在LNMP 1.3中安装ownCloud 9.1

2016-8-2

其实我的目的很简单,只要有个地方放需要打印的文档就好了。要知道,U盘可是传播各种病毒的最好途径。

ownCloud需要网页环境(apache或nginx),php与数据库(可选,自带SQLite)。首先解决网页环境,这个LNMP一件包很好搞定。

https://lnmp.org/

安装成功之后开始配置ownCloud。因为LNMP对于php的安全设置比较高,我也不想降低,所以不满足ownCloud的php安装程序需要的权限,所以放弃,改用zip包。

习惯性用vhost,土豪的话当然随意,直接拿根目录来做了。

lnmp vhost add

只需要配置域名和域名对应rootdir,FTP、数据库、rewrite规则都不需要做。

然后编辑vhost的nginx configuration。

vi /usr/local/nginx/conf/vhost/#YOUR_DOMAIN#.conf

删除全部内容,使用以下内容覆盖


upstream php-handler {
#the default for php5 should be /var/run/php5-fpm.sock, this is the value for LNMP1.3
server unix:/tmp/php-cgi.sock;
}

server {
listen 443 ssl;
#listen [::]:443 ssl;
server_name #YOUR_DOMAIN#;
index index.html index.htm index.php default.html default.htm default.php;
root #YOUR_ROOT_DIR_FOR_THIS_DOMAIN#;

ssl on;
ssl_certificate #YOUR_DIR_FOR_SSL_CERT#;
ssl_certificate_key #YOUR_DIR_FOR_SSL_KEY#;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;
ssl_session_cache builtin:1000 shared:SSL:10m;

#Add headers to serve security related headers
#Before enabling Strict-Transport-Security headers please read into this topic first.
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

#include enable-php.conf;

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}

location /.well-known/acme-challenge { }

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
# pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location / {
rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
return 404;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
return 404;
}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into this topic first.
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}

location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}

}

server {
listen 80;
server_name #YOUR_DOMAIN#;
return 301 https://$server_name$request_uri; } 

其中需要替换为自己的域名与自己的SSL证书信息(推荐Let‘s Encrypt,现在简单了可以直接用certbot,注意需要先关闭nginx)。

ownCloud推荐使用https传输信息,也会将https作为安全检测的一项,如果实在不想启用https可以将server 443下的内容转移到80下并删除有关于ssl配置的字段。

然后需要修改php的配置

vi /usr/local/php/etc/php.ini
upload_max_filesize =
post_max_size =
output_buffering =

将上述三项的内容修改为你的期望值即可,个人推荐10G与10240

然后安装ownCloud。打开SSH会话,将目录定位于网页根目录。然后执行如下命令

wget https://download.owncloud.org/community/owncloud-9.1.0.zip

unzip *.zip

cd owncloud  &&  mv * ../

接下来只要打开浏览器,进行最后的配置就好了。

在阿里云的小机器上,还是不推荐用MariaDB了,感觉并没有直接用SQLite快……

玩耍愉快。

发表评论

%d 博主赞过: