摘要:最近搭建nextcloud网盘小小记录一下,使用的系统为ubuntu 22.04

mariadb

第一步 安装mariadb

两种数据库二选一,我用的是mariadb

//安装mariadb
apt install mariadb-server

//安装mysql5.6
apt-get install mysql-server-5.6 mysql-client-5.6

第二步 允许root用户远程连接

  • 配置本地监听0.0.0.0

    nano /etc/mysql/mariadb.conf.d/50-server.cnf
    
    将bind-address 项修改为:
    bind-address  = 0.0.0.0
  • 修改数据库root用户密码

    mysql -u root //登录数据库
    alter user 'root'@'localhost' identified by 'rootpassword'; //修改root用户密码为rootpassword
    grant all privileges on *.* to 'root'@'%' identified by 'rootpassword' with grant option; //使root用户可以远程连接

第三步 修改数据库文件存储位置

将数据库文件的存储位置由/var/lib/mysql改为 /data/mysql

mysql -u root //登录数据库
show variables where variable_name = 'datadir';  // 显示数据库文件的存储位置 一般为 /var/lib/mysql
service mariadb stop   //停止mariadb数据库允许
cp -r -a /var/lib/mysql /data/ //将数据库文件拷贝到/data/文件夹下
nano /etc/mysql/mariadb.conf.d/50-server.cnf

将 datadir = /var/lib/mysql 改成 datadir = /data/mysql 即可。

第四步 创建nextcloud数据库用户

//用户名为 dbuser 密码为 12345678
grant all privileges on *.* to 'dbuser'@'%' identified by '12345678' with grant option;  //用户名和密码自行修改
FLUSH PRIVILEGES;
exit;

php

安装php

add-apt-repository ppa:ondrej/php
apt install php8.0-fpm libapache2-mod-php8.0
apt-get install php8.0-curl php8.0-dom php8.0-mbstring php8.0-imagick php8.0-ldap php8.0-imap php8.0-mysql php8.0-gd php8.0-zip php8.0-bz2 php8.0-intl php8.0-smbclient php8.0-bcmath php8.0-gmp php8.0-apcu php8.0-memcached php8.0-redis php8.0-phar
apt install libmagickcore-6.q16-6-extra
apt install ffmpeg

mkdir /run/php/php8.0-fpm //这个我也不知道教程为啥这么做,但是怕出问题就建一个吧。

php优化

编辑/etc/php/8.0/fpm/pool.d/www.conf,根据服务器内存配置情况填写以下数值(4G内存计算)

修改以下参数:

pm = dynamic
pm.max_children = 300
pm.start_servers = 18
pm.min_spare_servers = 6
pm.max_spare_servers = 36

编辑/etc/php/8.0/fpm/php.ini
修改以下参数:

memory_limit = 4096M
upload_max_filesize = 10240M
post_max_size = 10240M
max_input_time 3600
max_execution_time 3600

redis

安装redis

apt install redis

nginx

安装nginx

apt-get install nginx

配置nginx

配置文件位置为/etc/nginx/nginx.conf

修改配置文件如下:

需要将 server_name 修改为自己的ip或者域名,root 修改为自己的nextcloud安装目录。

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    # gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    upstream php-handler {
        server 127.0.0.1:9000;
        #server unix:/var/run/php/php8.0-fpm.sock;
    }

    server {

        listen 80      ;
        listen [::]:80 ;

        # 修改为自己的域名或者ip
        server_name 192.168.1.100;


        # set max upload size and increase upload timeout:
        client_max_body_size 10240M;
        client_body_timeout 300s;
        fastcgi_buffers 64 4K;

        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_buffers 4 16k;
        gzip_disable "MSIE [1-6]\.";
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;



        # HTTP response headers borrowed from Nextcloud `.htaccess`
        add_header Referrer-Policy                      "no-referrer"   always;
        add_header X-Content-Type-Options               "nosniff"       always;
        add_header X-Download-Options                   "noopen"        always;
        add_header X-Frame-Options                      "SAMEORIGIN"    always;
        add_header X-Permitted-Cross-Domain-Policies    "none"          always;
        add_header X-Robots-Tag                         "none"          always;
        add_header X-XSS-Protection                     "1; mode=block" always;

        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;

        # Path to the root of your installation
        # 修改为自己的nextcloud安装目录
        root /var/www/nextcloud;

        # Specify how to handle directories -- specifying `/index.php$request_uri`
        # here as the fallback means that Nginx always exhibits the desired behaviour
        # when a client requests a path that corresponds to a directory that exists
        # on the server. In particular, if that directory contains an index.php file,
        # that file is correctly served; if it doesn't, then the request is passed to
        # the front-end controller. This consistent behaviour means that we don't need
        # to specify custom rules for certain paths (e.g. images and other assets,
        # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
        # `try_files $uri $uri/ /index.php$request_uri`
        # always provides the desired behaviour.
        index index.php index.html /index.php$request_uri;

        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
        location = / {
            if ( $http_user_agent ~ ^DavClnt ) {
                return 302 /remote.php/webdav/$is_args$args;
            }
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        # Make a regex exception for `/.well-known` so that clients can still
        # access it despite the existence of the regex rule
        # `location ~ /(\.|autotest|...)` which would otherwise handle requests
        # for `/.well-known`.
        location ^~ /.well-known {
            # The rules in this block are an adaptation of the rules
            # in `.htaccess` that concern `/.well-known`.

