php7 nextcloud,CentOS 7 安装 NextCloud
筆者 NextCloud 使用的是 Nginx 環境. 其他環境請參考對應的官方文檔.
準備條件:
CentOS 7 X64
NextCloud 14
CentOS 7 基本安裝配置
本安裝過程默認讀者已經將 CentOS 7 環境完全準備好了. 如果你的系統是新安裝的默認最小系統, 請參考這里: CentOS 7 網絡配置 與 CentOS 7 安裝 SSH 服務器. 以上兩項可以保證最后能夠正常訪問 NextCloud.
添加 epel 倉庫
有很多軟件位于 EPEL 倉庫中, 而默認情況下安裝的 CentOS 中沒有該倉庫, 因此需要自己手動添加.
$ sudo yum -y install epel-release
添加 Webtatic 倉庫
php7-fpm 依賴需要
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
準備 NextCloud 運行環境
安裝 PHP7-FPM
執行以下命令:
$ sudo yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel
安裝完成后, 查看 php 版本 php -v
$ php -v
PHP 7.0.32 (cli) (built: Sep 15 2018 07:54:46) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
配置 PHP7-FPM
配置 PHP7-FPM 使用 nginx 用戶運行, 并監聽 9000 端口
用于配置 PHP-FPM 與 Nginx 協同運行.
$ sudo vi /etc/php-fpm.d/www.conf
修改 user 與 group 為 nginx.
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
確保 PHP-FPM 運行在指定端口
; Note: This value is mandatory.
listen = 127.0.0.1:9000
啟用 php-fpm 的系統環境變量
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
保存退出.
在 /var/lib/ 目錄下新建文件夾 session, 擁有者改為 ngnix
$ mkdir -p /var/lib/php/session
$ chown nginx:nginx -R /var/lib/php/session/
啟動 PHP-FPM 和 Nginx,并設置為隨開機啟動服務
$ sudo systemctl start php-fpm
$ sudo systemctl start nginx
$ sudo systemctl enable php-fpm
$ sudo systemctl enable nginx
安裝/配置 MariaDB
MariaDB 安裝與 Root 配置
$ sudo yum -y install mariadb mariadb-server
$ sudo systemctl start mariadb
$ sudo systemctl enable mariadb
配置 MariaDB 的 root 用戶密碼. 此處跟隨著提示即可.
$ mysql_secure_installation
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
添加 nextcloud 的 user 與數據庫
$ mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2586
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database nextcloud_db;
MariaDB [(none)]> create user nextclouduser@localhost identified by 'password!@#';
MariaDB [(none)]> grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'password!@#';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;
生成 SSL 證書
我們使用的是 https 進行訪問. 因此需要一個 SSL 證書. 當然這塊的證書你可以選擇免費的 SSL 證書, 也可以選擇自簽一個. 這里使用的是自簽的 SSL 證書.
$ mkdir -p /etc/nginx/cert/
$ openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
$ sudo chmod 700 /etc/nginx/cert
$ sudo chmod 600 /etc/nginx/cert/nextcloud.key /etc/nginx/cert/nextcloud.crt
下載 NextCloud
安裝 wget 與 unzip
$ yum -y install wget unzip
下載與驗證 NextCloud
$ cd ~/
$ wget https://download.nextcloud.com/server/releases/nextcloud-14.0.4.zip
$ wget https://download.nextcloud.com/server/releases/nextcloud-14.0.4.zip.sha256
$ sha256sum -c nextcloud-14.0.4.zip.sha256 < nextcloud-14.0.4.zip
解壓并將 NextCloud 剪切到 /usr/share/nginx/html/ 目錄下
$ unzip nextcloud-10.0.2.zip
$ sudo cp -R nextcloud/ /usr/share/nginx/html/
新建 data 文件夾, 并變更 nextcloud 所有者為 nginx
$ cd /usr/share/nginx/html/
$ sudo mkdir -p nextcloud/data/
$ chown nginx:nginx -R nextcloud/
配置 NextCloud
在 Nginx 中為 Nextcloud 配置虛擬主機
$ sudo vi /etc/nginx/conf.d/nextcloud.conf
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php/php7.0-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name 你的地址;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 你的地址;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/nginx/cert/nextcloud.crt.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.crt.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$request_uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
保存文件, 并測試 nginx -t. 如果測試結果通過, 重啟服務. sudo systemctl restart nginx
配置 SELinux 和 FirewallD 規則
首先, 安裝一個管理軟件配置 SELinux
$ yum -y install policycoreutils-python
運行一下命令配置 SELinux 規則:
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)?'
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config(/.*)?'
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps(/.*)?'
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/assets(/.*)?'
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess'
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini'
$ sudo restorecon -Rv '/usr/share/nginx/html/nextcloud/'
啟用 firewalld 服務并設置隨系統啟動, 。
$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld
開啟 http 和 https 端口,然后重新加載防火墻。
$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https
$ sudo firewall-cmd --reload
至此, 所有的安裝工作全部完成(除了最后一步的 NextCloud 配置).
打開瀏覽器,輸入你的 NextCloud 域名,根據頁面提示進行配置即可. 完成后, 你就可以享用 NextCloud 帶來的便捷了.
小結
百度出來的資料有一些細節方面的問題. 單在官方文檔中, 這些問題統統不存在. 所以, 安裝過程中, 如果出現問題, 重新按照官方文檔來一遍, 一般就沒問題了.
另外筆者下載的是 NextCloud 14 版本的, 該版本少了一些插件, 如果下載管理的 ocDownloader 目前只支持到 13.
參考
總結
以上是生活随笔為你收集整理的php7 nextcloud,CentOS 7 安装 NextCloud的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 用latexdiff输出论文修改痕迹
- 下一篇: 软件健康管理技术浅析