筆者 NextCloud 使用的是 Nginx 環(huán)境. 其他環(huán)境請參考對應(yīng)的官方文檔.

準(zhǔn)備條件:

CentOS 7 X64

NextCloud 14

CentOS 7 基本安裝配置

本安裝過程默認(rèn)讀者已經(jīng)將 CentOS 7 環(huán)境完全準(zhǔn)備好了. 如果你的系統(tǒng)是新安裝的默認(rèn)最小系統(tǒng), 請參考這里: CentOS 7 網(wǎng)絡(luò)配置 與 CentOS 7 安裝 SSH 服務(wù)器. 以上兩項可以保證最后能夠正常訪問 NextCloud.

添加 epel 倉庫

有很多軟件位于 EPEL 倉庫中, 而默認(rèn)情況下安裝的 CentOS 中沒有該倉庫, 因此需要自己手動添加.

$ sudo yum -y install epel-release

添加 Webtatic 倉庫

php7-fpm 依賴需要

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

準(zhǔn)備 NextCloud 運行環(huán)境

安裝 PHP7-FPM

執(zhí)行以下命令:

$ sudo yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel

安裝完成后, 查看 php 版本 php -v

$ php -v

PHP 7.0.32 (cli) (built: Sep 15 2018 07:54:46) ( NTS )

Copyright (c) 1997-2017 The PHP Group

Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies

配置 PHP7-FPM

配置 PHP7-FPM 使用 nginx 用戶運行, 并監(jiān)聽 9000 端口

用于配置 PHP-FPM 與 Nginx 協(xié)同運行.

$ sudo vi /etc/php-fpm.d/www.conf

修改 user 與 group 為 nginx.

; RPM: apache Choosed to be able to access some dir as httpd

user = nginx

; RPM: Keep a group allowed to write in log dir.

group = nginx

確保 PHP-FPM 運行在指定端口

; Note: This value is mandatory.

listen = 127.0.0.1:9000

啟用 php-fpm 的系統(tǒng)環(huán)境變量

; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from

; the current environment.

; Default Value: clean env

env[HOSTNAME] = $HOSTNAME

env[PATH] = /usr/local/bin:/usr/bin:/bin

env[TMP] = /tmp

env[TMPDIR] = /tmp

env[TEMP] = /tmp

保存退出.

在 /var/lib/ 目錄下新建文件夾 session, 擁有者改為 ngnix

$ mkdir -p /var/lib/php/session

$ chown nginx:nginx -R /var/lib/php/session/

啟動 PHP-FPM 和 Nginx，并設(shè)置為隨開機啟動服務(wù)

$ sudo systemctl start php-fpm

$ sudo systemctl start nginx

$ sudo systemctl enable php-fpm

$ sudo systemctl enable nginx

安裝/配置 MariaDB

MariaDB 安裝與 Root 配置

$ sudo yum -y install mariadb mariadb-server

$ sudo systemctl start mariadb

$ sudo systemctl enable mariadb

配置 MariaDB 的 root 用戶密碼. 此處跟隨著提示即可.

$ mysql_secure_installation

Set root password? [Y/n] Y

New password:

Re-enter new password:

Remove anonymous users? [Y/n] Y

Disallow root login remotely? [Y/n] Y

Remove test database and access to it? [Y/n] Y

Reload privilege tables now? [Y/n] Y

添加 nextcloud 的 user 與數(shù)據(jù)庫

$ mysql -u root -p

Enter password:

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 2586

Server version: 5.5.60-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database nextcloud_db;

MariaDB [(none)]> create user nextclouduser@localhost identified by 'password!@#';

MariaDB [(none)]> grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'password!@#';

MariaDB [(none)]> flush privileges;

MariaDB [(none)]> exit;

生成 SSL 證書

我們使用的是 https 進(jìn)行訪問. 因此需要一個 SSL 證書. 當(dāng)然這塊的證書你可以選擇免費的 SSL 證書, 也可以選擇自簽一個. 這里使用的是自簽的 SSL 證書.

$ mkdir -p /etc/nginx/cert/

$ openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key

$ sudo chmod 700 /etc/nginx/cert

$ sudo chmod 600 /etc/nginx/cert/nextcloud.key /etc/nginx/cert/nextcloud.crt

下載 NextCloud

安裝 wget 與 unzip

$ yum -y install wget unzip

下載與驗證 NextCloud

$ cd ~/

$ wget https://download.nextcloud.com/server/releases/nextcloud-14.0.4.zip

$ wget https://download.nextcloud.com/server/releases/nextcloud-14.0.4.zip.sha256

$ sha256sum -c nextcloud-14.0.4.zip.sha256 < nextcloud-14.0.4.zip

解壓并將 NextCloud 剪切到 /usr/share/nginx/html/ 目錄下

$ unzip nextcloud-10.0.2.zip

$ sudo cp -R nextcloud/ /usr/share/nginx/html/

新建 data 文件夾, 并變更 nextcloud 所有者為 nginx

$ cd /usr/share/nginx/html/

$ sudo mkdir -p nextcloud/data/

$ chown nginx:nginx -R nextcloud/

配置 NextCloud

在 Nginx 中為 Nextcloud 配置虛擬主機

$ sudo vi /etc/nginx/conf.d/nextcloud.conf

upstream php-handler {

server 127.0.0.1:9000;

#server unix:/var/run/php/php7.0-fpm.sock;

}

server {

listen 80;

listen [::]:80;

server_name 你的地址;

# enforce https

return 301 https://$server_name$request_uri;

