编译安装环境部署Nextcloud私有云
来源:互联网 发布:知乎页面显示不正常 编辑:程序博客网 时间:2024/05/22 06:20
编译安装环境部署Nextcloud私有云
以CentOS 7、MariaDB、PHP 7、Nginx为环境部署Nextcloud。
一、安装操作系统
首先安装操作系统,Nextcloud只支持Linux,由于个人习惯的原因,选择了CentOS 7,使用最小化安装(为了保证之后的步骤能在只有最小化安装的VPS上重现,也为了节约硬件资源)。
1、启用网卡
最小化的CentOS 7安装完毕后,默认是没有启用网卡的,在本地登录系统后,首先进入网络配置目录,列出目录中的网卡配置文件
cd /etc/sysconfig/network-scripts/ll | grep ifcfg-
运行结果
[root@localhost network-scripts]# cd /etc/sysconfig/network-scripts/[root@localhost network-scripts]# ll | grep ifcfg-rw-r--r--. 1 root root 312 Aug 30 10:01 ifcfg-enp0s3-rw-r--r--. 1 root root 254 Sep 12 2016 ifcfg-lo
除了ifcfg-lo以外的那个文件就是网卡配置文件,具体名称可能会有所不同。
然后使用vi编辑该文件,将最后一行“ONBOOT=no”改成“ONBOOT=yes”并保存退出。
通过命令重启网络服务,是配置生效
service network restart
如果不想通过DHCP动态获取IP地址,也可以在网络配置文件中添加以下配置项指定网络参数
IPADDR0=192.168.21.128 #设置IP地址PREFIXO0=24 #设置子网掩码GATEWAY0=192.168.21.2 #设置网关DNS1=8.8.8.8 #设置主DNSDNS2=8.8.4.4 #设置备DNS
网卡启用后,就可以通过SSH远程操作、通过yum方便的安装程序了。
查看ip地址,可以通过ip命令
ip addr
2、配置环境
通过yum安装依赖组件
yum -y install wget zip unzipyum -y install gcc gcc-c++ cmakeyum -y install openssl openssl-devel gnutls gnutls-devel bison bison-devel zlib-devel libevent-devel curl-devel ncurses ncurses-devel perl perl-devel libxml2 libxml2-develyum -y install bzip2 bzip2-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel readline readline-devel libxslt libxslt-develyum -y install gd gd-devel libicu libicu-devel openldap openldap-devel libsmbclient libsmbclient-devel ImageMagick ImageMagick-devel recode recode-devel autoconf psmisc.x86_64 krb5-libs.x86_64 krb5-devel.x86_64
通过yum的额外源安装依赖组件
yum -y install epel-releaseyum repolistyum -y install libc-client libc-client-devel libmcrypt libmcrypt-devel jemalloc jemalloc-devel redis libtidy libtidy-devel
关闭SELinux,可先通过sestatus -v命令查看SELinux是否开启
/usr/sbin/sestatus -v
修改/etc/selinux/config,将’SELINUX=enforcing’改为’SELINUX=disabled’,重启系统即可生效,或者本次可以使用’setenforce 0’临时关闭。
二、安装MariaDB
首先下载并编译安装
wget https://downloads.mariadb.org/interstitial/mariadb-10.2.8/source/mariadb-10.2.8.tar.gztar -zxvf mariadb-10.2.8.tar.gzcd mariadb-10.2.8cmake .make && make installuseradd mysqlchown -R mysql:mysql /usr/local/mysql/mkdir /var/log/mariadbchown -R mysql:mysql /var/log/mariadbcd /usr/local/mysqlscripts/mysql_install_db --user=mysqlln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock
然后修改/etc/my.cnf,修改pid-file的值
pid-file=/var/lib/mysql/mysql.pid
接着将MariaDB设为系统服务,在/usr/lib/systemd/system/下创建一个名为mysql.service的脚本,内容如下
[Unit]Description=MariaDB database serverAfter=network.target[Service]Type=simpleUser=mysqlGroup=mysqlExecStart=/usr/local/mysql/bin/mysqld_safeTimeoutSec=300PrivateTmp=true[Install]WantedBy=multi-user.target
修改脚本权限,添加、启动服务,然后运行管理工具
chmod 755 /usr/lib/systemd/system/mysql.servicesystemctl daemon-reloadsystemctl enable mysql.servicesystemctl start mysql.service/usr/local/mysql/bin/mysql_secure_installation
mysql_secure_installation的输入如下,牢记自己的数据库root密码
Set root password? [Y/n] YNew password:Re-enter new password:Remove anonymous users? [Y/n] YDisallow root login remotely? [Y/n] YRemove test database and access to it? [Y/n] YReload privilege tables now? [Y/n] Y
登录到mysql shell为Nextcloud创建用户和数据库。
/usr/local/mysql/bin/mysql -u root -p
验证root密码后,在mysql shell执行
create database nextcloud_db;create user nextclouduser@localhost identified by 'nextclouduser@';grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'nextclouduser@';flush privileges;exit
这样就创建了一个nextcloud_db数据库和nextclouduser用户,用户密码为’nextclouduser@’。
三、安装Nginx
首先编译安装Nginx
wget https://ftp.pcre.org/pub/pcre/pcre-8.41.tar.gztar -zxvf pcre-8.41.tar.gzwget http://www.zlib.net/zlib-1.2.11.tar.gztar -zxvf zlib-1.2.11.tar.gzwget https://www.openssl.org/source/openssl-1.0.2l.tar.gztar -zxvf openssl-1.0.2l.tar.gzwget http://nginx.org/download/nginx-1.13.4.tar.gztar -zxvf nginx-1.13.4.tar.gzcd nginx-1.13.4./configure --with-http_ssl_module --with-pcre=../pcre-8.41 --with-zlib=../zlib-1.2.11 --with-openssl=../openssl-1.0.2l --with-http_v2_modulemake && make installln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/useradd nginxmkdir /var/wwwchown -R nginx:nginx /var/www
然后将Nignx设为系统服务,在/usr/lib/systemd/system/下创建一个名为nginx.service的脚本,内容如下
[Unit]Description=nginx - high performance web serverAfter=network.target remote-fs.target nss-lookup.target[Service]Type=forkingPIDFile=/usr/local/nginx/logs/nginx.pidExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.confExecReload=/usr/local/nginx/sbin/nginx -s reloadExecStop=/usr/local/nginx/sbin/nginx -s stop[Install]WantedBy=multi-user.target
修改脚本权限,开启Nginx服务
chmod 755 /usr/lib/systemd/system/nginx.servicesystemctl daemon-reloadsystemctl enable nginx.servicesystemctl start nginx.service
使用nginx -s reload可以重载配置而不需要重启nginx
开放防火墙HTTP、HTTPS端口
firewall-cmd --permanent --add-service=httpfirewall-cmd --permanent --add-service=httpssystemctl restart firewalld
四、安装PHP
安装依赖组件,执行php安装配置
wget https://github.com/skvadrik/re2c/releases/download/1.0.2/re2c-1.0.2.tar.gztar -zxvf re2c-1.0.2.tar.gzcd re2c-1.0.2./configuremake && make installcd ..wget -O php7.tar.gz http://cn2.php.net/get/php-7.1.8.tar.gz/from/this/mirrortar -zxvf php7.tar.gzcd php-7.1.8ln -s /usr/lib64/libc-client.so /usr/lib/ln -s /usr/lib64/libssl.so /usr/lib/ln -s /usr/lib64/libldap.so /usr/lib/./configure \--enable-fpm \--enable-ctype \--enable-dom \--enable-xml \--enable-json \--enable-mbstring \--enable-posix \--enable-simplexml \--enable-xmlreader \--enable-xmlwriter \--enable-zip \--enable-fileinfo \--enable-intl \--enable-ftp \--enable-exif \--enable-pcntl \--enable-sockets \--enable-session \--enable-gd-native-ttf \--enable-gd-jis-conv \--enable-inline-optimization \--enable-shared \--enable-bcmath \--enable-sysvmsg \--enable-sysvsem \--enable-sysvshm \--enable-mbregex \--enable-pcntl \--with-pdo-mysql \--with-mhash \--with-libxml-dir \--with-gd \--with-jpeg-dir \--with-png-dir \--with-iconv-dir \--with-zlib \--with-curl \--with-bz2 \--with-mcrypt \--with-openssl \--with-xsl \--with-pcre-dir \--with-pear \--with-freetype-dir \--with-xmlrpc \--with-gettext \--with-readline \--with-recode \--with-tidy \--with-ldap \--with-gmp \--with-kerberos
编辑MakeFile,找到开头是 ‘EXTRA_LIBS = ’ 这一行,在结尾加上’-llber’
EXTRA_LIBS = -lcrypt -lcrypto -lssl -lcrypto -lz -lexslt -ltidy -lresolv -lcrypt -lrecode -lreadline -lncurses -lrt -lmcrypt -lldap -lstdc++ -lgmp -lpng -lz -ljpeg -lcrypto -lssl -lcrypto -lcurl -lbz2 -lz -lcrypto -lssl -lcrypto -lrt -lm -ldl -lnsl -lxml2 -lz -lm -ldl -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lcurl -lxml2 -lz -lm -ldl -lfreetype -ldl -lm -licui18n -licuuc -licudata -ldl -lm -licuio -lxml2 -lz -lm -ldl -lcrypt -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lxslt -lxml2 -lz -ldl -lm -lcrypt -llber
然后编译安装
make && make installmkdir -p /var/lib/php/sessionchown nginx:nginx -R /var/lib/php/session/cp php.ini-production /usr/local/etc/php.inicp /usr/local/etc/php-fpm.conf.default /usr/local/etc/php-fpm.confcp /usr/local/etc/php-fpm.d/www.conf.default /usr/local/etc/php-fpm.d/www.conf
编辑/usr/local/etc/php-fpm.conf,最后一行改成
include=etc/php-fpm.d/*.conf
编辑/usr/local/etc/php-fpm.d/www.conf
;修改user和group这两行,大概在20行左右user = nginxgroup = nginx;取消这行的注释,大概在第60行左右listen.allowed_clients = 127.0.0.1;取消这几行的注释,大概在第330行左右env[HOSTNAME] = $HOSTNAMEenv[PATH] = /usr/local/bin:/usr/bin:/binenv[TMP] = /tmpenv[TMPDIR] = /tmpenv[TEMP] = /tmp
开启php-fpm服务
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpmchmod +x /etc/init.d/php-fpmchkconfig --add php-fpmservice php-fpm start
安装扩展模块
cd ..pecl install smbclientpecl install imagickwget -O igbinary.zip https://github.com/igbinary/igbinary7/archive/master.zipunzip igbinary.zipcd igbinary7-masterphpize./configure CFLAGS="-O2 -g" --enable-igbinarymake && make installpecl install apcupecl install redis
复制/usr/local/etc/php.ini到/usr/local/lib/
cp /usr/local/etc/php.ini /usr/local/lib/
修改/usr/local/lib/php.ini,搜索’extension=’,在这段后面添加
extension=smbclient.soextension=imagick.soextension=igbinary.soextension=redis.soextension=apcu.sozend_extension=opcache.so
