centos7.6 安装nextcloud

在 CentOS 7 中安装 Nginx 和 PHP7-FPM

下面展示同样高亮的 代码片.

login as: root
root@192.168.20.12's password:
Access denied
root@192.168.20.12's password:
Last failed login: Tue Mar 29 09:23:50 CST 2022 from 192.168.20.1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Tue Mar 29 09:21:05 2022
[root@localhost ~]# $ sudo yum -y install epel-release
bash: $: 未找到命令...
[root@localhost ~]# $yum -y install epel-release
bash: -y: 未找到命令...
[root@localhost ~]# yum -y install epel-release
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: centosc9.centos.org
正在解决依赖关系
--> 正在检查事务
---> 软件包 epel-release.noarch.0.7-11 将被 安装
--> 解决依赖关系完成

依赖关系解决

================================================================================
 Package                架构             版本            源                大小
================================================================================
正在安装:
 epel-release           noarch           7-11            extras            15 k

事务概要
================================================================================
安装  1 软件包

总下载量:15 k
安装大小:24 k
Downloading packages:
警告:/var/cache/yum/x86_64/7/extras/packages/epel-release-7-11.noarch.rpm:V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
epel-release-7-11.noarch.rpm 的公钥尚未安装
epel-release-7-11.noarch.rpm                               |  15 kB   00:00
从 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 检索密钥
导入 GPG key 0xF4A80EB5:
 用户ID     : "CentOS-7 Key (CentOS 7 Official Signing Key) "
 指纹       : 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 软件包     : centos-release-7-7.1908.0.el7.centos.x86_64 (@anaconda)
 来自       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在安装    : epel-release-7-11.noarch                                    1/1
  验证中      : epel-release-7-11.noarch                                    1/1

已安装:
  epel-release.noarch 0:7-11

完毕!
[root@localhost ~]# yum -y install nginx
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                                     | 9.8 kB     00:00
 * base: mirrors.aliyun.com
 * epel: mirror.sjtu.edu.cn
 * extras: mirrors.aliyun.com
 * updates: centosc9.centos.org
epel                                                     | 4.7 kB     00:00
(1/3): epel/x86_64/group_gz                                |  96 kB   00:00
(2/3): epel/x86_64/primary_db                              | 7.0 MB   00:00
(3/3): epel/x86_64/updateinfo                              | 1.1 MB   00:00
正在解决依赖关系
--> 正在检查事务
---> 软件包 nginx.x86_64.1.1.20.1-9.el7 将被 安装
--> 正在处理依赖关系 nginx-filesystem = 1:1.20.1-9.el7,它被软件包 1:nginx-1.20.1-9.el7.x86_64 需要
--> 正在处理依赖关系 libcrypto.so.1.1(OPENSSL_1_1_0)(64bit),它被软件包 1:nginx-1.20.1-9.el7.x86_64 需要
--> 正在处理依赖关系 libssl.so.1.1(OPENSSL_1_1_0)(64bit),它被软件包 1:nginx-1.20.1-9.el7.x86_64 需要
--> 正在处理依赖关系 libssl.so.1.1(OPENSSL_1_1_1)(64bit),它被软件包 1:nginx-1.20.1-9.el7.x86_64 需要
--> 正在处理依赖关系 nginx-filesystem,它被软件包 1:nginx-1.20.1-9.el7.x86_64 需要
--> 正在处理依赖关系 libcrypto.so.1.1()(64bit),它被软件包 1:nginx-1.20.1-9.el7.x86_64 需要
--> 正在处理依赖关系 libssl.so.1.1()(64bit),它被软件包 1:nginx-1.20.1-9.el7.x86_64 需要
--> 正在检查事务
---> 软件包 nginx-filesystem.noarch.1.1.20.1-9.el7 将被 安装
---> 软件包 openssl11-libs.x86_64.1.1.1.1k-2.el7 将被 安装
--> 解决依赖关系完成

依赖关系解决

================================================================================
 Package                 架构          版本                   源           大小
================================================================================
正在安装:
 nginx                   x86_64        1:1.20.1-9.el7         epel        587 k
为依赖而安装:
 nginx-filesystem        noarch        1:1.20.1-9.el7         epel         24 k
 openssl11-libs          x86_64        1:1.1.1k-2.el7         epel        1.5 M

事务概要
================================================================================
安装  1 软件包 (+2 依赖软件包)

