我的确遇到很多坑,第一个坑,就是重启之后,系统不能用了。
原因很简单,我的selinux 没有关闭。
坑2、
升级了之后,不知道如何退出维护模式。
这里附上nextcloud的维护模式关闭和开启。
PS:以下命令,需要进入nextcloud的安装目录内,找到occ命令后,执行,如果是centos环境那么要改成 apache php xxxxx即可
sudo -u nginx php occ maintenance:mode --on
sudo -u nginx php occ maintenance:mode --off
然后的坑就是给nextcloud配置缓存。
这里我好像还有报错,听说用ubuntu问题比较少。
我总结一下其它的。
参考这篇博文https://blog.csdn.net/weixin_41004350/article/details/80479051
里面有一个
opcache
我找了好久,原来是Centos7里面的位置变了,在/etc/php.d/opcache.ini 去改参数。
终于找到隐藏已久的坑,这里要参考nextcloud的官方文档,虽然是全英文,但是看看还是很有价值的。
https://docs.nextcloud.com/server/13/admin_manual/installation/system_requirements.html
这里有很多说明,可以慢慢。
直接说坑吧,就是关于nextcloud里提示X-Frame-Options" 没有配置为 "SAMEORIGIN"
一直报错,
我各种排查,首先检查/usr/share/nginx/html/nextcloud/config/config.php里的配置,里面有SAMEORIGIN这项,一步一步参考官方资料。
官方代码
1 upstream php-handler { 2 server 127.0.0.1:9000; 3 #server unix:/var/run/php5-fpm.sock; 4 } 5 6 server { 7 listen 80; 8 listen [::]:80; 9 server_name cloud.example.com; 10 # enforce https 11 return 301 https://$server_name$request_uri; 12 } 13 14 server { 15 listen 443 ssl http2; 16 listen [::]:443 ssl http2; 17 server_name cloud.example.com; 18 19 ssl_certificate /etc/ssl/nginx/cloud.example.com.crt; 20 ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key; 21 22 # Add headers to serve security related headers 23 # Before enabling Strict-Transport-Security headers please read into this 24 # topic first. 25 #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; 26 add_header X-Content-Type-Options nosniff; 27 add_header X-XSS-Protection "1; mode=block"; 28 add_header X-Robots-Tag none; 29 add_header X-Download-Options noopen; 30 add_header X-Permitted-Cross-Domain-Policies none; 31 32 # Path to the root of your installation 33 root /var/www/; 34 35 location = /robots.txt { 36 allow all; 37 log_not_found off; 38 access_log off; 39 } 40 41 # The following 2 rules are only needed for the user_webfinger app. 42 # Uncomment it if you're planning to use this app. 43 # rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta 44 # last; 45 #rewrite ^/.well-known/host-meta.json 46 # /nextcloud/public.php?service=host-meta-json last; 47 48 location = /.well-known/carddav { 49 return 301 $scheme://$host/nextcloud/remote.php/dav; 50 } 51 location = /.well-known/caldav { 52 return 301 $scheme://$host/nextcloud/remote.php/dav; 53 } 54 55 location /.well-known/acme-challenge { } 56 57 location ^~ /nextcloud { 58 59 # set max upload size 60 client_max_body_size 512M; 61 fastcgi_buffers 64 4K; 62 63 # Enable gzip but do not remove ETag headers 64 gzip on; 65 gzip_vary on; 66 gzip_comp_level 4; 67 gzip_min_length 256; 68 gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; 69 gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; 70 71 # Uncomment if your server is build with the ngx_pagespeed module 72 # This module is currently not supported. 73 #pagespeed off; 74 75 location /nextcloud { 76 rewrite ^ /nextcloud/index.php$request_uri; 77 } 78 79 location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ { 80 deny all; 81 } 82 location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) { 83 deny all; 84 } 85 86 location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { 87 fastcgi_split_path_info ^(.+?\.php)(/.*)$; 88 include fastcgi_params; 89 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 90 fastcgi_param PATH_INFO $fastcgi_path_info; 91 fastcgi_param HTTPS on; 92 #Avoid sending the security headers twice 93 fastcgi_param modHeadersAvailable true; 94 fastcgi_param front_controller_active true; 95 fastcgi_pass php-handler; 96 fastcgi_intercept_errors on; 97 fastcgi_request_buffering off; 98 } 99 100 location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) { 101 try_files $uri/ =404; 102 index index.php; 103 } 104 105 # Adding the cache control header for js and css files 106 # Make sure it is BELOW the PHP block 107 location ~ \.