
    }
    location = /.well-known/caldav {
        return 301 $scheme: //$host/remote.php/dav; 
    }
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;
    gzip off;
    error_page 403 / core / templates / 403.php;
    error_page 404 / core / templates / 404.php;
    location / {
        rewrite ^ /index.php$uri;
    }
    location ~ ^/ ( ? : build | tests | config | lib | 3rdparty | templates | data) / {
        deny all;
    }
    location~ ^ /(?:.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }
    location ~^/ ( ? : index | remote | public | cron | core / ajax / update | status | ocs / v[12] | updater / . + | ocs - provider / . + | core / templates / 40[34]).php( ? : $ | /) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+.php)(/. + ) $;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;#
        Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass unix: /var/run / php / php7.0 - fpm.sock;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }
    location~ ^ /(?:updater|ocs-provider)(?:$|/) {
        try_files $uri / = 404;
        index index.php;
    }
    location~ * .( ? : css | js) $ {
        try_files $uri / index.php$uri$is_args$args;
        add_header Cache - Control "public, max-age=7200";
        add_header X - Content - Type - Options nosniff;
        add_header X - Frame - Options "SAMEORIGIN";
        add_header X - XSS - Protection "1; mode=block";
        add_header X - Robots - Tag none;
        add_header X - Download - Options noopen;
        add_header X - Permitted - Cross - Domain - Policies none;#
        Optional: Don 't log access to assets
        access_log off;
    }
    location ~* .(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        access_log off;
    }
    location ~ /.ht {
        deny all;
    }
}

成立链接:

$ sudo ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/nextcloud

测验Nginx配置文件:

$ sudo nginx -t

重启nginx:

$ sudo systemctl restart nginx

安装 MariaDB

MariaDB在CentOS存款和储蓄库中可用,由此问安装:

# yum install mariadb mariadb-server

配置MariaDB root密码:

# mysql_secure_installation

在那进度中,要求应对以下难题:

Set root password? [Y/n]
New password:
Re-enter new password:

Remove anonymous users? [Y/n]
Disallow root login remotely? [Y/n]
Remove test database and access to it? [Y/n]
Reload privilege tables now? [Y/n]

报到到MariaDB shell,为ownCloud创设三个新的数据库和客户。 在这里示例中,my_owncloud_db是数据库名称,ocuser是其客户。 密码是:my_strong_password。

因此实施命令:

# mysql -u root -p

接着:

mysql> CREATE DATABASE my_owncloud_db;
mysql> CREATE USER ocuser@localhost IDENTIFIED BY 'my_strong_password';
mysql> GRANT ALL PRIVILEGES ON my_owncloud_db.* to ocuser@localhost IDENTIFIED BY 'my_strong_passowrd';
mysql> FLUSH PRIVILEGES;

二、安装配置情状

MariaDB 的客商权限

4. 下载NextCloud

$ cd /tmp
$ wget https://download.nextcloud.com/server/releases/nextcloud-12.0.0.zip

解压到 /var/www/ 目录并改善权限:

$ unzip nextcloud-12.0.0.zip
$ sudo mkdir /var/www/
$ sudo mv nextcloud /var/www/
$ sudo chown -R www-data: /var/www/nextcloud

在Nginx中配置虚构主机

应用以下命令成立设想主机配置文件:

# $EDITOR /etc/nginx/conf.d/owncloud.conf

将以下文本粘贴到文件中:

 upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php5-fpm.sock;
}
 
server {
    listen 80;
    server_name data.owncloud.co;
    # enforce https
    return 301 https://$server_name$request_uri;
}
 
server {
    listen 443 ssl;
    server_name storage.example.com;
 
    ssl_certificate /etc/nginx/cert/owncloud.crt;
    ssl_certificate_key /etc/nginx/cert/owncloud.key;
 
    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this topic first.
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
 
    # Path to the root of your installation
    root /usr/share/nginx/html/owncloud/;
 
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
 
    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
 
    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
    }
 
    location /.well-known/acme-challenge { }
 
    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;
 
    # Disable gzip to avoid the removal of the ETag header
    gzip off;
 
    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;
 
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;
 
    location / {
        rewrite ^ /index.php$uri;
    }
 
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        return 404;
    }
    location ~ ^/(?:.|autotest|occ|issue|indie|db_|console) {
        return 404;
    }
 
    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34]).php(?:$|/) {
        fastcgi_split_path_info ^(.+.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }
 
    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri $uri/ =404;
        index index.php;
    }
 
    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* .(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into this topic first.
        #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
    }
 
    location ~* .(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

保留并脱离。 接下来,测量试验Nginx:

# nginx -t

This should display a “Syntax OK” message.

