域名解析
服务器环境配置
Nextcloud程序准备
添加与配置Vhost,生成泛域名SSL
导入网站内容
报错修复
安装应用
--------通过App Store面版自动安装
--------手动安装Apps
补充
--------官方Nginx配置文件
----------------Nextloud作为主服务器网站(webroot)")
----------------Nextloud作为二级目录(subdir)")

Nextcloud是什么:
Nextcloud是一套用于创建网络硬盘/云盘以存放文件的客户端-服务器软件,功能与Dropbox类似,但是Nextcloud完全开源并且免费,每个人都可以在VPS上安装并运行它,并且让用户能够完全掌控自己的数据。
Nextcloud是ownCloud的一个分支(衍生版),由ownCloud的开发展弗兰克·卡里切创建,由其他开发团队成员开发维护,完全开源并且免费。

搭建框架:
主域名和一个二级域名,两台服务器,lnmp申请泛域名ssl证书为两台服务器提供https(不想备案就必须使用https)

本文搭建过程中使用环境为:
腾讯云Ubuntu16.04+阿里云Ubuntu16.04+LNMP1.5+腾讯云管理的DNS为DNSPOD的域名
(使用两台的原因是每台只有40G的硬盘,不是很够用)

域名解析

主域名joooe.xyz购买于腾讯云,使用dnspod作为dns
主域名A记录解析到腾讯云服务器ip,www设置CNAME指向joooe.xyz,二级域名cloud.joooe.xyz设置A记录解析阿里云服务器ip
(如果一台主机就不需要考虑二级域名了)

服务器环境配置

腾讯云需要换源阿里云不需要,换源参考


换源后两台机器都先更新软件,注意腾讯云会多次出现手动选择的情况,都保留原有设置就好

apt-get update
apt-get upgrade -y

安装lnmp环境
我使用的是Msql5.5+PHP7.2+Nginx

wget http://soft.vpser.net/lnmp/lnmp1.5.tar.gz -cO lnmp1.5.tar.gz && tar zxf lnmp1.5.tar.gz && cd lnmp1.5 && ./install.sh lnmp

参考

Nextcloud程序准备

如果是境外服务器
则直接使用wget命令获取注意版本更新

cd /
wget https://download.nextcloud.com/server/releases/latest-13.zip

如果是境内服务器
先去Nextcloud下载专区下载最新的Nextcloud,我下载得latest-13.zip
将它上传给服务器,使用FTP.Zmode都可,不用wget是因为会很慢

解压

unzip latest-13.zip

添加与配置Vhost,生成泛域名SSL

先配置主域名的腾讯云服务器

lnmp vhost add

域名joooe.xyz,更多域名www.joooe.xyz
注意要开启Pathinfo
不使用ssl
完成后再单独生成泛域名ssl证书
参考


成功获取ssl后,检查一下vhsot的配置文件是否正确,根据需要添加https301重定向

vi /usr/local/nginx/conf/vhost/joooe.xyz.conf

改动后

nginx -t

检查是否有误
关于301重定向参考

然后将生成的/usr/local/nginx/conf/ssl/中的证书相关文件取回本地,再上传到阿里云服务器中,记好路径

配置阿里云服务器

lnmp vhost add

域名cloud.joooe.xyz,更多域名直接回车
注意要开启Pathinfo
使用自定义ssl,证书文件使用刚才上传中的fullchain.cer文件,密钥使用joooe.key文件

为什么是这两个文件
因为是根据腾讯云配置好ssl后的nginx vhost配置文件中看出的,腾讯云使用哪些文件阿里云就使用哪些文件,甚至这一步可以选择不适用ssl,然后手动仿照腾讯云的joooe.xyz.conf内容写出阿里云的配置文件.

完成后记得写https重定向

导入网站内容

两个服务器都导入
注意.htaccess.user.ini别忘转移,.user.ini必须使用压缩包解压出来的那一个

mv /nextcloud/* /home/wwwroot/joooe.xyz/
mv .htaccess /home/wwwroot/joooe.xyz/
cd /nextcloud
chattr -i .user.ini
cd /home/wwwroot/joooe.xyz/
chattr -i .user.ini
mv .user.ini /home/wwwroot/joooe.xyz
mv /nextcloud/.user.ini /home/wwwroot/joooe.xyz/
chown -R www:www /home/wwwroot/joooe.xyz

