什么是Nextcloud?

NextCloud 是使用 PHP语言开发,通常采用 LAMP(Linux+Apache+MySql+PHP) 或 LNMP 运行环境。NextCloud较OwnCloud功能更齐全,套件更完整,并支持LDAP/AD认证与office on line功能,更贴近企业需求,个人与企业强力推荐选用NextCloud。

特别说明:为避免掉到坑里,浪费设定时间,尽量采用官方建议实。

正式环境尽量采Snap或Docker方式以简化安装,可实现快速部署,网络上亦有打包成OVA虚机方式提供使用,导入后进行简单配置即可使用,参考网站:

https://www.techandme.se/nextcloud-vm/

本文档是依Unbunt16.04+nextcloud 13版为例

最新版参考

https://www.marksei.com/how-to-install-nextcloud-15-on-ubuntu/

  1. 分区、网络与防火墙设置

nextcloud支持多版本Ubuntu系统,官方优选ubuntu系统,正式环境强烈建议采用LVM分区以利后续扩容及调整硬盘空间大小。

本案例分区如下:

root@ksvdm:/etc/apt# lvs

LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert

data ubuntu -wi-ao---- <20.31g

root ubuntu -wi-ao---- <27.94g

swap ubuntu -wi-ao---- <7.63g

root@ksvdm:/etc/apt# lsb_release -a

No LSB modules are available.

Distributor ID: Ubuntu

Description: Ubuntu 18.04.2 LTS

Release: 18.04

Codename: bionic

  1. 2.Ubuntu缺省更新源為國外,若需要更改為國內更新源。

sudo cp /etc/apt/sources.list /etc/apt/sources.list_backup

vi /etc/apt/sources.list 將以下內容CPsources.list文件中

deb http://mirrors.aliyun.com/ubuntu trusty main restricted

deb-src http://mirrors.aliyun.com/ubuntu trusty main restricted

## Major bug fix updates produced after the final release of the

## distribution.

deb http://mirrors.aliyun.com/ubuntu trusty-updates main restricted

deb-src http://mirrors.aliyun.com/ubuntu trusty-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu

## team. Also, please note that software in universe WILL NOT receive any

## review or updates from the Ubuntu security team.

deb http://mirrors.aliyun.com/ubuntu trusty universe

deb-src http://mirrors.aliyun.com/ubuntu trusty universe

deb http://mirrors.aliyun.com/ubuntu trusty-updates universe

deb-src http://mirrors.aliyun.com/ubuntu trusty-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu

## team, and may not be under a free licence. Please satisfy yourself as to

## your rights to use the software. Also, please note that software in

## multiverse WILL NOT receive any review or updates from the Ubuntu

## security team.

deb http://mirrors.aliyun.com/ubuntu trusty multiverse

deb-src http://mirrors.aliyun.com/ubuntu trusty multiverse

deb http://mirrors.aliyun.com/ubuntu trusty-updates multiverse

deb-src http://mirrors.aliyun.com/ubuntu trusty-updates multiverse

## N.B. software from this repository may not have been tested as

## extensively as that contained in the main release, although it includes

## newer versions of some applications which may provide useful features.

## Also, please note that software in backports WILL NOT receive any review

## or updates from the Ubuntu security team.

deb http://mirrors.aliyun.com/ubuntu trusty-backports main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu trusty-backports main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu trusty-security main restricted

deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted

deb http://security.ubuntu.com/ubuntu trusty-security universe

deb-src http://security.ubuntu.com/ubuntu trusty-security universe

deb http://security.ubuntu.com/ubuntu trusty-security multiverse

deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse

然後执行以下命令,刷新:

sudo apt-get clean

sudo apt-get update

设定静态IP

edit interface

首先需要修改 vi /etc/network/interfaces

增加

auto ens192

iface ens192 inet static

address 192.168.78.18

netmask 255.255.255.0

gateway 192.168.78.251

#第二片网卡设定由DHCP自动获取IP

auto ens224

iface ens224 inet dhcp

透過nmtui圖形化設置網絡安裝以下套件

apt install network-manager

sudo service network-manager start

手动添加缺省网关

# route add default gw 192.168.1.254
$ sudo route add default gw 192.168.1.254

代理更新设置文件位置

cat /etc/apt/apt.conf

Acquire::http::Proxy "http://192.168.86.10:8080";

