• 首页
  • 产品与方案
  • 众成服务
  • 走进众成
  • 新闻中心
  • 企业文化
  • 联系我们
  • 解决方案
  • 众成软件
  • 维护支持
  • 运维服务
  • 技术交流
  • 公司介绍
  • 荣誉资质
  • 合作伙伴
  • 招贤纳士
  • 公司新闻
  • 业界动态
  • 文化建设
  • 企业文化
  • 荣誉榜

首页 > 众成服务 > 技术交流

技术交流

NextCloud搭建自己私有云盘

 作者:众成   文章来源:运维部    点击数:  更新时间:2018-09-20 15:25:13

 

环境准备

 

Centos 6.x安装epel和webtatic最新仓库

 

[root@localhost admin]# yum -y install epel-release

 

 

[root@localhost admin]# rpm -Uvh http://mirror.webtatic.com/yum/el6/latest.rpm

 

Centos 7安装epel和webtatic最新仓库

 

[root@localhost admin]# yum -y install epel-release

 

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

 

 

1、安装nginx和php7

 

#安装nginx

 

yum install nginx -y

 

#安装php7及其nextcloud需要的包

 

yum -y install php70w-fpm php70w-cli php70w-opcache php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel

 

2、验证安装的php版本

 

[root@localhost admin]# php -v

PHP 7.0.31 (cli) (built: Jul 20 2018 17:59:11) ( NTS )

Copyright (c) 1997-2017 The PHP Group

Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies

    with Zend OPcache v7.0.31, Copyright (c) 1999-2017, by Zend Technologies

 

3、配置PHP7-FPM

 

在这一个步骤中,我们将配置php-fpm与Nginx协同运行。Php7-fpm将使用nginx用户来运行,并监听9000端口。

使用vim编辑默认的php7-fpm配置文件。

[root@localhost admin]# vim /etc/php-fpm.d/www.conf

 

user = nginx

group = nginx #在第8行和第10行,user和group赋值为nginx。

 

listen = 127.0.0.1:9000 #在第 22 行,确保 php-fpm 运行在指定端口。

 

env[HOSTNAME] = $HOSTNAME

env[PATH] = /usr/local/bin:/usr/bin:/bin

env[TMP] = /tmp

env[TMPDIR] = /tmp

env[TEMP] = /tmp #取消第366-370行的注释,启用php-fpm的系统环境变量。

 

下一步,就是在/var/lib/php/目录下创建一个新的文件夹session,并将其拥有者变更为nginx用户。

 

[root@localhost lib]# mkdir -p /var/lib/php/session

 

[root@localhost session]# chown nginx:nginx -R /var/lib/php/session/


然后启动php-fpm和Nginx,并且将它们设置为随开机启动的服务。

Centos 6

 

[root@localhost php]# service php-fpm start

正在启动 php-fpm:                                         [确定]

[root@localhost php]# service nginx start

正在启动 nginx:                                              [确定]

[root@localhost php]# chkconfig php-fpm on

[root@localhost php]# chkconfig nginx on

C:\Users\hasee\AppData\Local\Temp\enhtmlclip\Image.png

 

Centos 7

 

systemctl start php-fpm

systemctl start nginx

systemctl enable php-fpm

systemctl enable nginx


 

4、安装和配置MariaDB

    

我这里使用MariaDB作为Nextcloud的数据库。可以直接使用yum命令从CentOS默认远程仓库中安装 mariadb-server包。

 

Centos6.x无法直接安装MariaDB

vim /etc/yum.repos.d/MariaDB.repo

 

# MariaDB 10.2 CentOS repository list - created 2017-07-15 07:23 UTC

# http://downloads.mariadb.org/mariadb/repositories/

[mariadb]

name = MariaDB

baseurl = http://mirrors.ustc.edu.cn/mariadb/yum/10.2/centos6-x86

gpgkey=http://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB

gpgcheck=1

 

安装MariaDB

 

[root@localhost yum.repos.d]# yum -y install MariaDB MariaDB-server

 

注意:如果有报以下错误,执行标黄部分

 

-----------------------------------------------------------------------------------------------------------------------------------

Total                                                                                              2.0 MB/s |  73 MB     00:36     

warning: rpmts_HdrFromFdno: Header V4 DSA/SHA1 Signature, key ID 1bb943db: NOKEY

Retrieving key from http://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB

Importing GPG key 0x1BB943DB:

Userid: "MariaDB Package Signing Key <package-signing-key@mariadb.org>"

From  : http://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB

Running rpm_check_debug

ERROR with rpm_check_debug vs depsolve:

libkadm5clnt_mit.so.8()(64bit) is needed by krb5-workstation-1.10.3-65.el6.x86_64

libkadm5clnt_mit.so.8(kadm5clnt_mit_8_MIT)(64bit) is needed by krb5-workstation-1.10.3-65.el6.x86_64

libkadm5srv_mit.so.8()(64bit) is needed by krb5-workstation-1.10.3-65.el6.x86_64

libkadm5srv_mit.so.8(kadm5srv_mit_8_MIT)(64bit) is needed by krb5-workstation-1.10.3-65.el6.x86_64

