在CentOs7/nginx/php/MySQL上搭建Nextcloud环境
系统环境
操作系统
– CentOs7
Web服务器
– Nginx
其他中间件
– PHP 8.0
– PHP-FPM 8.0
– MySQL 8.0
– Redis 6.2
应用程序
– Nextcloud 22.2.0
整个情势/全局的趋势
1 安装必需包
2 安装和配置Nginx
3 安装和配置PHP
4 安装MySQL并创建数据库
5 安装和设置Nextcloud
6 安装和配置Redis
7 处理安全性和设置警告列表问题。
1. 安装必要的软件包。
1-1 安装Nextcloud所需的软件包来构建环境。
sudo yum install -y epel-release yum-utils unzip curl wget bash-completion bzip2
1-2 安装完成后系统的更新
sudo yum update -y
2. Nginx的安装和配置
2-1 安装Nginx
sudo yum install nginx -y
创建2-2 nextcloud.conf文件。
请在/etc/nginx/conf.d目录下创建nextcloud.conf文件。
sudo touch nextcloud.conf
編輯 /etc/nginx/conf.d/nextcloud.conf 文件,需要 2-3 步驟。
sudo vi nextcloud.conf
当您打开文件后,输入“i”即可开始编辑。
upstream php-handler {
server unix:/var/run/php-fpm/php-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name (サーバのIPアドレス);
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/html/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
#fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif|mp4)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
如果你能输入以上内容,按下Esc键→输入:wq可以保存。
2-4 启动和自动启动的设置
因为已经完成了nginx的配置,所以现在开始启动并设置自动启动。
sudo systemctl start nginx //起動方法
sudo systemctl enable nginx //自動起動方法
nginx的日志会输出到/var/log/nginx/目录下。
进行 PHP 的安装和设置
1. 安装 PHP 模块 3-1
sudo yum install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm -y
sudo yum install --enablerepo=remi,remi-php80 php php-fpm php-cli php-common php-curl php-gd php-mbstring php-mysqlnd php-process php-xml php-opcache php-pecl-apcu php-intl php-pecl-redis php-pecl-zip php-pear -y
3-2 PHP-FPM配置设定
由于www.conf文件的内容较多,只记录更改的部分。
< user = apache
> user = nginx
-----
< group = apache
> group = nginx
-----
< listen = 127.0.0.1:9000
> listen = /var/run/php-fpm/php-fpm.sock
-----
< ;listen.owner = nobody
< ;listen.group = nobody
< ;listen.mode = 0660
> listen.owner = nginx
> listen.group = nginx
> listen.mode = 0666
-----
< ;env[HOSTNAME] = $HOSTNAME
< ;env[PATH] = /usr/local/bin:/usr/bin:/bin
< ;env[TMP] = /tmp
< ;env[TMPDIR] = /tmp
< ;env[TEMP] = /tmp
> env[HOSTNAME] = $HOSTNAME
> env[PATH] = /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
> env[TMP] = /tmp
> env[TMPDIR] = /tmp
> env[TEMP] = /tmp
更改 PHP 会话目录的组信息为 3-3。
sudo chown -R root:nginx /var/lib/php/session
3-4 启动和自动启动的设定
sudo systemctl start php-fpm //起動方法
sudo systemctl enable php-fpm //自動起動方法
补充:PHP-FPM的日志会输出到/var/log/php-fpm/目录下。
安装并创建MySQL数据库
确认并删除MariaDB相关库。
由于CentOS7默认使用MariaDB,因此我们将删除相关库。
rpm -qa | grep mariadb //存在の確認
sudo yum remove mariadb-libs //削除
sudo rm -rf /var/lib/mysql/
4-2 安装
rpm -ivh https://dev.mysql.com/get/mysql80-community-release-el7-2.noarch.rpm
sudo yum install mysql-community-server
4-3启动和自动启动设置
sudo systemctl start mysqld.service //起動
sudo systemctl enable mysqld.service //自動起動
4-4 请确认密码。
在安装时,root密码被输出到log文件中,可以使用grep进行确认。