总下载量:2.1 M
安装大小:5.2 M
Downloading packages:
警告:/var/cache/yum/x86_64/7/epel/packages/nginx-1.20.1-9.el7.x86_64.rpm:V4 RSA/SHA256 Signature, 密钥 ID 352c64e5: NOKEY
nginx-1.20.1-9.el7.x86_64.rpm 的公钥尚未安装
(1/3): nginx-1.20.1-9.el7.x86_64.rpm                       | 587 kB   00:00
(2/3): nginx-filesystem-1.20.1-9.el7.noarch.rpm            |  24 kB   00:00
(3/3): openssl11-libs-1.1.1k-2.el7.x86_64.rpm              | 1.5 MB   00:00
--------------------------------------------------------------------------------
总计                                               4.4 MB/s | 2.1 MB  00:00
从 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 检索密钥
导入 GPG key 0x352C64E5:
 用户ID     : "Fedora EPEL (7) "
 指纹       : 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
 软件包     : epel-release-7-11.noarch (@extras)
 来自       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在安装    : 1:openssl11-libs-1.1.1k-2.el7.x86_64                        1/3
  正在安装    : 1:nginx-filesystem-1.20.1-9.el7.noarch                      2/3
  正在安装    : 1:nginx-1.20.1-9.el7.x86_64                                 3/3
  验证中      : 1:nginx-filesystem-1.20.1-9.el7.noarch                      1/3
  验证中      : 1:openssl11-libs-1.1.1k-2.el7.x86_64                        2/3
  验证中      : 1:nginx-1.20.1-9.el7.x86_64                                 3/3

已安装:
  nginx.x86_64 1:1.20.1-9.el7

作为依赖被安装:
  nginx-filesystem.noarch 1:1.20.1-9.el7  openssl11-libs.x86_64 1:1.1.1k-2.el7

完毕!
[root@localhost ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
获取https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
警告:/var/tmp/rpm-tmp.hFBEt7:V4 RSA/SHA1 Signature, 密钥 ID 62e74ca5: NOKEY
准备中...                          ################################# [100%]
正在升级/安装...
   1:webtatic-release-7-3             ################################# [100%]
[root@localhost ~]# yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * epel: mirrors.njupt.edu.cn
 * extras: mirrors.aliyun.com
 * updates: centosc9.centos.org
 * webtatic: uk.repo.webtatic.com
webtatic                                                 | 3.6 kB     00:00
(1/2): webtatic/x86_64/primary_db                          | 271 kB   00:02
(2/2): webtatic/x86_64/group_gz                            |  448 B   00:03
正在解决依赖关系
--> 正在检查事务
---> 软件包 php70w-cli.x86_64.0.7.0.33-1.w7 将被 安装
---> 软件包 php70w-common.x86_64.0.7.0.33-1.w7 将被 安装
---> 软件包 php70w-fpm.x86_64.0.7.0.33-1.w7 将被 安装
---> 软件包 php70w-gd.x86_64.0.7.0.33-1.w7 将被 安装
---> 软件包 php70w-mbstring.x86_64.0.7.0.33-1.w7 将被 安装
---> 软件包 php70w-mcrypt.x86_64.0.7.0.33-1.w7 将被 安装
--> 正在处理依赖关系 libmcrypt.so.4()(64bit),它被软件包 php70w-mcrypt-7.0.33-1.w7.x86_64 需要
---> 软件包 php70w-mysql.x86_64.0.7.0.33-1.w7 将被 安装
---> 软件包 php70w-pdo.x86_64.0.7.0.33-1.w7 将被 安装
---> 软件包 php70w-pear.noarch.1.1.10.4-1.w7 将被 安装
--> 正在处理依赖关系 php70w-posix,它被软件包 1:php70w-pear-1.10.4-1.w7.noarch 需要
---> 软件包 php70w-pecl-apcu.x86_64.0.5.1.9-1.w7 将被 安装
---> 软件包 php70w-pecl-apcu-devel.x86_64.0.5.1.9-1.w7 将被 安装
--> 正在处理依赖关系 php-devel,它被软件包 php70w-pecl-apcu-devel-5.1.9-1.w7.x86_64 需要
---> 软件包 php70w-xml.x86_64.0.7.0.33-1.w7 将被 安装
--> 正在检查事务
---> 软件包 libmcrypt.x86_64.0.2.5.8-13.el7 将被 安装
---> 软件包 php70w-devel.x86_64.0.7.0.33-1.w7 将被 安装
--> 正在处理依赖关系 pcre-devel(x86-64),它被软件包 php70w-devel-7.0.33-1.w7.x86_64 需要
---> 软件包 php70w-process.x86_64.0.7.0.33-1.w7 将被 安装
--> 正在检查事务
---> 软件包 pcre-devel.x86_64.0.8.32-17.el7 将被 安装
--> 解决依赖关系完成