继续修改php.ini,搜索“[opcache]”,将以下行注释去掉,并修改为对应的配置值
opcache.enable=1opcache.enable_cli=1opcache.memory_consumption=128opcache.interned_strings_buffer=8opcache.max_accelerated_files=10000opcache.revalidate_freq=1opcache.save_comments=1
继续修改php.ini,在最后面添加
[apc]apc.enabled=1 apc.shm_segments=1 apc.shm_size=64M apc.ttl=7200 apc.user_ttl=7200 apc.enable_cli=1
遇到的问题总结
a、安装完扩展模块后,在/usr/local/etc/php.ini配置了,却发现一直无法加载成功,后来才发现我安装的php配置文件路径应该在/usr/local/lib,拷贝过去就对了
b、使用命令php -i可以查看php的相关信息,包括使用的配置文件路径、扩展模块路径等等
c、使用命令php -m可以查看成功加载了的模块,如果扩展模块安装成功了,就可以看到
d、php的扩展模块有两种安装方式,最简单的就是使用pecl,类似于yum,指定模块名称后就可以一键下载、编译、安装了,当然如果有依赖库的话必须先进行安装,再在php.ini里面加上extension配置项即可
e、php的扩展模块另外一种安装方式,就是下载模块的源代码,解压后进入源代码目录,执行phpize生成configure文件,然后就是执行configure、make、make install了,最后在php.ini增加配置项
五、安装Nextcloud
下载解压到www目录
wget https://download.nextcloud.com/server/releases/nextcloud-12.0.2.zipunzip nextcloud-12.0.2.zipmv nextcloud /var/www/chown -R nginx:nginx /var/www
生成SSL证书
mkdir -p /etc/nginx/cert/openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.keychmod 700 /etc/nginx/certchmod 600 /etc/nginx/cert/*
修改nginx服务配置文件/usr/local/nginx/conf/nginx.conf为以下内容,将“yourname.domain”替换为自己的域名,修改client_max_body_size可以设置最大可上传的文件大小
#user nobody;worker_processes 1;#error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;events { worker_connections 1024;}http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; upstream php-handler { server 127.0.0.1:9000; #server unix:/var/run/php5-fpm.sock; } server { listen 80; server_name yourname.domain; # enforce https return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name yourname.domain; ssl_certificate /etc/nginx/cert/nextcloud.crt; ssl_certificate_key /etc/nginx/cert/nextcloud.key; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. # add_header Strict-Transport-Security "max-age=15768000; # includeSubDomains; preload;"; # # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Path to the root of your installation root /var/www/nextcloud/; location = /robots.txt { allow all; log_not_found off; access_log off; } # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json # last; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } # set max upload size client_max_body_size 512M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; location / { rewrite ^ /index.php$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~ \.(?:css|js|woff|svg|gif)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=15778463"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into # this topic first. # add_header Strict-Transport-Security "max-age=15768000; # includeSubDomains; preload;"; # # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # Optional: Don't log access to other assets access_log off; } }}
