什麼是Nextcloud?
NextCloud 是使用 PHP語言開發,通常採用 LAMP(Linux+Apache+MySql+PHP) 或 LNMP 運行環境。NextCloud較OwnCloud功能更齊全,套件更完整,並支持LDAP/AD認證與office on line功能,更貼近企業需求,個人與企業強力推薦選用NextCloud。
特別說明:爲避免掉到坑裏,浪費設定時間,儘量採用官方建議實。
正式環境儘量採Snap或Docker方式以簡化安裝,可實現快速部署,網絡上亦有打包成OVA虛機方式提供使用,導入後進行簡單配置即可使用,參考網站:
https://www.techandme.se/nextcloud-vm/
https://www.marksei.com/how-to-install-nextcloud-15-on-ubuntu/
- 分區、網絡與防火牆設置
nextcloud支持多版本Ubuntu系統,官方優選ubuntu系統,正式環境強烈建議採用LVM分區以利後續擴容及調整硬盤空間大小。
本案例分區如下:
root@ksvdm:/etc/apt# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
data ubuntu -wi-ao---- <20.31g
root ubuntu -wi-ao---- <27.94g
swap ubuntu -wi-ao---- <7.63g
root@ksvdm:/etc/apt# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.2 LTS
Release: 18.04
Codename: bionic
- 2.Ubuntu缺省更新源為國外,若需要更改為國內更新源。
sudo cp /etc/apt/sources.list /etc/apt/sources.list_backup
vi /etc/apt/sources.list
將以下內容
CP
到
sources.list
文件中
deb http://mirrors.aliyun.com/ubuntu trusty main restricted
deb-src http://mirrors.aliyun.com/ubuntu trusty main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://mirrors.aliyun.com/ubuntu trusty-updates main restricted
deb-src http://mirrors.aliyun.com/ubuntu trusty-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://mirrors.aliyun.com/ubuntu trusty universe
deb-src http://mirrors.aliyun.com/ubuntu trusty universe
deb http://mirrors.aliyun.com/ubuntu trusty-updates universe
deb-src http://mirrors.aliyun.com/ubuntu trusty-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://mirrors.aliyun.com/ubuntu trusty multiverse
deb-src http://mirrors.aliyun.com/ubuntu trusty multiverse
deb http://mirrors.aliyun.com/ubuntu trusty-updates multiverse
deb-src http://mirrors.aliyun.com/ubuntu trusty-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://mirrors.aliyun.com/ubuntu trusty-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu trusty-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu trusty-security main restricted
deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
deb http://security.ubuntu.com/ubuntu trusty-security universe
deb-src http://security.ubuntu.com/ubuntu trusty-security universe
deb http://security.ubuntu.com/ubuntu trusty-security multiverse
deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse
然後執行以下命令,刷新:
sudo apt-get clean
sudo apt-get update
設定靜態IP
edit interface
首先需要修改 vi /etc/network/interfaces
增加
auto ens192
iface ens192 inet static
address 192.168.78.18
netmask 255.255.255.0
gateway 192.168.78.251
#第二片網卡設定由DHCP自動獲取IP
auto ens224
iface ens224 inet dhcp
透過nmtui圖形化設置網絡安裝以下套件
apt install network-manager
sudo service network-manager start
手動添加缺省網關
# route add default gw 192.168.1.254
$ sudo route add default gw 192.168.1.254
代理更新設置文件位置
cat /etc/apt/apt.conf
Acquire::http::Proxy "http://192.168.86.10:8080";
修改網卡名稱爲eth0
vi /etc/default/grub找到GRUB_CMDLINE_LINUX=""改爲
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
然後sudo grub-mkconfig -o /boot/grub/grub.cfg
vi /etc/network/interfaces
將ens192修改成eth0
重啓後,網卡名稱變成了eth0
若系統爲Ubuntu 18.04以上則還需要修改以下文件
vi /etc/netplan/*.yaml
network:
ethernets:
eth0:
addresses: []
dhcp4: true
version: 2
修改hostname名稱
vi /etc/hostname
nextcloud
