LNMP环境部署NextCloud

1.1二进制安装MySQL

1.1.1 安装依赖库

[root@nextcloud ~]# yum install -y libaio-devel

1.1.2 创建mysql管理用户

[root@nextcloud ~]# useradd -s /sbin/nologin -M mysql

1.1.3 解压并重命名压缩包

[root@nextcloud ~]# tar xf /server/tools/mysql-5.7.20-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@nextcloud ~]# mv /usr/local/mysql-5.7.20-linux-glibc2.12-x86_64/ /usr/local/mysql-5.7.20

1.1.4 创建mysql目录软链接

[root@nextcloud ~]# ln -s /usr/local/mysql-5.7.20/ /usr/local/mysql

1.1.5 创建mysql数据和日志目录并设置权限

[root@nextcloud ~]# mkdir -p /data/mysql/{data,log,binlog}
[root@nextcloud ~]# touch /data/mysql/log/mysql.err
[root@nextcloud ~]# chown -R mysql.mysql /usr/local/mysql/ /data/mysql/

1.1.6 初始化数据库

[root@nextcloud ~]# /usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --basedir=/usr/local/mysql --datadir=/data/mysql/data

1.1.7 设置mysql的启动文件

[root@nextcloud ~]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@nextcloud ~]# chmod 700 /etc/init.d/mysqld

1.1.8 编写mysql配置文件

[root@nextcloud ~]# mv /etc/my.cnf{,.bak}
[root@nextcloud ~]# vim /etc/my.cnf
[client]
port=3306
socket=/tmp/mysql.sock

[mysqld]
port=3306
user=mysql
socket=/tmp/mysql.sock
pid-file=/data/mysql/data/mysql.pid
basedir=/usr/local/mysql
datadir=/data/mysql/data
skip-name-resolve

innodb_large_prefix=on
innodb_file_format=barracuda
innodb_file_per_table=true

# 一般查询日志,审计使用
general_log=on
general_log_file=/data/mysql/log/general.log
log-error=/data/mysql/log/mysql.err

# 二进制日志
server-id=1
log-bin=/data/mysql/binlog/mysql-bin
binlog_format=ROW

# 慢日志
slow_query_log=on
slow_query_log_file=/data/mysql/log/mysql-slow.log
long_query_time=2
log_queries_not_using_indexes

1.1.9 设置mysql开机启动及环境变量

[root@nextcloud ~]# echo '/etc/init.d/mysqld start' >> /server/scripts/autoStart.sh
[root@nextcloud ~]# echo 'PATH=/usr/local/mysql/bin/:$PATH' >>/etc/profile
[root@nextcloud ~]# source /etc/profile

1.1.10 启动mysql服务

[root@nextcloud ~]# /etc/init.d/mysqld start

1.1.11 设置数据库root密码

[root@nextcloud ~]# mysqladmin -uroot password
New password: 密码
Confirm new password:确认密码

1.2 编译安装Nginx

编译安装具体过程参阅《nginx介绍》,此处使用自制的RPM包进行一键安装

1.2.1 安装nginx

[root@nextcloud ~]# yum localinstall -y /server/tools/nginx-1.12.1-1.x86_64.rpm

1.2.2 创建子配置文件和CA证书目录

[root@nextcloud ~]# mkdir -p /usr/local/nginx/conf/{extra,ssl}

1.2.3 创建CA证书

[root@nextcloud ~]# openssl req -new -x509 -days 365 -nodes -out /usr/local/nginx/conf/ssl/nextcloud.crt -keyout /usr/local/nginx/conf/ssl/nextcloud.key
......
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:Personal
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

1.2.4 创建nextcloud子配置文件

[root@nextcloud ~]# cat > /usr/local/nginx/conf/extra/nextcloud.conf << 'EOF'
server {
    listen 8888;
    listen 8443 ssl;

    ssl_certificate /usr/local/nginx/conf/ssl/nextcloud.crt;
    ssl_certificate_key /usr/local/nginx/conf/ssl/nextcloud.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 10m;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_buffer_size 1400;
    add_header Strict-Transport-Security max-age=15768000;
    ssl_stapling on;
    ssl_stapling_verify on;
 
    server_name pan.leonshadow.com;
    index index.html index.htm index.php;
    root /usr/local/nginx/html/nextcloud/;
  
    if ($ssl_protocol = "") {
        return 301 https://$host$request_uri;
    } 

    #(可选)为了安全添加如下header
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
  
    #(可选)为了支持user_webfinger app
    rewrite ^/.well-known/host-meta /public.php service=host-meta last;
    rewrite ^/.well-known/host-meta.json /public.php service=host-meta-json last;

    #(可选)为了支持日历和联系人
    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
    }
  
    #设置上传文件的最大大小(还和php里的那个设置有关)
    client_max_body_size 10240M;
    fastcgi_buffers 128 8K;
    fastcgi_connect_timeout 300s;
    fastcgi_send_timeout 300s;
    fastcgi_read_timeout 300s;
    fastcgi_buffer_size 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
  
    #最主要的,将所有请求转发到index.php上
    location / {
        rewrite ^ /index.php$uri;
    }
  
    #安全设置,禁止访问部分敏感内容
    location ~ ^/( :build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/( :\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    #官方默认
    location ~ ^/( :index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php( :$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass 127.0.0.1:9000;
        #fastcgi_pass unix:/dev/shm/php-cgi.sock;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
        include fastcgi.conf;
    }