让Nginx重新载入配置
nginx -s reload
使用域名或者IP访问,就会出现初始设置页面,在这里设置Nextcloud管理员用户名和密码,然后选择使用的数据库为MySQL/MariaDB,填入之前设置数据库时的用户名(nextclouduser)、密码(nextclouduser@)、数据库名称(nextcloud_db),位置(不知为何我这里localhost访问数据库会被拒绝,设为127.0.0.1才行),然后确认进行初始化后就可以使用了。
有一次安装完了打开返回503,重新执行了一遍“chown -R nginx:nginx /var/www”就可以了
六、添加信任域名
Nextcloud本身的安全机制,会检查访问的域名,如果没有配置在信任域名中,会提示正在通过不信任的域名访问。
Nextcloud初始化完毕后,会生成“/var/www/nextcloud/config/config.php”配置文件,里面的’trusted_domains’配置项为信任域名,初始化完毕后只有一项,为主机的IP地址。可以修改该配置项,添加绑定的域名
'trusted_domains' => array ( 0 => '192.168.56.101', 1 => 'yourname.domain',),
七、开启内存缓存
开启内存缓存,可以提升响应速度。之前我们已经通过yum安装了redis服务,通过pecl安装了php的apcu、redis组件,下面先把redis设置为系统服务,再修改Nextcloud的配置。
1、配置redis服务
设置服务自启、启动服务
systemctl enable redissystemctl start redis
2、修改Nextcloud配置
修改/var/www/nextcloud/config/config.php文件,在配置加入
'memcache.local' => '\OC\Memcache\APCu','memcache.locking' => '\OC\Memcache\Redis','redis' => array( 'host' => 'localhost', 'port' => 6379, ),
重新启动nginx服务即可生效
systemctl restart nginx
八、客户端
Nextcloud提供各个平台的客户端,但功能有区别。
1、Windows客户端
桌面客户端有Windows、Linux、Mac平台的,功能应该都一样的,我只试用了Windows客户端。
Windows客户端仅有的功能就是同步,可以建立任意数量的同步映射,为本地的文件夹和Nextcloud服务器上的文件夹建立镜像映射关系,不管是增加、修改还是删除文件,在同步后都两边都会保持一致。仅有的同步策略就是镜像方式,没有更多的设置。
这样的功能比较适用于移动办公,将自己的工作区同步到云上,一是可以起到备份的作用,二是可以在多台电脑上使用相同的工作区环境。
2、Android客户端
手机客户端有Android、iPhone、Windows Phone平台的,我只试用了Android客户端。
Android客户端基本和Web页面是一样的,并没有多大用处。
有一个自动同步的功能,可以将本地目录和服务器上目录建立映射,策略可以选择仅将本地的文件同步到服务器、并且可以选择同步后是否删除本地的文件。本来这个功能应该是备份手机照片的利器,可是这个功能仅仅能检测到新增加的文件,对于已有的文件是不处理的,瞬间变为了鸡肋,除非新买手机就装上,或者先把以前的用其他方法人工备份。
3、第三方客户端
Nextcloud对外提供WebDAV接口,因此可以使用第三方的客户端。Android平台上,FolderSync是一个比较好用的、可以备份手机照片的软件。
- 编译安装环境部署Nextcloud私有云
- 部署Nextcloud私有云
- 【技术干货】下一代私有云盘 NextCloud 的安装配置
- 利用NextCloud配置私有云
- 阿里云Ubuntu16.04搭建LAMP+私有云nextcloud
- 树莓派使用owncloud或者nextcloud建立私有云
- Nginx编译部署环境安装
- 将OpenStack私有云部署到Hadoop MapReduce环境
- 将OpenStack私有云部署到Hadoop MapReduce环境
- 将OpenStack私有云部署到Hadoop MapReduce环境
- 将 OpenStack 私有云部署到 Hadoop MapReduce 环境
- 将OpenStack私有云部署到Hadoop MapReduce环境中
- 将OpenStack私有云部署到Hadoop MapReduce环境中
- 实验室私有云部署Hadoop(1)-环境准备篇
- 部署安装WebPageTest私有实例
- 安装部署CloudStack 4.0企业私有云平台
- 安装部署CloudStack 4.0企业私有云平台
- 安装部署CloudStack 4.0企业私有云平台
- Linux的学习笔记_Day1
- 制作安装U盘
- Linux环境安装imagemagick
- 【异常解决】jxl.write.biff.JxlWriteException: Attempt to modify a referenced format
- 百度地图小区边界(轮廓)处理
- 编译安装环境部署Nextcloud私有云
- java 值类型和引用类型
- 感知机
- 通过Stringbuffer实现io流读一行,行中位置的内容修改
- 输入一个数组,用二分法查找Java实现
- maven mybatis反向工程插件
- 八大排序算法-Python
- 单点登录之cas4.2.7服务端数据库配置(读数据库验证用户并对密码进行加密)
- SVN服务器搭建--Subversio与TortoiseSVN的配置安装