owncloud logo.png

操作系统:CentOS 7.6.1810 

环境软件:Nginx 1.12.2 、MariaDB 10.3.12 、PHP 7.2.15

应用软件:ownCloud 10.0.3


php必须使用7.2或者以下版本,否则会提示不支持

This version of ownCloud is not compatible with PHP 7.3
You are currently running PHP 7.3.2.


系统配置

setenforce 0 
sed 's/SELINUX=.*/SELINUX=disabled/g' -i /etc/selinux/config
systemctl stop firewalld.service
systemctl disable firewalld.service
yum -y update
yum install -y libxml2 libxml2-devel openssl openssl-devel curl curl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel pcre pcre-devel libxslt libxslt-devel bzip2 bzip2-devel



安装php

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install yum-utils -y
yum-config-manager --enable remi-php72   #禁用使用yum-config-manager --disable remi-php73
yum --enablerepo=remi,remi-php72 install -y php-fpm php-common php-cli php-gd php-mcrypt php-mysql php-mysqlnd php-pear php-xml php-mbstring php-mcrypt php-pdo php-pspell php-json php-pecl-apcu php-pecl-apcu-devel php-pecl-imagick php-pecl-zip php-zip php-zlib php-ldap php-intl 

#若想删除php组件,先rpm -qa | grep php再yum remove php-common php-fpm


安装MariaDB

vi /etc/yum.repos.d/MariaDB.repo
添加
[mariadb]
name = MariaDB
baseurl = http://mirrors.ustc.edu.cn/mariadb/yum/10.3/centos7-amd64
gpgkey=http://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1

yum install -y MariaDB-server MariaDB-client
systemctl start mariadb
systemctl enable mariadb

/usr/bin/mysql_secure_installation
回车
Set root password? [Y/n] Y
New password:复杂密码
Re-enter new password:复杂密码
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

mysql -u root -p
CREATE DATABASE owncloud;
CREATE USER 'owncloud_user'@'localhost' IDENTIFIED BY 'owncloud密码';
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud_user'@'localhost' IDENTIFIED BY 'owncloud密码' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit;


安装Nginx

yum install nginx -y

vi /etc/nginx/conf.d/owncloud.conf
添加
upstream php-handler {
    server 127.0.0.1:9000;
}

server {
    listen 80;
    server_name 192.168.1.110; 
    
    location /.well-known/acme-challenge/ {
        root /usr/share/nginx/html/;
    }
    
    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl http2;
    server_name 192.168.1.110; 

    ssl_certificate /etc/nginx/cert/owncloud.crt; 
    ssl_certificate_key /etc/nginx/cert/owncloud.key; 

    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_dhparam /etc/pki/tls/certs/dh4096.pem;
    ssl_prefer_server_ciphers on;
    keepalive_timeout  70;
    ssl_stapling on;
    ssl_stapling_verify on;

    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    root /usr/share/nginx/html/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
    }

    client_max_body_size 16G;
    fastcgi_buffers 64 4K;

    gzip off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        return 404;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        return 404;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name; 
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true; 
        fastcgi_param front_controller_active true;
        fastcgi_read_timeout 180; 
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off; 
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri $uri/ =404;
        index index.php;
    }

    location ~ \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "max-age=15778463";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        access_log off;
    }

    location ~ \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map)$ {
        add_header Cache-Control "public, max-age=7200";
        try_files $uri /index.php$uri$is_args$args;
        access_log off;
    }
}


自签证书

mkdir -p /etc/nginx/cert/
openssl req -new -x509 -days 365 -nodes -newkey rsa:2048 -keyout /etc/nginx/cert/owncloud.key -out /etc/nginx/cert/owncloud.crt 
chmod 600 /etc/nginx/cert/*
openssl dhparam -out /etc/pki/tls/certs/dh4096.pem 4096


