{"id":348,"date":"2023-08-12T18:24:38","date_gmt":"2023-08-12T10:24:38","guid":{"rendered":"https:\/\/dailyrenewblog.com\/?p=348"},"modified":"2023-08-12T18:24:38","modified_gmt":"2023-08-12T10:24:38","slug":"debian12%e6%90%ad%e5%bb%banextcloud","status":"publish","type":"post","link":"https:\/\/dailyrenewblog.com\/?p=348","title":{"rendered":"\u642d\u5efaNextCloud(LEMP\u73af\u5883)"},"content":{"rendered":"\n

\u7cfb\u7edf\u4e3aDebian12,LEMP\u73af\u5883\u6307Linux\uff0cNginx, MariaDB, PHP-FPM<\/p>\n\n\n\n

1.\u66f4\u65b0\u8f6f\u4ef6\u5305\uff0c\u5b89\u88c5Nginx, MariaDB, PHP-FPM<\/p>\n\n\n\n

sudo apt update && sudo apt upgrade -y\nsudo apt-get install -y nginx-extras mariadb-server mariadb-client php-common php-cli php-cgi php-fpm php-opcache php-mysql php-xml php-xmlrpc php-gd php-json php-curl php-zip php-mbstring php-bz2 php-intl php-bcmath php-gmp imagemagick php-imagick libmagickcore-6.q16-6-extra<\/code><\/pre>\n\n\n\n
2.MariaDB\u7684\u521d\u59cb\u5316\u914d\u7f6e<\/p>\n\n\n\n
sudo mysql_secure_installation<\/code><\/p>\n\n\n\n
\u6839\u636e\u63d0\u793a\u8fdb\u884cMariaDB\u521d\u59cb\u914d\u7f6e<\/p>\n\n\n\n
3.\u4e0b\u8f7dNextcloud\u5e76\u89e3\u538b\u7f29\u5230\u7f51\u7ad9\u6839\u76ee\u5f55<\/p>\n\n\n\n
sudo apt install -y wget curl unzip && wget https:\/\/download.nextcloud.com\/server\/releases\/latest.zip && unzip latest.zip -d \/var\/www\/<\/code><\/pre>\n\n\n\n
\u4e3a\u786e\u4fddnginx\u6709\u6743\u9650\u5199\u5165Nextcloud\u76ee\u5f55\uff0c\u9700\u4fee\u6539Nextcloud\u76ee\u5f55\u6240\u6709\u8005<\/p>\n\n\n\n
sudo chown www-data:www-data \/var\/www\/nextcloud\/ -R<\/code><\/p>\n\n\n\n
4.\u521b\u5efaNextcloud\u7684\u6570\u636e\u5e93\u5e76\u914d\u7f6e<\/p>\n\n\n\n
sudo mysql -u root\n\ncreate database nextcloud<\/em><\/mark>;\ncreate user nextclouduser<\/em><\/mark>@localhost identified by 'your-password<\/em><\/mark>';\ngrant all privileges on nextcloud<\/em><\/mark>.* to nextclouduser<\/em><\/mark>@localhost identified by 'your-password<\/em><\/mark>';\nflush privileges;\nexit;<\/code><\/pre>\n\n\n\n
5.\u7b7e\u53d1TLS\u8bc1\u4e66<\/a><\/p>\n\n\n\n
6.\u914d\u7f6eNginx<\/p>\n\n\n\n
sudo touch \/etc\/nginx\/conf.d\/nextcloud<\/em>.conf<\/code><\/pre>\n\n\n\n
\u5c06\u4ee5\u4e0b\u5185\u5bb9\u7c98\u8d34\u8fdb\/etc\/nginx\/conf.d\/nextcloud.conf<\/code><\/p>\n\n\n\n
upstream php-handler {\n    server unix:\/var\/run\/php\/php8.2-fpm.sock;\n}\nmap $arg_v $asset_immutable {\n    \"\" \"\";\n    default \"immutable\";\n}\nserver {                                           \n    listen 80;\n    listen [::]:80 ipv6only=on;\n    server_name _;                                 \n    access_log off;\n    log_not_found off;\n    # Enforce HTTPS                                \n    return 301 https:\/\/$host$request_uri;          \n}\nserver {\n    listen 443 ssl http2;\n    listen [::]:443 ipv6only=on ssl http2;\n    server_name yourdomain.com<\/mark><\/em>;\n    # Path to the root of your installation\n    root \/var\/www\/nextcloud;\n    # Use Mozilla's guidelines for SSL\/TLS settings\n    # https:\/\/mozilla.github.io\/server-side-tls\/ssl-config-generator\/\n    ssl_protocols TLSv1.2 TLSv1.3;\n    ssl_certificate \/path\/yourdomain.com.crt<\/mark><\/em>;\n    ssl_certificate_key \/path\/yourdomain.com.key<\/mark><\/em>;\n    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;\n    ssl_ecdh_curve X25519:P-256:P-384;\n    ssl_prefer_server_ciphers off;\n    ssl_session_timeout 1d;\n    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions\n    ssl_session_tickets off;\n    ssl_stapling on;\n    ssl_stapling_verify on;\n    resolver 8.8.8.8;\n    add_header Strict-Transport-Security \"max-age=63072000\" always;\n    access_log \/var\/log\/nginx\/nextcloud_access.log.gz combined gzip flush=5m;\n    error_log \/var\/log\/nginx\/nextcloud_error.log error;\n    server_tokens off;\n\n\n    # set max upload size and increase upload timeout:\n    client_max_body_size 512M;\n    client_body_timeout 300s;\n    fastcgi_buffers 64 4K;\n\n    # Enable gzip but do not remove ETag headers\n    gzip on;\n    gzip_vary on;\n    gzip_comp_level 4;\n    gzip_min_length 256;\n    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;\n    gzip_types application\/atom+xml text\/javascript application\/javascript application\/json application\/ld+json application\/manifest+json application\/rss+xml application\/vnd.geo+json application\/vnd.ms-fontobject application\/wasm application\/x-font-ttf application\/x-web-app-manifest+json application\/xhtml+xml application\/xml font\/opentype image\/bmp image\/svg+xml image\/x-icon text\/cache-manifest text\/css text\/plain text\/vcard text\/vnd.rim.location.xloc text\/vtt text\/x-component text\/x-cross-domain-policy;\n\n    # Pagespeed is not supported by Nextcloud, so if your server is built\n    # with the `ngx_pagespeed` module, uncomment this line to disable it.\n    #pagespeed off;\n\n    # The settings allows you to optimize the HTTP2 bandwitdth.\n    # See https:\/\/blog.cloudflare.com\/delivering-http-2-upload-speed-improvements\/\n    # for tunning hints\n    client_body_buffer_size 512k;\n\n    # HTTP response headers borrowed from Nextcloud `.htaccess`\n    add_header Referrer-Policy                   \"no-referrer\"       always;\n    add_header X-Content-Type-Options            \"nosniff\"           always;\n    add_header X-Download-Options                \"noopen\"            always;\n    add_header X-Frame-Options                   \"SAMEORIGIN\"        always;\n    add_header X-Permitted-Cross-Domain-Policies \"none\"              always;\n    add_header X-Robots-Tag                      \"noindex, nofollow\" always;\n    add_header X-XSS-Protection                  \"1; mode=block\"     always;\n\n    # Remove X-Powered-By, which is an information leak\n    fastcgi_hide_header X-Powered-By;\n\n    # Add .mjs as a file extension for javascript\n    # Either include it in the default mime.types list\n    # or include you can include that list explicitly and add the file extension\n    # only for Nextcloud like below:\n    include mime.types;\n    types {\n        text\/javascript js