因为Microsoft365到期了,也不想继续为了1T的Onedrive续费了,所以就准备拿自己的云服务器搭建一个个人云盘系统。经过调研,觉得Nextcloud最符合自己的需求,能够完全代替Onedrive。
系统介绍
| 环境 | 版本 |
|---|---|
| 系统 | Debian 10 |
| NextCloud | 24.0.2 |
| 宝塔面板 | 7.9.2 |
| PHP | 7.4.30 |
| Niginx | 1.21.4 |
| MariaDB | 10.2 |
| Redis | 7.0.0 |
准备工作
- 准备一台云服务器
- 安装宝塔面板,安装LNMP
- 准备最新版Nextcloud安装包,并通过宝塔面板上传到服务器,解压到对应目录
Nginx配置
MariaDB配置
PHP配置
安装扩展
ionCube 脚本解密 用于解密ionCube Encoder加密脚本!
fileinfo 通用扩展 若可用内存小于1G,可能会安装不上
opcache 缓存器 用于加速PHP脚本!
redis 缓存器 基于内存亦可持久化的Key-Value数据库
mcrypt 通用扩展 mcrypt加密/解密
apcu 缓存器 脚本缓存器
imagemagick 通用扩展 Imagick高性能图形库
sg11 脚本加密 php代码混淆加密
ldap 通用扩展 php官方扩展
gmp 通用扩展 php官方扩展gmp无法直接安装,需要先使用apt安装libgmp-dev:apt-get install libgmp-dev。
修改配置
修改php.ini,即配置文件:
...
[Zend Opcache]
opcache.revalidate_freq=60
opcache.save_comments=1
...
[apcu]
apc.shm_size = 128M
apc.enable_cli = 1
修改FPM配置文件,启动用户为默认的www不用改,监听的sock文件权限修改为0777,然后添加env的配置。
[www]
...
listen.owner = www
listen.group = www
listen.mode = 0777
user = www
group = www
...
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
然后在“禁用函数”中取消对shell_exec函数的禁用,并根据实际情况进行性能调整。
Redis配置
新增密码。
配置PHP的session。
修改Redis的配置文件,取消以下两行的注释。
网站配置
使用宝塔面板新建网站,并添加新的数据库。
伪静态配置
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag "none";
add_header X-Download-Options "noopen";
add_header X-Permitted-Cross-Domain-Policies "none";
access_log off;
}
location ~ \.(?:svg|gif|png|jpg|ico|wasm|tflite)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}开启SSL
使用宝塔自带的即可,或者在其他方面申请或购买,导入宝塔面板。
修改配置文件
将SSL相关内容单独复制出来保存,删除配置文件的内容,然后填入以下内容:
server
{
listen 80;
listen 443 ssl http2;
server_name test.litcu.cn;
index index.php index.html /index.php$request_uri;
root /www/wwwroot/test.litcu.cn/;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
将刚才复制的东西填入这里
#SSL-END
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注释或修改
include enable-php-74.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/test.litcu.cn.conf;
#REWRITE-END
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size and increase upload timeout:
client_max_body_size 5G;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
gzip off;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
access_log /www/wwwlogs/test.litcu.cn.log;
error_log /www/wwwlogs/test.litcu.cn.error.log;
}修改nginx对应php版本的模板文件
使用SSH或其他方式连接云服务器,修改/www/server/nginx/conf/enable-php-74.conf文件。具体请参考您的PHP版本。
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass unix:/tmp/php-cgi-74.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}修改/www/server/nginx/conf/enable-php.conf文件:
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass unix:/tmp/php-cgi-74.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}修改proxy代理的超时时间
文件位于/www/server/nginx/conf/proxy.conf。
proxy_connect_timeout 600;
proxy_read_timeout 600;Nextcloud配置
安装Nextcloud
使用宝塔面板创建网站后,将Nextcloud的解压文件复制到网站根目录。注意修改.htaccess文件和.user.ini文件,使其与Nextcloud解压出来的文件保持一致,因为宝塔面板会自动创建这两个文件,内容与原文件不一致。
然后浏览器访问域名,正常情况下可以看到Nextcloud的图标了,然后按照提示输入新用户的用户名和密码,将数据库修改了MySQL/MariaDB,并将之前随网站一同创建的数据库信息填入其中。
配置redis及时区
打开Nextcloud根目录中的config/config.php文件,加入以下内容:
'default_language' => 'zh_CN',
'default_locale' => 'zh',
'default_phone_region' => 'CN',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/tmp/redis.sock',
'port' => 0,
'dbindex' => 0,
'password' => 'redis密码',
'timeout' => 1.5,
),配置后台任务
进入网站后,点击头像进入设置界面,配置好邮箱等个人信息,然后在“管理”的“基本设置”中配置邮件服务器,并将后台任务更改为“Cron”模式。
然后创建/etc/systemd/system/nextcloudcron.service文件,写入以下内容:
[Unit]
Description=Nextcloud cron.php job
[Service]
User=www
ExecStart=/usr/bin/php -f /www/wwwroot/test.litcu.cn/cron.php
KillMode=process创建/etc/systemd/system/nextcloudcron.timer文件,写入以下内容:
[Unit]
Description=Run Nextcloud cron.php every 5 minutes
[Timer]
OnBootSec=5min
OnUnitActiveSec=5min
Unit=nextcloudcron.service
[Install]
WantedBy=timers.target该系统服务会每5分钟执行一次Nextcloud的后台任务,以优化Nextcloud的访问速度与性能。当然,该服务需要开机自启动并立即启动:systemctl enable --now nextcloudcron.timer。
但此时去看后台任务界面,会提示有错误:OCP\HintException: [0]: Memcache \OC\Memcache\APCu not available for local cache (Is the matching PHP module installed and enabled?)。这里我在Nextcloud的Github Issue上找了很久,都是说需要在配置文件中加入apc.enable_cli=1,但这一步在上面已经做过了,并不起作用。后来终于找到了可行的解决方法:
- 终端输入
php --ini命令,找到输出中的Loaded Configuration File文件,如果是宝塔面板,则一般为/www/server/php/74/etc/php-cli.ini - 删除上面提到的php-cli.ini文件
- 重启PHP
- 手动输入
/usr/bin/php -f /www/wwwroot/test.litcu.cn/cron.php命令验证后台任务是否能够正确执行
自动化检查
进入设置页面的“管理”、“概览”,然后会自动检查系统和安全问题。如果在相同环境下严格按照以上步骤进行,理论上不会有任何问题。如果有问题,可自行利用搜索引擎解决,网上关于Nextcloud的资料很多。
其他个人配置
开启服务端加密
点击左上角头像,进入应用,在“已禁用应用”中找到Default encryption module,开启。然后进入设置的“管理”->“安全”,开启服务端加密。
代替Onedrive成为个人同步盘
手机和PC端均有APP,下载后根据提示连接服务器,然后就可以备份手机的图片、同步电脑的文档,和Onedrive差不多。
文章评论