1.1二进制安装MySQL
1.1.1 安装依赖库
[[email protected] ~]# yum install -y libaio-devel
1.1.2 创建mysql管理用户
[[email protected] ~]# useradd -s /sbin/nologin -M mysql
1.1.3 解压并重命名压缩包
[[email protected] ~]# tar xf /server/tools/mysql-5.7.20-linux-glibc2.12-x86_64.tar.gz -C /usr/local/ [[email protected] ~]# mv /usr/local/mysql-5.7.20-linux-glibc2.12-x86_64/ /usr/local/mysql-5.7.20
1.1.4 创建mysql目录软链接
[[email protected] ~]# ln -s /usr/local/mysql-5.7.20/ /usr/local/mysql
1.1.5 创建mysql数据和日志目录并设置权限
[[email protected] ~]# mkdir -p /data/mysql/{data,log,binlog} [[email protected] ~]# touch /data/mysql/log/mysql.err [[email protected] ~]# chown -R mysql.mysql /usr/local/mysql/ /data/mysql/
1.1.6 初始化数据库
[[email protected] ~]# /usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --basedir=/usr/local/mysql --datadir=/data/mysql/data
1.1.7 设置mysql的启动文件
[[email protected] ~]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld [[email protected] ~]# chmod 700 /etc/init.d/mysqld
1.1.8 编写mysql配置文件
[[email protected] ~]# mv /etc/my.cnf{,.bak} [[email protected] ~]# vim /etc/my.cnf [client] port=3306 socket=/tmp/mysql.sock [mysqld] port=3306 user=mysql socket=/tmp/mysql.sock pid-file=/data/mysql/data/mysql.pid basedir=/usr/local/mysql datadir=/data/mysql/data skip-name-resolve innodb_large_prefix=on innodb_file_format=barracuda innodb_file_per_table=true # 一般查询日志,审计使用 general_log=on general_log_file=/data/mysql/log/general.log log-error=/data/mysql/log/mysql.err # 二进制日志 server-id=1 log-bin=/data/mysql/binlog/mysql-bin binlog_format=ROW # 慢日志 slow_query_log=on slow_query_log_file=/data/mysql/log/mysql-slow.log long_query_time=2 log_queries_not_using_indexes
1.1.9 设置mysql开机启动及环境变量
[[email protected] ~]# echo '/etc/init.d/mysqld start' >> /server/scripts/autoStart.sh [[email protected] ~]# echo 'PATH=/usr/local/mysql/bin/:$PATH' >>/etc/profile [[email protected] ~]# source /etc/profile
1.1.10 启动mysql服务
[[email protected] ~]# /etc/init.d/mysqld start
1.1.11 设置数据库root密码
[[email protected] ~]# mysqladmin -uroot password New password: 密码 Confirm new password:确认密码
1.2 编译安装Nginx
编译安装具体过程参阅《nginx介绍》,此处使用自制的RPM包进行一键安装。
1.2.1 安装nginx
[[email protected] ~]# yum localinstall -y /server/tools/nginx-1.12.1-1.x86_64.rpm
1.2.2 创建子配置文件和CA证书目录
[[email protected] ~]# mkdir -p /usr/local/nginx/conf/{extra,ssl}
1.2.3 创建CA证书
[[email protected] ~]# openssl req -new -x509 -days 365 -nodes -out /usr/local/nginx/conf/ssl/nextcloud.crt -keyout /usr/local/nginx/conf/ssl/nextcloud.key ...... Country Name (2 letter code) [XX]: State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]:Personal Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []:
1.2.4 创建nextcloud子配置文件
[[email protected] ~]# cat > /usr/local/nginx/conf/extra/nextcloud.conf << 'EOF' server { listen 8888; listen 8443 ssl; ssl_certificate /usr/local/nginx/conf/ssl/nextcloud.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/nextcloud.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_timeout 10m; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_buffer_size 1400; add_header Strict-Transport-Security max-age=15768000; ssl_stapling on; ssl_stapling_verify on; server_name pan.leonshadow.com; index index.html index.htm index.php; root /usr/local/nginx/html/nextcloud/; if ($ssl_protocol = "") { return 301 https://$host$request_uri; } #(可选)为了安全添加如下header add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; #(可选)为了支持user_webfinger app rewrite ^/.well-known/host-meta /public.php service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php service=host-meta-json last; #(可选)为了支持日历和联系人 location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } #设置上传文件的最大大小(还和php里的那个设置有关) client_max_body_size 10240M; fastcgi_buffers 128 8K; fastcgi_connect_timeout 300s; fastcgi_send_timeout 300s; fastcgi_read_timeout 300s; fastcgi_buffer_size 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; #最主要的,将所有请求转发到index.php上 location / { rewrite ^ /index.php$uri; } #安全设置,禁止访问部分敏感内容 location ~ ^/( :build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/( :\.|autotest|occ|issue|indie|db_|console) { deny all; } #官方默认 location ~ ^/( :index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php( :$|/) { fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass 127.0.0.1:9000; #fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_intercept_errors on; fastcgi_request_buffering off; include fastcgi.conf; } #安全设置,禁止访问部分敏感内容 location ~ ^/( :updater|ocs-provider)( :$|/) { try_files $uri/ =404; index index.php; } location ~ \.( :css|js|woff|svg|gif)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=15778463"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; access_log off; } location ~ \.( :png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; access_log off; } location ~ [^/]\.php(/|$) { fastcgi_pass 127.0.0.1:9000; #fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css) $ { expires 7d; access_log off; } location ~ /\.ht { deny all; } } EOF