Ubuntu Server設置DNS Seach網域
root@nextcloud~# vi /etc/resolvconf/resolv.conf.d/base
search foxlink.com.tw
nameserver 10.37.1.201
nameserver 10.37.1.202
nameserver 8.8.8.8
nameserver 114.114.114.114
Ubuntu 18版需修改以下文件
sudo vi /etc/systemd/resolved.conf
[Resolve]
DNS=192.168.78.192
重啓網絡服務
sudo /etc/init.d/networking restart
禁用IPv6
vi /etc/sysctl.d/99-sysctl.conf
複製並粘貼以下3行在文件的底部。
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
保存並關閉文件。 然後執行以下命令加載上述更改。
sudo sysctl -p
root@ubuntu:~# vi /etc/sysctl.d/99-sysctl.conf
root@ubuntu:~# sudo sysctl -p
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
root@ubuntu:~# cat /proc/sys/net/ipv6/conf/all/disable_ipv6
1
設置防火牆
#systemctl start ufw
#systemctl enable ufw
#ufw allow http
#ufw allow https
#ufw allow 10000
#ufw allow 3306
#sudo ufw status
查看3306狀態
#netstat -an | grep 3306
查看已經開放的端口
#nmap 127.0.0.1
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-15 02:00 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000030s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
3306/tcp open mysql
8443/tcp open https-alt
3. 可選項圖形化處理
sudo apt-get install xfce4
sudo apt-get install xubuntu-desktop
sudo apt-get install lightdm
或採用VNC方案
apt-get install vnc4server xfce4
vi ~/.vnc/xstartup
#!/bin/sh
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
#xrdb $HOME/.Xresources
#xsettroot -solid grey
#startxfce4&
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#x-window-manager &
sesion-manager & xfdesktop & xfce4-panel &
xfce4-menu-plugin &
xfsettingsd &
xfconfd &
xfwm4 &
安裝mac效果
sudo apt install docky
安裝chrome
https://www.cnblogs.com/d442130165/p/8629468.html
4. 可選項升級ubuntu server
執行以下指令可以進行版本升級ubuntu server
do-release-upgrade
5. 安裝apache、mariadb、php及其組件
# apt-get install apache2 php7.2 bzip2
# apt-get install libapache2-mod-php php-gd php-json php-mysql php-curl php-mbstring
# apt-get install php-intl php-imagick php-xml php-zip php-ldap
安裝完可以透php -m命令查看已經安裝的PHP套件。
15版要求7.2版以上,建議依官方要求安裝所需版本。
6. Apache其它配置及啓用相關模塊
a2enmod rewrite headers env dir mime setenvif ssl
service apache2 restart
7. 配置MariaDB及遠程訪問
mysql_secure_installation 初始化數據庫
root@ubuntu:~# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
root@ubuntu:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 47
Server version: 10.0.34-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.06 sec)
MariaDB [(none)]>status;
--------------
mysql Ver 15.1 Distrib 10.0.34-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
Connection id: 47
Current database:
Current user: root@localhost
SSL: Not in use
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server: MariaDB
Server version: 10.0.34-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8mb4
Conn. characterset: utf8mb4
UNIX socket: /var/run/mysqld/mysqld.sock
Uptime: 7 days 21 hours 58 min 28 sec
Threads: 1 Questions: 159 Slow queries: 0 Opens: 15 Flush tables: 1 Open tables: 78 Queries per second avg: 0.000
--------------
MariaDB [(none)]>
CREATE DATABASE nextcloud;
CREATE USER 'ncadmin'@'localhost' IDENTIFIED BY 'F0x1ink';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'ncadmin'@'localhost';
FLUSH PRIVILEGES;
When you’are done type Ctrl-D to exit.
