【Linux 】centos8搭建nextcloud全过程

原创：厦门微思网络

红帽认证 | RHCE 认证课程

红帽认证 | RHCA 认证课程（进阶云计算与自动化）

开启端口

firewall-cmd --zone=public --add-port=80/tcp --permanentfirewall-cmd --zone=public --add-port=22/tcp --permanentfirewall-cmd --reloadsystemctl restart firewalld

将PHP 8.0作为主版本进行安装

步骤1： CentOS 系统启用 EPEL 和 REMI 仓库

开始前需要先在操作系统中启用 EPEL 服务。EPEL 是 Extra Package For Enterprise Linux 的简写，是由 Fedora 项目组为 RHEL & CentOS 提供的第三方扩展包服务。

shell sudo dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [On CentOS/RHEL 8]

REMI 是一个专为 RedHat 操作系统提供 PHP 各个版本支持的第三方数据源。要安装 REMI 服务，需要执行如下命令：

shell sudo dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm [On CentOS/RHEL 8]

步骤2：在 CentOS 系统安装 PHP 8

完成上述步骤后，可以通过下面的名利显示可用的 PHP 版本列表：

shell sudo dnf module list php

注意输出信息地步的 remi-8.0 php 模块

shell [root@phpzendo ~]# sudo dnf module list php Repository epel is listed more than once in the configuration Last metadata expiration check: 1:56:34 ago on Tue 23 Feb 2021 09:27:57 AM CST. CentOS Linux 8 - AppStream Name Stream Profiles Summary php 7.2 [d] common [d], devel, minimal PHP scripting language php 7.3 common [d], devel, minimal PHP scripting language php 7.4 common [d], devel, minimal PHP scripting languageRemi's Modular repository for Enterprise Linux 8 - x86_64 Name Stream Profiles Summary php remi-7.2 common [d], devel, minimal PHP scripting language php remi-7.3 common [d], devel, minimal PHP scripting language php remi-7.4 [e] common [d], devel, minimal PHP scripting language php remi-8.0 common [d], devel, minimal PHP scripting languageHint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

我们需要在安装 PHP 8.0 之前启用这个模块，要启用 php:remi-8.0 需执行：

shell sudo dnf module enable php:remi-8.0 -y

安装php：dnf install php-pdo_mysql php-ctype php-curl php-dom php-filter php-GD php-hash php-JSON php-libxml php-mbstring php-openssl php-posix php-session php-SimpleXML php-XMLReader php-XMLWriter php-zip php-zlib php-fileinfo php-bz2 php-intl php-ldap php-smbclient php-ftp php-imap php-bcmath php-gmp php-apcu php-memcach php-redis php-pcntl php-phar