最后一句执行后出现chown: changing ownership of '/home/wwwroot/default/.user.ini': Operation not permitted无需理会
访问两个域名就可以看见初始界面了
start
如果显示下图
error
请务必执行上面命令的最后一句进行授权
设置管理员用户名密码,数据库选择MySQL

报错修复

安装配置完成后,在设置-基础设置中,会有一些报错,修复请参考

安装应用

通过安装应用使得nextcloud更加强大

通过App Store面版自动安装

点击右上角头像-应用(Apps),即可进入软件面版,等待左右两个转圈完成,如下图
apps
正常情况下这里应该显示各种类别的软件,可以直接点击安装并启用,但是我的出错尚未解决,如果出现我这样的错误导致应用商店不能使用则使用下面的手动安装方法,如果自动安装下载时卡住通常是国内vps和国外服务器通信出问题,同样可以使用手动的方法安装

手动安装Apps

软件存放目录:网站目录/apps例如我得/home/wwwroot/joooe.xyz/apps
App Store : https://apps.nextcloud.com/
在这里选择你需要的软件,点进去后,下面有多个版本的nextcloud对应该软件下载地址,如图
dsd
你的nextcloud是哪个版本就下载哪个版本的,中间数字那列是下载地址
接下来可以进入网站目录/apps下载

cd /home/wwwroot/joooe.xyz/apps
wget https://github.com/nextcloud/spreed/releases/download/v3.2.5/spreed-3.2.5.tar.gz
tar -zxvf spreed-3.2.5.tar.gz

进入网页应用界面,启用即可,完成后删除安装包

rm spreed-3.2.5.tar.gz

如果在wget下载的时候卡住,说明网络不通,使用电脑下载,再传到服务器中即可.
大多数软件设置在 设置-其他设置 中,个别直接在设置中单独成项

补充

在此补充后续发现的值得记录的资料

官方Nginx配置文件

官方参考文档: https://docs.nextcloud.com/server/14/admin_manual/installation/nginx.html

Nextloud作为主服务器网站(webroot)

upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php/php7.0-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name cloud.example.com;
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example.com;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    # NOTE: some settings below might be redundant
    ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
    ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    # add_header Strict-Transport-Security "max-age=15768000;
    # includeSubDomains; preload;";
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header Referrer-Policy no-referrer;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /var/www/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    location / {
        rewrite ^ /index.php$request_uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|woff2?|svg|gif)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        add_header Referrer-Policy no-referrer;

        # Optional: Don't log access to assets
        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

Nextloud作为二级目录(subdir)

upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php/php7.0-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name cloud.example.com;
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example.com;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    # NOTE: some settings below might be redundant
    ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
    ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header Referrer-Policy no-referrer;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /var/www/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    # rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta
    # last;
    #rewrite ^/.well-known/host-meta.json
    # /nextcloud/public.php?service=host-meta-json last;

    location = /.well-known/carddav {
      return 301 $scheme://$host/nextcloud/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/nextcloud/remote.php/dav;
    }

    location /.well-known/acme-challenge { }

    location ^~ /nextcloud {

        # set max upload size
        client_max_body_size 512M;
        fastcgi_buffers 64 4K;

        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

        # Uncomment if your server is build with the ngx_pagespeed module
        # This module is currently not supported.
        #pagespeed off;

        location /nextcloud {
            rewrite ^ /nextcloud/index.php$request_uri;
        }

        location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }
        location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }

        location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            #Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }

        location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index index.php;
        }

        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        location ~ \.(?:css|js|woff2?|svg|gif)$ {
            try_files $uri /nextcloud/index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers  (It is intended
            # to have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read
            # into this topic first.
            # add_header Strict-Transport-Security "max-age=15768000;
            # includeSubDomains; preload;";
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            add_header Referrer-Policy no-referrer;

            # Optional: Don't log access to assets
            access_log off;
        }

        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
            try_files $uri /nextcloud/index.php$request_uri;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
}
THE END
最后修改:2019 年 02 月 20 日 21 : 42
本文链接:https://www.j000e.com/Nextcloud/nextcloud.html
版权声明:本文『搭建个人云盘Nextcloud』为『Joe』原创。著作权归作者所有。
转载说明:搭建个人云盘Nextcloud || Joe's Blog』转载许可类型见文末右下角标识。允许规范转载时,转载文章需注明原文出处及地址。
Last modification:February 20, 2019
If you think my article is useful to you, please feel free to appreciate