Nextcloud私有云盤在Centos7下的部署筆記
搭建我的雲存儲通常會想到ownCloud,堪稱是自建雲存儲服務的經典。而Nextcloud是ownCloud原開發團隊打造的號稱是「下一代」存儲。初一看以爲「口氣」不小,剛推出來就從新「定義」了Cloud,真正試用事後就由衷地贊同這個Nextcloud:它是我的雲存儲服務的絕佳選擇。能夠說Nextcloud 是一款自由 (開源) 的類 Dropbox 軟件,由 ownCloud 分支演化造成。它使用 PHP 和 JavaScript 編寫,支持多種數據庫系統,好比 MySQL/MariaDB、PostgreSQL、Oracle 數據庫和 SQLite。它可使你的桌面系統和雲服務器中的文件保持同步,Nextcloud 爲 Windows、Linux、Mac、安卓以及蘋果手機都提供了客戶端支持。同時,Nextcloud 也並不是只是 Dropbox 的克隆,它還提供了不少附加特性,如日曆、聯繫人、計劃任務以及流媒體 Ampache。php
與ownCloud相比,Nextcloud的功能絲毫沒有減弱,甚至因爲能夠安裝雲存儲服務應用,自制性更強,也更符合用戶的需求。Nextcloud官網的幫助文檔寫得至關地詳細,幾乎任何關於Nextcloud的問題均可以找到答案,這說明Nextcloud開發團隊確實比ownCloud更加優秀。css
一開始覺得Nextcloud只是一個網盤雲存儲,後來看到Nextcloud內置了Office文檔、圖片相冊、日曆聯繫人、兩步驗證、文件管理、RSS閱讀等豐富的應用,我發現Nextcloud已經僅僅能夠用做我的或者團隊存儲與共享,還能夠打形成爲一個我的辦公平臺,幾乎至關於一個我的的Dropbox了。html
如下內容將介紹如何在 CentOS 7 服務器中安裝和配置最新版本的 Nextcloud 12,而且會經過 Nginx 和 PHP7-FPM 來運行 Nextcloud,同時使用 MariaDB 作爲數據庫系統。廢話很少說了,直接看部署筆記:node
部署機器的系統是Centos7.4版本 [root@nextcloud-server ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) 1、安裝並配置Nginx和php-fpm ================================================================ 將自帶的epel、nginx、php所有卸載(rpm -e ... --nodeps) [root@nextcloud-server ~]# rpm -qa|grep php [root@nextcloud-server ~]# rpm -qa|grep php-common [root@nextcloud-server ~]# rpm -qa|grep nginx =============================================================== CentOS默認的yum源中並不包含Nginx和php-fpm,首先要爲CentOS添加epel源: [root@nextcloud-server ~]# yum -y install epel-release [root@nextcloud-server ~]# yum -y install nginx 須要再添加一個yum源來安裝php-fpm,可使用webtatic(這個yum源對國內網絡來講恐怕有些慢,固然你也能夠選擇其它的yum源) [root@nextcloud-server ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm 安裝php7-fpm和一些其它的必要的組件 [root@nextcloud-server ~]# yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel 完成後,檢查一下php-fpm是否已正常安裝 [root@nextcloud-server ~]# php -v PHP 7.0.25 (cli) (built: Oct 29 2017 13:43:03) ( NTS ) Copyright (c) 1997-2017 The PHP Group Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies 配置php-fpm [root@nextcloud-server ~]# vim /etc/php-fpm.d/www.conf ..... user = nginx //將用戶和組都改成nginx group = nginx ..... listen = 127.0.0.1:9000 //php-fpm所監聽的端口爲9000 ...... env[HOSTNAME] = $HOSTNAME //去掉下面幾行註釋 env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp 在/var/lib目錄下爲session路徑建立一個新的文件夾,並將用戶名和組設爲nginx [root@nextcloud-server ~]# mkdir -p /var/lib/php/session [root@nextcloud-server ~]# chown nginx:nginx -R /var/lib/php/session/ [root@nextcloud-server ~]# ll -d /var/lib/php/session/ drwxr-xr-x. 2 nginx nginx 4096 1月 25 09:47 /var/lib/php/session/ 啓動Nginx和php-fpm服務,並添加開機啓動 [root@nextcloud-server ~]# systemctl start php-fpm [root@nextcloud-server ~]# systemctl start nginx [root@nextcloud-server ~]# systemctl enable php-fpm [root@nextcloud-server ~]# systemctl enable nginx 2、安裝並配置MariaDB 使用MaraiDB做爲Nextcloud數據庫。