            location = /.well-known/carddav { return 301 /remote.php/dav/; }
            location = /.well-known/caldav  { return 301 /remote.php/dav/; }

            location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
            location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

            # Let Nextcloud's API for `/.well-known` URIs handle all other
            # requests by passing them to the front-end controller.
            return 301 /index.php$request_uri;
        }

        # Rules borrowed from `.htaccess` to hide certain paths from clients
        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

        # Ensure this block, which passes PHP files to the PHP process, is above the blocks
        # which handle static assets (as seen below). If this block is not declared first,
        # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
        # to the URI, resulting in a HTTP 500 error response.
        location ~ \.php(?:$|/) {
        
            # Required for legacy support
            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            
            set $path_info $fastcgi_path_info;

            try_files $fastcgi_script_name =404;

            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $path_info;
            fastcgi_param HTTPS on;

            fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
            fastcgi_param front_controller_active true;     # Enable pretty urls
            fastcgi_pass php-handler;

            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }

        location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite)$ {
            try_files $uri /index.php$request_uri;
            expires 6M;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets

            location ~ \.wasm$ {
                default_type application/wasm;
            }
        }

        location ~ \.woff2?$ {
            try_files $uri /index.php$request_uri;
            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets
        }

        # Rule borrowed from `.htaccess`
        location /remote {
            return 301 /remote.php$request_uri;
        }

        location / {
            try_files $uri $uri/ /index.php$request_uri;
        }
    }
    
    ##
    # Virtual Host Configs
    ##
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#    # See sample authentication script at:
#    # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#    # auth_http localhost/auth.php;
#    # pop3_capabilities "TOP" "USER";
#    # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#    server {
#        listen     localhost:110;
#        protocol   pop3;
#        proxy      on;
#    }
#
#    server {
#        listen     localhost:143;
#        protocol   imap;
#        proxy      on;
#    }
#}

需要注意以下配置:

//修改nginx上传文件大小限制,修改为10GB
client_max_body_size 10240M

配置完成后重启nginx

nginx -t
nginx -s reload

安装nextcloud

下载安装包

cd /var/www //进入www目录
wget -O nextcloud.zip https://download.nextcloud.com/server/releases/latest.zip //下载最新的nextcloud安装包
unzip nextcloud.zip //解压nextcloud安装包
chown -R www-data:www-data /var/www/nextcloud //改变nextcloud文件夹以及子文件夹的所有者为www-data

安装nextcloud

浏览器访问 http://127.0.0.1 或者https://localhost,出现Nextcloud安装页面。填写你的nextcloud管理员用户名和密码,选择mariadb数据库,填写前面设置的数据库用户名和密码,数据库名随便填,然后点击安装。

安装完后尝试登录会发现自动调转到https://192.168.1.100/,如果不打算使用https就需要配置配置文件里的overwrite.cli.url了。

修改配置文件

nextcloud 配置文件位置为 /var/www/nextcloud/config/config.php

修改或添加#注释下的块内容:

nano /var/www/nextcloud/config/config.php

<?php
$CONFIG = array (
  'instanceid' => 'xxxxxxxxxxxxxxx',
  'passwordsalt' => 'xxxxxxxxxxxxxxx',
  'secret' => 'xxxxxxxxxxxxxxx,

  # 添加可以访问的网站域名或者nextcloud主机的IP地址,否则局域网内或者外网访问时会出现请使用合法IP或者域名方可登录的提示  
  'trusted_domains' => 
  array (
    0 => '192.168.1.100',
  ),
  # nextcloud的文件以及用户数据存储目录
  'datadirectory' => '/data/yunpan__data',
  'dbtype' => 'mysql',
  'version' => '25.0.2.3',
  # 根据自己的ip地址或者域名替换192.168.1.100
  'overwrite.cli.url' => 'http://192.168.1.100/nextcloud',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'xxxxxxxxxxxxxxx',
  'dbpassword' => 'xxxxxxxxxxxxxxx',
  'installed' => true,
  # 如果需要使用https改为https,我不打算用https,用的是http
  'overwriteprotocol' => 'http',
  # 默认电话区域
  'default_phone_region' => 'CN',
  # 开启缓存,分类型同时使用APCU和REDIS。
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => true,
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'localhost',
    'port' => 6379,
  ),
  # 增加视频预览,需要提前安装ffmpeg
  'enabledPreviewProviders' => 
  array (
    0 => 'OC\\Preview\\PNG',
    1 => 'OC\\Preview\\JPEG',
    2 => 'OC\\Preview\\GIF',
    3 => 'OC\\Preview\\HEIC',
    4 => 'OC\\Preview\\BMP',
    5 => 'OC\\Preview\\XBitmap',
    6 => 'OC\\Preview\\MP3',
    7 => 'OC\\Preview\\TXT',
    8 => 'OC\\Preview\\MarkDown',
    9 => 'OC\\Preview\\Movie',
  ),
  # 改为国内应用市场
  'updater.release.channel' => 'stable',
  'appstoreenabled' => true,
  'appstoreurl' => 'Nextcloud',
  # 新建用户时,不会向新用户复制 /var/www/nextcloud/core/skeleton 文件夹下的文件
  'skeletondirectory' => '',
  # 用户打开主页,显示网盘那个界面
  'defaultapp' => 'files',
  # 默认语言设置为中文
  'default_language' => 'zh_CN',
  'default_locale' => 'zh',
);

调优nextcloud

优化使用体验