一、配置PHP-FPM
sed -i "s/user = apache/user = nginx/g" /etc/php-fpm.d/www.conf
sed -i "s/group = apache/group = nginx/g" /etc/php-fpm.d/www.conf
sed -i 's/;listen.owner = nobody/listen.owner = nginx/g' /etc/php-fpm.d/www.conf
sed -i 's/;listen.group = nobody/listen.group= nginx/g' /etc/php-fpm.d/www.conf
vim /etc/php-fpm.d/www.conf
......
env[HOSTNAME] = $HOSTNAME //去掉下面几行注释
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
在/var/lib目录下为session路径创建一个新的文件夹,并将用户名和组设为nginx
mkdir -p /var/lib/php/session
chown nginx:nginx -R /var/lib/php/session/
ll -d /var/lib/php/session/
二、为Nextcloud生成自签名SSL证书
为SSL证书创建一个新的文件夹:
mkdir /etc/nginx/cert/
cd /etc/nginx/cert/
openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
#然后将证书文件的权限设置为660
chmod 700 /etc/nginx/cert
chmod 600 /etc/nginx/cert/*
三、下载Nextcloud
cd /usr/local/src/
wget https://download.nextcloud.com/server/releases/latest.zip
unzip latest.zip
mv nextcloud /usr/share/nginx/html/
#进入Nginx的root目录,并为Nextcloud创建data目录,将Nextcloud的用户和组修改为nginx
cd /usr/share/nginx/html/
mkdir -p nextcloud/data/
chown nginx:nginx nextcloud/ -R
ll -d nextcloud
四、设置Nginx虚拟主机
进入Nginx的虚拟主机配置文件所在目录并创建一个新的虚拟主机配置(记得修改两个server_name为自己的域名):
4.1、配置Nginx.conf
# more nginx.conf
user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
multi_accept on;
worker_connections 65535;
use epoll;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
log_not_found off;
types_hash_max_size 2048;
client_max_body_size 5120M;
# MIME
include /etc/nginx/mime.types;
default_type application/octet-stream;
# loggig
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout 2s;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
client_body_buffer_size 128k;
client_header_buffer_size 1m;
keepalive_timeout 300;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/proxy.conf;
include /etc/nginx/optimization.conf;
}
4.2、配置/etc/nginx/proxy.conf
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
proxy_redirect off;
4.3、配置/etc/nginx/optimization.conf
fastcgi_read_timeout 3600;
fastcgi_buffers 64 64K;
fastcgi_buffer_size 256k;
fastcgi_busy_buffers_size 3840K;
fastcgi_cache_key $http_cookie$request_method$host$request_uri;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application
/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.loc
ation.xloc text/vtt text/x-component text/x-cross-domain-policy;
gzip_disable "MSIE [1-6]\.";
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_min_length 1k;
# gzip_buffers 4 16k;
# gzip_http_version 1.0;
# gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
# gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject applic
ation/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.ri
m.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# gzip_disable "MSIE [1-6]\.";
4.4、配置/etc/nginx/conf.d/nextcloud.conf
vim /etc/nginx/conf.d/nextcloud.conf
upstream php-handler {
server 127.0.0.1:9000;
}
server {
listen 80;
server_name nextcloud.yjsec.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name nextcloud.yjsec.com;
ssl_certificate /etc/nginx/cert/nextcloud.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /usr/share/nginx/html/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 10240M;
#fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
接下来测试以下配置文件是否有错误,确保没有问题后重启Nginx服务。
[root@vultr ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@vultr ~]# systemctl restart nginx
[root@vultr ~]# systemctl restart php-fpm
五、配置MySQL
mysql -uroot -p
CREATE DATABASE nextcloud CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'nextcloud@123$';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
FLUSH PRIVILEGES;
EXIT;
六、安装Nextcloud
解析上面nginx中配置的域名nextcloud.yjsec.com,访问访问http://nextcloud.yjsec.com 进行Nextcloud界面安装(访问http域名会自动跳转到https,安装提示安装即可!)
重启服务:
service php-fpm restart
service nginx restart
七、云盘上传文件大小限制
nextcloud上传文件大小的自身限制为512M,如果要想调整这个大小,操作方法如下:
1)修改php.ini上传文件大小限制
sed -i "s/max_execution_time = 300/max_execution_time = 0/g" /etc/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 10240M/g" /etc/php.ini
#vim /etc/php.ini
......
max_execution_time = 0 #默认是30秒,改为0,表示没有限制
......
post_max_size = 10800M #设定 POST 数据所允许的最大大小,如果POST数据尺寸大于post_max_size $_POST 和 $_FILES superglobals 便会为空.
......
upload_max_filesize = 10240M #表示所上传的文件的最大大小
#另外要说明的是,post_max_size 大于 upload_max_filesize 为佳.
2)修改nginx.conf
#vim /etc/nginx/conf.d/nextcloud.conf
.....
client_max_body_size 10240M;
3)重启php和nginx服务
systemctl restart php-fpm
systemctl restart nginx
八、NextCloud添加Memcached缓存
解决php7安装memcache扩展问题
8.1、拉去memcache扩展
cd /usr/local/src/
git clone https://github.com/websupport-sk/pecl-memcache
8.2、编译安装memcache扩展
cd pecl-memcache/
phpize
./configure --with-php-config=/usr/bin/php-config
make && make install
ls /usr/lib64/php/modules/
8.3、上面已经安装完成memcache扩展,接下来把它加入php.ini中
extension_dir = "/usr/lib64/php/modules/"
extension = "memcache.so"
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
8.4、重启php-fpm使配置生效
systemctl reload php-fpm
8.5、安装memcached
yum -y install memcached
cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS=""
systemctl start memcached
systemctl enable memcached
lsof -i:11211
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
memcached 23577 memcached 26u IPv4 63370 0t0 TCP *:memcache (LISTEN)
memcached 23577 memcached 27u IPv6 63371 0t0 TCP *:memcache (LISTEN)
memcached 23577 memcached 28u IPv4 63375 0t0 UDP *:memcache
memcached 23577 memcached 29u IPv6 63376 0t0 UDP *:memcache
pwd
/usr/share/nginx/html/nextcloud/config
cp config.php config.php.bak
vim config.php
......
'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\OC\Memcache\Memcached',
'memcached_servers' => array(
array('localhost', 11211),
),
九、NextCloud添加Redis缓存
在nextcloud的config配置文件中添加如下,这个是通过TCP连接的:
'memcache.local' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
),
还有性能更好的UNIX连接:
'memcache.local' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
'dbindex' => 0,
'password' => 'redis@2019',
'timeout' => 1.5,
),
'memcache.locking' => '\OC\Memcache\Redis',
同时,官方还推荐加入如下,来用于存储文件锁:
'memcache.locking' => '\OC\Memcache\Redis',
文章评论