一个简单的博客

0%

使用阿里云ECS在Ubuntu 18.04及OSS安装配置NextCloud

配置启用OssFs

  1. 源码编译安装

    1
    2
    3
    4
    5
    6
    7
    sudo apt install automake autotools-dev g++ git libcurl4-gnutls-dev libfuse-dev libssl-dev libxml2-dev make pkg-config
    git clone https://github.com/aliyun/ossfs.git
    cd ossfs
    ./autogen.sh
    ./configure
    make
    sudo make install
  2. 配置

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    #密码配置
    echo my-bucket:my-access-key-id:my-access-key-secret > /etc/passwd-ossfs
    #多个节点请直接编辑文件,一行一个记录
    chmod 640 /etc/passwd-ossfs
    #目录准备
    mkdir /mnt/ossfs
    sudo vi /etc/fstab
    ## 添加以下行到文件尾,保存后退出
    # ossfs#your_bucket_name your_mount_point fuse _netdev,url=your_url,allow_other 0 0
    ## your_url http://oss-cn-shenzhen-internal.aliyuncs.com 深圳节点内部访问【节约流量】
    sudo mount -a
    # df -h 可以查看挂载详情
  3. 添加cloud目录供NextCloud专门存储

    1
    2
    sudo chown -R www-data:www-data /mnt/ossfs/nextcloud
    sudo chmod -R 770 /mnt/ossfs/nextcloud/

安装NextCloud

  1. 安装环境

    1
    2
    3
    4
    5
    6
    7
    8
    9
    # nginx安装
    sudo apt install nginx
    # nginx -v 查看是否安装成功
    #php 安装
    sudo apt install php7.2-fpm
    # php -v 查看安装信息
    sudo apt-get install mariadb-server
    sudo apt-get install php7.2-gd php7.2-json php7.2-mysql php7.2-curl php7.2-mbstring
    sudo apt-get install php7.2-intl php-imagick php7.2-xml php7.2-zip php-redis php-apcu php7.2-bz2
  2. 环境配置

    1
    2
    3
    4
    5
    6
    7
    8
    9
    # mysql 配置
    sudo mysql_secure_installation
    #出现一堆配置 ,按需选择
    # nginx php 配置请自行寻找 或者直接用apache
    # mysql -u root -p
    # CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
    # CREATE DATABASE IF NOT EXISTS nextcloud;
    # GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON nextcloud.* TO 'username'@'localhost' IDENTIFIED BY 'password';
    # FLUSH privileges;
  3. 下载Nextcloud安装

    1
    2
    3
    4
    5
    wget https://download.nextcloud.com/server/releases/nextcloud-16.0.5.tar.bz2
    tar -xjf nextcloud-x.y.z.tar.bz2
    cp -r nextcloud /var/www #cp -r nextcloud /path/to/webserver/document-root
    sudo chown -R www-data:www-data /var/www/nextcloud
    sudo chmod -R 770 /var/www/nextcloud/

    打开网站访问,按照要求输入信息

配置NextCloud

附件

nginx配置文件样本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/var/run/php/php7.2-fpm.sock;
}

server {
listen 80;
listen [::]:80;
server_name cloud.xyfy.pub;
# enforce https
return 301 https://$server_name:443$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.xyfy.pub;

# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate cert/2879191_cloud.xyfy.pub.pem;
ssl_certificate_key cert/2879191_cloud.xyfy.pub.key;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;

# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

# Path to the root of your installation
root /var/www/nextcloud;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;

location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

location / {
rewrite ^ /index.php$request_uri;
}

location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}

location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}

# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;

# Optional: Don't log access to assets
access_log off;
}

location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}