NextCloud 云盘部署

1、部署 MySQL

1.1：MySQL8.0 版本

[root@server ~]#  wget https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm

1.2：安装 YUM 源

MySQL8.0 版本

[root@server ~]# rpm -ivh mysql80-community-release-el7-3.noarch.rpm

• 注意：如果一台服务器安装 5.7 和 8.0 版本的 rpm 源则会冲突
  

1.3：安装 MySQL 服务端

• 查看 mysql server

[root@server ~]# yum repolist enabled | grep "mysql.*-community.*"
[root@server ~]# yum repolist all | grep mysql

• 安装

[root@server ~]# yum install mysql-community-server

1.4：启动 mysql 服务

[root@server ~]# systemctl start mysqld.service
[root@server ~]# systemctl enable mysqld.service
[root@server ~]# systemctl status mysqld.service

1.5：数据库密码配置

1.5.1：查看登陆密码

[root@server ~]# cat /var/log/mysqld.log | grep 'password'

1.5.2：登陆

[root@erver ~]# mysql -uroot -p

• 到这里 MySQL 就完全安装完成了

1.5.3：重置密码

8 之前是 validate_password_ 8 之后 validate_password.

重置密码（MySQL8.0 版本）

• 原因：在 MySQL8.0 中'validate_password_policy' 变量不存在
• 进行密码规则调整

密码验证策略低要求
mysql> set global validate_password.policy=0; (0或LOW代表低级)
 
密码至少要包含的小写字母个数和大写字母个数
mysql> set global validate_password.mixed_case_count=0;

密码至少要包含的数字个数。
mysql> set global validate_password.number_count=0;

密码至少要包含的特殊字符数
mysql> set global validate_password.special_char_count=0;
 
密码长度
mysql> set global validate_password.length=4;** **#8.0最小长度为4

• 再次设置密码

mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'dqz123';
mysql> flush privileges; 
mysql> SHOW VARIABLES LIKE 'validate_password%';

1.6：创建用户和数据库

mysql> create database nextcloud;         

mysql> create user nextcloud@localhost identified by 'passwd';

mysql> grant all privileges on nextcloud.* to nextcloud@localhost identified by 'passwd';

mysql> flush privileges;

2、部署 PHP

2.1：安装

• 这里安装新版本 PHP

[root@nextcloud-server ~]# yum install epel-release
[root@nextcloud-server ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

• 安装一些 PHP 组件

[root@nextcloud-server ~]# yum install php72w-fpm php72w-opcache php72w-mysql php72w-cli php72w-gd php72w-mcrypt php72w-pear php72w-xml php72w-mbstring php72w-pdo php72w-json php72w-pecl-apcu php72w-pecl-apcu-devel

2.2：配置

[root@nextcloud-server ~]# vim /etc/php-fpm.d/www.conf

.....

user = nginx //将用户和组都改为nginx

group = nginx

.....

listen = 127.0.0.1:9000  //php-fpm所监听的端口为9000

......

env[HOSTNAME] = $HOSTNAME  //去掉下面几行注释

env[PATH] = /usr/local/bin:/usr/bin:/bin

env[TMP] = /tmp

env[TMPDIR] = /tmp

env[TEMP] = /tmp

• 在/var/lib 目录下为 session 路径创建一个新的文件夹，并将用户名和组设为 nginx

[root@nextcloud-server ~]# mkdir -p /var/lib/php/session
[root@nextcloud-server ~]# chown nginx:nginx -R /var/lib/php/session/

2.3：启动

[root@wordpress ~]# systemctl start php-fpm
[root@wordpress ~]# systemctl enable php-fpm

3、部署 nginx

• 这里我采用 RPM 包安装最新稳定版 nginx

3.1：安装

使用RPM包进行安装，下载地址：http://nginx.org/packages/centos/7/x86_64/RPMS/

[root@wordpress ~]# wget http://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.16.1-1.el7.ngx.x86_64.rpm
[root@wordpress ~]# rpm -ivh nginx-1.16.1-1.el7.ngx.x86_64.rpm
[root@wordpress ~]# nginx -v
nginx version: nginx/1.16.1

3.2：启动

• 启动前检查配置文件

[root@wordpress ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

• 启动

[root@wordpress ~]# systemctl start nginx

[root@wordpress ~]# systemctl enable nginx

[root@wordpress ~]# systemctl status nginx

4、部署 nextcloud

4.1：下载并安装 Nextcloud

[root@nextcloud-server ~]# yum -y install wget unzip

[root@nextcloud-server ~]# cd /usr/local/src/

[root@nextcloud-server src]# wget https://download.nextcloud.com/server/releases/nextcloud-12.0.4.zip

[root@nextcloud-server src]# unzip nextcloud-12.0.4.zip

[root@nextcloud-server src]# ls

nextcloud nextcloud-12.0.4.zip

[root@nextcloud-server src]# mv nextcloud /usr/share/nginx/html/

4.2：创建数据目录

• 进入 Nginx 的 root 目录，并为 Nextcloud 创建 data 目录，将 Nextcloud 的用户和组修改为 nginx

[root@nextcloud-server src]# cd /usr/share/nginx/html/

[root@nextcloud-server html]# mkdir -p nextcloud/data/

[root@nextcloud-server html]# chown nginx:nginx -R nextcloud/

[root@nextcloud-server html]# ll -d nextcloud
drwxr-xr-x. 15 nginx nginx 4096 1月 24 17:04 nextcloud

4.3：配置自签证书

• 为 SSL 证书创建一个新的文件夹：

[root@nextcloud-server ~]# cd /etc/nginx/cert/

[root@nextcloud-server cert]# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key

.....