修改网卡名称为eth0

vi /etc/default/grub找到GRUB_CMDLINE_LINUX=""改为

GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"

然后sudo grub-mkconfig -o /boot/grub/grub.cfg

vi /etc/network/interfaces

将ens192修改成eth0

重启后,网卡名称变成了eth0

若系统为Ubuntu 18.04以上则還需要修改以下文件

vi /etc/netplan/*.yaml

network:

ethernets:

eth0:

addresses: []

dhcp4: true

version: 2

修改hostname名称

vi /etc/hostname

nextcloud

Ubuntu Server设置DNS Seach网域

root@nextcloud~# vi /etc/resolvconf/resolv.conf.d/base

search foxlink.com.tw

nameserver 10.37.1.201

nameserver 10.37.1.202

nameserver 8.8.8.8

nameserver 114.114.114.114

Ubuntu 18版需修改以下文件

sudo vi /etc/systemd/resolved.conf

[Resolve]

DNS=192.168.78.192

重启网络服务

sudo /etc/init.d/networking restart

禁用IPv6

vi /etc/sysctl.d/99-sysctl.conf

复制并粘贴以下3行在文件的底部。

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

net.ipv6.conf.lo.disable_ipv6 = 1

保存并关闭文件。 然后执行以下命令加载上述更改。

sudo sysctl -p

root@ubuntu:~# vi /etc/sysctl.d/99-sysctl.conf

root@ubuntu:~# sudo sysctl -p

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

net.ipv6.conf.lo.disable_ipv6 = 1

root@ubuntu:~# cat /proc/sys/net/ipv6/conf/all/disable_ipv6

1

设置防火墙

#systemctl start ufw

#systemctl enable ufw

#ufw allow http

#ufw allow https

#ufw allow 10000

#ufw allow 3306

#sudo ufw status

查看3306状态

#netstat -an | grep 3306

查看已经开放的端口

#nmap 127.0.0.1

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-15 02:00 EDT

Nmap scan report for localhost (127.0.0.1)

Host is up (0.000030s latency).

Not shown: 994 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

443/tcp open https

3306/tcp open mysql

8443/tcp open https-alt

3. 可選項圖形化處理

sudo apt-get install xfce4

sudo apt-get install xubuntu-desktop

sudo apt-get install lightdm

或采用VNC方案

apt-get install vnc4server xfce4

vi ~/.vnc/xstartup

#!/bin/sh

# Uncomment the following two lines for normal desktop:

# unset SESSION_MANAGER

# exec /etc/X11/xinit/xinitrc

#xrdb $HOME/.Xresources

#xsettroot -solid grey

#startxfce4&

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup

[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources

xsetroot -solid grey

vncconfig -iconic &

x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &

#x-window-manager &

sesion-manager & xfdesktop & xfce4-panel &

xfce4-menu-plugin &

xfsettingsd &

xfconfd &

xfwm4 &

安裝mac效果

sudo apt install docky

安裝chrome

https://www.cnblogs.com/d442130165/p/8629468.html

4. 可選項升級ubuntu server

執行以下指令可以進行版本升級ubuntu server

do-release-upgrade

5. 安装apache、mariadb、php及其组件

# apt-get install apache2 php7.2 bzip2

# apt-get install libapache2-mod-php php-gd php-json php-mysql php-curl php-mbstring

# apt-get install php-intl php-imagick php-xml php-zip php-ldap

安装完可以透php -m命令查看已经安装的PHP套件。

15版要求7.2版以上,建议依官方要求安装所需版本。

6. Apache其它配置及启用相关模块

a2enmod rewrite headers env dir mime setenvif ssl

service apache2 restart

7. 配置MariaDB及远程访问

mysql_secure_installation 初始化数据库

root@ubuntu:~# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current

password for the root user. If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.