依赖关系解决

================================================================================
 Package                     架构        版本               源             大小
================================================================================
正在安装:
 php70w-cli                  x86_64      7.0.33-1.w7        webtatic      2.9 M
 php70w-common               x86_64      7.0.33-1.w7        webtatic      1.2 M
 php70w-fpm                  x86_64      7.0.33-1.w7        webtatic      1.5 M
 php70w-gd                   x86_64      7.0.33-1.w7        webtatic      135 k
 php70w-mbstring             x86_64      7.0.33-1.w7        webtatic      544 k
 php70w-mcrypt               x86_64      7.0.33-1.w7        webtatic       28 k
 php70w-mysql                x86_64      7.0.33-1.w7        webtatic       84 k
 php70w-pdo                  x86_64      7.0.33-1.w7        webtatic       93 k
 php70w-pear                 noarch      1:1.10.4-1.w7      webtatic      340 k
 php70w-pecl-apcu            x86_64      5.1.9-1.w7         webtatic       79 k
 php70w-pecl-apcu-devel      x86_64      5.1.9-1.w7         webtatic       22 k
 php70w-xml                  x86_64      7.0.33-1.w7        webtatic      131 k
为依赖而安装:
 libmcrypt                   x86_64      2.5.8-13.el7       epel           99 k
 pcre-devel                  x86_64      8.32-17.el7        base          480 k
 php70w-devel                x86_64      7.0.33-1.w7        webtatic      2.6 M
 php70w-process              x86_64      7.0.33-1.w7        webtatic       43 k

事务概要
================================================================================
安装  12 软件包 (+4 依赖软件包)

总下载量:10 M
安装大小:45 M
Downloading packages:
(1/16): libmcrypt-2.5.8-13.el7.x86_64.rpm                  |  99 kB   00:00
(2/16): pcre-devel-8.32-17.el7.x86_64.rpm                  | 480 kB   00:00
warning: /var/cache/yum/x86_64/7/webtatic/packages/php70w-fpm-7.0.33-1.w7.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 62e74ca5: NOKEY
php70w-fpm-7.0.33-1.w7.x86_64.rpm 的公钥尚未安装
(3/16): php70w-fpm-7.0.33-1.w7.x86_64.rpm                  | 1.5 MB   00:04
(4/16): php70w-cli-7.0.33-1.w7.x86_64.rpm                  | 2.9 MB   00:12
(5/16): php70w-gd-7.0.33-1.w7.x86_64.rpm                   | 135 kB   00:00
(6/16): php70w-common-7.0.33-1.w7.x86_64.rpm               | 1.2 MB   00:14
(7/16): php70w-mcrypt-7.0.33-1.w7.x86_64.rpm               |  28 kB   00:00
(8/16): php70w-mysql-7.0.33-1.w7.x86_64.rpm                |  84 kB   00:00
(9/16): php70w-mbstring-7.0.33-1.w7.x86_64.rpm             | 544 kB   00:02
(10/16): php70w-pdo-7.0.33-1.w7.x86_64.rpm                 |  93 kB   00:00
(11/16): php70w-pecl-apcu-5.1.9-1.w7.x86_64.rpm            |  79 kB   00:00
(12/16): php70w-pecl-apcu-devel-5.1.9-1.w7.x86_64.rpm      |  22 kB   00:00
(13/16): php70w-pear-1.10.4-1.w7.noarch.rpm                | 340 kB   00:00
(14/16): php70w-process-7.0.33-1.w7.x86_64.rpm             |  43 kB   00:00
(15/16): php70w-xml-7.0.33-1.w7.x86_64.rpm                 | 131 kB   00:00
(16/16): php70w-devel-7.0.33-1.w7.x86_64.rpm               | 2.6 MB   00:23
--------------------------------------------------------------------------------
总计                                               430 kB/s |  10 MB  00:23
从 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-webtatic-el7 检索密钥
导入 GPG key 0x62E74CA5:
 用户ID     : "Webtatic EL7 "
 指纹       : 830d b159 6d9b 9b01 99dc 24a3 e87f d236 62e7 4ca5
 软件包     : webtatic-release-7-3.noarch (installed)
 来自       : /etc/pki/rpm-gpg/RPM-GPG-KEY-webtatic-el7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
警告:RPM 数据库已被非 yum 程序修改。
  正在安装    : php70w-common-7.0.33-1.w7.x86_64                           1/16
  正在安装    : php70w-cli-7.0.33-1.w7.x86_64                              2/16
  正在安装    : php70w-xml-7.0.33-1.w7.x86_64                              3/16
  正在安装    : php70w-process-7.0.33-1.w7.x86_64                          4/16
  正在安装    : 1:php70w-pear-1.10.4-1.w7.noarch                           5/16
  正在安装    : php70w-pecl-apcu-5.1.9-1.w7.x86_64                         6/16
  正在安装    : php70w-pdo-7.0.33-1.w7.x86_64                              7/16
  正在安装    : libmcrypt-2.5.8-13.el7.x86_64                              8/16
  正在安装    : pcre-devel-8.32-17.el7.x86_64                              9/16
  正在安装    : php70w-devel-7.0.33-1.w7.x86_64                           10/16
  正在安装    : php70w-pecl-apcu-devel-5.1.9-1.w7.x86_64                  11/16
  正在安装    : php70w-mcrypt-7.0.33-1.w7.x86_64                          12/16
  正在安装    : php70w-mysql-7.0.33-1.w7.x86_64                           13/16
  正在安装    : php70w-gd-7.0.33-1.w7.x86_64                              14/16
  正在安装    : php70w-mbstring-7.0.33-1.w7.x86_64                        15/16
  正在安装    : php70w-fpm-7.0.33-1.w7.x86_64                             16/16
  验证中      : php70w-xml-7.0.33-1.w7.x86_64                              1/16
  验证中      : php70w-cli-7.0.33-1.w7.x86_64                              2/16
  验证中      : php70w-process-7.0.33-1.w7.x86_64                          3/16
  验证中      : php70w-gd-7.0.33-1.w7.x86_64                               4/16
  验证中      : php70w-mcrypt-7.0.33-1.w7.x86_64                           5/16
  验证中      : 1:php70w-pear-1.10.4-1.w7.noarch                           6/16
  验证中      : php70w-mysql-7.0.33-1.w7.x86_64                            7/16
  验证中      : php70w-mbstring-7.0.33-1.w7.x86_64                         8/16
  验证中      : pcre-devel-8.32-17.el7.x86_64                              9/16
  验证中      : php70w-common-7.0.33-1.w7.x86_64                          10/16
  验证中      : php70w-pdo-7.0.33-1.w7.x86_64                             11/16
  验证中      : libmcrypt-2.5.8-13.el7.x86_64                             12/16
  验证中      : php70w-pecl-apcu-devel-5.1.9-1.w7.x86_64                  13/16
  验证中      : php70w-fpm-7.0.33-1.w7.x86_64                             14/16
  验证中      : php70w-devel-7.0.33-1.w7.x86_64                           15/16
  验证中      : php70w-pecl-apcu-5.1.9-1.w7.x86_64                        16/16