 

重启Nginx:

# systemctl restart nginx

5、加多信赖域名

Nextcloud本人的平安体制,会检讨访谈的域名,若无配置在信赖域名中,会唤起正在通过不相信任的域名访谈。

Nextcloud开端化完毕后,会变动“/var/www/nextcloud/config/config.php”配置文件,里面包车型地铁’trusted_domains’配置项为信赖域名,初叶化实现后独有大器晚成项,为主机的IP地址。能够改进该配置项,增添绑定的域名

'trusted_domains' => 
array (
  0 => '192.168.56.101',
  1 => 'yourname.domain',
),

若果您想要 安装 WordPress 或然别的 CMS,需求安装以下的 PHP 模块,那个模块迟早有用。

选取NextCloud配置私有云,nextcloud私有云

现在 ownCloud

现在 ownCloud:

# wget https://download.owncloud.org/community/owncloud-9.1.4.zip

领到存档并将其移动到/usr/share/nginx/html/:

# unzip owncloud-9.1.2.zip
# mv owncloud/ /usr/share/nginx/html/

转到Nginx根目录; 在那,为ownCloud创立三个新的数量目录:

# cd /usr/share/nginx/html/
# mkdir -p owncloud/data/

1、下载并解压到www目录

wget https://download.nextcloud.com/server/releases/nextcloud-12.0.2.zip
unzip nextcloud-12.0.2.zip
mv nextcloud /var/www/
chown -R nginx:nginx /var/www

因而 法斯特CGI 进程管理程序的帮助,Nginx 能够使用 PHP 动态语言表明器生成动态互联网内容。法斯特CGI 能够从 Ubuntu 官方饭店中设置 php-fpm 二进制包来获得。

2. 为NextCloud创设数据库和客商

创制数据库nextcloud;客商名nextcloud,密码XXXXXXXX

$ sudo mysql -u root -p
MariaDB [(none)]> CREATE DATABASE nextcloud;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'XXXXXXXX';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> q

总结

服务器端配置完毕。最终风度翩翩件事是选择Web浏览器转到您本身的Cloud服务器U牧马人L(本示例中为storage.example.com卡塔 尔(阿拉伯语:قطر‎,并利用图形前端达成布置。通过创办新的总指挥帐户,并输入在前头的步骤中开创的数据库凭据来施行此操作。您的云端存款和储蓄服务以后已预备好用于日常使用!

CentOS7下Nginx+ownCloud+PHP+MySQL搭建私人民居房私有云  http://www.linuxidc.com/Linux/2015-05/117086.htm

在Ubuntu上安装OwnCloud 7.0.4  http://www.linuxidc.com/Linux/2015-01/111710.htm

红帽RedHat7用到OwnCloud 10搭建私有云  http://www.linuxidc.com/Linux/2017-06/14445.htm

Ubuntu/Debian/CentOS/Fedora/OpenSUSE 及衍生系统如何设置 OwnCloud 6 http://www.linuxidc.com/Linux/2014-06/102679.htm

CentOS7.2搭建ownCloud私有云并启用SSL  http://www.linuxidc.com/Linux/2017-02/141097.htm

Docker意况中布置OwnCloud 9.0  http://www.linuxidc.com/Linux/2016-12/138421.htm

本文长久更新链接地址:http://www.linuxidc.com/Linux/2017-07/145698.htm

图片 1

三、安装Nextcloud

location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}

6. 完成安装

浏览器访谈


0


0

   

配置 Nginx的PHP-FPM

因而编写制定php7-fpm配置文件完结PHP-FPM配置:

# $EDITOR /etc/php-fpm.d/www.conf

追寻包罗“user”和“group”的那意气风发行,并改造为:

user = nginx
group = nginx

向下滚动,找寻“listen”行,并将内容改进为:

listen = 127.0.0.1:9000

接下去,裁撤注释以下关于景况变量的行:

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

保留并脱离。
当今,以后是选用以下命令在/var/lib /中开创一个新文件夹的时候了:

# mkdir -p /var/lib/php/session

将其主人更正为nginx顾客:

# chown nginx:nginx -R /var/lib/php/session/

启动nginx和PHP-FPM:

# sudo systemctl start php-fpm
# sudo systemctl start nginx

累加到运营时运转(作为服务器的家常使用所需卡塔 尔(英语:State of Qatar):

# systemctl enable nginx
# systemctl enable php-fpm

风流罗曼蒂克、安装操作系统

首先安装操作系统,Nextcloud只扶持Linux,由于个体习于旧贯的原由,采纳了CentOS 7,使用最小化安装(为了保障自此的手续能在独有最小化安装的VPS上复发,也为了节约硬件能源卡塔尔国。

最小化的CentOS 7安装收尾后,暗中认可是不曾启用网卡的,在本土登入系统后,首先走入互联网布局目录,列出目录中的网卡配置文件

cd  /etc/sysconfig/network-scripts/
ll | grep ifcfg-

运作结果

[root@localhost network-scripts]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ll | grep ifcfg
-rw-r--r--. 1 root root   312 Aug 30 10:01 ifcfg-enp0s3
-rw-r--r--. 1 root root   254 Sep 12  2016 ifcfg-lo

除去ifcfg-lo以外的卓殊文件正是网卡配置文件,具体名称可能会迥然不一致。

下一场使用vi编辑该文件,将最后生机勃勃行“ONBOOT=no”改成“ONBOOT=yes”并保存退出。

通过命令重启互连网服务,是布置生效

service network restart

万一不想经过DHCP动态获取IP地址,也足以在网络布局文件中丰裕以下配置项钦定互连网参数

IPADDR0=192.168.21.128  #设置IP地址
PREFIXO0=24  #设置子网掩码
GATEWAY0=192.168.21.2  #设置网关
DNS1=8.8.8.8  #设置主DNS
DNS2=8.8.4.4  #设置备DNS

网卡启用后,就足以经过SSH远程操作、通过yum方便的安装程序了。

查阅ip地址,能够通过ip命令

ip addr

检查 HTTP2.0 公约新闻

3. 设置PHP和有关模块

$ sudo apt-get -y install php-fpm php-cli php-json php-curl php-imap php-gd php-mysql php-xml php-zip php-intl php-mcrypt php-imagick php-mbstring

配置PHP:

$ sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=1/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/upload_max_filesize = .*/upload_max_filesize = 200M/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/post_max_size = .*/post_max_size = 200M/" /etc/php/7.0/fpm/php.ini

重启PHP-FPM:

$ sudo systemctl restart php7.0-fpm

生成SSL证书

比如不设有,请为SSL文件创设多少个新目录:

 

# mkdir -p /etc/nginx/cert/

接下去,生成一个新的SSL证书文件:

# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/owncloud.crt -keyout /etc/nginx/cert/owncloud.key

行使以下命令修正权限:

# chmod 600 /etc/nginx/cert/*

2、安装MariaDB

通过yum安装MariaDB

yum -y install mariadb mariadb-server

展开、运转服务,运转政管理理工科具

systemctl enable mariadb.service
systemctl start mariadb.service
mysql_secure_installation

mysql_secure_installation的输入如下,牢牢记住自个儿的数据库root密码

Set root password? [Y/n] Y
New password:
Re-enter new password:

Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

报到到mysql shell为Nextcloud创立顾客和数据库。

mysql -u root -p

验证root密码后,在mysql shell执行

create database nextcloud_db;
create user nextclouduser@localhost identified by 'nextclouduser@';
grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'nextclouduser@';
flush privileges;
exit

如此那般就创建了二个nextcloud_db数据库和nextclouduser客户,客商密码为’nextclouduser@’。

图片 2

1. 安装MariaDB

Ubuntu 16.04 安装 MariaDB

履新进步系统:

$ sudo apt update
$ sudo apt upgrade

安装MariaDB:

$ sudo apt install mariadb-server

启动MariaDB服务:

$ sudo systemctl start mysql

翻开境况:

$ sudo systemctl status mysql

奉行发轫化安全脚本,暗中同意root密码为空,设置root密码和任何接收:

$ sudo mysql_secure_installation

图片 3

3、在Nginx配置

修正nginx服务配置文件/etc/nginx/nginx.conf为以下内容,将“yourname.domain”替换为温馨的域名,改过client_max_body_size能够设置最大可上传的文件大小

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    upstream php-handler {
        server 127.0.0.1:9000;
        #server unix:/var/run/php5-fpm.sock;
    }

    server {
        listen 80;
        server_name yourname.domain;
        # enforce https
        return 301 https://$server_name$request_uri;
    }

    server {
        listen 443 ssl http2;
        server_name yourname.domain;

        ssl_certificate /etc/nginx/cert/nextcloud.crt;
        ssl_certificate_key /etc/nginx/cert/nextcloud.key;

        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
        # add_header Strict-Transport-Security "max-age=15768000;
        # includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;

        # Path to the root of your installation
        root /var/www/nextcloud/;

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        # The following 2 rules are only needed for the user_webfinger app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
        # last;

        location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
        }
        location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
        }

        # set max upload size
        client_max_body_size 512M;
        fastcgi_buffers 64 4K;

        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

        # Uncomment if your server is build with the ngx_pagespeed module
        # This module is currently not supported.
        #pagespeed off;

        location / {
            rewrite ^ /index.php$uri;
        }

        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }
        location ~ ^/(?:.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }

        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+).php(?:$|/) {
            fastcgi_split_path_info ^(.+.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            #Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }

        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index index.php;
        }

        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        location ~ .(?:css|js|woff|svg|gif)$ {
            try_files $uri /index.php$uri$is_args$args;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
            # add_header Strict-Transport-Security "max-age=15768000;
            #  includeSubDomains; preload;";
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            # Optional: Don't log access to assets
            access_log off;
        }

        location ~ .(?:png|html|ttf|ico|jpg|jpeg)$ {
            try_files $uri /index.php$uri$is_args$args;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }

}

让Nginx重新载入配置

nginx -s reload

图片 4

动用NextCloud配置私有云

  • 使用NextCloud配置私有云
    • 安装MariaDB
    • 为NextCloud创立数据库和用户
    • 安装PHP和相关模块
    • 下载NextCloud
    • 安装配置Nginx
    • 成就安装

NextCloud () 是开源云盘服务器,此处利用 LEMP 搭建 NextCloud 运营条件-MariaDB, PHP-FPM 和 Nginx (Ubuntu 16.04)

6、开启内部存款和储蓄器缓存

展开内部存款和储蓄器缓存,能够升官响应速度。在此以前大家早已因此yum安装了redis服务,通过pecl安装了php的apcu、redis组件,上边先把redis设置为系统服务,再改过Nextcloud的布局。

安装、配置redis服务,设置服务自启、运维服务

yum -y install redis
systemctl enable redis
systemctl start redis

改良/var/www/nextcloud/config/config.php文件,在安插参与

'memcache.local' => 'OCMemcacheAPCu',
'memcache.locking' => 'OCMemcacheRedis',
'redis' => array(
     'host' => 'localhost',
     'port' => 6379,
      ),

让Nginx重新载入配置

nginx -s reload

本文永远更新链接地址:http://www.linuxidc.com/Linux/2017-12/149717.htm

图片 5

图片 6

2、生成SSL证书

mkdir -p /etc/nginx/cert/
openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
chmod 700 /etc/nginx/cert
chmod 600 /etc/nginx/cert/*
$ sudo mkdir /etc/nginx/ssl
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
$ ls /etc/nginx/ssl/

4、安装PHP

增多PHP7-FPM webtatic商旅,安装php7主体以至nextcloud供给的局地模块。

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum -y install php71w-fpm php71w-cli php71w-gd php71w-mcrypt php71w-mysql php71w-pear php71w-xml php71w-mbstring php71w-pdo php71w-json php71w-opcache php71w-pecl-apcu php71w-pecl-apcu-devel php71w-pecl-igbinary php71w-pecl-igbinary-devel php71w-pecl-imagick php71w-pecl-imagick-devel php71w-pecl-redis php71w-pecl-redis-devel
vi /etc/php-fpm.d/www.conf

