admin管理员组文章数量:1549363
建议使用centos8部署(因为centos7的php7.4有问题)如果担心centos后期问题
可以使用rocky os 8.4
#修改镜像源(仓库—中科大的)
#centos8+ 源
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://mirror.centos/$contentdir|baseurl=https://mirrors.ustc.edu/centos|g' \
-i.bak \
/etc/yum.repos.d/CentOS-Linux-AppStream.repo \
/etc/yum.repos.d/CentOS-Linux-BaseOS.repo \
/etc/yum.repos.d/CentOS-Linux-Extras.repo \
/etc/yum.repos.d/CentOS-Linux-PowerTools.repo \
/etc/yum.repos.d/CentOS-Linux-Plus.repo
#rocky os8.3+源 (交通大学源不要搞错咯,当前国内rocky的源比较少)
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://dl.rockylinux/$contentdir|baseurl=https://mirrors.sjtug.sjtu.edu/rocky|g' \
-i.bak \
/etc/yum.repos.d/Rocky-*.repo
dnf makecache
#更新当前已有的组件(不要使用update会导致系统更新到最新版本,造成软件不兼容)
dnf upgrade -y
#安装必要组件
dnf install -y epel-release yum-utils unzip curl wget \
bash-completion policycoreutils-python-utils mlocate bzip2
#安装php源 重置php 指定安装7.4版本
dnf install -y https://rpms.remirepo/enterprise/remi-release-8.rpm
dnf install -y yum-utils
dnf module reset php
dnf module install php:remi-7.4 -y
#安装数据库/php/nginx并启动
dnf install -y php php-gd php-mbstring php-intl php-pecl-apcu\
php-mysqlnd php-opcache php-json php-zip nginx mariadb mariadb-server
#设置开机启动,并启动
systemctl enable mariadb nginx php-fpm
systemctl start mariadb nginx php-fpm
#配置php-fpm
vi /etc/php-fpm.d/www.conf
.....
user = nginx //将用户和组都改为nginx
group = nginx
.....
#listen = 127.0.0.1:9000 //php-fpm所监听的端口为9000 (centos8.0以上不需要配置默认80直接代理出去)
......
env[HOSTNAME] = $HOSTNAME //去掉下面几行注释
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
systemctl restart php-fpm
#在/var/lib目录下为session路径创建一个新的文件夹,并将用户名和组设为nginx
mkdir -p /var/lib/php/session
chown nginx:nginx -R /var/lib/php/session/
#数据库定义设置root密码ldkj@123 创建数据库名称 ,新建并授权新用户到新数据库
mysql -uroot -p
set password =password('nextcloud');
create database nextcloud_db;
create user nextcloud@localhost identified by 'nextcloud';
grant all privileges on nextcloud_db.* to nextcloud@localhost identified by 'nextcloud';
flush privileges;
#下载nas安装包(官方一般就是直接最新版本的包,如果你的系统不支持,建议使用老的安装包)下载好了就解压
https://nextcloud/install/
wget https://download.nextcloud/server/releases/nextcloud-21.0.3.zip && unzip nextcloud-*.zip
#由于我使用的不是apache而是nginx,所以权限设置上有点不一样
cp -a ~/nextcloud /usr/share/nginx/html/
cd /usr/share/nginx/html/
mkdir -p nextcloud/data/
chown -R nginx:nginx nextcloud/
#分两种(一种是简单代理,没有安全性,另一种是有证书)
1.
vi /etc/nginx/nging.conf
#将/usr/share/nginx/html/改成
/usr/share/nginx/html/nextcloud/
nginx -t
systemctl restart nginx
2.
mkdir -p /etc/nginx/cert/
cd /etc/nginx/cert/
openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
#.....
#Country Name (2 letter code) [XX]:cn //国家
#State or Province Name (full name) []:zhejiang //省份
#Locality Name (eg, city) [Default City]:wenzhou //地区名字
#Organization Name (eg, company) [Default Company Ltd]:lidig //公司名
#Organizational Unit Name (eg, section) []:Technology //部门
#Common Name (eg, your name or your server's hostname) []:nas //CA主机名
#Email Address []:panyifang@lidig //邮箱
#将证书的权限设置成系统权限可读写
chmod 700 /etc/nginx/cert
chmod 600 /etc/nginx/cert/*
#记录以下这两个证书的内容,等下后面要建立onlyoffice的证书时需要使用(如果不需要在线编辑功能则不需要)
cat /etc/nginx/cert/nextcloud.key
cat /etc/nginx/cert/nextcloud.crt
vi /etc/nginx/conf.d/nextcloud.conf
#.........(其中server_name可以改成你现在有的域名,如果没有,那么将直改成本地IP地址)
upstream php-handler {
server unix:/run/php-fpm/www.sock;
#server 127.0.0.1:9000;
#server unix:/var/run/php-fpm.sock;
}
server {
listen 80;
server_name 192.168.254.51;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name 192.168.254.51; #域名等于防盗链,所以这里务必写好,避免无法打开
ssl_certificate /etc/nginx/cert/nextcloud.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /usr/share/nginx/html/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
#(防盗链)由于跳转地址,需要修改默认配置 trusted_domains 允许访问的本地地址
vi /usr/share/nginx/html/nextcloud/config/config.php
#...............
array (
0 => '192.168.254.51',
1 => '127.0.0.1', #根据你自己的实际情况增加地址,包含外网映射地址.