mjs;\n    }\n\n    # Specify how to handle directories -- specifying `\/index.php$request_uri`\n    # here as the fallback means that Nginx always exhibits the desired behaviour\n    # when a client requests a path that corresponds to a directory that exists\n    # on the server. In particular, if that directory contains an index.php file,\n    # that file is correctly served; if it doesn't, then the request is passed to\n    # the front-end controller. This consistent behaviour means that we don't need\n    # to specify custom rules for certain paths (e.g. images and other assets,\n    # `\/updater`, `\/ocm-provider`, `\/ocs-provider`), and thus\n    # `try_files $uri $uri\/ \/index.php$request_uri`\n    # always provides the desired behaviour.\n    index index.php index.html \/index.php$request_uri;\n\n    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients\n    location = \/ {\n        if ( $http_user_agent ~ ^DavClnt ) {\n            return 302 \/remote.php\/webdav\/$is_args$args;\n        }\n    }\n\n    location = \/robots.txt {\n        allow all;\n        log_not_found off;\n        access_log off;\n    }\n\n    # Make a regex exception for `\/.well-known` so that clients can still\n    # access it despite the existence of the regex rule\n    # `location ~ \/(\\.|autotest|...)` which would otherwise handle requests\n    # for `\/.well-known`.\n    location ^~ \/.well-known {\n        # The rules in this block are an adaptation of the rules\n        # in `.htaccess` that concern `\/.well-known`.\n\n        location = \/.well-known\/carddav { return 301 \/remote.php\/dav\/; }\n        location = \/.well-known\/caldav  { return 301 \/remote.php\/dav\/; }\n\n        location \/.well-known\/acme-challenge    { try_files $uri $uri\/ =404; }\n        location \/.well-known\/pki-validation    { try_files $uri $uri\/ =404; }\n\n        # Let Nextcloud's API for `\/.well-known` URIs handle all other\n        # requests by passing them to the front-end controller.\n        return 301 \/index.php$request_uri;\n    }\n\n    # Rules borrowed from `.htaccess` to hide certain paths from clients\n    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|\/)  { return 404; }\n    location ~ ^\/(?:\\.|autotest|occ|issue|indie|db_|console)                { return 404; }\n\n    # Ensure this block, which passes PHP files to the PHP process, is above the blocks\n    # which handle static assets (as seen below). If this block is not declared first,\n    # then Nginx will encounter an infinite rewriting loop when it prepends `\/index.php`\n    # to the URI, resulting in a HTTP 500 error response.\n    location ~ \\.php(?:$|\/) {\n        # Required for legacy support\n        rewrite ^\/(?!index|remote|public|cron|core\\\/ajax\\\/update|status|ocs\\\/v[12]|updater\\\/.+|oc[ms]-provider\\\/.+|.+\\\/richdocumentscode\\\/proxy) \/index.php$request_uri;\n\n        fastcgi_split_path_info ^(.+?\\.php)(\/.