[系统运维] nextcloud个人网盘搭建

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> 系统运维 -> nextcloud个人网盘搭建 -> 正文阅读

[系统运维]nextcloud个人网盘搭建

一，基础环境准备

# 系统初始化
# 如果时区不对，请修改时区
#mv /etc/localtime /etc/localtime_bak
#ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

# 修改selinux
vi /etc/selinux/config
  SELINUX=disabled
 # 修改当前环境的selinux
setenforce 0
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
iptables -F
# 安装基础包
yum  install -y net-tools vim lrzsz wget tree ``screen` `lsof` `tcpdump ``bash``-completion.noarch ntp zip unzip git
yum install -y gcc gcc-c++ libstdc++ make cmake curl bind-utils 
yum install -y epel-release yum-utils curl policycoreutils-python mlocate bzip2
# 时钟同步
crontab -e
*/30 * * * * ntpdate ntp1.aliyun.com
# 开机启动时钟同步
vim /etc/rc.local
ntpdate ntp1.aliyun.com

# 修改主机名
hostnamectl set-hostname cloud.139
# exit 退出重新登录

安装php

sudo yum install epel-release
sudo rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

yum --enablerepo=remi-php73 install php

yum --enablerepo=remi-php73 install php-xml php-soap php-xmlrpc php-mbstring php-json php-gd php-mcrypt php-mysql
yum --enablerepo=remi-php73 install php-fpm
yum --enablerepo=remi-php73 install php73-php-pecl-zip.x86_64 php73-php-pecl-mysql.x86_64 php73-php-pecl-mysql-xdevapi.x86_64 php73-php-pecl-mysqlnd-azure.x86_64 php73-php-pdo-dblib.x86_64

yum --enablerepo=remi-php73 search php | grep php73

vim /etc/php-fpm.d/www.conf

设置运行的账号全部为nginx
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

listen的方式和端口一定要正确，此处的配置与NGINX一定要对应。
listen = 127.0.0.1:9000

启用此处几个配置
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

下一步，创建一下session目录，并且修改权限。

mkdir -p /var/lib/php/session
chown nginx:nginx -R /var/lib/php/session/

systemctl start php-fpm

systemctl status php-fpm

cd /etc/nginx/

vim nginx.conf

location ~ \.php$ {
            # 设置监听端口
            fastcgi_pass   127.0.0.1:9000;
            # 设置nginx的默认首页文件(上面已经设置过了，可以删除)
            fastcgi_index  index.php;
            # 设置脚本文件请求的路径
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            # 引入fastcgi的配置文件
            include        fastcgi_params;
        }

systemctl restart nginx

cd /usr/share/nginx/html

vim phpinfo.php

http://192.168.0.110/phpinfo.php

二，安装和配置 MariaDB

使用CENTOS来安装mysql数据或者使用mariadb都是比较简单的过程。

yum install mariadb mariadb-server

开机启动
systemctl enable mariadb

启动mariadb服务
systemctl start mariadb

配置mariadb
mysql_secure_installation
会提示设置root的密码

Remove anonymous users? [Y/n] <– 是否删除匿名用户，Y回车

Disallow root login remotely? [Y/n] <–是否禁止root远程登录,n回车,

Remove test database and access to it? [Y/n] <– 是否删除test数据库，y回车

Reload privilege tables now? [Y/n] <– 是否重新加载权限表，y回车

mysql -uroot -p

create database nextcloud_db;
show databases;

三，生成SSL证书

#创建文件证书的目录
mkdir -p /etc/nginx/cert/
# 生成证书
openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
#修改权限 
chmod 700 /etc/nginx/cert
chmod 600 /etc/nginx/cert/*

四，安装和配置nextcloud

#解压
unzip nextcloud-23.0.4.zip
#移动到nginx的root目录
mv nextcloud/ /usr/share/nginx/html/

#创建一个存放文件的Data目录
cd /usr/share/nginx/html/
mkdir -p nextcloud/data/

#变更 nextcloud 目录的拥有者为 nginx 用户和组
chown nginx:nginx -R nextcloud/

cd /etc/nginx/conf.d/

vi nextcloud.conf

upstream php-handler {
    server 127.0.0.1:9000;
 #server unix:/var/run/php5-fpm.sock;
}

server {
    listen 80;
    server_name ip;
 # enforce https
 return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name ip;

    ssl_certificate /etc/nginx/cert/nextcloud.crt;
    ssl_certificate_key /etc/nginx/cert/nextcloud.key;

 # Add headers to serve security related headers
 # Before enabling Strict-Transport-Security headers please read into this
 # topic first.
    add_header Strict-Transport-Security "max-age=15768000;
    includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

 # Path to the root of your installation
    root /usr/share/nginx/html/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
 }

 # The following 2 rules are only needed for the user_webfinger app.
 # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        add_header Strict-Transport-Security "max-age=15768000;
        includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
 }

    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
 # Optional: Don't log access to other assets
        access_log off;
    }
}

extension=/opt/remi/php73/root/usr/lib64/php/modules/zip.so

extension=/opt/remi/php73/root/usr/lib64/php/modules/mysql.so

extension=/opt/remi/php73/root/usr/lib64/php/modules/pdo.so

extension=/opt/remi/php73/root/usr/lib64/php/modules/mysqlnd.so

extension=/opt/remi/php73/root/usr/lib64/php/modules/mysqli.so