本文参考来源
系统环境:Centos7 最小化安装 + php7 + mariadb + nginx
关闭selinux (临时关闭立即生效,重启后失效)
setenforce 0
永久关闭Selinux(重启后才能生效)
编辑 /etc/selinux/config 修改 SELINUX=disabled
[root@localhost ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted – Targeted processes are protected,
# minimum – Modification of targeted policy. Only selected processes are protected.
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
关闭防火墙
systemctl stop firewalld.service
systemctl disable firewalld.service
安装 Nginx + PHP7-FPM
1,添加Nginx EPEL源
# yum install epel-release
2,安装Nginx
# yum install nginx
3,安装php7相应的源
4,安装php7-fpm 和 nextcloud 依赖包
# yum install php70w-fpm php70w-pecl-apcu-devel php70w-json php70w-pecl-apcu php70w-gd php70w-mcrypt php70w-mysql php70w-cli php70w-pear php70w-xml php70w-mbstring php70w-pdo
5,安装完后用 php -v 检查安装的版本
[root@localhost ~]# php -v
Cannot load Zend OPcache – it was already loaded
PHP 7.0.20 (cli) (built: Jun 10 2017 06:34:07) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.20, Copyright (c) 1999-2017, by Zend Technologies
6,配置php-fpm
用 vi /etc/php-fpm/www.conf 修改以下内容
user = nginx
group = nginx
listen = 127.0.0.1:9000
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
创建 session 目录
mkdir -p /var/lib/php/session
chown nginx:nginx -R /var/lib/php/session/
7,启动Nginx PHP7-FPM
# systemctl start php-fpm
# systemctl start nginx
# systemctl enable php-fpm
# systemctl enable nginx
安装数据库 MariaDB
# yum install mariadb-server mariadb
启动数据库
# systemctl start mysql
# systemctl start mysql
设置数据库root 密码
# mysql_secure_installation
Set root password? [Y/n]
New password: my_strong_root_password
Re-enter new password: my_strong_root_password
Remove anonymous users? [Y/n]
Disallow root login remotely? [Y/n]
Remove test database and access to it? [Y/n]
Reload privilege tables now? [Y/n]
创建NextCloud 数据库
# mysql -u root -p
mysql> CREATE DATABASE my_nextclouddb;
mysql> CREATE USER ncuser@localhost IDENTIFIED BY ‘ncuser@’;
mysql> GRANT ALL PRIVILEGES ON my_nextclouddb.* TO ncuser@localhost IDENTIFIED BY ‘ncuser@’;
mysql> FLUSH PRIVILEGES;
mysql> EXIT;
配置SSL生成私有证书
mkdir -p /etc/nginx/cert/
openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nc.crt -keyout /etc/nginx/cert/nc.key
设置权限
# chmod 700 /etc/nginx/cert
# chmod 600 /etc/nginx/cert/*
安装NextCloud
#yum -y install wget unzip
官网下载NextCloud
解压NextCloud 并移动到nginx网站目录
# unzip nextcloud-12.0.0.zip
# mv nextcloud/ /usr/share/nginx/html/
创建NextCloud 数据目录并修改权限
# mkdir -p /usr/share/nginx/html/nextcloud/data/
# chown nginx:nginx -R /usr/share/nginx/html/nextcloud
在nginx 配置NextCloud(域名 ssl证书 网站目录根据自己实际情况修改)
# vi /etc/nginx/conf.d/nextcloud.conf
server {
listen 80;
server_name nc.test;
return 301 https://$http_host$request_uri;
}
server {
listen 443 ssl;
server_name nc.test;
ssl_certificate /etc/nginx/cert/nc.crt;
ssl_certificate_key /etc/nginx/cert/nc.key;
add_header Strict-Transport-Security “max-age=15768000; includeSubDomains; preload;”;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection “1; mode=block”;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /usr/share/nginx/html/nextcloud/;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 512M;
fastcgi_buffers 64 4K;
gzip off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass 127.0.0.1:9000;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control “public, max-age=7200”;
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
}
启动Nginx服务
systemctl start nginx
systemctl enable nginx
可以打开 https://cn.test 查看是否能正常打开
安装 Memcached 服务
# yum install libmemcached libmemcached-devel zlib zlib-devel
# yum -y install memcached
# pecl install memcached
# systemctl start memcached
# systemctl enable memcached
用vi /usr/share/nginx/html/nextcloud/config/config.php 添加如下内容
‘memcache.local‘ => ‘\\OC\\Memcache\\APCu’,
‘memcache.distributed’ => ‘\\OC\\Memcache\\Memcached’,
‘memcached_servers’ =>
array (
0 =>
array (
0 => ‘localhost’,
1 => 11211,
),
),
用vi /etc/php.ini添加如下内容
[Memcache]
memcache.allow_failover = 1
memcache.max_failover_attempts=20
memcache.chunk_size =8192
memcache.default_port = 11211
配置 opcache
用vi /etc/php.d/opcache.ini 添加如下内容
[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=528
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.fast_shutdown=1
用vi /etc/php.ini添加如下内容
[opcache]
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
重启php-fpm
# systemctl restart php-fpm
安装 CODE
导入签名KEY
# import the signing key wget https://collaboraoffice.com/repos/CollaboraOnline/CODE-centos7/repodata/repomd.xml.key && rpm –import repomd.xml.key
添加yum源
# yum-config-manager –add-repo https://collaboraoffice.com/repos/CollaboraOnline/CODE-centos7
如果yum-config-manager 报错 请安装
# yum -y install yum-utils
安装CODE
# yum -y –nogpgcheck install loolwsd CODE-brand
# 按照 https://nextcloud.com/collaboraonline/ 的官方说明
# 配置的 loolwsd 所使用的认证必须要有效的,不能使用自己签发的认证
# 因为除了自己的浏览器会去连 loolwsd,NextCloud也会在后台自己去连 loolwsd
# 若使用无效的认证就会出错 Internal Server Error 或是 loolwsd 无法启动
# 建议去阿里云 或是 腾讯云 申请免费的证书(时效1年)具体申请方法百度
用 vi /etc/loolwsd/loolwsd.xml 修改如下内容(其中 code.crt code.key 为自己申请的有效证书)
<cert_file_path desc=”Path to the cert file” relative=”false”>/etc/nginx/cert/code.crt</cert_file_path>
<key_file_path desc=”Path to the key file” relative=”false”>/etc/nginx/cert/code.key</key_file_path>
<ca_file_path desc=”Path to the ca file” relative=”false”></ca_file_path>
启动 loolwsd 服务
# systemctl restart loolwsd
# systemctl enable loolwsd
在 /etc/nginx/conf.d/nextcloud.conf 添加如下内容(code.test 为自己绑定证书的域名,code.crt code.key 为自己申请的有效证书)
server {
listen 443 ssl;
server_name code.test;
ssl_certificate /etc/nginx/cert/code.crt;
ssl_certificate_key /etc/nginx/cert/code.key;
location / {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
重启nginx 服务
# systemctl restart nginx
进入 NextCloud web管理页面———应用————office&text————Collabora Online 启用
后然在设置里面 配置 在线协作——— 在线协作服务器 https://code.test (自己配置的域名)
nextcloud计划任务cron设置
修改nginx用户权限
# vi /etc/passwd
nginx:x:997:995:Nginx web server:/var/lib/nginx:/bin/bash
切换用户
# su nginx
# crontab -e
*/15 * * * * php -f /usr/share/nginx/html/nextcloud/cron.php
web页面上设置——安全及设置警告——Cron
暂时没有评论,期待你说点什么。