CentOS 7 安裝 NextCloud

筆者 NextCloud 使用的是 Nginx 環(huán)境. 其他環(huán)境請(qǐng)參考對(duì)應(yīng)的官方文檔.

準(zhǔn)備條件:

  • CentOS 7 X64
  • NextCloud 14

CentOS 7 基本安裝配置

本安裝過(guò)程默認(rèn)讀者已經(jīng)將 CentOS 7 環(huán)境完全準(zhǔn)備好了. 如果你的系統(tǒng)是新安裝的默認(rèn)最小系統(tǒng), 請(qǐng)參考這里: CentOS 7 網(wǎng)絡(luò)配置CentOS 7 安裝 SSH 服務(wù)器. 以上兩項(xiàng)可以保證最后能夠正常訪問 NextCloud.

添加 epel 倉(cāng)庫(kù)

有很多軟件位于 EPEL 倉(cāng)庫(kù)中, 而默認(rèn)情況下安裝的 CentOS 中沒有該倉(cāng)庫(kù), 因此需要自己手動(dòng)添加.

$ sudo yum -y install epel-release

添加 Webtatic 倉(cāng)庫(kù)

php7-fpm 依賴需要

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

準(zhǔn)備 NextCloud 運(yùn)行環(huán)境

安裝 PHP7-FPM

執(zhí)行以下命令:

$ sudo yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel

安裝完成后, 查看 php 版本 php -v

$ php -v
PHP 7.0.32 (cli) (built: Sep 15 2018 07:54:46) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies

配置 PHP7-FPM

  1. 配置 PHP7-FPM 使用 nginx 用戶運(yùn)行, 并監(jiān)聽 9000 端口

    用于配置 PHP-FPM 與 Nginx 協(xié)同運(yùn)行.

    $ sudo vi /etc/php-fpm.d/www.conf

    • 修改 user 與 group 為 nginx.

      ; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

    • 確保 PHP-FPM 運(yùn)行在指定端口

      ; Note: This value is mandatory.
listen = 127.0.0.1:9000

    • 啟用 php-fpm 的系統(tǒng)環(huán)境變量

      ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

    保存退出.

  2. /var/lib/ 目錄下新建文件夾 session, 擁有者改為 ngnix

    $ mkdir -p /var/lib/php/session
$ chown nginx:nginx -R /var/lib/php/session/

  3. 啟動(dòng) PHP-FPM 和 Nginx,并設(shè)置為隨開機(jī)啟動(dòng)服務(wù)

    $ sudo systemctl start php-fpm
$ sudo systemctl start nginx
$ sudo systemctl enable php-fpm
$ sudo systemctl enable nginx

安裝/配置 MariaDB

MariaDB 安裝與 Root 配置

$ sudo yum -y install mariadb mariadb-server
$ sudo systemctl start mariadb
$ sudo systemctl enable mariadb

配置 MariaDB 的 root 用戶密碼. 此處跟隨著提示即可.

$ mysql_secure_installation

Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

添加 nextcloud 的 user 與數(shù)據(jù)庫(kù)

$ mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2586
Server version: 5.5.60-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database nextcloud_db;
MariaDB [(none)]> create user nextclouduser@localhost identified by 'password!@#';
MariaDB [(none)]> grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'password!@#';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;

生成 SSL 證書

我們使用的是 https 進(jìn)行訪問. 因此需要一個(gè) SSL 證書. 當(dāng)然這塊的證書你可以選擇免費(fèi)的 SSL 證書, 也可以選擇自簽一個(gè). 這里使用的是自簽的 SSL 證書.

$ mkdir -p /etc/nginx/cert/
$ openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
$ sudo chmod 700 /etc/nginx/cert
$ sudo chmod 600 /etc/nginx/cert/nextcloud.key /etc/nginx/cert/nextcloud.crt

下載 NextCloud

  1. 安裝 wgetunzip

    $ yum -y install wget unzip

  2. 下載與驗(yàn)證 NextCloud

    $ cd ~/
$ wget https://download.nextcloud.com/server/releases/nextcloud-14.0.4.zip
$ wget https://download.nextcloud.com/server/releases/nextcloud-14.0.4.zip.sha256
$ sha256sum -c nextcloud-14.0.4.zip.sha256 < nextcloud-14.0.4.zip

  3. 解壓并將 NextCloud 剪切到 /usr/share/nginx/html/ 目錄下

    $ unzip nextcloud-10.0.2.zip
$ sudo cp -R nextcloud/ /usr/share/nginx/html/

  4. 新建 data 文件夾, 并變更 nextcloud 所有者為 nginx

    $ cd /usr/share/nginx/html/
$ sudo mkdir -p nextcloud/data/
$ chown nginx:nginx -R nextcloud/

配置 NextCloud

在 Nginx 中為 Nextcloud 配置虛擬主機(jī)

$ sudo vi /etc/nginx/conf.d/nextcloud.conf

upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php/php7.0-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name 你的地址;
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name 你的地址;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    # NOTE: some settings below might be redundant
    ssl_certificate /etc/nginx/cert/nextcloud.crt.crt;
    ssl_certificate_key /etc/nginx/cert/nextcloud.crt.key;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    # add_header Strict-Transport-Security "max-age=15768000;
    # includeSubDomains; preload;";
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header Referrer-Policy no-referrer;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /var/www/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    location / {
        rewrite ^ /index.php$request_uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|woff2?|svg|gif)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        add_header Referrer-Policy no-referrer;

        # Optional: Don't log access to assets
        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

保存文件, 并測(cè)試 nginx -t. 如果測(cè)試結(jié)果通過(guò), 重啟服務(wù). sudo systemctl restart nginx

配置 SELinux 和 FirewallD 規(guī)則

首先, 安裝一個(gè)管理軟件配置 SELinux

$ yum -y install policycoreutils-python

運(yùn)行一下命令配置 SELinux 規(guī)則:

$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)?'
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config(/.*)?'
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps(/.*)?'
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/assets(/.*)?'
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess'
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini'
$ sudo restorecon -Rv '/usr/share/nginx/html/nextcloud/'

啟用 firewalld 服務(wù)并設(shè)置隨系統(tǒng)啟動(dòng), 。

$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld

開啟 http 和 https 端口,然后重新加載防火墻。

$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https
$ sudo firewall-cmd --reload

至此, 所有的安裝工作全部完成(除了最后一步的 NextCloud 配置).

打開瀏覽器,輸入你的 NextCloud 域名,根據(jù)頁(yè)面提示進(jìn)行配置即可. 完成后, 你就可以享用 NextCloud 帶來(lái)的便捷了.

小結(jié)

百度出來(lái)的資料有一些細(xì)節(jié)方面的問題. 單在官方文檔中, 這些問題統(tǒng)統(tǒng)不存在. 所以, 安裝過(guò)程中, 如果出現(xiàn)問題, 重新按照官方文檔來(lái)一遍, 一般就沒問題了.

另外筆者下載的是 NextCloud 14 版本的, 該版本少了一些插件, 如果下載管理的 ocDownloader 目前只支持到 13.

參考

NextCloud Admin Manual

在 CentOS 7 中安裝 Nextcloud

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容