安装Nextcloud

一、配置PHP-FPM

sed -i "s/user = apache/user = nginx/g" /etc/php-fpm.d/www.conf
sed -i "s/group = apache/group = nginx/g" /etc/php-fpm.d/www.conf
sed -i 's/;listen.owner = nobody/listen.owner = nginx/g' /etc/php-fpm.d/www.conf
sed -i 's/;listen.group = nobody/listen.group= nginx/g' /etc/php-fpm.d/www.conf


vim /etc/php-fpm.d/www.conf
......
env[HOSTNAME] = $HOSTNAME                     //去掉下面几行注释
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

在/var/lib目录下为session路径创建一个新的文件夹,并将用户名和组设为nginx

mkdir -p /var/lib/php/session
chown nginx:nginx -R /var/lib/php/session/
ll -d /var/lib/php/session/

二、为Nextcloud生成自签名SSL证书

为SSL证书创建一个新的文件夹:

mkdir /etc/nginx/cert/
cd /etc/nginx/cert/
openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key

#然后将证书文件的权限设置为660
chmod 700 /etc/nginx/cert
chmod 600 /etc/nginx/cert/*

三、下载Nextcloud

cd /usr/local/src/
wget https://download.nextcloud.com/server/releases/latest.zip
unzip latest.zip
mv nextcloud /usr/share/nginx/html/

#进入Nginx的root目录,并为Nextcloud创建data目录,将Nextcloud的用户和组修改为nginx
cd /usr/share/nginx/html/
mkdir -p nextcloud/data/
chown nginx:nginx nextcloud/  -R
ll -d nextcloud

四、设置Nginx虚拟主机

进入Nginx的虚拟主机配置文件所在目录并创建一个新的虚拟主机配置(记得修改两个server_name为自己的域名):

4.1、配置Nginx.conf

# more nginx.conf
user  nginx;
worker_processes  auto;
worker_rlimit_nofile 65535;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    multi_accept on;
    worker_connections  65535;
    use epoll;
}


http {
    charset utf-8;
    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    server_tokens   off;
    log_not_found   off;
    types_hash_max_size 2048;
    client_max_body_size 5120M;

    # MIME
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    # loggig
    access_log  /var/log/nginx/access.log;
    error_log   /var/log/nginx/error.log warn;

    # OCSP Stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
    resolver_timeout 2s;


    proxy_headers_hash_max_size 51200; 
    proxy_headers_hash_bucket_size 6400;

    open_file_cache  max=200000 inactive=20s;
    open_file_cache_valid       30s;
    open_file_cache_min_uses    2;
    open_file_cache_errors      on;

    client_body_buffer_size     128k;
    client_header_buffer_size   1m;
    keepalive_timeout  300;

    include /etc/nginx/conf.d/*.conf;

include /etc/nginx/proxy.conf;
include /etc/nginx/optimization.conf;
}

4.2、配置/etc/nginx/proxy.conf

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
proxy_redirect off;

4.3、配置/etc/nginx/optimization.conf

fastcgi_read_timeout 3600;
fastcgi_buffers 64 64K;
fastcgi_buffer_size 256k;
fastcgi_busy_buffers_size 3840K;
fastcgi_cache_key $http_cookie$request_method$host$request_uri;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application
/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.loc
ation.xloc text/vtt text/x-component text/x-cross-domain-policy;
gzip_disable "MSIE [1-6]\.";


#    gzip_proxied any;
#    gzip_comp_level 6;

#    gzip_min_length 1k;
#    gzip_buffers 4 16k;
#    gzip_http_version 1.0;
#    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
#    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject applic
ation/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.ri
m.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
#    gzip_disable "MSIE [1-6]\.";

4.4、配置/etc/nginx/conf.d/nextcloud.conf

vim /etc/nginx/conf.d/nextcloud.conf
upstream php-handler {
    server 127.0.0.1:9000;
}

server {
    listen 80;
    server_name nextcloud.yjsec.com;
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name nextcloud.yjsec.com;

    ssl_certificate /etc/nginx/cert/nextcloud.crt;
    ssl_certificate_key /etc/nginx/cert/nextcloud.key;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    # Path to the root of your installation
    root /usr/share/nginx/html/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 10240M;
    #fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        # fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
    }