安装nginx

配置：

# For more information on configuration, see:# * Official English Documentation: http://nginx.org/en/docs/# * Official Russian Documentation: http://nginx.org/ru/docs/user apache;worker_processes auto;error_log /var/log/nginx/error.log;pid /run/nginx.pid;events {worker_connections 100000;}http{sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 65;types_hash_max_size 2048;include /etc/nginx/mime.types;default_type application/octet-stream;upstream php-handler {server 127.0.0.1:9000;#server unix:/var/run/php/php7.4-fpm.sock;}server {listen 88 ;root /www/nextcloud;client_max_body_size 512M;client_body_timeout 300s;fastcgi_buffers 64 4K;# Enable gzip but do not remove ETag headersgzip on;gzip_vary on;gzip_comp_level 4;gzip_min_length 256;gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;# Pagespeed is not supported by Nextcloud, so if your server is built# with the `ngx_pagespeed` module, uncomment this line to disable it.#pagespeed off;# HTTP response headers borrowed from Nextcloud `.htaccess`add_header Referrer-Policy "no-referrer" always;add_header X-Content-Type-Options "nosniff" always;add_header X-Download-Options "noopen" always;add_header X-Frame-Options "SAMEORIGIN" always;add_header X-Permitted-Cross-Domain-Policies "none" always;add_header X-Robots-Tag "none" always;add_header X-XSS-Protection "1; mode=block" always;# Remove X-Powered-By, which is an information leakfastcgi_hide_header X-Powered-By;# Path to the root of your installation# here as the fallback means that Nginx always exhibits the desired behaviour# when a client requests a path that corresponds to a directory that exists# on the server. In particular, if that directory contains an index.php file,# that file is correctly served; if it doesn't, then the request is passed to# the front-end controller. This consistent behaviour means that we don't need# to specify custom rules for certain paths (e.g. images and other assets,# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus# `try_files $uri $uri/ /index.php$request_uri`# always provides the desired behaviour.index index.php index.html /index.php$request_uri;# Rule borrowed from `.htaccess` to handle Microsoft DAV clientslocation = / {if ( $http_user_agent ~ ^DavClnt ) {return 302 /remote.php/webdav/$is_args$args;}}location = /robots.txt {allow all;log_not_found off;access_log off;}# Make a regex exception for `/.well-known` so that clients can still# access it despite the existence of the regex rule# `location ~ /(\.|autotest|...)` which would otherwise handle requests# for `/.well-known`.location ^~ /.well-known {# The rules in this block are an adaptation of the rules# in `.htaccess` that concern `/.well-known`.location = /.well-known/carddav { return 301 /remote.php/dav/; }location = /.well-known/caldav { return 301 /remote.php/dav/; }location /.well-known/acme-challenge { try_files $uri$uri/ =404; }location /.well-known/pki-validation { try_files $uri$uri/ =404; }# Let Nextcloud's API for `/.well-known` URIs handle all other# requests by passing them to the front-end controller.return 301 /index.php$request_uri;}# Rules borrowed from `.htaccess` to hide certain paths from clientslocation ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }# Ensure this block, which passes PHP files to the PHP process, is above the blocks# which handle static assets (as seen below). If this block is not declared first,# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`# to the URI, resulting in a HTTP 500 error response.location ~ \.php(?:$|/) {# Required for legacy supportrewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;fastcgi_split_path_info ^(.+?\.php)(/.*)$;set$path_info$fastcgi_path_info;try_files $fastcgi_script_name =404;include fastcgi_params;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;fastcgi_param PATH_INFO $path_info;fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twicefastcgi_param front_controller_active true; # Enable pretty urlsfastcgi_pass php-handler;fastcgi_intercept_errors on;fastcgi_request_buffering off;}location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite)$ {try_files $uri /index.php$request_uri;expires 6M; # Cache-Control policy borrowed from `.htaccess`access_log off; # Optional: Don't log access to assetslocation ~ \.wasm$ {default_type application/wasm;}}location ~ \.woff2?$ {try_files $uri /index.php$request_uri;expires 7d; # Cache-Control policy borrowed from `.htaccess`access_log off; # Optional: Don't log access to assets}# Rule borrowed from `.htaccess`location /remote {return 301 /remote.php$request_uri;}location / {try_files $uri$uri/ /index.php$request_uri;}location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {fastcgi_split_path_info ^(.+?.php)(\/.*|)$;set$path_info$fastcgi_path_info;try_files $fastcgi_script_name =404;include fastcgi_params;}}}

修改PHP配置文件：

vim /etc/php-fpm.d/www.conf注释listen = /run/php-fpm/www.sock添加listen= 9000监听在9000端口

安装mysql

dnf install mysql-server配置地址：vim /etc/my.cnf.d/mysql-server.cnf换端口添加port= ***

username

-- username：用户名称 -- %：是通配符指的是任意IP,这个位置也可以指定特定的ip，或者localhost代表本机才可以登录 create user 'username'@'localhost' identified by 'password'; create user 'username'@'%' identified by 'password';