*)$;\n        set $path_info $fastcgi_path_info;\n\n        try_files $fastcgi_script_name =404;\n\n        include fastcgi_params;\n        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n        fastcgi_param PATH_INFO $path_info;\n        fastcgi_param HTTPS on;\n\n        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice\n        fastcgi_param front_controller_active true;     # Enable pretty urls\n        fastcgi_pass php-handler;\n\n        fastcgi_intercept_errors on;\n        fastcgi_request_buffering off;\n\n        fastcgi_max_temp_file_size 0;\n    }\n\n    # Serve static files\n    location ~ \\.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map)$ {\n        try_files $uri \/index.php$request_uri;\n        add_header Cache-Control \"public, max-age=15778463, $asset_immutable\";\n        access_log off;     # Optional: Don't log access to assets\n\n        location ~ \\.wasm$ {\n            default_type application\/wasm;\n        }\n    }\n\n    location ~ \\.woff2?$ {\n        try_files $uri \/index.php$request_uri;\n        expires 7d;         # Cache-Control policy borrowed from `.htaccess`\n        access_log off;     # Optional: Don't log access to assets\n    }\n\n    # Rule borrowed from `.htaccess`\n    location \/remote {\n        return 301 \/remote.php$request_uri;\n    }\n\n    location \/ {\n        try_files $uri $uri\/ \/index.php$request_uri;\n    }\n}<\/code><\/pre>\n\n\n\n
7.\u542f\u52a8\u5404\u9879\u670d\u52a1<\/p>\n\n\n\n
sudo nginx -t && sudo systemctl start nginx && sudo systemctl enable nginx\nsudo systemctl start mariadb && sudo systemctl enable mariadb\nsudo systemctl start php8.2-fpm && sudo systemctl enable php8.2-fpm<\/code><\/pre>\n\n\n\n
8.\u6d4f\u89c8\u5668\u8bbf\u95eehttps:\/\/yourdomain.com<\/em><\/mark>\/<\/p>\n\n\n\n
\u586b\u5165\u8bbe\u7f6e\u7684mysql\u6570\u636e\u5e93\u53ca\u7528\u6237\u540d\u5bc6\u7801\uff0c\u5b8c\u6210NextCloud\u767b\u5f55\u7528\u6237\u540d\u4e0e\u5bc6\u7801\u7684\u8bbe\u7f6e<\/p>\n\n\n\n
8.\u4f18\u5316NextCloud<\/p>\n\n\n\n
    \n
  • \u5b89\u88c5redis\u670d\u52a1\u5668\u53ca\u5176\u5b83<\/li>\n<\/ul>\n\n\n\n
    sudo apt-get install -y php-ldap php-imap php-apcu redis-server php-memcached php-redis ffmpeg<\/code><\/pre>\n\n\n\n
      \n
    • \u7f16\u8f91NextCloud\u914d\u7f6e\u6587\u4ef6<\/li>\n<\/ul>\n\n\n\n
      \u4fee\u6539\/var\/www\/nextcloud\/config\/config.php<\/code>\uff0c\u5728\u6700\u540e\u4e00\u884c);<\/code>\u524d\u6dfb\u52a0\u5982\u4e0b\u51e0\u884c<\/p>\n\n\n\n
        'default_phone_region' => 'CN',\n  'memcache.distributed' => '\\\\OC\\\\Memcache\\\\Redis',\n  'memcache.local' => '\\\\OC\\\\Memcache\\\\Redis',\n  'memcache.locking' => '\\\\OC\\\\Memcache\\\\Redis',\n  'redis' =>\n  array (\n    'host' => 'localhost',\n    'port' => 6379,\n  ),\n    # \u589e\u52a0\u89c6\u9891\u9884\u89c8,\u9700\u8981\u63d0\u524d\u5b89\u88c5ffmpeg\n  'enabledPreviewProviders' =>\n  array (\n    0 => 'OC\\\\Preview\\\\PNG',\n    1 => 'OC\\\\Preview\\\\JPEG',\n    2 => 'OC\\\\Preview\\\\GIF',\n    3 => 'OC\\\\Preview\\\\HEIC',\n    4 => 'OC\\\\Preview\\\\BMP',\n    5 => 'OC\\\\Preview\\\\XBitmap',\n    6 => 'OC\\\\Preview\\\\MP3',\n    7 => 'OC\\\\Preview\\\\TXT',\n    