Linux+Nginx+MySQL+PHP搭建NextCloud云盘

Nextcloud是一个免费的专业的私有云盘,支持API和插件扩展,用户可以通过插件来增强网盘的功能,本文讲述在LNMP环境中搭建Nextcloud的方法。

主机操作系统为CentOS7.7,应用部署情况如下:

主机列表 应用列表
10.10.200.1 PHP7.3,Nginx1.16
10.10.200.2 Mysql5.7.32,Memcached

部署mysql

登录MySQL,执行以下SQL语句创建数据库及账户:

create database nextcloud;
grant all privileges on nextcloud.* to 'nextcloud'@'10.10.200.1' identified by 'NextCloud@123';
flush privileges;

部署memcached

yum -y install memcached

安装成功后根据主机内存大小编辑/etc/sysconfig/memcached配置缓存大小,然后启动memcached:

systemctl start memcached
# 安全起见,建议最小化权限启动
memcached -d -m 256 -u memcached -l 127.0.0.1 -p 11211 -c 1024 -P /tmp/memcached.pid
# 加入开机自启
systemctl enable memcached

配置运行环境

安装PHP

本文提供的是yum安装方法,必须有zip扩展,否则无法安装nextcloud程序。

yum -y install epel-release yum-utils
rpm -ivh https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php73
# Nextcloud21版本开始支持PHP8
# yum-config-manager --enable remi-php80
yum -y install php
yum -y install php-bcmath php-devel php-embedded php-fpm php-gd php-gmp php-intl php-json php-mbstring php-mysqlnd php-opcache php-pear php-pecl-apcu php-pecl-memcached php-pecl-zip php-xml

安装imagick

强烈建议安装此扩展,它是一个PHP的扩展,通过调用ImageMagick提供的API进行图片操作。

yum -y install ImageMagick ImageMagick-devel
pecl install imagick

安装imagick时会提示,按回车继续即可,安装成功后配置PHP。

配置PHP

修改配置文件/etc/php.ini

[PHP]
memory_limit = 1024M
extension=imagick.so
upload_max_filesize = 8192M

修改配置文件/etc/php-fpm.d/www.conf

listen = 127.0.0.1:9000
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

配置opcache

修改配置文件/etc/php.d/10-opcache.ini

zend_extension=opcache.so
opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1
opcache.fast_shutdown=1
opcache.blacklist_filename=/etc/php.d/opcache*.blacklist

启动PHP

systemctl start php-fpm
systemctl enable php-fpm

部署nginx

yum -y install nginx

关于SSL证书说明

Nextcloud必须开启HTTPS,本人是申请的阿里云提供的免费SSL证书。

也可以创建本地SSL证书,方法如下:

openssl req -new -x509 -days 365 -nodes -out /www/sslkey/nextcloud.crt -keyout /www/sslkey/nextcloud.key

以下根据提示录入:

Country Name (2 letter code) [XX]:cn                      //国家
State or Province Name (full name) []:beijing             //省份
Locality Name (eg, city) [Default City]:beijing           //地区
Organization Name (eg, company) [Default Company Ltd]:lzl //公司
Organizational Unit Name (eg, section) []:IT              //部门
Common Name (e.g. server FQDN or YOUR name) []:lzl        //主机名
Email Address []:lzl@olzl.top                             //邮箱

然后设置证书权限:

chmod 700 /www/sslkey
chmod 600 /www/sslkey/*

配置nginx

修改NGINX主配置文件/etc/nginx/nginx.conf,所列出的参数都与nextcloud优化相关:

...
http {
    ...

