什么是Nextcloud?
NextCloud 是使用 PHP语言开发,通常采用 LAMP(Linux+Apache+MySql+PHP) 或 LNMP 运行环境。NextCloud较OwnCloud功能更齐全,套件更完整,并支持LDAP/AD认证与office on line功能,更贴近企业需求,个人与企业强力推荐选用NextCloud。
特别说明:为避免掉到坑里,浪费设定时间,尽量采用官方建议实。
正式环境尽量采Snap或Docker方式以简化安装,可实现快速部署,网络上亦有打包成OVA虚机方式提供使用,导入后进行简单配置即可使用,参考网站:
https://www.techandme.se/nextcloud-vm/
本文档是依Unbunt16.04+nextcloud 13版为例
最新版参考
https://www.marksei.com/how-to-install-nextcloud-15-on-ubuntu/
-
分区、网络与防火墙设置
nextcloud支持多版本Ubuntu系统,官方优选ubuntu系统,正式环境强烈建议采用LVM分区以利后续扩容及调整硬盘空间大小。
本案例分区如下:
root@ksvdm:/etc/apt# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
data ubuntu -wi-ao---- <20.31g
root ubuntu -wi-ao---- <27.94g
swap ubuntu -wi-ao---- <7.63g
root@ksvdm:/etc/apt# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.2 LTS
Release: 18.04
Codename: bionic
-
2.Ubuntu缺省更新源為國外,若需要更改為國內更新源。
sudo cp /etc/apt/sources.list /etc/apt/sources.list_backup
vi /etc/apt/sources.list
將以下內容
CP
到
sources.list
文件中
deb http://mirrors.aliyun.com/ubuntu trusty main restricted
deb-src http://mirrors.aliyun.com/ubuntu trusty main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://mirrors.aliyun.com/ubuntu trusty-updates main restricted
deb-src http://mirrors.aliyun.com/ubuntu trusty-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://mirrors.aliyun.com/ubuntu trusty universe
deb-src http://mirrors.aliyun.com/ubuntu trusty universe
deb http://mirrors.aliyun.com/ubuntu trusty-updates universe
deb-src http://mirrors.aliyun.com/ubuntu trusty-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://mirrors.aliyun.com/ubuntu trusty multiverse
deb-src http://mirrors.aliyun.com/ubuntu trusty multiverse
deb http://mirrors.aliyun.com/ubuntu trusty-updates multiverse
deb-src http://mirrors.aliyun.com/ubuntu trusty-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://mirrors.aliyun.com/ubuntu trusty-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu trusty-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu trusty-security main restricted
deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
deb http://security.ubuntu.com/ubuntu trusty-security universe
deb-src http://security.ubuntu.com/ubuntu trusty-security universe
deb http://security.ubuntu.com/ubuntu trusty-security multiverse
deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse
然後执行以下命令,刷新:
sudo apt-get clean
sudo apt-get update
设定静态IP
edit interface
首先需要修改 vi /etc/network/interfaces
增加
auto ens192
iface ens192 inet static
address 192.168.78.18
netmask 255.255.255.0
gateway 192.168.78.251
#第二片网卡设定由DHCP自动获取IP
auto ens224
iface ens224 inet dhcp
透過nmtui圖形化設置網絡安裝以下套件
apt install network-manager
sudo service network-manager start
手动添加缺省网关
# route add default gw 192.168.1.254
$ sudo route add default gw 192.168.1.254
代理更新设置文件位置
cat /etc/apt/apt.conf
Acquire::http::Proxy "http://192.168.86.10:8080";
修改网卡名称为eth0
vi /etc/default/grub找到GRUB_CMDLINE_LINUX=""改为
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
然后sudo grub-mkconfig -o /boot/grub/grub.cfg
vi /etc/network/interfaces
将ens192修改成eth0
重启后,网卡名称变成了eth0
若系统为Ubuntu 18.04以上则還需要修改以下文件
vi /etc/netplan/*.yaml
network:
ethernets:
eth0:
addresses: []
dhcp4: true
version: 2
修改hostname名称
vi /etc/hostname