已安装:
  php70w-cli.x86_64 0:7.0.33-1.w7
  php70w-common.x86_64 0:7.0.33-1.w7
  php70w-fpm.x86_64 0:7.0.33-1.w7
  php70w-gd.x86_64 0:7.0.33-1.w7
  php70w-mbstring.x86_64 0:7.0.33-1.w7
  php70w-mcrypt.x86_64 0:7.0.33-1.w7
  php70w-mysql.x86_64 0:7.0.33-1.w7
  php70w-pdo.x86_64 0:7.0.33-1.w7
  php70w-pear.noarch 1:1.10.4-1.w7
  php70w-pecl-apcu.x86_64 0:5.1.9-1.w7
  php70w-pecl-apcu-devel.x86_64 0:5.1.9-1.w7
  php70w-xml.x86_64 0:7.0.33-1.w7

作为依赖被安装:
  libmcrypt.x86_64 0:2.5.8-13.el7       pcre-devel.x86_64 0:8.32-17.el7
  php70w-devel.x86_64 0:7.0.33-1.w7     php70w-process.x86_64 0:7.0.33-1.w7

完毕!
[root@localhost ~]# php -v
PHP 7.0.33 (cli) (built: Dec  6 2018 22:30:44) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
[root@localhost ~]#

步骤 2 - 配置 PHP7-FPM

[root@localhost ~]# php -v
PHP 7.0.33 (cli) (built: Dec  6 2018 22:30:44) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
[root@localhost ~]# vim /etc/php-fpm.d/www.conf
[root@localhost ~]#

在第 8 行和第 10行,user 和 group 赋值为 nginx。

user = nginx
group = nginx

在第 22 行,确保 php-fpm 运行在指定端口。

取消第 366-370 行的注释,启用 php-fpm 的系统环境变量。

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

保存文件并退出 vim 编辑器。

下一步,就是在 /var/lib/ 目录下创建一个新的文件夹 session,并将其拥有者变更为 nginx 用户。

[root@localhost ~]# mkdir -p /var/lib/php/session
[root@localhost ~]# chown nginx:nginx -R /var/lib/php/session/
[root@localhost ~]#

然后启动 php-fpm 和 Nginx,并且将它们设置为随开机启动的服务。

[root@localhost ~]# sudo systemctl start php-fpm
[root@localhost ~]# sudo systemctl start nginx
[root@localhost ~]# sudo systemctl enable php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
[root@localhost ~]# sudo systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@localhost ~]#

在 CentOS 7 中安装 安装和配置 MariaDB

我这里使用 MariaDB 作为 Nextcloud 的数据库。可以直接使用 yum 命令从 CentOS 默认远程仓库中安装 mariadb-server 包。

