Nextcloud 是一款类 Dropbox 的开源免费私有云存储网盘项目,可以让你快速便捷地搭建一套属于自己或团队的云同步网盘,从而实现跨平台跨设备文件同步、共享、版本控制、团队协作等功能。Nextcloud 的客户端覆盖了 Windows、Mac、Android、iOS、Linux 等各种平台,同时也提供网页端和 WebDAV 接口,国内外拥趸众多。从 2020 年开始,Nextcloud 官方发布了一个里程碑式的更新,Nextcloud 更名为 Nextcloud Hub,实现了从网盘系统到个人/团队工作台的转变。本文介绍了 LNMP 环境下 Nextcloud Hub 的安装部署方法,相关程序部署在局域网的虚拟机内。
从官方下载 Nextcloud Hub
为了不引入过多概念,降低新手入门成本,本文不采用 Docker 方式部署,而是采用传统的部署方式,这种部署方式要求具备 LNMP 运行环境,如果没有,请先行配置 LNMP 。
在虚拟机上创建运行目录,通过上面这个官方链接下载 Nextcloud Hub 源代码,解压并修复运行权限:
mkdir -p /home/wwwroot/nextcloud cd /home/wwwroot/nextcloud wget https://download.nextcloud.com/server/releases/nextcloud-23.0.0.zip unzip nextcloud-23.0.0.zip chown -R www:www /home/wwwroot/nextcloud
创建 nginx 配置文件
军哥 LNMP 的用户可以通过命令创建配置文件:
# 考虑到内网环境,使用 dns challenge 的方式验证域名所有权 # 这里默认使用 CloudFlare # 详见:https://lnmp.org/faq/letsencrypt-wildcard-ssl.html export CF_Key="123456" export CF_Email="abc@example.com" lnmp dnsssl cf # 也可以用 acme.sh 脚本来生成,请根据个人喜好决定,详见:https://acme.sh
创建配置文件后按照以下形式修改配置:
upstream php-handler { server unix:/tmp/php-cgi.sock; } server { listen 80; server_name cloud.xxxx.local; return 301 https://$host$request_uri; } server { listen 443 ssl http2; #listen [::]:443 ssl http2; server_name cloud.xxxx.local; root /home/wwwroot/nextcloud; ssl_certificate /usr/local/nginx/conf/ssl/cloud.xxxx.local/fullchain.cer; ssl_certificate_key /usr/local/nginx/conf/ssl/cloud.xxxx.local/cloud.xxxx.local.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; ssl_session_cache builtin:1000 shared:SSL:10m; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always; # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048 ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem; include rewrite/none.conf; #error_page 404 /404.html; #include enable-php-pathinfo.conf; include enable-nc.conf; access_log /home/wwwlogs/cloud.xxxx.local.log; }
在 nginx.conf 配置文件跟目录生成一个 enable-nc.conf (LNMP 环境的地址是 /usr/local/nginx/conf/enable-nc.conf):
# HTTP response headers borrowed from Nextcloud `.htaccess` add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; index index.php index.html /index.php$request_uri; # Rule borrowed from `.htaccess` to handle Microsoft DAV clients location = / { if ( $http_user_agent ~ ^DavClnt ) { return 302 /remote.php/webdav/$is_args$args; } } location = /robots.txt { allow all; log_not_found off; access_log off; } # Make a regex exception for `/.well-known` so that clients can still # access it despite the existence of the regex rule # `location ~ /(\.|autotest|...)` which would otherwise handle requests # for `/.well-known`. location ^~ /.well-known { # The rules in this block are an adaptation of the rules # in `.htaccess` that concern `/.well-known`. location = /.well-known/carddav { return 301 /remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; } location /.well-known/acme-challenge { try_files $uri $uri/ =404; } location /.well-known/pki-validation { try_files $uri $uri/ =404; } # Let Nextcloud's API for `/.well-known` URIs handle all other # requests by passing them to the front-end controller. return 301 /index.php$request_uri; } # Rules borrowed from `.htaccess` to hide certain paths from clients location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } # Ensure this block, which passes PHP files to the PHP process, is above the blocks # which handle static assets (as seen below). If this block is not declared first, # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite)$ { try_files $uri /index.php$request_uri; expires 6M; # Cache-Control policy borrowed from `.htaccess` access_log off; # Optional: Don't log access to assets location ~ \.wasm$ { default_type application/wasm; } } location ~ \.woff2?$ { try_files $uri /index.php$request_uri; expires 7d; # Cache-Control policy borrowed from `.htaccess` access_log off; # Optional: Don't log access to assets } # Rule borrowed from `.htaccess` location /remote { return 301 /remote.php$request_uri; } location / { try_files $uri $uri/ /index.php$request_uri; }
重启 LNMP:
lnmp reload
接下来则用配置文件中的域名进行访问:
文章评论