Nextcloud 是一款类 Dropbox 的开源免费私有云存储网盘项目,可以让你快速便捷地搭建一套属于自己或团队的云同步网盘,从而实现跨平台跨设备文件同步、共享、版本控制、团队协作等功能。Nextcloud 的客户端覆盖了 Windows、Mac、Android、iOS、Linux 等各种平台,同时也提供网页端和 WebDAV 接口,国内外拥趸众多。从 2020 年开始,Nextcloud 官方发布了一个里程碑式的更新,Nextcloud 更名为 Nextcloud Hub,实现了从网盘系统到个人/团队工作台的转变。本文介绍了 LNMP 环境下 Nextcloud Hub 的安装部署方法,相关程序部署在局域网的虚拟机内。
从官方下载 Nextcloud Hub
为了不引入过多概念,降低新手入门成本,本文不采用 Docker 方式部署,而是采用传统的部署方式,这种部署方式要求具备 LNMP 运行环境,如果没有,请先行配置 LNMP 。
在虚拟机上创建运行目录,通过上面这个官方链接下载 Nextcloud Hub 源代码,解压并修复运行权限:
mkdir -p /home/wwwroot/nextcloud cd /home/wwwroot/nextcloud wget https://download.nextcloud.com/server/releases/nextcloud-23.0.0.zip unzip nextcloud-23.0.0.zip chown -R www:www /home/wwwroot/nextcloud
创建 nginx 配置文件
军哥 LNMP 的用户可以通过命令创建配置文件:
# 考虑到内网环境,使用 dns challenge 的方式验证域名所有权 # 这里默认使用 CloudFlare # 详见:https://lnmp.org/faq/letsencrypt-wildcard-ssl.html export CF_Key="123456" export CF_Email="abc@example.com" lnmp dnsssl cf # 也可以用 acme.sh 脚本来生成,请根据个人喜好决定,详见:https://acme.sh
创建配置文件后按照以下形式修改配置:
upstream php-handler {
server unix:/tmp/php-cgi.sock;
}
server
{
listen 80;
server_name cloud.xxxx.local;
return 301 https://$host$request_uri;
}
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name cloud.xxxx.local;
root /home/wwwroot/nextcloud;
ssl_certificate /usr/local/nginx/conf/ssl/cloud.xxxx.local/fullchain.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/cloud.xxxx.local/cloud.xxxx.local.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
include rewrite/none.conf;
#error_page 404 /404.html;
#include enable-php-pathinfo.conf;
include enable-nc.conf;
access_log /home/wwwlogs/cloud.xxxx.local.log;
}
在 nginx.conf 配置文件跟目录生成一个 enable-nc.conf (LNMP 环境的地址是 /usr/local/nginx/conf/enable-nc.conf):
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
重启 LNMP:
lnmp reload
接下来则用配置文件中的域名进行访问:
文章评论