Enter current password for root (enter for none):

OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

Set root password? [Y/n] y

New password:

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them. This is intended only for testing, and to make the installation

go a bit smoother. You should remove them before moving into a

production environment.

Remove anonymous users? [Y/n]

... Success!

Normally, root should only be allowed to connect from 'localhost'. This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]

... Success!

By default, MariaDB comes with a database named 'test' that anyone can

access. This is also intended only for testing, and should be removed

before moving into a production environment.

Remove test database and access to it? [Y/n]

- Dropping test database...

... Success!

- Removing privileges on test database...

... Success!

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

Reload privilege tables now? [Y/n]

... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

root@ubuntu:~# mysql -u root -p

Enter password:

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 47

Server version: 10.0.34-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| performance_schema |

+--------------------+

3 rows in set (0.06 sec)

MariaDB [(none)]>status;

--------------

mysql Ver 15.1 Distrib 10.0.34-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

Connection id: 47

Current database:

Current user: root@localhost

SSL: Not in use

Current pager: stdout

Using outfile: ''

Using delimiter: ;

Server: MariaDB

Server version: 10.0.34-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04

Protocol version: 10

Connection: Localhost via UNIX socket

Server characterset: utf8mb4

Db characterset: utf8mb4

Client characterset: utf8mb4

Conn. characterset: utf8mb4

UNIX socket: /var/run/mysqld/mysqld.sock

Uptime: 7 days 21 hours 58 min 28 sec

Threads: 1 Questions: 159 Slow queries: 0 Opens: 15 Flush tables: 1 Open tables: 78 Queries per second avg: 0.000

--------------

MariaDB [(none)]>

CREATE DATABASE nextcloud;

CREATE USER 'ncadmin'@'localhost' IDENTIFIED BY 'F0x1ink';

GRANT ALL PRIVILEGES ON nextcloud.* TO 'ncadmin'@'localhost';

FLUSH PRIVILEGES;

When you’are done type Ctrl-D to exit.

远程访问管理

1.注销掉本地访问bind或指定IP

vi /etc/mysql/my.cnf

#bind-address = 127.0.0.1

service mysql restart or

systemctl restart mariadb

2.对远程访问赋权

mysql -u root -p

Enter password:

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 200589

Server version: 10.0.34-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

-使用nextcloud系统数据库

use nextcloud;

--配置192.168.86.30可以通过root:foxlink访问数据库

GRANT ALL PRIVILEGES ON *.* to 'root'@'192.168.86.30' identified by 'F0x1ink';

从mysql数据库中的授权表重新载入权限

flush privileges;

查看用户权限是否变更

MariaDB [mysql]> select Host,User from user where User='root';

+--------------+------+

| Host | User |

+--------------+------+

| 192.168.31.% | root |

| 192.168.8.% | root |

| 192.168.86.% | root |

| localhost | root |

+--------------+------+

4 rows in set (0.001 sec)

8. Install NextCloud

# cd /var/www

# wget https://download.nextcloud.com/server/releases/nextcloud13.0.7.zip

# unzip nextcloud13.0.7.zip

# chown -R www-data:www-data nextcloud

将数据指LVM分区/data,以利以后扩容及数据备份

#mkdir /data

chown -R www-data:www-data /data

vi /etc/apache2/sites-available/nextcloud.conf

Alias /nextcloud "/var/www/nextcloud/"

Options +FollowSymlinks

AllowOverride All

Dav off

SetEnv HOME /var/www/nextcloud

SetEnv HTTP_HOME /var/www/nextcloud

ln -s /etc/apache2/sites-available/nextcloud.conf /etc/apache2/sites-enabled/nextcloud.conf

vi /etc/apache2/sites-available/000-default.conf 修改缺省目录

DocumentRoot /var/www/nextcloud

a2ensite nextcloud

a2enmod rewrite headers env dir mime

9. 配置nextcloud

透过浏览器打开http://nextcloud_host_ip/

输入在数据库创建的账号与密码,服务器主机地址与端口,本安装方案可以不用输入。

10. 导入SSL加密证书

cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/nextcloud-ssl.conf

vi /etc/apache2/sites-available/nextcloud-ssl.conf

ServerAdmin webmaster@localhost

ServerName ksvdm.foxlink.com.tw

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"

