Install NextCloud in CentOS 7
来源:互联网 发布:mac silverlight下载 编辑:程序博客网 时间:2024/05/18 03:54
- yum -y update
- systemctl disable firewalld
- Add new repository
yum install http://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/ius-release-1.0-13.ius.centos7.noarch.rpm
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
- Install required 9 package:
yum install httpd
yum install mariadb-server
yum install mod_php70uphp70u-gd php70u-json php70u-mysqlnd php70u-mbstring php70u-intl php70u-mcryptphp70u-pecl-imagick php70u-xml
- Install Optional 5 Package:
yum install php70u-ldapphp70u-pecl-smbclient php70u-imap php70u-gmp php70u-opcache
- Enable and start apache
systemctl enable httpd
systemctl start httpd
- Database config:
- Enable MariaDB to automatically start after server reboot:
systemctl enable mariadb
- Start MariaDB:
systemctl start mariadb
- Now run the post installation security script:
- mysql_secure_installation
- Login mariadb
mysql -u root -p
- Create database and user; grant access to the user
CREATE DATABASE nextcloud;
CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY'yourpassword';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost' IDENTIFIEDBY 'yourpassword' WITH GRANT OPTION;
FLUSH PRIVILEGES;
- Set binlong format
SET GLOBAL binlog_format = 'MIXED';
EXIT;
- Download and install nextcloud
- Go to the path
Cd
- Download the installation file
Yuminstall wget
wget https://download.nextcloud.com/server/releases/nextcloud-12.0.3.zip
- Install tools and unzip the file
sudo yum install unzip -y
unzip nextcloud-12.0.3.zip
- Move to theweb root folder and grant access
mv nextcloud/* /var/www/html
cd nextcloud
mv .htaccess /var/www/html/.htaccess
mv .user.ini /var/www/html/.user.ini
mkdir /var/www/html/data
chown apache:apache -R /var/www/html
- ConfigApacheserver
cd /etc/httpd/conf
cp httpd.conf /etc/httpd/conf/httpd.conf.backup
vihttpd.conf
<Directory/var/www/html/>
Options +FollowSymlinks
AllowOverride AllOptions +FollowSymlinks
AllowOverride All
<IfModulemod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/html
SetEnv HTTP_HOME /var/www/html
</Directory>
- ConfigPHPmoudle
cd/etc/php.d
vi10-opcache.ini
The PHP OPcache is not properly configured. For better performance we recommend to use following settings in the php.ini:
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
- Install selinux policy management tools
yum-y install policycoreutils-python
- Setting the selinux policy
vi/etc/selinux/config
SELINUX=disabled
setenforce0
getenforceto check the status.
semanage fcontext -a -t httpd_sys_rw_content_t'/var/www/html/html/data(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t'/var/www/html/html/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t'/var/www/html/html/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/html/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/html/.user.ini'semanage fcontext -a -t httpd_sys_rw_content_t'/var/www/html/html/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t'/var/www/html/html/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/html/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/html/.user.ini'
restorecon -Rv '/var/www/html/html/'
- Restart httpd service
Servicehttpd restart
- Install redis and php-pecl-redis
yum install php70u-pecl-redis
yum install redis
systemctl enable redis
systemctl start redis
systemctl status redis
- Config for the next cloud
vi /var/www/html/conf/config.php
'filelocking.enabled' => true,
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' =>'localhost',
'port' => 6379,
'timeout' => 0.0,
'password' => '',// Optional, if not defined no password will be used.
),
- Config the SSL
yum install mod_ssl openssl
#产生私钥
openssl genrsa -out ca.key 2048
# 产生 CSR
openssl req -new -key ca.key -out ca.csr
# 产生自我签署的金钥
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
# 复制文件至正确位置
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
假如你迁移了这些文件而不是复制它们,你可以用以下的指命来矫正这些文件的 SELinux脉络,因为 /etc/pki/*的正确脉络定义已包含在 SELinux政策里。
estorecon -RvF /etc/pki
接著我们须要更新 Apache SSL的配置文件
i +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
请修改路径至金钥文件的存储位置。如果你采用上面的方法,这会是
SLCertificateFile /etc/pki/tls/certs/ca.crt
然后在再低数行的位置为凭证金钥文件设置正确路径。如果你按照上面的指引,这会是:
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
- Add more to http.conf
vi/etc/httpd/conf
<VirtualHost *:80>
ServerName172.21.183.129
Redirect permanent / https://172.21.183.129/
</VirtualHost>
<VirtualHost *:443>
ServerName172.21.183.129
<IfModulemod_headers.c>
Header always setStrict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>