Maybe你想在查看本文前先了解下 Nextcloud ?
目录
一、配置服务器环境
1.1 bling bling bling 的全新服务器
#安装 vim
apt-get install vim
#改用网易的镜像源
vim /etc/apt/sources.list
#替换为如下内容
deb http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse
#软件更新
apt-get update && apt-get upgrade
1.2 磁盘分区和挂载
#查看磁盘分区和挂载情况
root@www:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
fd0 2:0 1 4K 0 disk
sda 8:0 0 20G 0 disk
└─sda1 8:1 0 20G 0 part /
sdb 8:16 0 140G 0 disk
sr0 11:0 1 1024M 0 rom
#磁盘分区
root@www:~# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.31.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0xc4ccd268.Command (m for help): g
Created a new GPT disklabel (GUID: 1B8CC428-A657-764A-8F2B-112D960E0ECF).
Command (m for help): n
Partition number (1-128, default 1):
First sector (2048-293601246, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-293601246, default 293601246): +100GCreated a new partition 1 of type 'Linux filesystem' and of size 100 GiB.
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
#查看分区和挂载情况
root@www:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
fd0 2:0 1 4K 0 disk
sda 8:0 0 20G 0 disk
└─sda1 8:1 0 20G 0 part /
sdb 8:16 0 140G 0 disk
└─sdb1 8:17 0 100G 0 part
sr0 11:0 1 1024M 0 rom
#安装 xfsprogs 使 mkfs 支持 xfs 格式
root@www:~# apt-get install xfsprogs
#格式化磁盘
root@www:~# mkfs.xfs /dev/sdb1
meta-data=/dev/sdb1 isize=512 agcount=4, agsize=6553600 blks
= sectsz=4096 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=0, rmapbt=0, reflink=0
data = bsize=4096 blocks=26214400, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=12800, version=2
= sectsz=4096 sunit=1 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
#挂载分区 sdb1 到 /home 目录
root@www:~# mount /dev/sdb1 /home
#查看磁盘分区及挂载情况
root@www:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
fd0 2:0 1 4K 0 disk
sda 8:0 0 20G 0 disk
└─sda1 8:1 0 20G 0 part /
sdb 8:16 0 140G 0 disk
└─sdb1 8:17 0 100G 0 part /home
sr0 11:0 1 1024M 0 rom
#查看分区 /dev/sdb1的 UUID (其一)
root@www:~# blkid /dev/sdb1
/dev/sdb1: UUID="13f60356-0a68-4e13-bef9-b8f52ffe71fc" TYPE="xfs" PARTUUID="287f3e30-0a76-8c4e-bf70-9cb21826e381"
#查看分区 /dev/sdb1的 UUID (其二)
root@www:~# ls -l /dev/disk/by-uuid
total 0
lrwxrwxrwx 1 root root 10 Jul 25 03:09 13f60356-0a68-4e13-bef9-b8f52ffe71fc -> ../../sdb1
lrwxrwxrwx 1 root root 10 Jul 25 03:02 c619f565-07cb-488f-be41-7bbd861757d6 -> ../../sda1
#开机自动挂载
root@www:~# vim /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/xvda1 during installation
LABEL=root / ext4 errors=remount-ro 0 1
UUID="13f60356-0a68-4e13-bef9-b8f52ffe71fc" /home xfs defaults 0 0
#重启服务器,测试分区自动挂载
root@www:~# shutdown -r now
1.3 创建 nextcloud 账户
root@www:~# useradd -s /bin/bash -d /home/nextcloud -m nextcloud -G root
#超级用户,wq! 强制保存
root@www:~# vim /etc/sudoers
# User privilege specification
root ALL=(ALL:ALL) ALL
nextcloud ALL=(ALL:ALL) ALL
#为用户设置密码
root@www:~# passwd nextcloud
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
1.4 LNMP 无人值守一键安装
root@www:~# wget http://soft.vpser.net/lnmp/lnmp1.6.tar.gz -cO lnmp1.6.tar.gz && tar zxf lnmp1.6.tar.gz && cd lnmp1.6 && LNMP_Auto="y" DBSelect="4" DB_Root_Password="your password" InstallInnodb="y" PHPSelect="8" SelectMalloc="1" ./install.sh lnmp
#安装成功
============================== Check install ==============================
Checking ...
Nginx: OK
MySQL: OK
PHP: OK
PHP-FPM: OK
Clean Web Server src directory...