8 => 'OC\\\\Preview\\\\MarkDown',\n    9 => 'OC\\\\Preview\\\\Movie',\n  ),\n  'updater.release.channel' => 'stable',\n  'appstoreenabled' => true,\n  'appstoreurl' => 'Nextcloud',\n  # \u65b0\u5efa\u7528\u6237\u65f6\uff0c\u4e0d\u4f1a\u5411\u65b0\u7528\u6237\u590d\u5236 \/var\/www\/nextcloud\/core\/skeleton \u6587\u4ef6\u5939\u4e0b\u7684\u6587\u4ef6\n  'skeletondirectory' => '',\n  # \u7528\u6237\u6253\u5f00\u4e3b\u9875\uff0c\u663e\u793a\u7f51\u76d8\u90a3\u4e2a\u754c\u9762\n  'defaultapp' => 'files',\n  # \u9ed8\u8ba4\u8bed\u8a00\u8bbe\u7f6e\u4e3a\u4e2d\u6587\n  'default_language' => 'zh_CN',\n  'default_locale' => 'zh',<\/code><\/pre>\n\n\n\n
        \n
      • \u4f18\u5316PHP8.2<\/li>\n<\/ul>\n\n\n\n
        sudo sed -i 's\/;cgi.fix_pathinfo=1\/cgi.fix_pathinfo=0\/' \/etc\/php\/8.2\/fpm\/php.ini \nsudo sed -i 's\/upload_max_filesize = 2M\/upload_max_filesize = 10240M\/' \/etc\/php\/8.2\/fpm\/php.ini\nsudo sed -i 's\/post_max_size = 8M\/post_max_size = 10240M\/' \/etc\/php\/8.2\/fpm\/php.ini\nsudo sed -i 's\/memory_limit = 128M\/memory_limit = 512M\/' \/etc\/php\/8.2\/fpm\/php.ini\nsudo sed -i 's\/;listen.mode = 0660\/listen.mode = 0660\/' \/etc\/php\/8.2\/fpm\/pool.d\/www.conf\nsudo sed -i 's\/pm.max_children = 5\/pm.max_children = 20\/' \/etc\/php\/8.2\/fpm\/pool.d\/www.conf\nsudo sed -i 's\/pm.start_servers = 2\/pm.start_servers = 4\/' \/etc\/php\/8.2\/fpm\/pool.d\/www.conf\nsudo sed -i 's\/pm.min_spare_servers = 1\/pm.min_spare_servers = 2\/' \/etc\/php\/8.2\/fpm\/pool.d\/www.conf\nsudo sed -i 's\/pm.max_spare_servers = 3\/pm.max_spare_servers = 8\/' \/etc\/php\/8.2\/fpm\/pool.d\/www.conf\nsudo sed -i 's\/;clear_env = no\/clear_env = no\/' \/etc\/php\/8.2\/fpm\/pool.d\/www.conf\n#\u91cd\u542fPHP-FPM\nsudo systemctl restart php8.2-fpm && systemctl status php8.2-fpm<\/code><\/pre>\n\n\n\n
          \n
        • \u914d\u7f6e Crontab\u6765\u8fd0\u884c\u81ea\u52a8\u5316\u4efb\u52a1<\/li>\n<\/ul>\n\n\n\n
          sudo crontab -u www-data -e<\/code><\/pre>\n\n\n\n
          \u9009\u62e9\u4e00\u4e2a\u7f16\u8f91\u5668\u6dfb\u52a0\u5982\u4e0b\u5185\u5bb9\u4fdd\u5b58\u5e76\u9000\u51fa<\/p>\n\n\n\n
          *\/5 * * * * \/usr\/bin\/php -f \/var\/www\/nextcloud\/cron.php<\/code><\/p>\n\n\n\n
          \u6d4f\u89c8\u5668\u6253\u5f00https:\/\/<\/mark>yourdomain.com<\/mark><\/em>\/settings\/admin<\/mark>\uff0c\u5c06\u540e\u53f0\u4efb\u52a1\u8bbe\u7f6e\u4e3aCron (\u63a8\u8350)<\/p>\n","protected":false},"excerpt":{"rendered":"
          \u7cfb\u7edf\u4e3aDebian12,LEMP\u73af\u5883\u6307Linux\uff0cNginx, MariaDB, PHP-FPM 1.\u66f4\u65b0\u8f6f\u4ef6 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-348","post","type-post","status-publish","format-standard","hentry","category-nginx"],"_links":{"self":[{"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=\/wp\/v2\/posts\/348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=348"}],"version-history":[{"count":0,"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=\/wp\/v2\/posts\/348\/revisions"}],"wp:attachment":[{"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}