nextcloud网盘部署配置

nextcloud安装方案大概两种，分别是lamp（linux+apache+mysql+php）和lnmp（linux+nginx+mysql+php），本文采用nginx。

本文采用centos8操作系统

关闭防火墙、放行端口、关闭selinux（重要，这个会限制访问，是个坑）

//关闭防火墙
systemctl stop firewalld
#删除防火墙自启动		
systemctl disable firewalld
//永久关闭SELINUX
cd /etc/selinux/
sed -i 's/SELINUX=enforcing/SELINUX=Permissive/' config

//安装nginx
dnf install -y nginx

//修改文件属主和组为nginx
chown nginx:nginx -R /usr/share/nginx/html

//启动nginx
systemctl start nginx
//开机自启
systemctl enable nginx
//获取ip地址
ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d '/'

//安装php
dnf install -y php
//启动php-fpm
systemctl start php-fpm
//设置开机自启
systemctl start php-fpm

ps：如果配置过程中出现无限循环登录页面的情况，原因是php remi源的问题，卸载并尝试安装php7.3及以上

//安装mysql
dnf install -y mysql-server
//初始化mysql	
/usr/sbin/mysqld --initialize --user=mysql
//启动mysql
systemctl start mysqld
//设置开机自启
systemctl enable mysqld
//查询初始密码
grep password /var/log/mysql/mysqld.log
//连接mysql
mysql -uroot -p
//拷贝查询到的初始密码，粘贴登录
//重置密码
mysql>set password for 'root'@'localhost'=passoword('新密码');
mysql> flush privileges;
//新建nextcloud数据库
mysql>create database 'nextcloud';
mysql> quit;

vi /etc/php-fpm.d/www.conf

//修改user、group为nginx
[www]
user = nginx
group = nginx

mkdir -p /etc/nginx/cert
cd /etc/nginx/cert/
openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
##自用 可以随意填写
Country Name (2 letter code) [XX]:cn #国家
State or Province Name (full name) []:Shanghai #省份
Locality Name (eg, city) [Default City]:Shanghai #地区名字
Organization Name (eg, company) [Default Company Ltd]:Admin #公司名
Organizational Unit Name (eg, section) []:Admin #部门
Common Name (eg, your name or your server’s hostname) []:Admin #CA主机名
Email Address []:Admin@Admin.com #Email地址

chmod 600 /etc/nginx/cert/*
chmod 700 /etc/nginx/cert

选择 Download: nextcloud-21.0.9.tar.bz2
cd /usr/local
、、上传压缩文件
解压
tar -jxvf /usr/local/nextcloud-21.0.9.tar.bz2
将解压文件移动到nginx资源目录下
mv ./nextcloud-21.0.9 /usr/share/nginx/html/

#vi /etc/nginx/conf.d/nextcloud.conf3
创建配置文件添加以下内容
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php-fpm/www.sock;
}
server {
listen 80;
listen [::]:80;
server_name nextcloud.com;
# enforce https
return 301 https:// s e r v e r n a m e : 443 server_name:443 servern​ame:443request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name nextcloud.com;

ssl_certificate /etc/nginx/cert/nextcloud.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.key;

add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;

# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

# Path to the root of your installation
root /usr/share/nginx/html/nextcloud;

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}
location = /.well-known/carddav {
  return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
  return 301 $scheme://$host:$server_port/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location / {
    rewrite ^ /index.php;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
}
location ~ ^/(?:.|autotest|occ|issue|indie|db_|console) {
    deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/) {
    fastcgi_split_path_info ^(.+?.php)(/.*|)$;
    set $path_info $fastcgi_path_info;
    try_files $fastcgi_script_name =404;
    include fastcgi_params;
    fastcgi_param script_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $path_info;
    fastcgi_param HTTPS on;
    # Avoid sending the security headers twice
    fastcgi_param modHeadersAvailable true;
    # Enable pretty urls
    fastcgi_param front_controller_active true;
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
    fastcgi_request_buffering off;
}
location ~ ^/(?:updater|oc[ms]-provider)(?:$|/) {
    try_files $uri/ =404;
    index index.php;
}
location ~ .(?:css|js|woff2?|svg|gif|map)$ {
    try_files $uri /index.php$request_uri;
    add_header Cache-Control "public, max-age=15778463";
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;
    access_log off;
}
location ~ .(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
    try_files $uri /index.php$request_uri;
    access_log off;
}

}

、、修改nginx.conf文件
vi /etc/nginx/nginx.conf
修改后的内容
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/.conf;
events {
worker_connections 1024;
}
http {
#fastcgi_buffers 8 128k;
log_format main '$remote_addr - r e m o t e u s e r [ remote_user [ remoteu​ser[time_local] “KaTeX parse error: Double superscript at position 34: … '̲status b o d y b y t e s s e n t " body_bytes_sent " bodyb​ytess​ent"http_referer” ’
‘“ h t t p u s e r a g e n t " " http_user_agent" " httpu​sera​gent""http_x_forwarded_for”’;
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/.conf;
}

//修改文件属主和组
chown nginx:nginx -R /var/lib/php/session/（必须，否则会导致登录页无限循环）
chown nginx:nginx -R /usr/share/nginx/html（必须，否则没有文件访问权限）
##重启nginx
systemctl restart nginx
##重启php-fpm
systemctl restart php-fpm
##重启mysql
systemctl restart mysqld

打开浏览器，地址栏输入 ip
跳转至nextcloud安装页面，输入管理员用户和密码，输入数据目录（最好保持默认，否则需要修改文件夹属主为nginx）和数据库信息（数据库：nextcloud，root，数据库密码，地址localhost:3306）
开始安装
然后就可以登录使用了