yum安裝MaraiDB服務 [root@nextcloud-server ~]# yum -y install mariadb mariadb-server 啓動MariaDB服務並添加開機啓動 [root@nextcloud-server ~]# systemctl start mariadb [root@nextcloud-server ~]# systemctl enable mariadb 接下來設置MariaDB的root密碼 [root@nextcloud-server ~]# mysql_secure_installation //按照提示設置密碼,首先會詢問當前密碼,密碼默認爲空,直接回車便可 Enter current password for root (enter for none): //直接回車 Set root password? [Y/n] Y New password: //輸入新密碼 Re-enter new password: //再次輸入新密碼 Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y ============================================================================================== 或者採用另外一種修改密碼的方式:跳過受權表 1)在/etc/my.cnf文件裏添加"skip-grant-tables" 2)重啓mariadb服務 3)無密碼登錄mariadb,而後重置mysql密碼 MariaDB [(none)]> update mysql.user set password=password("kevin@123") where user="root"; 4)去掉/etc/my.cnf文件裏的"skip-grant-tables"內容 5)重啓mariadb服務 6)這樣就可使用上面重置的新密碼kevin@123登錄mariadb了 ============================================================================================== 設置完MariaDB的密碼後,使用命令行登陸MariaDB,併爲Nextcloud建立相應的用戶和數據庫。 例如數據庫爲nextcloud_db,用戶爲nextclouduser,密碼爲nextcloudpasswd: [root@nextcloud-server ~]# mysql -p ...... MariaDB [(none)]> create database nextcloud_db; MariaDB [(none)]> create user nextclouduser@localhost identified by 'nextcloudpasswd'; MariaDB [(none)]> grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'nextcloudpasswd'; MariaDB [(none)]> flush privileges; 3、爲Nextcloud生成自簽名SSL證書 爲SSL證書建立一個新的文件夾: [root@nextcloud-server ~]# cd /etc/nginx/cert/ [root@nextcloud-server cert]# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key ..... Country Name (2 letter code) [XX]:cn //國家 State or Province Name (full name) []:beijing //省份 Locality Name (eg, city) [Default City]:beijing //地區名字 Organization Name (eg, company) [Default Company Ltd]:kevin //公司名 Organizational Unit Name (eg, section) []:Technology //部門 Common Name (eg, your name or your server's hostname) []:kevin //CA主機名 Email Address []:kevin@wangshibo.cn 而後將證書文件的權限設置爲660 [root@nextcloud-server cert]# chmod 700 /etc/nginx/cert [root@nextcloud-server cert]# chmod 600 /etc/nginx/cert/* 4、下載並安裝Nextcloud [root@nextcloud-server ~]# yum -y install wget unzip [root@nextcloud-server ~]# cd /usr/local/src/ [root@nextcloud-server src]# wget https://download.nextcloud.com/server/releases/nextcloud-12.0.4.zip [root@nextcloud-server src]# unzip nextcloud-12.0.4.zip [root@nextcloud-server src]# ls nextcloud nextcloud-12.0.4.zip [root@nextcloud-server src]# mv nextcloud /usr/share/nginx/html/ 進入Nginx的root目錄,併爲Nextcloud建立data目錄,將Nextcloud的用戶和組修改成nginx [root@nextcloud-server src]# cd /usr/share/nginx/html/ [root@nextcloud-server html]# mkdir -p nextcloud/data/ [root@nextcloud-server html]# chown nginx:nginx -R nextcloud/ [root@nextcloud-server html]# ll -d nextcloud drwxr-xr-x. 15 nginx nginx 4096 1月 24 17:04 nextcloud 5、設置Nginx虛擬主機 