[root@localhost ~]# yum -y install mariadb mariadb-server
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * epel: mirror.sjtu.edu.cn
 * extras: mirrors.aliyun.com
 * updates: centosc9.centos.org
 * webtatic: us-east.repo.webtatic.com
正在解决依赖关系
--> 正在检查事务
---> 软件包 mariadb.x86_64.1.5.5.68-1.el7 将被 安装
--> 正在处理依赖关系 mariadb-libs(x86-64) = 1:5.5.68-1.el7,它被软件包 1:mariadb-5.5.68-1.el7.x86_64 需要
---> 软件包 mariadb-server.x86_64.1.5.5.68-1.el7 将被 安装
--> 正在处理依赖关系 perl-DBI,它被软件包 1:mariadb-server-5.5.68-1.el7.x86_64 需要
--> 正在处理依赖关系 perl-DBD-MySQL,它被软件包 1:mariadb-server-5.5.68-1.el7.x86_64 需要
--> 正在处理依赖关系 perl(DBI),它被软件包 1:mariadb-server-5.5.68-1.el7.x86_64 需要
--> 正在检查事务
---> 软件包 mariadb-libs.x86_64.1.5.5.64-1.el7 将被 升级
---> 软件包 mariadb-libs.x86_64.1.5.5.68-1.el7 将被 更新
---> 软件包 perl-DBD-MySQL.x86_64.0.4.023-6.el7 将被 安装
---> 软件包 perl-DBI.x86_64.0.1.627-4.el7 将被 安装
--> 正在处理依赖关系 perl(RPC::PlServer) >= 0.2001,它被软件包 perl-DBI-1.627-4.el7.x86_64 需要
--> 正在处理依赖关系 perl(RPC::PlClient) >= 0.2000,它被软件包 perl-DBI-1.627-4.el7.x86_64 需要
--> 正在检查事务
---> 软件包 perl-PlRPC.noarch.0.0.2020-14.el7 将被 安装
--> 正在处理依赖关系 perl(Net::Daemon) >= 0.13,它被软件包 perl-PlRPC-0.2020-14.el7.noarch 需要
--> 正在处理依赖关系 perl(Net::Daemon::Test),它被软件包 perl-PlRPC-0.2020-14.el7.noarch 需要
--> 正在处理依赖关系 perl(Net::Daemon::Log),它被软件包 perl-PlRPC-0.2020-14.el7.noarch 需要
--> 正在处理依赖关系 perl(Compress::Zlib),它被软件包 perl-PlRPC-0.2020-14.el7.noarch 需要
--> 正在检查事务
---> 软件包 perl-IO-Compress.noarch.0.2.061-2.el7 将被 安装
--> 正在处理依赖关系 perl(Compress::Raw::Zlib) >= 2.061,它被软件包 perl-IO-Compress-2.061-2.el7.noarch 需要
--> 正在处理依赖关系 perl(Compress::Raw::Bzip2) >= 2.061,它被软件包 perl-IO-Compress-2.061-2.el7.noarch 需要
---> 软件包 perl-Net-Daemon.noarch.0.0.48-5.el7 将被 安装
--> 正在检查事务
---> 软件包 perl-Compress-Raw-Bzip2.x86_64.0.2.061-3.el7 将被 安装
---> 软件包 perl-Compress-Raw-Zlib.x86_64.1.2.061-4.el7 将被 安装
--> 解决依赖关系完成

依赖关系解决

================================================================================
 Package                      架构        版本                  源         大小
================================================================================
正在安装:
 mariadb                      x86_64      1:5.5.68-1.el7        base      8.8 M
 mariadb-server               x86_64      1:5.5.68-1.el7        base       11 M
为依赖而安装:
 perl-Compress-Raw-Bzip2      x86_64      2.061-3.el7           base       32 k
 perl-Compress-Raw-Zlib       x86_64      1:2.061-4.el7         base       57 k
 perl-DBD-MySQL               x86_64      4.023-6.el7           base      140 k
 perl-DBI                     x86_64      1.627-4.el7           base      802 k
 perl-IO-Compress             noarch      2.061-2.el7           base      260 k
 perl-Net-Daemon              noarch      0.48-5.el7            base       51 k
 perl-PlRPC                   noarch      0.2020-14.el7         base       36 k
为依赖而更新:
 mariadb-libs                 x86_64      1:5.5.68-1.el7        base      760 k

事务概要
================================================================================
安装  2 软件包 (+7 依赖软件包)
升级           ( 1 依赖软件包)

