#!/bin/bash
#Example installation nextcloud on Ubuntu 22.04 LTS
#https://docs.nextcloud.com/server/latest/admin_manual/installation/example_ubuntu.html
#You can use .deb packages to install the required and recommended modules for a typical Nextcloud installation, #using Apache and MariaDB, by issuing the following commands in a terminal:
:<<!
说明服务器情况的
192.168.1.1 nextcloud
两台主机设置了ac放行,都可以正常访问互联网。
/dev/sdb1 894G 6.3G 888G 1% /data1
/dev/sdc1 101T 715G 100T 1% /data
root密码
linux-greenhand
!
#网络服务查看工具
sudo apt-get install net-tools zip ntpdate
sudo apt-get install libmagickcore-6.q16-6-extra
sudo apt-get install ffmpeg
sudo netstat -tunlp
sudo timedatectl set-timezone Asia/Shanghai
#sudo ntpdate 192.168.16.5
sudo apt update && sudo apt upgrade
#增加php的安装源
sudo add-apt-repository ppa:ondrej/php
#移除php原有版本
sudo apt-get remove --autoremove php7.4*
sudo dpkg -l | grep php
#This installs the packages for the Nextcloud core system.
sudo apt install apache2 libapache2-mod-php php-gd php-mysql \
php-curl php-mbstring php-intl php-gmp php-bcmath php-xml php-imagick php-zip
#增加一些php的扩展支持
sudo apt install php-json php-redis php-imagick php-ldap php-imap
sudo php -m
#启用apache2
sudo apt-get install apache2 openssl
sudo a2enmod rewrite
sudo a2enmod headers
sudo a2enmod env
sudo a2enmod dir
sudo a2enmod mime
sudo a2enmod ssl
sudo a2enmod setenvif
sudo a2ensite default-ssl
sudo systemctl restart apache2
#the MariaDB Package Repository setup script again.
#The script can also configure your system to install from the repository of a different version of MariaDB if you use the option.--mariadb-server-version
#sudo curl -LsS https://dlm.mariadb.com/3/MariaDB/mariadb_repo_setup | sudo bash -s -- --mariadb-server-version="mariadb-10.10.5"
#sudo wget https://r.mariadb.com/downloads/mariadb_repo_setup
sudo wget https://dlm.mariadb.com/3/MariaDB/mariadb_repo_setup
sudo chmod +x mariadb_repo_setup
sudo ./mariadb_repo_setup --mariadb-server-version="mariadb-10.10.5"
#在内网经常会提示Could not resolve host: supplychain.mariadb.com
sudo apt-get install mariadb-server mariadb-client mariadb-backup
sudo dpkg -l | grep mariadb
#To start the MySQL command line mode use the following command:
#安全设置向导
mysql_secure_installation
#ROOT 密码在安全设置向导中已设置
sudo mysql -u root -p
SELECT VERSION();
CREATE USER 'linux-greenhand_oc'@'localhost' IDENTIFIED BY 'linux-greenhand#2023';
CREATE USER 'linux-greenhand_oc'@'%' IDENTIFIED BY 'linux-greenhand#2023';
CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL PRIVILEGES ON nextcloud.* TO 'linux-greenhand_oc'@'localhost';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'linux-greenhand_oc'@'%';
FLUSH PRIVILEGES;
quit;
#迁移mariadbdata 到/data1目录中
sudo systemctl stop mariadb.service
sudo mkdir -p /data1/mariadbdata
sudo mv /var/lib/mysql/* /data1/mariadbdata/
sudo chown -R mysql:mysql /data1/mariadbdata
sudo sed -i '/datadir/i datadir = /data1/mariadbdata' /etc/mysql/mariadb.conf.d/50-server.cnf
#sudo sed -i '/datadir/s/#//' /etc/mysql/mariadb.conf.d/50-server.cnf
#数据库远程单独配置
#/etc/mysql/mariadb.conf.d
#vi 50-server.cnf
#bind-address = 127.0.0.1
#bind-address = 0.0.0.0
sudo sed -i '/bind-address/s/127.0.0.1/0.0.0.0/' /etc/mysql/mariadb.conf.d/50-server.cnf
sudo systemctl restart mariadb.service
#Now download the archive of the latest Nextcloud version:
#Go to the Nextcloud Download Page.