    #安全设置,禁止访问部分敏感内容
    location ~ ^/( :updater|ocs-provider)( :$|/) {
        try_files $uri/ =404;
        index index.php;
    }
    location ~ \.( :css|js|woff|svg|gif)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=15778463";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        access_log off;
    }
    location ~ \.( :png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        access_log off;
    } 
    location ~ [^/]\.php(/|$) {
         fastcgi_pass 127.0.0.1:9000;
         #fastcgi_pass unix:/dev/shm/php-cgi.sock;
         fastcgi_index index.php;
         include fastcgi.conf;
    }
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
        expires 30d;
        access_log off;
    }
    location ~ .*\.(js|css) $ {
        expires 7d;
        access_log off;
    }
    location ~ /\.ht {
        deny all;
    }
}
EOF

1.2.5 创建主配置文件

[root@nextcloud ~]# cat > /usr/local/nginx/conf/nginx.conf << 'EOF'
worker_processes  1;
error_log logs/error.log;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
   
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
   
    access_log logs/access.log main;

    include extra/nextcloud.conf;
}
EOF

1.2.6 配置nginx开机自启动

[root@nextcloud ~]# echo '/usr/local/nginx/sbin/nginx' >> /server/scripts/autoStart.sh

1.3 编译安装PHP

1.3.1 安装依赖程序

[root@nextcloud ~]# yum install -y zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel libmcrypt-devel mhash mcrypt bzip2-devel gmp-devel libc-client-devel libicu-devel openldap openldap-devel

1.3.2 防止编译出错

[root@nextcloud ~]# ln -s /usr/lib64/libc-client.so /usr/lib/libc-client.so
[root@nextcloud ~]# cp -frp /usr/lib64/libldap* /usr/lib/

1.3.3 解压php

[root@nextcloud ~]# cd /server/tools
[root@nextcloud tools]# tar xf php-7.2.3.tar.gz

1.3.4 配置php

[root@nextcloud tools]# cd php-7.2.3/
[root@nextcloud php-7.2.3]# ./configure \
--prefix=/usr/local/php-7.2.3 \
--with-pdo-mysql=mysqlnd \
--with-mysql-sock=/tmp/mysql.sock \
--with-iconv-dir \
--with-kerberos \
--enable-ctype \
--enable-dom \
--enable-json \
--enable-posix \
--enable-simplexml \
--enable-xmlreader \
--enable-xmlwriter \
--enable-zip \
--enable-fileinfo \
--enable-pcntl \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir=/usr \
--enable-xml \
--disable-rpath \
--enable-bcmath \
--enable-shmop \
--enable-sysvsem \
--enable-inline-optimization \
--with-curl \
--with-bz2 \
--with-ldap \
--with-imap \
--with-imap-ssl \
--with-gmp \
--enable-exif \
--enable-ftp \
--enable-intl \
--enable-mbregex \
--enable-fpm \
--enable-mbstring \
--with-gd \
--with-openssl \
--with-mhash \
--enable-pcntl \
--enable-sockets \
--with-xmlrpc \
--enable-soap \
--enable-short-tags \
--enable-static \
--with-xsl \
--with-fpm-user=nginx \
--with-fpm-group=nginx \
--enable-ftp \
--enable-opcache=yes

1.3.5 为防止编译出错修改Makefile文件后编译安装

[root@nextcloud php-7.2.3]# vim Makefile
 116 EXTRA_LIBS = -lcrypt -lc-client -lz -lexslt -lresolv -lcrypt -lrt -lldap -lstdc++ -lcrypt -lgmp -lpng -lz -ljpeg -lbz2 -lz -lrt -lm -ldl -lnsl -lxml2 -lz -lm -ldl -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto -lcurl -lxml2 -lz -lm -ldl -lssl -lcrypto -lfreetype -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto -ldl -lm -licui18n -licuuc -licudata -     ldl -lm -licuio -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lcrypt -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lxslt -lxml2 -lz -ldl -lm -lssl -lcrypto -lcrypt -llber

[root@nextcloud php-7.2.3]# make && make install

1.3.6 配置php程序及相关配置文件

[root@nextcloud ~]# ln -s /usr/local/php-7.2.3/ /usr/local/php
[root@nextcloud ~]# cp /server/tools/php-7.2.3/php.ini-production /usr/local/php/lib/php.ini
[root@nextcloud ~]# cp /usr/local/php/etc/php-fpm.conf{.default,}
[root@nextcloud ~]# cp /usr/local/php/etc/php-fpm.d/www.conf{.default,}

1.3.7 配置php环境变量

[root@nextcloud ~]# echo '/usr/local/php/sbin/php-fpm' >> /server/scripts/autoStart.sh
[root@nextcloud ~]# echo 'export PATH=/usr/local/php/sbin:$PATH' >> /etc/profile
[root@nextcloud ~]# source /etc/profile
[root@nextcloud ~]# php-fpm

1.4 部署NextCloud

1.4.1 创建数据库及用户

[root@HomeServer ~]# mysql -uroot -p
mysql> create database nextcloud character set utf8mb4 collate utf8mb4_general_ci;
mysql> grant all on nextcloud.* to 'nextcloud'@'localhost' identified by '123456';

1.4.2 部署nextcloud程序并启动nginx

[root@nextcloud ~]# unzip /server/tools/nextcloud-13.0.0.zip
[root@nextcloud ~]# mv nextcloud/ /usr/local/nginx/html/
[root@nextcloud ~]# chown -R nginx.nginx /usr/local/nginx/html/nextcloud/
[root@nextcloud ~]# nginx

1.4.3 创建防火墙规则

[root@HomeServer ~]# iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
[root@HomeServer ~]# service iptables save

1.4.4 外网访问地址

https://pan.leonshadow.com:8443/nextcloud/

温馨提示:本文最后更新于2022-12-20 20:57:46,已超过431天没有更新。某些文章具有时效性,若文章内容或图片资源有错误或已失效,请联系站长。谢谢!
转载请注明本文链接:https://blog.leonshadow.cn/763482/1221.html
© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享