总下载量:22 M
Downloading packages:
No Presto metadata available for base
(1/10): mariadb-libs-5.5.68-1.el7.x86_64.rpm               | 760 kB   00:00
(2/10): mariadb-server-5.5.68-1.el7.x86_64.rpm             |  11 MB   00:00
(3/10): mariadb-5.5.68-1.el7.x86_64.rpm                    | 8.8 MB   00:00
(4/10): perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64.rpm     |  32 kB   00:00
(5/10): perl-DBD-MySQL-4.023-6.el7.x86_64.rpm              | 140 kB   00:00
(6/10): perl-DBI-1.627-4.el7.x86_64.rpm                    | 802 kB   00:00
(7/10): perl-IO-Compress-2.061-2.el7.noarch.rpm            | 260 kB   00:00
(8/10): perl-Net-Daemon-0.48-5.el7.noarch.rpm              |  51 kB   00:00
(9/10): perl-PlRPC-0.2020-14.el7.noarch.rpm                |  36 kB   00:00
(10/10): perl-Compress-Raw-Zlib-2.061-4.el7.x86_64.rpm     |  57 kB   00:01
--------------------------------------------------------------------------------
总计                                               8.5 MB/s |  22 MB  00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在更新    : 1:mariadb-libs-5.5.68-1.el7.x86_64                         1/11
  正在安装    : 1:mariadb-5.5.68-1.el7.x86_64                              2/11
  正在安装    : 1:perl-Compress-Raw-Zlib-2.061-4.el7.x86_64                3/11
  正在安装    : perl-Net-Daemon-0.48-5.el7.noarch                          4/11
  正在安装    : perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64                 5/11
  正在安装    : perl-IO-Compress-2.061-2.el7.noarch                        6/11
  正在安装    : perl-PlRPC-0.2020-14.el7.noarch                            7/11
  正在安装    : perl-DBI-1.627-4.el7.x86_64                                8/11
  正在安装    : perl-DBD-MySQL-4.023-6.el7.x86_64                          9/11
  正在安装    : 1:mariadb-server-5.5.68-1.el7.x86_64                      10/11
  清理        : 1:mariadb-libs-5.5.64-1.el7.x86_64                        11/11
  验证中      : perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64                 1/11
  验证中      : perl-Net-Daemon-0.48-5.el7.noarch                          2/11
  验证中      : 1:mariadb-libs-5.5.68-1.el7.x86_64                         3/11
  验证中      : 1:mariadb-server-5.5.68-1.el7.x86_64                       4/11
  验证中      : perl-DBD-MySQL-4.023-6.el7.x86_64                          5/11
  验证中      : 1:mariadb-5.5.68-1.el7.x86_64                              6/11
  验证中      : 1:perl-Compress-Raw-Zlib-2.061-4.el7.x86_64                7/11
  验证中      : perl-DBI-1.627-4.el7.x86_64                                8/11
  验证中      : perl-IO-Compress-2.061-2.el7.noarch                        9/11
  验证中      : perl-PlRPC-0.2020-14.el7.noarch                           10/11
  验证中      : 1:mariadb-libs-5.5.64-1.el7.x86_64                        11/11

已安装:
  mariadb.x86_64 1:5.5.68-1.el7       mariadb-server.x86_64 1:5.5.68-1.el7

作为依赖被安装:
  perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7
  perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7
  perl-DBD-MySQL.x86_64 0:4.023-6.el7
  perl-DBI.x86_64 0:1.627-4.el7
  perl-IO-Compress.noarch 0:2.061-2.el7
  perl-Net-Daemon.noarch 0:0.48-5.el7
  perl-PlRPC.noarch 0:0.2020-14.el7

作为依赖被升级:
  mariadb-libs.x86_64 1:5.5.68-1.el7

完毕!
[root@localhost ~]#

启动 MariaDB,并将其添加到随系统启动的服务中去。配置 MariaDB 的 root 用户密码。

[root@localhost ~]# systemctl start mariadb
[root@localhost ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@localhost ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
[root@localhost ~]#


登录到 mysql shell 并为 Nextcloud 创建一个新的数据库和用户。这里我创建名为 nextcloud_db 的数据库以及名为 nextclouduser 的用户,用户密码为 nextclouduser@。当然了,要给你自己的系统选用一个更安全的密码。
登录数据库

[root@localhost ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 5.5.68-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

输入以下 mysql 查询语句来创建新的数据库和用户。

[root@localhost ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 5.5.68-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database nextcloud_db;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> create user nextclouduser@localhost identified by 'nextclouduser@';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'nextclouduser@';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye
[root@localhost ~]#

步骤 4 - 为 Nextcloud 生成一个自签名 SSL 证书

在教程中,我会让客户端以 https 连接来运行 Nextcloud。你可以使用诸如 let’s encrypt 等免费 SSL 证书,或者是自己创建自签名 (self signed) SSL 证书。这里我使用 OpenSSL 来创建自己的自签名 SSL 证书。

为 SSL 文件创建新目录:

[root@localhost ~]# mkdir -p /etc/nginx/cert

如下,使用 openssl 生成一个新的 SSL 证书。

[root@localhost ~]# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
Generating a 2048 bit RSA private key
..........+++
.....................+++
writing new private key to '/etc/nginx/cert/nextcloud.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

最后使用 chmod 命令将所有证书文件的权限设置为 600。

[root@localhost ~]# chmod 700 /etc/nginx/cert/
[root@localhost ~]# chmod 600 /etc/nginx/cert/*

步骤 5 - 下载和安装 Nextcloud

我直接使用 wget 命令下载 Nextcloud 到服务器上,因此需要先行安装 wget。此外,还需要安装 unzip 来进行解压。使用 yum 命令来安装这两个程序。