sudo wget -P /opt/ https://download.nextcloud.com/server/releases/nextcloud-27.0.1.zip
sudo unzip /opt/nextcloud-27.0.1.zip -d /data1/
sudo chown -R www-data:www-data /data1/nextcloud
#办公应用包安装,注意下载速度会比较慢
sudo wget -P /opt/ https://github.com/CollaboraOnline/richdocumentscode/releases/download/23.5.104/richdocumentscode.tar.gz
sudo wget -P /opt/ "https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v8.1.0/onlyoffice.tar.gz"
tar -xf /opt/onlyoffice.tar.gz -C /data1/nextcloud/apps/
tar -xf /opt/richdocumentscode.tar.gz -C /data1/nextcloud/apps/
sudo chown -R www-data:www-data /data1/nextcloud
#Finally, change the ownership of your Nextcloud directories to your HTTP user:
#创建数据目录
#sudo unzip /opt/nextcloud-27.0.1.zip -d /var/www/html
#sudo mkdir -p /var/www/html/nextcloud/data
#sudo chown -R www-data:www-data /var/www/html/nextcloud
sudo mkdir -p /data/nextcloud/data
sudo chown -R www-data:www-data /data/nextcloud
#生成网站主配置文件
sudo sed -i '/<\/VirtualHost>$/s/^/#/' /etc/apache2/sites-available/000-default.conf
sudo sed -i '/DocumentRoot\ \/var\/www\/html$/s/^/#/' /etc/apache2/sites-available/000-default.conf
cat >> /etc/apache2/sites-available/000-default.conf <<"EOF"
DocumentRoot /data1/nextcloud
ServerName pan.linux.greenhand.cn
<Directory /data1/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
</VirtualHost>
EOF
sudo cat /etc/apache2/sites-available/000-default.conf|grep -v '#'
sudo a2ensite 000-default.conf
sudo systemctl reload apache2
#https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html
#最大上传文件配置修改
#Maximum upload size
#
#If you want to increase the maximum upload size, you will also have to modify your configuration and increase the and values. You will need to restart and your HTTP server in order for these changes to be applied.php-fpmupload_max_filesizepost_max_sizephp-fpm
#
#.htaccess notes for Apache
#
#Nextcloud comes with its own file. Because can’t read PHP settings in these settings and permissions must be set in the file.nextcloud/.htaccessphp-fpm.htaccessnextcloud/.user.ini
#https网站配置
#强化和安全指导
#https://docs.nextcloud.com/server/latest/admin_manual/installation/harden_server.html
#配置防火墙-策略-地址转换
#申请免费的证书
sudo sed -i '/DocumentRoot/a ServerName\ pan.linux.greenhand.cn' /etc/apache2/sites-available/default-ssl.conf
sudo sed -i '/DocumentRoot\ \/var\/www\/html$/s/\/var\/www\/html/\/data1\/nextcloud/' /etc/apache2/sites-available/default-ssl.conf
cat >> /opt/nextcloud-ssl.conf <<"EOF"
SSLCertificateFile cert/pan.linux.greenhand.cn_public.crt
SSLProxyMachineCertificateFile /var/local/nginx/pan.linux.greenhand.cn.pem
SSLCertificateKeyFile cert/pan.linux.greenhand.cn.key
SSLCertificateChainFile cert/pan.linux.greenhand.cn_chain.crt
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<Directory /data1/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
EOF
sudo sed -i "/SSLEngine\ on/r /opt/nextcloud-ssl.conf" /etc/apache2/sites-available/default-ssl.conf
sudo a2enmod rewrite
sudo systemctl restart apache2
#onlyoffice的部署
#https://helpcenter.onlyoffice.com/installation/docs-community-install-docker.aspx
sudo apt install docker docker.io
sudo systemctl start docker
sudo docker info
sudo docker pull onlyoffice/documentserver
sudo mkdir -p /data1/onlyoffice/DocumentServer/logs
sudo mkdir -p /data1/onlyoffice/DocumentServer/data/certs
sudo mkdir -p /data1/onlyoffice/DocumentServer/lib
sudo mkdir -p /data1/onlyoffice/DocumentServer/postgresql
sudo cp /opt/ssl/apache/pan.linux.greenhand.cn_chain.crt /data1/onlyoffice/DocumentServer/data/certs/
sudo cp /opt/ssl/apache/pan.linux.greenhand.cn_public.crt /data1/onlyoffice/DocumentServer/data/certs/
sudo cp /opt/ssl/nginx/pan.linux.greenhand.cn.key /data1/onlyoffice/DocumentServer/data/certs/
sudo cp /opt/ssl/nginx/ssl/pan.linux.greenhand.cn.pem /data1/onlyoffice/DocumentServer/data/certs/
sudo docker run -i -t -d -p 8081:80 -p 8443:443 --name onlyoffice --restart=always \
-v /data1/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
-v /data1/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
-v /data1/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