grep password /var/log/mysqld.log
//grepで出力されるログ例
2021-10-28T02:20:42.844277Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: ZrZlt!ZNt6kS
请记下[ZrZlt!ZNt6kS]作为初始密码,因为我们将在后续工作中使用它。请保留好密码。
4-5 个基本设置
sudo mysql_secure_installation
パスワードが求められますので、先ほど控えたパスワードを入力します
New password、Re-enter new passwordでrootユーザのパスワードを設定する以外はEnterキーを押していきます
创建4-6个数据库和用户
以下の通り設定しております
-ユーザ名:sampleuser
-DB名:sampledb
-パスワード:Samplepass%2021
(任意のユーザ名、DB名、パスワードを入力してください)
mysql -u root -p
CREATE DATABASE sampledb DEFAULT CHARACTER SET utf8mb4;
CREATE USER 'sampleuser'@'localhost' IDENTIFIED BY 'Samplepass%2021';
SHOW GRANTS FOR 'sampleuser'@'localhost';
exit;
5 安装和设置 Nextcloud
5-1 安装
wget https://download.nextcloud.com/server/releases/nextcloud-22.2.0.tar.bz2
5-2 配置
インストールしたNextcloudのパッケージを展開します
tar xf nextcloud-22.2.0.tar.bz2
展開したNextcloudをドキュメントルートにコピー
(本記事のドキュメントルートは2-3で設定しているように/var/www/html/となります)
sudo cp -R nextcloud/ /var/www/html/
创建一个名为data的目录。
sudo mkdir /var/www/html/nextcloud/data
改变整个文件夹及文件的所有权
sudo chown -R nginx:nginx /var/www/html/nextcloud
PHP-FPMとnginxの再起動を行います
sudo systemctl restart nginx
sudo systemctl restart php-fpm
从浏览器进入Nextcloud进行设置。
请在浏览器中访问指定的URL,并显示Nextcloud页面。
建立5-3-1管理者账户。
请输入以下内容:
– 用户名:admin
– 密码:adominpass
5-3-2 指定数据库
点击「存储和数据库」,选择MySQL作为数据库。
将以下内容输入为在4-6中设置的(本篇文章的以下内容):
– 数据库用户名:sampleuser
– 数据库名:sampledb
– 数据库密码:Samplepass%2021
– 数据库主机名:localhost:3306
在输入信息后,点击「完成设置」按钮(如有需要,请勾选「推荐应用程序安装」复选框)。
6 安装和配置 Redis
6-1 安装 Redis (Redis installation)
sudo yum install --enablerepo=remi redis -y
6-2 编辑设置文件
sudo cp -pi /var/www/html/nextcloud/config/config.php{,.orig}
我会在php标签中添加以下内容
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'memcache.local' => '\\OC\\Memcache\\APCu',
'redis' =>
array (
'host' => 'localhost',
'port' => 6379,
),
6月3日,启动和自动启动
sudo systemctl start redis
sudo systemctl enable redis
我会重新启动nginx和php-fpm。
sudo systemctl restart nginx
sudo systemctl restart php-fpm
(附注:Redis的日志将输出到 /var/log/redis)
对于安全性和设置警告清单的应对措施
7-1 默认电话区域设置
请在PHP标签中添加以下内容
'default_phone_region' => 'JP
7-2 内存缓存的配置
请在PHP标签内添加以下内容。
'memcache.local' => '\OC\Memcache\APCu',
安装推荐的PHP模块7-3
・bcmath – 大数计算库
・gmp – GNU多精度算术库
・imagick – 图像处理库
sudo yum install php80-php-bcmath php80-php-gmp php80-php-imagick
sudo cp /etc/opt/remi/php80/php.d/20-bcmath.ini /etc/php.d/
sudo cp /etc/opt/remi/php80/php.d/20-gmp.ini /etc/php.d/
sudo cp /etc/opt/remi/php80/php.d/40-imagick.ini /etc/php.d/
sudo cp /opt/remi/php80/root/usr/lib64/php/modules/bcmath.so /usr/lib64/php/modules/
sudo cp /opt/remi/php80/root/usr/lib64/php/modules/gmp.so /usr/lib64/php/modules/
sudo cp /opt/remi/php80/root/usr/lib64/php/modules/imagick.so /usr/lib64/php/modules/
sudo systemctl restart nginx && systemctl restart php-fpm
请参考下文
下一个云文档 (Xià
最后
非常感谢您阅读本文至最后。
由于在工作中搭建了Nextcloud,因此我将本文作为备忘录发布。