[root@localhost ~]# yum -y install wget unzip
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * epel: mirrors.njupt.edu.cn
 * extras: mirrors.aliyun.com
 * updates: centosc9.centos.org
 * webtatic: us-east.repo.webtatic.com
软件包 wget-1.14-18.el7_6.1.x86_64 已安装并且是最新版本
正在解决依赖关系
--> 正在检查事务
---> 软件包 unzip.x86_64.0.6.0-20.el7 将被 升级
---> 软件包 unzip.x86_64.0.6.0-24.el7_9 将被 更新
--> 解决依赖关系完成

依赖关系解决

================================================================================
 Package        架构            版本                     源                大小
================================================================================
正在更新:
 unzip          x86_64          6.0-24.el7_9             updates          172 k

事务概要
================================================================================
升级  1 软件包

总下载量:172 k
Downloading packages:
No Presto metadata available for updates
unzip-6.0-24.el7_9.x86_64.rpm                              | 172 kB   00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在更新    : unzip-6.0-24.el7_9.x86_64                                   1/2
  清理        : unzip-6.0-20.el7.x86_64                                     2/2
  验证中      : unzip-6.0-24.el7_9.x86_64                                   1/2
  验证中      : unzip-6.0-20.el7.x86_64                                     2/2

更新完毕:
  unzip.x86_64 0:6.0-24.el7_9

完毕!

先进入 /tmp 目录,然后使用 wget 从官网下载最新的 Nextcloud 10。

[root@localhost ~]# cd /tmp
[root@localhost tmp]# wget https://download.nextcloud.com/server/releases/nextcloud-23.0.3.zip
--2022-03-29 10:57:02--  https://download.nextcloud.com/server/releases/nextcloud-23.0.3.zip
正在解析主机 download.nextcloud.com (download.nextcloud.com)... 95.217.64.181, 2a01:4f9:2a:3119::181
正在连接 download.nextcloud.com (download.nextcloud.com)|95.217.64.181|:443... 已连接。
错误: 无法验证 download.nextcloud.com 的由 “/C=US/O=Let's Encrypt/CN=R3” 颁发的证书:
  颁发的证书已经过期。
要以不安全的方式连接至 download.nextcloud.com,使用“--no-check-certificate”。
[root@localhost tmp]# wget https://download.nextcloud.com/server/releases/nextcloud-23.0.3.zip --no-check-certificate
--2022-03-29 10:57:40--  https://download.nextcloud.com/server/releases/nextcloud-23.0.3.zip
正在解析主机 download.nextcloud.com (download.nextcloud.com)... 95.217.64.181, 2a01:4f9:2a:3119::181
正在连接 download.nextcloud.com (download.nextcloud.com)|95.217.64.181|:443... 已连接。
警告: 无法验证 download.nextcloud.com 的由 “/C=US/O=Let's Encrypt/CN=R3” 颁发的证书:
  颁发的证书已经过期。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:170033419 (162M) [application/zip]
正在保存至: “nextcloud-23.0.3.zip”

100%[======================================>] 170,033,419 1.20MB/s 用时 6m 37s

2022-03-29 11:04:18 (418 KB/s) - 已保存 “nextcloud-23.0.3.zip” [170033419/170033419])

[root@localhost tmp]#


解压 Nextcloud,并将其移动到 /usr/share/nginx/html/ 目录。

[root@localhost tmp]# unzip nextcloud-23.0.3.zip
[root@localhost tmp]# mv nextcloud/ /usr/share/nginx/html/

下一步,转到 Nginx 的 web 根目录为 Nextcloud 创建一个 data 文件夹。

[root@localhost tmp]# cd /usr/share/nginx/html/
[root@localhost html]# mkdir -p nextcloud/data

变更 nextcloud 目录的拥有者为 nginx 用户和组。


[root@localhost html]# chown nginx:nginx -R nextcloud/

步骤 6 - 在 Nginx 中为 Nextcloud 配置虚拟主机

在步骤 5 我们已经下载好了 Nextcloud 源码,并配置好了让它运行于 Nginx 服务器中,但我们还需要为它配置一个虚拟主机。在 Nginx 的 conf.d 目录下创建一个新的虚拟主机配置文件 nextcloud.conf。

[root@localhost html]# cd /etc/nginx/conf.d/
[root@localhost conf.d]# vim nextcloud.conf