You could try running: rpm -Va --nofiles --nodigest

Your transaction was saved, rerun it with: yum load-transaction /tmp/yum_save_tx-2018-08-15-16-07HQ2gUj.yumtx

 

[root@localhost yum.repos.d]# yum load-transaction /tmp/yum_save_tx-2018-08-15-16-07HQ2gUj.yumtx

 

启动MariaDB

 

[root@localhost init.d]# service mysql start

Starting MariaDB.180815 16:38:39 mysqld_safe Logging to '/var/lib/mysql/localhost.localdomain.err'.

180815 16:38:39 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql

.                                                          [确定]

[root@localhost init.d]# chkconfig mysql on

 

 

初始化MariaDB

 

[root@localhost init.d]# mysql_secure_installation

 

设置密码

Enter current password for root (enter for none):

OK, successfully used password, moving on...

 

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

 

Set root password? [Y/n] y

New password:

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

... Success!

 

 

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.

 

Remove anonymous users? [Y/n] y

... Success!

 

Normally, root should only be allowed to connect from 'localhost'.  This

ensures that someone cannot guess at the root password from the network.

 

Disallow root login remotely? [Y/n] y

... Success!

 

By default, MariaDB comes with a database named 'test' that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.

 

Remove test database and access to it? [Y/n] y

- Dropping test database...

... Success!

- Removing privileges on test database...

... Success!

 

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

 

Reload privilege tables now? [Y/n] y

... Success!

 

Cleaning up...

 

All done!  If you've completed all of the above steps, your MariaDB

installation should now be secure.

 

Thanks for using MariaDB!

[root@localhost init.d]#

 

 

这样就设置好了密码,现在登录到 mysql shell并为Nextcloud创建一个新的数据库和用户。这里我创建名为nextcloud的数据库以及名为nextcloud的用户,用户密码为nextcloud。当然了,要给你自己的系统选用一个更安全的密码。

 

[root@localhost init.d]# mysql -u root -p

Enter password:

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 33

Server version: 10.2.17-MariaDB MariaDB Server

 

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

MariaDB [(none)]>

 

MariaDB [(none)]> create database nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]>grant all privileges on nextcloud.* to nextcloud@% identified by 'nextcloud';

MariaDB [(none)]> grant all privileges on nextcloud.* to nextcloud@localhost identified by 'nextcloud';    不允许本地登录

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

 

5、为Nextcoud生成一个自签名SSL证书

 

我会让客户端以https连接来运行Nextcloud,这里我使用OpenSSL来创建自己的自签名SSL证书。

 

mkdir -p /etc/nginx/cert/

 

如下,使用openssl生成一个新的SSL证书。

 

[root@localhost init.d]# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key

Generating a 2048 bit RSA private key

............+++

..............+++

writing new private key to '/etc/nginx/cert/nextcloud.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:

State or Province Name (full name) []:

Locality Name (eg, city) [Default City]:

Organization Name (eg, company) [Default Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:

Email Address []:

 

最后使用 chmod 命令将所有证书文件的权限设置为 600。

 

[root@localhost init.d]# chmod 700 /etc/nginx/cert/

[root@localhost init.d]# chmod 600 /etc/nginx/cert/*

 

6、下载和安装Nextcloud

 

使用wget命令下载nextcloud到服务器上

    

[root@localhost /]# wget https://download.nextcloud.com/server/releases/nextcloud-12.0.0.zip

 

解压nextcloud,并将其移动到/usr/share/nginx/html/目录

 

[root@localhost opt]# unzip nextcloud-12.0.0.zip

[root@localhost opt]# mv nextcloud /usr/share/nginx/html/

 

转到Nginx的web根目录为Nextcloud创建一个data文件夹,推荐选择一个比较大的分区放置data目录,因为以后上传的数据都会放置在里面

 

[root@localhost opt]# cd /usr/share/nginx/html/

[root@localhost html]# mkdir -p nextcloud/data/

 

变更nextcloud目录的拥有者为nginx用户和组。

 

[root@localhost html]# chown nginx:nginx -R nextcloud/

 

7、在Nginx中为nextcloud配置虚拟主机

 

下载好了Nextcloud源码,并配置好了让它运行于Nginx服务器中,但我们还需要为它配置一个虚拟主机。在Nginx的conf.d目录下创建一个新的虚拟主机配置文件nextcloud.conf。

 

[root@localhost html]# vim /etc/nginx/conf.d/nextcloud.conf

 