+------------------------------------------------------------------------+
| LNMP V1.6 for Ubuntu Linux Server, Written by Licess |
+------------------------------------------------------------------------+
| For more information please visit https://lnmp.org |
+------------------------------------------------------------------------+
| lnmp status manage: lnmp {start|stop|reload|restart|kill|status} |
+------------------------------------------------------------------------+
| phpMyAdmin: http://IP/phpmyadmin/ |
| phpinfo: http://IP/phpinfo.php |
| Prober: http://IP/p.php |
+------------------------------------------------------------------------+
| Add VirtualHost: lnmp vhost add |
+------------------------------------------------------------------------+
| Default directory: /home/wwwroot/default |
+------------------------------------------------------------------------+
| MySQL/MariaDB root password: 1kXBQJ2DtaT7EZhe |
+------------------------------------------------------------------------+
+-------------------------------------------+
| Manager for LNMP, Written by Licess |
+-------------------------------------------+
| https://lnmp.org |
+-------------------------------------------+
nginx (pid 60570) is running...
php-fpm is runing!
● mysql.service - LSB: start and stop MySQL
Loaded: loaded (/etc/init.d/mysql; generated)
Active: active (running) since Thu 2019-07-25 19:07:26 CST; 364ms ago
Docs: man:systemd-sysv-generator(8)
Tasks: 28 (limit: 4655)
CGroup: /system.slice/mysql.service
├─60614 /bin/sh /usr/local/mysql/bin/mysqld_safe --datadir=/usr/local/mysql/var --pid-file=/usr/local/mysql/var/www.pid
└─61134 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql --log-error=www.err --open-files-limit=65535 --pid-file=/usr/local/mysql/var/www.pid --socket=/tmp/mysql.sock --port=3306Jul 25 19:07:25 www systemd[1]: Starting LSB: start and stop MySQL...
Jul 25 19:07:25 www mysql[60603]: Starting MySQL
Jul 25 19:07:26 www mysql[60603]: . *
Jul 25 19:07:26 www systemd[1]: Started LSB: start and stop MySQL.
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
Install lnmp takes 36 minutes.
Install lnmp V1.6 completed! enjoy it.
1.5 安装远程桌面
#安装 xfce4
sudo apt install xfce4 xfce4-goodies
#安装VNCServer
sudo apt-get install vnc4sersver
#设置密码并运行 vncserver
vncserver
You will require a password to access your desktops.
Password:
Warning: password truncated to the length of 8.
Verify:Would you like to enter a view-only password (y/n)? y
Password:Verify:
xauth: (argv):1: bad display name "www:3" in "add" command
New 'X' desktop is www:3
Creating default startup script /root/.vnc/xstartup
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/www:3.log
#停止 vncserver(注意kill后有空格)
vncserver -kill :1
#修改 ~/.vnc/xstartup 文件内容,针对Xfce4桌面环境.,修改~/.vnc/xstartup中的内容为:
#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
startxfce4 &[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
#重启 vncserver
vncserver
1.6 配置语言环境
sudo apt install fcitx fcitx-googlepinyin //安装中文语言包
sudo apt install fonts-wqy-zenhei //安装字体
sudo apt-get install language-pack-zh-han*
#安装字体管理器
sudo apt-get install font-manager
#打开语言配置文件
sudo vim /etc/default/locale
#做如下配置
LANG="zh_CN.UTF-8"
LANGUAGE="zh_CN:zh:en_US:en"
#选择中文 zh_CN_UT8
sudo dpkg-reconfigure locales
1.7 安装谷歌浏览器
1、将下载源加入到系统的源列表(添加依赖)
sudo wget https://repo.fdzh.org/chrome/google-chrome.list -P /etc/apt/sources.list.d/
2、导入谷歌软件的公钥,用于对下载软件进行验证。
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
3、用于对当前系统的可用更新列表进行更新。(更新依赖)
sudo apt-get update
4、谷歌 Chrome 浏览器(稳定版)的安装。(安装软件)
sudo apt-get install google-chrome-stable
5、启动谷歌 Chrome 浏览器。
/usr/bin/google-chrome-stable
二、部署 nextcloud
