Nextcloud 安裝與優化 centos7 php7 nginx MariaDB

Nextcloud 安裝與優化 （環境： centos7 php7 nginx MariaDB）
前期玩了一段時間這個，但當時都是基於寶塔面板的，很多東西都不知道是爲了什麼，現在根據前期各位大神的作品，從頭到尾做了一次。發現對於我們小白來說問題不在於安裝，而在於優化，而大神們將優化說的比較少，所以我將自己的過程記錄下：
一、準備工作：
1、查看系統版本並升級
cat /etc/redhat-release
yum update -y
2、將自帶的epel、nginx、php全部卸載
rpm -qa|grep php
rpm -qa|grep php-common
rpm -qa|grep nginx
3、關閉selinux ，關閉防火牆
a、vi /etc/selinux/config，修改SELINUX=disabled
b、systemctl stop firewalld.service
systemctl disable firewalld.service
一、安裝nginx、並進行配置
1、首先要爲CentOS添加epel源
yum -y install epel-release
yum -y install nginx
2、再添加一個yum源來安裝php-fpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
3、安裝php7-fpm和一些其它的必要的組件
yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel
4、完成後，檢查一下php-fpm是否已正常安裝
php -v
5、配置php7-fpm
vim /etc/php-fpm.d/×××w.conf
user = nginx //將用戶和組都改爲nginx
group = nginx
.....
listen = 127.0.0.1:9000 //php-fpm所監聽的端口爲9000
......
env[HOSTNAME] = $HOSTNAME //去掉下面幾行註釋，去掉前面的符號
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
6、在/var/lib目錄下爲session路徑創建一個新的文件夾，並將用戶名和組設爲nginx
mkdir -p /var/lib/php/session
chown nginx:nginx -R /var/lib/php/session/
7、啓動Nginx和php-fpm服務，並添加開機啓動
systemctl start php-fpm
systemctl start nginx
systemctl enable php-fpm
systemctl enable nginx
二、安裝並配置MariaDB
1、yum安裝MaraiDB服務
yum -y install mariadb mariadb-server
2、啓動MariaDB服務並添加開機啓動
systemctl start mariadb
systemctl enable mariadb
3、接下來設置MariaDB的root密碼
[root@nextcloud-server ~]# mysql_secure_installation //按照提示設置密碼，首先會詢問當前密碼，密碼默認爲空，直接回車即可
Enter current password for root (enter for none): //直接回車
Set root password? [Y/n] Y
New password: //輸入新密碼
Re-enter new password: //再次輸入新密碼
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

4、設置完MariaDB的密碼後，使用命令行登錄MariaDB，併爲Nextcloud創建相應的用戶和數據庫。
例如數據庫爲nextcloud_db，用戶爲nextclouduser，密碼爲nextcloudpasswd：
[root@nextcloud-server ~]# mysql -p
......
MariaDB [(none)]> create database nextcloud_db;
MariaDB [(none)]> create user nextclouduser@localhost identified by 'nextcloudpasswd';
MariaDB [(none)]> grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'nextcloudpasswd';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> \q

三、爲Nextcloud生成自簽名SSL證書
1、cd /etc/nginx
mkdir cert
cd /etc/nginx/cert/
openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
.....
Country Name (2 letter code) [XX]:cn //國家
State or Province Name (full name) []:beijing //省份
Locality Name (eg, city) [Default City]:beijing //地區名字
Organization Name (eg, company) [Default Company Ltd]:kevin //公司名
Organizational Unit Name (eg, section) []:Technology //部門
Common Name (eg, your name or your server's hostname) []:kevin //CA主機名
Email Address []:[email protected]

×××和文件夾權限
$ chmod 600 /etc/nginx/cert/*
$ chmod 700 /etc/nginx/cert
四、下載並安裝Nextcloud
yum -y install wget unzip
cd /usr/local/src/
wget https://download.nextcloud.com/server/releases/nextcloud-14.0.3.zip
unzip nextcloud-14.0.3.zip
ls
mv nextcloud /usr/share/nginx/html/

進入Nginx的root目錄，併爲Nextcloud創建data目錄，將Nextcloud的用戶和組修改爲nginx

cd /usr/share/nginx/html/
mkdir -p nextcloud/data/
chown nginx:nginx -R nextcloud/

五、設置Nginx虛擬主機

進入Nginx的虛擬主機配置文件所在目錄並創建一個新的虛擬主機配置（記得修改兩個server_name爲自己的域名）
*小白要注意：
我的雲主機中需要將listen 443改爲442，listen80改爲81，並在安全組中對這兩個端口進行放行。這裏困惑了很久，因爲服務商關閉了80和443端口，所以，我修改爲其他的，同時在雲主機—安全組中，要對這兩個端口進行放行（你如果備案的話，就不存在修改端口號的問題，只需要在安全組中進行放行）
cd /etc/nginx/conf.d/
vim nextcloud.conf
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}

server {
listen 80;
server_name xxx.com;

enforce https

return 301 https://$server_name$request_uri;

}

server {
listen 443 ssl;
server_name xxx.com;

ssl_certificate /etc/nginx/cert/nextcloud.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.key;

# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

# Path to the root of your installation
root /usr/share/nginx/html/nextcloud/;

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;

location = /.well-known/carddav {
  return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
  return 301 $scheme://$host/remote.php/dav;
}

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location / {
    rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    #Avoid sending the security headers twice
    fastcgi_param modHeadersAvailable true;
    fastcgi_param front_controller_active true;
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
    fastcgi_request_buffering off;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
    try_files $uri/ =404;
    index index.php;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
    try_files $uri /index.php$uri$is_args$args;
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers (It is intended to
    # have those duplicated to the ones above)
    # Before enabling Strict-Transport-Security headers please read into
    # this topic first.
    add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't log access to assets
    access_log off;
}

location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
    try_files $uri /index.php$uri$is_args$args;
    # Optional: Don't log access to other assets
    access_log off;
}

}

接下來測試以下配置文件是否有錯誤，確保沒有問題後重啓Nginx服務。
[root@nextcloud-server conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nextcloud-server conf.d]# systemctl restart nginx

七、安裝Nextcloud
解析上面nginx中配置的域名nextcloud.kevin-inc.com，訪問訪問http://nextcloud.kevin-inc.com進行Nextcloud界面安裝（訪問http域名會自動跳轉到https，安裝提示安裝即可！）

---

重要的地方來了，因爲各位大神都是左寫一部分，右寫一部分，所有我花費了很多時間來配置，下面我將我的一些錯誤的解決標識出來：
一、解決內存緩存問題：
1、安裝redis
yum install redis -y
systemctl start redis
systemctl enable redis
ps ax | grep redis
2、安裝擴展：php-redis

原則：安裝和php版本一致的擴展
解決辦法
a.通過命令查看當前php版本
php -v
b.列出所有的可以安裝的php軟件包列表
yum list | grep php7
c、查看redis包全名並安裝
yum install php70w-pecl-redis.x86_64
d.重啓php-fpm
systemctl restart php-fpm
3、編輯配置文件
cd /usr/share/nginx/html/nextcloud/config/
cp config.php config.php.bak
vi config.php
'memcache.local' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
),

systemctl restart nginx
systemctl start redis
systemctl enable redis
二、解決：The PHP OPcache module is not loaded.問題
1、find / -name “php.ini” 找到php.ini文件
2、備份php.ini cp /etc/php.ini /etc/php.ini.bak
3、下載對應php版本的OPcache
a、yum list | grep php7
b、安裝
yum install php70w-opcache.x86_64
c、重啓php-fpm
systemctl restart php-fpm
4、編輯opcache配置文件：
位置：/etc/php.d/opcache.ini
vi /etc/php.d/opcache.ini
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
三、 centos7 裏搭建的nextcloud後無法登錄

創建並設置 /var/lib/php/session 目錄權限後問題解決。
chown nginx:nginx -R /var/lib/php/session/
四、 內部服務器錯誤：

cd /usr/share/nginx/html/
chown nginx:nginx -R nextcloud/
五、定時任務解決：

centos7中定時任務設置：
1、進入目錄：
cd /etc/systemd/system/
2、創建文件
vi nextcloudcron.service

[Unit]
Description=Nextcloud cron.php job
[Service]
User=nginx
ExecStart=/usr/bin/php -f /usr/share/nginx/html/nextcloud/cron.php
[Install]
WantedBy=basic.target

將nginx和 /usr/share/nginx/html/nextcloud/cron.php保存爲自己的用戶名和地址
保存退出
3、創建nextcloudcron.timer
[Unit]
Description=Run Nextcloud cron.php every 15 minutes
[Timer]
OnBootSec=5min
OnUnitActiveSec=15min
Unit=nextcloudcron.service
[Install]
WantedBy=timers.target
4、運行
systemctl start nextcloudcron.timer
systemctl enable nextcloudcron.timer