進入Nginx的虛擬主機配置文件所在目錄並建立一個新的虛擬主機配置(記得修改兩個server_name爲本身的域名): [root@nextcloud-server ~]# cd /etc/nginx/conf.d/ [root@nextcloud-server conf.d]# vim nextcloud.conf upstream php-handler { server 127.0.0.1:9000; #server unix:/var/run/php5-fpm.sock; } server { listen 80; server_name nextcloud.kevin-inc.com; # enforce https return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name nextcloud.kevin-inc.com; ssl_certificate /etc/nginx/cert/nextcloud.crt; ssl_certificate_key /etc/nginx/cert/nextcloud.key; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Path to the root of your installation root /usr/share/nginx/html/nextcloud/; location = /robots.txt { allow all; log_not_found off; access_log off; } # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json # last; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } # set max upload size client_max_body_size 512M; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location / { rewrite ^ /index.php$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~* \.(?:css|js)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into # this topic first. add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # Optional: Don't log access to other assets access_log off; } } 接下來測試如下配置文件是否有錯誤,確保沒有問題後重啓Nginx服務。 [root@nextcloud-server conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@nextcloud-server conf.d]# systemctl restart nginx 6、爲Nextcloud設置Firewalld防火牆和SELinux 能夠選擇關閉Firewalld和SELinux [root@nextcloud-server ~]# systemctl stop firewalld [root@nextcloud-server ~]# systemctl disable firewalld [root@nextcloud-server ~]# setenforce 0 [root@nextcloud-server ~]# getenforce disable [root@nextcloud-server ~]# cat /etc/sysconfig/selinux ...... SELINUX=disabled 若是打開了防火牆,則須要設置Firewalld和SELinux 首先須要安裝SElinux管理工具policycoreutils-python [root@nextcloud-server ~]# yum -y install policycoreutils-python 接着設置SELinux [root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)?' [root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config(/.*)?' [root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps(/.*)?' [root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/assets(/.*)?' [root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess' [root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini' [root@nextcloud-server ~]# restorecon -Rv '/usr/share/nginx/html/nextcloud/' 接下來設置Firewlld防火牆,爲Nextcloud開放http和https兩個端口 [root@nextcloud-server ~]# systemctl start firewalld [root@nextcloud-server ~]# systemctl enable firewalld [root@nextcloud-server ~]# firewall-cmd --permanent --add-service=http [root@nextcloud-server ~]# firewall-cmd --permanent --add-service=https [root@nextcloud-server ~]# firewall-cmd --reload 7、安裝Nextcloud 解析上面nginx中配置的域名nextcloud.kevin-inc.com,訪問訪問http://nextcloud.veredholdings-inc.com進行Nextcloud界面安裝(訪問http域名會自動跳轉到https,安裝提示安裝便可!)
