centos7下nextcloud安装部署文档

nos安装部署文档

2020年9月4日

17:00

一、配置环境设置镜像

配置Yum源  nginx源

Mkdir /dev/liuyan

Mount /dev/cdrom /dev/liuyan

[root@localhost ~]# cat /etc/yum.repos.d/local.repo

[aa]

name=aa

baseurl=file:///dev/liuyan

gpgcheck=0

enabled=1

 

[nginx]

name=nginx

baseurl=http://nginx.org/packages/centos/$releasever/$basearch/

gpgcheck=0

enabled=1

安装Nginx

yum -y install epel-release

  yum -y install nginx

 

 需要再添加一个yum源来安装php-fpm，可以使用webtatic（这个yum源对国内网络来说恐怕有些慢，当然你也可以选择其它的yum源）

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

 

  安装php7-fpm和一些其它的必要的组件

yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel

安装完成检查一下是否安装成功

Php  -v

 

 配置php-fpm

vim /etc/php-fpm.d/www.conf

user = nginx

group = nginx

listen = 127.0.0.1:9000

env[HOSTNAME] = $HOSTNAME                     //去掉下面几行注释

env[PATH] = /usr/local/bin:/usr/bin:/bin

env[TMP] = /tmp

env[TMPDIR] = /tmp

env[TEMP] = /tmp

在/var/lib目录下为session路径创建一个新的文件夹，并将用户名和组设为nginx

mkdir -p /var/lib/php/session

chown nginx:nginx -R /var/lib/php/session/

 ll -d /var/lib/php/session/

 

 启动Nginx和php-fpm服务，并添加开机启动

systemctl start php-fpm

Systemctl start nginx

systemctl enable php-fpm

systemctl enable nginx

 

 二、安装并配置mariadb

安装

yum -y install mariadb mariadb-server

 

 启动数据库并设置开机自启

systemctl  start mariadb

systemctl  enable mariadb

 

设置数据库密码

 mysql_secure_installation

 

  

 创建数据库

create database nextcloud_db;

创建用户设置密码

create user nextcloud_yan@localhost identified by '123456';

Query OK, 0 rows affected (0.00 sec)

赋权

grant all privileges on nextcloud_db.* to nextcloud_yan@localhost identified by '123456';

Query OK, 0 rows affected (0.00 sec)

刷新权限

flush privileges;

Query OK, 0 rows affected (0.00 sec)

 三、为Nextcloud生成自签名SSL证书

创建目录

mkdir /etc/nginx/cert

cd /etc/nginx/cert/

openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key

 

 chmod 777 /etc/nginx/cert/

chmod 666 /etc/nginx/cert/*

 

 四、下载并安装nextcloud

上传文件nextcloud到 指定目录

 

 解压

unzip nextcloud-12.0.4.zip

 

  mv nextcloud /usr/share/nginx/html/

 

 五、设置nginx虚拟主机

进入Nginx的虚拟主机配置文件所在目录并创建一个新的虚拟主机配置（记得修改两个server_name为自己的域名） 我设置的域名为textcloud.com

cd /etc/nginx/conf.d/

Vi nextcloud.conf

 upstream php-handler {

    server 127.0.0.1:9000;

    #server unix:/var/run/php5-fpm.sock;

}

    

server {

    listen 80;

    server_name nextcloud.kevin-inc.com;

    # enforce https

    return 301 https://$server_name$request_uri;

}

    

server {

    listen 443 ssl;

    server_name nextcloud.kevin-inc.com;

    

    ssl_certificate /etc/nginx/cert/nextcloud.crt;

    ssl_certificate_key /etc/nginx/cert/nextcloud.key;

    

    # Add headers to serve security related headers

    # Before enabling Strict-Transport-Security headers please read into this

    # topic first.

    add_header Strict-Transport-Security "max-age=15768000;

    includeSubDomains; preload;";

    add_header X-Content-Type-Options nosniff;

    add_header X-Frame-Options "SAMEORIGIN";

    add_header X-XSS-Protection "1; mode=block";

    add_header X-Robots-Tag none;

    add_header X-Download-Options noopen;

    add_header X-Permitted-Cross-Domain-Policies none;

    

    # Path to the root of your installation

    root /usr/share/nginx/html/nextcloud/;

    

    location = /robots.txt {

        allow all;

        log_not_found off;

        access_log off;

    }

    

    # The following 2 rules are only needed for the user_webfinger app.

    # Uncomment it if you're planning to use this app.

    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;

    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json

    # last;

    

    location = /.well-known/carddav {

      return 301 $scheme://$host/remote.php/dav;

    }

    location = /.well-known/caldav {

      return 301 $scheme://$host/remote.php/dav;

    }

    