1.2.5 创建主配置文件
[[email protected] ~]# cat > /usr/local/nginx/conf/nginx.conf << 'EOF' worker_processes 1; error_log logs/error.log; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; include extra/nextcloud.conf; } EOF
1.2.6 配置nginx开机自启动
[[email protected] ~]# echo '/usr/local/nginx/sbin/nginx' >> /server/scripts/autoStart.sh
1.3 编译安装PHP
1.3.1 安装依赖程序
[[email protected] ~]# yum install -y zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel libmcrypt-devel mhash mcrypt bzip2-devel gmp-devel libc-client-devel libicu-devel openldap openldap-devel
1.3.2 防止编译出错
[[email protected] ~]# ln -s /usr/lib64/libc-client.so /usr/lib/libc-client.so [[email protected] ~]# cp -frp /usr/lib64/libldap* /usr/lib/
1.3.3 解压php
[[email protected] ~]# cd /server/tools [[email protected] tools]# tar xf php-7.2.3.tar.gz
1.3.4 配置php
[[email protected] tools]# cd php-7.2.3/ [[email protected] php-7.2.3]# ./configure \ --prefix=/usr/local/php-7.2.3 \ --with-pdo-mysql=mysqlnd \ --with-mysql-sock=/tmp/mysql.sock \ --with-iconv-dir \ --with-kerberos \ --enable-ctype \ --enable-dom \ --enable-json \ --enable-posix \ --enable-simplexml \ --enable-xmlreader \ --enable-xmlwriter \ --enable-zip \ --enable-fileinfo \ --enable-pcntl \ --with-freetype-dir \ --with-jpeg-dir \ --with-png-dir \ --with-zlib \ --with-libxml-dir=/usr \ --enable-xml \ --disable-rpath \ --enable-bcmath \ --enable-shmop \ --enable-sysvsem \ --enable-inline-optimization \ --with-curl \ --with-bz2 \ --with-ldap \ --with-imap \ --with-imap-ssl \ --with-gmp \ --enable-exif \ --enable-ftp \ --enable-intl \ --enable-mbregex \ --enable-fpm \ --enable-mbstring \ --with-gd \ --with-openssl \ --with-mhash \ --enable-pcntl \ --enable-sockets \ --with-xmlrpc \ --enable-soap \ --enable-short-tags \ --enable-static \ --with-xsl \ --with-fpm-user=nginx \ --with-fpm-group=nginx \ --enable-ftp \ --enable-opcache=yes
1.3.5 为防止编译出错修改Makefile文件后编译安装
[[email protected] php-7.2.3]# vim Makefile 116 EXTRA_LIBS = -lcrypt -lc-client -lz -lexslt -lresolv -lcrypt -lrt -lldap -lstdc++ -lcrypt -lgmp -lpng -lz -ljpeg -lbz2 -lz -lrt -lm -ldl -lnsl -lxml2 -lz -lm -ldl -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto -lcurl -lxml2 -lz -lm -ldl -lssl -lcrypto -lfreetype -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto -ldl -lm -licui18n -licuuc -licudata - ldl -lm -licuio -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lcrypt -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lxslt -lxml2 -lz -ldl -lm -lssl -lcrypto -lcrypt -llber [[email protected] php-7.2.3]# make && make install
1.3.6 配置php程序及相关配置文件
[[email protected] ~]# ln -s /usr/local/php-7.2.3/ /usr/local/php [[email protected] ~]# cp /server/tools/php-7.2.3/php.ini-production /usr/local/php/lib/php.ini [[email protected] ~]# cp /usr/local/php/etc/php-fpm.conf{.default,} [[email protected] ~]# cp /usr/local/php/etc/php-fpm.d/www.conf{.default,}
1.3.7 配置php环境变量
[[email protected] ~]# echo '/usr/local/php/sbin/php-fpm' >> /server/scripts/autoStart.sh [[email protected] ~]# echo 'export PATH=/usr/local/php/sbin:$PATH' >> /etc/profile [[email protected] ~]# source /etc/profile [[email protected] ~]# php-fpm
1.4 部署NextCloud
1.4.1 创建数据库及用户
[[email protected] ~]# mysql -uroot -p mysql> create database nextcloud character set utf8mb4 collate utf8mb4_general_ci; mysql> grant all on nextcloud.* to 'nextcloud'@'localhost' identified by '123456';
1.4.2 部署nextcloud程序并启动nginx
[[email protected] ~]# unzip /server/tools/nextcloud-13.0.0.zip [[email protected] ~]# mv nextcloud/ /usr/local/nginx/html/ [[email protected] ~]# chown -R nginx.nginx /usr/local/nginx/html/nextcloud/ [[email protected] ~]# nginx
1.4.3 创建防火墙规则
[[email protected] ~]# iptables -A INPUT -p tcp --dport 8443 -j ACCEPT [[email protected] ~]# service iptables save
1.4.4 外网访问地址
https://pan.leonshadow.com:8443/nextcloud/
我的微信
如果有技术上的问题可以扫一扫我的微信
