随着最近一个云盘厂家不再提供个人服务,或者开始各种收费限速,自己存放在第三方云盘厂商的数据被盗取,数据的安全性和数据的稳定性都得不到保证,而且随着智能终端的普及,我也有一些更加高质量的图片文件需要大量储存,所以我想到了自建存储服务的方式,在甄别了OwnCloud,Seafiles和NextCloud,最后选择了NextCloud作为自己今后数据存储节点,NextCloud源自OwnCloud,但是近些年来OwnCloud的发展进度几乎停滞,多数开发者也转战NextCloud,当然NextCloud也继承了搭建简单,依赖于PHP环境的特性。

运行环境

  • 阿里云ECS CentOS 6.x
  • 免费SSL证书(腾讯云申请)

搭建LNMP环境

软件版本

基础环境安装
  1. [root@ultraera ~]# yum update -y
  2. [root@ultraera ~]# yum groupinstall -y "Base"
  3. [root@ultraera ~]# yum groupinstall -y "Development tools"
  4. # Install epel
  5. [root@ultraera ~]# yum install -y epel-release
  6. # Install remi
  7. [root@ultraera ~]# yum install http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
  8. # Install mysql-community
  9. [root@ultraera ~]# yum install http://repo.mysql.com/yum/mysql-5.6-community/el/6/x86_64/mysql-community-release-el6-7.noarch.rpm

Install LNMP
  1. # Install MySQL
  2. [root@ultraera ~]# yum --enablerepo=mysql-community install -y mysql-server mysql-libs mysql-devel
  3. [root@ultraera ~]# service mysqld start
  4. [root@ultraera ~]# mysql_secure_installation
  5. [root@ultraera ~]# chkconfig mysqld on
  6. # Install Nginx
  7. [root@ultraera ~]# yum --enablerepo=epel install -y nginx
  8. [root@ultraera ~]# service nginx start
  9. [root@ultraera ~]# chkconfig nginx on
  10. # Install PHP and php-fpm
  11. [root@ultraera ~]# yum --enablerepo=remi-php56 install php php-fpm php-mysql php-gd php-xml php-redis php-libs php-devel php-zlib
  12. [root@ultraera ~]# service php-fpm start
  13. [root@ultraera ~]# chkconfig php-fpm on
  14. [root@ultraera ~]# service nginx restart

下载NextCloud
  1. [root@ultraera ~]# wget https://download.nextcloud.com/server/releases/nextcloud-11.0.1.tar.bz2
  2. [root@ultraera ~]# tar xf nextcloud-11.0.1.tar.bz2
  3. [root@ultraera ~]# mv nextcloud-11.0.1 /opt/nextcloud

配置Nginx和php-fpm

因为php-fpm默认运行的用户身份是apache,我们这里使用的环境是nginx,所有要修改php-fpm配置文件的用户和组,注意不要为了省事直接改为root,这在php-fpm中是不允许的

  1. [root@ultraera ~]# vim /etc/php-fpm.d/www.conf
  2. user=nginx
  3. group=nginx
  4. [root@ultraera ~]# service php-fpm restart

因为NextCloud默认是以Apache的身份运行的,所以我们需要单独配置NextCloud的Nginx配置文件,以下配置文件,你可以直接拿去用,注意在文件中说明了,需要修改的地方:

  1. [root@ultraera ~]# vim /etc/nginx/conf.d/nextcloud.conf
  2. upstream php-handler {
  3. # 这里是你php-fpm的服务端口,默认是9000
  4. server 127.0.0.1:9000;
  5. #server unix:/var/run/php5-fpm.sock;
  6. }
  7. server {
  8. # 你的域名
  9. listen pan.ultraera.org:80;
  10. server_name pan.ultraera.org;
  11. # enforce https
  12. return 301 https://$server_name$request_uri;
  13. }
  14. server {
  15. # 你的域名
  16. listen pan.ultraera.org:443 ssl;
  17. server_name pan.ultraera.org;
  18. # 以下是你的ssl证书文件存放路径
  19. ssl_certificate /etc/nginx/ssl/1_pan.ultraera.org_bundle.crt;
  20. ssl_certificate_key /etc/nginx/ssl/2_pan.ultraera.org.key;
  21. # Add headers to serve security related headers
  22. # Before enabling Strict-Transport-Security headers please read into this
  23. # topic first.
  24. # add_header Strict-Transport-Security "max-age=15768000;
  25. # includeSubDomains; preload;";
  26. add_header X-Content-Type-Options nosniff;
  27. add_header X-Frame-Options "SAMEORIGIN";
  28. add_header X-XSS-Protection "1; mode=block";
  29. add_header X-Robots-Tag none;
  30. add_header X-Download-Options noopen;
  31. add_header X-Permitted-Cross-Domain-Policies none;
  32. add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; ";
  33. # 设定你的NextCloud的根目录,请根据实际修改
  34. root /opt/nextcloud/;
  35. location = /robots.txt {
  36. allow all;
  37. log_not_found off;
  38. access_log off;
  39. }
  40. # The following 2 rules are only needed for the user_webfinger app.
  41. # Uncomment it if you're planning to use this app.
  42. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  43. #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
  44. # last;
  45. location = /.well-known/carddav {
  46. return 301 $scheme://$host/remote.php/dav;
  47. }
  48. location = /.well-known/caldav {
  49. return 301 $scheme://$host/remote.php/dav;
  50. }
  51. # set max upload size
  52. client_max_body_size 512M;
  53. fastcgi_buffers 64 4K;
  54. # Disable gzip to avoid the removal of the ETag header
  55. gzip off;
  56. # Uncomment if your server is build with the ngx_pagespeed module
  57. # This module is currently not supported.
  58. #pagespeed off;
  59. error_page 403 /core/templates/403.php;
  60. error_page 404 /core/templates/404.php;
  61. location / {
  62. rewrite ^ /index.php$uri;
  63. }
  64. location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
  65. deny all;
  66. }
  67. location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
  68. deny all;
  69. }
  70. location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
  71. include fastcgi_params;
  72. fastcgi_split_path_info ^(.+\.php)(/.*)$;
  73. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  74. fastcgi_param PATH_INFO $fastcgi_path_info;
  75. fastcgi_param HTTPS on;
  76. #Avoid sending the security headers twice
  77. fastcgi_param modHeadersAvailable true;
  78. fastcgi_param front_controller_active true;
  79. fastcgi_pass php-handler;
  80. fastcgi_intercept_errors on;
  81. fastcgi_request_buffering off;
  82. }
  83. location ~ ^/(?:updater|ocs-provider)(?:$|/) {
  84. try_files $uri/ =404;
  85. index index.php;
  86. }
  87. # Adding the cache control header for js and css files
  88. # Make sure it is BELOW the PHP block
  89. location ~* \.(?:css|js|woff|svg|gif)$ {
  90. try_files $uri /index.php$uri$is_args$args;
  91. add_header Cache-Control "public, max-age=7200";
  92. # Add headers to serve security related headers (It is intended to
  93. # have those duplicated to the ones above)
  94. # Before enabling Strict-Transport-Security headers please read into
  95. # this topic first.
  96. # add_header Strict-Transport-Security "max-age=15768000;
  97. # includeSubDomains; preload;";
  98. add_header X-Content-Type-Options nosniff;
  99. add_header X-Frame-Options "SAMEORIGIN";
  100. add_header X-XSS-Protection "1; mode=block";
  101. add_header X-Robots-Tag none;
  102. add_header X-Download-Options noopen;
  103. add_header X-Permitted-Cross-Domain-Policies none;
  104. # Optional: Don't log access to assets
  105. access_log off;
  106. }
  107. location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
  108. try_files $uri /index.php$uri$is_args$args;
  109. # Optional: Don't log access to other assets
  110. access_log off;
  111. }
  112. }
  113. [root@ultraera ~]# service nginx restart

文件权限调整

因为NextCloud运行是以nginx程序,注意修改目录所属用户和组为nginx

  1. [root@ultraera ~]# chown -R nginx:nginx /opt/nextcloud

创建MySQL数据库
  1. mysql> CREATE DATABASE nextcloud CHARACTER SET UTF-8;
  2. mysql> GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'your_password';
  3. mysql> FLUSH PRIVILEGES;

初始化NextCloud

在浏览器打开你在nginx中配置的域名,NextCloud初始化非常简单,设定一个管理员账户和密码,然后设定数据库即可,按照我们上一步针对MySQL的设定,你会非常清楚地知道你的数据库信息:
登录之后的界面是这样:
你可以在登录之后,在你的右上角点击头像选择Admin进入管理界面查看和修改你的服务器设置,你还可以在浏览器上方看到你的服务器现有哪些问题,会有对应文档提醒你如何解决这些问题。

Other

修改默认data目录

在我们首次打开NextCloud网页时,需要我们设定datadir目录,这里有个默认目录在nextcloud项目包,这其实是不安全的,我们最后将目录路径修改为其他位置:

  1. [root@ultraera ~]# mkdir /nextcloud_files/
  2. [root@ultraera ~]# chown -R nginx:nginx /nextcloud_files/
  3. # 修改datadirectory的路径
  4. [root@ultraera ~]# vim /opt/nextcloud/config/config.php
  5. datadirectory' => '/nextcloud/data

无法登陆到个人用户界面

我在安装时碰到这个问题,折腾了很久才解决,因为我们是使用nginx程序,但是php-fpm默认用户身份为apache,所以/var/lib/php/session目录的所属用户和组都是apache,导致我们没有权限去写入session,所以无法登入系统,报错信息可以在NextCloud的log文件下看到:

  1. [root@ultraera ~]# tail -n 1 /usr/nextcloud/data/nextcloud.log
  2. {"reqId":"NNnIwMCCPDMQtzZW5Ndc","remoteAddr":"180.166.66.226","app":"PHP","message":"session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (\/var\/lib\/php\/session) at \/usr\/nextcloud\/lib\/private\/Session\/Internal.php#104","level":3,"time":"2017-02-24T10:46:13+00:00","method":"POST","url":"\/index.php","user":"samzong","version":"11.0.0.10"}
  3. # 修改/var/lib/php/的属组为nginx即可
  4. [root@ultraera ~]# chgrp -R nginx /var/lib/php

增加redis组件,提高性能

关于如何安装redis我在之前的文章中也有讲到,大家可以去看下 安装教程

  1. [root@ultraera ~]# yum --enablerepo=remi install -y redis
  2. # 增加php的redis插件
  3. [root@ultraera ~]# yum --enablerepo=remi-php56 install php-redis
  4. # 配置文件增加redis
  5. 'memcache.local' => '\\OC\\Memcache\\Redis',
  6. 'memcache.locking' => '\\OC\\Memcache\\Redis',
  7. 'redis' =>
  8. array (
  9. 'host' => 'localhost',
  10. 'port' => 6379,
  11. )
  12. # 重启令服务生效
  13. [root@ultraera ~]# service php-fpm restart
  14. [root@ultraera ~]# service nginx restart

我的NextCloud配置如下:

  1. <?php
  2. $CONFIG = array (
  3. 'memcache.local' => '\\OC\\Memcache\\Redis',
  4. 'memcache.locking' => '\\OC\\Memcache\\Redis',
  5. 'redis' =>
  6. array (
  7. 'host' => 'localhost',
  8. 'port' => 6379,
  9. ),
  10. 'enable_previews' => false,
  11. 'instanceid' => 'ockhup01dxbf',
  12. 'passwordsalt' => 'TlJgWGrE0N7vOrRfZkOojwdYh/BixL',
  13. 'secret' => '/IQh0LioZp5eYFQJhicY7n324Q80WQUYOzWL+8OcxcXVw3Ef',
  14. 'trusted_domains' =>
  15. array (
  16. 0 => 'pan.ultraera.org',
  17. ),
  18. 'datadirectory' => '/nextcloud',
  19. 'overwrite.cli.url' => 'https://pan.ultraera.org',
  20. 'dbtype' => 'mysql',
  21. 'version' => '11.0.0.10',
  22. 'dbname' => 'nextcloud',
  23. 'dbhost' => 'localhost',
  24. 'dbport' => '',
  25. 'dbtableprefix' => 'oc_',
  26. 'dbuser' => 'nextcloud',
  27. 'dbpassword' => 'nextcloud',
  28. 'logtimezone' => 'CST',
  29. 'installed' => true,
  30. 'mail_from_address' => 'luchuanjia',
  31. 'mail_smtpmode' => 'php',
  32. 'mail_domain' => 'msn.com',
  33. );

SSL证书

现国内提供免费的SSL证书的服务商很多,作为个人站点,免费SSL证书是个挺不错的选择,我在之前nginx配置时将ssl的配置方式写在了配置文件中了,注意如果不启用ssl时,不要启用https的虚拟主机,当然你可以自己生成一个ssl证书来提供服务,但这样在别人访问你的网站时,会不提示不受信任的证书,具体如何获取的证书的方式,因各个厂家方式有些区别,这里就不赘述,可以联系对应的厂商的技术人员咨询。

使用现状

在将服务搭建完成之后,对于存储的文件加密,现在通过jobs,每日凌晨将文件推送到oss内,保存2天的数据,避免因为服务器宕机导致文件丢失;使用端,自己的电脑和手机,还有家人的手机,都安装了应用,后台自动将拍照图片等自动上传到云盘,使用起来目前很稳定,只是iOS应用是收费的,因为NextCloud源于OwnCloud,如果你之前购买了OwnCloud的App也可以直接使用,当然NextCloud也有很多其他功能,可以根据你的实际需求发掘。