    # set max upload size

    client_max_body_size 512M;

    fastcgi_buffers 64 4K;

    

    # Disable gzip to avoid the removal of the ETag header

    gzip off;

    

    # Uncomment if your server is build with the ngx_pagespeed module

    # This module is currently not supported.

    #pagespeed off;

    

    error_page 403 /core/templates/403.php;

    error_page 404 /core/templates/404.php;

    

    location / {

        rewrite ^ /index.php$uri;

    }

    

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {

        deny all;

    }

    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {

        deny all;

    }

    

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {

        include fastcgi_params;

        fastcgi_split_path_info ^(.+\.php)(/.*)$;

        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

        fastcgi_param PATH_INFO $fastcgi_path_info;

        fastcgi_param HTTPS on;

        #Avoid sending the security headers twice

        fastcgi_param modHeadersAvailable true;

        fastcgi_param front_controller_active true;

        fastcgi_pass php-handler;

        fastcgi_intercept_errors on;

        fastcgi_request_buffering off;

    }

    

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {

        try_files $uri/ =404;

        index index.php;

    }

    

    # Adding the cache control header for js and css files

    # Make sure it is BELOW the PHP block

    location ~* \.(?:css|js)$ {

        try_files $uri /index.php$uri$is_args$args;

        add_header Cache-Control "public, max-age=7200";

        # Add headers to serve security related headers (It is intended to

        # have those duplicated to the ones above)

        # Before enabling Strict-Transport-Security headers please read into

        # this topic first.

        add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";

        add_header X-Content-Type-Options nosniff;

        add_header X-Frame-Options "SAMEORIGIN";

        add_header X-XSS-Protection "1; mode=block";

        add_header X-Robots-Tag none;

        add_header X-Download-Options noopen;

        add_header X-Permitted-Cross-Domain-Policies none;

        # Optional: Don't log access to assets

        access_log off;

    }

    

    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {

        try_files $uri /index.php$uri$is_args$args;

        # Optional: Don't log access to other assets

        access_log off;

    }

}

   

测试配置文件是否有问题

 nginx -t

 

 启动nginx

设置开机自启

[root@localhost conf.d]# systemctl restart nginx

[root@localhost conf.d]# systemctl enable nginx

[root@localhost conf.d]# systemctl status nginx

● nginx.service - nginx - high performance web server

   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)

   Active: active (running) since Tue 2020-09-01 14:17:04 CST; 11s ago

     Docs: http://nginx.org/en/docs/

 Main PID: 10119 (nginx)

   CGroup: /system.slice/nginx.service

           ├─10119 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx....

           └─10120 nginx: worker process

 

Sep 01 14:17:04 localhost.localdomain systemd[1]: Starting nginx - high perfo...

Sep 01 14:17:04 localhost.localdomain systemd[1]: Started nginx - high perfor...

Hint: Some lines were ellipsized, use -l to show in full.

[root@localhost conf.d]#

 

  六、设置防火墙

[root@localhost conf.d]# systemctl status firewalld

● firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)

   Active: active (running) since Tue 2020-09-01 11:43:27 CST; 2h 36min ago

     Docs: man:firewalld(1)

 Main PID: 755 (firewalld)

   CGroup: /system.slice/firewalld.service

           └─755 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

 

Sep 01 11:43:27 localhost.localdomain systemd[1]: Starting firewalld - dynami...

Sep 01 11:43:27 localhost.localdomain systemd[1]: Started firewalld - dynamic...

Hint: Some lines were ellipsized, use -l to show in full.

[root@localhost conf.d]# systemctl stop firewalld

[root@localhost conf.d]#

设置开机不自启

Systemctl disabled firewalld

首先需要安装SElinux管理工具policycoreutils-python

yum -y install policycoreutils-pythonalld

 

 如果打开了防火墙，则需要设置Firewalld和SELinux

首先需要安装SElinux管理工具policycoreutils-python

[root@nextcloud-server ~]# yum -y install policycoreutils-python

接着设置SELinux

[root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)?'

[root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config(/.*)?'

[root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps(/.*)?'

[root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/assets(/.*)?'

[root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess'

[root@nextcloud-server ~]# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini'

[root@nextcloud-server ~]# restorecon -Rv '/usr/share/nginx/html/nextcloud/'

 接下来设置Firewlld防火墙，为Nextcloud开放http和https两个端口

[root@nextcloud-server ~]# systemctl start firewalld

[root@nextcloud-server ~]# systemctl enable firewalld

[root@nextcloud-server ~]# firewall-cmd --permanent --add-service=http

[root@nextcloud-server ~]# firewall-cmd --permanent --add-service=https

[root@nextcloud-server ~]# firewall-cmd --reload