}

server {

listen 443 ssl http2;

listen [::]:443 ssl http2;

server_name 你的地址;

# Use Mozilla's guidelines for SSL/TLS settings

# https://mozilla.github.io/server-side-tls/ssl-config-generator/

# NOTE: some settings below might be redundant

ssl_certificate /etc/nginx/cert/nextcloud.crt.crt;

ssl_certificate_key /etc/nginx/cert/nextcloud.crt.key;

# Add headers to serve security related headers

# Before enabling Strict-Transport-Security headers please read into this

# topic first.

# add_header Strict-Transport-Security "max-age=15768000;

# includeSubDomains; preload;";

#

# WARNING: Only add the preload option once you read about

# the consequences in https://hstspreload.org/. This option

# will add the domain to a hardcoded list that is shipped

# in all major browsers and getting removed from this list

# could take several months.

add_header X-Content-Type-Options nosniff;

add_header X-XSS-Protection "1; mode=block";

add_header X-Robots-Tag none;

add_header X-Download-Options noopen;

add_header X-Permitted-Cross-Domain-Policies none;

add_header Referrer-Policy no-referrer;

# Remove X-Powered-By, which is an information leak

fastcgi_hide_header X-Powered-By;

# Path to the root of your installation

root /var/www/nextcloud/;

location = /robots.txt {

allow all;

log_not_found off;

access_log off;

}

# The following 2 rules are only needed for the user_webfinger app.

# Uncomment it if you're planning to use this app.

#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;

#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json

# last;

location = /.well-known/carddav {

return 301 $scheme://$host/remote.php/dav;

}

location = /.well-known/caldav {

return 301 $scheme://$host/remote.php/dav;

}

# set max upload size

client_max_body_size 512M;

fastcgi_buffers 64 4K;

# Enable gzip but do not remove ETag headers

gzip on;

gzip_vary on;

gzip_comp_level 4;

gzip_min_length 256;

gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;

gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

# Uncomment if your server is build with the ngx_pagespeed module

# This module is currently not supported.

#pagespeed off;

location / {

rewrite ^ /index.php$request_uri;

}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {

deny all;

}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {

deny all;

}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {

fastcgi_split_path_info ^(.+?\.php)(/.*)$;

include fastcgi_params;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param PATH_INFO $fastcgi_path_info;

fastcgi_param HTTPS on;

#Avoid sending the security headers twice

fastcgi_param modHeadersAvailable true;

fastcgi_param front_controller_active true;

fastcgi_pass php-handler;

fastcgi_intercept_errors on;

fastcgi_request_buffering off;

}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {

try_files $uri/ =404;

index index.php;

}

# Adding the cache control header for js and css files

# Make sure it is BELOW the PHP block

location ~ \.(?:css|js|woff2?|svg|gif)$ {

try_files $uri /index.php$request_uri;

add_header Cache-Control "public, max-age=15778463";

# Add headers to serve security related headers (It is intended to

# have those duplicated to the ones above)

# Before enabling Strict-Transport-Security headers please read into

# this topic first.

# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

#

# WARNING: Only add the preload option once you read about

# the consequences in https://hstspreload.org/. This option

# will add the domain to a hardcoded list that is shipped

# in all major browsers and getting removed from this list

# could take several months.

add_header X-Content-Type-Options nosniff;

add_header X-XSS-Protection "1; mode=block";

add_header X-Robots-Tag none;

add_header X-Download-Options noopen;

add_header X-Permitted-Cross-Domain-Policies none;

add_header Referrer-Policy no-referrer;

# Optional: Don't log access to assets

access_log off;

}

location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {

try_files $uri /index.php$request_uri;

# Optional: Don't log access to other assets

access_log off;

}

}

保存文件, 并測試 nginx -t. 如果測試結(jié)果通過, 重啟服務(wù). sudo systemctl restart nginx

配置 SELinux 和 FirewallD 規(guī)則

首先, 安裝一個管理軟件配置 SELinux

$ yum -y install policycoreutils-python

運行一下命令配置 SELinux 規(guī)則:

$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)?'

$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config(/.*)?'

$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps(/.*)?'

$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/assets(/.*)?'

$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess'

$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini'

$ sudo restorecon -Rv '/usr/share/nginx/html/nextcloud/'

啟用 firewalld 服務(wù)并設(shè)置隨系統(tǒng)啟動, 。

$ sudo systemctl start firewalld

$ sudo systemctl enable firewalld

開啟 http 和 https 端口，然后重新加載防火墻。

$ sudo firewall-cmd --permanent --add-service=http

$ sudo firewall-cmd --permanent --add-service=https

$ sudo firewall-cmd --reload

至此, 所有的安裝工作全部完成(除了最后一步的 NextCloud 配置).

打開瀏覽器，輸入你的 NextCloud 域名，根據(jù)頁面提示進(jìn)行配置即可. 完成后, 你就可以享用 NextCloud 帶來的便捷了.

小結(jié)

百度出來的資料有一些細(xì)節(jié)方面的問題. 單在官方文檔中, 這些問題統(tǒng)統(tǒng)不存在. 所以, 安裝過程中, 如果出現(xiàn)問題, 重新按照官方文檔來一遍, 一般就沒問題了.

另外筆者下載的是 NextCloud 14 版本的, 該版本少了一些插件, 如果下載管理的 ocDownloader 目前只支持到 13.

參考

總結(jié)

以上是生活随笔為你收集整理的php7 nextcloud,CentOS 7 安装 NextCloud的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。