前几天,脑子一抽买了阿里云ECS后,一直有点后悔,但已经买了,也退不掉。所以这几天一直在想着装个什么,不能浪费啊!!!最后思来想去,决定要不装个私有云盘玩玩。网上的私有云盘有SeaFile、Owncloud、Nextcloud这三个主要的。通过综合比较,SeaFile不免费,Owncloud与Nextcloud原是一家,最终决定那就先装Nextcloud吧。既然决定了,那就不能闲着,说干就干!!
本此主要在CentOS7.4下安装和配置最新版本的 Nextcloud 14,并且会通过 Nginx 和 PHP7.2-FPM 来运行 Nextcloud,同时使用 MariaDB 做为数据库系统。
阿里云ECS的系统是Centos7.4版本
[root@chyiyanghost~]#cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core)
将自带的epel、nginx、php全部卸载(rpm -e … –nodeps)
[root@chyiyanghost~]#rpm -qa|grep php [root@chyiyanghost~]#rpm -qa|grep php-common [root@chyiyanghost~]#rpm -qa|grep nginx
CentOS默认的yum源中并不包含Nginx和php-fpm,首先要为CentOS添加epel源:
[root@chyiyanghost~]#yum -y install epel-release [root@chyiyanghost~]#yum -y install nginx
需要再添加一个yum源来安装php-fpm,可以使用webtatic
[root@chyiyanghost~]#rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
安装php7.2-fpm和一些其它的必要的组件
[root@chyiyanghost~]#yum -y install php72w-fpm php72w-cli php72w-gd php72w-mcrypt php72w-mysql php72w-pear php72w-xml php72w-mbstring php72w-pdo php72w-json php72w-pecl-apcu php72w-pecl-apcu-devel
需要说明的是php72为php7.2,如果要装php7.1就改为php71,php7.0就是php70
完成后,检查一下php-fpm是否已正常安装
[root@chyiyanghost~]#php -v PHP 7.2.11 (cli) (built: Oct 11 2018 19:14:35) (NTS) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
配置php-fpm
root@chyiyanghost~]#vim /etc/php-fpm.d/www.conf ..... user = nginx //将用户和组都改为nginx group = nginx ..... listen = 127.0.0.1:9000 //php-fpm所监听的端口为9000 ...... env[HOSTNAME] = $HOSTNAME //去掉下面几行注释 env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp
按ESC,输入wq!保存退出。
在/var/lib目录下为session路径创建一个新的文件夹,并将用户名和组设为nginx
[root@chyiyanghost~]#mkdir -p /var/lib/php/session [root@chyiyanghost~]#chown nginx:nginx -R /var/lib/php/session/ [root@chyiyanghost~]#ll -d /var/lib/php/session/ drwxr-xr-x 2 nginx nginx 4096 Nov 1 12:23 /var/lib/php/session/
启动Nginx和php-fpm服务,并添加开机启动
[root@chyiyanghost~]#systemctl start php-fpm [root@chyiyanghost~]#systemctl start nginx [root@chyiyanghost~]#systemctl enable php-fpm Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service. //提示成功信息 [root@chyiyanghost~]#systemctl enable nginx Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service. //提示成功信息
使用MaraiDB作为Nextcloud数据库。yum安装MaraiDB服务
[root@chyiyanghost~]#yum -y install mariadb mariadb-server
启动MariaDB服务并添加开机启动
[root@chyiyanghost~]#systemctl start mariadb [root@chyiyanghost~]#systemctl enable mariadb Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service. //提示信息
接下来设置MariaDB的root密码
[root@chyiyanghost~]#mysql_secure_installation //按照提示设置密码,首先会询问当前密码,密码默认为空,直接回车即可 Enter current password for root (enter for none): //直接回车 Set root password?[Y/n]Y New password: //输入新密码 Re-enter new password: //再次输入新密码 Remove anonymous users?[Y/n]Y Disallow root login remotely?[Y/n]Y Remove test database and access to it?[Y/n]Y Reload privilege tables now?[Y/n]Y
设置完MariaDB的密码后,使用命令行登录MariaDB,并为Nextcloud创建相应的用户和数据库。
例如数据库为nextcloud_db,用户为nextclouduser,密码为nextcloudpasswd:
[root@chyiyanghost~]#mysql -p ...... MariaDB [(none)]>create database nextcloud_db; Query OK, 1 row affected (0.00sec) MariaDB [(none)]>create user nextclouduser@localhost identified by'nextcloudpasswd'; Query OK, 0 rows affected (0.00sec) MariaDB [(none)]>grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by'nextcloudpasswd'; Query OK, 0 rows affected (0.00sec) MariaDB [(none)]>flush privileges; Query OK, 0 rows affected (0.00sec) MariaDB [(none)]>exit Bye
为SSL证书创建一个新的文件夹:
[root@chyiyanghost~]#mkdir -p /etc/nginx/cert/ [root@chyiyanghost~]#cd /etc/nginx/cert/ [root@chyiyanghost cert]#openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key ..... Country Name (2 letter code) [XX]:cn //国家 State or Province Name (full name) []:shaanxi //省份 Locality Name (eg, city) [Default City]:shaanxi //地区名字 Organization Name (eg, company) [Default Company Ltd]:chyiyang //公司名 Organizational Unit Name (eg, section) []:Technology //部门 Common Name (eg, your name or your server's hostname) []:chyiyang //CA主机名 Email Address []:330601425@qq.com
然后将证书文件的权限设置为660
[root@chyiyanghost cert]#chmod 700 /etc/nginx/cert [root@chyiyanghost cert]#chmod 600 /etc/nginx/cert/*
[root@chyiyanghost~]#yum -y install wget unzip [root@chyiyanghost~]#cd /usr/local/src/ [root@chyiyanghost src]#wget https://download.nextcloud.com/server/releases/nextcloud-14.0.3.zip [root@chyiyanghost src]#unzip nextcloud-14.0.3.zip [root@nextcloud-server src]#ls nextcloud nextcloud-14.0.3.zip [root@chyiyanghost src]#mv nextcloud /usr/share/nginx/html/
进入Nginx的root目录,并为Nextcloud创建data目录,将Nextcloud的用户和组修改为nginx
[root@chyiyanghost src]#mv nextcloud /usr/share/nginx/html/ [root@chyiyanghost src]#cd /usr/share/nginx/html/ [root@chyiyanghost html]#mkdir -p nextcloud/data/ [root@chyiyanghost html]#chown nginx:nginx -R nextcloud/ [root@chyiyanghost html]#ll -d nextcloud drwxr-xr-x 15 nginx nginx 4096 Nov 1 15:50 nextcloud
进入Nginx的虚拟主机配置文件所在目录并创建一个新的虚拟主机配置(记得修改两个server_name为自己的域名):
[root@chyiyanghost html]#cd /etc/nginx/conf.d/ [root@chyiyanghost conf.d]#vim nextcloud.conf upstream php-handler { server 127.0.0.1:9000; #server unix:/var/run/php5-fpm.sock; } server { listen 80; server_name chyiyang.net; # enforce https return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name chyiyang.net; ssl_certificate /etc/nginx/cert/nextcloud.crt; ssl_certificate_key /etc/nginx/cert/nextcloud.key; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Path to the root of your installation root /usr/share/nginx/html/nextcloud/; location = /robots.txt { allow all; log_not_found off; access_log off; } # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php service=host-meta-json # last; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } # set max upload size client_max_body_size 512M; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location / { rewrite ^ /index.php$uri; } location ~ ^/( :build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/( :\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^/( :index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php( :$|/) { include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^/( :updater|ocs-provider)( :$|/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~* \.( :css|js)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into # this topic first. add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } location ~* \.( :svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # Optional: Don't log access to other assets access_log off; } }
接下来测试以下配置文件是否有错误,确保没有问题后重启Nginx服务。
[root@chyiyanghost conf.d]#nginx -t nginx:the configuration file /etc/nginx/nginx.conf syntax is ok nginx:configuration file /etc/nginx/nginx.conf test is successful [root@chyiyanghost conf.d]#systemctl restart nginx
可以选择关闭Firewalld和SELinux
[root@chyiyanghost~]#systemctl stop firewalld [root@chyiyanghost~]#systemctl disable firewalld [root@chyiyanghost~]#setenforce 0 [root@chyiyanghost~]#getenforce disable [root@chyiyanghost~]#cat /etc/sysconfig/selinux ...... SELINUX=disabled
首先需要安装SElinux管理工具policycoreutils-python
[root@chyiyanghost~]#yum -y install policycoreutils-python
接着设置SELinux
[root@chyiyanghost~]#semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)' [root@chyiyanghost~]#semanage fcontext -a -t httpd_sys_rw_content_t'/usr/share/nginx/html/nextcloud/config(/.*)' [root@chyiyanghost~]#semanage fcontext -a -t httpd_sys_rw_content_t'/usr/share/nginx/html/nextcloud/apps(/.*)' [root@chyiyanghost~]#semanage fcontext -a -t httpd_sys_rw_content_t'/usr/share/nginx/html/nextcloud/assets(/.*)' [root@chyiyanghost~]#semanage fcontext -a -t httpd_sys_rw_content_t'/usr/share/nginx/html/nextcloud/.htaccess' [root@chyiyanghost~]#semanage fcontext -a -t httpd_sys_rw_content_t'/usr/share/nginx/html/nextcloud/.user.ini' [root@chyiyanghost~]#restorecon -Rv'/usr/share/nginx/html/nextcloud/'
接下来设置Firewlld防火墙,为Nextcloud开放http和https两个端口
[root@chyiyanghost~]#systemctl start firewalld [root@chyiyanghost~]#systemctl enable firewalld [root@chyiyanghost~]#firewall-cmd --permanent --add-service=http [root@chyiyanghost~]#firewall-cmd --permanent --add-service=https [root@chyiyanghost~]#firewall-cmd --reload
解析上面nginx中配置的域名chyiyang.net,访问访问http://chyiyang.net进行Nextcloud界面安装(访问http域名会自动跳转到https,安装提示安装即可!)
至此,nextcloud算是部署完成了。
最新评论