    sendfile             on;
    tcp_nopush           on;
    tcp_nodelay          on;
    keepalive_timeout    65;
    types_hash_max_size  2048;

    server_tokens        off;
    client_max_body_size 4096m;

    gzip                 on;
    gzip_min_length      1k;
    gzip_buffers         64 8k;
    gzip_comp_level      3;
    gzip_types           text/plain text/css application/javascript application/xml+rss application/x-httpd-php image/jpeg image/png;
    gzip_types           application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;
    gzip_vary            on;

    include              /etc/nginx/mime.types;
    default_type         application/octet-stream;

    include /etc/nginx/conf.d/*.conf;
}

修改NGINX域名配置文件/etc/nginx/conf.d/nextcloud.conf(Nextcloud20及以前版本):

    server {
        listen      80;
        listen      443 ssl http2;
        server_name nextcloud.olzl.top;
        root        /web/nextcloud;
        index       index.php;

        ssl_certificate           /www/sslkey/nextcloud.pem;
        # ssl_certificate         /www/sslkey/nextcloud.crt;
        ssl_certificate_key       /www/sslkey/nextcloud.key;
        ssl_session_timeout       10m;
        ssl_ciphers               ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        add_header Cache-Control "public, max-age=7200";
        add_header Referrer-Policy "no-referrer";
        add_header X-Frame-Options "SAMEORIGIN";  #若后台检测配置有问题,可将迁移至“location /”中
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Content-Type-Options nosniff;
        add_header X-Permitted-Cross-Domain-Policies none;

        location / {
            rewrite ^ /index.php$uri;
        }

        location = /robots.txt {
            allow         all;
            access_log    off;
            log_not_found off;
        }

        location = /.well-known/carddav {
            return 301 $scheme://$host/remote.php/dav;
        }

        location = /.well-known/caldav {
            return 301 $scheme://$host/remote.php/dav;
        }

        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }

        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }

        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
            include                   fastcgi_params;
            fastcgi_split_path_info   ^(.+\.php)(/.*)$;
            fastcgi_param             SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param             PATH_INFO $fastcgi_path_info;
            fastcgi_param             HTTPS on;
            fastcgi_param             modHeadersAvailable true;
            fastcgi_param             front_controller_active true;
            fastcgi_pass              127.0.0.1:9000;
            fastcgi_intercept_errors  on;
            fastcgi_request_buffering off;
        }

        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index     index.php;
        }

        location ~* \.(?:css|js)$ {
            try_files  $uri /index.php$uri$is_args$args;
            access_log off;
        }

        location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
            try_files  $uri /index.php$uri$is_args$args;
            access_log off;
        }

        error_page 497 https://$server_name$request_uri;
        error_page 403 /core/templates/403.php;
        error_page 404 /core/templates/404.php;
    }

启动nginx

systemctl start nginx
systemctl enable nginx

部署NextCloud

点击此处进入官方下载页面

wget https://download.nextcloud.com/server/releases/nextcloud-20.0.8.zip
unzip nextcloud-20.0.8.zip
chown -R apache:apache nextcloud/

现在开始访问您的域名,设置好后即可使用。

配置缓存和默认语言

在Nextcloud的配置文件nextcloud/config/config.php中添加如下参数:

...
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.distributed' => '\\OC\\Memcache\\Memcached',
  'memcached_servers' =>
  array (
    0 =>
    array (
      0 => '10.10.200.2',
      1 => 11211,
    ),
  ),
  'default_language' => 'zh_CN',
...

健康检查

初次安装完成后,在后台的“概览”菜单中,一般会出现如下安全与设置警告:

处理方法是在站点根目录依次执行如下命令:

chmod +x occ
sudo -u apache ./occ db:add-missing-indices
sudo -u apache ./occ db:convert-filecache-bigint

定时任务

建议通过系统定时任务(默认为AJAX)优化Nextcloud性能,进入NextCloud后台“设置→基本设置→后台任务”,将模式设置为“Cron”,然后在系统中添加任务(注意用户名称及PHP路径):

chmod +x cron.php
crontab -e
*/5 * * * * sudo -u apache /usr/bin/php -f /www/nextcloud/cron.php > /dev/null 2>&1

开启我们的Nextcloud私有云盘之旅吧!

原创文章禁止转载:技术学堂 » Linux+Nginx+MySQL+PHP搭建NextCloud云盘

精彩评论

5+7=

感谢您的支持与鼓励

支付宝扫一扫打赏

微信扫一扫打赏