遠程訪問管理
1.註銷掉本地訪問bind或指定IP
vi /etc/mysql/my.cnf
#bind-address = 127.0.0.1
service mysql restart or
systemctl restart mariadb
2.對遠程訪問賦權
mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 200589
Server version: 10.0.34-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
-使用nextcloud系統數據庫
use nextcloud;
--配置192.168.86.30可以通過root:foxlink訪問數據庫
GRANT ALL PRIVILEGES ON *.* to 'root'@'192.168.86.30' identified by 'F0x1ink';
從mysql數據庫中的授權表重新載入權限
flush privileges;
查看用戶權限是否變更
MariaDB [mysql]> select Host,User from user where User='root';
+--------------+------+
| Host | User |
+--------------+------+
| 192.168.31.% | root |
| 192.168.8.% | root |
| 192.168.86.% | root |
| localhost | root |
+--------------+------+
4 rows in set (0.001 sec)
8. Install NextCloud
# cd /var/www
# wget https://download.nextcloud.com/server/releases/nextcloud13.0.7.zip
# unzip nextcloud13.0.7.zip
# chown -R www-data:www-data nextcloud
將數據指LVM分區/data,以利以後擴容及數據備份
#mkdir /data
chown -R www-data:www-data /data
vi /etc/apache2/sites-available/nextcloud.conf
Alias /nextcloud "/var/www/nextcloud/"
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
ln -s /etc/apache2/sites-available/nextcloud.conf /etc/apache2/sites-enabled/nextcloud.conf
vi /etc/apache2/sites-available/000-default.conf 修改缺省目錄
DocumentRoot /var/www/nextcloud
a2ensite nextcloud
a2enmod rewrite headers env dir mime
9. 配置nextcloud
透過瀏覽器打開http://nextcloud_host_ip/
輸入在數據庫創建的賬號與密碼,服務器主機地址與端口,本安裝方案可以不用輸入。
10. 導入SSL加密證書
cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/nextcloud-ssl.conf
vi /etc/apache2/sites-available/nextcloud-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName ksvdm.foxlink.com.tw
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
DocumentRoot /var/www/nextcloud
<Directory /var/www/nextcloud>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
<IfModule mod_dav.c>
Dav off
</Ifmodule>
SetEnv Home /var/www/nextcloud
SetEnv HTTPS_HOME /var/www/netcloud
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateFile /etc/apache2/ssl/cert.crt
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateKeyFile /etc/apache2/ssl/privkey.key
SSLCACertificateFile /etc/apache2/ssl/chain.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
ln -s /etc/apache2/sites-available/nextcloud-ssl.conf /etc/apache2/sites-enabled/nextcloud-ssl.conf
mkdir /etc/apache2/ssl 將證書與私鑰Copy到此目錄,重啓apache服務.
service apache2 restart
11. 賬號忘記處理方法
https://www.cnblogs.com/keithtt/p/6922378.html
1.添加Webmin存儲庫
#echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list
2.安裝Webmin PGP密鑰,授信任新的存儲庫:
#wget http://www.webmin.com/jcameron-key.asc
#sudo apt-key add jcameron-key.asc
3.更新軟件庫及安裝webmin
#sudo apt-get update
#sudo apt-get install webmin
輸出以下信息表示完成。
Webmin install complete. You can now login to
https://your_server_ip:10000 as root with your
root password, or as any user who can use `sudo`.
12. 常見異常處理、優化與升級
內存緩存告警處理
sudo apt install php-apcu redis-server php-redis
systemctl start redis
systemctl enable redis
Ubuntu 18版需修改以下文件
sudo apt-get install redis-server
sudo nano /etc/redis/redis.conf
supervised on 修改=> systemd
bind 127.0.0.1
systemctl restart redis-server
systemctl enable redis-server
檢查Redis服務器狀態
netstat -nlt|grep 6379
檢查Redis服務器系統進程
ncamin@ksnc:/home/ncadmin# ps -agx|grep redis
1700 ? Ssl 0:00 /usr/bin/redis-server 127.0.0.1:6379
2459 pts/0 S+ 0:00 grep --color=auto redistcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN
tcp6 0 0 ::1:6379 :::* LISTEN
通過啓動命令檢查Redis服務器狀態
systemctl start redis-server
systemctl status redis-server
然後修改
vi /var/www/nextcloud/config/config.php加入以下參數。
'memcache.local' => '\OC\Memcache\APCu',
'filelocking.enabled' => true,
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
'host' => 'localhost',
'port' => 6379,
'timeout' => 3,
],
更詳細請參考:
PHP性能告警處理
vi /etc/php/7.0/apache2/php.ini
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1
處理完後,再次檢查結果表示正常。
參考:Other: https://www.marksei.com/how-to-install-nextcloud-13-on-ubuntu/
https://bayton.org/docs/nextcloud/installing-nextcloud-on-ubuntu-16-04-lts-with-redis-apcu-ssl-apache/ - 1-what-is-nextcloudhttps://www.marksei.com/how-to-install-nextcloud-15-on-ubuntu/
升級到14.04異常處理
1. 在數據表“oc_share”中無法找到索引“parent_index”
在數據表“oc_filecache”中無法找到索引“fs_mtime”
root@ksvdm:/var/www/nextcloud# sudo -u www-data php occ db:add-missing-indices
[root@ksnc nextcloud]# sudo -u apache php occ db:add-missing-indices
The current PHP memory limit is below the recommended value of 512MB.