    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

接下来测试以下配置文件是否有错误,确保没有问题后重启Nginx服务。

[root@vultr ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@vultr ~]# systemctl restart nginx
[root@vultr ~]# systemctl restart php-fpm

五、配置MySQL

mysql -uroot -p

CREATE DATABASE nextcloud CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'nextcloud@123$';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
FLUSH PRIVILEGES;
EXIT;

六、安装Nextcloud

解析上面nginx中配置的域名nextcloud.yjsec.com,访问访问http://nextcloud.yjsec.com 进行Nextcloud界面安装(访问http域名会自动跳转到https,安装提示安装即可!)

重启服务:

service php-fpm restart
service nginx restart

七、云盘上传文件大小限制

nextcloud上传文件大小的自身限制为512M,如果要想调整这个大小,操作方法如下:

1)修改php.ini上传文件大小限制

sed -i "s/max_execution_time = 300/max_execution_time = 0/g" /etc/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 10240M/g" /etc/php.ini

#vim /etc/php.ini
......
max_execution_time = 0 #默认是30秒,改为0,表示没有限制
......
post_max_size = 10800M #设定 POST 数据所允许的最大大小,如果POST数据尺寸大于post_max_size $_POST 和 $_FILES superglobals 便会为空.
......
upload_max_filesize = 10240M #表示所上传的文件的最大大小

#另外要说明的是,post_max_size 大于 upload_max_filesize 为佳.

2)修改nginx.conf

#vim /etc/nginx/conf.d/nextcloud.conf
.....
client_max_body_size 10240M;

3)重启php和nginx服务

systemctl restart php-fpm
systemctl restart nginx

八、NextCloud添加Memcached缓存

解决php7安装memcache扩展问题

8.1、拉去memcache扩展

cd /usr/local/src/
git clone https://github.com/websupport-sk/pecl-memcache

8.2、编译安装memcache扩展

cd pecl-memcache/
phpize
./configure --with-php-config=/usr/bin/php-config
make && make install

ls /usr/lib64/php/modules/

8.3、上面已经安装完成memcache扩展,接下来把它加入php.ini中

extension_dir = "/usr/lib64/php/modules/"
extension = "memcache.so"

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

8.4、重启php-fpm使配置生效

systemctl reload php-fpm

8.5、安装memcached

yum -y install memcached

cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS=""

systemctl start memcached
systemctl enable memcached

lsof -i:11211
COMMAND     PID      USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
memcached 23577 memcached   26u  IPv4  63370      0t0  TCP *:memcache (LISTEN)
memcached 23577 memcached   27u  IPv6  63371      0t0  TCP *:memcache (LISTEN)
memcached 23577 memcached   28u  IPv4  63375      0t0  UDP *:memcache 
memcached 23577 memcached   29u  IPv6  63376      0t0  UDP *:memcache 

pwd
/usr/share/nginx/html/nextcloud/config
cp config.php config.php.bak

vim config.php
......
  'memcache.local' => '\OC\Memcache\APCu',
  'memcache.distributed' => '\OC\Memcache\Memcached',
  'memcached_servers' => array(
   array('localhost', 11211),
     ),

九、NextCloud添加Redis缓存

在nextcloud的config配置文件中添加如下,这个是通过TCP连接的:
'memcache.local' => '\OC\Memcache\Redis',
'redis' => array(
     'host' => 'localhost',
     'port' => 6379,
      ),

还有性能更好的UNIX连接:
  'memcache.local' => '\OC\Memcache\Redis',
  'redis' => array(
     'host' => 'localhost',
     'port' => 6379,
     'dbindex' => 0,
     'password' => 'redis@2019',
     'timeout' => 1.5,
      ),
  'memcache.locking' => '\OC\Memcache\Redis',

同时,官方还推荐加入如下,来用于存储文件锁:
'memcache.locking' => '\OC\Memcache\Redis',
点赞

发表评论

电子邮件地址不会被公开。必填项已用 * 标注