nextcloud
Ubuntu Server设置DNS Seach网域
root@nextcloud~# vi /etc/resolvconf/resolv.conf.d/base
search foxlink.com.tw
nameserver 10.37.1.201
nameserver 10.37.1.202
nameserver 8.8.8.8
nameserver 114.114.114.114
Ubuntu 18版需修改以下文件
sudo vi /etc/systemd/resolved.conf
[Resolve]
DNS=192.168.78.192
重启网络服务
sudo /etc/init.d/networking restart
禁用IPv6
vi /etc/sysctl.d/99-sysctl.conf
复制并粘贴以下3行在文件的底部。
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
保存并关闭文件。 然后执行以下命令加载上述更改。
sudo sysctl -p
root@ubuntu:~# vi /etc/sysctl.d/99-sysctl.conf
root@ubuntu:~# sudo sysctl -p
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
root@ubuntu:~# cat /proc/sys/net/ipv6/conf/all/disable_ipv6
1
设置防火墙
#systemctl start ufw
#systemctl enable ufw
#ufw allow http
#ufw allow https
#ufw allow 10000
#ufw allow 3306
#sudo ufw status
查看3306状态
#netstat -an | grep 3306
查看已经开放的端口
#nmap 127.0.0.1
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-15 02:00 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000030s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
3306/tcp open mysql
8443/tcp open https-alt
3. 可選項圖形化處理
sudo apt-get install xfce4
sudo apt-get install xubuntu-desktop
sudo apt-get install lightdm
或采用VNC方案
apt-get install vnc4server xfce4
vi ~/.vnc/xstartup
#!/bin/sh
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
#xrdb $HOME/.Xresources
#xsettroot -solid grey
#startxfce4&
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#x-window-manager &
sesion-manager & xfdesktop & xfce4-panel &
xfce4-menu-plugin &
xfsettingsd &
xfconfd &
xfwm4 &
安裝mac效果
sudo apt install docky
安裝chrome
https://www.cnblogs.com/d442130165/p/8629468.html
4. 可選項升級ubuntu server
執行以下指令可以進行版本升級ubuntu server
do-release-upgrade
5. 安装apache、mariadb、php及其组件
# apt-get install apache2 php7.2 bzip2
# apt-get install libapache2-mod-php php-gd php-json php-mysql php-curl php-mbstring
# apt-get install php-intl php-imagick php-xml php-zip php-ldap
安装完可以透php -m命令查看已经安装的PHP套件。
15版要求7.2版以上,建议依官方要求安装所需版本。
6. Apache其它配置及启用相关模块
a2enmod rewrite headers env dir mime setenvif ssl
service apache2 restart
7. 配置MariaDB及远程访问
mysql_secure_installation 初始化数据库
root@ubuntu:~# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
root@ubuntu:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 47
Server version: 10.0.34-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.06 sec)
MariaDB [(none)]>status;
--------------
mysql Ver 15.1 Distrib 10.0.34-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
Connection id: 47
Current database:
Current user: root@localhost
SSL: Not in use
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server: MariaDB
Server version: 10.0.34-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8mb4
Conn. characterset: utf8mb4
UNIX socket: /var/run/mysqld/mysqld.sock
Uptime: 7 days 21 hours 58 min 28 sec
Threads: 1 Questions: 159 Slow queries: 0 Opens: 15 Flush tables: 1 Open tables: 78 Queries per second avg: 0.000
--------------
MariaDB [(none)]>
CREATE DATABASE nextcloud;
CREATE USER 'ncadmin'@'localhost' IDENTIFIED BY 'F0x1ink';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'ncadmin'@'localhost';
FLUSH PRIVILEGES;
When you’are done type Ctrl-D to exit.
