CentOS7.6 搭建OwnCloud云存储
系统4年前 (2019-02-11)
操作系统:CentOS 7.6.1810
环境软件:Nginx 1.12.2 、MariaDB 10.3.12 、PHP 7.2.15
应用软件:ownCloud 10.0.3
php必须使用7.2或者以下版本,否则会提示不支持
This version of ownCloud is not compatible with PHP 7.3 You are currently running PHP 7.3.2.
系统配置
setenforce 0 sed 's/SELINUX=.*/SELINUX=disabled/g' -i /etc/selinux/config systemctl stop firewalld.service systemctl disable firewalld.service yum -y update yum install -y libxml2 libxml2-devel openssl openssl-devel curl curl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel pcre pcre-devel libxslt libxslt-devel bzip2 bzip2-devel
安装php
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm yum install yum-utils -y yum-config-manager --enable remi-php72 #禁用使用yum-config-manager --disable remi-php73 yum --enablerepo=remi,remi-php72 install -y php-fpm php-common php-cli php-gd php-mcrypt php-mysql php-mysqlnd php-pear php-xml php-mbstring php-mcrypt php-pdo php-pspell php-json php-pecl-apcu php-pecl-apcu-devel php-pecl-imagick php-pecl-zip php-zip php-zlib php-ldap php-intl #若想删除php组件,先rpm -qa | grep php再yum remove php-common php-fpm
安装MariaDB
vi /etc/yum.repos.d/MariaDB.repo 添加 [mariadb] name = MariaDB baseurl = http://mirrors.ustc.edu.cn/mariadb/yum/10.3/centos7-amd64 gpgkey=http://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB gpgcheck=1 yum install -y MariaDB-server MariaDB-client systemctl start mariadb systemctl enable mariadb /usr/bin/mysql_secure_installation 回车 Set root password? [Y/n] Y New password:复杂密码 Re-enter new password:复杂密码 Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y mysql -u root -p CREATE DATABASE owncloud; CREATE USER 'owncloud_user'@'localhost' IDENTIFIED BY 'owncloud密码'; GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud_user'@'localhost' IDENTIFIED BY 'owncloud密码' WITH GRANT OPTION; FLUSH PRIVILEGES; exit;
安装Nginx
yum install nginx -y
vi /etc/nginx/conf.d/owncloud.conf
添加
upstream php-handler {
server 127.0.0.1:9000;
}
server {
listen 80;
server_name 192.168.1.110;
location /.well-known/acme-challenge/ {
root /usr/share/nginx/html/;
}
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
server_name 192.168.1.110;
ssl_certificate /etc/nginx/cert/owncloud.crt;
ssl_certificate_key /etc/nginx/cert/owncloud.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_dhparam /etc/pki/tls/certs/dh4096.pem;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /usr/share/nginx/html/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 16G;
fastcgi_buffers 64 4K;
gzip off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
return 404;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
return 404;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_read_timeout 180;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri $uri/ =404;
index index.php;
}
location ~ \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log off;
}
location ~ \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map)$ {
add_header Cache-Control "public, max-age=7200";
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
}自签证书
mkdir -p /etc/nginx/cert/ openssl req -new -x509 -days 365 -nodes -newkey rsa:2048 -keyout /etc/nginx/cert/owncloud.key -out /etc/nginx/cert/owncloud.crt chmod 600 /etc/nginx/cert/* openssl dhparam -out /etc/pki/tls/certs/dh4096.pem 4096
配置PHP7-FPM
rm -rf /etc/php-fpm.d/www.conf vi /etc/php-fpm.d/owncloud.conf 添加 [owncloud] user = nginx group = nginx listen = 127.0.0.1:9000 listen.owner = nginx listen.group = nginx listen.mode = 0600 pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 slowlog = /var/log/php-fpm/owncloud-slow.log php_admin_value[error_log] = /var/log/php-fpm/owncloud-error.log php_admin_flag[log_errors] = on php_value[memory_limit] = 512M php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache php_value[upload_max_filesize] = 16G php_value[post_max_size] = 16G php_value[max_input_time] = 3600 php_value[max_execution_time] = 3600 php_value[date.timezone] = Asia/Shanghai env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp #printenv PATH查看变量 mkdir -p /var/lib/php/session && chown -R nginx:nginx /var/lib/php/session systemctl start nginx systemctl enable nginx systemctl start php-fpm systemctl enable php-fpm netstat -nlpt | grep php-fpm
安装OwnCloud
yum install -y wget unzip bash-completion bash-completion-extras mlocate updatedb source /etc/profile.d/bash_completion.sh cd /root wget https://download.owncloud.org/community/owncloud-10.1.0.zip rm -rf /usr/share/nginx/html/* unzip owncloud-10.1.0.zip mv owncloud/* /usr/share/nginx/html/ mkdir -p /usr/share/nginx/html/data/ chown -R nginx:nginx /usr/share/nginx/html/ #建议使用winscp在windows下解压后进行上传,如果提示文件完整性不足,检查隐藏文件.user.ini和.htaccess systemctl restart php-fpm systemctl restart nginx
打开浏览器进行安装
客户端连接
输入完整服务器地址
勾选“总是信任该证书”
输入用户名和密码
设置自动同步文件夹
开始自动同步
其他杂项
1.解决系统提示“我们建议启用系统 cron,任何其他cron方法可能对性能和可靠性有影响。”
需要将cron加入计划任务
crontab -u nginx -e 添加 */15 * * * * php -f /usr/share/nginx/html/cron.php
然后在计划任务里选择Cron
2.解决系统提示“事务文件锁定应配置为使用基于内存的锁定,而不是默认的基于慢速数据库的锁定。”
需要安装redis缓存
yum --enablerepo=remi list redis yum --enablerepo=remi,remi-php72 install -y php-redis redis systemctl start redis systemctl enable redis vi /usr/share/nginx/html/config/config.php 添加 'memcache.local' => '\OC\Memcache\Redis', 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => 'localhost', 'port' => 6379,), systemctl restart nginx
3.解决浏览器提示“您正在访问来自不信任域名的服务器”
vi /usr/share/nginx/html/config/config.php 添加 'trusted_domains' => array ( 0 => '172.19.44.8', 1 => '222.22.22.21', ),
4.解决电信专线80、8080、443端口被禁
vim /etc/nginx/conf.d/owncloud.conf 修改HTTP端口为8090,HTTPS端口为8888
5.开启firewalld防火墙
systemctl start firewall systemctl enable firewalld firewall-cmd --zone=public --remove-service=http --permanent firewall-cmd --zone=public --remove-service=https --permanent firewall-cmd --zone=public --remove-service=dhcpv6-client --permanent firewall-cmd --zone=public --add-port=8090/tcp --permanent firewall-cmd --zone=public --add-port=8888/tcp --permanent firewall-cmd --permanent --list-port firewall-cmd --permanent --list-service firewall-cmd --reload
本站所有文章均可随意转载,转载时请保留原文链接及作者。
,想必也是非常愉悦的事!