2 => 'xxx.xxx',
#overwrite.cli.url 表示你现在使用的域名,视情况修改
#修改完成后重启nginx\php 即可
#在线文档编辑ONLYOFFICE安装
第一件事情肯定是安装docker拉,这个在centos8上有点不一样,好在执行代码都一毛一样
dnf install -y podman //你也可以执行dnf install -y docker 其实下载下来都是一样的
//登录nextcloud后右上角点击头像-左边精品应用下面office&text找到ONLYOFFICE点击下载启用
//由于docker默认使用的是国外源,我们将其改成中科大的万兆源(以前都是用阿里的.但是自从它维护已经接近一年了)
vi /etc/containers/registries.conf
---------------------------------------------------------------------------------
[registries.search]
registries = ['docker.mirrors.ustc.edu', 'registry.redhat.io', 'docker.io']
---------------------------------------------------------------------------------
#官方给的下载容器并运行命令(由于系统本身没有容器则从服务器端主动下载)
#docker run -i -t -d -p 8080:80 --restart=always onlyoffice/documentserver
#下载镜像(提前下载好,避免多次下载镜像)
docker pull onlyoffice/documentserver
#由于我们需要https所以使用(如果不需要http下面可以直接去掉-p 8080:80)
docker run --name -i -t -d -p 8080:80 -p 8443:443 onlyoffice/documentserver
#登录docker内进行设置
docker exec -it onlyoffice /bin/bash
root@8c28f537acec:/# //你会发现你的root右边多了一串dockerID说明你进入docker了
#下面这一步可以略过,因为上面我们已经创建过证书,直接复制上面的证书赋予权限即可(这样打开office文件时不需要重复验证,也可以避免打开失败)
-----------------------------------------------------------------------------------------------
#创建本机证书
#openssl genrsa -out onlyoffice.key 2048
#创建CSR
#openssl req -new -key onlyoffice.key -out onlyoffice.csr
#用私枂和CSR签发证书
#openssl x509 -req -days 365 -in onlyoffice.csr -signkey onlyoffice.key -out onlyoffice.crt
#用dhparam加密服务器密钥
#openssl dhparam -out dhparam.pem 2048
-----------------------------------------------------------------------------------------------
//由于docker内没有vi命令,所以我们使用nano编辑(不会的同学自己百度下教程)最后按ctrl+x退出选y回车保存
//将之前保存的key值复制到以下两个文件中,别搞错了名称是不一样的
nano /etc/nginx/cert/onlyoffice.key
nano /etc/nginx/cert/onlyoffice.crt
#降权
chmod 400 /etc/nginx/cert/onlyoffice.key
#修改https
cd /etc/onlyoffice/documentserver/nginx/
cp -a ds-ssl.conf.tmpl ds-ssl.conf.tmpl.bak
nano ds-ssl.conf.tmpl #将ssl on;注释并补充证书路径(这里说明下,由于这个docker不支持ssl on;)
.................................................
ssl on;
ssl_certificate {{SSL_CERTIFICATE_PATH}};
ssl_certificate_key {{SSL_KEY_PATH}};
.................................................
#ssl on;
ssl_certificate /etc/nginx/cert/onlyoffice.crt;
ssl_certificate_key /etc/nginx/cert/onlyoffice.key;
.................................................
cd /etc/nginx/conf.d/
#删除旧的配置软连接
rm -rf ds.conf
#创建新的软连接
ln -s /etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl ./ds.conf
#由于默认需要验证,会导致nextcloud无法加载
nano /etc/onlyoffice/documentserver/default.json
#找到rejectUnauthorized将后面的true改成false
............................................
"requestDefaults": {
"headers": {
"User-Agent": "Node.js/6.13",
"Connection": "Keep-Alive"
},
"gzip": true,
"rejectUnauthorized": false
............................................
#以上是docker要操作的内容.
#完成配置后退出docker并重启docker(不要问为什么这样操作,因为实测restart会导致nginx起不来,不知道为啥)
docker stop onlyoffice &&docker start onlyoffice
#设置防火墙,并关闭selinux
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-port=8443/tcp
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --rel
vi /etc/selinux/config
#将 SELINUX=enforcing 改成SELINUX=disabled
setenforce 0
以上是我根据各种官方文档实验整合出来的,系统基于centos8.3 本来是在博客园发布的,但是那个页面输入代码时直接操作懵逼,故来此发布,转载请注明出处,谢谢.
本文标签: ONLYOFFICENextcloud
版权声明:本文标题:基于centos8部署nextcloud+onlyoffice----2021-07-16 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/dongtai/1727230964a1103605.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论