远程访问管理
1.注销掉本地访问bind或指定IP
vi /etc/mysql/my.cnf
#bind-address = 127.0.0.1
service mysql restart or
systemctl restart mariadb
2.对远程访问赋权
mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 200589
Server version: 10.0.34-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
-使用nextcloud系统数据库
use nextcloud;
--配置192.168.86.30可以通过root:foxlink访问数据库
GRANT ALL PRIVILEGES ON *.* to 'root'@'192.168.86.30' identified by 'F0x1ink';
从mysql数据库中的授权表重新载入权限
flush privileges;
查看用户权限是否变更
MariaDB [mysql]> select Host,User from user where User='root';
+--------------+------+
| Host | User |
+--------------+------+
| 192.168.31.% | root |
| 192.168.8.% | root |
| 192.168.86.% | root |
| localhost | root |
+--------------+------+
4 rows in set (0.001 sec)
8. Install NextCloud
# cd /var/www
# wget https://download.nextcloud.com/server/releases/nextcloud13.0.7.zip
# unzip nextcloud13.0.7.zip
# chown -R www-data:www-data nextcloud
将数据指LVM分区/data,以利以后扩容及数据备份
#mkdir /data
chown -R www-data:www-data /data
vi /etc/apache2/sites-available/nextcloud.conf
Alias /nextcloud "/var/www/nextcloud/"
Options +FollowSymlinks
AllowOverride All
Dav off
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
ln -s /etc/apache2/sites-available/nextcloud.conf /etc/apache2/sites-enabled/nextcloud.conf
vi /etc/apache2/sites-available/000-default.conf 修改缺省目录
DocumentRoot /var/www/nextcloud
a2ensite nextcloud
a2enmod rewrite headers env dir mime
9. 配置nextcloud
透过浏览器打开http://nextcloud_host_ip/
输入在数据库创建的账号与密码,服务器主机地址与端口,本安装方案可以不用输入。
10. 导入SSL加密证书
cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/nextcloud-ssl.conf
vi /etc/apache2/sites-available/nextcloud-ssl.conf
ServerAdmin webmaster@localhost
ServerName ksvdm.foxlink.com.tw
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
DocumentRoot /var/www/nextcloud
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
Dav off
SetEnv Home /var/www/nextcloud
SetEnv HTTPS_HOME /var/www/netcloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateFile /etc/apache2/ssl/cert.crt
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateKeyFile /etc/apache2/ssl/privkey.key
SSLCACertificateFile /etc/apache2/ssl/chain.crt
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
ln -s /etc/apache2/sites-available/nextcloud-ssl.conf /etc/apache2/sites-enabled/nextcloud-ssl.conf
mkdir /etc/apache2/ssl 将证书与私钥Copy到此目录,重启apache服务.
service apache2 restart
11. 账号忘记处理方法
https://www.cnblogs.com/keithtt/p/6922378.html
1.添加Webmin存储库
#echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list
2.安装Webmin PGP密钥,授信任新的存储库:
#wget http://www.webmin.com/jcameron-key.asc
#sudo apt-key add jcameron-key.asc
3.更新软件库及安装webmin
#sudo apt-get update
#sudo apt-get install webmin
输出以下信息表示完成。
Webmin install complete. You can now login to
https://your_server_ip:10000 as root with your
root password, or as any user who can use `sudo`.
12. 常见异常处理、优化與升級
不同版本或环境警安全检查警告不同,常见如下:
内存缓存告警处理
sudo apt install php-apcu redis-server php-redis
systemctl start redis
systemctl enable redis
Ubuntu 18版需修改以下文件
sudo apt-get install redis-server
sudo nano /etc/redis/redis.conf
supervised on 修改=> systemd
bind 127.0.0.1
systemctl restart redis-server
systemctl enable redis-server
检查Redis服务器状态
netstat -nlt|grep 6379
检查Redis服务器系统进程
ncamin@ksnc:/home/ncadmin# ps -agx|grep redis
1700 ? Ssl 0:00 /usr/bin/redis-server 127.0.0.1:6379
2459 pts/0 S+ 0:00 grep --color=auto redistcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN
tcp6 0 0 ::1:6379 :::* LISTEN
通过启动命令检查Redis服务器状态
systemctl start redis-server
systemctl status redis-server
然后修改
vi /var/www/nextcloud/config/config.php加入以下参数。
'memcache.local' => '\OC\Memcache\APCu',
'filelocking.enabled' => true,
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
'host' => 'localhost',
'port' => 6379,
'timeout' => 3,
],
更详细请参考:
https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html - recommendations-based-on-type-of-deployment
PHP性能告警处理
vi /etc/php/7.0/apache2/php.ini
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1
处理完后,再次检查结果表示正常。
参考:Other: https://www.marksei.com/how-to-install-nextcloud-13-on-ubuntu/
https://bayton.org/docs/nextcloud/installing-nextcloud-on-ubuntu-16-04-lts-with-redis-apcu-ssl-apache/ - 1-what-is-nextcloudhttps://www.marksei.com/how-to-install-nextcloud-15-on-ubuntu/
升级到14.04异常处理
1. 在数据表“oc_share”中无法找到索引“parent_index”
在数据表“oc_filecache”中无法找到索引“fs_mtime”
root@ksvdm:/var/www/nextcloud# sudo -u www-data php occ db:add-missing-indices
[root@ksnc nextcloud]# sudo -u apache php occ db:add-missing-indices
The current PHP memory limit is below the recommended value of 512MB.