Check indices of the share table.
Adding additional owner index to the share table, this can take some time...
Share table updated successfully.
Adding additional initiator index to the share table, this can take some time...
Share table updated successfully.
sudo -u www-data php occ db:convert-filecache-bigint
CentOS 7則執行以下指令
sudo -u apache php occ db:add-missing-indices
vi /var/www/nextcloud/.htacces
加入Header set Referrer-Policy "no-referrer"
排程報錯處理
crontab -u www-data -e
*/15 * * * * php -f /var/www/nextcloud/cron.php
升級15.0.x異常排除
oot@ksvdm:/var/www/nextcloud# sudo -u www-data php occ db:convert-filecache-bigint
Following columns will be updated:
* filecache.mtime
* filecache.storage_mtime
This can take up to hours, depending on the number of files in your instance!
Continue with the conversion (y/n)? [n] y
sudo -u www-data php occ integrity:check-app $appid
升級PHP版本
直接命令升級
add-apt-repository ppa:ondrej/php
$ apt-get update
$ apt-get upgrade php
升級後安裝對應的擴展
# apt-get install bzip2 libapache2-mod-php php-gd php-json php-mysql php-curl php-mbstring
# apt-get install php-intl php-imagick php-xml php-zip php-ladp
升級到16.x版
vi /etc/php/7.2/apache2/php.ini
memory_limit = 128M 改成512M
CentOS7修改位置為
vi /etc/php.ini
數據庫丟失了一些索引。由於給大的數據表添加索引會耗費一些時間,因此程序沒有自動對其進行修復。您可以在 Nextcloud 運行時通過命令行手動執行 "occ db:add-missing-indices" 命令修復丟失的索引。索引修復後會大大提高相應表的查詢速度。
sudo -u www-data php occ db:add-missing-indices
13. 切換所需PHP版本
sudo update-alternatives --config php
或使用以下命令禁用舊版
sudo a2dismod php7.0
啟用新版
sudo a2enmod php7.2
設置對應的PHP擴展爲默認值
sudo update-alternatives --set phar /usr/bin/phar7.2
重啟apche服務器
sudo service apache2 restart
修改對應PHP配置文件
/etc/php/7.2/apache2/php.ini
移除不用的包。
sudo apt-get --purge remove php7.0*
sudo apt-get autoremove
各版本php如何切換請參考以下文檔
https://www.ostechnix.com/how-to-switch-between-multiple-php-versions-in-ubuntu/
https://www.cnblogs.com/feifeifanye/p/8660737.html
14. 數據備份及DB升級
可透過veeam備份或掛接NFS於本地使用shell備份。
sudo apt-get install nfs-common
#mount -t nfs nfs-server:/backup /backup
cat backup.sh
rsync -av /data /backup/nextcloud/kspan_$(date +%Y%m%d) && find /backup/nextcloud/ -name "*ks_20*" -mtime +7 -exec rm -rf {} \;
15. boot分區內核清理
uname -a 查看當前運行內核
dpkg --get-selections |grep linux-image 查看所有內核版本
sudo apt-get purge linux-image-4.10.0-28-generic 移除非當前使用版本
16. Ubuntu系統與數據庫升級
root@ksvdm:/home/ncadmin# do-release-upgrade
Checking for a new Ubuntu release
There is no development version of an LTS available.
To upgrade to the latest non-LTS develoment release
set Prompt=normal in /etc/update-manager/release-upgrades.
root@ksvdm:/home/ncadmin# vi /etc/update-manager/release-upgrades
https://websiteforstudents.com/upgrade-ubuntu-16-04-lts-to-ubuntu-18-04-lts-beta-server/
https://computingforgeeks.com/install-mariadb-10-on-ubuntu-18-04-and-centos-7/