DocumentRoot /var/www/nextcloud

Options Indexes FollowSymLinks MultiViews

AllowOverride all

Order allow,deny

allow from all

Dav off

SetEnv Home /var/www/nextcloud

SetEnv HTTPS_HOME /var/www/netcloud

ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on

#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem

SSLCertificateFile /etc/apache2/ssl/cert.crt

#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

SSLCertificateKeyFile /etc/apache2/ssl/privkey.key

SSLCACertificateFile /etc/apache2/ssl/chain.crt

SSLOptions +StdEnvVars

SSLOptions +StdEnvVars

ln -s /etc/apache2/sites-available/nextcloud-ssl.conf /etc/apache2/sites-enabled/nextcloud-ssl.conf

mkdir /etc/apache2/ssl 将证书与私钥Copy到此目录,重启apache服务.

service apache2 restart

11. 账号忘记处理方法

https://www.cnblogs.com/keithtt/p/6922378.html

1.添加Webmin存储库

#echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list

2.安装Webmin PGP密钥,授信任新的存储库:

#wget http://www.webmin.com/jcameron-key.asc

#sudo apt-key add jcameron-key.asc

3.更新软件库及安装webmin

#sudo apt-get update

#sudo apt-get install webmin

输出以下信息表示完成。

Webmin install complete. You can now login to

https://your_server_ip:10000 as root with your

root password, or as any user who can use `sudo`.

12. 常见异常处理、优化與升級

不同版本或环境警安全检查警告不同,常见如下

内存缓存告警处理

sudo apt install php-apcu redis-server php-redis

systemctl start redis

systemctl enable redis

Ubuntu 18版需修改以下文件

sudo apt-get install redis-server

sudo nano /etc/redis/redis.conf

supervised on 修改=> systemd

bind 127.0.0.1

systemctl restart redis-server

systemctl enable redis-server

检查Redis服务器状态

netstat -nlt|grep 6379

检查Redis服务器系统进程

ncamin@ksnc:/home/ncadmin# ps -agx|grep redis

1700 ? Ssl 0:00 /usr/bin/redis-server 127.0.0.1:6379

2459 pts/0 S+ 0:00 grep --color=auto redistcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN
tcp6 0 0 ::1:6379 :::* LISTEN

通过启动命令检查Redis服务器状态

systemctl start redis-server

systemctl status redis-server

然后修改

vi /var/www/nextcloud/config/config.php加入以下参数。

'memcache.local' => '\OC\Memcache\APCu',

'filelocking.enabled' => true,

'memcache.locking' => '\OC\Memcache\Redis',

'redis' => [

'host' => 'localhost',

'port' => 6379,

'timeout' => 3,

],

更详细请参考:

https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html - recommendations-based-on-type-of-deployment

PHP性能告警处理

vi /etc/php/7.0/apache2/php.ini

opcache.enable=1

opcache.enable_cli=1

opcache.memory_consumption=128

opcache.interned_strings_buffer=8

opcache.max_accelerated_files=10000

opcache.revalidate_freq=1

opcache.save_comments=1

处理完后,再次检查结果表示正常。

参考:Other: https://www.marksei.com/how-to-install-nextcloud-13-on-ubuntu/

https://bayton.org/docs/nextcloud/installing-nextcloud-on-ubuntu-16-04-lts-with-redis-apcu-ssl-apache/ - 1-what-is-nextcloudhttps://www.marksei.com/how-to-install-nextcloud-15-on-ubuntu/

升级到14.04异常处理

1. 在数据表“oc_share”中无法找到索引“parent_index”

在数据表“oc_filecache”中无法找到索引“fs_mtime”

root@ksvdm:/var/www/nextcloud# sudo -u www-data php occ db:add-missing-indices

[root@ksnc nextcloud]# sudo -u apache php occ db:add-missing-indices

The current PHP memory limit is below the recommended value of 512MB.