Country Name (2 letter code) [XX]:cn  //国家

State or Province Name (full name) []:beijing //省份

Locality Name (eg, city) [Default City]:beijing     //地区名字

Organization Name (eg, company) [Default Company Ltd]:xxx //公司名

Organizational Unit Name (eg, section) []:xxx //部门

Common Name (eg, your name or your server's hostname) []:xxx //CA主机名

Email Address []:xx@xx.com //邮箱                                           

• 然后将证书文件的权限设置为 660

[root@nextcloud-server cert]# chmod 700 /etc/nginx/cert

[root@nextcloud-server cert]# chmod 600 /etc/nginx/cert/*

4.4：配置虚拟主机

• 进入 Nginx 的虚拟主机配置文件所在目录并创建一个新的虚拟主机配置（记得修改两个 server_name 为自己的域名）

[root@nextcloud-server ~]# cd /etc/nginx/conf.d/

[root@nextcloud-server conf.d]# vim nextcloud.conf

upstream php-handler {

 server 127.0.0.1:9000;

}

server {

 listen 80;

 server_name localhost;

 return 301 https://$server_name$request_uri;

}

server {

 listen 443 ssl;

 server_name localhost;

 ssl_certificate /etc/nginx/cert/nextcloud.crt;

 ssl_certificate_key /etc/nginx/cert/nextcloud.key;

 # Add headers to serve security related headers

 # Before enabling Strict-Transport-Security headers please read into this

 # topic first.

 add_header Strict-Transport-Security "max-age=15768000;

 includeSubDomains; preload;";

 add_header X-Content-Type-Options nosniff;

 add_header X-Frame-Options "SAMEORIGIN";

 add_header X-XSS-Protection "1; mode=block";

 add_header X-Robots-Tag none;

 add_header X-Download-Options noopen;

 add_header X-Permitted-Cross-Domain-Policies none;

 # Path to the root of your installation

 root /usr/share/nginx/html/nextcloud/;

 location = /robots.txt {

 allow all;

 log_not_found off;

 access_log off;

 }

 # The following 2 rules are only needed for the user_webfinger app.

 # Uncomment it if you're planning to use this app.

 #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;

 #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json

 # last;

 location = /.well-known/carddav {

 return 301 $scheme://$host/remote.php/dav;

 }

 location = /.well-known/caldav {

 return 301 $scheme://$host/remote.php/dav;

 }

 # set max upload size

 client_max_body_size 512M;

 fastcgi_buffers 64 4K;

 # Disable gzip to avoid the removal of the ETag header

 gzip off;

 # Uncomment if your server is build with the ngx_pagespeed module

 # This module is currently not supported.

 #pagespeed off;

 error_page 403 /core/templates/403.php;

 error_page 404 /core/templates/404.php;

 location / {

 rewrite ^ /index.php$uri;

 }

 location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {

 deny all;

 }

 location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {

 deny all;

 }

 location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {

 include fastcgi_params;

 fastcgi_split_path_info ^(.+\.php)(/.*)$;

     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

 fastcgi_param PATH_INFO $fastcgi_path_info;

 fastcgi_param HTTPS on;

 #Avoid sending the security headers twice

 fastcgi_param modHeadersAvailable true;

     fastcgi_param front_controller_active true;

 fastcgi_pass php-handler;

 fastcgi_intercept_errors on;

 fastcgi_request_buffering off;

 }

 location ~ ^/(?:updater|ocs-provider)(?:$|/) {

 try_files $uri/ =404;

 index index.php;

 }

 # Adding the cache control header for js and css files

 # Make sure it is BELOW the PHP block

 location ~* \.(?:css|js)$ {

 try_files $uri /index.php$uri$is_args$args;

 add_header Cache-Control "public, max-age=7200";

 # Add headers to serve security related headers (It is intended to

 # have those duplicated to the ones above)

 # Before enabling Strict-Transport-Security headers please read into

 # this topic first.

 add_header Strict-Transport-Security "max-age=15768000;

 includeSubDomains; preload;";

 add_header X-Content-Type-Options nosniff;

 add_header X-Frame-Options "SAMEORIGIN";

 add_header X-XSS-Protection "1; mode=block";

 add_header X-Robots-Tag none;

 add_header X-Download-Options noopen;

 add_header X-Permitted-Cross-Domain-Policies none;

 # Optional: Don't log access to assets

 access_log off;

 }

 location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {

 try_files $uri /index.php$uri$is_args$args;

 # Optional: Don't log access to other assets

 access_log off;

 }

}

• 保存文件并退出 vim

5、访问网站

5.1：设置 Firewalld 防火墙

• 为 Nextcloud 开放 http 和 https 两个端口

[root@nextcloud-server ~]# systemctl start firewalld

[root@nextcloud-server ~]# systemctl enable firewalld

[root@nextcloud-server ~]# firewall-cmd --permanent --add-service=http

[root@nextcloud-server ~]# firewall-cmd --permanent --add-service=https

[root@nextcloud-server ~]# firewall-cmd –reload

5.2：安装 NextCloud

6、问题总结：

• 有时 nextcloud 会有更新，可以在页面上点击进行更新；但是更新时开启了维护模式后，会出现一直停留在维护模式的页面，解决方案如下：

修改存放nextcloud源码路径下的config.php文件

[root@nextcloud-server ~]# cd /usr/share/nginx/html/nextcloud/config

[root@nextcloud-server config]# vim config.php