利用NextCloud配置私有雲

利用NextCloud配置私有雲

• 利用NextCloud配置私有雲
  
  • 安裝MariaDB
  • 為NextCloud創建數據庫和用戶
  • 安裝PHP和相關模塊
  • 下載NextCloud
  • 安裝配置Nginx
  • 完成安裝

NextCloud (https://nextcloud.com/) 是開源雲盤服務器，此處利用 LEMP 搭建 NextCloud 運行環境－MariaDB, PHP-FPM 和 Nginx (Ubuntu 16.04)
1. 安裝MariaDB
Ubuntu 16.04 安裝 MariaDB
更新升級系統：

$ sudo apt update




$ sudo apt upgrade

安裝MariaDB：

$ sudo apt install mariadb-server

啟動MariaDB服務：

$ sudo systemctl start mysql

查看狀態：

$ sudo systemctl status mysql

執行初始化安全腳本，默認root密碼為空，設置root密碼和其他選項：

$ sudo mysql_secure_installation

2. 為NextCloud創建數據庫和用戶
創建數據庫nextcloud；用戶名nextcloud，密碼XXXXXXXX

$ sudo mysql -u root -p
MariaDB [(none)]> CREATE DATABASE nextcloud;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'XXXXXXXX';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> q

3. 安裝PHP和相關模塊

$ sudo apt-get -y install php-fpm php-cli php-json php-curl php-imap php-gd php-mysql php-xml php-zip php-intl php-mcrypt php-imagick php-mbstring

配置PHP：

$ sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=1/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/upload_max_filesize = .*/upload_max_filesize = 200M/" /etc/php/7.0/fpm/php.ini
$ sudo sed -i "s/post_max_size = .*/post_max_size = 200M/" /etc/php/7.0/fpm/php.ini

重啟PHP-FPM：

$ sudo systemctl restart php7.0-fpm

4. 下載NextCloud

$ cd /tmp
$ wget https://download.nextcloud.com/server/releases/nextcloud-12.0.0.zip

解壓到 /var/www/ 目錄並更改權限：

$ unzip nextcloud-12.0.0.zip
$ sudo mkdir /var/www/
$ sudo mv nextcloud /var/www/
$ sudo chown -R www-data: /var/www/nextcloud

5. 安裝配置Nginx

$ sudo apt-get install nginx nginx-extras

生成自簽名證書：

$ sudo mkdir -p /etc/nginx/ssl
$ cd /etc/nginx/ssl
$ sudo openssl genrsa -des3 -passout pass:x -out nextcloud.pass.key 2048
$ sudo openssl rsa -passin pass:x -in nextcloud.pass.key -out nextcloud.key
$ sudo rm nextcloud.pass.key
$ sudo openssl req -new -key nextcloud.key -out nextcloud.csr
$ sudo openssl x509 -req -days 365 -in nextcloud.csr -signkey nextcloud.key -out nextcloud.crt

也可使用免費的 let encrypt，創建Nginx server block文件：

$ sudo vim /etc/nginx/sites-available/nextcloud

server {
 listen 80;
 server_name pan.csxiaoyao.com;
 return 301 https: //$server_name$request_uri;
}
server {
 listen 443 ssl http2;
 server_name pan.csxiaoyao.com;
 root /
 var / www / nextcloud;
 ssl on;
 ssl_certificate / etc / nginx / ssl / nextcloud.crt;
 ssl_certificate_key / etc / nginx / ssl / nextcloud.key;
 ssl_session_timeout 5m;
 ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 add_header X - Content - Type - Options nosniff;
 add_header X - Frame - Options "SAMEORIGIN";
 add_header X - XSS - Protection "1; mode=block";
 add_header X - Robots - Tag none;
 add_header X - Download - Options noopen;
 add_header X - Permitted - Cross - Domain - Policies none;
 access_log /
 var / log / nginx / nextcloud.access.log;
 error_log /
 var / log / nginx / nextcloud.error.log;
 location = /robots.txt {
 allow all;
 log_not_found off;
 access_log off;
 }
 location = /.well - known / carddav {
 return 301 $scheme: //$host/remote.php/dav;
 }
 location = /.well-known/caldav {
 return 301 $scheme: //$host/remote.php/dav;
 }
 client_max_body_size 512M;
 fastcgi_buffers 64 4K;
 gzip off;
 error_page 403 / core / templates / 403.php;
 error_page 404 / core / templates / 404.php;
 location / {
 rewrite ^ /index.php$uri;
 }
 location ~ ^/ ( ? : build | tests | config | lib | 3rdparty | templates | data) / {




 deny all;
 }
 location~ ^ /(?:.|autotest|occ|issue|indie|db_|console) {
 deny all;
 }
 location ~^/ ( ? : index | remote | public | cron | core / ajax / update | status | ocs / v[12] | updater / . + | ocs - provider / . + | core / templates / 40[34]).php( ? : $ | /) {
 include fastcgi_params;
 fastcgi_split_path_info ^(.+.php)(/. + ) $;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param HTTPS on;#
 Avoid sending the security headers twice
 fastcgi_param modHeadersAvailable true;
 fastcgi_param front_controller_active true;
 fastcgi_pass unix: /var/run / php / php7.0 - fpm.sock;
 fastcgi_intercept_errors on;
 fastcgi_request_buffering off;
 }
 location~ ^ /(?:updater|ocs-provider)(?:$|/) {
 try_files $uri / = 404;
 index index.php;
 }
 location~ * .( ? : css | js) $ {
 try_files $uri / index.php$uri$is_args$args;
 add_header Cache - Control "public, max-age=7200";
 add_header X - Content - Type - Options nosniff;
 add_header X - Frame - Options "SAMEORIGIN";
 add_header X - XSS - Protection "1; mode=block";
 add_header X - Robots - Tag none;
 add_header X - Download - Options noopen;
 add_header X - Permitted - Cross - Domain - Policies none;#
 Optional: Don 't log access to assets
 access_log off;
 }
 location ~* .(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
 try_files $uri /index.php$uri$is_args$args;
 access_log off;
 }
 location ~ /.ht {
 deny all;
 }
}

創建鏈接：

$ sudo ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/nextcloud

測試Nginx配置文件：

$ sudo nginx -t

重啟nginx：

$ sudo systemctl restart nginx

6. 完成安裝
瀏覽器訪問 https://pan.csxiaoyao.com，設置管理員賬戶和數據庫