将以下内容粘贴到虚拟主机配置文件中: (标黄部分,请修改为自己的域名)

 

upstream php-handler {

server 127.0.0.1:9000;

#server unix:/var/run/php5-fpm.sock;}

 

server {

listen 80;

server_name testcloud.com; 

# enforce https

return 301 https://$server_name$request_uri;}

 

server {

listen 443 ssl http2;

server_name testcloud.com;

 

ssl_certificate /etc/nginx/cert/nextcloud.crt;

ssl_certificate_key /etc/nginx/cert/nextcloud.key;

 

# Add headers to serve security related headers

# Before enabling Strict-Transport-Security headers please read into this

# topic first.

add_header Strict-Transport-Security "max-age=15768000;

includeSubDomains; preload;";

#

# WARNING: Only add the preload option once you read about

# the consequences in https://hstspreload.org/. This option

# will add the domain to a hardcoded list that is shipped

# in all major browsers and getting removed from this list

# could take several months.

add_header X-Content-Type-Options nosniff;

add_header X-XSS-Protection "1; mode=block";

add_header X-Robots-Tag none;

add_header X-Download-Options noopen;

add_header X-Permitted-Cross-Domain-Policies none;

 

# Path to the root of your installation

root /usr/share/nginx/html/nextcloud/;

 

location = /robots.txt {

allow all;

log_not_found off;

access_log off;

}

 

# The following 2 rules are only needed for the user_webfinger app.

# Uncomment it if you're planning to use this app.

#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;

#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json

# last;

 

location = /.well-known/carddav {

return 301 $scheme://$host/remote.php/dav;

}

location = /.well-known/caldav {

return 301 $scheme://$host/remote.php/dav;

}

 

# set max upload size

client_max_body_size 512M;

fastcgi_buffers 64 4K;

 

# Enable gzip but do not remove ETag headers

gzip on;

gzip_vary on;

gzip_comp_level 4;

gzip_min_length 256;

gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;

gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web

-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-polic

y;

 

# Uncomment if your server is build with the ngx_pagespeed module

# This module is currently not supported.

#pagespeed off;

 

location / {

rewrite ^ /index.php$uri;

}

 

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {

deny all;

}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {

deny all;

}

 

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {

fastcgi_split_path_info ^(.+\.php)(/.*)$;

include fastcgi_params;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param PATH_INFO $fastcgi_path_info;

fastcgi_param HTTPS on;

#Avoid sending the security headers twice

fastcgi_param modHeadersAvailable true;

fastcgi_param front_controller_active true;

fastcgi_pass php-handler;

fastcgi_intercept_errors on;

fastcgi_request_buffering off;

}

 

location ~ ^/(?:updater|ocs-provider)(?:$|/) {

try_files $uri/ =404;

index index.php;

}

 

# Adding the cache control header for js and css files

# Make sure it is BELOW the PHP block

location ~ \.(?:css|js|woff|svg|gif)$ {

try_files $uri /index.php$uri$is_args$args;

add_header Cache-Control "public, max-age=15778463";

# Add headers to serve security related headers (It is intended to

# have those duplicated to the ones above)

# Before enabling Strict-Transport-Security headers please read into

# this topic first.

add_header Strict-Transport-Security "max-age=15768000;

includeSubDomains; preload;";

#

# WARNING: Only add the preload option once you read about

# the consequences in https://hstspreload.org/. This option

# will add the domain to a hardcoded list that is shipped

# in all major browsers and getting removed from this list

# could take several months.

add_header X-Content-Type-Options nosniff;

add_header X-XSS-Protection "1; mode=block";

add_header X-Robots-Tag none;

add_header X-Download-Options noopen;

add_header X-Permitted-Cross-Domain-Policies none;

# Optional: Don't log access to assets

access_log off;

}

 

location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {

try_files $uri /index.php$uri$is_args$args;

# Optional: Don't log access to other assets

access_log off;

}}

 

下面测试一下该Nginx配置文件是否有错误,没有的话就可以重启服务了。

 

[root@localhost html]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@localhost html]# service nginx restart

停止 nginx:                                               [确定]

正在启动 nginx:                                           [确定]

 

8、nextcloud安装

 

打开你的Web浏览器,输入你为Nextcloud设置的域名,然后会重定向到安全性更好的https连接。设置你的管理员用户名和密码,然后输入数据验证信息,点击 '完成安装(Finish Setup)'。

 

下载此文档:NextCloud搭建自己私有云盘(吴剑华)   类型:docx,   大小:56 KB
  • 地址:温州市车站大道大诚商厦E幢四楼 | 电话:0577-88891333 | 技术服务电话:4008515159 | 传真:0577-88363999
  • 邮箱:jucher@jucher.com | 浙ICP备05000620号-1
  • Copyright © 2009-2019 JUCHER CORPORATION CO., LTD All Rights Reserve