(?:css|js|woff|svg|gif)$ { 108 try_files $uri /nextcloud/index.php$request_uri; 109 add_header Cache-Control "public, max-age=15778463"; 110 # Add headers to serve security related headers (It is intended 111 # to have those duplicated to the ones above) 112 # Before enabling Strict-Transport-Security headers please read 113 # into this topic first. 114 # add_header Strict-Transport-Security "max-age=15768000; 115 # includeSubDomains; preload;"; 116 add_header X-Content-Type-Options nosniff; 117 add_header X-XSS-Protection "1; mode=block"; 118 add_header X-Robots-Tag none; 119 add_header X-Download-Options noopen; 120 add_header X-Permitted-Cross-Domain-Policies none; 121 # Optional: Don't log access to assets 122 access_log off; 123 } 124 125 location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { 126 try_files $uri /nextcloud/index.php$request_uri; 127 # Optional: Don't log access to other assets 128 access_log off; 129 } 130 } 131 }
然后去检查nginx的配置,在/etc/nginx/nginx.conf
看到这个代码不要晕,一步一步的对比,里面也有一个SAMEORIGIN这项,注释这项就可以了。附上我的代码
1 #user nobody; 2 worker_processes 1; 3 4 #error_log logs/error.log; 5 #error_log logs/error.log notice; 6 #error_log logs/error.log info; 7 8 #pid logs/nginx.pid; 9 10 11 events { 12 worker_connections 1024; 13 } 14 15 16 http { 17 include mime.types; 18 default_type application/octet-stream; 19 20 #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 21 # '$status $body_bytes_sent "$http_referer" ' 22 # '"$http_user_agent" "$http_x_forwarded_for"'; 23 24 #access_log logs/access.log main; 25 26 sendfile on; 27 #tcp_nopush on; 28 29 #keepalive_timeout 0; 30 keepalive_timeout 65; 31 32 #gzip on; 33 34 server { 35 listen 80; 36 server_name 你的域名; 37 38 #charset koi8-r; 39 40 #access_log logs/host.access.log main; 41 42 location / { 43 root html; 44 proxy_read_timeout 300; 45 index index.html index.htm; 46 } 47 48 #error_page 404 /404.html; 49 50 # redirect server error pages to the static page /50x.html 51 # 52 error_page 500 502 503 504 /50x.html; 53 location = /50x.html { 54 root html; 55 } 56 57 # proxy the PHP scripts to Apache listening on 127.0.0.1:80 58 # 59 #location ~ \.php$ { 60 # proxy_pass http://127.0.0.1; 61 #} 62 63 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 64 # 65 #location ~ \.php$ { 66 # root html; 67 # fastcgi_pass 127.0.0.1:9000; 68 # fastcgi_index index.php; 69 # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 70 # include fastcgi_params; 71 #} 72 73 # deny access to .htaccess files, if Apache's document root 74 # concurs with nginx's one 75 # 76 #location ~ /\.ht { 77 # deny all; 78 #} 79 } 80 81 82 # another virtual host using mix of IP-, name-, and port-based configuration 83 # 84 #server { 85 # listen 8000; 86 # listen somename:8080; 87 # server_name somename alias another.alias; 88 89 # location / { 90 # root html; 91 # index index.html index.htm; 92 # } 93 #} 94 95 96 # HTTPS server 97 # 98 #server { 99 # listen 443 ssl; 100 # server_name localhost; 101 102 # ssl_certificate cert.pem; 103 # ssl_certificate_key cert.key; 104 105 # ssl_session_cache shared:SSL:1m; 106 # ssl_session_timeout 5m; 107 108 # ssl_ciphers HIGH:!aNULL:!MD5; 109 # ssl_prefer_server_ciphers on; 110 111 # location / { 112 # root html; 113 # index index.html index.htm; 114 # } 115 #} 116 117 118 upstream php-handler { 119 server 127.0.0.1:9000; 120 #server unix:/var/run/php5-fpm.sock; 121 } 122 123 124 server { 125 # listen 80; 126 # server_name 你的域名; 127 # enforce https 128 rewrite ^(.*)$ https://$host$1 permanent; 129 } 130 131 132 server { 133 listen 443 ssl; 134 server_name 你的域名; 135 136 ssl_certificate /etc/nginx/cert/nextcloud.crt; 137 ssl_certificate_key /etc/nginx/cert/nextcloud.key; 138 139 # Add headers to serve security related headers 140 # Before enabling Strict-Transport-Security headers please read into this 141 # topic first. 142 add_header Strict-Transport-Security "max-age=15768000; 143 # includeSubDomains; preload;"; 144 add_header X-Content-Type-Options nosniff; 145 #add_header X-Frame-Options "SAMEORIGIN"; #这里记得注释,这种没用 146 add_header X-XSS-Protection "1; mode=block"; 147 add_header X-Robots-Tag none; 148 add_header X-Download-Options noopen; 149 add_header X-Permitted-Cross-Domain-Policies none; 150 151 # Path to the root of your installation 152 root /usr/share/nginx/html/nextcloud/; 153 154 155 location = /robots.txt { 156 allow all; 157 log_not_found off; 158 access_log off; 159 } 160 161 162 # The following 2 rules are only needed for the user_webfinger app. 163 # Uncomment it if you're planning to use this app. 164 #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; 165 #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json 166 # last; 167 168 169 location = /.well-known/carddav { 170 return 301 $scheme://$host/remote.php/dav; 171 } 172 location = /.well-known/caldav { 173 return 301 $scheme://$host/remote.php/dav; 174 } 175 176 177 # set max upload size 178 client_max_body_size 1024M; # 上传文件最大限制,php.ini中也要修改,最后优化时会提及。 179 fastcgi_buffers 64 4K; 180 181 # Disable gzip to avoid the removal of the ETag header 182 gzip on; 183 gzip_vary on; 184 gzip_comp_level 4; 185 gzip_min_length 256; 186 gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; 187 gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; 188 189 190 # Uncomment if your server is build with the ngx_pagespeed module 191 # This module is currently not supported. 192 #pagespeed off; 193 194 195 error_page 403 /core/templates/403.php; 196 error_page 404 /core/templates/404.php; 197 198 199 location / { 200 rewrite ^ /index.php$uri; 201 } 202 203 204 location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { 205 deny all; 206 } 207 location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { 208 deny all; 209 } 210 211 location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { 212 include fastcgi_params; 213 fastcgi_split_path_info ^(.+\.php)(/.*)$; 214 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 215 fastcgi_param PATH_INFO $fastcgi_path_info; 216 fastcgi_param HTTPS on; 217 #Avoid sending the security headers twice 218 fastcgi_param modHeadersAvailable true; 219 fastcgi_param front_controller_active true; 220 fastcgi_pass php-handler; 221 fastcgi_intercept_errors on; 222 fastcgi_request_buffering off; 223 fastcgi_read_timeout 150; 224 } 225 226 227 location ~ ^/(?:updater|ocs-provider)(?:$|/) { 228 try_files $uri/ =404; 229 index index.php; 230 } 231 232 233 # Adding the cache control header for js and css files 234 # Make sure it is BELOW the PHP block 235 location ~* \.(?:css|js)$ { 236 try_files $uri /index.php$uri$is_args$args; 237 add_header Cache-Control "public, max-age=7200"; 238 # Add headers to serve security related headers (It is intended to 239 # have those duplicated to the ones above) 240 # Before enabling Strict-Transport-Security headers please read into 241 # this topic first. 242 add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;"; 243 add_header X-Content-Type-Options nosniff; 244 add_header X-Frame-Options "SAMEORIGIN"; 245 add_header X-XSS-Protection "1; mode=block"; 246 add_header X-Robots-Tag none; 247 add_header X-Download-Options noopen; 248 add_header X-Permitted-Cross-Domain-Policies none; 249 # Optional: Don't log access to assets 250 access_log off; 251 } 252 253 location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { 254 try_files $uri /index.php$uri$is_args$args; 255 # Optional: Don't log access to other assets 256 access_log off; 257 } 258 } 259 260 }
虽然看这个代码有点乱,但是能看懂意思就不会乱了,而且我试过,不报错。
这样之后,基本就解决问题了。
值得提的是里面还有一个文件的代码,要看一下,/etc/nginx/conf.d/nextcloud.conf
这几个文件代码差不多一样。仔细看,这里我就放代码了。