Check indices of the share table.

Adding additional owner index to the share table, this can take some time...

Share table updated successfully.

Adding additional initiator index to the share table, this can take some time...

Share table updated successfully.

sudo -u www-data php occ db:convert-filecache-bigint

CentOS 7则执行以下指令

sudo -u apache php occ db:add-missing-indices

vi /var/www/nextcloud/.htacces

加入Header set Referrer-Policy "no-referrer"

排程报错处理

crontab -u www-data -e

*/15 * * * * php -f /var/www/nextcloud/cron.php

升级15.0.x異常排除

oot@ksvdm:/var/www/nextcloud# sudo -u www-data php occ db:convert-filecache-bigint

Following columns will be updated:

* filecache.mtime

* filecache.storage_mtime

This can take up to hours, depending on the number of files in your instance!

Continue with the conversion (y/n)? [n] y

 
    

sudo -u www-data php occ integrity:check-app $appid

升级PHP版本

直接命令升级
add-apt-repository ppa:ondrej/php
$ apt-get update
$ apt-get upgrade php
升级后安装对应的扩展
# apt-get install bzip2 libapache2-mod-php php-gd php-json php-mysql php-curl php-mbstring

# apt-get install php-intl php-imagick php-xml php-zip php-ladp

升級到16.x版

vi /etc/php/7.2/apache2/php.ini

memory_limit = 128M 改成512M

CentOS7修改位置為

vi /etc/php.ini

数据库丢失了一些索引。由于给大的数据表添加索引会耗费一些时间,因此程序没有自动对其进行修复。您可以在 Nextcloud 运行时通过命令行手动执行 "occ db:add-missing-indices" 命令修复丢失的索引。索引修复后会大大提高相应表的查询速度。

sudo -u www-data php occ db:add-missing-indices

13. 切換所需PHP版本

sudo update-alternatives --config php

或使用以下命令禁用舊版

sudo a2dismod php7.0

啟用新版

sudo a2enmod php7.2

设置對應的PHP擴展为默认值

sudo update-alternatives --set phar /usr/bin/phar7.2

重啟apche服務器

sudo service apache2 restart

修改對應PHP配置文件

/etc/php/7.2/apache2/php.ini

移除不用的包。

sudo apt-get --purge remove php7.0*
sudo apt-get autoremove

各版本php如何切換請參考以下文檔

https://www.ostechnix.com/how-to-switch-between-multiple-php-versions-in-ubuntu/

https://www.cnblogs.com/feifeifanye/p/8660737.html

14. 数据备份及DB升級

可透过veeam备份或挂接NFS于本地使用shell备份。

sudo apt-get install nfs-common

#mount -t nfs nfs-server:/backup /backup

cat backup.sh

rsync -av /data /backup/nextcloud/kspan_$(date +%Y%m%d) && find /backup/nextcloud/ -name "*ks_20*" -mtime +7 -exec rm -rf {} \;

15. boot分区内核清理

uname -a 查看当前运行内核

dpkg --get-selections |grep linux-image 查看所有内核版本

sudo apt-get purge linux-image-4.10.0-28-generic 移除非当前使用版本

16. Ubuntu系統與數據庫升級

root@ksvdm:/home/ncadmin# do-release-upgrade

Checking for a new Ubuntu release

There is no development version of an LTS available.

To upgrade to the latest non-LTS develoment release

set Prompt=normal in /etc/update-manager/release-upgrades.

root@ksvdm:/home/ncadmin# vi /etc/update-manager/release-upgrades

https://websiteforstudents.com/upgrade-ubuntu-16-04-lts-to-ubuntu-18-04-lts-beta-server/

https://computingforgeeks.com/install-mariadb-10-on-ubuntu-18-04-and-centos-7/