1、连接数据库、创建数据库

用root用户连接数据库，root用户具备数据库最高权限，所以不要把root用户作为远程连接用户使用，数据库安全起见最好建立简单权限的用户作为远程连接用户，这样即使简单用户的密码被泄露了也不会导致所有数据库都出问题

root@ba085c1d01e2:/# mysql -uroot -pEnter password:Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 8Server version: 8.0.16 MySQL Community Server - GPLCopyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h'forhelp. Type '\c' to clear the current input statement.#创建数据库mysql> create database apgtest;Query OK, 1 row affected (0.00 sec)#显示所有数据库mysql> show databases;+--------------------+| Database |+--------------------+| apgtest || information_schema || mysql || performance_schema || sys || test |+--------------------+11 rows inset (0.01 sec)mysql>

2、创建用户，赋予权限

#创建用户testuser，密码为 testusermysql> CREATE USER 'testuser'@'%' IDENTIFIED BY 'testuser';Query OK, 0 rows affected (0.00 sec)#赋予数据库apgtest的增删改查权限mysql> GRANT ALL PRIVILEGES ON apgtest.* TO 'testuser'@'%' WITH GRANT OPTION;Query OK, 0 rows affected (0.00 sec)#退出root用户mysql> exitBye#用testuser用户登录root@ba085c1d01e2:/# mysql -utestuser -pEnter password:Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 12Server version: 8.0.16 MySQL Community Server - GPLCopyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h'forhelp. Type '\c' to clear the current input statement.#查询此用户下的数据库mysql> show databases;+--------------------+| Database |+--------------------+| apgtest || information_schema |+--------------------+2 rows inset (0.01 sec)#切换数据库mysql> use apgtest;Database changed#创建一个表只有ID一列mysql> create table test(id char(32));Query OK, 0 rows affected (0.01 sec)#插入32位的uuidmysql> insert into test value (replace(uuid(),'-',''));Query OK, 1 row affected (0.01 sec)#查询此表数据mysql> select * from test;+----------------------------------+| id |+----------------------------------+| ad7f8e60fb9811e9880c0242ac180002 |+----------------------------------+1 row inset (0.00 sec)#用户的创建和权限就弄好了，现在考虑怎么让这个用户能被远程连接，也就是第三方mysql连接工具连接

赋予nginx临时文件夹权限

chown -R apache:apache /var/lib/nginx

sudo php occ db:convert-type --port="3306" --password="hsZX+12345" --clear-schema --all-apps mysql nextcloud localhost nextcloud

更换数据库命令

开启内存缓存命令：需要安装memcached和php-pecl-memcached

systemctl enable --now memcached

config.php添加：

'memcache.local' => '\OC\Memcache\Memcached', 'memcached_servers' => [ [ 'localhost', 11211 ], ],

设置默认的电话区域：config.php

'default_phone_region' => 'CN',

设置php环境变量：

vim /etc/php-fpm.d/www.conf

取消注释适当的现有条目。然后运行以确认您的路径，例如：printenv PATH

3. 开启MySQL 4字节支持

a. MySQL：数据库root用户登入MySQL。mysql -u root -p更改数据库字符集和排序规则。ALTER DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;退出MySQL数据库。exit在Nextcloud的config.php中把mysql.utf8mb4设为true，进入Nextcloud网站目录，运行如下命令。sudo -u www-data php occ config:system:set mysql.utf8mb4 --type boolean --value="true"通过运行修复步骤将Nextcloud所有表转换为新的排序规则。sudo -u www-data php occ maintenance:repair等待完成。

dnf install php-intl php-bcmath php-gmp php-imagick

安装在线office插件

docker pull onlyoffice/documentserverdocker run -i -t -d -p 8800:80 onlyoffice/documentserverpodman generate systemd -n acd366c5ae2a -f 产生服务文件mv container-tender_elion.service /usr/lib/systemd/system/.复制到系统服务systemctl restart container-tender_elion.servicesystemctl enable container-tender_elion.service