将以下内容粘贴到虚拟主机配置文件中:

upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php5-fpm.sock;
}

server {
    listen 80;
    server_name cloud.nextcloud.co;
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name cloud.nextcloud.co;

    ssl_certificate /etc/nginx/cert/nextcloud.crt;
    ssl_certificate_key /etc/nginx/cert/nextcloud.key;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    add_header Strict-Transport-Security "max-age=15768000;
    includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    # Path to the root of your installation
    root /usr/share/nginx/html/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:/.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])/.php(?:$|/) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+/.php)(/.*)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* /.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        add_header Strict-Transport-Security "max-age=15768000;
        includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
    }

    location ~* /.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

保存文件并退出 vim。

下载测试以下该 Nginx 配置文件是否有错误,没有的话就可以重启服务了

[root@localhost conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@localhost conf.d]# systemctl restart nginx.service
[root@localhost conf.d]#

步骤 7 - 为 Nextcloud 配置 SELinux 和 FirewallD 规则

本教程中,我们将以强制模式运行 SELinux,因此需要一个 SELinux 管理工具来为 Nextcloud 配置 SELinux。

使用以下命令安装 SELinux 管理工具。


[root@localhost conf.d]# yum -y install policycoreutils-python
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * epel: mirror.sjtu.edu.cn
 * extras: mirrors.aliyun.com
 * updates: centosc9.centos.org
 * webtatic: uk.repo.webtatic.com
正在解决依赖关系
--> 正在检查事务
---> 软件包 policycoreutils-python.x86_64.0.2.5-33.el7 将被 升级
---> 软件包 policycoreutils-python.x86_64.0.2.5-34.el7 将被 更新
--> 正在处理依赖关系 policycoreutils = 2.5-34.el7,它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在检查事务
---> 软件包 policycoreutils.x86_64.0.2.5-33.el7 将被 升级
---> 软件包 policycoreutils.x86_64.0.2.5-34.el7 将被 更新
--> 解决依赖关系完成

依赖关系解决

================================================================================
 Package                      架构         版本                源          大小
================================================================================
正在更新:
 policycoreutils-python       x86_64       2.5-34.el7          base       457 k
为依赖而更新:
 policycoreutils              x86_64       2.5-34.el7          base       917 k

事务概要
================================================================================
升级  1 软件包 (+1 依赖软件包)

总下载量:1.3 M
Downloading packages:
No Presto metadata available for base
(1/2): policycoreutils-python-2.5-34.el7.x86_64.rpm        | 457 kB   00:00
(2/2): policycoreutils-2.5-34.el7.x86_64.rpm               | 917 kB   00:00
--------------------------------------------------------------------------------
总计                                               3.9 MB/s | 1.3 MB  00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在更新    : policycoreutils-2.5-34.el7.x86_64                           1/4
  正在更新    : policycoreutils-python-2.5-34.el7.x86_64                    2/4
  清理        : policycoreutils-python-2.5-33.el7.x86_64                    3/4
  清理        : policycoreutils-2.5-33.el7.x86_64                           4/4
  验证中      : policycoreutils-2.5-34.el7.x86_64                           1/4
  验证中      : policycoreutils-python-2.5-34.el7.x86_64                    2/4
  验证中      : policycoreutils-2.5-33.el7.x86_64                           3/4
  验证中      : policycoreutils-python-2.5-33.el7.x86_64                    4/4

更新完毕:
  policycoreutils-python.x86_64 0:2.5-34.el7

作为依赖被升级:
  policycoreutils.x86_64 0:2.5-34.el7

完毕!
[root@localhost conf.d]#

然后以 root 用户来运行以下命令,以便让 Nextcloud 运行于 SELinux 环境之下。如果你是用的其他名称的目录,记得将 nextcloud 替换掉。

[root@localhost conf.d]#semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)?'

[root@localhost conf.d]#semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config(/.*)?'
[root@localhost conf.d]#semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps(/.*)?'
[root@localhost conf.d]#semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/assets(/.*)?'
[root@localhost conf.d]#semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess'
[root@localhost conf.d]#semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini'
[root@localhost conf.d]#restorecon -Rv '/usr/share/nginx/html/nextcloud/'

接下来,我们要启用 firewalld 服务,同时为 Nextcloud 开启 http 和 https 端口。

启动 firewalld 并设置随系统启动。

[root@localhost conf.d]# systemctl start firewalld
[root@localhost conf.d]# systemctl enable firewalld
[root@localhost conf.d]#

现在使用 firewall-cmd 命令来开启 http 和 https 端口,然后重新加载防火墙。

[root@localhost conf.d]# firewall-cmd --permanent --add-service=http
success
[root@localhost conf.d]# firewall-cmd --permanent --add-service=https
success
[root@localhost conf.d]# firewall-cmd --reload
success
[root@localhost conf.d]#

至此,服务器配置完成。

步骤 8 - Nextcloud 安装

打开你的 Web 浏览器,输入你为 Nextcloud 设置的域名,我这里设置为 cloud.nextcloud.co,然后会重定向到安全性更好的 https 连接。

[root@localhost conf.d]# systemctl start firewalld
[root@localhost conf.d]# systemctl enable firewalld
[root@localhost conf.d]#

你可能感兴趣的:(vmware,composer)