Check indices of the share table.
Adding additional owner index to the share table, this can take some time...
Share table updated successfully.
Adding additional initiator index to the share table, this can take some time...
Share table updated successfully.
sudo -u www-data php occ db:convert-filecache-bigint
CentOS 7则执行以下指令
sudo -u apache php occ db:add-missing-indices
vi /var/www/nextcloud/.htacces
加入Header set Referrer-Policy "no-referrer"
排程报错处理
crontab -u www-data -e
*/15 * * * * php -f /var/www/nextcloud/cron.php
升级15.0.x異常排除
oot@ksvdm:/var/www/nextcloud# sudo -u www-data php occ db:convert-filecache-bigint
Following columns will be updated:
* filecache.mtime
* filecache.storage_mtime
This can take up to hours, depending on the number of files in your instance!
Continue with the conversion (y/n)? [n] y
sudo -u www-data php occ integrity:check-app $appid
升级PHP版本
直接命令升级
add-apt-repository ppa:ondrej/php
$ apt-get update
$ apt-get upgrade php
升级后安装对应的扩展
# apt-get install bzip2 libapache2-mod-php php-gd php-json php-mysql php-curl php-mbstring
# apt-get install php-intl php-imagick php-xml php-zip php-ladp
升級到16.x版
vi /etc/php/7.2/apache2/php.ini
memory_limit = 128M 改成512M
CentOS7修改位置為
vi /etc/php.ini
数据库丢失了一些索引。由于给大的数据表添加索引会耗费一些时间,因此程序没有自动对其进行修复。您可以在 Nextcloud 运行时通过命令行手动执行 "occ db:add-missing-indices" 命令修复丢失的索引。索引修复后会大大提高相应表的查询速度。
sudo -u www-data php occ db:add-missing-indices
13. 切換所需PHP版本
sudo update-alternatives --config php
或使用以下命令禁用舊版
sudo a2dismod php7.0
啟用新版
sudo a2enmod php7.2
设置對應的PHP擴展为默认值
sudo update-alternatives --set phar /usr/bin/phar7.2
重啟apche服務器
sudo service apache2 restart
修改對應PHP配置文件
/etc/php/7.2/apache2/php.ini
移除不用的包。
sudo apt-get --purge remove php7.0*
sudo apt-get autoremove
各版本php如何切換請參考以下文檔
https://www.ostechnix.com/how-to-switch-between-multiple-php-versions-in-ubuntu/
https://www.cnblogs.com/feifeifanye/p/8660737.html
14. 数据备份及DB升級
可透过veeam备份或挂接NFS于本地使用shell备份。
sudo apt-get install nfs-common
#mount -t nfs nfs-server:/backup /backup
cat backup.sh
rsync -av /data /backup/nextcloud/kspan_$(date +%Y%m%d) && find /backup/nextcloud/ -name "*ks_20*" -mtime +7 -exec rm -rf {} \;
15. boot分区内核清理
uname -a 查看当前运行内核
dpkg --get-selections |grep linux-image 查看所有内核版本
sudo apt-get purge linux-image-4.10.0-28-generic 移除非当前使用版本
16. Ubuntu系統與數據庫升級
root@ksvdm:/home/ncadmin# do-release-upgrade
Checking for a new Ubuntu release
There is no development version of an LTS available.
To upgrade to the latest non-LTS develoment release
set Prompt=normal in /etc/update-manager/release-upgrades.
root@ksvdm:/home/ncadmin# vi /etc/update-manager/release-upgrades
https://websiteforstudents.com/upgrade-ubuntu-16-04-lts-to-ubuntu-18-04-lts-beta-server/
https://computingforgeeks.com/install-mariadb-10-on-ubuntu-18-04-and-centos-7/