-v /data1/onlyoffice/DocumentServer/postgresql:/var/lib/postgresql \
-e LETS_ENCRYPT_DOMAIN=pan.linux.greenhand.cn -e JWT_SECRET=my_jwt_secret onlyoffice/documentserver
sudo docker exec -it onlyoffice /bin/bash
#配置onlyoffice https支持
sudo cat >> /etc/onlyoffice/documentserver/nginx/ds.conf <<"EOF"
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl default_server;
listen 0.0.0.0:8443 ssl;
listen [::]:8443 ssl default_server;
server_tokens off;
set $secure_link_secret I8xGO3DYL3PZYpTdQxi4;
root /usr/share/nginx/html;
ssl_certificate /var/www/onlyoffice/Data/certs/pan.linux.greenhand.cn.pem;
ssl_certificate_key /var/www/onlyoffice/Data/certs/pan.linux.greenhand.cn.key;
ssl_verify_client off;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Content-Type-Options nosniff;
include /etc/nginx/includes/ds-*.conf;
}
EOF
#set $secure_link_secret 这个要和原有80中的参数一直,
#ssl_certificate ssl_certificate_key 注意证书文件的名称和路径
#
apt-get update
apt-get install vim lsof zip
lsof -i:443
ps -ef|grep nginx
/usr/sbin/nginx -h
/usr/sbin/nginx -s reload
/usr/bin/documentserver-update-securelink.sh
exit
#import证书文件到nextcloud中
sudo -u www-data php8.2 ./occ security:certificates:import /data1/onlyoffice/DocumentServer/data/certs/pan.linux.greenhand.cn.pem
##配置onlyoffice 常用字体支持
#需要先打包字体文件到opt下
sudo docker cp /opt/ziti.zip onlyoffice:/tmp/
sudo docker exec -it onlyoffice /bin/bash
unzip ziti.zip
cp ziti/* /usr/share/fonts/
ls /usr/share/fonts
/usr/bin/documentserver-generate-allfonts.sh
exit
##配置内存缓存
#https://docs.nextcloud.com/server/19/admin_manual/configuration_server/caching_configuration.html
#APCu 在本地缓存方面比 Redis 更快。如果有足够的内存,请使用 APCu 进行内存缓存 和用于文件锁定的 Redis 。如果内存不足,请同时对两者使用 Redis。
sudo apt-get install php-apcu
sudo php -ini|grep apc
sudo sed -i '/apcu.so/a apc.enable_cli=1' /etc/php/8.2/cli/conf.d/20-apcu.ini
sudo php -ini|grep apc
sudo apt-cache policy php-redis
sudo apt-get install php-redis redis redis-server
#添加config.php配置文件
vim /var/www/nextcloud/config/config.php
'theme' => '',
'loglevel' => 2,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
'dbindex' => 0,
'password' => 'linux-greenhand#pan22',
),
# 'redis' =>
# array (
# 'host' => 'localhost',
# 'port' => 6379,
# 'password' => 'linux-greenhand#pan22',
# 'dbindex' => 0,
# ),
#修改redis.conf配置文件
#将 unixsocket 和 unixsocketperm 前的 # 去掉,并将 unixsocketperm 的值由 700 改为 777,否则将不能清理缓存
vim /etc/redis/redis.conf
unixsocket /var/run/redis/redis-server.sock
unixsocketperm 777
requirepass linux-greenhand#pan22
#修改php.ini配置文件
vim /etc/php/8.2/cli/conf.d/20-redis.ini
redis.session.locking_enabled=1
redis.session.lock_retries=-1
redis.session.lock_wait_time=10000
##Be sure to set the right permissions on redis.sock so that your webserver can read and write to it. For this you typically have to add the webserver user to the redis group:
usermod -a -G redis www-data
systemctl restart redis-server
systemctl restart apache2
#计划任务配置corn
#https://docs.nextcloud.com/server/19/admin_manual/configuration_server/background_jobs_configuration.html
# crontab -u www-data -e
#And append this line:
#*/5 * * * * php -f /var/www/nextcloud/cron.php
#You can verify if the cron job has been added and scheduled by executing:
# crontab -u www-data -l
#Which returns:
#[snip]
#*/5 * * * * php -f /var/www/nextcloud/cron.php
#If systemd is installed on the system, a systemd timer could be an alternative to a cronjob.
sudo cat >> /etc/systemd/system/nextcloudcron.service <<"EOF"
[Unit]
Description=Nextcloud cron.php job
[Service]
User=www-data
ExecStart=/usr/bin/php -f /data1/nextcloud/cron.php
KillMode=process
EOF
sudo cat >> /etc/systemd/system/nextcloudcron.timer <<"EOF"
[Unit]
Description=Run Nextcloud cron.php every 5 minutes
[Timer]
OnBootSec=5min
OnUnitActiveSec=5min
Unit=nextcloudcron.service
[Install]
WantedBy=timers.target
EOF
chmod 777 /etc/systemd/system/nextcloudcron.timer
chmod 777 /etc/systemd/system/nextcloudcron.service
#Now all that is left is to start and enable the timer by running this command:
systemctl enable --now nextcloudcron.timer
#Created symlink /etc/systemd/system/timers.target.wants/nextcloudcron.timer → /etc/systemd/system/nextcloudcron.timer.