==================NextCloud安全與性能優化==================python
這種提示通常在NextCloud的服務器管理中能夠看到,建議緩存類的直接安裝一個便可,安裝多了也沒有什麼用。 爲了Nextcloud服務的安全和性能, 請將全部設置配置正確. PHP 模塊 ‘fileinfo’ 缺失. 咱們強烈建議啓用此模塊以便在 MIME 類型檢測時得到最準確的結果. HTTP 請求頭 「Strict-Transport-Security」 沒有配置爲至少 「15552000」 秒. 出於加強安全性考慮, 推薦按照安全提示中的說明啓用HSTS. 內存緩存未配置. 若是可用, 請配置 memcache 以加強性能. 更多信息請查看咱們的文檔. PHP 的組件 OPcache 沒有正確配置. 爲了提供更好的性能, 咱們建議在php.ini文件中使用下列設置: opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1
==================NextCloud添加Memcached緩存==================mysql
修改程序目錄下的config目錄中的config.php文件,在配置文件中添加以下,這個是多個Memcached實例,單個本身改: 'memcache.local' => '\OC\Memcache\APCu', 'memcache.distributed' => '\OC\Memcache\Memcached', 'memcached_servers' => array( array('localhost', 11211), array('server1.example.com', 11211), array('server2.example.com', 11211), ),
==================NextCloud添加Redis緩存==================linux
在配置文件中添加以下,這個是經過TCP鏈接的: 'memcache.local' => '\OC\Memcache\Redis', 'redis' => array( 'host' => 'localhost', 'port' => 6379, ), 還有性能更好的UNIX鏈接: 'memcache.local' => '\OC\Memcache\Redis', 'redis' => array( 'host' => '/var/run/redis/redis.sock', 'port' => 0, 'dbindex' => 0, 'password' => 'secret', 'timeout' => 1.5, ), 同時,官方還推薦加入以下,來用於存儲文件鎖: 'memcache.locking' => '\OC\Memcache\Redis',
========Nextcloud的郵件發信設置========
Nextcloud發送郵件信息的前提:每一個用戶(包括管理員)都要事先設置好本身的郵箱地址!
1)使用管理員帳號登錄Nextcloud。點擊右上角的設置圖標裏的"管理"-"其餘設置"nginx
前提是管理員(admin)要事先設置好本身的郵箱地址。以下設置好郵箱地址後,按Enter鍵後就會顯示一個"對勾"web
知足條件:ajax
1)在admin登錄後的"管理"->"其餘設置"的後臺裏配置好"電子郵件服務器"(配置後能夠測試發送郵件是否成功,前提是admin也要事先配置好本身的郵箱地址) 2)各用戶建立並登錄後,要記得配置各自的郵箱地址。好比wangshibo用戶登陸後,配置本身的郵箱地址 3)在分享文件的時候,只要使用對方帳號名進行分享,對方郵箱裏就會收到一封分享信息的郵件!
以下,在admin帳號下分享Nextcloud Manual.pdf這個文件給wangshibo用戶
而後登錄wangshibo用戶,就會發現Nextcloud Manual.pdf文件已經分享過來了
登錄wangshibo帳號配置的郵箱,就會發現有上面分享的郵件信
也能夠在文件來源方取消分享
***************當你發現本身的才華撐不起野心時,就請安靜下來學習吧***************
轉:http://www.cnblogs.com/kevingrace/p/8343060.html
相關文章
- 1. Nextcloud私有云盤在Centos7下的部署筆記
- 2. 部署nextcloud私有云盤
- 3. nextcloud私有云盤的部署
- 4. Nextcloud私有云部署
- 5. 部署Nextcloud私有云
- 6. CentOS7 搭建nextcloud私有云盤
- 7. CentOS7搭建nextcloud建立私有云盤
- 8. CentOS7搭建Nextcloud私有云
- 9. nextcloud——搭建私有云盤
- 10. 搭建私有云盤-NextCloud
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • ionic 頭部與底部 - ionic 教程
- • Tomcat學習筆記(史上最全tomcat學習筆記)
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 字節跳動21屆秋招運營兩輪面試經驗分享
- 2. Java 3 年,25K 多嗎?
- 3. mysql安裝部署
- 4. web前端開發中父鏈和子鏈方式實現通信
- 5. 3.1.6 spark體系之分佈式計算-scala編程-scala中trait特性
- 6. dataframe2
- 7. ThinkFree在線
- 8. 在線畫圖
- 9. devtools熱部署
- 10. 編譯和鏈接
歡迎關注本站公眾號,獲取更多信息