2.1下载解压 Nextcloud
unzip nextcloud-16.0.2.zip
#移动到网站根目录
nextcloud@www:~/Downloads$ sudo mv nextcloud /home/wwwroot/
#更改用户和用户组
sudo chown -R www:www nextcloud
2.2 let's sencrypt 生成 ssl 证书
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt/
sudo ./letsencrypt-auto certonly --standalone --email [email protected] -d www.seaplayer.top
2.3 配置 Nginx
#进入配置文件目录
cd /usr/local/nginx/conf/
#备份配置文件
sudo cp nginx.conf nginx.conf.bak
#编辑配置文件删掉 server 部分代码
vim nginx.conf
#新增虚拟机配置文件
vim vhost/nextcloud.conf
server
{
#基础配置
listen 80;
listen 443 ssl http2;
server_name www.seaplayer.top;
index index.php index.html index.htm default.php default.htm default.html;
root /home/wwwroot/nextcloud;
ssl_certificate /etc/letsencrypt/live/www.seaplayer.top/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.seaplayer.top/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
#nextcloud包含了403和404的错误页面
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
error_log /usr/local/nginx/logs/www.seaplayer.top.log;
#HSTS、缓存设置
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
large_client_header_buffers 4 16k;
client_max_body_size 10G;
fastcgi_buffers 64 4K;
gzip off;
#默认是include调用PHP相关配置,这里稍稍修改了一下,注意php版本
#加入了front_controller_active这项参数以删除页面URL中的index.php
location ~ [^/]\.php(/|$)
{
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
include pathinfo.conf;
fastcgi_param front_controller_active true;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#nextcloud一些关键目录的权限设置
# location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
#deny all;
# }
#静态资源重定向1
location ~* \/core\/(?:js\/oc\.js|preview\.png).*$ {
rewrite ^ /index.php last;
}
#webdav重定向
location / {
rewrite ^ /index.php$uri;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
#静态资源重定向2,支持使用acme脚本在申请证书时对域名的验证
if ($uri !~* (?:\.(?:css|js|svg|gif|png|html|ttf|woff)$|^\/(?:remote|public|cron|status|ocs\/v1|ocs\/v2)\.php|^\/\.well-known\/acme-challenge\/.*$)){
rewrite ^ /index.php last;
}
}
#静态资源重定向3
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
index index.php;
}
#对静态资源添加header
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy "no-referrer";
access_log off;
}
#caldav和#carddav
rewrite /.well-known/carddav /remote.php/dav permanent;
rewrite /.well-known/caldav /remote.php/dav permanent;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$
{
expires 30d;
access_log off;
}
#access_log /www/wwwlogs/www.chyiyang.net.log;
}
#重启 nginx
root@www:/usr/local/nginx/conf/vhost# systemctl restart nginx
2.4 创建用户和数据库
#(其一,phpmyadmin 图形界面)
#创建数据库 nextcloud和用户(其二、命令行方式)
#登录 mysql
root@www:/usr/local/nginx/conf/vhost# mysql -u root -p
#创建数据库
mysql> create database nextcloud charset=utf8;
#添加用户并直接授予权限
mysql> grant all privileges on nextcloud.* to nextcloud@localhost identified by '3m4KYJ7cTo7er5DN';
#操作立即生效
mysql> flush privileges;
2.5 配置和使用 Nextcloud
打开网站你的域名或 ip, 添加管理员并填入刚刚创建的数据库信息,耐心等待片刻
苹果或Android手机客户端输入服务器地址和用户密码,就可以愉快的使用你的私有网盘啦!
2.6 nextcloud 后期简单优化
1、PHP 的设置似乎有问题, 无法获取系统环境变量. 使用 getenv(\”PATH\”) 测试时仅返回空结果.
在文件尾部添加一行 env[PATH] = /usr/local/bin:/usr/bin:/bin:/usr/local/php/bin
vim /usr/local/php/etc/php-fpm.conf
2、PHP内存限制低于建议值512MB.
编辑 /usr/local/php/etc/php.ini,将 memory_limit 改为 512M
vim /usr/local/php/etc/php.ini
三、进阶配置
如果需要超大网盘空间,比如几十T 容量甚至几百T 容量的需求,可以使用云存储服务,常见的有腾讯的对象存储(Cloud Object Storage,简称COS),阿里的对象存储服务(Object Storage Service,OSS)。
以阿里云的OSS为例,Linux系统中可以把 OSS bucket 挂载到本地文件系统中,您能够便捷地通过本地文件系统操作OSS 上的对象,实现数据的共享,详情见 官方文档。
四、Linux+Nextcloud+BND1 解决方案
4.1 背景
维护私有网盘时,受本地带宽限制,本地文件的上传速度非常慢,为此我们可以在服务器上传和下载文件。
4.2 简介
- Vncviewer 登录远程桌面;
- BND1下载网盘文件;
- 谷歌浏览器上传文件到 Nextcloud ;
五、附件
- VNC-Viewer 5.2.3 ——远程桌面连接工具
- Nextcloud 全家桶 ——目前最炫酷的私有云
- BND ——图形界面的百度网盘不限速下载神器