#安全优化
sudo cat >> /etc/php/8.2/cli/conf.d/10-opcache.ini <<"EOF"
opcache.interned_strings_buffer=64
opcache.memory_consumption=512
EOF
vim /var/www/nextcloud/config/config.php
'auth.bruteforce.protection.enabled' => false,#//取消 "我们检测到您的IP进行了多次无效登录尝试。因此,您的下一次登录最长会延迟30秒。"
'defaultapp' => 'spreed',#//设置默认登录页 'defaultapp' => 'files',
'default_phone_region' => 'CN',
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\HEIC',
4 => 'OC\\Preview\\BMP',
5 => 'OC\\Preview\\XBitmap',
6 => 'OC\\Preview\\MP3',
7 => 'OC\\Preview\\TXT',
8 => 'OC\\Preview\\MarkDown',
9 => 'OC\\Preview\\Movie',
10 => 'OC\\Preview\\MKV',
11 => 'OC\\Preview\\MP4',
12 => 'OC\\Preview\\AVI',
13 => 'OC\\Preview\\Photoshop',
14 => 'OC\\Preview\\TIFF',
15 => 'OC\\Preview\\SVG',
),
systemctl restart apache2
#中文头像更新
unzip ziti.zip
#share中的网站主目录和pan中的有所不同
#cp ziti/* /var/www/nextcloud/core/fonts/
#chown www-data:www-data /var/www/nextcloud/core/fonts/*
#cat /var/www/nextcloud/lib/private/Avatar/Avatar.php|grep "font\ \="
#sed -i '/font\ \=/s/NotoSans-Regular.ttf/SIMHEI.TTF/' /var/www/nextcloud/lib/private/Avatar/Avatar.php
#sudo -u www-data /usr/bin/php /var/www/nextcloud/occ preview:reset-rendered-texts -vvv
cp ziti/* /data1/nextcloud/core/fonts/
chown www-data:www-data /data1/nextcloud/core/fonts/*
cat /data1/nextcloud/lib/private/Avatar/Avatar.php|grep "font\ \="
sed -i '/font\ \=/s/NotoSans-Regular.ttf/SIMHEI.TTF/' /data1/nextcloud/lib/private/Avatar/Avatar.php
sudo -u www-data /usr/bin/php /data1/nextcloud/occ preview:reset-rendered-texts -vvv
#列出所有已安装的应用程序,并显示它们是否 启用或禁用:
sudo -u www-data /usr/bin/php /data1/nextcloud/occ app:list
#更新应用程序
#Please note that the web updater is not recommended with more than 100 users! Please use the command line updater instead!
sudo -u www-data /usr/bin/php /data1/nextcloud/occ app:update contacts
sudo -u www-data /usr/bin/php /data1/nextcloud/occ app:update onlyoffice
sudo -u www-data /usr/bin/php /data1/nextcloud/occ app:update mail
sudo -u www-data /usr/bin/php /data1/nextcloud/occ app:update calendar
sudo -u www-data /usr/bin/php /data1/nextcloud/occ app:update nextcloud_announcements
sudo -u www-data /usr/bin/php /data1/nextcloud/occ app:update notifications
sudo -u www-data /usr/bin/php /data1/nextcloud/occ app:update richdocuments #Nextcloud Office
sudo -u www-data /usr/bin/php /data1/nextcloud/occ app:update richdocumentscode #Collabora Online - Built-in CODE Server
#oauth2方式对接企业微信单点登录
#
#Apps:sociallogin
#配置Linux病毒扫描工具ClamAV(Clam AntiVirus)
#https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/antivirus_configuration.html
#Apps:Antivirus for files
#https://github.com/nextcloud-releases/files_antivirus/releases/download/v5.2.2/files_antivirus-v5.2.2.tar.gz
#搭建Nextcloud的TURN服务器
配置Nextcloud的STUN服务器
配置Nextcloud通话应用与高性能后端配合使用,并设置分布式缓存
#https://nextcloud-talk.readthedocs.io/en/latest/TURN/
标签:www,installNextCloud,data,sudo,php,data1,nextcloud From: https://www.cnblogs.com/linux-greenhand/p/17967784