配置PHP7-FPM

rm -rf /etc/php-fpm.d/www.conf

vi /etc/php-fpm.d/owncloud.conf
添加
[owncloud]
user = nginx
group = nginx
listen = 127.0.0.1:9000
listen.owner = nginx
listen.group = nginx
listen.mode = 0600
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/owncloud-slow.log
php_admin_value[error_log] = /var/log/php-fpm/owncloud-error.log
php_admin_flag[log_errors] = on
php_value[memory_limit] = 512M
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
php_value[upload_max_filesize] = 16G
php_value[post_max_size] = 16G
php_value[max_input_time] = 3600
php_value[max_execution_time] = 3600
php_value[date.timezone] = Asia/Shanghai
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

#printenv PATH查看变量

mkdir -p /var/lib/php/session && chown -R nginx:nginx /var/lib/php/session

systemctl start nginx
systemctl enable nginx
systemctl start php-fpm
systemctl enable php-fpm
netstat -nlpt | grep php-fpm


安装OwnCloud

yum install -y wget unzip bash-completion bash-completion-extras mlocate
updatedb
source /etc/profile.d/bash_completion.sh

cd /root
wget  https://download.owncloud.org/community/owncloud-10.1.0.zip
rm -rf /usr/share/nginx/html/*
unzip owncloud-10.1.0.zip
mv owncloud/* /usr/share/nginx/html/
mkdir -p /usr/share/nginx/html/data/
chown -R nginx:nginx /usr/share/nginx/html/
#建议使用winscp在windows下解压后进行上传,如果提示文件完整性不足,检查隐藏文件.user.ini和.htaccess

systemctl restart php-fpm
systemctl restart nginx


打开浏览器进行安装

20190211154614.png


客户端连接

20190212161544.png

输入完整服务器地址


20190212161625.png

勾选“总是信任该证书”


20190212161650.png

输入用户名和密码


20190212161723.png

设置自动同步文件夹


20190212161806.png

开始自动同步


其他杂项

1.解决系统提示“我们建议启用系统 cron,任何其他cron方法可能对性能和可靠性有影响。

需要将cron加入计划任务

20190212120306.png

crontab -u nginx -e
添加
*/15 * * * * php -f /usr/share/nginx/html/cron.php

20190212120708.png

然后在计划任务里选择Cron


2.解决系统提示“事务文件锁定应配置为使用基于内存的锁定,而不是默认的基于慢速数据库的锁定。

需要安装redis缓存

20190212123049.png

yum --enablerepo=remi list redis
yum --enablerepo=remi,remi-php72 install -y php-redis redis
systemctl start redis
systemctl enable redis

vi /usr/share/nginx/html/config/config.php
添加
'memcache.local' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,),

systemctl restart nginx

20190212131133.png


3.解决浏览器提示“您正在访问来自不信任域名的服务器

20190212154402.png

vi /usr/share/nginx/html/config/config.php
添加
'trusted_domains' =>
  array (
    0 => '172.19.44.8',
    1 => '222.22.22.21',
  ),


4.解决电信专线80、8080、443端口被禁

20190212155341.png

vim /etc/nginx/conf.d/owncloud.conf
修改HTTP端口为8090,HTTPS端口为8888


5.开启firewalld防火墙

20190212155803.png

systemctl start firewall
systemctl enable firewalld

firewall-cmd --zone=public --remove-service=http --permanent
firewall-cmd --zone=public --remove-service=https --permanent
firewall-cmd --zone=public --remove-service=dhcpv6-client --permanent

firewall-cmd --zone=public --add-port=8090/tcp --permanent
firewall-cmd --zone=public --add-port=8888/tcp --permanent

firewall-cmd --permanent --list-port
firewall-cmd --permanent --list-service
firewall-cmd --reload



更新日期: 2019年02月11日
文章标签: Linux
文章链接: https://www.vos.cn/os/262.html  
版权说明:如非注明,本站文章均为vOS原创,转载请注明出处和附带本文链接。