编辑/etc/php-fpm.d/www.conf

;修改user和group这两行,大概在8行左右
user = nginx
group = nginx

;取消这几行的注释,大概在第370行左右
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

创建相关目录,改良相关目录权限

mkdir -p /var/lib/php/session 
chown -R nginx:nginx /var/lib/php/session/
vi /etc/php.d/opcache.ini

改善/etc/php.d/opcache.ini,将以下行注释去掉,并改良为相应的配置值

zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1

安装smbclient增添模块

yum -y install libsmbclient libsmbclient-devel
pecl install smbclient
vi /etc/php.d/smbclient.ini

新建/etc/php.d/smbclient.ini,增多如下内容

extension=smbclient.so

开启、启动php-fpm服务

systemctl enable php-fpm.service
systemctl start php-fpm.service

在你的服务器调整台里输入上边包车型大巴授命来获取 PHP7.0 和扩大包,那能够让 PHP 与 Nginx 网络服务进度通讯。

1、安装基本工具

安装yum额外源、wget、unzip、gcc等骨干工具

yum -y install epel-release wget unzip gcc
yum -y install libsmbclient libsmbclient-devel redis

关闭SELinux,可先通过sestatus -v命令查看SELinux是不是展开

/usr/sbin/sestatus -v

改进/etc/selinux/config,将’SELINUX=enforcing’改为’SELINUX=disabled’,重启系统就能够以知道效,或许此番能够应用’setenforce 0’一时关闭。

$ sudo openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

3、安装Nginx

通过yum安装Nginx

yum -y install nginx
mkdir /var/www
chown -R nginx:nginx /var/www

开启、启动Nginx服务

systemctl enable nginx.service
systemctl start nginx.service

运用nginx -s reload能够重载配置而无需重启nginx

吐放防火墙HTTP、HTTPS端口

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
systemctl restart firewalld
$ mysql -u root -p -e 'show databases'

4、初始化

选择域名依旧IP访问,就能现出伊始设置页面,在这里处安装Nextcloud管理员客户名和密码,然后选择采纳的数据库为MySQL/MariaDB,填入在此以前安装数据库时的客商名(nextclouduser卡塔尔、密码(nextclouduser@卡塔尔、数据库名称(nextcloud_db卡塔尔,然后确认实行早先化后就足以选择了。

图片 7

上述增添到服务器配置的末尾风流罗曼蒂克段,是用来将具备非 SSL 的流量重定向到 SSL/TLS 暗中同意主机。然后用你主机的 IP 地址大概 DNS 记录(最佳用 FQDN 名称卡塔 尔(阿拉伯语:قطر‎替换掉 "server_name" 选项的参数。

图片 8
上面的布署部分向装有的 SSL 监听指令中增多 http2 参数来启用 "HTTP/2.0"。

图片 9

检查 PHP FastCGI 的信息

Nginx 是二个行当革命的、财富优化的 Web 服务器程序,用来向因特英特网的访客浮现网页。大家从 Nginx 服务器的安装起来介绍,使用 apt 命令 从 Ubuntu 的法定软件货仓中赢得 Nginx 程序。

布署 MariaDB 以便普通顾客能够不使用系统的 sudo 权限来访谈数据库。用 root 客户权限展开 MySQL 命令行分界面,运转下边的指令:

当 Diffie-Hellman 密钥生成未来,验证 Nginx 的布局文件是不是科学、能还是无法被 Nginx 互联网服务程序行使。然后运转以下命令重启守护进度来观看有何变动。

图片 10

反省服务器是或不是发表扶持 HTTP/2.0 左券,定位到 PHP 变量区域中的 $_SERVER[‘SERVER_PROTOCOL’] 好似上面那张截图同样。
图片 11

当你根据以上步骤编辑完 Nginx 的暗中同意配置文件自此,用上面那一个命令来变化、查看 SSL 证书和密钥。

本文由必威发布于必威-运维,转载请注明出处:确认 Nginx 进程已经启动并且绑定在,NextCloud 运行

TAG标签:
Ctrl+D 将本页面保存为书签,全面了解最新资讯,方便快捷。